1
edit
Changes
m
Recent Linux kernels support an operation called 'bind mounting' which makes part of a mounted filesystem visible at some other mount point. See 'man bind' for more information.
OpenVZ uses two directories. Assuming our This is how you can make host system's <code>/mnt/disk</code> directory available to a container is numbered 777, these directories are:<source lang="bash">CTID=777
echo '#!/bin/bash. /etc/vz/vz.conf. $VZROOT{VE_CONFFILE}SRC=/mnt/diskDST=/privatemnt/777disk if [ ! -e $VZROOT{VE_ROOT}${DST} ]; then mkdir -p ${VE_ROOT}${DST}; fimount -n -t simfs ${SRC} ${VE_ROOT}${DST} -o ${SRC}' > /rootetc/777vz/conf/${CTID}.mount
{{Note|<code>$VZROOT<chmod +x /code> is usually <code>etc/vz</code>, on Debian systems however this is <code>conf/var/lib/vz</code>${CTID}. In this document this is further referred to as <code>$VZROOTmount</codesource> -- substitute it with what you have.}}
The $VZROOTIf you want read-only mount, add <code>-r</private directory contains root directory contentscode> option to mount command. This directory or subdirectory may be symlinked onto a different file system, for example:
{{Note|When specifying destination directory, always use /vz/root/ or $VZROOT{VE_ROOT} env. variable <nowiki>(avoid using /vz/private -)</nowiki> }}{{Note|When binding directories from one container to another, make sure you have proper boot order (See [[Man/mnt/openvzvzctl.8|BOOTORDER]] param.)}}
Putting container root directories onto a separate file system (not the hardware node root file system) is good storage management practice. It protects the Hardware Node root file system from being filled up by a container; this could cause problems on the Hardware Node.
== Requirement =='''Instruction above will not work on OpenVZ 7 until you run the script below to enable Bind mounts:'''
You would think that you could bind mount this directory, as in: <code>mount --bind /home $VZROOT/private/777/home</code> but this does not work — the contents of <code>/home<chmod +x /code> cannot be seen within the container. This is where the second directory listed above (<code>$VZROOTetc/rootvz/777<conf/code>) is used. If a container is not started, this directory is empty. But after starting a container, this directory contains what the container sees as its mounted file systemsvps. The correct command to issue on the HN is: mount --bind /home $VZROOT/root/777/home The container must be started and the destination directory must exist. The container will see this directory mounted like this: # df Filesystem 1K-blocks Used Available Use% Mounted on simfs 10485760 298728 10187032 3% / tmpfs 484712 0 484712 0% /lib/init/rw tmpfs 484712 0 484712 0% /dev/shm ext3 117662052 104510764 7174408 94% /home == Read-only bind mounts == Since Linux kernel 2.6.26, bind mounts can be made read-only. The trick is to first mount as usual, and then do remount (i.e. mount with <code>-o remount,ro</codesource> flags).
Better wording to clarify that the additional script is not a replacement for the one above, but rather needs to be run first.
Bind mounts can be used to make directories on the hardware node visible to the container.
<source lang="bash">cat <<'EOF''On the HN we have a directory <code>/home<etc/vz/conf/vps.mount#!/bin/code> which we wish to make available bash. ${VE_CONFFILE}VE_MOUNT=$(sharedecho ${VE_CONFFILE} | sed 's/\.conf$/.mount/') to all containers[ -x ${VE_MOUNT} ] && .'''${VE_MOUNT}exit 0EOF
== See also ==
* {{Man|vzctl|8}} (ACTION SCRIPTS section)
* [[NFS]]
* [[FUSE]]
* [[Mounting filesystems]]
[[Category:HOWTO]]