OpenVZ Virtuozzo Containers Wiki - User contributions [en]

Bind mounts

2010-09-20T10:10:25Z

Richard: /* Read-only bind mounts */

Recent Linux kernels support an operation called 'bind mounting' which makes part of a mounted filesystem visible at some other mount point. See 'man mount' for more information.

Bind mounts can be used to make directories on the hardware node visible to the container.

== Filesystem layout ==
OpenVZ uses two directories. Assuming our container is numbered 777, these directories are:

* <code>VE_PRIVATE</code>: $VZDIR/private/777
* <code>VE_ROOT</code>: $VZDIR/root/777

{{Note|<code>$VZDIR</code> is usually <code>/vz</code>, on Debian systems however this is <code>/var/lib/vz</code>. In this document this is further referred to as <code>$VZDIR</code> -- substitute it with what you have.}}

<code>VE_PRIVATE</code> is a place for all the container files. <code>VE_ROOT</code> is the mount point to which <code>VE_PRIVATE</code> is mounted during container start (or when you run <code>vzctl mount</code>

{{Warning|If you want to do a bind mount for container, you need to '''use <code>VE_ROOT</code>''' (not <code>VE_PRIVATE</code>!) and '''make sure that container is mounted''' (this can be checked using <code>vzctl status</code>).}}

== Manual mount example ==

On the HN we have a directory <code>/home</code> which we wish to make available (shared) to container 777.

The correct command to issue on the HN is:

mount --bind /home $VZDIR/root/777/home

The container must be started (or at least mounted) and the destination directory must exist. The container will see this directory mounted like this:

# df
Filesystem 1K-blocks Used Available Use% Mounted on
simfs 10485760 298728 10187032 3% /
ext3 117662052 104510764 7174408 94% /home

During the container stop vzctl unmounts that bind mount, so you have to mount it again when you start the container for the next time. Luckily there is a way to automate it.

== Make the mount persistent ==

Put a mount script in OpenVZ configuration directory (<code>/etc/vz/conf/</code>) with the name <code>''CTID''.mount</code> (where <code>''CTID''</code> is container ID, like 777). This script will be executed every time you run <code>vzctl mount</code> or <code>vzctl start</code> for a particular container. If you need to the same for all containers, use the global mount script named <code>vps.mount</code>.

From any mount script you can use the following environment variables:
* <code>${VEID}</code> -- container ID (like <code>777</code>).
* <code>${VE_CONFFILE}</code> -- container configuration file (like <code>/etc/vz/conf/777.conf</code>)

Now, in order to get the value of <code>VE_ROOT</code> you need to source both the global OpenVZ configuration file, and then the container configuration file, in that particular order. This is the same way vzctl uses to determine <code>VE_ROOT</code>.

=== Mount script example ===
Here is an example of such a mount script (it can either be <code>/etc/vz/conf/vps.mount</code> or <code>/etc/vz/conf/''CTID''.mount</code>)
#!/bin/bash
source /etc/vz/vz.conf
source ${VE_CONFFILE}
mount -n --bind /mnt/disk ${VE_ROOT}/mnt/disk

After creating script please make it executable by issuing "chmod +x CTID.mount" at command line otherwise vm fails to start

=== Unmount script example ===
For unmounting a filesystem, <code>/etc/vz/conf/vps.umount</code> or <code>/etc/vz/conf/''CTID''.umount</code> script can be used in the same way:

#!/bin/bash
source /etc/vz/vz.conf
source ${VE_CONFFILE}
umount ${VE_ROOT}/mnt/disk

{{Note|<code>''CTID''.umount</code> script is not strictly required, since vzctl tries to unmount everything on CT stop. But you'd better have it anyway.}}

umount scripts could cause trouble and errors on VM start and might not be required if using the -n option on mount. [http://forum.openvz.org/index.php?t=msg&goto=37800&&srch=using+-n+and+no+umount+script#msg_37800 read forum post]

== Read-only bind mounts ==

Since Linux kernel 2.6.26, bind mounts can be made read-only. The trick is to first mount as usual, and then remount it read-only:

mount -n --bind /home $VZDIR/root/777/home
mount -n --bind -oremount,ro $VZDIR/root/777/home

With some kernels you need to add the sourcedirectory also: mount -n --bind -oremount,ro '''/home''' $VZDIR/root/777/home

Sometimes it is usefull to have a folder read-only mounted in a VPS, but also be able to put files in that directory. If you want that, just create an other directory and simlink the read only files into that folder:

vzctl exec2 777 mkdir /addfileshere && vzctl exec2 777 ln -s /home/* /addfileshere/

Now the /addfileshere folder is fully writable and it even feels like it is possible to delete files (but that are only the simlinks).

