Difference between revisions of "Bind mounts"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(removed misleading info (we have per-container quotas to prevent the described situation))
m (Better wording to clarify that the additional script is not a replacement for the one above, but rather needs to be run first.)
 
(39 intermediate revisions by 17 users not shown)
Line 1: Line 1:
Recent Linux kernels support an operation called 'bind mounting' which makes part of a mounted filesystem visible at some other mount point. See 'man bind' for more information.
 
 
 
Bind mounts can be used to make directories on the hardware node visible to the container.
 
Bind mounts can be used to make directories on the hardware node visible to the container.
  
OpenVZ uses two directories. Assuming our container is numbered 777, these directories are:
+
This is how you can make host system's <code>/mnt/disk</code> directory available to a container 777:
 
+
<source lang="bash">
$VZROOT/private/777
+
CTID=777
$VZROOT/root/777
 
 
 
{{Note|<code>$VZROOT</code> is usually <code>/vz</code>, on Debian systems however this is <code>/var/lib/vz</code>. In this document this is further referred to as <code>$VZROOT</code> -- substitute it with what you have.}}
 
 
 
The $VZROOT/private directory contains root directory contents. This directory or subdirectory may be symlinked onto a different file system, for example:
 
 
 
  $VZROOT/private -> /mnt/openvz
 
 
 
== Requirement ==
 
 
 
'''On the HN we have a directory <code>/home</code> which we wish to make available (shared) to all containers.'''
 
  
You would think that you could bind mount this directory, as in: <code>mount --bind /home $VZROOT/private/777/home</code> but this does not work — the contents of <code>/home</code> cannot be seen within the container.
+
echo '#!/bin/bash
 +
. /etc/vz/vz.conf
 +
. ${VE_CONFFILE}
 +
SRC=/mnt/disk
 +
DST=/mnt/disk
 +
if [ ! -e ${VE_ROOT}${DST} ]; then mkdir -p ${VE_ROOT}${DST}; fi
 +
mount -n -t simfs ${SRC} ${VE_ROOT}${DST} -o ${SRC}
 +
' > /etc/vz/conf/${CTID}.mount
  
This is where the second directory listed above (<code>$VZROOT/root/777</code>) is used. If a container is not started, this directory is empty. But after starting a container, this directory contains what the container sees as its mounted file systems.
+
chmod +x /etc/vz/conf/${CTID}.mount
 +
</source>
  
The correct command to issue on the HN is:
+
If you want read-only mount, add <code>-r</code> option to mount command.
  
  mount --bind /home $VZROOT/root/777/home
+
{{Note|When specifying destination directory, always use /vz/root/ or ${VE_ROOT} env. variable <nowiki>(avoid using /vz/private)</nowiki>}}
 +
{{Note|When binding directories from one container to another, make sure you have proper boot order (See [[Man/vzctl.8|BOOTORDER]] param.)}}
  
The container must be started and the destination directory must exist. The container will see this directory mounted like this:
 
  
# df
+
'''Instruction above will not work on OpenVZ 7 until you run the script below to enable Bind mounts:'''
Filesystem          1K-blocks      Used Available Use% Mounted on
 
simfs                10485760    298728  10187032  3% /
 
tmpfs                  484712        0    484712  0% /lib/init/rw
 
tmpfs                  484712        0    484712  0% /dev/shm
 
ext3                117662052 104510764  7174408  94% /home
 
  
== Read-only bind mounts ==
+
<source lang="bash">
 +
cat <<'EOF' > /etc/vz/conf/vps.mount
 +
#!/bin/bash
 +
. ${VE_CONFFILE}
 +
VE_MOUNT=$(echo ${VE_CONFFILE} | sed 's/\.conf$/.mount/')
 +
[ -x ${VE_MOUNT} ] && . ${VE_MOUNT}
 +
exit 0
 +
EOF
  
Since Linux kernel 2.6.26, bind mounts can be made read-only. The trick is to first mount as usual, and then do remount (i.e. mount with <code>-o remount,ro</code> flags).
+
chmod +x /etc/vz/conf/vps.mount
 +
</source>
  
 
== See also ==
 
== See also ==
 +
* {{Man|vzctl|8}} (ACTION SCRIPTS section)
 
* [[NFS]]
 
* [[NFS]]
 
* [[FUSE]]
 
* [[FUSE]]
 
* [[Mounting filesystems]]
 
* [[Mounting filesystems]]
 +
 +
[[Category:HOWTO]]

Latest revision as of 13:17, 20 November 2017

Bind mounts can be used to make directories on the hardware node visible to the container.

This is how you can make host system's /mnt/disk directory available to a container 777: 

CTID=777

echo '#!/bin/bash
. /etc/vz/vz.conf
. ${VE_CONFFILE}
SRC=/mnt/disk
DST=/mnt/disk
if [ ! -e ${VE_ROOT}${DST} ]; then mkdir -p ${VE_ROOT}${DST}; fi
mount -n -t simfs ${SRC} ${VE_ROOT}${DST} -o ${SRC}
' > /etc/vz/conf/${CTID}.mount

chmod +x /etc/vz/conf/${CTID}.mount

If you want read-only mount, add -r option to mount command.

Yellowpin.svg Note: When specifying destination directory, always use /vz/root/ or ${VE_ROOT} env. variable (avoid using /vz/private)
Yellowpin.svg Note: When binding directories from one container to another, make sure you have proper boot order (See BOOTORDER param.)


Instruction above will not work on OpenVZ 7 until you run the script below to enable Bind mounts: 

cat <<'EOF' > /etc/vz/conf/vps.mount
#!/bin/bash
. ${VE_CONFFILE}
VE_MOUNT=$(echo ${VE_CONFFILE} | sed 's/\.conf$/.mount/')
[ -x ${VE_MOUNT} ] && . ${VE_MOUNT}
exit 0
EOF

chmod +x /etc/vz/conf/vps.mount

See also[edit]

Retrieved from "https://wiki.openvz.org/index.php?title=Bind_mounts&oldid=22841"