Solaris 10

Tmpfs and Bind Mounts

Introduction

In my previous articles in this series, I introduced the benefits of journaling and the ReiserFS and showed how to set up a rock-solid ReiserFS system. In this article, we’re going to tackle a couple of semi-offbeat topics. First, we’ll take a look at tmpfs, also known as the virtual memory (VM) filesystem. Tmpfs is probably the best RAM disk-like system available for Linux right now, and was introduced with Linux kernel 2.4. Then, we’ll take a look at another capability introduced with Linux kernel 2.4 called “bind mounts”, which allow a great deal of flexibility when it comes to mounting (and remounting) filesystems.

Introducing Tmpfs

If I had to explain tmpfs in one breath, I’d say that tmpfs is like a ramdisk, but different. Like a ramdisk, tmpfs can use your RAM, but it can also use your swap devices for storage. And while a traditional ramdisk is a block device and requires a mkfs command of some kind before you can actually use it, tmpfs is a filesystem, not a block device; you just mount it, and it’s there. All in all, this makes tmpfs the niftiest RAM-based filesystem I’ve had the opportunity to meet.

Tmpfs and VM

Let’s take a look at some of tmpfs’s more interesting properties. As I mentioned above, tmpfs can use both RAM and swap. This might seem a bit arbitrary at first, but remember that tmpfs is also known as the “virtual memory filesystem”. And, as you probably know, the Linux kernel’s virtual memory resources come from both your RAM and swap devices. The VM subsystem in the kernel allocates these resources to other parts of the system and takes care of managing these resources behind-the-scenes, often transparently moving RAM pages to swap and vice-versa.

The tmpfs filesystem requests pages from the VM subsystem to store files. tmpfs itself doesn’t know whether these pages are on swap or in RAM; it’s the VM subsystem’s job to make those kinds of decisions. All the tmpfs filesystem knows is that it is using some form of virtual memory.

Not a Block Device

Here’s another interesting property of the tmpfs filesystem. Unlike most “normal” filesystems, like ext3, ext2, XFS, JFS, ReiserFS and friends, tmpfs does not exist on top of an underlying block device. Because tmpfs sits on top of VM directly, you can create a tmpfs filesystem with a simple mount command:

# mount tmpfs /mnt/tmpfs -t tmpfs

After executing this command, you’ll have a new tmpfs filesystem mounted at /mnt/tmpfs, ready for use. Note that there’s no need to run mkfs.tmpfs; in fact, it’s impossible, as no such command exists. Immediately after the mount command, the filesystem is mounted and available for use, and is of type tmpfs. This is very different from how Linux ramdisks are used; standard Linux ramdisks are block devices, so they must be formatted with a filesystem of your choice before you can use them. In contrast, tmpfs is a filesystem. So, you can just mount it and go.

Tmpfs Advantages

Dynamic Filesystem Size

You’re probably wondering about how big that tmpfs filesystem was that we mounted at /mnt/tmpfs, above. The answer to that question is a bit unexpected, especially when compared to disk-based filesystems. /mnt/tmpfs will initially have a very small capacity, but as files are copied and created, the tmpfs filesystem driver will allocate more VM and will dynamically increase the filesystem capacity as needed. And, as files are removed from /mnt/tmpfs, the tmpfs filesystem driver will dynamically shrink the size of the filesystem and free VM resources, and by doing so return VM into circulation so that it can be used by other parts of the system as needed. Since VM is a precious resource, you don’t want anything hogging more VM than it actually needs, and the great thing about tmpfs is that this all happens automatically.

Speed

The other major benefit of tmpfs is its blazing speed. Because a typical tmpfs filesystem will reside completely in RAM, reads and writes can be almost instantaneous. Even if some swap is used, performance is still excellent and those parts of the tmpfs filesystem will be moved to RAM as more free VM resources become available. Having the VM subsystem automatically move parts of the tmpfs filesystem to swap can actually be good for performance, since by doing so, the VM subsystem can free up RAM for processes that need it. This, along with its dynamic resizing abilities, allow for much better overall OS performance and flexibility than the alternative of using a traditional RAM disk.

No Persistence

While this may not seem like a positive, tmpfs data is not preserved between reboots, because virtual memory is volatile in nature. I guess you probably figured that tmpfs was called “tmpfs” for a reason, didn’t you? However, this can actually be a good thing. It makes tmpfs an excellent filesystem for holding data that you don’t need to keep, such as temporary files (those found in /tmp) and parts of the /var filesystem tree.

