util-vserver:Vhashify

From Linux-VServer

Revision as of 12:39, 29 October 2011 by Tallungulate (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

All about vunify / vhashify

Some collected wisdom about the vunify/vhashify functionality:

  • "unification" (vunify) is the process of replacing files with hardlinks to identical files in other vservers (or, in the case of vhashify, more precisely to a common base); for security, the files are then supplied with immutable-but-unlinkable flags (a vserver speciality), and recently COW link capability has been added to vserver (2.2+), which means that when such a file is being modified, the hardlink is automatically dissolved and the contents copied (CONFIG_VSERVER_COWBL).
  • vhashify is the successor to vunify; vunify only looks at files at identical relative paths and links them if they are identical; vhashify builds hash values over the contents of all (non-excluded) files and links them into a common base directory, or unifies them with pre-existing links there. So running hashification on multiple vservers will effectively hard link their identical files.
  • You don't call the vhashify tool directly (which lives in lib/util-vserver/), but let the "vserver" multipurpose script do the work:
vserver <vserver-name> hashify
  • The guest needs to be running for the above because vhashify may try to figure out what files not to hashify by calling the package manager of the guest via vserver exec; the reason for this is that it tries not to unify config files because they couldn't be written to afterwards unless COW links are supported (which is a recent addition), which may be a hassle (unlike with program/library files which are not overwritten but replaced on upgrades). The details of how the list of config files is retrieved can be found in scripts/vpkg (lib/util-vserver/vpkg after installation), which is called by the vhashify program (through MatchList_initManually). Currently this means redhat|mandrake and debian are supported. It is looking at /etc/vservers/<vserver-name>/apps/init/style for finding out which distribution a guest is running (can this be a problem?) -> open questions to be looked at.
  • To prevent vhashify from getting a list of config files from the packagemgt system, see the pkgmgmt-ignore and pkgmgmt-force options in /etc/vservers/.defaults/apps/vunify or per-vserver configuration directory. If you disable this, you might want to set a manual exclude list, when the default /usr/lib/util-vserver/defaults/vunify-exclude is not sufficient.
  • See /etc/vservers/<vserver-name>/apps/vunify/exclude on the flower page for a meaning of the exclude file.


Backups

Be careful to restore the link flags when making or restoring from backups, or vservers won't be safely parted anymore. Do either of the following:

  • use tools which backup and restore the link flags ("dump" and "restore" might work, the writer of these lines has not tested them)
  • back up the directory containing the hashes, too (/vservers/.hash when following the suggested configuration directives); for restoring from the backup, also restore the .hash directory, then run setattr over all files contained therein; this should work (not yet tested!):
find /vservers/.hash -type f -print0|xargs -0 setattr --iunlink --
  • (back up and) restore each vserver individually, so no hardlinks to other vservers are created. Then run hashify. (Be aware that you need more space until hashify has run, so restoring from a backup onto a partition of equal size might not work.)

Cleanup

Remove non referenced files

find /vservers/.hash -type f -links 1 -exec rm -v '{}' ';'

Mini FAQ

1Q: <serek> so after cloning, i need to dist-upgrade each vserver separately but finally they will use the same files, right?

1A: <Bertl> you can upgrade all at once or separately, whenever you run vhashify on them, identical data will be linked together

2Q: <serek> may vhashify two existing hosts as well, right?

2A: <Bertl> yep, anytime

3Q: <fluor-> < Bertl> you can upgrade all at once or separately <- what would the "all at once" method be?

3A: <Bertl> depends on the package management, for most common management mechanisms, there is vapt, vyum, and vrpm

Note that "all at once" doesn't mean "simultaneously", just "with a single command". When you mass upgrade your vservers, their identical files won't be hardlinked together until you run vserver hashify again on each of them. This means you'll need a lot more disk space until you vhashify. And don't forget to remove hashed files that no longer have other hard links.


4Q: What does the syntax -/+/~ refer to in the vunify-exclude file ?

4A:

  • - Means exclude : Default operation (same as no modifier)
  • + Means include : Allow you to include file/folder in a excluded folder
  • ~ Means exclude : however, vcopy also looks at this exclude file and with ~ the file/folder is copied instead of hardlinked.


5Q: I have got the message "Duplicate hash-dir entry 'root' found"

5A:

  • looks like you already had the symlink setup.

ls -l /etc/vservers/.defaults/apps/vunify/hash

[...]

lrwxrwxrwx 1 root root 23 mar 1 00:19 00 -> /var/lib/vservers/.hash

lrwxrwxrwx 1 root root 15 avr 1 00:00 root -> /var/lib/vservers/.hash

  • Remove the link /etc/vservers/.defaults/apps/vunify/hash/root

See also

Personal tools