Difference between revisions of "Bind mounts"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(Filesystem layout)
m (Better wording to clarify that the additional script is not a replacement for the one above, but rather needs to be run first.)
 
(35 intermediate revisions by 14 users not shown)
Line 1: Line 1:
Recent Linux kernels support an operation called 'bind mounting' which makes part of a mounted filesystem visible at some other mount point. See 'man mount' for more information.
 
 
 
Bind mounts can be used to make directories on the hardware node visible to the container.
 
Bind mounts can be used to make directories on the hardware node visible to the container.
  
== Filesystem layout ==
+
This is how you can make host system's <code>/mnt/disk</code> directory available to a container 777:
OpenVZ uses two directories. Assuming our container is numbered 777, these directories are:
+
<source lang="bash">
 
+
CTID=777
* <code>VE_PRIVATE</code>: $VZDIR/private/777
 
* <code>VE_ROOT</code>: $VZDIR/root/777
 
 
 
{{Note|<code>$VZDIR</code> is usually <code>/vz</code>, on Debian systems however this is <code>/var/lib/vz</code>. In this document this is further referred to as <code>$VZDIR</code> -- substitute it with what you have.}}
 
 
 
<code>VE_PRIVATE</code> is a place for all the container files. <code>VE_ROOT</code> is the mount point to which <code>VE_PRIVATE</code> is mounted during container start (or when you run <code>vzctl mount</code>
 
 
 
{{Warning|If you want to do a bind mount for container, you need to '''use <code>VE_ROOT</code>''' (not <code>VE_PRIVATE</code>!) and '''make sure that container is mounted''' (this can be checked using <code>vzctl status</code>).}}
 
 
 
== Manual mount example ==
 
 
 
On the HN we have a directory <code>/home</code> which we wish to make available (shared) to container 777.
 
 
 
The correct command to issue on the HN is:
 
 
 
  mount --bind /home $VZDIR/root/777/home
 
 
 
The container must be started (or at least mounted) and the destination directory must exist. The container will see this directory mounted like this:
 
  
# df
+
echo '#!/bin/bash
Filesystem          1K-blocks      Used Available Use% Mounted on
+
. /etc/vz/vz.conf
simfs                 10485760    298728  10187032  3% /
+
. ${VE_CONFFILE}
ext3                117662052 104510764  7174408  94% /home
+
SRC=/mnt/disk
 +
DST=/mnt/disk
 +
if [ ! -e ${VE_ROOT}${DST} ]; then mkdir -p ${VE_ROOT}${DST}; fi
 +
mount -n -t simfs ${SRC} ${VE_ROOT}${DST} -o ${SRC}
 +
' > /etc/vz/conf/${CTID}.mount
  
During the container stop vzctl unmounts that bind mount, so you have to mount it again when you start the container for the next time. Luckily there is a way to automate it.
+
chmod +x /etc/vz/conf/${CTID}.mount
 +
</source>
  
== Make the mount persistent ==
+
If you want read-only mount, add <code>-r</code> option to mount command.
  
Put a mount script in OpenVZ configuration directory (<code>/etc/vz/conf/</code>) with the name <code>''CTID''.mount</code> (where <code>''CTID''</code> is container ID, like 777). This script will be executed every time you run <code>vzctl mount</code> or <code>vzctl start</code> for a particular container. If you need to the same for all containers, use the global mount script named <code>vps.mount</code>.
+
{{Note|When specifying destination directory, always use /vz/root/ or ${VE_ROOT} env. variable <nowiki>(avoid using /vz/private)</nowiki>}}
 +
{{Note|When binding directories from one container to another, make sure you have proper boot order (See [[Man/vzctl.8|BOOTORDER]] param.)}}
  
From any mount script you can use the following environment variables:
 
* <code>${VEID}</code> -- container ID (like <code>777</code>).
 
