Jail FS questions.
Kenny Freeman
kennyf at pchg.net
Thu Oct 9 14:06:29 PDT 2003
I'm not sure about union fs, never had a real use for it yet.... I have a
similair setup as you. I have about 4 jails running so far (~8 more to go).
I've written a fairly large bash scipt to build the jails + configure them
automagically too. I've got a 120GB drive in that system, so for me I don't
really have a problem with space. What I use nullfs for is sharing data
between jails, for example:
/secure/files/mail <- mail spools
would be shared using: (/etc/crontab entries)
none /secure/files/mail /secure/internal/smtp/postfix/server/var/spool/mail
rw,noexec,nosuid,nodev 0 0
none /secure/files/mail /secure/internal/imap/courier/server/var/spool/mail
rw,noexec,nosuid,nodev 0 0
haven't really got these up and running yet (ie. I don't really know if
postfix + courier both work inside a jail). ATM I'm stuck on my file server
jail, which may never work. I do have djbdns cache+server running. Anyway,
nullfs is great for "remounting" parts of the file system. I would not use
that to remount parts of the file system that have executables on them in rw
mode, only ro. You could mount the base / fs using nullfs onto the jail /
filesystem but this would be tricky because you would have to deal with
things like syslogd base + syslogd(s) jail both writing to /var/log/. You
could mount each directory using nullfs (/bin /sbin, etc) onto the jails and
I think this would work. I would note the warnings in the man pages about
this stuff being experimental tho. You could save space by using the same
executables and libs while having seperate /var/ /etc/ etc dirs in the jail
but it would be a bit of work to figure out what dirs to mount_nullfs and
what dirs to have as real dirs. Oh, btw, I know about as much about fs's as
you do too, so your milage may vary...
-Kenny
On August 3, 2003 04:09 pm, Lewis Thompson wrote:
> Hi,
>
> I currently have a bunch of jails running on my FreeBSD box. I've
> done this by making installworld a number of times, each time with a
> different DESTDIR (say /jail1, /jail2, /jail3). Clearly this is using a
> significant amount of space on the machine.
>
> I've been reading about unionfs and nullfs (well, more skim reading
> really; I'm not FS guru, which is why I'm asking here) and one of these
> sounds like it could be the idea solution. At first glance I'd say that
> unionfs would be the way to go.
>
> My question about unionfs: if I use this as a base dir for all of my
> jails and decide to ``upgrade'' the base system will it actually work?
> I mean, when I start installing stuff through the ports does it ever
> modify the base system in any way? If it does, then surely a base
> system upgrade will appear to leave the old ports-created files (because
> the upper layer changes override the lower unionfs fs).
>
> Secondly, I don't really understand nullfs. Would this be a
> ``better'' solution than using unionfs? Maybe it isn't even a solution,
> but if it is, a pointer to some useful articles would be great (aside
> man mount_nullfs; I've read that but don't fully understand).
>
> Thanks very much!
>
> -lewiz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20031009/0689073b/attachment.bin
More information about the freebsd-questions
mailing list