Date: Thu, 21 Mar 2002 06:39:00 +1100 From: BSD Freak <bsd-freak@mbox.com.au> To: Scott Bolte <listS+freebsd-questions@niss.com>, FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: File system layout with multiple jails Message-ID: <23ae4a023b002c.23b002c23ae4a0@mbox.com.au>
next in thread | raw e-mail | index | archive | help
Sure I'll help beta test....
----- Original Message -----
From: Scott Bolte <listS+freebsd-questions@niss.com>
Date: Thursday, March 21, 2002 1:30 am
Subject: Re: File system layout with multiple jails
> I'm turning it into a package over the next few weeks. If
> you want to be a beta tester let me know.
>
> Scott
>
> On Tue, 19 Mar 2002 21:23:52 +1100, BSD Freak wrote:
> > Very clever! Would you mind posting the contents of scripts on
> the this
> > list or perhaps on somewhere on the web. It would be very helpful
> to
> > many I think.......
> >
> > ----- Original Message -----
> > From: Scott Bolte <listS+freebsd-questions@niss.com>
> > Date: Thursday, February 14, 2002 11:59 pm
> > Subject: Re: File system layout with multiple jails
> >
> > > On Thu, 14 Feb 2002 17:44:14 +1100, BSD Freak wrote:
> > > > Hi everyone,
> > > >
> > > > Does anyone have any bright ideas for good file system
> layouts
> > > when
> > > > running multiple jails?
> > >
> > > I won't say they are bright, but the ideas reflected in
> > > this layout are working well for me:
> > >
> > > /jails/ Home for most jail related material. Note I do not
> > > backup /jails every night as I do other partitions.
> > > (I do backup /data every night and you'll see below
> > > how I make use of that in a jail.)
> > >
> > > /jails is its own partition so if it fills, it will
> > > not cause problems for the host system.
> > >
> > > /jails/{jail_X}/
> > > The root for one specific jail. Of course if you
> > > have sets of jails, then /jails/jail_A/{cell_1,cell_2}
> > > and /jails/jail_B/{cell_10,cell_11} where cell_#
> > > is actually the root directory works well for
> > > keeping them well organized.
> > >
> > > /jails/etc/rc.d/
> > > Startup scripts (e.g. jail_X.sh) for all jails.
> > >
> > > If you augment $local_startup in /etc/rc.conf to
> > > include /jails/etc/rc.d then all the jails will be
> > > started automatically.
> > >
> > > /jails/bin/
> > > Jail management scripts.
> > >
> > > .../bin/JAIL_CTL.sh A generic start, stop, enter, trace,
> > > ps script. Each jail's startup
> > > script sets a bunch of environment
> > > variables and then calls JAIL_CTL.
> > >
> > > .../bin/jail_clone duplicates a jail.
> > >
> > > .../bin/jail_ps runs ps for all the processes in
> > > a specific jail.
> > >
> > > /jails/var/trace/
> > > Home for kdump traces of jail execution.
> > >
> > > /jails/template/
> > > A reference jail that I can clone in a few minutes
> > > time. Much easier then running (make world) every
> > > time I need a new jail.
> > >
> > > /data/jails/{jail_X}/
> > > If there is a /data/jails/{jail_X} present, then
> > > it is automatically mounted as /jails/{jail_X}/data
> > > when the jail is started. That way the /data
> > > directory in a jail can be treated separately then
> > > from the rest of the jail.
> > >
> > > One caveat if you do this. Multiple jails, each
> > > with their own uid space, will rapidly overlap in
> > > the host's uid space. To avoid this, my jail creation
> > > script hashes the jail's IP address to create a
> > > (relatively) unique starting point for that jail's
> > > uids. That starting uid is placed in the jail's
> > > /et chances that uids will collide.
> > >
> > > /data/jails/{jail_X}/home/
> > > Symlink to /data/home (in the jail of course). If
> > > /data/jails/{jail_X} is mounted on the jail's /data,
> > > then the home partition in the jail is actually
> > > coming from /data of the host and therefore will
> > > be backed up on a regular basis.
> > >
> > > /data/jails/{jail_X}/proc/
> > > If it is present, then /proc is mounted on this
> > > directory when a jail is started and unmounted when
> > > it is stopped.
> > >
> > >
> > > > How do I stop /var/log in one the jails from filling up the
> > > whole drive
> > > > and affecting the rest without giving each jail it's own
> partition?> > >
> > > > Is it possible to some how set a quota on how large a
> particular
> > > > directory can get?
> > >
> > > About all I can think of is to make a directory, and all its
> > > subordinate directories, owned by a specific user. You can
> > > then have per user quotas.
> > >
> > > For the specific example of /var/log, you'd have to set the
> > > user to be root_X. If you then set the user-ID-on-execution
> > > bit (see chmod(1) or chmod(2)) for /var/log so all new files
> > > and directories created under it would also be owned by root_X.
> > >
> > > I suspect you'd have to pre-populate your /var/log directory
> > > and chown everything to root_X. If you then change everything
> > > there to have world write permissions then root in the jail
> > > can update the files. Having world write access is a bad
> > > idea, but it's your trade-off to consider.
> > >
> > >
> > > Scott
> > >
> >
> > ------------------------------------------------------------------
> ---
> > Would you like to receive faxes to your personal email address?
> > You can with mBox. Visit http://www.mbox.com.au/fax
>
>
---------------------------------------------------------------------
Never lose a fax again, receive faxes to your personal email account!
Visit http://www.mbox.com.au/fax
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?23ae4a023b002c.23b002c23ae4a0>