Revision as of 17:15, 21 September 2011

Move all to /usr

Summary

Provide a simple way of mounting almost the entire system read-only and share it between multiple hosts to save maintenance and space. Instead of spreading RPM package content all over the place in the filesystem, and artificially separate /bin from /usr/bin and /lib from /usr/lib, move all content to /usr and provide only symlinks in the root filesystem.

/usr on its own filesystem is useful in custom setups. But instead of the Unix way to (almost randomly) split-off tools from /usr and put them in /, and require more and more tools to move to /, we already mount /usr from inside the initramfs, to be available before the real 'init' starts. What /bin and /lib was for UNIX is the initramfs for Linux. The split of the root filesystem an /usr serves no purpose in Linux anymore and only complicates or prevents simple and more flexible setups.

Owner

Name: Harald Hoyer
Email: harald@redhat.com

Current status

Targeted release: Fedora 16
Targeted release: Fedora 17
Last updated: (DATE)
Percentage of completion: 0%

Detailed Description

There is no way to reliably bring up a modern system with an empty /usr, there are two alternatives to fix it: copy /usr back to the rootfs or use an initramfs which can hide the split-off from the system.

Historically /bin, /sbin, /lib had the purpose to contain the utilities to mount /usr. This role can now be taken by the initramfs. Because the initramfs knows, where to find the root partition (which includes /etc), it can parse /etc/fstab and other configuration files and mount /usr before it finally switches the root partition and executes /usr/bin/init. From this point on init mounts the remaining partitions in /etc/fstab and the system starts as usual.

The long-term plan is to clean up the mess and confusion the current split of / vs. /usr has created. All tools will move back to /usr where they belong, and the rootfs will only contain compat-symlinks into /usr. Almost the entire system installed by packages will reside in /usr. This will split all non-host specific data to /usr. /usr can then be seen as the Unix System Resources partition (/System), which defines the base operating system (e.g. F18 or RHEL-7).

This new /usr could be mounted read-only by default, while the rootfs is read-write and contains only empty mount points, compat-symlinks to /usr and the host-specific data like /etc, /root, /srv. Compared to today's setups, the rootfs will be very small. The new /usr could also easily be shared read-only across several systems, and it would contain almost the entire system. Such setups are more efficient, can optionally provide a lot more security, are more flexible, provide more sane options for custom setups, and are much simpler to setup and maintain.

This leaves us with the following well-defined directories, which compose the base of the system:

/usr - installed system; shareable; possibly read-only
/etc - config data; non-shareable
/var - persistent data; non-shareable;
/run - volatile data; non-shareable; mandatory tmpfs filesystem

In the process of moving /bin and /sbin to /usr/bin, /usr/sbin can be moved also to /usr/bin.

Example F15

This output is from a modified F15 standard installation:

# df -h
Filesystem            Size  Used Avail Use% Mounted on
rootfs                2.0G  162M  1.8G   9% /
udev                  484M     0  484M   0% /dev
tmpfs                 494M  248K  493M   1% /dev/shm
tmpfs                 494M   43M  451M   9% /run
/dev/sda2             2.0G  162M  1.8G   9% /
/dev/sda5              13G  3.3G  8.8G  28% /usr
tmpfs                 494M   43M  451M   9% /run
tmpfs                 494M     0  494M   0% /sys/fs/cgroup
tmpfs                 494M     0  494M   0% /media
/dev/sda1             117M   47M   65M  42% /boot

