From owner-freebsd-questions@FreeBSD.ORG Tue Feb 9 07:56:07 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD497106566C for ; Tue, 9 Feb 2010 07:56:07 +0000 (UTC) (envelope-from m.seaman@black-earth.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id E12AB8FC12 for ; Tue, 9 Feb 2010 07:56:06 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o197tvJr090247 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 9 Feb 2010 07:55:57 GMT (envelope-from m.seaman@black-earth.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk o197tvJr090247 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=black-earth.co.uk; s=201001-black-earth; t=1265702158; bh=7OzuBuH7D/85whDIa22ExbOsZJaalZMtyowm7Oj/CR8=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4B711505.4020907@black-earth.co.uk>|Date:=20Tue,=2 009=20Feb=202010=2007:55:49=20+0000|From:=20Matthew=20Seaman=20|User-Agent:=20Mozilla/5.0=20(Macintosh=3 B=20U=3B=20Intel=20Mac=20OS=20X=2010.6=3B=20en-GB=3B=20rv:1.9.1.7) =20Gecko/20100111=20Thunderbird/3.0.1|MIME-Version:=201.0|To:=20Ga ry=20Gatten=20|CC:=20Adam=20Vande=20More=20,=20Jason=20,=20=0D=0A=20"R ichard=20L.=20Houston"=20,=0D=0A=20freebsd-ques tions@freebsd.org|Subject:=20Re:=20Updating=20packages=20in=20Jail s|References:=20<12972016.97.1265661043611.JavaMail.root@goblin><3 2433176.107.1265661327344.JavaMail.root@goblin><6201873e1002081309 m6a2d4916u828d39f1e0c9c2a@mail.gmail.com><20100208211524.GA57127@e ggman.experts-exchange.com>=09<6201873e1002081327k20bb39aey5a24d1b 9337e41f9@mail.gmail.com>=20<11646_1265667228_4B708C9C_11646_2871_ 1_70C0964126D66F458E688618E1CD008A08CCF4FB@WADPEXV0.waddell.com>|I n-Reply-To:=20<11646_1265667228_4B708C9C_11646_2871_1_70C0964126D6 6F458E688618E1CD008A08CCF4FB@WADPEXV0.waddell.com>|X-Enigmail-Vers ion:=201.0|Content-Type:=20multipart/signed=3B=20micalg=3Dpgp-sha1 =3B=0D=0A=20protocol=3D"application/pgp-signature"=3B=0D=0A=20boun dary=3D"------------enigCE3A29082C897995F5F932D7"; b=ZfcjxYLYX3MLVFK9at/9D7Xnx6+b7Ymf8f+pGhdQ3kQg7ZPCJnKu5WwV1fvlGYDxA Wx7ErKloTYYGyD0oQET4OmZFreLyW58lWIzHkZvguRqvTdV4CWOcB/3oS4nJ2xTy0M 6Y1EeXKtnsQjxm8uLpN+kwYGDXaEgEW5hjPOIjEk= Message-ID: <4B711505.4020907@black-earth.co.uk> Date: Tue, 09 Feb 2010 07:55:49 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1 MIME-Version: 1.0 To: Gary Gatten References: <12972016.97.1265661043611.JavaMail.root@goblin><32433176.107.1265661327344.JavaMail.root@goblin><6201873e1002081309m6a2d4916u828d39f1e0c9c2a@mail.gmail.com><20100208211524.GA57127@eggman.experts-exchange.com> <6201873e1002081327k20bb39aey5a24d1b9337e41f9@mail.gmail.com> <11646_1265667228_4B708C9C_11646_2871_1_70C0964126D66F458E688618E1CD008A08CCF4FB@WADPEXV0.waddell.com> In-Reply-To: <11646_1265667228_4B708C9C_11646_2871_1_70C0964126D66F458E688618E1CD008A08CCF4FB@WADPEXV0.waddell.com> X-Enigmail-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigCE3A29082C897995F5F932D7" X-Virus-Scanned: clamav-milter 0.95.3 at happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VERIFIED,SPF_FAIL,URIBL_RED autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on happy-idiot-talk.infracaninophile.co.uk Cc: Adam Vande More , "Richard L. Houston" , freebsd-questions@freebsd.org, Jason Subject: Re: Updating packages in Jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Feb 2010 07:56:07 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigCE3A29082C897995F5F932D7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 08/02/2010 22:13, Gary Gatten wrote: > Hopefully this isn't considered a hijack, but what are the *main* diffs= > between jails and vm's? I've never worked with jails but read about > them several times. Do they allow controlling of CPU cycles, Memory > regions, etc. in the same manner as the file system(s) and network? >=20 > Asked another way, what are some Usage cases where jails would be equal= > or more appropriate than full on vm's and vice-versa. We use vm's quit= e > extensively and I'm wondering of some of these can be done in jails > instead. The principal difference between Jails and full virtualisation is that a the base system and all jails on a machine run inside a single kernel instance. Jails see some or all of the same hardware which is shared with the base system and may be shared with other jails. Thus all jails have to run FreeBSD, and while you can install and run an older user-land on a newer base fairly successfully, (eg. a 7.2 jail running on an 8.0 base system) you can't do the converse. Trying to run an i386 jail on an amd64 base system is also not recommended. VMs don't have these limitations. The big advantage of jails is that they are very light-weight. You get the management advantages of virtualisation with almost none of the virtualisation overhead, other than disk usage. The whole jail concept is an elaboration of the well-known Unix chroot(2) system call. Jailing adds to this dedicated IP addresses for the jail -- but not a complete network stack just yet, so, for instance, you can't run a firewall inside the jail. Virtualisation of the network stack is a work in progress: google for VNET and VIMAGE if interested. You can use standard limits(1) controls on resource usage in the jail, and you can use cpuset(1) to tie jailed processes to specific CPU cores. Quotas tend not to work very well in jails: to control filesystem usage, it's best to create a separate filesystem of the appropriate size specifically for the jail. This is a very good situation for handling by ZFS. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard, Flat 3 Black Earth Consulting Ramsgate Kent, CT11 9PW Free and Open Source Solutions Tel: +44 (0)1843 580647 --------------enigCE3A29082C897995F5F932D7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktxFQwACgkQ8Mjk52CukIx6kACfTmMticUmSYUCSz4+4lN5mpPx 0JsAn2ZaoxiqQhAxD1uZzTpBA1+2qQ7T =qItV -----END PGP SIGNATURE----- --------------enigCE3A29082C897995F5F932D7--