https://wiki.openvz.org/api.php?action=feedcontributions&feedformat=atom&user=ChernomorOpenVZ Virtuozzo Containers Wiki - User contributions [en]2026-06-13T16:32:40ZUser contributionsMediaWiki 1.31.1https://wiki.openvz.org/index.php?title=Bind_mounts&diff=8470Bind mounts2010-04-13T10:05:24Z<p>Chernomor: set Category:HOWTO</p>
<hr />
<div>Recent Linux kernels support an operation called 'bind mounting' which makes part of a mounted filesystem visible at some other mount point. See 'man mount' for more information.<br />
<br />
Bind mounts can be used to make directories on the hardware node visible to the container.<br />
<br />
== Filesystem layout ==<br />
OpenVZ uses two directories. Assuming our container is numbered 777, these directories are:<br />
<br />
* <code>VE_PRIVATE</code>: $VZDIR/private/777<br />
* <code>VE_ROOT</code>: $VZDIR/root/777<br />
<br />
{{Note|<code>$VZDIR</code> is usually <code>/vz</code>, on Debian systems however this is <code>/var/lib/vz</code>. In this document this is further referred to as <code>$VZDIR</code> -- substitute it with what you have.}}<br />
<br />
<code>VE_PRIVATE</code> is a place for all the container files. <code>VE_ROOT</code> is the mount point to which <code>VE_PRIVATE</code> is mounted during container start (or when you run <code>vzctl mount</code><br />
<br />
{{Warning|If you want to do a bind mount for container, you need to '''use <code>VE_ROOT</code>''' (not <code>VE_PRIVATE</code>!) and '''make sure that container is mounted''' (this can be checked using <code>vzctl status</code>).}}<br />
<br />
== Manual mount example ==<br />
<br />
On the HN we have a directory <code>/home</code> which we wish to make available (shared) to container 777.<br />
<br />
The correct command to issue on the HN is:<br />
<br />
mount --bind /home $VZDIR/root/777/home<br />
<br />
The container must be started (or at least mounted) and the destination directory must exist. The container will see this directory mounted like this:<br />
<br />
# df<br />
Filesystem 1K-blocks Used Available Use% Mounted on<br />
simfs 10485760 298728 10187032 3% /<br />
ext3 117662052 104510764 7174408 94% /home<br />
<br />
During the container stop vzctl unmounts that bind mount, so you have to mount it again when you start the container for the next time. Luckily there is a way to automate it.<br />
<br />
== Make the mount persistent ==<br />
<br />
Put a mount script in OpenVZ configuration directory (<code>/etc/vz/conf/</code>) with the name <code>''CTID''.mount</code> (where <code>''CTID''</code> is container ID, like 777). This script will be executed every time you run <code>vzctl mount</code> or <code>vzctl start</code> for a particular container. If you need to the same for all containers, use the global mount script named <code>vps.mount</code>.<br />
<br />
From any mount script you can use the following environment variables:<br />
* <code>${VEID}</code> -- container ID (like <code>777</code>).<br />
* <code>${VE_CONFFILE}</code> -- container configuration file (like <code>/etc/vz/conf/777.conf</code>)<br />
<br />
Now, in order to get the value of <code>VE_ROOT</code> you need to source both the global OpenVZ configuration file, and then the container configuration file, in that particular order. This is the same way vzctl uses to determine <code>VE_ROOT</code>.<br />
<br />
<br />
=== Mount script example ===<br />
Here is an example of such a mount script (it can either be <code>/etc/vz/conf/vps.mount</code> or <code>/etc/vz/conf/''CTID''.mount</code>)<br />
#!/bin/bash<br />
source /etc/vz/vz.conf<br />
source ${VE_CONFFILE}<br />
mount --bind /mnt/disk ${VE_ROOT}/mnt/disk<br />
<br />
<br />
=== Unmount script example ===<br />
For unmounting a filesystem, <code>/etc/vz/conf/vps.umount</code> or <code>/etc/vz/conf/''CTID''.umount</code> script can be used in the same way:<br />
<br />
#!/bin/bash<br />
source /etc/vz/vz.conf<br />
source ${VE_CONFFILE}<br />
umount ${VE_ROOT}/mnt/disk<br />
<br />
{{Note|<code>''CTID''.umount</code> script is not strictly required, since vzctl tries to unmount everything on CT stop. But you'd better have it anyway.}}<br />
<br />
== Read-only bind mounts ==<br />
<br />
Since Linux kernel 2.6.26, bind mounts can be made read-only. The trick is to first mount as usual, and then remount it read-only:<br />
<br />
mount --bind /home $VZDIR/root/777/home<br />
mount --bind -oremount,ro $VZDIR/root/777/home<br />
<br />
== See also ==<br />
* [[NFS]]<br />
* [[FUSE]]<br />
* [[Mounting filesystems]]<br />
<br />
[[Category:HOWTO]]</div>Chernomorhttps://wiki.openvz.org/index.php?title=NFS_server_inside_container&diff=7255NFS server inside container2009-04-24T08:18:38Z<p>Chernomor: Notes about nfs-user-server and busybox.</p>
<hr />
<div>There are two ways to setup NFS server on common [[HN]]:<br />
use a user-space NFS server daemon or use an in-kernel implementation<br />
of NFS server. Some peculiarities appear if you intend to run NFS server<br />
in [[container]].<br />
<br />
