Bind mounts
Recent Linux kernels support an operation called 'bind mounting' which makes part of a mounted filesystem visible at some other mount point. See 'man mount' for more information.
Bind mounts can be used to make directories on the hardware node visible to the container.
Contents
Filesystem layout
OpenVZ uses two directories. Assuming our container is numbered 777, these directories are:
VE_PRIVATE
: $VZDIR/private/777VE_ROOT
: $VZDIR/root/777
Note: $VZDIR is usually /vz , on Debian systems however this is /var/lib/vz . In this document this is further referred to as $VZDIR -- substitute it with what you have.
|
VE_PRIVATE
is a place for all the container files. VE_ROOT
is the mount point to which VE_PRIVATE
is mounted during container start (or when you run vzctl mount
Warning: If you want to do a bind mount for container, you need to use VE_ROOT (not VE_PRIVATE !) and make sure that container is mounted (this can be checked using vzctl status ).
|
Manual mount example
On the HN we have a directory /home
which we wish to make available (shared) to container 777.
The correct command to issue on the HN is:
mount --bind /home $VZDIR/root/777/home
The container must be started (or at least mounted) and the destination directory must exist. The container will see this directory mounted like this:
# df Filesystem 1K-blocks Used Available Use% Mounted on simfs 10485760 298728 10187032 3% / ext3 117662052 104510764 7174408 94% /home
During the container stop vzctl unmounts that bind mount, so you have to mount it again when you start the container for the next time. Luckily there is a way to automate it.
Make the mount persistent
Put a mount script in OpenVZ configuration directory (/etc/vz/conf/
) with the name CTID.mount
(where CTID
is container ID, like 777). This script will be executed every time you run vzctl mount
or vzctl start
for a particular container. If you need to the same for all containers, use the global mount script named vps.mount
.
From any mount script you can use the following environment variables:
${VEID}
-- container ID (like777
).${VE_CONFFILE}
-- container configuration file (like/etc/vz/conf/777.conf
)
Now, in order to get the value of VE_ROOT
you need to source both the global OpenVZ configuration file, and then the container configuration file, in that particular order. This is the same way vzctl uses to determine VE_ROOT
.
Mount script example
Here is an example of such a mount script (it can either be /etc/vz/conf/vps.mount
or /etc/vz/conf/CTID.mount
)
#!/bin/bash source /etc/vz/vz.conf source ${VE_CONFFILE} mount -n --bind /mnt/disk ${VE_ROOT}/mnt/disk
Unmount script example
For unmounting a filesystem, /etc/vz/conf/vps.umount
or /etc/vz/conf/CTID.umount
script can be used in the same way:
#!/bin/bash source /etc/vz/vz.conf source ${VE_CONFFILE} umount ${VE_ROOT}/mnt/disk
Note: CTID.umount script is not strictly required, since vzctl tries to unmount everything on CT stop. But you'd better have it anyway.
|
Read-only bind mounts
Since Linux kernel 2.6.26, bind mounts can be made read-only. The trick is to first mount as usual, and then remount it read-only:
mount --bind /home $VZDIR/root/777/home mount --bind -oremount,ro $VZDIR/root/777/home