zfs and freebsd jails
Post on 15-May-2015
4.824 Views
Preview:
TRANSCRIPT
ZFS and FreeBSD Jailsapeiron (old Greek word for ∞)apeiron@cpan.orgfosscon 2012
Saturday, August 11, 12
A stroll dive down the rabbit holeThis won't hurt a bit(that may or may not be a facsimile of me when working)
Saturday, August 11, 12
http://www.flickr.com/photos/stars6/4381851322/in/photostream/
Some FreeBSD mythbusting
Fully functional Unix
Server, desktop, router, firewall, etc.
>23000 third-party applications in the ports tree
Probably not the best desktop; well-suited to a server
Has most of the cool features from Solaris; will be talking about one and a half of them today
Saturday, August 11, 12
One and a half?
This talk discusses ZFS and FreeBSD jails
ZFS, of course, comes from Solaris
This talk also covers FreeBSD jails
When creating zones, the Solaris devs used jails as an inspiration
Saturday, August 11, 12
ZFSThe Zettabyte File System
Saturday, August 11, 12
http://www.flickr.com/photos/ess-jay/2438565511/
What the heck is a Zettabyte, anyway?
2^70 bytes
ZFS is meant to scale far beyond the current and projected possible future limitations of hardware
The theoretical maximum filesystem size is 256 quadrillion zettabytes
That's 256,000,000,000,000,000 zettabytes
That's 256,000,000,000,000,000 * 2^70 bytes
Saturday, August 11, 12
Feature summaryResource forks
POSIX attributes and ACLs
Compression
Encryption
Deduplication
Built-in volume manager
Built-in software RAID
Snapshots
COW data model (cheap snapshots (very important for us))
Caching
Too much for one slide
Saturday, August 11, 12
Things we'll talk about today
Volume manager
Snapshots
COW data model
Saturday, August 11, 12
Volume manager
The ZFS volume manager provides native striping
Makes it easy to add heterogenous disks to a pool
No more worrying about getting geometries exactly the same
Creates a nice abstraction from the physical layer
Saturday, August 11, 12
Snapshots
They're exactly what they say on the tin
Take a snapshot of the filesystem and it's there when you want it
You can do all kinds of cool things with them, like send them over the network and clone them
Saturday, August 11, 12
COW Data ModelThe COW model is really where ZFS shines for containers
COW (copy on write): if two copies of a snapshot have the same data, only one copy exists on disk until a clone writes to a file; then, a copy is made for the delta
This makes snapshots, clones, and thus jails quick and cheap to create
Absolutely critical to the container use case
Saturday, August 11, 12
Let's be JailbirdsYou may pay me $50 to get out
Saturday, August 11, 12
Some FreeBSD background
FreeBSD boots via /sbin/init like any other Unix
/sbin/init runs /etc/rc, which sources /etc/rc.conf
/etc/rc.conf controls which services start at boot, and also configures things like IP addresses, default route, and jails
Saturday, August 11, 12
Jails: Not just chroot(2)Everything lives under a directory mounted on the FS
You can access the jail via chroot, but you don't get all the wins with this technique
Every jail has at least one IPv4/IPv6 address
Lightweight
Lots of management tools
Advanced technique: run Linux in a jail
Saturday, August 11, 12
Some jail toolsjexec
jls
jailadmin
jailctl
jailer
jailme
jailrc
jailuser
jailutils
jkill
jps
... and so on
Saturday, August 11, 12
How jails work
Install enough of FreeBSD to boot (/sbin/init calls /etc/rc, which boots the system)
Generally do this by building + installing source tree
Then configure the jail and start it
We'll be using the more flexible jailrc from the ports tree, rather than the default script
Saturday, August 11, 12
Still not as cool as ZonesBut pretty close
Saturday, August 11, 12
http://www.flickr.com/photos/paldorslate/1761863421/
What does this get us?It turns out that it gets us lots of cool stuff
Saturday, August 11, 12
http://www.flickr.com/photos/daikrieg/1294053038/
Basic workflow summaryCreate a zpool
Create a filesystem
Install base jail to filesystem
Snapshot
Create desired environment
Snapshot
Clone desired environment or base as desired
???
Profit!
Saturday, August 11, 12
Some workflows this supports
Per-developer dev environments
Dev/staging/QA/etc./prod
Dev/prod
Prod
Saturday, August 11, 12
Show Example jailrc Config
Saturday, August 11, 12
Per-developer container
Create base jail
Create snapshot
Clone as necessary per developer
hack hack hack...
Push changes up to git repo / etc.
Saturday, August 11, 12
Dev/staging/QA/etc./prod
Create base jail
Snapshot
Clone for dev
zfs send | zfs recv for staging/qa/etc./prod
If something passes a stage, promote it to the next-closest to prod
Saturday, August 11, 12
Dev/prod
Like dev/etc./prod but more cowboyish
With ZFS it's still better than other filesystems
Snapshots mean it's easy to fix mistakes when they make it into prod (no workflow prevents mistakes getting to prod)
Just clone from a working snapshot and go
Saturday, August 11, 12
Prod
Even more cowbowish than dev/prod
This is the sort of thing where developers work directly on production
Unwise, but ZFS makes it less suck
Snapshots save the day
Saturday, August 11, 12
Live (prepared) demo!
Saturday, August 11, 12
Bibliography
FreeBSD Handbook
ZFS Administration Guide
jailrc manpage
Saturday, August 11, 12
Questions?
Saturday, August 11, 12
top related