* <code>${VE_CONFFILE}</code> -- container configuration file (like <code>/etc/vz/conf/777.conf</code>)
 
  
Now, in order to get the value of <code>VE_ROOT</code> you need to source both the global OpenVZ configuration file, and then the container configuration file, in that particular order. This is the same way vzctl uses to determine <code>VE_ROOT</code>.
+
'''Instruction above will not work on OpenVZ 7 until you run the script below to enable Bind mounts:'''
  
 +
<source lang="bash">
 +
cat <<'EOF' > /etc/vz/conf/vps.mount
 +
#!/bin/bash
 +
. ${VE_CONFFILE}
 +
VE_MOUNT=$(echo ${VE_CONFFILE} | sed 's/\.conf$/.mount/')
 +
[ -x ${VE_MOUNT} ] && . ${VE_MOUNT}
 +
exit 0
 +
EOF
  
=== Mount script example ===
+
chmod +x /etc/vz/conf/vps.mount
Here is an example of such a mount script (it can either be <code>/etc/vz/conf/vps.mount</code> or <code>/etc/vz/conf/''CTID''.mount</code>)
+
</source>
#!/bin/bash
 
source /etc/vz/vz.conf
 
source ${VE_CONFFILE}
 
mount --bind /mnt/disk ${VE_ROOT}/mnt/disk
 
 
 
 
 
=== Unmount script example ===
 
For unmounting a filesystem, <code>/etc/vz/conf/vps.umount</code> or <code>/etc/vz/conf/''CTID''.umount</code> script can be used in the same way:
 
 
 
#!/bin/bash
 
source /etc/vz/vz.conf
 
source ${VE_CONFFILE}
 
umount ${VE_ROOT}/mnt/disk
 
 
 
{{Note|<code>''CTID''.umount</code> script is not strictly required, since vzctl tries to unmount everything on CT stop. But you'd better have it anyway.}}
 
 
 
== Read-only bind mounts ==
 
 
 
Since Linux kernel 2.6.26, bind mounts can be made read-only. The trick is to first mount as usual, and then remount it read-only:
 
 
 
mount --bind /home $VZDIR/root/777/home
 
mount --bind -oremount,ro $VZDIR/root/777/home
 
  
 
== See also ==
 
== See also ==
 +
* {{Man|vzctl|8}} (ACTION SCRIPTS section)
 
* [[NFS]]
 
* [[NFS]]
 
* [[FUSE]]
 
* [[FUSE]]
 
* [[Mounting filesystems]]
 
* [[Mounting filesystems]]
 +
 +
[[Category:HOWTO]]

Latest revision as of 13:17, 20 November 2017

Bind mounts can be used to make directories on the hardware node visible to the container.

This is how you can make host system's /mnt/disk directory available to a container 777:

CTID=777

echo '#!/bin/bash
. /etc/vz/vz.conf
. ${VE_CONFFILE}
SRC=/mnt/disk
DST=/mnt/disk
if [ ! -e ${VE_ROOT}${DST} ]; then mkdir -p ${VE_ROOT}${DST}; fi
mount -n -t simfs ${SRC} ${VE_ROOT}${DST} -o ${SRC}
' > /etc/vz/conf/${CTID}.mount

chmod +x /etc/vz/conf/${CTID}.mount

If you want read-only mount, add -r option to mount command.

Yellowpin.svg Note: When specifying destination directory, always use /vz/root/ or ${VE_ROOT} env. variable (avoid using /vz/private)
Yellowpin.svg Note: When binding directories from one container to another, make sure you have proper boot order (See BOOTORDER param.)


Instruction above will not work on OpenVZ 7 until you run the script below to enable Bind mounts:

cat <<'EOF' > /etc/vz/conf/vps.mount
#!/bin/bash
. ${VE_CONFFILE}
VE_MOUNT=$(echo ${VE_CONFFILE} | sed 's/\.conf$/.mount/')
[ -x ${VE_MOUNT} ] && . ${VE_MOUNT}
exit 0
EOF

chmod +x /etc/vz/conf/vps.mount

See also[edit]