Newbie questions: Install FS and Containers

Rocky Linux General
1

Good day,

Foreground:
Server newbie here. I came to Rocky after trying to search for CentOS ISO to install on a server. The purpose of the server is to host a home cloud with only VPN access, as well as a website+git. This server is behind a service provider router that has dynamic IP. This is the first server I set up so I’m still in the early stages of the learning process.

Initially I thought about creating VM for each “service” that is, a VM for the cloud and another VM for the website+git. Then I realized that there are containers too, so I’m leaning on the container path, specifically, Podman, because for what I’ve read, using Podman containers avoids the overhead of the VM and, Podman is rootless, thus increases security [read about this too].

Note: Never used Podman before. This is going to be the first time.

Therefore, the goal is to create two rootless pods, a Pod for the home cloud and a Pod for the website+git using dockerhub images. These pods will be ran by an user without administrative privileges.

Plan was to set up a BTRFS RAID 1 install, so could also create subvolumes to assign as storage to each pod, while being them invisible to the other pod.

I understand that these questions have a lot of my ignorance on the topic in them. I’m willing to learn though, and do my research. I haven’f found though, many articles regarding those questions.

Installing Rocky
I just installed Rocky today, on a “future server” hardware. Initial idea was to install on BTRFS though not available in the installer ISO [minimal install]. The install process went fine but the btrfs thing, minimal system was installed on RAID 1 without issues, boot to prompt without issues, everything fine. Just two partitions, EFI and / on XFS. I understand BTRFS is not available in the minimal install, so here are the first questions:

Q1- Can I install Rocky on RAID 1 with BTRFS? If so, should I pick an ISO different from the minimal as minimal doesn’t show option to use BTRFS as default FS for install?
[maybe I got the Podman storage wrong, and just a plain directory would suffice]

Q2- The partition layout is not definitive yet, I may play with it a little bit though I just used that said layout thinking on btrfs and its subvolumes. Should I use a different one for XFS? I.e. with /home on a separate partition, another partition for Podman storage? Thinking about pod storage.

Containers
This server is going to be headless, no DE. No display no keyboard, just the CPU, accessible through the LAN, via SSH and via Cockpit. I need to alter the router configuration to open the needed ports to redirect incoming traffic to the proper container. Nonetheless, I’m going to test that everything works locally [inside LAN] before going out.

So here come the questions regarding containers:
Q3- Using wireguard for the VPN, I could install it in Rocky [system wide], or could add it as a container to the pod where it is needed. Which would be the best option here?

Q4- Same with Dynamic DNS server. Each pod is going to be associated with a different domain, so the dynamic dns server should be installed system wide or inside each pod?

<—end questions

I would appreciate any insight to throw some light on these topics.

Regards,
RR

2

Hi and welcome to the forums :slight_smile:

For your first two questions, Rocky doesn’t have btrfs - mainly because RHEL dropped support for it a while back. So it’s not possible to use, and I don’t know of any third-party repositories that do allow you to add it.

As for containers I don’t use so can’t help there, but I’m sure some other members will jump in and help :slight_smile:

1 Like
3

It’s important not to conflate containers and vm guests. Two different things.
Regarding the /home “partition”, in general, “yes”, you want to keep user data separated from the o/s, and backed up separately. But, it’s not just home, if you have 50 websites and 10 databases, you probably want them in yet another “partition”, called something like ‘/data’, because they’re nothing to do with people’s home directories.

1 Like
4

Good day,

@iwalker, thanks for the welcome to the forums, hope to stay here a looooong time, as I plan to keep using Rocky on the server for the years to come.

Regarding the BTRFS, looks like it’s going to be XFS the filesystem used. I don’t want to mess with third party things. I want the server to be as “stock” as possible, to ease the maintenance as well as upgrades. Thanks for that info @iwalker.

@gerry666uk, thanks for the clarification. I was getting used to BTRFS subvolumes which look very appealing to this use case, but storage wise, will do the partition thing, creating a separate partition for the data. It looks like 90’s style when I used slackware back then :sweat_smile:

Will go that path, will try to get RAID 1 with LVM, so can add more disks to the /data partition in case server runs out of storage.

Regarding the /home, admin user and podman user should not have any /home data, I presume. Podman user is going to be there only to launch pods, nothing else, so besides some config files/folders should not have anything. Same for admin. At least that is how I pictured this in the planning.

The /data partition does indeed make sense and is the logical path to follow. It’s exactly what I was thinking of in terms of BTRFS subvolumes, but sometimes you just look at the door noticing how well it is well, its quality, detail, wood… and don’t see the key hanging from the handle. Sorry about that. :wink:

Thanks again both. Will do a reinstall with the proper partitioning and start to set up the thing.

Regards,
RR

1 Like
5

Sounds good, I put the word “partition” in inverted commas because of course it could be multiple separate disks, or logical volume manager volumes, which are more flexible if you need to change the size of a “partition”.

