From owner-freebsd-doc@FreeBSD.ORG  Tue Nov 24 01:00:12 2009
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C56D61065692
	for <freebsd-doc@hub.freebsd.org>; Tue, 24 Nov 2009 01:00:12 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id A25C38FC0C
	for <freebsd-doc@hub.freebsd.org>; Tue, 24 Nov 2009 01:00:12 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nAO10CII027071
	for <freebsd-doc@freefall.freebsd.org>; Tue, 24 Nov 2009 01:00:12 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nAO10C7r027070;
	Tue, 24 Nov 2009 01:00:12 GMT (envelope-from gnats)
Resent-Date: Tue, 24 Nov 2009 01:00:12 GMT
Resent-Message-Id: <200911240100.nAO10C7r027070@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-doc@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Glen Barber <glen.j.barber@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4AAE41065679
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 24 Nov 2009 00:51:50 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 3910A8FC13
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 24 Nov 2009 00:51:50 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id nAO0poW6032971
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 24 Nov 2009 00:51:50 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id nAO0png6032970;
	Tue, 24 Nov 2009 00:51:49 GMT (envelope-from nobody)
Message-Id: <200911240051.nAO0png6032970@www.freebsd.org>
Date: Tue, 24 Nov 2009 00:51:49 GMT
From: Glen Barber <glen.j.barber@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: docs/140814: [handbook][patch] Chapter 15 - Jails: add section on
	creating file-backed jails
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2009 01:00:12 -0000


>Number:         140814
>Category:       docs
>Synopsis:       [handbook][patch] Chapter 15 - Jails: add section on creating file-backed jails
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 24 01:00:12 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Glen Barber
>Release:        8.0-PRERELEASE
>Organization:
>Environment:
FreeBSD orion 8.0-PRERELEASE FreeBSD 8.0-PRERELEASE #3 r199595: Fri Nov 20 23:08:22 EST 2009     root@orion:/usr/obj/usr/src/sys/ORION  amd64
>Description:
The jail(8) utility alone does not contain a mechanism to control disk space on a per-jail basis, thus all jails on one system view all free space on the mountpoint as free space.

Solutions for this exist; for example, creating separate filesystem slices per-jail.  The problem with this solution is the need for planning ahead in avoidance of reallocation disk space.

vnode-backed md(4) devices can remedy this solution, allowing administrators to create chunks of a filesystem on-the-fly, while maintaining space quotas within their jails.

The attached patch explains how to create space limitations for jails using vnode-backed md(4) devices.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

