Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Root and volume overlay filesystem #99

Closed
wants to merge 5 commits into from
Closed

Root and volume overlay filesystem #99

wants to merge 5 commits into from

Conversation

mfranciszkiewicz
Copy link
Contributor

@mfranciszkiewicz mfranciszkiewicz commented Jul 31, 2021
edited
Loading

  • VM root fs is now an overlay over the VM image contents and a directory on provider's disk
    Changes to the root filesystem are stored on disk and are no longer limited by tmpfs size (RAM fs).

  • VM root fs can be stored in RAM instead (with the current limit of 128 MB)
    Configured via embedded VM image metadata, set via gvmkit while building the image

  • /tmp within the root filesystem can be a separate RAM fs (with the current limit of 128 MB)
    Configured via VM image metadata as a 3rd variant of fs persistence.

  • volumes are now an overlay over the the volume directory inside the VM image and a directory on provider's fs
    Volume directory contents are no longer "hidden" during execution.

This change is Reviewable

@mfranciszkiewicz
Root and volume overlay filesystem
3a4fbbd 
Root filesystem is no longer stored in RAM and limited to 128 MB (by default; can be configured via image metadata <- gvmkit-build ).
Volumes now preserve their original contents copied into the VM image.
@mfranciszkiewicz
ExeUnit transfer service compatibility
c65cfc0
This was linked to issues Aug 1, 2021
Make contents of VOLUMEs available inside (currently) mounted directories #96
Open
Mount the VM filesystem overlay on local filesystem #97
Open
@mfranciszkiewicz mfranciszkiewicz marked this pull request as ready for review August 1, 2021 14:04
This was unlinked from issues Aug 22, 2021
Make contents of VOLUMEs available inside (currently) mounted directories #96
Open
Mount the VM filesystem overlay on local filesystem #97
Open
@mfranciszkiewicz
Copy link
Contributor Author

mfranciszkiewicz commented Aug 22, 2021
edited
Loading

I'm closing this PR due to an UX issue.

Files created inside the volume inherit attributes from the guest machine (uid = 0, gid = 0), which require users to sudo remove the written data and renders the automatic cleaner obsolete. On the other hand, running applications with host user's UID within the guest OS would create additional access issues to the mounted image filesystem, which in turn drifts further away from the default Docker container environment. Another workaround is to set fmode and dmode 9p mount options, but the solution should be compatible with the Windows platform (not tested).

Context:

A wide range of filesystems supported by Linux can be the lower filesystem, but not all filesystems that are mountable by Linux have the features needed for OverlayFS to work. The lower filesystem does not need to be writable. The lower filesystem can even be another overlayfs. The upper filesystem will normally be writable and if it is it must support the creation of trusted.* and/or user.* extended attributes, and must provide valid d_type in readdir responses, so NFS is not suitable.

In order to support 9p filesystem as an upper layer, volumes have to be mounted with a security=mapped* option (effectively, files are written with root's UID). The upper layer as a mountpoint is a requirement for inbound and outbound transfers to work.

@mfranciszkiewicz mfranciszkiewicz mentioned this pull request Aug 22, 2021
Open
@mfranciszkiewicz mfranciszkiewicz mentioned this pull request Sep 1, 2021
Closed
2 tasks
@pwalski pwalski mentioned this pull request Mar 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maaktweluit maaktweluit Awaiting requested review from maaktweluit

@nieznanysprawiciel nieznanysprawiciel Awaiting requested review from nieznanysprawiciel

@prekucki prekucki Awaiting requested review from prekucki

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mfranciszkiewicz