I am used to smartos illumos container zones.
There containers were stored in a pool called zones, like
zones/<container uuid>
I wish to setup a server in linux in a similar fashion.
Assume, I have a pool called zroot
I wish to have my containers in separate datasets like
zroot/lxc_containers/<uuid or name> # lxc tooling prefers name; so I choose that
I have read man pages lxc, lxc.conf, lxc.system.conf lxc.containers.conf
These are my configs
# cat lxc.conf
lxc.lxcpath=/zroot/lxc_containers
# cat default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
There is an option called lxc.bdev.zfs.root for lxc.system.conf (/etc/lxc/lxc.conf)
I do not know what it means. From the naming, I assume it is for block zfs device like a zvol.
Apologies, but I have some queries not answered in the concerning man pages:
-
If my assumption is correct, that lxc.bdev.zfs.root is asking for a pool to store zvols. Is there a performance/security penalty if i wish to store as transparent zfs datasets?
-
To answer my own question, to store each container in its separate dataset, my common sense understanding, makes me think,
zfs create zroot/lxc_containers/<a container name> # assume zroot/lxc_containers is already mounted at /zroot/lxc_containers
then, lxc-create <same container name> is a way to achieve what I want.
But the reason I asked for separate datasets is because,
in smartos or say illumos in general,
I can zfs set <property> on this dataset to restrict quota etc. or simply
zfs snapshot zones/<container uuid>@snapshot_name
If I setup lxc like what I stated in the above above paragraph,
can I do
zfs set quota <quota> zroot/lxc_container/<container name>
zfs snapshot zroot/lxc_container/<container name>@snapshot_name
and also revert back as I please?
Before setting up my server, I just wanted to ask, am I on the right trajectory of understanding?
Or is there an lxc way of doing things?