From owner-freebsd-chat@FreeBSD.ORG Fri Aug 10 18:43:05 2007 Return-Path: Delivered-To: chat@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8EC3316A418 for ; Fri, 10 Aug 2007 18:43:05 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from conn-smtp.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2]) by mx1.freebsd.org (Postfix) with ESMTP id 5ACE713C46C for ; Fri, 10 Aug 2007 18:43:05 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from mail.tcbug.org (mail.tcbug.org [208.42.70.163]) by conn-smtp.mc.mpls.visi.com (Postfix) with ESMTP id D50AA812A for ; Fri, 10 Aug 2007 13:13:42 -0500 (CDT) Received: by mail.tcbug.org (Postfix, from userid 1001) id A3190341C8C; Fri, 10 Aug 2007 13:13:42 -0500 (CDT) Date: Fri, 10 Aug 2007 13:13:42 -0500 From: Josh Paetzel To: chat@freebsd.org Message-ID: <20070810181342.GG83613@tcbug.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IGPMjTREWkoKVnU2" Content-Disposition: inline Cc: Subject: Creating and copying jail images X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Josh Paetzel List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 18:43:05 -0000 --IGPMjTREWkoKVnU2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I've been searching for a way to create and copy jail images around for some time now and I've found a solution that works for me and thought I would share it with list and see if anyone can poke any holes in it. Problem: I need to create a jail image that I can deploy on multiple servers, ala a generic apache jail or postgresql jail or whatever. I need to be able to simply explode this image in to a directory and have it work, I'd also like to be able to compress the image because it occasionally has to go over lower-speed WAN links. Here are the tools that I've investigated and the problems I've had with them: tar, cpio, pax: All 3 of these tools have problems with various combinations of meta-data, links, and things like device nodes. cpdup: makes perfect copies, no way to create an archive or image dump: only operates on filesystems. mksiofs: After 3 hours of trying various flags I was unable to create a perfect image, although I got close a couple of times. I finally hit on a solution that works for me. Create a filebacked md filesystem and create the initial jail on that, then dump it. From there you can use restore to explode it anywhere it's needed. so, as a quick example.... dd if=3D/dev/zero of=3D/data/jailfile bs=3D2m count=3D1000 mdconfig -a -t vnode -f jailfile -u 0 newfs /dev/md0 mount /dev/md0 /mnt cd /usr/src ; make installworld distribution DESTDIR=3D/mnt do the things you do to start the jail jexec in to it, install what you need, customizations, so on... stop the jail dump -0Laf jail.img /dev/md0 bzip2 jail.img Now you have a bzip2'd image file that you can restore to an empty directory any time you want a perfect copy of that jail. Another interesting thought is that you could restore to a file backed md device and impliment quotas...at the cost of preallocating the disk space. Anyways, for my problem set it seems to be a workable solution, whether it is useful for anyone else or not I don't know. Also, if you have a different solution or can see a flaw in this one I'd love to hear about it. --=20 Thanks, Josh Paetzel --IGPMjTREWkoKVnU2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQFGvKrWJvkB8SevrssRAhSMAKCKHcGZkuzEz+Kuqb4nnjQK137t2wCfRKwH 5wZJWf3aPdBXJO9uCM0vENs= =T3RK -----END PGP SIGNATURE----- --IGPMjTREWkoKVnU2--