have read-only root when booting diskless clients with nfs-root and overlayfs
501 views
Skip to first unread message
Alexey Demidchuk
Aug 26, 2015, 11:07:20 AM8/26/15
to kiwi
My config.default contains this:
Image based on SLES12-JeOS but modified to use 13.2 repos
for PXE part config.xml contains the following:
I'm not sure that union part correct or need at all.
In result i have system with read only root file system
mount shows :
I have created /read-only and /read-wirte dirs manualy in base dir of JeOS but after booting they are empty
NFSROOT="192.168.11.XXX;/srv/opensuse"
UNIONFS_CONFIG=tmpfs,nfs,overlayImage based on SLES12-JeOS but modified to use 13.2 repos
for PXE part config.xml contains the following:
<type image="pxe" filesystem="overlayfs" boot="netboot/suse-13.2">
<pxedeploy server="192.168.11.XXX" blocksize="4096">
<union ro="/read-only" rw="tmpfs" type="overlayfs"/>
</pxedeploy>
</type>I'm not sure that union part correct or need at all.
In result i have system with read only root file system
mount shows :
overlayfs on / type overlayfs (ro,realtime,lowerdir=/read-only,upperdir=/read-wirteI have created /read-only and /read-wirte dirs manualy in base dir of JeOS but after booting they are empty
Marcus Schäfer
Aug 27, 2015, 7:39:16 AM8/27/15
to kiwi-...@googlegroups.com
Hi,
> My config.default contains this:
> NFSROOT="192.168.11.XXX;/srv/opensuse"
> UNIONFS_CONFIG=tmpfs,nfs,overlay
So the goal is to have /srv/opensuse from NFS overlayed with a tmpfs
using overlayfs. All write operations happens in a tmpfs, correct ?
> I'm not sure that union part correct or need at all.
It's needed if you don't want to write over the network, meaning
the NFS mount could be exported read-only
> In result i have system with read only root file system
> mount shows :
> overlayfs on / type overlayfs
> (ro,realtime,lowerdir=/read-only,upperdir=/read-wirte
> I have created /read-only and /read-wirte dirs manualy in base dir of
> JeOS but after booting they are empty
There is no need to create them, if kiwi needs them it creates them
if they are not present.
I'm not sure about the problem description, actually you should see
/read-write to be filled with data any time something is written.
The written data is not persistent because you configured the
read-write part to be a tmpfs
Maybe I misunderstood your concerns
Regards,
Marcus
--
Public Key available via: https://keybase.io
keybase search marcus_schaefer
-------------------------------------------------------
Marcus Schäfer (Res. & Dev.) SUSE Linux GmbH
Tel: 0911-740 53 0 Maxfeldstrasse 5
FAX: 0911-740 53 479 D-90409 Nürnberg
HRB: 21284 (AG Nürnberg) Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton
http://www.suse.de
-------------------------------------------------------
> My config.default contains this:
> NFSROOT="192.168.11.XXX;/srv/opensuse"
> UNIONFS_CONFIG=tmpfs,nfs,overlay
using overlayfs. All write operations happens in a tmpfs, correct ?
> I'm not sure that union part correct or need at all.
the NFS mount could be exported read-only
> In result i have system with read only root file system
> mount shows :
> overlayfs on / type overlayfs
> (ro,realtime,lowerdir=/read-only,upperdir=/read-wirte
> I have created /read-only and /read-wirte dirs manualy in base dir of
> JeOS but after booting they are empty
if they are not present.
I'm not sure about the problem description, actually you should see
/read-write to be filled with data any time something is written.
The written data is not persistent because you configured the
read-write part to be a tmpfs
Maybe I misunderstood your concerns
Regards,
Marcus
--
Public Key available via: https://keybase.io
keybase search marcus_schaefer
-------------------------------------------------------
Marcus Schäfer (Res. & Dev.) SUSE Linux GmbH
Tel: 0911-740 53 0 Maxfeldstrasse 5
FAX: 0911-740 53 479 D-90409 Nürnberg
HRB: 21284 (AG Nürnberg) Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton
http://www.suse.de
-------------------------------------------------------
Alexey Demidchuk
Aug 28, 2015, 2:11:36 PM8/28/15
to kiwi
It's needed if you don't want to write over the network, meaning
the NFS mount could be exported read-only
Ok, in my case writing goes to tmpfs in RAM so there is no need
<union ro="/read-only" rw="tmpfs" type="overlayfs"/> at all
But I found some strange behavior for kernel-default when it is installed in image from 13.2-Oss repository version 3.16.6-2.1 it mounts overlay perfectly, but when sets Kernel-stable with kernel-default-4.1.6-2.1 mounting overlay fails
So I have another question: can I set repository for specific package?
