Hello Robert,
Tuesday, April 24, 2007, 4:59:31 PM, you wrote:
RM> Hello Darren,
RM> Tuesday, April 24, 2007, 3:33:47 PM, you wrote:
DJM>> With reference to Lori's blog posting[1] I'd like to throw out a few of
DJM>> my thoughts on spliting up the namespace.
DJM>> This is quite timely because only yesterday when I was updating the ZFS
DJM>> crypto document I was thinking about this. I knew I needed ephemeral
DJM>> key support for ZVOLs so we could swap on an encrypted ZVOL. However I
DJM>> chose not to make that option specific to ZVOLs but made it available to
DJM>> all datasets. The rationale for this was having directories like
DJM>> /var/tmp as separate encrypted datasets with an ephemeral key.
DJM>> So yes Lori I completely agree /var should be a separate data set, whats
DJM>> more I think we can identify certain points of the /var namespace that
DJM>> should almost always be a separate dataset.
DJM>> Other than /var/tmp my short list for being separate ZFS datasets are:
DJM>> /var/crash - because can be big and we might want quotas.
RM> I agree - I've been doing this for some time (/ on UFS, rest of a disk
RM> on zfs for zones and crash + core file systems with quota set).
DJM>> /var/core [ which we don't yet have by default but I'm considering
DJM>> submitting an ARC case for this. ] - as above.
RM> Definitely - we're doing this in a jumpstart but frankly it should
RM> have been for years by default (even without zfs).
DJM>> /var/tm Similar to the /var/log rationale.
DJM>> There are obvious other places that would really benefit but I think
DJM>> having them as separate datasets really depends on what the machine is
DJM>> doing. For example /var/apache if you really are a webserver, but then
DJM>> why not go one better and split out cgi-bin and htdocs into separate
DJM>> datasets too - that way you have set noexec in htdocs.
DJM>> I think we have lots of options but it might be nice to come up with a
DJM>> short list of special/important directories that would should always
DJM>> recommend be separate datasets - lets not hardcode that into the
DJM>> installer though (heck we still think /usr/openwin is special !)
RM> Definitely. We could scare people with dozen or more file systems
RM> mounted after fresh install on their laptop.
RM> However some time ago here was a discussion on 'zfs split|merge'
RM> functionality. Is it going to happen? If it does then maybe only
RM> minimum number of datasets should be created by default (/ /var /opt)
RM> and later admin can just 'zfs split root/var/log'?
RM> While having lot of datasets is really nice please do not over use it,
RM> at least not in a default configs when probably it would introduce
RM> more confusion to most users than do any good.
RM> I would also consider disabling or changing default config for autofs
RM> so local users would go to /home as most people expect by default and
RM> then also create /home as separate file system.
RM> So my short list is:
RM> /
RM> /var
RM> /opt
RM> /home
/var/crash
/var/core
I think configuring Solaris by default to write crashdumps and cores
to above locations should be considered however I would rather not
create separata datasets for them by default.
--
Best regards,
Robert mailto:[EMAIL PROTECTED]
http://milek.blogspot.com
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
