From owner-freebsd-jail@FreeBSD.ORG Mon Jan 19 11:07:00 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC8E5106564A for ; Mon, 19 Jan 2009 11:07:00 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9A2678FC1C for ; Mon, 19 Jan 2009 11:07:00 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0JB70as063007 for ; Mon, 19 Jan 2009 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0JB705t063003 for freebsd-jail@FreeBSD.org; Mon, 19 Jan 2009 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 19 Jan 2009 11:07:00 GMT Message-Id: <200901191107.n0JB705t063003@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jan 2009 11:07:00 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 3 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Jan 20 01:40:19 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 543C61065674 for ; Tue, 20 Jan 2009 01:40:19 +0000 (UTC) (envelope-from stef-list@memberwebs.com) Received: from mx.npubs.com (mail.npubs.com [209.66.100.224]) by mx1.freebsd.org (Postfix) with ESMTP id 3C0F88FC16 for ; Tue, 20 Jan 2009 01:40:19 +0000 (UTC) (envelope-from stef-list@memberwebs.com) Received: from mx.npubs.com (avhost [209.66.100.194]) by mx.npubs.com (Postfix) with ESMTP id 4F1C78C2A32 for ; Tue, 20 Jan 2009 01:19:52 +0000 (UTC) Received: from northstar-srv2 (unknown [172.27.2.11]) by mx.npubs.com (Postfix) with ESMTP id D26228C282E for ; Tue, 20 Jan 2009 01:19:51 +0000 (UTC) From: Stef User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: freebsd-jail@freebsd.org Content-Type: multipart/mixed; boundary="------------080502040008020304060308" Message-Id: <20090120011951.D26228C282E@mx.npubs.com> X-Virus-Scanned: ClamAV using ClamSMTP Date: Tue, 20 Jan 2009 01:19:52 +0000 (UTC) X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: bsnmp module for monitoring jails: bsnmp-jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: stef@memberwebs.com List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2009 01:40:19 -0000 This is a multi-part message in MIME format. --------------080502040008020304060308 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit I hope it's okay to announce this here. I thought folks might be interested... I've released a bsnmp module for monitoring jails via SNMP. Stuff like network traffic, disk space, CPU utilization etc... FreeBSD port attached, available here: http://memberwebs.com/stef/software/bsnmp-jails/ Cheers, Stef Walter --------------080502040008020304060308-- From owner-freebsd-jail@FreeBSD.ORG Tue Jan 20 12:00:51 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9FDBD1065694 for ; Tue, 20 Jan 2009 12:00:51 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id 5B0028FC33 for ; Tue, 20 Jan 2009 12:00:51 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id E12D319E023; Tue, 20 Jan 2009 12:42:58 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 850BC19E019; Tue, 20 Jan 2009 12:42:52 +0100 (CET) Message-ID: <4975B8F3.7010008@quip.cz> Date: Tue, 20 Jan 2009 12:43:47 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: stef@memberwebs.com References: <20090120011951.D26228C282E@mx.npubs.com> In-Reply-To: <20090120011951.D26228C282E@mx.npubs.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: bsnmp module for monitoring jails: bsnmp-jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2009 12:00:54 -0000 Stef wrote: > I hope it's okay to announce this here. I thought folks might be > interested... > > I've released a bsnmp module for monitoring jails via SNMP. Stuff like > network traffic, disk space, CPU utilization etc... > > FreeBSD port attached, available here: > > http://memberwebs.com/stef/software/bsnmp-jails/ Thank you for your announcement and your work! I will test it as soon as possible. Is there some limitation of FreeBSD version (6.x / 7.x / 8.x; i386 / amd64) or is it compatible with "all"? Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Wed Jan 21 03:26:11 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3BE65106566C for ; Wed, 21 Jan 2009 03:26:11 +0000 (UTC) (envelope-from stef-list@memberwebs.com) Received: from mx.npubs.com (mail.wsfamily.com [209.66.100.224]) by mx1.freebsd.org (Postfix) with ESMTP id 269DE8FC08 for ; Wed, 21 Jan 2009 03:26:11 +0000 (UTC) (envelope-from stef-list@memberwebs.com) Received: from mx.npubs.com (avhost [209.66.100.194]) by mx.npubs.com (Postfix) with ESMTP id EB6778C2AD2; Wed, 21 Jan 2009 03:26:10 +0000 (UTC) Received: from northstar-srv2 (unknown [172.27.2.11]) by mx.npubs.com (Postfix) with ESMTP id 548568C2A3D; Wed, 21 Jan 2009 03:26:10 +0000 (UTC) From: Stef