Hello Robert, Tuesday, April 24, 2007, 4:59:31 PM, you wrote:
RM> Hello Darren, RM> Tuesday, April 24, 2007, 3:33:47 PM, you wrote: DJM>> With reference to Lori's blog posting[1] I'd like to throw out a few of DJM>> my thoughts on spliting up the namespace. DJM>> This is quite timely because only yesterday when I was updating the ZFS DJM>> crypto document I was thinking about this. I knew I needed ephemeral DJM>> key support for ZVOLs so we could swap on an encrypted ZVOL. However I DJM>> chose not to make that option specific to ZVOLs but made it available to DJM>> all datasets. The rationale for this was having directories like DJM>> /var/tmp as separate encrypted datasets with an ephemeral key. DJM>> So yes Lori I completely agree /var should be a separate data set, whats DJM>> more I think we can identify certain points of the /var namespace that DJM>> should almost always be a separate dataset. DJM>> Other than /var/tmp my short list for being separate ZFS datasets are: DJM>> /var/crash - because can be big and we might want quotas. RM> I agree - I've been doing this for some time (/ on UFS, rest of a disk RM> on zfs for zones and crash + core file systems with quota set). DJM>> /var/core [ which we don't yet have by default but I'm considering DJM>> submitting an ARC case for this. ] - as above. RM> Definitely - we're doing this in a jumpstart but frankly it should RM> have been for years by default (even without zfs). DJM>> /var/tm Similar to the /var/log rationale. DJM>> There are obvious other places that would really benefit but I think DJM>> having them as separate datasets really depends on what the machine is DJM>> doing. For example /var/apache if you really are a webserver, but then DJM>> why not go one better and split out cgi-bin and htdocs into separate DJM>> datasets too - that way you have set noexec in htdocs. DJM>> I think we have lots of options but it might be nice to come up with a DJM>> short list of special/important directories that would should always DJM>> recommend be separate datasets - lets not hardcode that into the DJM>> installer though (heck we still think /usr/openwin is special !) RM> Definitely. We could scare people with dozen or more file systems RM> mounted after fresh install on their laptop. RM> However some time ago here was a discussion on 'zfs split|merge' RM> functionality. Is it going to happen? If it does then maybe only RM> minimum number of datasets should be created by default (/ /var /opt) RM> and later admin can just 'zfs split root/var/log'? RM> While having lot of datasets is really nice please do not over use it, RM> at least not in a default configs when probably it would introduce RM> more confusion to most users than do any good. RM> I would also consider disabling or changing default config for autofs RM> so local users would go to /home as most people expect by default and RM> then also create /home as separate file system. RM> So my short list is: RM> / RM> /var RM> /opt RM> /home /var/crash /var/core I think configuring Solaris by default to write crashdumps and cores to above locations should be considered however I would rather not create separata datasets for them by default. -- Best regards, Robert mailto:[EMAIL PROTECTED] http://milek.blogspot.com _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss