Attachment #101359 for bug #140814

View | Details | Raw Unified | Return to bug 140814
Collapse All | Expand All




      </sect3>
    </sect2>
  </sect1>

  <sect1 id="jail-file-backed">
    <title>File-Backed Jails</title>

      <sect2 id="jail-creating-file-backed">
      <sect2info>
	<authorgroup>
	  <author>
	    <firstname>Glen</firstname>
	    <surname>Barber</surname>
	    <contrib>Contributed by </contrib>
	    <!-- 23 November 2009 -->
	  </author>
	</authorgroup>
      </sect2info>
      
      <title>Creating a File-Backed Jail</title>
      
      <para>
        The &man.jail.8; environment alone provides no mechanism to restrict disk
        space used by the &man.jail.8;.  Though there are many way to achieve this,
        for example, using separate disk slices for each &man.jail.8;, this section
        will show you how to create file-backed jails using &man.md.4; devices.</para>

      <sect3 id="jail-creating-memory-file">
       <title>Creating the Memory File</title>

        <para>In this section, there will be one &man.jail.8; created in the <filename
          class="directory">/usr/jails/www</filename> directory, using <filename
          class="directory">/usr/jails/images</filename> as the directory 
          containing the image file.</para>
   
        <procedure>
          <step>
            <para>Create the directories and image file for the jail:</para>
              <screen>&prompt.root; <userinput>mkdir /usr/jails</userinput>
&prompt.root; <userinput>cd /usr/jails</userinput>
&prompt.root; <userinput>mkdir images www</userinput></screen></step>
   
          <step>
            <para>Create the vnode-backed &man.md.4; device using &man.mdmfs.8;,
              backed by <filename>www.img</filename>.  In the below example, the
              image file is 10 gigabytes in size:</para>
   
            <screen>&prompt.root; <userinput>touch images/www.img</userinput>
&prompt.root; <userinput>mdmfs -F images/www.img -s 10g md101 /usr/jails/www</userinput></screen>
            <note>
	      <para>Please note, although the <filename>www.img</filename> file
	        was created as a 10 Gigabyte file, only 8 Gigabytes will be shown
		as available.  On default UFS filesystems, the system reserves 8 
		percent of the filesystem.  For more information, please read 
		&man.tunefs.8;.
              </para>
            </note>
          </step>
   
          <step>
            <para>&man.df.1; output should present output similar to the following:</para>
   
            <screen>Filesystem         1K-blocks      Used     Avail Capacity  Mounted on
/dev/mirror/gm0s1a   4058062    478866   3254552    13%    /
devfs                      1         1         0   100%    /dev
/dev/mirror/gm0s1e    507630       398    466622     0%    /tmp
/dev/mirror/gm0s1f 461439472 115610770 308913546    27%    /usr
/dev/mirror/gm0s1d   3008142    137834   2629658     5%    /var
/dev/md101           9159102         4   8426370     0%    /usr/jails/www</screen>
          </step>
        </procedure>
      </sect3>

       <sect3 id="jail-file-backed-fstab">
        <title>Edit <filename>/etc/fstab</filename></title>
    
         <procedure>
           <step>
             <para>The memory devices will not be automatically recreated after rebooting
               the system.  To achieve this, edit <filename>/etc/fstab</filename>.  An
               example &man.fstab.5; configuration:</para>
    
             <screen># Device                Mountpoint      FStype  Options         Dump    Pass#
/dev/mirror/gm0s1b      none            swap    sw              0       0
/dev/mirror/gm0s1a      /               ufs     rw              1       1
/dev/mirror/gm0s1e      /tmp            ufs     rw              2       2
/dev/mirror/gm0s1f      /usr            ufs     rw              2       2
/dev/mirror/gm0s1d      /var            ufs     rw              2       2
/dev/acd0               /cdrom          cd9660  ro,noauto       0       0
# www jail
md101      /usr/jails/www mfs rw,-P,-F/usr/jails/images/www.img 0       0</screen>
           </step>
    
           <step>
             <para>To verify the system will &man.mount.8; the device successfully 
	       after a system reboot, verify there are no &man.fstab.5; 
	       errors:</para>
    
             <screen><userinput>&prompt.root; mount -a </userinput></screen>
    
           </step>
         </procedure>
    
           <para>Following the steps outlined in the beginning of this chapter,
	     create the &man.jail.8; using <filename 
	     class="directory">/usr/jails/www</filename> as the destination
             directory.</para>
    
           <para>Should you find the need to move this jail to another machine, 
	     stop the &man.jail.8;, &man.umount.8; <filename 
	     class="directory">/usr/jails/www</filename>, and copy the 
	     <filename>www.img</filename> file to the remote machine.</para>
    