User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: Miroslav Lachman <000.fbsd@quip.cz> References: <20090120011951.D26228C282E@mx.npubs.com> <4975B8F3.7010008@quip.cz> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20090121032610.548568C2A3D@mx.npubs.com> X-Virus-Scanned: ClamAV using ClamSMTP Date: Wed, 21 Jan 2009 03:26:10 +0000 (UTC) Cc: freebsd-jail@freebsd.org Subject: Re: bsnmp module for monitoring jails: bsnmp-jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: stef@memberwebs.com List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2009 03:26:11 -0000 Miroslav Lachman wrote: > Stef wrote: >> I've released a bsnmp module for monitoring jails via SNMP. Stuff like >> network traffic, disk space, CPU utilization etc... >> >> FreeBSD port attached, available here: >> >> http://memberwebs.com/stef/software/bsnmp-jails/ > > Thank you for your announcement and your work! I will test it as soon as > possible. > > Is there some limitation of FreeBSD version (6.x / 7.x / 8.x; i386 / > amd64) or is it compatible with "all"? I hope it's compatible with all of the above. If you find problems with later OS's or other architectures, I'd be happy to help find the problems, or include patches. When it was initially developed, 6.3 was the latest stable release of FreeBSD. It's been deployed on a dozen production 6.3-RELEASE i386 servers (each with lots of jails). Cheers, Stef From owner-freebsd-jail@FreeBSD.ORG Wed Jan 21 12:48:58 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF92A1065757 for ; Wed, 21 Jan 2009 12:48:58 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id BBC948FC0C for ; Wed, 21 Jan 2009 12:48:57 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id BEA0619E055; Wed, 21 Jan 2009 13:48:56 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 189D619E023; Wed, 21 Jan 2009 13:48:51 +0100 (CET) Message-ID: <497719E9.1080107@quip.cz> Date: Wed, 21 Jan 2009 13:49:45 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: stef@memberwebs.com References: <20090120011951.D26228C282E@mx.npubs.com> <4975B8F3.7010008@quip.cz> <20090121032610.548568C2A3D@mx.npubs.com> In-Reply-To: <20090121032610.548568C2A3D@mx.npubs.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: bsnmp module for monitoring jails: bsnmp-jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2009 12:49:00 -0000 Stef wrote: > Miroslav Lachman wrote: > >>Stef wrote: >> >>>I've released a bsnmp module for monitoring jails via SNMP. Stuff like >>>network traffic, disk space, CPU utilization etc... >>> >>>FreeBSD port attached, available here: >>> >>>http://memberwebs.com/stef/software/bsnmp-jails/ >> >>Thank you for your announcement and your work! I will test it as soon as >>possible. >> >>Is there some limitation of FreeBSD version (6.x / 7.x / 8.x; i386 / >>amd64) or is it compatible with "all"? > > > I hope it's compatible with all of the above. If you find problems with > later OS's or other architectures, I'd be happy to help find the > problems, or include patches. > > When it was initially developed, 6.3 was the latest stable release of > FreeBSD. It's been deployed on a dozen production 6.3-RELEASE i386 > servers (each with lots of jails). I added link to your website on http://wiki.freebsd.org/Jails Do you plan to submit PR with port? Let me know if you submit it, so I can update the wiki page. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Wed Jan 21 13:20:09 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CBFCE106571E for ; Wed, 21 Jan 2009 13:20:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 6BBB98FC08 for ; Wed, 21 Jan 2009 13:20:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id A9CA941C677; Wed, 21 Jan 2009 14:20:07 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id jgHXbRBlbob1; Wed, 21 Jan 2009 14:20:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 3520D41C670; Wed, 21 Jan 2009 14:20:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 4B3B44448D5; Wed, 21 Jan 2009 13:17:29 +0000 (UTC) Date: Wed, 21 Jan 2009 13:17:28 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: <497719E9.1080107@quip.cz> Message-ID: <20090121131105.P45399@maildrop.int.zabbadoz.net> References: <20090120011951.D26228C282E@mx.npubs.com> <4975B8F3.7010008@quip.cz> <20090121032610.548568C2A3D@mx.npubs.com> <497719E9.1080107@quip.cz> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Shteryana Shopova , freebsd-jail@freebsd.org, stef@memberwebs.com Subject: Re: bsnmp module for monitoring jails: bsnmp-jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2009 13:20:14 -0000 On Wed, 21 Jan 