# ls -l /
total 66
lrwxrwxrwx    1 root root     7 Jul  7 16:28 bin -> usr/bin
dr-xr-xr-x.   5 root root  1024 Jul  4 19:33 boot
drwxr-xr-x   16 root root  3480 Jul 11 19:34 dev
drwxr-xr-x. 127 root root 12288 Jul 11 19:34 etc
drwxr-xr-x.   3 root root  4096 Jul  4 17:33 home
lrwxrwxrwx    1 root root     7 Jul 11 17:30 lib -> usr/lib
lrwxrwxrwx    1 root root     9 Jul 11 17:23 lib64 -> usr/lib64
drwx------.   2 root root 16384 Jul  4 16:02 lost+found
drwxr-xr-x    2 root root    40 Jul 11 19:33 media
drwxr-xr-x.   2 root root  4096 May 18 13:33 mnt
drwxr-xr-x.   2 root root  4096 May 18 13:33 opt
dr-xr-xr-x  116 root root     0 Jul 11 17:33 proc
dr-xr-x---.   6 root root  4096 Jul 11 15:58 root
drwxr-xr-x   28 root root  1060 Jul 11 19:35 run
lrwxrwxrwx    1 root root     7 Jul  7 16:28 sbin -> usr/bin
drwxr-xr-x.   2 root root  4096 Jul  4 16:02 selinux
drwxr-xr-x.   2 root root  4096 May 18 13:33 srv
drwxr-xr-x   13 root root     0 Jul 11 19:33 sys
drwxrwxrwt.  14 root root  4096 Jul 11 19:34 tmp
drwxr-xr-x.  13 root root  4096 Jul  4 19:55 usr
drwxr-xr-x.  18 root root  4096 Jul  4 17:27 var

Benefit to Fedora

Clear separation of operating system and host specific resources. /usr can be read-only and shareable.

Scope

The ability to share /usr is especially useful for clusters and virtual machines. The ability to mount /usr read-only (e.g. on read-only media) adds to the security of the machine.

How To Test

User Experience

less toplevel directories

Dependencies

initramfs (dracut)
changes in selinux policies
repackaging of packages with content in /bin, /sbin, /lib*
drop consolehelper to move /usr/sbin/* to /usr/bin
alternatives symlinks?
filesystem rpm, toplevel symlinks

Roadmap

Phase 1 ( Fedora 17 ?)

update rpmlint
begin changing rpm packages with files in /bin, /sbin, /usr/sbin, /lib, /lib64
make backward compat symlinks in %post and %ghost those symlinks
on new installation: create symlinks /bin -> usr/bin, /sbin -> usr/bin, /lib -> usr/lib, /lib64 -> usr/lib64, /usr/sbin -> bin

RPM: 257 packages that install files in the root filesystem.

change selinux policies
prepare dracut to mount /usr from /etc/fstab
drop consolehelper to enable the /usr/sbin -> /usr/bin move

Contingency Plan

We do not support to bootup with an empty /usr today, so moving things to /usr and have compat links in the rootfs should be low risk. If things turn out to get difficult, we can delay the creation of the /bin /sbin /lib lib64 compat links to a later release.

