Creating and copying jail images

I've been searching for a way to create and copy jail images around
for some time now and I've found a solution that works for me and
thought I would share it with list and see if anyone can poke any
holes in it.

Problem: I need to create a jail image that I can deploy on multiple
servers, ala a generic apache jail or postgresql jail or whatever.  I
need to be able to simply explode this image in to a directory and
have it work, I'd also like to be able to compress the image because
it occasionally has to go over lower-speed WAN links.

Here are the tools that I've investigated and the problems I've had
with them:

tar, cpio, pax:  All 3 of these tools have problems with various
combinations of meta-data, links, and things like device nodes.

cpdup: makes perfect copies, no way to create an archive or image

dump: only operates on filesystems.

mksiofs: After 3 hours of trying various flags I was unable to create
a perfect image, although I got close a couple of times.

I finally hit on a solution that works for me.

Create a filebacked md filesystem and create the initial jail on that,
then dump it.  From there you can use restore to explode it anywhere
it's needed.

so, as a quick example....

dd if=/dev/zero of=/data/jailfile bs=2m count=1000
mdconfig -a -t vnode -f jailfile -u 0
newfs /dev/md0
mount /dev/md0 /mnt
cd /usr/src ; make installworld distribution DESTDIR=/mnt
do the things you do to start the jail
jexec in to it, install what you need, customizations, so on...
stop the jail
dump -0Laf jail.img /dev/md0
bzip2 jail.img

Now you have a bzip2'd image file that you can restore to an empty
directory any time you want a perfect copy of that jail.

Another interesting thought is that you could restore to a file backed
md device and impliment quotas...at the cost of preallocating the disk
space.

Anyways, for my problem set it seems to be a workable solution,
whether it is useful for anyone else or not I don't know.

Also, if you have a different solution or can see a flaw in this one
I'd love to hear about it.

--
Thanks,

Josh Paetzel

Josh Paetzel wrote:
 > Problem: I need to create a jail image that I can deploy on multiple
 > servers, ala a generic apache jail or postgresql jail or whatever.  I
 > need to be able to simply explode this image in to a directory and
 > have it work, I'd also like to be able to compress the image because
 > it occasionally has to go over lower-speed WAN links.
 >
 > Here are the tools that I've investigated and the problems I've had
 > with them:
 >
 > tar, cpio, pax:  All 3 of these tools have problems with various
 > combinations of meta-data, links, and things like device nodes.

What exactly is the problem with tar (bsdtar)?  It handles
hard links, file flags (be sure to specify the -p option
when extracting) and everything else that's necessary.

By the way, you don't need device nodes anymore because of
DEVFS.  I think device nodes outside of DEVFS don't work
anymore anyway, so they're useless.

Best regards
   Oliver

--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"Software gets slower faster than hardware gets faster."
        -- Niklaus Wirth
_______________________________________________
freebsd-chat@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat-unsubscribe@..."

Hello everybody,

On Fri, Aug 10, 2007 at 01:13:42PM -0500, Josh Paetzel wrote:
> I've been searching for a way to create and copy jail images around
> for some time now and I've found a solution that works for me and

Supposing one doesn't need to run different operating systems or even
different kernel versions of the same OS, are there any advantages of
virtualization (Xen) over jails?  Both can be copied, moved around,
switched on/off, replaced with almos 0 downtime, etc.  What do you
think about that?

--
Angel @ Granada, Spain
PGP Public key:     http://www.ugr.es/~ama/ama-pgp-key
3EB2 967A 9404 6585 7086      8811 2CEC 2F81 9341 E591
------------------------------------------------------
() ASCII Ribbon Campaign - http://www.asciiribbon.org/
/\ Against all HTML e-mail and proprietary attachments
_______________________________________________
freebsd-chat@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat-unsubscribe@..."

Angel Martin Alganza wrote:
 > Supposing one doesn't need to run different operating systems or even
 > different kernel versions of the same OS, are there any advantages of
 > virtualization (Xen) over jails?  Both can be copied, moved around,
 > switched on/off, replaced with almos 0 downtime, etc.  What do you
 > think about that?

Jails don't give you a perfect separation.  Jails still run
under the same kernel as the host system, and if there's a
bug somewhere, you're out of luck.  You can also run into
various kinds of resource starvation with jails, i.e. jails
can use up shared resources.  All of that isn't possible
(or at least to a much smaller degree) with virtualization
solutions (xen, qemu, vmware, whatever), because they run
the guest systems in a virtual machine with their own
kernel and resources.

Having said that, jails are still a good solution for a
number of things, depending on your needs, and they do have
advantages, too.  For example, in general jails have less
overhead than virtual machines, and sometimes you want
sharing of certain resources, e.g. RAM.  That's why you
can run thousands of jails on a single server, but when
you need virtual machines, you can usually do only a
dozen or two.

There's also a third possibility:  Virtual kernels, such
as the vkernel feature of DragonFly BSD.  It does not
emulate a virtual machine, but allows processes to be run
under a completely separate kernel (which itself is
running as a process under the "real" kernel).

Best regards
   Oliver

--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.
_______________________________________________
freebsd-chat@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat-unsubscribe@..."

Oliver Fromme <olli@...> writes:
> Jails don't give you a perfect separation.  Jails still run under the
> same kernel as the host system, and if there's a bug somewhere, you're
> out of luck.  You can also run into various kinds of resource
> starvation with jails, i.e. jails can use up shared resources.  All of
> that isn't possible (or at least to a much smaller degree) with
> virtualization solutions (xen, qemu, vmware, whatever), because they
> run the guest systems in a virtual machine with their own kernel and
> resources.

In addition, numerous system features are not available or do not work
properly in jails.  You can't run a DHCP server in a jail, nor can you
easily run multiple PostgreSQL servers in separate jails on the same
machine.

DES
--
Dag-Erling Smørgrav - des@...
_______________________________________________
freebsd-chat@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat-unsubscribe@..."