Thanks Marco (wow) - I think this is just what I'm looking for. Really
appreciate your reply....Will review your demo...am assume I'd use
kpartx. I'm using ext4 right now, but will try xfs too. Thanks again!
On 02/04/14 07:51, Marco Carnut wrote:
> Hi Ted,
>
>
>> I'm using Vserver guests, each within its own LVM (Wheezy with Mate,
>> LibreOffice, Firefox etc.) I'm using LVM as a means to manage each
>> guest's space.
>>
>> I've been experimenting with LVM snapshots as a way to restore a guest
>> quickly should it became compromised from an attacker. Initial
>> experiments show the restores go quickly, though I have only run a few
>> tests (i.e., the snapshots restore more quickly than building a standard
>> guest from template).
>>
>> Q: has anyone using guests in LVMs put /home in one logical volume and
>> rest of the of the guest in another? Can you use nested LVMs for
>> Vserver guests?
>>
> I used to do that with no problem for years. The
> downside is that you'll have to mount several
> filesystems, so you won't be able to benefit from
> unification. I also recommend using a filesystem
> fast mounts and little need of frequent fsck's.
> I used reiserfs in that capacity for many years
> with zero incidents. xfs seems to work fine.
> In more recent kernels I've been favoring btrfs.
>
> Lately I've been using everything in one filesystem
> so I can benefit from unification, using vserver ... build's clone
> method. It's considerably slower than
> snapshotting/mounting, but still takes just a few
> seconds (if you're using SSDs it's even faster),
> but you can cram a lot of vservers in an otherwise
> modest machine.
>
> A few years ago I even made a live demo of the whole
> concept as a VMware virtual machine (it plays fine
> in VirtualBox as well) using and old Ubuntu LTS,
> if you don't mind downloading 1.5GB of data:
>
> http://www.postcogito.org/vsdemo0.5-ubuntu10_04-32bit.7z
> (the guest user's password is 'demovs')
>
>
>> My thought here is that you could use snapshots to restore the guest's
>> system to a "pristine" state without having to restore /home and its
>> data, or have the choice to restore /home vs. the rest of the guests
>> from separate snapshots.
>>
> That is roughly the concept this demo implements,
> although in this case we restore everything, not
> only /home.
>
> A few years back I tried to gather people to try and
> make a distro out of this concept, but at the time
> there was little interest.
>
> --Marco "Kiko" Carnut
> --Tempest Security Intelligence -- www.tempestsi.com
>
>
>
Received on Wed Feb 5 16:23:15 2014