From owner-freebsd-questions Wed Mar 20 11:43:30 2002 Delivered-To: freebsd-questions@freebsd.org Received: from smtp2.mbox.com.au (203-134-146-019.cust.pth.iprimus.net.au [203.134.146.19]) by hub.freebsd.org (Postfix) with ESMTP id 2905F37B446 for ; Wed, 20 Mar 2002 11:42:18 -0800 (PST) Received: from nms2.mbox.com.au (webmail.mbox.com.au [192.168.20.4]) by smtp2.mbox.com.au (Sun Internet Mail Server sims.4.0.2000.05.17.04.13.p6) with ESMTP id <0GTA0096KEJ1PJ@smtp2.mbox.com.au> for freebsd-questions@FreeBSD.ORG; Thu, 21 Mar 2002 03:37:54 +0800 (WST) Received: from mbox.com.au ([127.0.0.1]) by nms2.mbox.com.au (Netscape Messaging Server 4.15) with ESMTP id GTAEL002.IIR; Thu, 21 Mar 2002 03:39:00 +0800 Date: Thu, 21 Mar 2002 06:39:00 +1100 From: BSD Freak Subject: Re: File system layout with multiple jails To: Scott Bolte , FreeBSD Questions Message-id: <23ae4a023b002c.23b002c23ae4a0@mbox.com.au> MIME-version: 1.0 X-Mailer: Netscape Webmail Content-type: text/plain; charset=us-ascii Content-language: en Content-disposition: inline Content-transfer-encoding: 7BIT X-Accept-Language: en Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Sure I'll help beta test.... ----- Original Message ----- From: Scott Bolte Date: Thursday, March 21, 2002 1:30 am Subject: Re: File system layout with multiple jails > I'm turning it into a package over the next few weeks. If > you want to be a beta tester let me know. > > Scott > > On Tue, 19 Mar 2002 21:23:52 +1100, BSD Freak wrote: > > Very clever! Would you mind posting the contents of scripts on > the this > > list or perhaps on somewhere on the web. It would be very helpful > to > > many I think....... > > > > ----- Original Message ----- > > From: Scott Bolte > > Date: Thursday, February 14, 2002 11:59 pm > > Subject: Re: File system layout with multiple jails > > > > > On Thu, 14 Feb 2002 17:44:14 +1100, BSD Freak wrote: > > > > Hi everyone, > > > > > > > > Does anyone have any bright ideas for good file system > layouts > > > when > > > > running multiple jails? > > > > > > I won't say they are bright, but the ideas reflected in > > > this layout are working well for me: > > > > > > /jails/ Home for most jail related material. Note I do not > > > backup /jails every night as I do other partitions. > > > (I do backup /data every night and you'll see below > > > how I make use of that in a jail.) > > > > > > /jails is its own partition so if it fills, it will > > > not cause problems for the host system. > > > > > > /jails/{jail_X}/ > > > The root for one specific jail. Of course if you > > > have sets of jails, then /jails/jail_A/{cell_1,cell_2} > > > and /jails/jail_B/{cell_10,cell_11} where cell_# > > > is actually the root directory works well for > > > keeping them well organized. > > > > > > /jails/etc/rc.d/ > > > Startup scripts (e.g. jail_X.sh) for all jails. > > > > > > If you augment $local_startup in /etc/rc.conf to > > > include /jails/etc/rc.d then all the jails will be > > > started automatically. > > > > > > /jails/bin/ > > > Jail management scripts. > > > > > > .../bin/JAIL_CTL.sh A generic start, stop, enter, trace, > > > ps script. Each jail's startup > > > script sets a bunch of environment > > > variables and then calls JAIL_CTL. > > > > > > .../bin/jail_clone duplicates a jail. > > > > > > .../bin/jail_ps runs ps for all the processes in > > > a specific jail. > > > > > > /jails/var/trace/ > > > Home for kdump traces of jail execution. > > > > > > /jails/template/ > > > A reference jail that I can clone in a few minutes > > > time. Much easier then running (make world) every > > > time I need a new jail. > > > > > > /data/jails/{jail_X}/ > > > If there is a /data/jails/{jail_X} present, then > > > it is automatically mounted as /jails/{jail_X}/data > > > when the jail is started. That way the /data > > > directory in a jail can be treated separately then > > > from the rest of the jail. > > > > > > One caveat if you do this. Multiple jails, each > > > with their own uid space, will rapidly overlap in > > > the host's uid space. To avoid this, my jail creation > > > script hashes the jail's IP address to create a > > > (relatively) unique starting point for that jail's > > > uids. That starting uid is placed in the jail's > > > /et chances that uids will collide. > > > > > > /data/jails/{jail_X}/home/ > > > Symlink to /data/home (in the jail of course). If > > > /data/jails/{jail_X} is mounted on the jail's /data, > > > then the home partition in the jail is actually > > > coming from /data of the host and therefore will > > > be backed up on a regular basis. > > > > > > /data/jails/{jail_X}/proc/ > > > If it is present, then /proc is mounted on this > > > directory when a jail is started and unmounted when > > > it is stopped. > > > > > > > > > > How do I stop /var/log in one the jails from filling up the > > > whole drive > > > > and affecting the rest without giving each jail it's own > partition?> > > > > > > Is it possible to some how set a quota on how large a > particular > > > > directory can get? > > > > > > About all I can think of is to make a directory, and all its > > > subordinate directories, owned by a specific user. You can > > > then have per user quotas. > > > > > > For the specific example of /var/log, you'd have to set the > > > user to be root_X. If you then set the user-ID-on-execution > > > bit (see chmod(1) or chmod(2)) for /var/log so all new files > > > and directories created under it would also be owned by root_X. > > > > > > I suspect you'd have to pre-populate your /var/log directory > > > and chown everything to root_X. If you then change everything > > > there to have world write permissions then root in the jail > > > can update the files. Having world write access is a bad > > > idea, but it's your trade-off to consider. > > > > > > > > > Scott > > > > > > > ------------------------------------------------------------------ > --- > > Would you like to receive faxes to your personal email address? > > You can with mBox. Visit http://www.mbox.com.au/fax > > --------------------------------------------------------------------- Never lose a fax again, receive faxes to your personal email account! Visit http://www.mbox.com.au/fax To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message