From owner-freebsd-jail@freebsd.org Fri Jan 15 15:18:10 2021 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5FFD04E8DF2 for ; Fri, 15 Jan 2021 15:18:10 +0000 (UTC) (envelope-from SRS0=lK+w=GS=perdition.city=julien@bebif.be) Received: from orval.bbpf.belspo.be (orval.bbpf.belspo.be [193.191.208.90]) by mx1.freebsd.org (Postfix) with ESMTP id 4DHPvP40gsz55p2 for ; Fri, 15 Jan 2021 15:18:09 +0000 (UTC) (envelope-from SRS0=lK+w=GS=perdition.city=julien@bebif.be) Received: from x1 (77.109.114.117.adsl.dyn.edpnet.net [77.109.114.117]) by orval.bbpf.belspo.be (Postfix) with ESMTPSA id A83F61D4FC95 for ; Fri, 15 Jan 2021 16:18:02 +0100 (CET) Date: Fri, 15 Jan 2021 16:17:59 +0100 From: Julien Cigar To: freebsd-jail@freebsd.org Subject: dedicated dataset for jail data Message-ID: <20210115151759.knt226zijxh453xf@x1> Mail-Followup-To: freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Rspamd-Queue-Id: 4DHPvP40gsz55p2 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=lK@bebif.be designates 193.191.208.90 as permitted sender) smtp.mailfrom=SRS0=lK@bebif.be X-Spamd-Result: default: False [-2.40 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_DN_NONE(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-0.998]; FORGED_SENDER(0.30)[julien@perdition.city,SRS0=lK@bebif.be]; RCVD_NO_TLS_LAST(0.10)[]; RECEIVED_SPAMHAUS_PBL(0.00)[77.109.114.117:received]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[193.191.208.90:from]; ASN(0.00)[asn:2611, ipnet:193.191.192.0/19, country:BE]; R_DKIM_NA(0.00)[]; TAGGED_FROM(0.00)[w=GS=perdition.city=julien]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_NEQ_ENVFROM(0.00)[julien@perdition.city,SRS0=lK@bebif.be]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; DMARC_NA(0.00)[perdition.city]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[193.191.208.90:from:127.0.2.255]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-jail] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2021 15:18:10 -0000 Hello, I have a host with a lot of jails, which are deployed automatically with Saltstack (thanks to https://github.com/silenius/jails-formula). I usually create two datasets per jail: one for the jail itselfs, and one for the "data". The idea is to be able to easily upgrade the jail without touching the "data". So I have something like (1). I have one fstab per jail which mount the corresponding "data" dataset under the jail, something like: ~/ cat /etc/fstab.nextcloud /data/jails/nextcloud /jails/nextcloud/data nullfs rw 0 0 I'd like to know if there is a better way of handling this, without involving nullfs if possible and how do people usually manage that..? (1) https://gist.github.com/silenius/f1899ebb5cf58ca33b3e5edafc85d549 Thanks! Julien -- Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. From owner-freebsd-jail@freebsd.org Fri Jan 15 19:53:18 2021 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E8D444F0EE0 for ; Fri, 15 Jan 2021 19:53:18 +0000 (UTC) (envelope-from SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4DHX0s6Rwjz3kWL for ; Fri, 15 Jan 2021 19:53:17 +0000 (UTC) (envelope-from SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 3A95628411; Fri, 15 Jan 2021 20:53:09 +0100 (CET) Received: from illbsd.quip.test (ip-94-113-69-69.net.upcbroadband.cz [94.113.69.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id F311228417; Fri, 15 Jan 2021 20:53:07 +0100 (CET) Subject: Re: dedicated dataset for jail data To: freebsd-jail@freebsd.org, Julien Cigar References: <20210115151759.knt226zijxh453xf@x1> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: Date: Fri, 15 Jan 2021 20:53:06 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20210115151759.knt226zijxh453xf@x1> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4DHX0s6Rwjz3kWL X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz has no SPF policy when checking 94.124.105.4) smtp.mailfrom=SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz X-Spamd-Result: default: False [-1.80 / 15.00]; RCVD_TLS_LAST(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[quip.cz]; RBL_DBL_DONT_QUERY_IPS(0.00)[94.124.105.4:from]; AUTH_NA(1.00)[]; SPAMHAUS_ZRD(0.00)[94.124.105.4:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz]; RECEIVED_SPAMHAUS_PBL(0.00)[94.113.69.69:received]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]; FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz]; MAILMAN_DEST(0.00)[freebsd-jail] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2021 19:53:19 -0000 On 15/01/2021 16:17, Julien Cigar wrote: > Hello, > > I have a host with a lot of jails, which are deployed automatically with > Saltstack (thanks to https://github.com/silenius/jails-formula). I > usually create two datasets per jail: one for the jail itselfs, and one > for the "data". The idea is to be able to easily upgrade the jail > without touching the "data". So I have something like (1). > > I have one fstab per jail which mount the corresponding "data" dataset > under the jail, something like: > > ~/ cat /etc/fstab.nextcloud > /data/jails/nextcloud /jails/nextcloud/data nullfs rw 0 0 > > I'd like to know if there is a better way of handling this, without > involving nullfs if possible and how do people usually manage that..? > > (1) https://gist.github.com/silenius/f1899ebb5cf58ca33b3e5edafc85d549 I am using nullfs to mount shared basejail in to each jail. I prefere to have filesystems for jails mounted all the time so I can manage (backup, configure, update) files even if jail is not running. No fstab is needed for this scenario. But if you want to mount / unmount jail's datasets when jail start / stop you can set these ZFS filesystems as "legacy" (no automatic mount at boot) and then mount them with /etc/fstab.jailname as you use nullfs now. Miroslav Lachman