From owner-freebsd-jail@freebsd.org Fri Jan 15 19:53:18 2021 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E8D444F0EE0 for ; Fri, 15 Jan 2021 19:53:18 +0000 (UTC) (envelope-from SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4DHX0s6Rwjz3kWL for ; Fri, 15 Jan 2021 19:53:17 +0000 (UTC) (envelope-from SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 3A95628411; Fri, 15 Jan 2021 20:53:09 +0100 (CET) Received: from illbsd.quip.test (ip-94-113-69-69.net.upcbroadband.cz [94.113.69.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id F311228417; Fri, 15 Jan 2021 20:53:07 +0100 (CET) Subject: Re: dedicated dataset for jail data To: freebsd-jail@freebsd.org, Julien Cigar References: <20210115151759.knt226zijxh453xf@x1> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: Date: Fri, 15 Jan 2021 20:53:06 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20210115151759.knt226zijxh453xf@x1> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4DHX0s6Rwjz3kWL X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz has no SPF policy when checking 94.124.105.4) smtp.mailfrom=SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz X-Spamd-Result: default: False [-1.80 / 15.00]; RCVD_TLS_LAST(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[quip.cz]; RBL_DBL_DONT_QUERY_IPS(0.00)[94.124.105.4:from]; AUTH_NA(1.00)[]; SPAMHAUS_ZRD(0.00)[94.124.105.4:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz]; RECEIVED_SPAMHAUS_PBL(0.00)[94.113.69.69:received]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]; FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=mA9t=GS=quip.cz=000.fbsd@elsa.codelab.cz]; MAILMAN_DEST(0.00)[freebsd-jail] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2021 19:53:19 -0000 On 15/01/2021 16:17, Julien Cigar wrote: > Hello, > > I have a host with a lot of jails, which are deployed automatically with > Saltstack (thanks to https://github.com/silenius/jails-formula). I > usually create two datasets per jail: one for the jail itselfs, and one > for the "data". The idea is to be able to easily upgrade the jail > without touching the "data". So I have something like (1). > > I have one fstab per jail which mount the corresponding "data" dataset > under the jail, something like: > > ~/ cat /etc/fstab.nextcloud > /data/jails/nextcloud /jails/nextcloud/data nullfs rw 0 0 > > I'd like to know if there is a better way of handling this, without > involving nullfs if possible and how do people usually manage that..? > > (1) https://gist.github.com/silenius/f1899ebb5cf58ca33b3e5edafc85d549 I am using nullfs to mount shared basejail in to each jail. I prefere to have filesystems for jails mounted all the time so I can manage (backup, configure, update) files even if jail is not running. No fstab is needed for this scenario. But if you want to mount / unmount jail's datasets when jail start / stop you can set these ZFS filesystems as "legacy" (no automatic mount at boot) and then mount them with /etc/fstab.jailname as you use nullfs now. Miroslav Lachman