      </sect3>
    </sect2> 
  </sect1>
</chapter>

Return to bug 140814

Lines 964-967 Link Here

(-)doc/en_US.ISO8859-1/books/handbook/jails/chapter.sgml (+113 lines)
964	</sect3>	964	</sect3>
965	</sect2>	965	</sect2>
966	</sect1>	966	</sect1>
		967
		968	<sect1 id="jail-file-backed">
		969	<title>File-Backed Jails</title>
		970
		971	<sect2 id="jail-creating-file-backed">
		972	<sect2info>
		973	<authorgroup>
		974	<author>
		975	<firstname>Glen</firstname>
		976	<surname>Barber</surname>
		977	<contrib>Contributed by </contrib>
		978	<!-- 23 November 2009 -->
		979	</author>
		980	</authorgroup>
		981	</sect2info>
		982
		983	<title>Creating a File-Backed Jail</title>
		984
		985	<para>
		986	The &man.jail.8; environment alone provides no mechanism to restrict disk
		987	space used by the &man.jail.8;. Though there are many way to achieve this,
		988	for example, using separate disk slices for each &man.jail.8;, this section
		989	will show you how to create file-backed jails using &man.md.4; devices.</para>
		990
		991	<sect3 id="jail-creating-memory-file">
		992	<title>Creating the Memory File</title>
		993
		994	<para>In this section, there will be one &man.jail.8; created in the <filename
		995	class="directory">/usr/jails/www</filename> directory, using <filename
		996	class="directory">/usr/jails/images</filename> as the directory
		997	containing the image file.</para>
		998
		999	<procedure>
		1000	<step>
		1001	<para>Create the directories and image file for the jail:</para>
		1002	<screen>&prompt.root; <userinput>mkdir /usr/jails</userinput>
		1003	&prompt.root; <userinput>cd /usr/jails</userinput>
		1004	&prompt.root; <userinput>mkdir images www</userinput></screen></step>
		1005
		1006	<step>
		1007	<para>Create the vnode-backed &man.md.4; device using &man.mdmfs.8;,
		1008	backed by <filename>www.img</filename>. In the below example, the
		1009	image file is 10 gigabytes in size:</para>
		1010
		1011	<screen>&prompt.root; <userinput>touch images/www.img</userinput>
		1012	&prompt.root; <userinput>mdmfs -F images/www.img -s 10g md101 /usr/jails/www</userinput></screen>
		1013	<note>
		1014	<para>Please note, although the <filename>www.img</filename> file
		1015	was created as a 10 Gigabyte file, only 8 Gigabytes will be shown
		1016	as available. On default UFS filesystems, the system reserves 8
		1017	percent of the filesystem. For more information, please read
		1018	&man.tunefs.8;.
		1019	</para>
		1020	</note>
		1021	</step>
		1022
		1023	<step>
		1024	<para>&man.df.1; output should present output similar to the following:</para>
		1025
		1026	<screen>Filesystem 1K-blocks Used Avail Capacity Mounted on
		1027	/dev/mirror/gm0s1a 4058062 478866 3254552 13% /
		1028	devfs 1 1 0 100% /dev
		1029	/dev/mirror/gm0s1e 507630 398 466622 0% /tmp
		1030	/dev/mirror/gm0s1f 461439472 115610770 308913546 27% /usr
1031	/dev/mirror/gm0s1d 3008142 137834 2629658 5% /var
1032	/dev/md101 9159102 4 8426370 0% /usr/jails/www</screen>
1033	</step>
1034	</procedure>
1035	</sect3>
1036
1037	<sect3 id="jail-file-backed-fstab">
1038	<title>Edit <filename>/etc/fstab</filename></title>
1039
1040	<procedure>
1041	<step>
1042	<para>The memory devices will not be automatically recreated after rebooting
1043	the system. To achieve this, edit <filename>/etc/fstab</filename>. An
1044	example &man.fstab.5; configuration:</para>
1045
1046	<screen># Device Mountpoint FStype Options Dump Pass#
1047	/dev/mirror/gm0s1b none swap sw 0 0
1048	/dev/mirror/gm0s1a / ufs rw 1 1
1049	/dev/mirror/gm0s1e /tmp ufs rw 2 2
1050	/dev/mirror/gm0s1f /usr ufs rw 2 2
1051	/dev/mirror/gm0s1d /var ufs rw 2 2
1052	/dev/acd0 /cdrom cd9660 ro,noauto 0 0
1053	# www jail
1054	md101 /usr/jails/www mfs rw,-P,-F/usr/jails/images/www.img 0 0</screen>
1055	</step>
1056
1057	<step>
1058	<para>To verify the system will &man.mount.8; the device successfully
1059	after a system reboot, verify there are no &man.fstab.5;
1060	errors:</para>
1061
1062	<screen><userinput>&prompt.root; mount -a </userinput></screen>
1063
1064	</step>
1065	</procedure>
1066
1067	<para>Following the steps outlined in the beginning of this chapter,
1068	create the &man.jail.8; using <filename
1069	class="directory">/usr/jails/www</filename> as the destination
1070	directory.</para>
1071
1072	<para>Should you find the need to move this jail to another machine,
1073	stop the &man.jail.8;, &man.umount.8; <filename
1074	class="directory">/usr/jails/www</filename>, and copy the
1075	<filename>www.img</filename> file to the remote machine.</para>
1076
1077	</sect3>
1078	</sect2>
1079	</sect1>
967	</chapter>	1080	</chapter>