ZFS and FreeBSD Jails

ZFS and FreeBSD Jailsapeiron (old Greek word for ∞)[email protected] 2012

Saturday, August 11, 12

mailto:[email protected]

mailto:[email protected]

A stroll dive down the rabbit holeThis won't hurt a bit(that may or may not be a facsimile of me when working)


http://www.flickr.com/photos/stars6/4381851322/in/photostream/

Some FreeBSD mythbusting

Fully functional Unix

Server, desktop, router, firewall, etc.

>23000 third-party applications in the ports tree

Probably not the best desktop; well-suited to a server

Has most of the cool features from Solaris; will be talking about one and a half of them today


One and a half?

This talk discusses ZFS and FreeBSD jails

ZFS, of course, comes from Solaris

This talk also covers FreeBSD jails

When creating zones, the Solaris devs used jails as an inspiration


ZFSThe Zettabyte File System


http://www.flickr.com/photos/ess-jay/2438565511/

What the heck is a Zettabyte, anyway?

2^70 bytes

ZFS is meant to scale far beyond the current and projected possible future limitations of hardware

The theoretical maximum filesystem size is 256 quadrillion zettabytes

That's 256,000,000,000,000,000 zettabytes

That's 256,000,000,000,000,000 * 2^70 bytes


Feature summaryResource forks

POSIX attributes and ACLs

Compression

Encryption

Deduplication

Built-in volume manager

Built-in software RAID

Snapshots

COW data model (cheap snapshots (very important for us))

Caching

Too much for one slide


Things we'll talk about today

Volume manager

Snapshots

COW data model


Volume manager

The ZFS volume manager provides native striping

Makes it easy to add heterogenous disks to a pool

No more worrying about getting geometries exactly the same

Creates a nice abstraction from the physical layer


Snapshots

They're exactly what they say on the tin

Take a snapshot of the filesystem and it's there when you want it

You can do all kinds of cool things with them, like send them over the network and clone them


COW Data ModelThe COW model is really where ZFS shines for containers

COW (copy on write): if two copies of a snapshot have the same data, only one copy exists on disk until a clone writes to a file; then, a copy is made for the delta

This makes snapshots, clones, and thus jails quick and cheap to create

Absolutely critical to the container use case


Let's be JailbirdsYou may pay me $50 to get out


Some FreeBSD background

FreeBSD boots via /sbin/init like any other Unix

/sbin/init runs /etc/rc, which sources /etc/rc.conf

/etc/rc.conf controls which services start at boot, and also configures things like IP addresses, default route, and jails


Jails: Not just chroot(2)Everything lives under a directory mounted on the FS

You can access the jail via chroot, but you don't get all the wins with this technique

Every jail has at least one IPv4/IPv6 address

Lightweight

Lots of management tools

Advanced technique: run Linux in a jail


Some jail toolsjexec

jls

jailadmin

jailctl

jailer

jailme

jailrc

jailuser

jailutils

jkill

jps

... and so on


How jails work

Install enough of FreeBSD to boot (/sbin/init calls /etc/rc, which boots the system)

Generally do this by building + installing source tree

Then configure the jail and start it

We'll be using the more flexible jailrc from the ports tree, rather than the default script


Still not as cool as ZonesBut pretty close


http://www.flickr.com/photos/paldorslate/1761863421/

What does this get us?It turns out that it gets us lots of cool stuff


http://www.flickr.com/photos/daikrieg/1294053038/

Basic workflow summaryCreate a zpool

Create a filesystem

Install base jail to filesystem

Snapshot

Create desired environment

Snapshot

Clone desired environment or base as desired

???

Profit!


Some workflows this supports

Per-developer dev environments

Dev/staging/QA/etc./prod

Dev/prod

Prod


Show Example jailrc Config


Per-developer container

Create base jail

Create snapshot

Clone as necessary per developer

hack hack hack...

Push changes up to git repo / etc.


Dev/staging/QA/etc./prod

Create base jail

Snapshot

Clone for dev

zfs send | zfs recv for staging/qa/etc./prod

If something passes a stage, promote it to the next-closest to prod


Dev/prod

Like dev/etc./prod but more cowboyish

With ZFS it's still better than other filesystems

Snapshots mean it's easy to fix mistakes when they make it into prod (no workflow prevents mistakes getting to prod)

Just clone from a working snapshot and go


Prod

Even more cowbowish than dev/prod

This is the sort of thing where developers work directly on production

Unwise, but ZFS makes it less suck

Snapshots save the day


Live (prepared) demo!


Bibliography

FreeBSD Handbook

ZFS Administration Guide

jailrc manpage


Questions?


ZFS and FreeBSD Jails

Technology

Transcript of ZFS and FreeBSD Jails