Using Tmpfs

To use tmpfs, all you need is a modern (2.4+) kernel with Virtual memory file system support (former shm fs) enabled; this option lives under the File systems section of the kernel configuration options. Once you have a tmpfs-enabled kernel, you can go ahead and mount tmpfs filesystems. In fact, it’s a good idea to enable tmpfs in all your kernels if you compile them yourself – whether you plan to use tmpfs or not. This is because you need to have kernel tmpfs support in order to use POSIX shared memory. System V shared memory will work without tmpfs in your kernel, however. Note that you do not need a tmpfs filesystem to be mounted for POSIX shared memory to work; you simply need the support in your kernel. POSIX shared memory isn’t used too much right now, but this situation will likely change as time goes on.

Avoiding low VM conditions

The fact that tmpfs dynamically grows and shrinks as needed makes one wonder: what happens when your tmpfs filesystem grows to the point where it exhausts all of your virtual memory, and you have no RAM or swap left? Well, generally, this kind of situation is a bit ugly. With kernel 2.4.4, the kernel would immediately lock up. With more recent kernels, the VM subsystem has in many ways been fixed, and while exhausting VM isn’t exactly a wonderful experience, things don’t blow up completely, either. When a modern kernel gets to the point where it can’t allocate any more VM, you obviously won’t be unable to write any new data to your tmpfs filesystem. In addition, it’s likely that some other things will happen. First, the other processes on the system will be unable to allocate much more memory; generally, this means that the system will most likely become extremely sluggish and almost unresponsive. Thus, it may be tricky or unusually time-consuming for the superuser to take the necessary steps to alleviate this low-VM condition.

In addition, the kernel has a built-in last-ditch system for freeing memory when no more is available; it’ll find a process that’s hogging VM resources and kill it. Unfortunately, this “kill a process” solution generally backfires when tmpfs growth is to blame for VM exhaustion. Here’s the reason. Tmpfs itself can’t (and shouldn’t) be killed, since it is part of the kernel and not a user process, and there’s no easy way for the kernel to find out which process is filling up the tmpfs filesystem. So, the kernel mistakenly attacks the biggest VM-hog of a process it can find, which is generally your X server if you happen to be running one. So, your X server dies, and the root cause of the low-VM condition (tmpfs) isn’t addressed. Ick.

Low VM: the solution

Fortunately, tmpfs allows you to specify a maximum upper bound for the filesystem size when a filesystem is mounted or remounted. Actually, as of kernel 2.4.6 and util-linux-2.11g, these parameters can only be set on mount, not on remount, but we can expect them to be settable on remount sometime in the near future. The optimal maximum tmpfs size setting depends on the resources and usage pattern of your particular Linux box; the idea is to prevent a completely full tmpfs filesystem from exhausting all virtual memory and thus causing the ugly low-VM conditions that we talked about earlier. A good way to find a good tmpfs upper-bound is to use top to monitor your system’s swap usage during peak usage periods. Then, make sure that you specify a tmpfs upper-bound that’s slightly less than the sum of all free swap and free RAM during these peak usage times.

Creating a tmpfs filesystem with a maximum size is easy. To create a new tmpfs filesystem with a maximum filesystem size of 32 MB, type:

# mount tmpfs /dev/shm -t tmpfs -o size=32m

This time, instead of mounting our new tmpfs filesystem at /mnt/tmpfs, we created it at /dev/shm, which is a directory that happens to be the “official” mount point for a tmpfs filesystem. If you happen to be using devfs, you’ll find that this directory has already been created for you.

Also, if we want to limit the filesystem size to 512 KB or 1 GB, we can specify size=512k and size=1g, respectively. In addition to limiting size, we can also limit the number of inodes (filesystem objects) by specifying the nr_inodes=x parameter. When using nr_inodes, x can be a simple integer, and can also be followed with a k, m, or g to specify thousands, millions, or billions (!) of inodes.

Also, if you’d like to add the equivalent of the above mount tmpfs command to your /etc/fstab, it’d look like this:

tmpfs   /dev/shm        tmpfs   size=32m        0       0

Mounting On Top of Existing Mount Points

Back in the 2.2 days, any attempt to mount something to a mount point where something had already been mounted resulted in an error. However, thanks to a rewrite of the kernel mounting code, using mount points multiple times is not a problem. Here’s an example scenario: let’s say that we have an existing filesystem mounted at /tmp. However, we decide that we’d like to start using tmpfs for /tmp storage. In the old days, your only option would be to unmount /tmp and remount your new tmpfs /tmp filesystem in its place, as follows:

#  umount /tmp
#  mount tmpfs /tmp -t tmpfs -o size=64m

However, this solution may not work for you. Maybe there are a number of running processes that have open files in /tmp; if so, when trying to unmount /tmp, you’d get the following error:

umount: /tmp: device is busy

However, with Linux 2.4+, you can mount your new /tmp filesystem without getting the “device is busy” error:

# mount tmpfs /tmp -t tmpfs -o size=64m

With a single command, your new tmpfs /tmp filesystem is mounted at /tmp, on top of the already-mounted partition, which can no longer be directly accessed. However, while you can’t get to the original /tmp, any processes that still have open files on this original filesystem can continue to access them. And, if you umount your tmpfs-based /tmp, your original mounted /tmp filesystem will reappear. In fact, you can mount any number of filesystems to the same mount point, and the mount point will act like a stack; unmount the current filesystem, and the last-most-recently mounted filesystem will reappear from underneath.

