Editing Bind mounts

Recent Linux kernels support an operation called 'bind mounting' which makes part of a mounted filesystem visible at some other mount point. See 'man bind' for more information.

Bind mounts can be used to make directories on the hardware node visible to the container.

OpenVZ uses two directories. Assuming our container is numbered 777, these directories are:

 $VZROOT/private/777
 $VZROOT/root/777

{{Note|<code>$VZROOT</code> is usually <code>/vz</code>, on Debian systems however this is <code>/var/lib/vz</code>. In this document this is further referred to as <code>$VZROOT</code> -- substitute it with what you have.}}

The $VZROOT/private directory contains root directory contents. This directory or subdirectory may be symlinked onto a different file system, for example:

  $VZROOT/private -> /mnt/openvz

Putting container root directories onto a separate file system (not the hardware node root file system) is good storage management practice. It protects the Hardware Node root file system from being filled up by a container; this could cause problems on the Hardware Node.

== Requirement ==

'''On the HN we have a directory <code>/home</code> which we wish to make available (shared) to all containers.'''

You would think that you could bind mount this directory, as in: <code>mount --bind /home $VZROOT/private/777/home</code> but this does not work — the contents of <code>/home</code> cannot be seen within the container.

This is where the second directory listed above (<code>$VZROOT/root/777</code>) is used. If a container is not started, this directory is empty. But after starting a container, this directory contains what the container sees as its mounted file systems.

The correct command to issue on the HN is:

  mount --bind /home $VZROOT/root/777/home

The container must be started and the destination directory must exist. The container will see this directory mounted like this:

 # df
 Filesystem           1K-blocks      Used Available Use% Mounted on
 simfs                 10485760    298728  10187032   3% /
 tmpfs                   484712         0    484712   0% /lib/init/rw
 tmpfs                   484712         0    484712   0% /dev/shm
 ext3                 117662052 104510764   7174408  94% /home

== Read-only bind mounts ==

Since Linux kernel 2.6.26, bind mounts can be made read-only. The trick is to first mount as usual, and then do remount (i.e. mount with <code>-o remount,ro</code> flags).

== See also ==
* [[NFS]]
* [[FUSE]]
* [[Mounting filesystems]]
@@ Line 1: / Line 1: @@
+Recent Linux kernels support an operation called 'bind mounting' which makes part of a mounted filesystem visible at some other mount point. See 'man bind' for more information.
 Bind mounts can be used to make directories on the hardware node visible to the container.
-This is how you can make host system's <code>/mnt/disk</code> directory available to a container 777:
+OpenVZ uses two directories. Assuming our container is numbered 777, these directories are:
-<source lang="bash">
-CTID=777
-echo '#!/bin/bash
+ $VZROOT/private/777
-. /etc/vz/vz.conf
+ $VZROOT/root/777
-. ${VE_CONFFILE}
-SRC=/mnt/disk
-DST=/mnt/disk
-if [ ! -e ${VE_ROOT}${DST} ]; then mkdir -p ${VE_ROOT}${DST}; fi
-mount -n -t simfs ${SRC} ${VE_ROOT}${DST} -o ${SRC}
-' > /etc/vz/conf/${CTID}.mount
-chmod +x /etc/vz/conf/${CTID}.mount
+{{Note|<code>$VZROOT</code> is usually <code>/vz</code>, on Debian systems however this is <code>/var/lib/vz</code>. In this document this is further referred to as <code>$VZROOT</code> -- substitute it with what you have.}}
-</source>
-If you want read-only mount, add <code>-r</code> option to mount command.
+The $VZROOT/private directory contains root directory contents. This directory or subdirectory may be symlinked onto a different file system, for example:
-{{Note|When specifying destination directory, always use /vz/root/ or ${VE_ROOT} env. variable <nowiki>(avoid using /vz/private)</nowiki>}}
+  $VZROOT/private -> /mnt/openvz
-{{Note|When binding directories from one container to another, make sure you have proper boot order (See [[Man/vzctl.8|BOOTORDER]] param.)}}
+Putting container root directories onto a separate file system (not the hardware node root file system) is good storage management practice. It protects the Hardware Node root file system from being filled up by a container; this could cause problems on the Hardware Node.
-'''Instruction above will not work on OpenVZ 7 until you run the script below to enable Bind mounts:'''
+== Requirement ==
-<source lang="bash">
+'''On the HN we have a directory <code>/home</code> which we wish to make available (shared) to all containers.'''
-cat <<'EOF' > /etc/vz/conf/vps.mount
-#!/bin/bash
-. ${VE_CONFFILE}
-VE_MOUNT=$(echo ${VE_CONFFILE} | sed 's/\.conf$/.mount/')
-[ -x ${VE_MOUNT} ] && . ${VE_MOUNT}
-exit 0
-EOF
-chmod +x /etc/vz/conf/vps.mount
+You would think that you could bind mount this directory, as in: <code>mount --bind /home $VZROOT/private/777/home</code> but this does not work — the contents of <code>/home</code> cannot be seen within the container.
-</source>
+This is where the second directory listed above (<code>$VZROOT/root/777</code>) is used. If a container is not started, this directory is empty. But after starting a container, this directory contains what the container sees as its mounted file systems.
+The correct command to issue on the HN is:
+  mount --bind /home $VZROOT/root/777/home
+The container must be started and the destination directory must exist. The container will see this directory mounted like this:
+ # df
+ Filesystem           1K-blocks      Used Available Use% Mounted on
+ simfs                 10485760    298728  10187032   3% /
+ tmpfs                   484712         0    484712   0% /lib/init/rw
+ tmpfs                   484712         0    484712   0% /dev/shm
+ ext3                 117662052 104510764   7174408  94% /home
+== Read-only bind mounts ==
+Since Linux kernel 2.6.26, bind mounts can be made read-only. The trick is to first mount as usual, and then do remount (i.e. mount with <code>-o remount,ro</code> flags).
 == See also ==
-* {{Man|vzctl|8}} (ACTION SCRIPTS section)
 * [[NFS]]
 * [[FUSE]]
 * [[Mounting filesystems]]
-[[Category:HOWTO]]