ZFS Zpool and jail

[zader]

Hi guys,

Just windering what the best practice is (and maybe a sample or walk though) on setting up a jail and passing either a pool or vol to a vsftp or samba share within a jail?

I guess the part thats not real clear is how to read/write to a volume/vdev thats on the host from a jail.

Thanks

 

[SirDice]

You can "assign" a dataset to a jail using zfs jail. The host will then ignore it and the jail can take full control of it. Most of the time however you don't really need it as you can make cleaver use of nullfs(5) to mount additional data directories from the host to one or more jails.

 

[zader]

Just to clarify
The jail is on its own zvol, the volume/pool to be used for the nas should be seperate from the host and jail but accessable from both.

Ie
Host is on main zpool
Jail is a vdev on /usr/jails/nas

Should the nas be a few volumes in /dev/zfs.. then create a secondary pool on the host.. ? Or just create a secondary pool on the host? Etc

Thanks

 

[SirDice]

the volume/pool to be used for the nas should be seperate from the host and jail but accessible from both.

That's not possible with zfs jail. If you want this use nullfs(5).

 

[zader]

gosh lol so fast, I didn't even have time to re-post my thought to make it more clear.. haha but nether the less thanks.
this nas is a poc that I'm trying to replicate via VM...

the real nas will be a hardware host with 2 primary drives and 12storage drives.

my thought was

install os (use the 2 drives as a mirror) zpool 1
create and install jail
from the host, create the raid : 12x 4TB, raidz3 (raid7) aka zpool 2
set the zfs jail flag on zpool2

then access the pool from the jail.

and for my vm.. an acceptable replication of the hardware poc would be
create vm with 14 virtual hard drives and configure as above..?


given my use case, would it be better to just stick with zfs jail? or use it as a nullfs? is there any pros vs cons or perfomrance / security issues between them?

thanks again for your help.

 

[dinsdale]

I'm trying to do something similar (I think). I have two zpools:

russellh@sylvester:~> zpool list
NAME      SIZE  ALLOC   FREE  CKPOINT  EXPANDSZ   FRAG    CAP  DEDUP  HEALTH  ALTROOT
storage   928G  13.5G   914G        -         -     0%     1%  1.00x  ONLINE  -
zroot     107G  39.6G  67.4G        -         -    24%    37%  1.00x  ONLINE  -

russellh@sylvester:/storage> zfs list
NAME                                                           USED  AVAIL  REFER  MOUNTPOINT
storage                                                       13.5G   885G  13.5G  /storage
storage/jails                                                   23K   885G    23K  /storage/jails
zroot                                                         39.6G  64.0G    88K  /zroot
zroot/ROOT                                                    5.29G  64.0G    88K  none
zroot/ROOT/default                                            5.29G  64.0G  5.29G  /
zroot/iocell                                                  32.9G  64.0G   164K  /iocell
zroot/iocell/download                                          466M  64.0G    88K  /iocell/download
zroot/iocell/download/11.1-RELEASE                             260M  64.0G   260M  /iocell/download/11.1-RELEASE
zroot/iocell/download/12.0-RELEASE                             206M  64.0G   206M  /iocell/download/12.0-RELEASE
zroot/iocell/jails                                            30.9G  64.0G    96K  /iocell/jails
zroot/iocell/jails/124c8e15-a459-11e9-be52-00259070d370        265M  64.0G   104K  /iocell/jails/124c8e15-a459-11e9-be52-00259070d370
zroot/iocell/jails/124c8e15-a459-11e9-be52-00259070d370/root   265M  64.0G   265M  /iocell/jails/124c8e15-a459-11e9-be52-00259070d370/root
zroot/iocell/jails/15bba306-7383-11e8-b92c-00259070d370       14.6G  64.0G   104K  /iocell/jails/15bba306-7383-11e8-b92c-00259070d370
zroot/iocell/jails/15bba306-7383-11e8-b92c-00259070d370/root  14.6G  64.0G  14.6G  /iocell/jails/15bba306-7383-11e8-b92c-00259070d370/root
zroot/iocell/jails/31458547-8015-11e8-b92c-00259070d370       6.05G  64.0G   104K  /iocell/jails/31458547-8015-11e8-b92c-00259070d370
zroot/iocell/jails/31458547-8015-11e8-b92c-00259070d370/root  6.05G  64.0G  7.93G  /iocell/jails/31458547-8015-11e8-b92c-00259070d370/root
zroot/iocell/jails/36853aad-6941-11e8-abc4-00259070d370       4.76G  64.0G  5.63M  /iocell/jails/36853aad-6941-11e8-abc4-00259070d370
zroot/iocell/jails/36853aad-6941-11e8-abc4-00259070d370/root  4.75G  64.0G  4.55G  /iocell/jails/36853aad-6941-11e8-abc4-00259070d370/root
zroot/iocell/jails/467e7819-6d62-11e9-9e23-00259070d370       3.14G  64.0G   100K  /iocell/jails/467e7819-6d62-11e9-9e23-00259070d370
zroot/iocell/jails/467e7819-6d62-11e9-9e23-00259070d370/root  3.14G  64.0G  3.14G  /iocell/jails/467e7819-6d62-11e9-9e23-00259070d370/root
zroot/iocell/jails/5a5ae396-a5f4-11e9-be52-00259070d370       2.16G  64.0G   104K  /iocell/jails/5a5ae396-a5f4-11e9-be52-00259070d370
zroot/iocell/jails/5a5ae396-a5f4-11e9-be52-00259070d370/root  2.16G  64.0G  2.16G  /iocell/jails/5a5ae396-a5f4-11e9-be52-00259070d370/root
zroot/iocell/releases                                         1.53G  64.0G    88K  /iocell/releases
zroot/iocell/releases/11.1-RELEASE                             984M  64.0G    88K  /iocell/releases/11.1-RELEASE
zroot/iocell/releases/11.1-RELEASE/root                        984M  64.0G   984M  /iocell/releases/11.1-RELEASE/root
zroot/iocell/releases/12.0-RELEASE                             583M  64.0G    88K  /iocell/releases/12.0-RELEASE
zroot/iocell/releases/12.0-RELEASE/root                        583M  64.0G   583M  /iocell/releases/12.0-RELEASE/root
zroot/iocell/templates                                          88K  64.0G    88K  /iocell/templates

I'd like to mount a folder under storage/jails onto /iocell/jails/467e7819-6d62-11e9-9e23-00259070d370/root/storage. I tried adding a line to the jail fstab but that was a disaster. Any suggestions? To be clear, it doesn't need to be set up exactly like that. I just need more storage space in my jail so I can build llvm. My main disk is filling up and I am concerned about the size of the LLVM build.

 

[SirDice]

If it's just temporary something like mount -t nullfs /storage/jails/somedir /iocell/jails/467e7819-6d62-11e9-9e23-00259070d370/root/storage/somedir should work. You will need to do this from the host, not from within the jail.

The extra mount probably isn't going to show up inside the jail (due to enforce_statfs) but it will be there, just test it by creating a couple of test files and checking on the host.

 

[zader]

this is what I came up with for mounting stuff in jails..

from the host

#1 make a mount point in the jails file system
# mkdir /zroot/iocage/jails/124c8e15-a459-11e9-be52-00259070d370/root/media/storage

#2 set the mount using iocage (is the same as editing the file but makes it all pretty)
# iocage fstab -a 124c8e15-a459-11e9-be52-00259070d370 storage/jails /media/storage nullfs rw 0 0

A detailed walkthrough / example can be found here: jailed_plex