Bind Mounts

Using bind mounts, we can mount all, or even part of an already-mounted filesystem to another location, and have the filesystem accessible from both mount points at the same time! For example, you can use bind mounts to mount your existing root filesystem to /home/drobbins/nifty, as follows:

#  mount --bind / /home/drobbins/nifty

Now, if you look inside /home/drobbins/nifty, you’ll see your root filesystem (/home/drobbins/nifty/etc, /home/drobbins/nifty/opt, etc.). And if you modify a file on your root filesystem, you’ll see the modifications in /home/drobbins/nifty as well. This is because they are one and the same filesystem; the kernel is simply mapping the filesystem to two different mount points for us. Note that when you mount a filesystem somewhere else, any filesystems that were mounted to mount points inside the bind-mounted filesystem will not be moved along. In other words, if you have /usr on a separate filesystem, the bind mount we performed above will leave /home/drobbins/nifty/usr empty. You’ll need an additional bind mount command to allow you to browse the contents of /usr at /home/drobbins/nifty/usr:

#  mount --bind /usr /home/drobbins/nifty/usr

Bind mounting parts of filesystems

Bind mounting makes even more neat things possible. Let’s say that you have a tmpfs filesystem mounted at /dev/shm, its traditional location, and you decide that you’d like to start using tmpfs for /tmp, which currently lives on your root filesystem. Rather than mounting a new tmpfs filesystem to /tmp (which is possible), you may decide that you’d like the new /tmp to share the currently mounted /dev/shm filesystem. However, while you could bind mount /dev/shm to /tmp and be done with it, your /dev/shm contains some directories that you don’t want to appear in /tmp. So, what do you do? How about this:

# mkdir /dev/shm/tmp
# chmod 1777 /dev/shm/tmp
# mount --bind /dev/shm/tmp /tmp

In this example, we first create a /dev/shm/tmp directory and then give it 1777 perms, the proper permissions for /tmp. Now that our directory is ready, we can mount /dev/shm/tmp, and only /dev/shm/tmp to /tmp. So, while /tmp/foo would map to /dev/shm/tmp/foo, there’s no way for you to access the /dev/shm/bar file from /tmp.

As you can see, bind mounts are extremely powerful and make it easy to make modifications to your filesystem layout without any fuss. Next article, we’ll check out devfs; for now, you may want to check out the following resources.

Advertisements

Configuring the NFS Server for Sharing Resources

When the mountd and nfsd daemons are running, you can use the share command to make file resources available:

share [ -F nfs ] [ -o options ] [ -d description ] [ pathname ]

where:

share Command Options

Option Description
-F nfs Specifies the file system type. This option is not typically required, because NFS is the default remote file system type.
-o options Controls a client’s access to an NFS shared resource.
-d description Describes the shared file resource.
pathname Specifies the absolute path name of the resource for sharing.

Note: Unless you specify an option to the share command, for example, -F nfs, the system

uses the file system type from the first line of the /etc/dfs/fstypes file

To share a file resource from the command line, you can use the share command. For

example, to share the /usr/local/data directory as a read-only shared resource, perform the command:

#share -o ro /usr/local/data

By default, NFS-mounted resources are available with read and write privileges based on standard Solaris OS file permissions. Access decisions are based ona comparison of the user ID (UID) of the client and the owner.

The share Command

Option Description
ro
Informs clients that the server accepts only read requests.
rw
Allows the server to accept read and write requests from the client
root=client
Informs clients that the root user on the specified client system or systems can perform superuser-privileged requests on the shared resource
ro=access-list
Allows read requests from the specified access list
rw=access-list
 
Allows read and write requests from the specified access list, as shown in the table

Access List Options

Option Description
access-list=client:client
Allows access based on a colon-separated list of one
access-list=@network
Allows access based on a network number (for example, @192.168.100) or a network name (for example, @mydomain.com). The network name must be defined in the /etc/networks file.
access-list=.domain
Allows access based on a Domain Name System (DNS) domain; the dot (.) identifies the value as a DNS domain.
access-list=netgroup_name
Allows access based on a configured net group (Network Information Service [NIS] or Network Information Service Plus [NIS+] only).
anon=n
 
Sets n to be the effective user ID (EUID) of anonymous users. By default, anonymous users are given the EUID 60001 (UID_NOBODY). If n is set to -1, access is denied.

