From anders@totem.fix.no  Fri Dec  2 17:41:26 2005
Return-Path: <anders@totem.fix.no>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3999F16A41F;
	Fri,  2 Dec 2005 17:41:26 +0000 (GMT)
	(envelope-from anders@totem.fix.no)
Received: from totem.fix.no (totem.fix.no [80.91.36.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9DA8E43D53;
	Fri,  2 Dec 2005 17:41:25 +0000 (GMT)
	(envelope-from anders@totem.fix.no)
Received: by totem.fix.no (Postfix, from userid 1000)
	id 0B3E88DB10D; Fri,  2 Dec 2005 18:41:23 +0100 (CET)
Message-Id: <20051202174123.0B3E88DB10D@totem.fix.no>
Date: Fri,  2 Dec 2005 18:41:23 +0100 (CET)
From: Anders Nordby <anders@FreeBSD.org>
Reply-To: Anders Nordby <anders@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: pjd@FreeBSD.org, rse@FreeBSD.org, phk@FreeBSD.org
Subject: Add ability to set up vnode backed filesystems for jails in rc.conf
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         89860
>Category:       conf
>Synopsis:       [patch] [jail] Add ability to set up vnode backed filesystems for jails in rc.conf
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    matteo
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 02 17:50:01 GMT 2005
>Closed-Date:    Thu Aug 23 05:37:52 GMT 2007
>Last-Modified:  Thu Aug 23 05:37:52 GMT 2007
>Originator:     Anders Nordby <anders@FreeBSD.org>
>Release:        FreeBSD 6.0-RELEASE i386
>Organization:
Fupp
>Environment:
System: FreeBSD totem.fix.no 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Mon Nov 21 01:52:03 UTC 2005 root@master.fupp.net:/usr/obj/usr/src/sys/MASTER i386

>Description:

Currently, if you want your jail's root filesystems mounted off md(4) vnode
backed filesystems, you need to configure them first. This is a bit awkward,
cause you need to have custom scripts and/or combine with jail setup in
/etc/rc.conf.

(It is a benefit to mount jail filesystems off a vnode backed md(4) device
to keep its diskspace usage limited, so that it does not fill up diskspace
for other jails.)

>How-To-Repeat:
	
>Fix:

I added functionality for this in the jail rc-script. This is my first cut.
Maybe something needs to be improved. Any feedback is most welcome.

Global options:

jail_vnmount_fsck="YES"
jail_vnmount_fsck_y_enable="YES"
jail_vnmount_mountopts="-o noatime"
#jail_vnmount_mdconfigopts="-o async"

Per jail options:

jail_foo_vnmount="/data/jail/foo-fs:c=/data/jail/foo /data/jail/foo-fs2=/data/jail/foo/foobar"
jail_bar_vnmount="/data/jail/bar-fs:s1a=/data/jail/bar"

Adding jail_<jailname> will attempt to configure, fsck and mount the vnode
filesystems, specified as pairs of <vnode file>:<partition>=<mountdir>. The
:<parition> is optional, if empty c (the whole memory disk) is used.

It could be beneficial to configure the md(4) devices using -o async (cause
otherwise performance sucks), but mounting with -o noatime helps a bit.
Hopefully md(4) and async mode will be fixed and free from deadlocks one day.
:-)

I added my touches to the sc script after rse's unmount, and before mount
so that the vnmount and mount options can both be used for the same jail.

My patch is made for and with FreeBSD 6.0-RELEASE, but applies fine to the
HEAD/-current version also. There is only one practical problem that I see with
it now. If you try to stop a jail with interactive running processes, even
though all processes die and filesystems are umounted fine, the jail id does
not disappar. By starting and stopping a lot, you get duplicates. It doesn't
prevent the same jail from being started and stopped again however.

Here we go:

--- rc.d/jail.old	Thu Dec  1 15:00:52 2005
+++ rc.d/jail	Fri Dec  2 18:28:49 2005
@@ -59,6 +59,10 @@
 	eval jail_procfs=\"\$jail_${_j}_procfs_enable\"
 	[ -z "${jail_procfs}" ] && jail_procfs="NO"
 
+	eval jail_vnmount=\"\$jail_${_j}_vnmount\"
+	[ -z "${jail_vnmount_fsck}" ] && jail_vnmount_fsck="YES"
+	[ -z "${jail_vnmount_fsck_y_enable}" ] && jail_vnmount_fsck_y_enable="NO"
+	[ -z "${jail_mount}" ] && jail_mount="YES"
 	eval jail_mount=\"\$jail_${_j}_mount_enable\"
 	[ -z "${jail_mount}" ] && jail_mount="NO"
 	# "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified.
@@ -72,6 +76,11 @@
 	debug "$_j devfs enable: $jail_devfs"
 	debug "$_j fdescfs enable: $jail_fdescfs"
 	debug "$_j procfs enable: $jail_procfs"
+	debug "$_j vnmount: $jail_vnmount"
+	debug "$_j vnmount_mdconfigopts: $jail_vnmount_mdconfigopts"
+	debug "$_j vnmount_mountopts: $jail_vnmount_mountopts"
+	debug "$_j vnmount_fsck: $jail_vnmount_fsck"
+	debug "$_j vnmount_fsck_y_enable: $jail_vnmount_fsck_y_enable"
 	debug "$_j mount enable: $jail_mount"
 	debug "$_j hostname: $jail_hostname"
 	debug "$_j ip: $jail_ip"
@@ -139,6 +148,19 @@
 		[ -f "${jail_fstab}" ] || warn "${jail_fstab} does not exist"
 		umount -a -F "${jail_fstab}" >/dev/null 2>&1
 	fi
+	if [ -n "${jail_vnmount}" ]; then
+		for _mount_set in ${jail_vnmount}; do
+			_mountdir=${_mount_set#*=}
+			# Get md device name, only if it is an md device:
+			_dev=`mount | awk '{print $1, $3}' | egrep -E "^/dev/md[0-9a-z]+ ${_mountdir}$" | awk '{print $1}' | sed -E "s|^/dev/(md[0-9]+).*|\1|"`
+			if [ -n "$_dev" ]; then
+				if (umount -f $_mountdir >/dev/null 2>&1); then
+					mdconfig -d -u $_dev >/dev/null 2>&1
+				fi
+			fi
+		done
+		
+	fi
 }
 