--- doc/en_US.ISO8859-1/books/handbook/jails/chapter.sgml.orig	2009-11-10 18:17:21.000000000 -0500
+++ doc/en_US.ISO8859-1/books/handbook/jails/chapter.sgml	2009-11-23 19:35:10.000000000 -0500
@@ -964,4 +964,117 @@
       </sect3>
     </sect2>
   </sect1>
+
+  <sect1 id="jail-file-backed">
+    <title>File-Backed Jails</title>
+
+      <sect2 id="jail-creating-file-backed">
+      <sect2info>
+	<authorgroup>
+	  <author>
+	    <firstname>Glen</firstname>
+	    <surname>Barber</surname>
+	    <contrib>Contributed by </contrib>
+	    <!-- 23 November 2009 -->
+	  </author>
+	</authorgroup>
+      </sect2info>
+      
+      <title>Creating a File-Backed Jail</title>
+      
+      <para>
+        The &man.jail.8; environment alone provides no mechanism to restrict disk
+        space used by the &man.jail.8;.  Though there are many way to achieve this,
+        for example, using separate disk slices for each &man.jail.8;, this section
+        will show you how to create file-backed jails using &man.md.4; devices.</para>
+
+      <sect3 id="jail-creating-memory-file">
+       <title>Creating the Memory File</title>
+
+        <para>In this section, there will be one &man.jail.8; created in the <filename
+          class="directory">/usr/jails/www</filename> directory, using <filename
+          class="directory">/usr/jails/images</filename> as the directory 
+          containing the image file.</para>
+   
+        <procedure>
+          <step>
+            <para>Create the directories and image file for the jail:</para>
+              <screen>&prompt.root; <userinput>mkdir /usr/jails</userinput>
+&prompt.root; <userinput>cd /usr/jails</userinput>
+&prompt.root; <userinput>mkdir images www</userinput></screen></step>
+   
+          <step>
+            <para>Create the vnode-backed &man.md.4; device using &man.mdmfs.8;,
+              backed by <filename>www.img</filename>.  In the below example, the
+              image file is 10 gigabytes in size:</para>
+   
+            <screen>&prompt.root; <userinput>touch images/www.img</userinput>
+&prompt.root; <userinput>mdmfs -F images/www.img -s 10g md101 /usr/jails/www</userinput></screen>
+            <note>
+	      <para>Please note, although the <filename>www.img</filename> file
+	        was created as a 10 Gigabyte file, only 8 Gigabytes will be shown
+		as available.  On default UFS filesystems, the system reserves 8 
+		percent of the filesystem.  For more information, please read 
+		&man.tunefs.8;.
+              </para>
+            </note>
+          </step>
+   
+          <step>
+            <para>&man.df.1; output should present output similar to the following:</para>
+   
+            <screen>Filesystem         1K-blocks      Used     Avail Capacity  Mounted on
+/dev/mirror/gm0s1a   4058062    478866   3254552    13%    /
+devfs                      1         1         0   100%    /dev
+/dev/mirror/gm0s1e    507630       398    466622     0%    /tmp
+/dev/mirror/gm0s1f 461439472 115610770 308913546    27%    /usr
+/dev/mirror/gm0s1d   3008142    137834   2629658     5%    /var
+/dev/md101           9159102         4   8426370     0%    /usr/jails/www</screen>
+          </step>
+        </procedure>
+      </sect3>
+
+       <sect3 id="jail-file-backed-fstab">
+        <title>Edit <filename>/etc/fstab</filename></title>
+    
+         <procedure>
+           <step>
+             <para>The memory devices will not be automatically recreated after rebooting
+               the system.  To achieve this, edit <filename>/etc/fstab</filename>.  An
+               example &man.fstab.5; configuration:</para>
+    
+             <screen># Device                Mountpoint      FStype  Options         Dump    Pass#
+/dev/mirror/gm0s1b      none            swap    sw              0       0
+/dev/mirror/gm0s1a      /               ufs     rw              1       1
+/dev/mirror/gm0s1e      /tmp            ufs     rw              2       2
+/dev/mirror/gm0s1f      /usr            ufs     rw              2       2
+/dev/mirror/gm0s1d      /var            ufs     rw              2       2
+/dev/acd0               /cdrom          cd9660  ro,noauto       0       0
+# www jail
+md101      /usr/jails/www mfs rw,-P,-F/usr/jails/images/www.img 0       0</screen>
+           </step>
+    
+           <step>
+             <para>To verify the system will &man.mount.8; the device successfully 
+	       after a system reboot, verify there are no &man.fstab.5; 
+	       errors:</para>
+    
+             <screen><userinput>&prompt.root; mount -a </userinput></screen>
+    
+           </step>
+         </procedure>
+    
+           <para>Following the steps outlined in the beginning of this chapter,
+	     create the &man.jail.8; using <filename 
+	     class="directory">/usr/jails/www</filename> as the destination
+             directory.</para>
+    
+           <para>Should you find the need to move this jail to another machine, 
+	     stop the &man.jail.8;, &man.umount.8; <filename 
+	     class="directory">/usr/jails/www</filename>, and copy the 
+	     <filename>www.img</filename> file to the remote machine.</para>
+    
+      </sect3>
+    </sect2> 
+  </sect1>
 </chapter>


>Release-Note:
>Audit-Trail:
>Unformatted: