Shared Folders in OpenVZ 7.0
The new OpenVZ 7.0 is a hybrid of the good old OpenVZ and commercial Virtuozzo. I would like to think that he took the best from both parents, but it is not. In this case, the Shared Folders functionality was under the knife.
')
Earlier in OpenVZ, this problem was solved by .mount-files (more details here ). But now the containers are called something like “600adc12-0e39-41b3-bf05-c59b7d26dd73” and creating the file 600adc12-0e39-41b3-bf05-c59b7d26dd73.mount does not solve the problem, it is simply ignored at startup. Of course, the presence of the folder / vz / private / 600adc12-0e39-41b3-bf05-c59b7d26dd73 / scripts hints that some scripts can be run, but it was not possible to find documentation about this.
UPDATE
Thank you romchi found a working method. But it acts on ALL containers at once. For individual mounts, you will have to insert additional if then blocks.
You can use the official script Bind_mounts using this method .
As a result, you can return everything as it was
/ UPDATE
In Virtuozzo Shared Folders were implemented via prlctl set, but this functionality was not ported to OpenVZ. Do not believe - check under the spoiler.
What to do?
The first three methods are described in the official documentation and there is a lot of information on the Internet. But about the fourth method and tell this article.
In short, we will run a script on the physical server from the container via ssh, doing bind mount.
And now more.
For example, let's take a physical server with ip 192.168.0.11 and a container 192.168.0.22 UUID 600adc12-0e39-41b3-bf05-c59b7d26dd73 with samba server and systemd installed
Everything. Now you can reload the container and enjoy mounting the / data folder.
')
Earlier in OpenVZ, this problem was solved by .mount-files (more details here ). But now the containers are called something like “600adc12-0e39-41b3-bf05-c59b7d26dd73” and creating the file 600adc12-0e39-41b3-bf05-c59b7d26dd73.mount does not solve the problem, it is simply ignored at startup. Of course, the presence of the folder / vz / private / 600adc12-0e39-41b3-bf05-c59b7d26dd73 / scripts hints that some scripts can be run, but it was not possible to find documentation about this.
UPDATE
Thank you romchi found a working method. But it acts on ALL containers at once. For individual mounts, you will have to insert additional if then blocks.
romchi method
echo '#!/bin/bash . ${VE_CONFFILE} mount -n -o bind /opt/ /vservers/root/${VEID}/opt ' > /etc/vz/conf/vps.mount chmod +x /etc/vz/conf/vps.mount You can use the official script Bind_mounts using this method .
romchi method + official Bind_mounts
echo '#!/bin/bash . /etc/vz/vz.conf . ${VE_CONFFILE} SRC=/mnt/disk DST=/mnt/disk if [ ! -e ${VE_ROOT}${DST} ]; then mkdir -p ${VE_ROOT}${DST}; fi mount -n -t simfs ${SRC} ${VE_ROOT}${DST} -o ${SRC} ' > /etc/vz/conf/vps.mount chmod +x /etc/vz/conf/vps.mount As a result, you can return everything as it was
return .mount files
cat <<'EOF' > /etc/vz/conf/vps.mount #!/bin/bash . ${VE_CONFFILE} VE_MOUNT=$(echo ${VE_CONFFILE} | sed 's/\.conf$/.mount/') [ -x ${VE_MOUNT} ] && . ${VE_MOUNT} exit 0 EOF chmod +x /etc/vz/conf/vps.mount / UPDATE
In Virtuozzo Shared Folders were implemented via prlctl set, but this functionality was not ported to OpenVZ. Do not believe - check under the spoiler.
Hidden text
You can verify this by typing:
None of these commands work.
prlctl set Tname --shared prlctl set Tname --shared-profile prlctl set Tname --sharedfolder-add prlctl set Tname --shf-host-add None of these commands work.
What to do?
- Raise the NFS server on the physical server and the NFS client inside the container. As I understand it, this is the officially recommended option. But NFS will give additional delays and additional load on the system.
- Using prlctl --device-add, connect the disk device directly to the container. Unfortunately, only one and at the same time it will have to be disconnected from the physical server, so you will not connect one folder either.
- Using prlctl --device-add, connect a disk device (reformatting it to some kind of cluster file system, for example, GFS or OCFS2) directly to the container. You can connect to multiple containers and a physical server. But the folder can not be connected either.
- Return the old (not loading system) Bind mounts functionality manually.
The first three methods are described in the official documentation and there is a lot of information on the Internet. But about the fourth method and tell this article.
In short, we will run a script on the physical server from the container via ssh, doing bind mount.
And now more.
For example, let's take a physical server with ip 192.168.0.11 and a container 192.168.0.22 UUID 600adc12-0e39-41b3-bf05-c59b7d26dd73 with samba server and systemd installed
- Let's get on the physical server of the user of mount for ssh of connection
HN# useradd mount - Generate rsa keys for the root user in a container
CT# ssh-keygen –t rsa - Copy the contents of the file /root/.ssh/id_rsa.pub in a container in /home/mount/.ssh/authorized_keys on a physical server. You should get something like:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXPMfZ+9Og1uY+Eq2QE85AxO+0DM0wfejNuIEZfRUi9FZj8/3BLM9u1GrmOKSMRTGIXA3yfyfep+hAm0/phuaqqG8wU2YAai/8aF4PXokeYVPzQqsbK8fK1wLYWgTO3RCtojfpoHPvdQMt28+GFRj4CTRuktUSx63XswNjzPWlqfUjiEnLZRdwbaB6ZKeepdGUmzgYq7dhMxdl3VvtAWahGnkGnn7eXT49Z9SekvFPUL77BsHwQXgspuSosg31YE09+spyA6khzwJKEqPXHRniv4H5DUzdZiQXx3tkGheGCO6JTDmcSElZyWwC9h+H7ZEEJ4IO3RRnDcsxgkW+ixij root@container - Make sure not to mess up with the rights to the physical server:
HN# ls -al /home/mount/.ssh/ total 12 drwx------ 2 mount users 4096 Sep 10 18:54 . drwx------ 5 mount users 4096 Sep 10 18:04 .. -rw------- 1 mount users 485 Sep 10 18:54 authorized_keys - Let's verify that we can, without a password, connect with the key to the physical server from the container:
CT# ssh mount@192.168.0.11 - Create a mount point in the container:
CT# mkdir /data - Create a /vz/samba.mount script on the physical server. Mount:
HN# cat <<EOF > /vz/samba.mount #!/bin/bash mount -n --bind /data /vz/root/600adc12-0e39-41b3-bf05-c59b7d26dd73/data EOF chmod +x /vz/samba.mount - On the physical server, add it to sudoers for the mount user:
HN# echo "mount ALL=NOPASSWD: /vz/*.mount" > /etc/sudoers.d/mount - On the physical server to disable the ssh script, disable requiretty in sudoers
HN# sed -i 's/^Defaults\s\+requiretty/#Defaults requiretty/' sudoers - Forbid on the physical server the mount user to run anything other than / bin / sudo /vz/samba.mount. Writing in /home/mount/.ssh/authorized_keys text command = "/ bin / sudo /vz/samba.mount",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
HN# echo "command=\"/bin/sudo /vz/samba.mount\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding $(cat /home/mount/.ssh/authorized_keys)" > /home/mount/.ssh/authorized_keys - In the container, create a unit for automounting. Please note that it starts BEFORE running the samba server.
CT# cat <<EOF > /etc/systemd/system/mount.service [Unit] Description=Mount from Hardware node After=network.target Before=smbd.service [Service] Type=oneshot ExecStart=/usr/bin/ssh mount@192.168.0.11 [Install] WantedBy=multi-user.target EOF - Let's enable the automount service created:
CT# systemctl enable mount.service
Everything. Now you can reload the container and enjoy mounting the / data folder.
Source: https://habr.com/ru/post/309758/
All Articles