Date: Tue, 24 Nov 2009 00:51:49 GMT From: Glen Barber <glen.j.barber@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: docs/140814: [handbook][patch] Chapter 15 - Jails: add section on creating file-backed jails Message-ID: <200911240051.nAO0png6032970@www.freebsd.org> Resent-Message-ID: <200911240100.nAO10C7r027070@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 140814 >Category: docs >Synopsis: [handbook][patch] Chapter 15 - Jails: add section on creating file-backed jails >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Nov 24 01:00:12 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Glen Barber >Release: 8.0-PRERELEASE >Organization: >Environment: FreeBSD orion 8.0-PRERELEASE FreeBSD 8.0-PRERELEASE #3 r199595: Fri Nov 20 23:08:22 EST 2009 root@orion:/usr/obj/usr/src/sys/ORION amd64 >Description: The jail(8) utility alone does not contain a mechanism to control disk space on a per-jail basis, thus all jails on one system view all free space on the mountpoint as free space. Solutions for this exist; for example, creating separate filesystem slices per-jail. The problem with this solution is the need for planning ahead in avoidance of reallocation disk space. vnode-backed md(4) devices can remedy this solution, allowing administrators to create chunks of a filesystem on-the-fly, while maintaining space quotas within their jails. The attached patch explains how to create space limitations for jails using vnode-backed md(4) devices. >How-To-Repeat: >Fix: Patch attached with submission follows: --- doc/en_US.ISO8859-1/books/handbook/jails/chapter.sgml.orig 2009-11-10 18:17:21.000000000 -0500 +++ doc/en_US.ISO8859-1/books/handbook/jails/chapter.sgml 2009-11-23 19:35:10.000000000 -0500 @@ -964,4 +964,117 @@ </sect3> </sect2> </sect1> + + <sect1 id="jail-file-backed"> + <title>File-Backed Jails</title> + + <sect2 id="jail-creating-file-backed"> + <sect2info> + <authorgroup> + <author> + <firstname>Glen</firstname> + <surname>Barber</surname> + <contrib>Contributed by </contrib> + <!-- 23 November 2009 --> + </author> + </authorgroup> + </sect2info> + + <title>Creating a File-Backed Jail</title> + + <para> + The &man.jail.8; environment alone provides no mechanism to restrict disk + space used by the &man.jail.8;. Though there are many way to achieve this, + for example, using separate disk slices for each &man.jail.8;, this section + will show you how to create file-backed jails using &man.md.4; devices.</para> + + <sect3 id="jail-creating-memory-file"> + <title>Creating the Memory File</title> + + <para>In this section, there will be one &man.jail.8; created in the <filename + class="directory">/usr/jails/www</filename> directory, using <filename + class="directory">/usr/jails/images</filename> as the directory + containing the image file.</para> + + <procedure> + <step> + <para>Create the directories and image file for the jail:</para> + <screen>&prompt.root; <userinput>mkdir /usr/jails</userinput> +&prompt.root; <userinput>cd /usr/jails</userinput> +&prompt.root; <userinput>mkdir images www</userinput></screen></step> + + <step> + <para>Create the vnode-backed &man.md.4; device using &man.mdmfs.8;, + backed by <filename>www.img</filename>. In the below example, the + image file is 10 gigabytes in size:</para> + + <screen>&prompt.root; <userinput>touch images/www.img</userinput> +&prompt.root; <userinput>mdmfs -F images/www.img -s 10g md101 /usr/jails/www</userinput></screen> + <note> + <para>Please note, although the <filename>www.img</filename> file + was created as a 10 Gigabyte file, only 8 Gigabytes will be shown + as available. On default UFS filesystems, the system reserves 8 + percent of the filesystem. For more information, please read + &man.tunefs.8;. + </para> + </note> + </step> + + <step> + <para>&man.df.1; output should present output similar to the following:</para> + + <screen>Filesystem 1K-blocks Used Avail Capacity Mounted on +/dev/mirror/gm0s1a 4058062 478866 3254552 13% / +devfs 1 1 0 100% /dev +/dev/mirror/gm0s1e 507630 398 466622 0% /tmp +/dev/mirror/gm0s1f 461439472 115610770 308913546 27% /usr +/dev/mirror/gm0s1d 3008142 137834 2629658 5% /var +/dev/md101 9159102 4 8426370 0% /usr/jails/www</screen> + </step> + </procedure> + </sect3> + + <sect3 id="jail-file-backed-fstab"> + <title>Edit <filename>/etc/fstab</filename></title> + + <procedure> + <step> + <para>The memory devices will not be automatically recreated after rebooting + the system. To achieve this, edit <filename>/etc/fstab</filename>. An + example &man.fstab.5; configuration:</para> + + <screen># Device Mountpoint FStype Options Dump Pass# +/dev/mirror/gm0s1b none swap sw 0 0 +/dev/mirror/gm0s1a / ufs rw 1 1 +/dev/mirror/gm0s1e /tmp ufs rw 2 2 +/dev/mirror/gm0s1f /usr ufs rw 2 2 +/dev/mirror/gm0s1d /var ufs rw 2 2 +/dev/acd0 /cdrom cd9660 ro,noauto 0 0 +# www jail +md101 /usr/jails/www mfs rw,-P,-F/usr/jails/images/www.img 0 0</screen> + </step> + + <step> + <para>To verify the system will &man.mount.8; the device successfully + after a system reboot, verify there are no &man.fstab.5; + errors:</para> + + <screen><userinput>&prompt.root; mount -a </userinput></screen> + + </step> + </procedure> + + <para>Following the steps outlined in the beginning of this chapter, + create the &man.jail.8; using <filename + class="directory">/usr/jails/www</filename> as the destination + directory.</para> + + <para>Should you find the need to move this jail to another machine, + stop the &man.jail.8;, &man.umount.8; <filename + class="directory">/usr/jails/www</filename>, and copy the + <filename>www.img</filename> file to the remote machine.</para> + + </sect3> + </sect2> + </sect1> </chapter> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911240051.nAO0png6032970>