With reference to Lori's blog posting[1] I'd like to throw out a few of
my thoughts on spliting up the namespace.
This is quite timely because only yesterday when I was updating the ZFS
crypto document I was thinking about this. I knew I needed ephemeral
key support for ZVOLs so we could swap on an encrypted ZVOL. However I
chose not to make that option specific to ZVOLs but made it available to
all datasets. The rationale for this was having directories like
/var/tmp as separate encrypted datasets with an ephemeral key.
So yes Lori I completely agree /var should be a separate data set, whats
more I think we can identify certain points of the /var namespace that
should almost always be a separate dataset.
Other than /var/tmp my short list for being separate ZFS datasets are:
/var/crash - because can be big and we might want quotas.
/var/core [ which we don't yet have by default but I'm considering
submitting an ARC case for this. ] - as above.
/var/tm Similar to the /var/log rationale.
There are obvious other places that would really benefit but I think
having them as separate datasets really depends on what the machine is
doing. For example /var/apache if you really are a webserver, but then
why not go one better and split out cgi-bin and htdocs into separate
datasets too - that way you have set noexec in htdocs.
I think we have lots of options but it might be nice to come up with a
short list of special/important directories that would should always
recommend be separate datasets - lets not hardcode that into the
installer though (heck we still think /usr/openwin is special !)
One of the things I'm really interested in seeing is more appropriate
sharing with Zones because we have more flexibility in the installer as
it becomes zone aware. What I'd love to see is that we completely
abandon the package based boundaries for Zones and instead use one based
only on the actual filesystem namespace and use Zones to get the best
out of that.
A nitpick on the terminology. While I agree that some QoS things can be
set at the level of a dataset there are others which are really only
available to the pool, though now with ditto blocks for data as well as
metadata that starts to blur a bit too.
[1] http://blogs.sun.com/lalt/entry/zfs_boot_issue_of_the
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
