I found node ovirt also is the host running the virtual machine has been designed as such: the entire root file system is read-only, only part of the configuration file is separate out into another district, asked several IBM and Red Hat engineers , before we know called stateless, it is a stateless mode
Ovirt Profile
This is a description from the centos wiki:
ovirt is a virtualization management system, its standard products are the vmware vsphere, it is divided into ovirt-engine and ovirt-node, you can use the system to manage virtual ovirt fleet, now many virtualization related products, Microsoft , vmware, oracle and so do products in this area, so Red Hat ubuntu IBM and other vendors will begin to engage in this thing together, and Red Hat very early into kvm, and Red Hat RHEV do is the entire system, but also divided node and the engine just not the same name, then simply put the node to the contribution of RHEV-H out, everyone out ovirt up. A few days ago I also tried a little ovirt and RHEV, find their host node that is running the virtual machine has been designed as such: the entire root file system is read-only, only part of the configuration file is separate out into another partition , asked several IBM and Red Hat engineers, before we know called stateless, stateless, the benefits of doing so is to run separate storage environment and improve overall usability. After analyzing the ovirt of stateless implementation mechanism, will try on centos6 manual configuration, the process of the development of several ovirt advice, and thank you again
About stateless
This stateless design attempts from long before Red Hat fedora inside to do, which aims to make the system liveCD, following are some of the descriptions of stateless:
read-only root file system(stateless linux) Readonly root support. This was add to Fedora for Stateless Linux, i.e. for creating live Fedora CDs. How to use:
- Edit
/etc/sysconfig/readonly-root. Set 'READONLY' to 'yes'. - Add any exceptions that need to be writable that aren't in the stock
/etc/rwtabto an /etc/rwtab.d file. (See below) How it works: -
On boot, we mount a tmpfs (by default, at /var/lib/stateless/writable), and then parse
/etc/rwtaband/etc/rwtab.d/*for things to put there. These files have the format:<type> <path> - Types are as follows:
- empty: An empty path. Example:
empty /tmp - dirs: A directory tree that is copied, empty. Example:
dirs /var/run - files: A file or directory tree that is copied intact. Example:
files /etc/resolv.conf
- empty: An empty path. Example:
A stock rwtab is shipped with common things that need mounted. When your computer comes back up, the root and any other system partitions will be mounted read-only. All the files and directories listed in /etc/rwtab will be mounted read-write on a tmpfs filesystem. You can add additional files and directories to rwtab to make them writable after reboot.
Note that this system is stateless. When you reboot again, everything written to the tmpfs filesystem vanishes and the system will be exactly as it was the last time it was booted. You could add a writable filesystem on disk or NFS for writing files you want to retain after rebooting.
Take a look at /etc/rc.d/rc.sysinit to see how the magic is done. This capability is a "technology preview" (beta) and is buggy. Note that /etc/mtab and thus "mount" do not show the complete list of filesystems because the /etc directory is on a read-only filesystem. /proc/mounts always shows the correct mount information. You could update /etc/mtab from /proc/mounts to correct it both after boot and after running the mount or umount commands to change mounts.
Run fgrep -v rootfs /proc/mounts >/etc/mtab to correct /etc/mtab. Note that mounting or symlinking /proc/mounts to /etc/mtab causes other problems such as breaking the df command.
You can change your read-only root filesystem to read-write mode immediately with this command run by the root user: mount -n -o remount,rw /
Analyze the implementation mechanism
The following analysis record:
First of all I see is fstab file
/etc/fstab
/dev/root / ext2 defaults,ro,noatime 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
/dev/HostVG/Config /config ext4 defaults,noauto,noatime 0 0
debugfs /sys/kernel/debug debugfs 0 0
/dev/HostVG/Swap swap swap defaults 0 0
/dev/HostVG/Logging /var/log ext4 defaults,noatime 0 0
/dev/HostVG/Data /data ext4 defaults,noatime 0 0
/data/images /var/lib/libvirt/images bind bind 0 0
/data/core /var/log/core bind bind 0 0
Note that this is the place behind the root ro, that is to be mounted read-only has become, suggesting that stateless is mounted has been completed prior to the disk, it must start with system-related, then we find in this rc.sysinit script execution system start-up phase content in the following passage:
/etc/rc.d/rc.sysinit
for file in /etc/statetab /etc/statetab.d/* ; do
is_ignored_file "$file" && continue
[ ! -f "$file" ] && continue
if [ -f "$STATE_MOUNT/$file" ] ; then
mount -n --bind "$STATE_MOUNT/$file" "$file"
fi
for path in $(grep -v "^#" "$file" 2>/dev/null); do
mount_state "$path"
[ -n "$SELINUX_STATE" -a -e "$path" ] && restorecon -R "$path"
done
done
This involves a number inside the shell / etc / statetab, by comparing the conventional system and also find different elsewhere
diff rc.sysinit /etc/rc.sysinit
102a103,108
> elif [[ "$system_release" =~ "CentOS" ]]; then
> [ "$BOOTUP" = "color" ] && echo -en "\033[0;36m"
> echo -en "CentOS"
> [ "$BOOTUP" = "color" ] && echo -en "\033[0;39m"
> PRODUCT=$(sed "s/CentOS (.*) ?release.*/1/" /etc/system-release)
> echo " $PRODUCT"
499c505
< action $"Mounting local filesystems: " mount -a -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2,noproc,nosysfs,nodevpts -O no_netdev
---
> action $"Mounting local filesystems: " mount -a -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2 -O no_netdev
501c507
< action $"Mounting local filesystems: " mount -a -n -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2,noproc,nosysfs,nodevpts -O no_netdev
---
> action $"Mounting local filesystems: " mount -a -n -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2 -O no_netdev
Then look at the / etc / statetab document is what it looks like:
/etc/statetab
# A list of paths which should be bind-mounted from a
# partition dedicated to persistent data
#
# See $STATE_LABEL in /etc/sysconfig/readonly-root
#
# Examples:
#
# /root
# /etc/ssh
# /var/spool/mail
We follow it to find and / etc / sysconfig / readonly-root related to the document from the document name to learn and read-only association:
/etc/sysconfig/readonly-root
Set to 'yes' to mount the system filesystems read-only.
