Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-17 07:42:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
1b224f3aa5542e85fbd498da124c94e660a65337
hackacad/docs/chapters/zfs-support.rst
tschettervictor f249f8c574 Update zfs-support.rst
2025-05-17 19:28:32 -06:00

130 lines
5.1 KiB
ReStructuredText
Raw Blame History

ZFS Support
===========
.. image:: /images/bastillebsd-twitter-poll.png
:width: 400
:alt: Alternative text
Bastille 0.4 added initial support for ZFS. ``bastille bootstrap`` and
``bastille create`` will generate ZFS volumes based on settings found in the
``bastille.conf``. This section outlines how to enable and configure Bastille
for ZFS. As of Bastille 0.13 you no longer need to do these steps manually. The
setup program when you run:
.. code-block:: shell
bastille setup
will create the zfs settings for you IF you are running zfs. This section is
left in the documents for historical purposes, and so you can understand what
the setup program is doing AND so if you need to tweak your settings for some
reason.
Two values are required for Bastille to use ZFS. The default values in the
``bastille.conf`` are NO and empty. Populate these two to enable ZFS.
.. code-block:: shell
## ZFS options
bastille_zfs_enable="" ## default: "NO"
bastille_zfs_zpool="" ## default: ""
bastille_zfs_prefix="bastille" ## default: "${bastille_zfs_zpool}/bastille"
bastille_zfs_options="-o compress=lz4 -o atime=off" ## default: "-o compress=lz4 -o atime=off"
Example
.. code-block:: shell
ishmael ~ # sysrc -f /usr/local/etc/bastille/bastille.conf bastille_zfs_enable=YES
ishmael ~ # sysrc -f /usr/local/etc/bastille/bastille.conf bastille_zfs_zpool=ZPOOL_NAME
Replace ``ZPOOL_NAME`` with the zpool you want Bastille to use. Tip: ``zpool
list`` and ``zpool status`` will help.
If you get 'no pools available' you are likely not using ZFS and can safely
ignore these settings.
By default, bastille will use ``ZPOOL_NAME/bastille`` as its working zfs
dataset. If you want it to use a specific dataset
on your pool, set ``bastille_zfs_prefix`` to the dataset you want bastille to
use. DO NOT include the pool name.
Example
.. code-block:: shell
ishmael ~ # sysrc -f /usr/local/etc/bastille/bastille.conf bastille_zfs_prefix=apps/bastille
The above example will set ``ZPOOL_NAME/apps/bastille`` as the working zfs
dataset for bastille.
Bastille will mount the datasets it creates at ``bastille_prefix`` which
defaults to ``/usr/local/bastille``
If this is not desirable, you can change it at the top of the config file.
Altroot
-------
If a ZFS pool has been imported using ``-R`` (altroot), your system will automatically add whatever the ``altroot`` is to
any ``zfs mount`` commands. Bastille supports using an ``altroot``, and there should be no issues using this feature.
One thing to note though, is that you MUST NOT include your ``altroot`` path in the ``bastille_prefix``. For example, if
you imported your pool with ``zpool import -R /mnt poolname``, and you wish for your jails to live at ``/mnt/poolname/bastille``
then ``bastille_prefix`` should be set to ``/poolname/bastille`` without the ``/mnt`` part.
If you do accidentally add the ``/mnt`` part, your datasets will be mounted at ``/mnt/mnt/poolname/bastille`` and Bastille will
throw all kinds of errors due to not finding the proper paths.
Jailing a Dataset
-----------------
It is possible to "jail" a dataset. This means mounting a datset into a jail, and being
able to fully manage it from within the jail.
To add a dataset to a jail, we can run ``bastille zfs TARGET jail pool/dataset /path/inside/jail``.
This will mount ``pool/dataset`` into the jail at ``/path/inside/jail`` when the jail is started, and
unmount and unjail it when the jail is stopped.
You can manually change the path where the dataset will be mounted by ``bastille edit TARGET zfs.conf`` and
adjusting the path after you have added it, bearing in mind the warning below.
WARNING: Adding or removing datasets to the ``zfs.conf`` file can result in permission errors with your jail. It is
important that the jail is first stopped before attempting to manually configure this file. The format inside
the file is simple.
.. code-block:: shell
pool/dataset /path/in/jail
pool/other/dataset /other/path/in/jail
To remove a dataset from being jailed, we can run ``bastille zfs TARGET unjail pool/dataset``.
Template Approach
^^^^^^^^^^^^^^^^^
While it is possible to "jail" a dataset using a template, it is a bit more "hacky" than the above apporach.
Below is a template that you can use that will add the necessary bits to the ``jail.conf`` file to "jail" a
dataset.
.. code-block:: shell
ARG JAIL_NAME
ARG DATASET
ARG MOUNT
CONFIG set allow.mount
CONFIG set allow.mount.devfs
CONFIG set allow.mount.zfs
CONFIG set enforce_statfs 1
CONFIG set "exec.created += '/sbin/zfs jail ${JAIL_NAME} ${DATASET}'"
CONFIG set "exec.start += '/sbin/zfs set mountpoint=${MOUNT} ${DATASET}'"
RESTART
CONFIG set "exec.prestop += 'jexec -l -U root ${JAIL_NAME} /sbin/zfs umount ${DATASET}'"
CONFIG set "exec.prestop += '/sbin/zfs unjail ${JAIL_NAME} ${DATASET}'"
RESTART
This template can be applied using ``bastille template TARGET project/template --arg DATASET=zpool/dataset --arg MOUNT=/path/inside/jail``.
We do not need the ``JAIL_NAME`` arg, as it will be auto-filled from the supplied ``TARGET`` name.
Reference in New Issue View Git Blame Copy Permalink