Use Sparse Files for FreeBSD jails?

Posted by: admin  :  Category: FreeBSD, jails, Operating Systems, Virtualization

Thinking about FreeBSD jails and an elder post of mine about putting jails within loopback-mounted disk images to enforce disk quota, I asked myself if I should use sparse files or pre-allocated files as virtual disk image for jail-based userland separation.
Read more…

Debian GNU/kFreeBSD inside native FreeBSD jail

Posted by: admin  :  Category: Debian GNU/Linux, FreeBSD, jails

It has been some time now since development on Debian GNU/kFreeBSD started, which aims at bringing together the FreeBSD kernel with a GNU userland.

There exists a similar implementation called Gentoo GNU/kFreeBSD, although I had no time yet to review it.
Read more…

FreeBSD patch: enable fsck in mdmfs

Posted by: admin  :  Category: Hacks, jails

This patch is actually a follow-up development to my article on implementing filesystem allocation limits on FreeBSD jails.

My previous article basically lined out how to place jails inside a vnode-backed memory device to enforce filesystem allocation limits. This became possible through a new flag introduced to mdmfs in FreeBSD-CURRENT which allowed to skip 'newfs' (which requires mdmfs actually to be called mount_md to work properly).

This solution is quiet handy as it will automagically mount the container volumes as required. But since we do not live in a perfect world - and computers ain't perfect either - crashes do happen. File system corruption on volumes will prevent jails to startup as their (virtual) root device will fail to mount.
This is where this patch comes in. It will enable mdmfs to optionally run an fsck on given volumes.

To apply the patch, create a new temporary build directory first:

#mkdir /root/mount_md
#cd /root/mount_md

Then get the original source code from CVS. Maybe it’s easiest to get this particular release through WebCSV at http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/sbin/mdmfs/mdmfs.c?rev=1.27.

Save this file to your previously created build directory.

If you have wget at hands you can also download it directly.

#wget -user-agent='Mozilla/5.0' 'http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/sbin/mdmfs/mdmfs.c?rev=1.27' -output-document=/root/mount_md/mount_md.c

Download and apply the patch: mount_md.c.diff

#wget -user-agent='Mozilla/5.0' 'http://www.phunsites.net/wp/wp-content/uploads/2006/07/mount_md.c.diff.txt' -output-document=/root/mount_md/mount_md.c.diff

#patch < /root/mount_md/mount_md.c.diff

Compile the source:

#gcc /root/mount_md/mount_md.c -o /root/mount_md/mount_md

Then copy the file to some location you like, eg. /usr/sbin.

#cp /root/mount_md/mount_md /usr/sbin/mount_md
Make sure you call the file as given in the example. It won’t work otherwise.

Special care must be taken that you DO NOT replace your existing mdmfs binary file by this new version. DO NOT overwrite it. Do not rename this patch to mdmfs. Use the names provided in this example instead.

Setup Jail’s fstab

Now check out your jail's fstab and look for this line:

md /var/jails/192.168.0.1 md rw,-P,-F/mnt/r5_vol1/jails/192.168.0.1/rootfs.volume

Change it as follows:

md /var/jails/192.168.0.1 md rw,-P,-F/mnt/r5_vol1/jails/192.168.0.1/rootfs.volume,-Tufs

or

md /var/jails/192.168.0.1 md rw,-P,-F/mnt/r5_vol1/jails/192.168.0.1/rootfs.volume,-tufs

The difference in the two lies in the '-T' or '-t' argument. Both enable fsck before mounting the volume, hence '-T' runs 'fsck -y' while '-t' does not.

You need also to provide the filesystem type with either option for fsck to work properly.

Streamline Userland Installation On FreeBSD Jails Using Sysinstall

Posted by: admin  :  Category: jails

There is probably a dozen of ways to install the userland for use within a FreeBSD jail.

Most of the documentation I saw (including the man page itself) refers to building/installing from the source tree. Sysinstall seems only to be considered for additional post-configuration tasks and is always run inside of the jail.

While building/installing a jail may have it’s advantages in respect to security flaws or bugs in general, installing through sysinstall may be faster and probably less error prone.
Read more…

Implementing Filesystem Allocation Limits On FreeBSD Jails

Posted by: admin  :  Category: jails

FreeBSD jails are very powerful indeed. While it is rather easy to setup a jail for encapsulation of single services (let’s think of it as a more luxury chroot environment then), it’s also no big thing to adapt them to create ‘virtual’ servers similar to what Virtuozzo and OpenVZ for Linux try to achieve.
Read more…

Installing Trimmed-Down Userland To FreeBSD Jails

Posted by: admin  :  Category: jails

For obvious reasons there is a lot of howto’s on FreeBSD jails. One of the IMHO best is, besides the man page ;-), at section6wiki.

While the howto explains everything you need to get started, I was fiddling around with a way to install a trimmed-down userland to a jail without editing or moving around /etc/make.conf. The reason to do this is simple: The system in question was not solely decicated to running jails and I wanted to avoid the toolchain within the jails at any cost. So I basically looked only for a simple and fast way to install the userland without tampering with my existing configuration.
Read more…