docs/140814: [handbook][patch] Chapter 15 - Jails: add section on creating file-backed jails
Glen Barber
glen.j.barber at gmail.com
Tue Nov 24 01:00:12 UTC 2009
>Number: 140814
>Category: docs
>Synopsis: [handbook][patch] Chapter 15 - Jails: add section on creating file-backed jails
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 24 01:00:12 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Glen Barber
>Release: 8.0-PRERELEASE
>Organization:
>Environment:
FreeBSD orion 8.0-PRERELEASE FreeBSD 8.0-PRERELEASE #3 r199595: Fri Nov 20 23:08:22 EST 2009 root at orion:/usr/obj/usr/src/sys/ORION amd64
>Description:
The jail(8) utility alone does not contain a mechanism to control disk space on a per-jail basis, thus all jails on one system view all free space on the mountpoint as free space.
Solutions for this exist; for example, creating separate filesystem slices per-jail. The problem with this solution is the need for planning ahead in avoidance of reallocation disk space.
vnode-backed md(4) devices can remedy this solution, allowing administrators to create chunks of a filesystem on-the-fly, while maintaining space quotas within their jails.
The attached patch explains how to create space limitations for jails using vnode-backed md(4) devices.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
--- doc/en_US.ISO8859-1/books/handbook/jails/chapter.sgml.orig 2009-11-10 18:17:21.000000000 -0500
+++ doc/en_US.ISO8859-1/books/handbook/jails/chapter.sgml 2009-11-23 19:35:10.000000000 -0500
@@ -964,4 +964,117 @@
</sect3>
</sect2>
</sect1>
+
+ <sect1 id="jail-file-backed">
+ <title>File-Backed Jails</title>
+
+ <sect2 id="jail-creating-file-backed">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Glen</firstname>
+ <surname>Barber</surname>
+ <contrib>Contributed by </contrib>
+ <!-- 23 November 2009 -->
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>Creating a File-Backed Jail</title>
+
+ <para>
+ The &man.jail.8; environment alone provides no mechanism to restrict disk
+ space used by the &man.jail.8;. Though there are many way to achieve this,
+ for example, using separate disk slices for each &man.jail.8;, this section
+ will show you how to create file-backed jails using &man.md.4; devices.</para>
+
+ <sect3 id="jail-creating-memory-file">
+ <title>Creating the Memory File</title>
+
+ <para>In this section, there will be one &man.jail.8; created in the <filename
+ class="directory">/usr/jails/www</filename> directory, using <filename
+ class="directory">/usr/jails/images</filename> as the directory
+ containing the image file.</para>
+
+ <procedure>
+ <step>
+ <para>Create the directories and image file for the jail:</para>
+ <screen>&prompt.root; <userinput>mkdir /usr/jails</userinput>
+&prompt.root; <userinput>cd /usr/jails</userinput>
+&prompt.root; <userinput>mkdir images www</userinput></screen></step>
+
+ <step>
+ <para>Create the vnode-backed &man.md.4; device using &man.mdmfs.8;,
+ backed by <filename>www.img</filename>. In the below example, the
+ image file is 10 gigabytes in size:</para>
+
+ <screen>&prompt.root; <userinput>touch images/www.img</userinput>
+&prompt.root; <userinput>mdmfs -F images/www.img -s 10g md101 /usr/jails/www</userinput></screen>
+ <note>
+ <para>Please note, although the <filename>www.img</filename> file
+ was created as a 10 Gigabyte file, only 8 Gigabytes will be shown
+ as available. On default UFS filesystems, the system reserves 8
+ percent of the filesystem. For more information, please read
+ &man.tunefs.8;.
+ </para>
+ </note>
+ </step>
+
+ <step>
+ <para>&man.df.1; output should present output similar to the following:</para>
+
+ <screen>Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/mirror/gm0s1a 4058062 478866 3254552 13% /
+devfs 1 1 0 100% /dev
+/dev/mirror/gm0s1e 507630 398 466622 0% /tmp
+/dev/mirror/gm0s1f 461439472 115610770 308913546 27% /usr
+/dev/mirror/gm0s1d 3008142 137834 2629658 5% /var
+/dev/md101 9159102 4 8426370 0% /usr/jails/www</screen>
+ </step>
+ </procedure>
+ </sect3>
+
+ <sect3 id="jail-file-backed-fstab">
+ <title>Edit <filename>/etc/fstab</filename></title>
+
+ <procedure>
+ <step>
+ <para>The memory devices will not be automatically recreated after rebooting
+ the system. To achieve this, edit <filename>/etc/fstab</filename>. An
+ example &man.fstab.5; configuration:</para>
+
+ <screen># Device Mountpoint FStype Options Dump Pass#
+/dev/mirror/gm0s1b none swap sw 0 0
+/dev/mirror/gm0s1a / ufs rw 1 1
+/dev/mirror/gm0s1e /tmp ufs rw 2 2
+/dev/mirror/gm0s1f /usr ufs rw 2 2
+/dev/mirror/gm0s1d /var ufs rw 2 2
+/dev/acd0 /cdrom cd9660 ro,noauto 0 0
+# www jail
+md101 /usr/jails/www mfs rw,-P,-F/usr/jails/images/www.img 0 0</screen>
+ </step>
+
+ <step>
+ <para>To verify the system will &man.mount.8; the device successfully
+ after a system reboot, verify there are no &man.fstab.5;
+ errors:</para>
+
+ <screen><userinput>&prompt.root; mount -a </userinput></screen>
+
+ </step>
+ </procedure>
+
+ <para>Following the steps outlined in the beginning of this chapter,
+ create the &man.jail.8; using <filename
+ class="directory">/usr/jails/www</filename> as the destination
+ directory.</para>
+
+ <para>Should you find the need to move this jail to another machine,
+ stop the &man.jail.8;, &man.umount.8; <filename
+ class="directory">/usr/jails/www</filename>, and copy the
+ <filename>www.img</filename> file to the remote machine.</para>
+
+ </sect3>
+ </sect2>
+ </sect1>
</chapter>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-doc
mailing list