 jail_start()
@@ -161,6 +183,36 @@
 		if [ -f /var/run/jail_${_jail}.id ]; then
 			echo -n " [${jail_hostname} already running (/var/run/jail_${_jail}.id exists)]"
 			continue;
+		fi
+		if [ -n "${jail_vnmount}" ]; then
+			for _mount_set in ${jail_vnmount}; do
+				_mountpair=${_mount_set%=*}
+				_vnfile=${_mountpair%:*}
+				_part=${_mountpair#*:}
+				_mountdir=${_mount_set#*=}
+				_dev=`mdconfig -a -t vnode ${jail_vnmount_mdconfigopts} -f $_vnfile 2>/dev/null`
+				if [ -n "$_dev" ]; then
+					if [ -z "$_part" -o "$_part" = "$_vnfile" ]
+					then
+						_part=c
+					fi
+					_mountdev="/dev/$_dev$_part"
+					
+					if checkyesno jail_vnmount_fsck; then
+						if checkyesno jail_vnmount_fsck_y_enable; then
+							fsck -y $_mountdev >/dev/null 2>&1
+						else
+							fsck $_mountdev >/dev/null 2>&1
+						fi
+						if [ "$?" -eq 0 ]
+						then
+							mount ${jail_vnmount_mountopts} $_mountdev $_mountdir >/dev/null 2>&1
+						else
+							warn "could not fsck ${_mountdev}"
+						fi
+					fi
+				fi
+			done
 		fi
 		if checkyesno jail_mount; then
 			info "Mounting fstab for jail ${_jail} (${jail_fstab})"
--- defaults/rc.conf.orig	Fri Dec  2 18:15:09 2005
+++ defaults/rc.conf	Fri Dec  2 18:21:41 2005
@@ -518,6 +518,11 @@
 jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname
 jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail
 jail_sysvipc_allow="NO"	# Allow SystemV IPC use from within a jail
+jail_vnmount_fsck="YES" # Fsck vnode backed jail filesystems
+jail_vnmount_fsck_y_enable="YES" # Fsck vnode backed jail filesystems using -y
+#jail_vnmount_mountopts="-o noatime" # Mount options for vnode backed jail filesystems
+#jail_vnmount_mdconfigopts="-o async" # Mdconfig options for vnode backed jail filesystems
+
 
 #
 # To use rc's built-in jail infrastructure create entries for
@@ -536,6 +541,7 @@
 #jail_example_devfs_ruleset="ruleset_name"	# devfs ruleset to apply to jail
 #jail_example_fstab=""				# fstab(5) for mount/umount
 #jail_example_flags="-l -U root"		# flags for jail(8)
+#jail_example_vnmount="/data/jail/example-fs:c=/data/jail/example # pairs of md/vnode filesystems to be mounted, :c part is partition and is optional
 
 ##############################################################
 ### Define source_rc_confs, the mechanism used by /etc/rc.* ##
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->matteo 
Responsible-Changed-By: matteo 
Responsible-Changed-When: Fri Jan 20 22:10:19 UTC 2006 
Responsible-Changed-Why:  
Grab this one 

http://www.freebsd.org/cgi/query-pr.cgi?pr=89860 

Adding to audit trail from misfiled PR conf/100531:

Date: Wed, 19 Jul 2006 12:54:53 +0100
From: Florent Thoumie <flz@FreeBSD.org>
 
 Didn't know about this PR.
 
 I think jail rc script is getting overly complex and such feature is
 already present in HEAD with mdconfig{,2} scripts. Please give them a
 try. I might MFC them for 6.2R if I get sufficient successful reports.
 
 -- 
 Florent Thoumie
 flz@FreeBSD.org
 FreeBSD Committer

Adding to audit trail from misfiled PR conf/100534:

Date: Wed, 19 Jul 2006 14:44:43 +0200
From: Anders Nordby <anders@FreeBSD.org>
 
 > I think jail rc script is getting overly complex and such feature is
 > already present in HEAD with mdconfig{,2} scripts. Please give them a
 > try. I might MFC them for 6.2R if I get sufficient successful reports.
 
 As we discussed on chat.
 
 Those mdconfig scripts does not cover the need/wish to be able to set up
 a vnode backed filesystem at the point of starting/stopping the jail, so
 that you can actually run the jail from that filesystem.
 
 Cheers,
 
 -- 
 Anders.
State-Changed-From-To: open->feedback 
State-Changed-By: matteo 
State-Changed-When: Tue Feb 13 16:05:51 UTC 2007 
State-Changed-Why:  
IMHO you should use jail_<jname>_fstab for this task, now that it is possible to use mount_mfs in fstab  

http://www.freebsd.org/cgi/query-pr.cgi?pr=89860 
State-Changed-From-To: feedback->closed 
State-Changed-By: matteo 
State-Changed-When: Thu Aug 23 05:37:27 UTC 2007 
State-Changed-Why:  
Feedback timeout 


http://www.freebsd.org/cgi/query-pr.cgi?pr=89860 
>Unformatted:
