1. ZFS and FreeBSD Jails
apeiron (old Greek word for ∞)
apeiron@cpan.org
fosscon 2012
Saturday, August 11, 12
2. A stroll dive down the rabbit hole
This won't hurt a bit
(that may or may not be a facsimile of me when working)
Saturday, August 11, 12
http://www.flickr.com/photos/stars6/4381851322/in/photostream/
3. Some FreeBSD mythbusting
Fully functional Unix
Server, desktop, router, firewall, etc.
>23000 third-party applications in the ports tree
Probably not the best desktop; well-suited to a server
Has most of the cool features from Solaris; will be
talking about one and a half of them today
Saturday, August 11, 12
4. One and a half?
This talk discusses ZFS and FreeBSD jails
ZFS, of course, comes from Solaris
This talk also covers FreeBSD jails
When creating zones, the Solaris devs used jails as an
inspiration
Saturday, August 11, 12
5. ZFS
The Zettabyte File System
Saturday, August 11, 12
http://www.flickr.com/photos/ess-jay/2438565511/
6. What the heck is a Zettabyte, anyway?
2^70 bytes
ZFS is meant to scale far beyond the current and
projected possible future limitations of hardware
The theoretical maximum filesystem size is 256
quadrillion zettabytes
That's 256,000,000,000,000,000 zettabytes
That's 256,000,000,000,000,000 * 2^70 bytes
Saturday, August 11, 12
7. Feature summary
Resource forks Built-in software RAID
POSIX attributes and Snapshots
ACLs
COW data model (cheap
Compression snapshots (very
important for us))
Encryption
Caching
Deduplication
Too much for one slide
Built-in volume manager
Saturday, August 11, 12
8. Things we'll talk about today
Volume manager
Snapshots
COW data model
Saturday, August 11, 12
9. Volume manager
The ZFS volume manager provides native striping
Makes it easy to add heterogenous disks to a pool
No more worrying about getting geometries exactly the
same
Creates a nice abstraction from the physical layer
Saturday, August 11, 12
10. Snapshots
They're exactly what they say on the tin
Take a snapshot of the filesystem and it's there when
you want it
You can do all kinds of cool things with them, like send
them over the network and clone them
Saturday, August 11, 12
11. COW Data Model
The COW model is really where ZFS shines for
containers
COW (copy on write): if two copies of a snapshot have
the same data, only one copy exists on disk until a
clone writes to a file; then, a copy is made for the delta
This makes snapshots, clones, and thus jails quick and
cheap to create
Absolutely critical to the container use case
Saturday, August 11, 12
12. Let's be Jailbirds
You may pay me $50 to get out
Saturday, August 11, 12
13. Some FreeBSD background
FreeBSD boots via /sbin/init like any other Unix
/sbin/init runs /etc/rc, which sources /etc/rc.conf
/etc/rc.conf controls which services start at boot, and
also configures things like IP addresses, default route,
and jails
Saturday, August 11, 12
14. Jails: Not just chroot(2)
Everything lives under a directory mounted on the FS
You can access the jail via chroot, but you don't get all
the wins with this technique
Every jail has at least one IPv4/IPv6 address
Lightweight
Lots of management tools
Advanced technique: run Linux in a jail
Saturday, August 11, 12
15. Some jail tools
jexec jailrc
jls jailuser
jailadmin jailutils
jailctl jkill
jailer jps
jailme ... and so on
Saturday, August 11, 12
16. How jails work
Install enough of FreeBSD to boot (/sbin/init calls /etc/
rc, which boots the system)
Generally do this by building + installing source tree
Then configure the jail and start it
We'll be using the more flexible jailrc from the ports
tree, rather than the default script
Saturday, August 11, 12
17. Still not as cool as Zones
But pretty close
Saturday, August 11, 12
http://www.flickr.com/photos/paldorslate/1761863421/
18. What does this get us?
It turns out that it gets us lots of cool stuff
Saturday, August 11, 12
http://www.flickr.com/photos/daikrieg/1294053038/
19. Basic workflow summary
Create a zpool Snapshot
Create a filesystem Clone desired
environment or base as
Install base jail to
desired
filesystem
???
Snapshot
Profit!
Create desired
environment
Saturday, August 11, 12
20. Some workflows this supports
Per-developer dev environments
Dev/staging/QA/etc./prod
Dev/prod
Prod
Saturday, August 11, 12
22. Per-developer container
Create base jail
Create snapshot
Clone as necessary per developer
hack hack hack...
Push changes up to git repo / etc.
Saturday, August 11, 12
23. Dev/staging/QA/etc./prod
Create base jail
Snapshot
Clone for dev
zfs send | zfs recv for staging/qa/etc./prod
If something passes a stage, promote it to the next-
closest to prod
Saturday, August 11, 12
24. Dev/prod
Like dev/etc./prod but more cowboyish
With ZFS it's still better than other filesystems
Snapshots mean it's easy to fix mistakes when they
make it into prod (no workflow prevents mistakes
getting to prod)
Just clone from a working snapshot and go
Saturday, August 11, 12
25. Prod
Even more cowbowish than dev/prod
This is the sort of thing where developers work directly
on production
Unwise, but ZFS makes it less suck
Snapshots save the day
Saturday, August 11, 12