Marcus Schäfer
Aug 31, 2015, 4:45:06 AM8/31/15
to kiwi-...@googlegroups.com
Hi,
> It's needed if you don't want to write over the network, meaning
> the NFS mount could be exported read-only
>
> Ok, in my case writing goes to tmpfs in RAM so there is no need <union
> ro="/read-only" rw="tmpfs" type="overlayfs"/> at all
Well it's needed to get both parts together that's what overlayfs is
good for. There is /read-only which is an NFS mount and there is /read-write
which is a tmpfs mount. In order to use that as _one_ root filesystem
you need to have another filesystem which combines them
> But I found some strange behavior for kernel-default when it is
> installed in image from 13.2-Oss repository version 3.16.6-2.1 it
> mounts overlay perfectly, but when sets Kernel-stable with
> kernel-default-4.1.6-2.1 mounting overlay fails
Well 4.1 should not take stable in its name :) fuse mounts are also
broken with this kernel and I guess there are more things which are
simply not working with this kernel. If the problem is not caused
by a changed semantic in mounting overlayfs you can report this to
the kernel people
Recently I fixed the following:
commit 87e53edf4cb97e0453d83ac7269bd111dcd1ab37
Author: Marcus Schäfer <m...@suse.de>
Date: Sun Dec 7 14:27:44 2014 +0100
Follow up fix for overlayfs changes in kernel 3.18
overlayfs complains: upperdir and workdir must be in separate
subtrees. Thus we create workdir and upperdir in different
subdirs below read-write
I hope you are using a kiwi version >= v7.02.12, if not you are
suffering from that problem
> So I have another question: can I set repository for specific package?
no, the package manager no matter if it's yum, zypper or some other
takes all repos into account and calculates a resolution.
You can specify a full qualified name when using zypper as package manager
e.g
<package name="vim-7.4.461.hg.6253-1.5"/>
But I don't recommend doing that. It's better to control the repos
and setup your own private repo set instead of fiddling with names
> It's needed if you don't want to write over the network, meaning
> the NFS mount could be exported read-only
>
> Ok, in my case writing goes to tmpfs in RAM so there is no need <union
> ro="/read-only" rw="tmpfs" type="overlayfs"/> at all
good for. There is /read-only which is an NFS mount and there is /read-write
which is a tmpfs mount. In order to use that as _one_ root filesystem
you need to have another filesystem which combines them
> But I found some strange behavior for kernel-default when it is
> installed in image from 13.2-Oss repository version 3.16.6-2.1 it
> mounts overlay perfectly, but when sets Kernel-stable with
> kernel-default-4.1.6-2.1 mounting overlay fails
broken with this kernel and I guess there are more things which are
simply not working with this kernel. If the problem is not caused
by a changed semantic in mounting overlayfs you can report this to
the kernel people
Recently I fixed the following:
commit 87e53edf4cb97e0453d83ac7269bd111dcd1ab37
Author: Marcus Schäfer <m...@suse.de>
Date: Sun Dec 7 14:27:44 2014 +0100
Follow up fix for overlayfs changes in kernel 3.18
overlayfs complains: upperdir and workdir must be in separate
subtrees. Thus we create workdir and upperdir in different
subdirs below read-write
I hope you are using a kiwi version >= v7.02.12, if not you are
suffering from that problem
> So I have another question: can I set repository for specific package?
takes all repos into account and calculates a resolution.
You can specify a full qualified name when using zypper as package manager
e.g
<package name="vim-7.4.461.hg.6253-1.5"/>
But I don't recommend doing that. It's better to control the repos
and setup your own private repo set instead of fiddling with names
Reply all
Reply to author
Forward
0 new messages