[OpenIndiana-discuss] [zfs-discuss] best migration path from Solaris 10

Paul B. Henson henson at acm.org
Thu Mar 24 22:22:16 UTC 2011

On 3/21/2011 5:44 PM, Garrett D'Amore wrote:

> We do have support for running your own code using our API. Its just
>  that we can't reasonably be expected to support people who want do
> things like... oh, "zpool import -f"  (note the -f).  Or editing
> local configuration files that are also managed by the management
> software.

You wouldn't have to worry about the latter in my case, as I'd turn off
the management software and manage the configuration files automatically
along with the rest of my infrastructure ;).

The main additional components we would need to run would be apache with
mod_authz_fsacl, and a separate instance of apache with mod_perl that
provides the API our identity management infrastructure hooks into to
manage zfs file systems. We also replace syslog with syslog-ng, run
openntpd instead of xntpd, and run a variety of management tools such as
tenshi, aide, munin... Another project that's coming up is going to
require the creation of a captive service account for a CMS to sftp
files into user and group web directories.

I dunno that your support guys would be happy with the relatively
extensive changes we would make to the default state of your appliance
:). And I wouldn't particularly want to worry about having to get
approval to make changes when things come up that don't fit into the
out-of-the-box experience. So unfortunately NexentaStor most likely
won't fit our requirements; I kind of prefer a general-purpose operating
system over an appliance anyway.

> NCP 4 will have the same fixes that OpenSolaris has.  I'd be
> interested to know which bugs are most annoying for this person --
> we have a variety of them fixed in NS 3.1, but have not yet
> resync'ed NCP 3 (something we will do when 3.1 ships).

He mentioned in passingan "NFSv4 OpenOwner lock problem" that I'm
unfamiliar with, and a TCP/IP related kernel panic. He's on the list, so
I guess he could pipe in with more details if he chooses.

One thing that's really biting me right now is the interaction between
NFS exclusive open, ACL's, and mode bits. Due to a limitation in the
protocol, the initial open has a mode of 0, and then the intended
creation mode is separately set later with a setattr. So the object
inherits the correct ACL on the open, and then the equivalent of a chmod
is performed destroying it :(. Oracle most likely isn't going to fix it,
it's been a known issue since January 2005 (CR6215088, initially with
UFS ACLs, also breaks ZFS ACLs),
and the ticket I opened about it was closed. Unfortunately they didn't
take the opportunity to fix it in NFSv4, although it looks like it was
addressed in NFSv4.1. It seems like it should be possible to work around
it in NFSv4, if we end up going with an open source distribution
hopefully we can fix it ourselves. Or it would be solved as a side 
effect of aclmode=ignore.

> On a general basis, its hard to allocate engineers for ad-hoc
> projects like this mostly because I already have more work than I
> have engineers to perform the work.
> Oh, did I mention, we're hiring? :-)

I wish you the best of luck in hiring sufficient engineers to be able to
offer support for NCP or OpenIndiana :)...

Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  henson at csupomona.edu
California State Polytechnic University  |  Pomona CA 91768

More information about the OpenIndiana-discuss mailing list