{{Note|for information about NFS client inside container, see [[NFS]].}}<br />
<br />
== Kernel NFS server ==<br />
Binary RPMs that are provided by OpenVZ community contain kernels compiled<br />
without NFS server support. Thus you have to<br />
[[Kernel build|recompile the kernel]] with <code>CONFIG_NFSD=m</code>. After booting in this kernel you'll be able<br />
to use NFS server on [[HN]].<br />
In-kernel NFS server runs kernel threads to service requests of clients.<br />
But for security reasons kernel threads are prohibited in [[container]]s! So you won't<br />
be able to run NFS server inside [[container]] without patching the kernel.<br />
<br />
== User-space NFS server ==<br />
Advantage of user-space NFS server is that it does not require kernel support.<br />
Also if it crashes — there is no crash of the system: just one process dies, not the kernel!<br />
The disadvantage of user-space NFS server is its productivity: no one can be faster than in-kernel implementation.<br />
<br />
One well-known implementation of NFS server is "The LINUX User-Space NFS Server" by Olaf Kirch.<br />
Some Linux distributions contain this package: Debian Sarge (<code>nfs-user-server</code>), OpenSUSE 10.0 (<code>nfs-server</code>).<br />
For other distributions you can download sources (for example from Debian repository) and compile it.<br />
There is a small trick you have to know about running <code>mountd</code> and <code>nfsd</code> (these two daemons and <code>portmap</code> constitute a user-space server). You should run them with the <code>-r</code> option:<br />
<pre><br />
# portmap<br />
# rpc.mountd -r<br />
# rpc.nfsd -r<br />
</pre><br />
The reason is that these daemons check the major number of the device where the directory to export resides.<br />
If major equals 0 then daemons assume that it is NFS and don't want to re-export it. Symptoms are<br />
that clients will always get a "permission denied" error. Simfs (the file system on which container is located)<br />
is associated with so called unnamed device, in which major equals 0. So, to prevent daemons from checking for<br />
re-exporting — just use this <code>-r</code> option.<br />
<br />
“The LINUX User-Space NFS Server” by Olaf Kirch implements NFSv2. It means that only files with sizes less<br />
than 2GB are processed. If you intend to use such big files then you should use another user-space NFS server<br />
implementation: [http://unfs3.sourceforge.net/ unfs3]. It implements v3 of NFS protocol standard.<br />
<br />
Please note that the user-space NFS server does not provide locking, or at least I couldn't get locking to work - [[User:Elronxenu|Elronxenu]] 19:49, 15 November 2007 (EST)<br />
<br />
=== On Debian Lenny ===<br />
<br />
The current stable debian version 5.0 (lenny) provides two packages for user space nfs support: <code>nfs-user-server</code> and <code>unfs3</code>. Here i describe my experiences with them --[[User:Strimo|Strimo]] 17:47, 16 February 2009 (UTC)<br />
<br />
==== nfs-user-server ====<br />
<br />
<pre><br />
aptitude install nfs-user-server<br />
</pre><br />
<br />
First i used nfs-user-server package since i didn't know unfs3. After installing i always got the '''permission denied''' error when i tried to mount any exported path until i found this article. So i patched the /etc/init.d/nfs-user-server file to include the <code>-r</code> parameter by adding <code>-- -r</code> to the <code>start-stop-daemon</code> line responsible for starting <code>rpc.mountd</code> and <code>rpc.nfsd</code>:<br />
<br />
<pre><br />
start-stop-daemon --start --oknodo --quiet --exec /usr/sbin/rpc.nfsd -- -r<br />
start-stop-daemon --start --oknodo --quiet --exec /usr/sbin/rpc.mountd -- -r<br />
</pre><br />
<br />
After the modification and a nfs server restart (<code>/etc/init.d/nfs-user-server restart</code>) i was able to mount a nfs share. At first the nfs server seems to work fine but anytime i want to edit any text file (using nano or mcedit) i got strange errors on writing to the file and i never solved the problem nor detected why this happens. So i switched to unfs3 ...<br />
<br />
<b>Note</b>: nfsmount from busybox not works with nfs-user-server in Debian Lenny, it write message "rpc failed: 2" when I try boot from nfs server. unfs3 works fine.<br />
Such problem into Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nfs-user-server/+bug/189593<br />
<br />
==== unfs3 ====<br />
<br />
<pre><br />
aptitude install unfs3<br />
</pre><br />
<br />
Works fine until now. Note that both unfs3 and nfs-user-server do not support file locking!<br />
<br />
== External links ==<br />
* [http://nfs.sourceforge.net/ Linux NFS Overview, FAQ and HOWTO Documents]<br />
* [http://www.tldp.org/LDP/nag/nag.html The Network Administrators' Guide by Olaf Kirch]<br />
* [http://unfs3.sourceforge.net/ unfs3 homepage]<br />
* [http://packages.qa.debian.org/n/nfs-user-server.html Overview of nfs-user-server source package]<br />
<br />
[[Category: HOWTO]]<br />
[[Category: Networking]]</div>Chernomor