6

RHEL docs have some recommendations and notes: Appendix E. Partitioning reference Red Hat Enterprise Linux 8 | Red Hat Customer Portal

Services are typically configured to store data under /var. The above doc has notes about /var.

You can configure services to use a different location, but you probably must modify SELinux config too.
The alternative is to mount volumes to subdirs of /var. That way config for service and SELinux are no wiser, even though data is “elsewhere”.

1 Like
7

Yes, it’s a good point about ‘/var’, but then there’s a risk of “user data” getting jumbled up with the o/s, ‘/var/lib/mysql’, do you really want huge database buried in ‘/var’?

With a separate ‘/data’ volume on a separate disk, you can wipe the whole o/s and then just re-attach it to a newly installed o/s. It’s best to do the selinux before putting any “user data” onto the new volume, that way, it will inherit the contexts automactically.

8

Its down to preferences.

Lets say we have the data on volume X. The X is mounted somewhere.
The volume Y is mounted as /.
Lets wipe and recreate Y. No data was harmed.

  • I mount X back to /var/lib/mysql.
  • You mount X back to /data, update mysql config to look from there, and ensure that SELinux continues to treat /data like in old Y.

In both cases we probably have all necessary settings stored in config management system, so the amount of “reconfig” work is about same.

1 Like
9

Good day,

FInally got Rocky installed with RAID 1 on LVM. Only /boot wasn’t able to be inside the LVM [installer spat some warning about recovery issues if the /boot partition gets corrupted], though for the reasons the installer provided, the installer decided to arrange it like that. Ended up with a regular setup inside the LVM: / [10gb], /home [5gb], swap[9gb] and /data[900gb]. I usually don’t like swap, but the link pointed out by @jlehtone about RHEL partitioning recommended using swap, and this is a server, so swap it is.

Other than that no issues whatsoever. Installed the minimal Rocky, and on top I added Podman and Cockpit+Cockpit-podman. Theoretically I wouldn’t need adding any other software to the install, just podman containers, so I plan to keep the system as clean as it is now. :crossed_fingers:

Now it’s time to get dirty with Podman and its pods. And securing the server.

Thanks all for the tips!
Regards,
RR

Edited: Too good to be true. While yesterday everything went fine. I turned on the server today and no network. Looks like the network setup wasn’t kept after poweroff.
Manual setup it is.
Edited2: Nope. Ethernet wire got disconnected… sorry about that. Everything fine :rofl:

10

Can you confirm if this is on real hardware or virtual machine?

In addition, can you run

lsblk -o NAME,MAJ:MIN,FSTYPE,SIZE,LABEL,TYPE,MOUNTPOINT
11

Good day,

@gerry666uk, it’s bare metal. It’s an old ryzen 1400, mounted on a very old case, an Asus vento from around 2007 that had laying around, that I had to cut out some pieces from the front panel in order to add the removable HD backplate “icy dock”. I’m not using the BIOS raid function as for what I’ve read, some BIOS RAIDs are not that good and can cause trouble. So I just went with software RAID as available on Rocky’s installation process.

Initially I planed to use BTRFS with a similar layout as the one spat out by lsblk, but instead of partitions, with subvolumes. In the end, I presume the result is the same.

The outcome of lsblk is [sdc is the multicard reader usb 2.0]:

NAME            MAJ:MIN FSTYPE              SIZE LABEL          TYPE  MOUNTPOINT
sda               8:0                     931.5G                disk  
├─sda1            8:1   vfat                366M                part  /boot/efi
├─sda2            8:2   linux_raid_member   954M karak:boot part  
│ └─md126         9:126 xfs                 953M                raid1 /boot
└─sda3            8:3   linux_raid_member 930.2G karak:pv00 part  
  └─md127         9:127 LVM2_member       930.1G                raid1 
    ├─kara-root 253:0   xfs                 9.3G                lvm   /
    ├─kara-swap 253:1   swap                8.4G                lvm   [SWAP]
    ├─kara-home 253:2   xfs                 4.7G                lvm   /home
    └─kara-data 253:3   xfs               907.7G                lvm   /data
sdb               8:16                    931.5G                disk  
├─sdb1            8:17  linux_raid_member   954M karak:boot part  
│ └─md126         9:126 xfs                 953M                raid1 /boot
└─sdb2            8:18  linux_raid_member 930.2G karak:pv00 part  
  └─md127         9:127 LVM2_member       930.1G                raid1 
    ├─kara-root 253:0   xfs                 9.3G                lvm   /
    ├─kara-swap 253:1   swap                8.4G                lvm   [SWAP]
    ├─kara-home 253:2   xfs                 4.7G                lvm   /home
    └─kara-data 253:3   xfs               907.7G                lvm   /data
sdc               8:32                        0B                disk

Regards,
And thanks for your help.
RR

12

OK, it’s slightly confusing because the /boot/efi only exists on ‘sda’, and then the partition numbers have shifted by one on ‘sdb’, but I can see that /home and /data are separated into their own logical volumes.