Create Incus VM host path mounts in Instances UI

Problem/Justification

Incus instances support many different kinds of disk devices. For VMs, the only type currently exposed in the UI are storage volumes (made available to the guest as block devices); however, Incus also supports host path mounts: “Virtual machines share host-side mounts or directories through 9p or virtiofs (if available).”

I would like to request this existing functionality (specifically, setting host source and guest path, which is evidently used by incus-agent inside the guest to set up the appropriate mount) be exposed in the TrueNAS instances UI.

Impact

Benefits

Users gain another option for sharing host data to VMs. Use cases that currently require NFS (tricky for auth) or SMB (tricky for permissions) between guest and host would now be able to use host path mounts instead. This would make it easy to ensure files used by the VM are properly snapshotted and benefit from all the nice characteristics that ZFS datasets offer.

This also brings more uniformity to the various container/virtualization mechanisms TrueNAS currently offers (native Docker, Incus containers, Incus VMs) by enabling host path mounts to work for all of them.

Drawbacks

I don’t know about I/O performance of a host path mount vs. something like ext4 inside a zvol. Presumably the 9p and virtiofs have their own overhead, and I’m not sure how it compares to that of running e.g. ext4 inside a zvol. Likewise, I’m not sure how this compares to the overhead of a networked protocol like NFS or SMB.

Additionally, testing would be needed to see how ACL enforcement works in this flow. Do NFSv4 ACLs behave sensibly when a ZFS filesystem is exposed to the guest? Unclear to me.

Both these things should be testable by manually manipulating the VMs via incus CLI. (Obviously a no-no for production, but reasonable purely for testing.)

User Story

A TrueNAS user is running an Incus VM and wants to…

• … quickly transfer some files to or from the host. They could add a host path “disk” through the Instances UI without needing to enable NFS or SMB, configure IP allowlists and/or user authentication, etc.
• … ensure files written by the VM are backed up using normal ZFS snapshot and replication, without duplicating those files both inside and outside the VM’s zvol(s).
• … be able to easily migrate between containers and VMs without needing to move files in and out of zvols constantly.

All these user journeys could be better addressed by exposing the existing Incus host path functionality in the UI.

This would also help address the issue with some use cases requiring multiple types of share (NFS and SMB) that are not possible to be used anymore from Fangtooth if you use Time Machine for backups.

I use a SMB share for user access to files but I mount this dataset also as NFS share (read only) into a VM for remote backup using Borg. The NFS share is required due to SMB permissions.

This same server has some SMB only shares used for Time Machine backups that will stop working when I upgrade to a future release.

Being able to mount the dataset as a host path to the VM would address this issue. I could mount the dataset as a host path instead of a NFS share and then keep each dataset shared by a single method.

Adding to this, without a way to back up an Incus VM at the moment, the ability to copy data easily to an external source (a dataset on the host) is critical to data security, and would grant all the benefits that TrueNAS has to offer such as snapshots, replication, etc.

@GJSchaller Don’t forget to vote on the feature as well.