READONLY=yes
# Set to 'yes' to mount various temporary state as either tmpfs
# or on the block device labelled RW_LABEL. Implied by READONLY
TEMPORARY_STATE=no
# Place to put a tmpfs for temporary scratch writable space
RW_MOUNT=/var/lib/stateless/writable
# Label on local filesystem which can be used for temporary scratch space
RW_LABEL=stateless-rw
# Options to use for temporary mount
RW_OPTIONS=
# Label for partition with persistent data
STATE_LABEL=CONFIG
# Where to mount to the persistent data
STATE_MOUNT=/config
# Options to use for peristent mount
STATE_OPTIONS=
# NFS server to use for persistent data?
CLIENTSTATE=
This is it, the first of its READONLY set to yes, then use the device to specify the required number LABEL mounted as read-write device, is then mounted position STATE_MOUNT
As well as / etc / rwtab and rwtab.d related to this directory: / etc / rwtab
#files /etc/adjtime
#files /etc/ntp.conf
#files /etc/resolv.conf
#files /etc/lvm/.cache
#files /etc/lvm/archive
#files /etc/lvm/backup
Above this a few years in ovirt-node is commented out, and it uses its own way to change these documents
/etc/rwtab.d/ovirt
files /etc
dirs /var/lib/multipath
dirs /var/lib/net-snmp
dirs /var/lib/dnsmasq
files /root/.ssh
dirs /root/.uml
dirs /root/.virt-manager
dirs /home/admin/.virt-manager
files /var/cache/libvirt
files /var/empty/sshd/etc/localtime
files /var/lib/libvirt
files /var/lib/multipath
files /var/cache/multipathd
empty /mnt
empty /live
files /boot
empty /boot-kdump
empty /cgroup
These are above ovirt custom. The last is to see / config files the following documents:
/config/files
/etc/fstab
/etc/shadow
/etc/default/ovirt
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/etc/iscsi/initiatorname.iscsi
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-breth0
/etc/sysconfig/network-scripts/ifcfg-eth1
/etc/ntp.conf
/etc/sysconfig/network
/etc/hosts
/etc/shadow
/etc/ssh/sshd_config
This is a list of documents within rc.sysinit need to read them one by one mounted as read-write, thus achieving a whitelist can modify the configuration file, so I modified the system in the hands of these documents, restart, everything seemingly normal, but when the shutdown of a new problem has arisen, shut down when the prompt / etc can not be uninstalled, and why, and then find the script and shutdown-related:
diff /etc/rc.d/init.d/halt.orig /etc/rc.d/init.d/halt
141c141
< LANG=C __umount_loop '$2 ~ /^/$|^/proc|^/dev/{next}
---
> LANG=C __umount_loop '$2 ~ /^/$|^/proc|^/etc|^/dev/{next}
The original document was also done in the halt of the "hands", the / etc to add into it, reboot, modify, shut down, everything is normal.
Reference Documents
The following is a possible reference document
- http://fedoraproject.org/wiki/StatelessLinux/PrepareImage
- http://fedoraproject.org/wiki/StatelessLinux/HOWTO
- http://blog.csdn.net/jcwkyl/article/details/6120547
- http://plone.lucidsolutions.co.nz/linux/io/using-centos-5.2-stateless-linux-support-on-a-flash-based-root-filesystem
- FYI: http://ovirt.org/wiki/File:Ovirt-node.pdf (page 26)
Original: Large column Ovirt of stateless implementation mechanism