From owner-freebsd-questions@FreeBSD.ORG Wed Mar 21 15:54:39 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0632E16A411 for ; Wed, 21 Mar 2007 15:54:39 +0000 (UTC) (envelope-from freebsd@dfwlp.com) Received: from pollux.dfwlp.com (rrcs-64-183-212-242.sw.biz.rr.com [64.183.212.242]) by mx1.freebsd.org (Postfix) with ESMTP id CF22B13C4D9 for ; Wed, 21 Mar 2007 15:54:38 +0000 (UTC) (envelope-from freebsd@dfwlp.com) Received: from pollux.dfwlp.com (localhost [127.0.0.1]) by pollux.dfwlp.com (8.13.8/8.13.8) with ESMTP id l2LFsWqg016358 for ; Wed, 21 Mar 2007 10:54:32 -0500 (CDT) (envelope-from freebsd@dfwlp.com) Received: (from www@localhost) by pollux.dfwlp.com (8.13.8/8.13.8/Submit) id l2LFsWS1016357; Wed, 21 Mar 2007 10:54:32 -0500 (CDT) (envelope-from freebsd@dfwlp.com) X-Authentication-Warning: pollux.dfwlp.com: www set sender to freebsd@dfwlp.com using -f Received: from 167.246.36.14 (SquirrelMail authenticated user jhorne) by webmail.dfwlp.org with HTTP; Wed, 21 Mar 2007 10:54:32 -0500 (CDT) Message-ID: <10072.167.246.36.14.1174492472.squirrel@webmail.dfwlp.org> In-Reply-To: <4601501C.3060605@gmail.com> References: <42991.167.246.36.14.1174490156.squirrel@webmail.dfwlp.org> <4601501C.3060605@gmail.com> Date: Wed, 21 Mar 2007 10:54:32 -0500 (CDT) From: "Jonathan Horne" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-4.4 required=3.6 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.8 X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on pollux.dfwlp.com Subject: Re: started playing with jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2007 15:54:39 -0000 > Jonathan Horne wrote: >> i started playing with jails today, and after following and re-following the >> man >> page and the freebsddiary article a few times, i finally got it to work! i >> have >> one jail that starts on startup, and actually the hump i was getting over was >> getting the jail to actually kick off the sshd daemon. all that is working, >> and >> i can reboot my host, and then log into the jail that auto-starts via ssh. >> >> a couple of general questions that i cannot find the answers to: > > First let me say that you may be interested in sysutils/ezjail which > takes care of creating and managing of multiple jails. > > Have a look at http://erdgeist.org/arts/software/ezjail/ > >> 1) if i want more than one jail, what is the proper syntax in the host's >> /etc/rc.conf file for the jail_list="jailed" statement? multiple jail_list >> lines, or a single line that specifies more than one jail? > > $ grep "jail_list=" /etc/defaults/rc.conf > jail_list="" # Space separated list of names of jails > >> 2) what happens to a jail when i 'shutdown -p now' on the host? what caveats >> do >> i need to watch for when rebooting or shutting down the host? > > I use multiple jails (max 3 per host) and never had any problems with > that. I use ezjail, so jails are started/stopped by rc.d script. You may > wait for more technical answer for that, though. > >> 3) i would like to build some ports in my jailed process, but for my >> environment, this requires mounting the export from my main box on my network. >> so far, i am not able to mount a NFS share to /usr/ports (mount_nfs: >> /usr/ports: >> Operation not permitted). > > I'm not really experienced with NFS but how about mounting NFS share in > /usr/ports on host system and then using mount_nullfs to mount that into > jails? Just like ezjail uses mount_nullfs to mount host's /usr/ports > into jails. > > HTH, > > Karol > > -- > Karol Kwiatkowski > OpenPGP 0x06E09309 > > ah thank you bill and karol. the mount_nullfs did work for mounting my ports, and away it goes! ill take a look at ezjail too, that sounds like a neat tool. ok, here are a couple other questions: 4) what about kernel and system updates? i would assume that i would have to manually update these jails when i buildworld and kernel for other systems as well (ie, that updating the host would not also update the jails)? 5) how about memory? is it basically one giant shared pool of physical memory between the host and guests? is there any sort of memory "target" that i should try to meet in order to have my jails run the best the can (or a ratio of memory to host/jails)? finally, i suppose the best configuration might be to have my host just a minimal install (avoiding anything that i dont need to function), and have my jails set up as my service-providing hosts? and are there any services that just dont work well in a jail (i think i can see NFS being one). thanks all, jonathan