From owner-freebsd-questions@FreeBSD.ORG Wed Mar 21 16:10:33 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 219D716A40D for ; Wed, 21 Mar 2007 16:10:33 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from mail.potentialtech.com (internet.potentialtech.com [66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id E53AC13C458 for ; Wed, 21 Mar 2007 16:10:32 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from vanquish.pgh.priv.collaborativefusion.com (pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.potentialtech.com (Postfix) with ESMTP id 49960EBC62; Wed, 21 Mar 2007 12:10:32 -0400 (EDT) Date: Wed, 21 Mar 2007 12:10:31 -0400 From: Bill Moran To: "Jonathan Horne" Message-Id: <20070321121031.d95cadf6.wmoran@potentialtech.com> In-Reply-To: <10072.167.246.36.14.1174492472.squirrel@webmail.dfwlp.org> References: <42991.167.246.36.14.1174490156.squirrel@webmail.dfwlp.org> <4601501C.3060605@gmail.com> <10072.167.246.36.14.1174492472.squirrel@webmail.dfwlp.org> X-Mailer: Sylpheed 2.3.1 (GTK+ 2.10.9; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: started playing with jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2007 16:10:33 -0000 In response to "Jonathan Horne" : > > 4) what about kernel and system updates? i would assume that i would have to > manually update these jails when i buildworld and kernel for other systems as > well (ie, that updating the host would not also update the jails)? Yes, except this is another place where the ezjail port makes life a breeze. ezjail pretty much automates upgrading all your jails at once (except ports). > 5) how about memory? is it basically one giant shared pool of physical memory > between the host and guests? is there any sort of memory "target" that i should > try to meet in order to have my jails run the best the can (or a ratio of memory > to host/jails)? There's no hard and fast rule that I know of. The more stuff you run in each jail, the more each of those will require. If you run relatively lightweight jails, you don't need as much. I've documented some of the stuff I learned here: http://people.collaborativefusion.com/~wmoran/howtos/sshdinjail.html It only describes creating a lightweight jail for sshd, but you can follow a similar process for httpd, or an email server, or whatever. Saves a LOT of memory and process space. Also, ezjail saves a LOT of disk space as you create more and more jails as it uses nullfs mounts to duplicate the base install instead of copying it. > finally, i suppose the best configuration might be to have my host just a > minimal install (avoiding anything that i dont need to function), and have my > jails set up as my service-providing hosts? and are there any services that > just dont work well in a jail (i think i can see NFS being one). Mostly. We run hardware-related stuff on the host system (i.e. snmpd) as well as some universal services (A DNS cache, sendmail). I've had trouble getting programs that use shared memory (such as Postgres) to run inside a jail, but it's been a while since I've tried. -- Bill Moran http://www.potentialtech.com