Delegating a ZFS zone to a zone VM for SSHFS filesharing

Published on 2016-09-09 15:36:32

The situation: I have a ZFS dataset called zones/anime that should be RW-mountable with sshfs. Obviously, the wrong solution is to give the GZ access to LDAP authentication and mount from there. So what we do is create a VM that will be in control of the dataset and authenticate connections against the local LDAP server.

First of all, a nice simple zone manifest is passed to vmadm create -f manifest.json to create the VM:


{
  "brand": "joyent",
  "image_uuid": "9d58adc6-499b-11e6-9ea7-437c859dc16b",
  "alias": "fileshare-host",
  "hostname": "fileshare-host",
  "max_physical_memory": 1024,
  "quota": 20,
  "resolvers": ["8.8.8.8","8.8.4.4"],
  "nics": [
    {
    "nic_tag": "dmz",
    "ip": "dhcp",
    "primary": "true"
    }
  ]
}

The output of vmadm tells us the UUID of the new zone, so we can then delegate our shared dataset to it:


zonecfg -z $new_VM_UUID
zonecfg:$UUID> add dataset
zonecfg:$UUID:dataset> set name=zones/anime
zonecfg:$UUID:dataset> end
zonecfg:$UUID> verify
zonecfg:$UUID> commit
zonecfg:$UUID> exit

Reboot the VM and then log in with zlogin $UUID to mount the dataset


mkdir /anime
zfs set mountpoint=/anime zones/anime

# df -h ~
Filesystem             Size   Used  Available Capacity  Mounted on
zones/$UUID             20G   235M        20G     2%    /
# df -h /anime
Filesystem             Size   Used  Available Capacity  Mounted on
zones/anime             13T    19K        13T     1%    /anime

And, after chowning and setting permissions appropriately we are done.