== See also ==
* [[NFS]]
* [[FUSE]]
* [[Mounting filesystems]]

[[Category:HOWTO]]

Bind mounts

2010-09-20T10:08:48Z

Richard: /* Read-only bind mounts */

Recent Linux kernels support an operation called 'bind mounting' which makes part of a mounted filesystem visible at some other mount point. See 'man mount' for more information.

Bind mounts can be used to make directories on the hardware node visible to the container.

== Filesystem layout ==
OpenVZ uses two directories. Assuming our container is numbered 777, these directories are:

* <code>VE_PRIVATE</code>: $VZDIR/private/777
* <code>VE_ROOT</code>: $VZDIR/root/777

{{Note|<code>$VZDIR</code> is usually <code>/vz</code>, on Debian systems however this is <code>/var/lib/vz</code>. In this document this is further referred to as <code>$VZDIR</code> -- substitute it with what you have.}}

<code>VE_PRIVATE</code> is a place for all the container files. <code>VE_ROOT</code> is the mount point to which <code>VE_PRIVATE</code> is mounted during container start (or when you run <code>vzctl mount</code>

{{Warning|If you want to do a bind mount for container, you need to '''use <code>VE_ROOT</code>''' (not <code>VE_PRIVATE</code>!) and '''make sure that container is mounted''' (this can be checked using <code>vzctl status</code>).}}

== Manual mount example ==

On the HN we have a directory <code>/home</code> which we wish to make available (shared) to container 777.

The correct command to issue on the HN is:

mount --bind /home $VZDIR/root/777/home

The container must be started (or at least mounted) and the destination directory must exist. The container will see this directory mounted like this:

# df
Filesystem 1K-blocks Used Available Use% Mounted on
simfs 10485760 298728 10187032 3% /
ext3 117662052 104510764 7174408 94% /home

During the container stop vzctl unmounts that bind mount, so you have to mount it again when you start the container for the next time. Luckily there is a way to automate it.

== Make the mount persistent ==

Put a mount script in OpenVZ configuration directory (<code>/etc/vz/conf/</code>) with the name <code>''CTID''.mount</code> (where <code>''CTID''</code> is container ID, like 777). This script will be executed every time you run <code>vzctl mount</code> or <code>vzctl start</code> for a particular container. If you need to the same for all containers, use the global mount script named <code>vps.mount</code>.

From any mount script you can use the following environment variables:
* <code>${VEID}</code> -- container ID (like <code>777</code>).
* <code>${VE_CONFFILE}</code> -- container configuration file (like <code>/etc/vz/conf/777.conf</code>)

Now, in order to get the value of <code>VE_ROOT</code> you need to source both the global OpenVZ configuration file, and then the container configuration file, in that particular order. This is the same way vzctl uses to determine <code>VE_ROOT</code>.

=== Mount script example ===
Here is an example of such a mount script (it can either be <code>/etc/vz/conf/vps.mount</code> or <code>/etc/vz/conf/''CTID''.mount</code>)
#!/bin/bash
source /etc/vz/vz.conf
source ${VE_CONFFILE}
mount -n --bind /mnt/disk ${VE_ROOT}/mnt/disk

After creating script please make it executable by issuing "chmod +x CTID.mount" at command line otherwise vm fails to start

=== Unmount script example ===
For unmounting a filesystem, <code>/etc/vz/conf/vps.umount</code> or <code>/etc/vz/conf/''CTID''.umount</code> script can be used in the same way:

#!/bin/bash
source /etc/vz/vz.conf
source ${VE_CONFFILE}
umount ${VE_ROOT}/mnt/disk

{{Note|<code>''CTID''.umount</code> script is not strictly required, since vzctl tries to unmount everything on CT stop. But you'd better have it anyway.}}

umount scripts could cause trouble and errors on VM start and might not be required if using the -n option on mount. [http://forum.openvz.org/index.php?t=msg&goto=37800&&srch=using+-n+and+no+umount+script#msg_37800 read forum post]

== Read-only bind mounts ==

Since Linux kernel 2.6.26, bind mounts can be made read-only. The trick is to first mount as usual, and then remount it read-only:

mount -n --bind /home $VZDIR/root/777/home
mount -n --bind -oremount,ro $VZDIR/root/777/home

With some kernels you need to add the sourcedirectory also: mount -n --bind -oremount,ro '''/home''' $VZDIR/root/777/home

Sometimes it is usefull to have a folder read-only mounted in a VPS, but also be able to put files in that directory. If you want that, just create an other directory and simlink the read only files into that folder:

vzctl exec2 777 mkdir /addfileshere
ln -s /home/* /addfileshere/

Now the /addfileshere folder is fully writable and it even feels like it is possible to delete files (but that are only the simlinks).

== See also ==
* [[NFS]]
* [[FUSE]]
* [[Mounting filesystems]]

[[Category:HOWTO]]