Table of Contents
Creating New ZFS Datasets
New ZFS datasets are created from the servers that host the zpool where you want a new dataset.
zpool | Server |
---|---|
/u | corezfs01 |
/p | corezfs02 |
For this example we will create a dataset under /p
called proj_data
. From corezfs02
we need to run the following as root:
[root@corezfs02 ~]# zpool list NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT p 5.97T 203K 5.97T - 0% 0% 1.00x ONLINE - [root@corezfs02 ~]# zfs list NAME USED AVAIL REFER MOUNTPOINT p 170K 5.78T 26K /p [root@corezfs02 ~]# zfs create p/proj_data [root@corezfs02 ~]# zfs list NAME USED AVAIL REFER MOUNTPOINT p 170K 5.78T 26K /p p/proj_data 24K 5.78T 24K /p/proj_data
Create the project's group
Login to corewsrv01 (the AD controller). Select AD Users and Computers. Then create a unixGroup under the unixGroups “container”. The type is Global/Security (the default). You must then set the gidNumber. The gidNumber usually starts around 90000, so you will pick a number that is next in the sequence. To see if a gid has been used, go to a system that is joined to the domain and use the 'getent' command until you find a group number that does not return any values:
pgh5a@desk002:~$ getent group 90023 pgh5a@desk002:~$
This returns nothing, so this gid number has not been used, and thus we can use it. To do so, back on the AD Users and Groups window, select the View menu, click on Advanced Features, then right click on the newly created group, select Properties, and select the Attribute Editor tab. Scroll down to find the gidNumber, click Edit, and set the attribute to the gidNumber you found available, for example, “90023”. Then select the “Members” tab to add users to the group. Click on “Add…” to add members. In this case, I added md3cn and mjg6v to group aca.
Then, on back on corezfs02 set the ownership, group permissions, quotas, and share for the new filesystem as shown in the next sections.
Ownership and Permissions
Depending on the situation, you may need to set the owner and group for the dataset mount point. We can see the mount point when we run zfs list
. For example, set the permissions for this dataset so that it's owned by the user john
and the group staff
, then add read/write permissions for the group. (note: you may need to login to the AD domain controller to first create the “unix group” for this project… see above).
[root@corezfs02 ~]# chown john:staff /p/proj_data [root@corezfs02 ~]# chmod g+rw /p/proj_data
We also want to ensure two things, that 1) new files created in the directory will have the right group set 2) and that new files will also have rw permissions for group.
To perform step 2 we must first enable posix acls
zfs set acltype=posixacl p/proj_data
Then we can do the following:
- Setting the sticky bit for group
chmod g+s /p/proj_data
- Setting an ACL to set group permissions
setfacl -d -m g::rwx /p/proj_data
Quotas
We now want to set a “reference quota” on the filesystem. Note: a hard quota is not set.
ZFS has two types of quotas. There is a quota
and refquota
properties. The difference between these two is that a quota
will account for the space of a volume and all subvolumes (which includes snapshots). Whereas refquota
does not account for subvolumes. The 'ref' in refquota stands for “refer”. This is what zfs uses to list space used without subvolumes.
When you run zfs list
you can see there are columns for both USED
and REFER
. USED
will include space taken by snapshots and subvolumes, while REFER
is just the volume itself.
[root@corezfs01 p]# zfs list p/CPS_rotation NAME USED AVAIL REFER MOUNTPOINT p/CPS_rotation 608G 928G 608G /p/CPS_rotation
You can set the refquotas using the zfs set
command:
[root@corezfs02 ~]# zfs set refquota=500G p/proj_data
Quota values may be set using units: kilobyte K
, megabyte M
, gigabyte G
, terabyte T
. If no unit is specified, the quota value defaults to kilobytes, which is probably not what you want.
NFS Share
Datasets will inherit the NFS settings of the parent pool/dataset. If you are just creating a new project partition, you don't need to do anything. It will be shared automatically.
After creating a ZFS dataset, we need to allow NFS access. Run the following command to enable this dataset as an NFS share:
[root@corezfs02 ~]# zfs set sharenfs=root_squash,rw=@128.143.0.0/16:172.16.0.0/12:@172.28.0.0/16 p/proj_data
The argument sharenfs=root_squash,rw=@128.143.0.0/16:172.16.0.0/12:@172.28.0.0/16
specifies to allow access from UVA subnets.
ACLs
Sun/Oracle ZFS does not support POSIX ACLs, so on legacy ZFS pools (af*, uf*, zf*) ACLs are not available.