Export NFS to VMs: what is the recommended practice?

[Tony]

Hi,

I would like to export a ZFS dataset on a node to VMs via NFS. What is the recommended way to do it? I can think of the following options:
(1) from node, via ZFS built-in NFS capability
(2) from node, via linux nfs-kernel-server
(3) from a LXC, bind mount the dataset and export it from LXC. The point here is to delegate the NFS export t the LXC to keep the whole thing separated from node (except the dataset).

thanks in advance for any hint.

 

[Tony]

re (3): if I choose to go this route, perhaps I need a user-space NFS server like nfs-ganesha?

 

[Dunuin]

For (3) keep the user remapping of unprivileged LXCs in mind. All users with UIDs 0 to 65535 inside the LXC are actually mapped to the users with UIDs 100000 to 165535 on the host. So even your LXCs root user (shown as UID 0 inside the LXC) got no rights to access the bind-mounted folders, because in reality on the host it is just a unprivileged user with UID 100000.
See here how to edit the user remapping so you actually get the rights to access the bind-mounts: https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

 

[Tony]

update: in the end I decided to go with a VM; I am afraid that option (3) could cause problem on the node due to I/O problems. A VM provide better isolation from the node. But I still keep considering option (3), since it would allow continuously backup of the exported data via zfs send.