Documentation

Release Notes

Comments and Discussion

See Talk:Features/UsrMove

@@ Line 2: / Line 2: @@
 == Summary ==
-Provide a way of mounting /usr read-only and share it between multiple hosts to save maintenance and space.
+Provide a simple way of mounting almost the entire system read-only and share it between multiple hosts to save maintenance and space. Instead of spreading RPM package content all over the place in the filesystem, and artificially separate /bin from /usr/bin and /lib from /usr/lib, move all content to /usr and provide only symlinks in the root filesystem.
-/usr on its own filesystem is useful in custom setups. But instead of the Unix way to (almost randomly) split-off tools from /usr and put them in /, and require more and more tools to move to /, we today just expect /usr to be mounted from inside the initramfs, to be available before 'init' starts. What /bin and /sbin was for Unix is the initramfs for Linux. An initramfs that supports to mount /usr on top of /, before it starts 'init', makes all current setups work properly.
+/usr on its own filesystem is useful in custom setups. But instead of the Unix way to (almost randomly) split-off tools from /usr and put them in /, and require more and more tools to move to /, we already mount /usr from inside the initramfs, to be available before the real 'init' starts. What /bin and /lib was for UNIX is the initramfs for Linux. The split of the root filesystem an /usr serves no purpose in Linux anymore and only complicates or prevents simple and more flexible setups.
 == Owner ==
@@ Line 25: / Line 25: @@
 This new /usr could be mounted read-only by default, while the rootfs is read-write and contains only empty mount points, compat-symlinks to /usr and the host-specific data like /etc, /root, /srv. Compared to today's setups, the rootfs will be very small. The new /usr could also easily be shared read-only across several systems, and it would contain almost the entire system. Such setups are more efficient, can optionally provide a lot more security, are more flexible, provide more sane options for custom setups, and are much simpler to setup and maintain.
-The remaining non-volatile top level directories are host specific:
+This leaves us with the following well-defined directories, which compose the base of the system:
-* /boot - data to boot the machine (bootloader, kernel and initramfs image)
+* /usr - installed system; shareable; possibly read-only
-* /var - host specific variable data
+* /etc - config data; non-shareable
-* /home - user data
+* /var - persistent data; non-shareable;
-* /root - user data
+* /run - volatile data; non-shareable; mandatory tmpfs filesystem
-* /etc - host specific configuration data
-* /opt - host specific non-base OS apps
-* /srv - host specific contents to be served
 In the process of moving /bin and /sbin to /usr/bin, /usr/sbin can be moved also to /usr/bin.
@@ Line 116: / Line 113: @@
 == Roadmap ==
-=== Phase 1 ([[Releases/16 | Fedora 16 ]] ?) ===
+=== Phase 1 ([[Releases/17 | Fedora 17 ]] ?) ===
 * update rpmlint
 * begin changing rpm packages with files in /bin, /sbin, /usr/sbin, /lib, /lib64
-** ??? make backward compat symlinks in %post and %ghost those symlinks ?????
+* make backward compat symlinks in %post and %ghost those symlinks
+* on new installation: create symlinks /bin -> usr/bin, /sbin -> usr/bin, /lib -> usr/lib, /lib64 -> usr/lib64, /usr/sbin -> bin
-* RPM package list:
+* RPM: 257 packages that install files in the root filesystem.
-<pre>
-$ (for i in bin sbin lib lib64 usr/sbin; do yum -C --disablerepo=* --enablerepo=fedora  provides  "/$i/*"; done) \
-  |egrep -v '^Filename '|egrep -v '^Repo '|egrep -v 'Matched '|egrep -v '^\s+:' \
-  |while read a b; do a=${a#[0-9]*:}; echo ${a%%-[0-9]*};done|sort -u
-</pre>
-Outputs 1059 rpm packages.
 * change selinux policies
 * prepare dracut to mount /usr from /etc/fstab
 * drop consolehelper to enable the /usr/sbin -> /usr/bin move
-=== Phase 2 ([[Releases/17 | Fedora 17 ]]) ===
-* change remaining rpm packages
-* check, if rpm can cope with old packages, rpm error, if conflicting files due to symlinks
-* create symlinks on new installation /bin -> usr/bin, /sbin -> usr/bin, /lib -> usr/lib, /lib64 -> usr/lib64, /usr/sbin -> bin
-* might provide an update script
-** check if directory is emtpy besides %ghosted symlinks
-** remove directory and create symlink
 == Contingency Plan ==
 <!-- If you cannot complete your feature by the final development freeze, what is the backup plan?  This might be as simple as "None necessary, revert to previous release behaviour."  Or it might not.  If you feature is not completed in time we want to assure others that other parts of Fedora will not be in jeopardy.  -->
-* The move of /usr/sbin to /usr/bin can be delayed. /bin -> /usr/bin, /sbin -> /usr/sbin
+* We do not support to bootup with an empty /usr today, so moving things to /usr and have compat links in the rootfs should be low risk. If things turn out to get difficult, we can delay the creation of the /bin /sbin /lib lib64 compat links to a later release.
-* ??? make backward compat symlinks in %post and %ghost those symlinks ?????
 == Documentation ==

Search

Features/UsrMove: Difference between revisions