[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] disk labeling

Don Munyak wrote:
> labeling
> I just want to confirm what I think I understand.
> I have a pair if SATA 250 GB drives in hardware raid.
> FreeBSD during install see's them as one drive.
> This "suggested" disk labeling is follow for a dedicated mail server.
> /root   256 M
> swap    2   GB
> /var    12  GB
> /tmp    1   GB
> /usr    5   GB
> /home   <the remainder>
> Since I want to use jails, AND since the default location for all
> jails is /usr/jails, am I correct in my assumption for the following
> Disk Partitions:
> /            256 M   
> /root   512 M
> swap    2   GB
> /var    12  GB
> /tmp    1   GB
> /usr    <the remainder>
> /home   5   GB

Hi Don,

That sounds like a reasonable setup. It does depend a bit on what you
intend on doing. Some people have a different uses for jails all together:
the host system can be a workstation and the jails kept minimalist and
only used to separate services and applications e.g. to test them for
compatibility, building with different versions of libraries, etc.

So you can have the classic stripped down jail "host system" where you are
running other full system "jailed hosts" *or* you can run "jailed
applications" on a more full featured host system (others can jump in and
correct my terminology if I am wrong here). And ezjail can help you do
both :) I take it you are more interested in the former (i.e. each jail
will have a full system in it). We have used ezjail with several different

- your exact approach (but with no home; since /home is usually /usr/home

- separate storage that we mount onto /usr/jails (a second RAID5 array or
mirrored pairs of disks) for the jails data.

- remote drive with all the jail data. Not sure this is recommended or
not: it was temporary. We didn't use NFS. I think it was some geom trickery.

- a large disk (RAID) with partitions laid out much as you have described
except keeping /usr/ quite small (since it is on the host system) and
having separate partition that mounts into /usr/jails.

We use normal backup tools for the /usr/jails/ partition and have a spare
copy of it along with a separate system capable of mounting and running
the /usr/jails/ partition. Barely anything on our base jail host system
ever changes. I would like to hear about other people's backup schemes.
Per jail? (e.g. when hosting clients one per jail) or all jails at once?
Using rdiff-backup, dump, rbackup, snapshots, or ... ?

For the jails' file systems we use a mix of:

- dedicated jail partitions (e.g. one GPT partition per jail)

- all jails in /usr/jail as sparse images (some with softupdates turned
on). We haven't started using gjournal or anything fancy on the host
system's fs yet.

Other things:

We're still experimenting/learning about stuff like immutable flags on the
host system, different securelevels for host and jails (now possible?? but
I'm not sure ezjail has a flag for it yet). Unless people need to login to
the jails we usually don't run ssh - except on the main jail host (and
then it is only accessible from certain hosts behind our fw) and on
certain "hardened" jails. Some people do the opposite.

I'm looking forward to what might be possible using virtual network stacks
(different network interfaces and pf instance per jail!) e.g. Marko Zec's
"virtnet" work (on FreeBSD). Dragonfly's virtual kernel work looks
interesting too. And of course the almighty ZFS!!! :-) There'll be a
virtnet talk at BSDCan in May in Ottawa:

This list has some great and informative discussion (and even debate!)
about jails, so be sure to check the archives for more tips.


Graham Todd