You can combine these options by separating each option with commas, which forms

intricate accessrestrictions. The following examples show some of the more commonly used options:

# share -F nfs -o ro directory
This command restricts access to NFS-mounted resources to read-only access.
# share -F nfs -o ro,rw=client1 directory
This command restricts access to NFS-mounted resources to read-only access;
however, the NFS server accepts both read and write requests from the client
named client1.
# share -F nfs -o root=client2 directory
This command allows the root user on the client named client2 to have
superuser access to the NFS-mounted resources.
# share -F nfs -o ro,anon=0 directory
By setting the option anon=0, the EUID for access to shared resources
by an anonymous user is set to 0.The access is also set to read-only.
While setting the EUID to 0, the same UID as the root user,
might seem to open up security access, the UID of 0 is converted to
the user identity of nobody.This has the effect that an anonymous user
from a client host,where the UID of that user is not known
on the server host, is treated as the user called nobody by
the server (UID=60001).

# share -F nfs \
-o ro=client1:client2,rw=client3:client4,root=client4 directory
This command shares the directory to the four named hosts only. The hosts,
client1 and client2,have read-only access. The hosts client3 and client4 have
read-write access. The root user from host client4 has root privilege access
to the shared directory and its contents.
The share command writes information for all shared file resources to the
/etc/dfs/sharetab file. The file contains a table of the local shared resources.

Note: If no argument is specified, the share command displays a list of
all the currently shared file resources.

# share
-              /usr/local/data   ro   "Shared data files"
-              /rdbms_files   rw,root=sys01   "Database files"

Making File Resources Unavailable for Mounting

Use the unshare command to make file resources unavailable for mount operations. This command reads the /etc/dfs/sharetab file.
unshare [ -F nfs ] pathname
Where:

unshare Command
Option Description
-F nfs
Specifies NFS as the file system type. Because NFS is the default remote file system type, you do not have to specify this option.
pathname
Specifies the path name of the file resource to unshare.

For example, to make the /export/sys44_data directory unavailable for

client-side mount operations,perform the command:# unshare /usr/local/data

Sharing and Unsharing All NFS Resources

Use the shareall and unshareall commands to share and unshare all NFS resources.

The shareall command, when used without arguments, shares all resources listed

in the /etc/dfs/dfstab file.

shareall [ -F nfs ]

The unshareall command, when used without arguments, unshares currently 

shared file resources listed in the /etc/dfs/sharetab file.
unshareall [ -F nfs ] 





 





 

 

Solaris 10 9/10 on 08Sep10 it’s Available

Solaris 10 9/10

After nearly a year since the last release of Solaris 10 (10/09), the latest release – Solaris 10 9/10 (aka update 9) is now available for download and it includes quite a lot of new features and of course the new Oracle branding. At this time it hasn’t actually been announced, but I suspect it will be in this webcast later today.

I’m not going to list all of the new features, you can read the What’s New guide for yourself, but some of the new features are worth noting:

  • Oracle Solaris Auto Registration: whilst not a feature, it’s worth pointing out as it WILL affect all those that use jumpstart to install their systems. This new functionality is part of the installation process and requires the use the new auto_reg sysidcfg tag to prevent installations going interactive.
  • Physical-to-virtual (P2V) to zones: yes folks, you can now use a flash archive from a physical machine to install a NGZ.
  • Faster and smaller crash dumps: crash dumps are now saved quicker and are compressed by default so in the event your machine panics, it’ll be up and running quicker and it’ll be considerably easier to send your crash dump (vmdump.# – a compressed archive containing vmcore.# and unix.#) to Oracle for analysis.
  • Sendmail has been updated to 8.14.4, the client is now a separate new SMF service (svc:/network/sendmail-client:default) and the configuration can now automatically be regenerated, though this isn’t the default behaviour. Watch out for this one if you insist on customising your Sendmail configuration by modifying the sendmail.cf or submit.cf files directly. You should be modifying the .mc files and this change will enforce this.
  • BIND 9.6.1
  • ZFS has seen a lot of enhancements (now equiv to snv_132) and can now autoexpand (new pool property) when an underlying LUN is expanded, RAIDZ3 has been implemented, snapshots functionality has been improved, and a new logbias property has been introduced to improve performance with Oracle databases.

As I said above, this is only a snippet of the new features. Be sure to check out the What’s New guide for the full details and links to further details on the above and other features.

Go grab Solaris 10 9/10 now and take note of the new license agreement – you need to accept this in order to download.