2009, Miroslav Lachman wrote: Hi, > Stef wrote: >> Miroslav Lachman wrote: >> >>> Stef wrote: >>> >>>> I've released a bsnmp module for monitoring jails via SNMP. Stuff like >>>> network traffic, disk space, CPU utilization etc... >>>> >>>> FreeBSD port attached, available here: >>>> >>>> http://memberwebs.com/stef/software/bsnmp-jails/ >>> >>> Thank you for your announcement and your work! I will test it as soon as >>> possible. >>> >>> Is there some limitation of FreeBSD version (6.x / 7.x / 8.x; i386 / >>> amd64) or is it compatible with "all"? >> >> >> I hope it's compatible with all of the above. If you find problems with >> later OS's or other architectures, I'd be happy to help find the >> problems, or include patches. >> >> When it was initially developed, 6.3 was the latest stable release of >> FreeBSD. It's been deployed on a dozen production 6.3-RELEASE i386 >> servers (each with lots of jails). > > I added link to your website on http://wiki.freebsd.org/Jails > Do you plan to submit PR with port? Let me know if you submit it, so I can > update the wiki page. I see a few problems with the module (and I haven't investigated a lot yet): - the entire pcap stuff in there - the inode and cpu usage stuff in there This is all going to break on the assumption that jails do use things exlusively. For example there can be 10 jails all sharing the same IP. There can be jails all sharing the same fs, nullfs mounts, ... And to my understanding the cpu usage reported is at best a snapshot guess but no clean statics value. I admit that those things (apart from traffic which really belongs elsewhere) can become interesting with resource limit patches where we get get proper values from elsewhere w/o having to do guess-math. - no support for jails in HEAD (and soon in 7) - does the MIB list the IP address(es)? - private copies of xprison structures - ... I have the feeling that this will need a bit of polishing and separation of things... I hope Shteryana may join in here ... -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Wed Jan 21 16:00:25 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 133CA106568E for ; Wed, 21 Jan 2009 16:00:25 +0000 (UTC) (envelope-from stef-list@memberwebs.com) Received: from mx.npubs.com (mx.npubs.com [209.66.100.224]) by mx1.freebsd.org (Postfix) with ESMTP id E08DB8FC2E for ; Wed, 21 Jan 2009 16:00:24 +0000 (UTC) (envelope-from stef-list@memberwebs.com) Received: from mx.npubs.com (avhost [209.66.100.194]) by mx.npubs.com (Postfix) with ESMTP id 778A98C286B; Wed, 21 Jan 2009 16:00:24 +0000 (UTC) Received: from northstar-srv2 (unknown [172.27.2.11]) by mx.npubs.com (Postfix) with ESMTP id 960DC8C2862; Wed, 21 Jan 2009 16:00:23 +0000 (UTC) From: Stef User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <20090120011951.D26228C282E@mx.npubs.com> <4975B8F3.7010008@quip.cz> <20090121032610.548568C2A3D@mx.npubs.com> <497719E9.1080107@quip.cz> <20090121131105.P45399@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20090121160023.960DC8C2862@mx.npubs.com> X-Virus-Scanned: ClamAV using ClamSMTP Date: Wed, 21 Jan 2009 16:00:24 +0000 (UTC) Cc: Shteryana Shopova , freebsd-jail@freebsd.org Subject: Re: bsnmp module for monitoring jails: bsnmp-jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: stef@memberwebs.com List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2009 16:00:25 -0000 Bjoern A. Zeeb wrote: > I see a few problems with the module (and I haven't investigated a lot > yet): Hi. BTW, thanks for the work you've put into jails on HEAD. Really looking forward to that. The bsnmp-jails module certainly could be improved a lot. As my clients migrate to newer versions of FreeBSD, that would happen naturally. Or if anyone interested wants to participate, please do. I'm open to better ideas, code and implementations. bsnmp-jails was born out of necessity. Some answers to your points below, but this doesn't mean that I don't think they're valid. > - the entire pcap stuff in there Yes, at first glance not the most efficient. It'd be awesome if there were kernel counters for this. But the big benefit to using pcap is that allows us to exclude certain traffic (see jailNetworkFilter config) such as local site traffic, from the counters. > This is all going to break on the assumption that jails do use things > exlusively. For example there can be 10 jails all sharing the same IP. > There can be jails all sharing the same fs, nullfs mounts, ... Certainly. Jails can be configured in a multitude of ways. Obviously, one can even use them as a chroot. I don't think bsnmp-jails makes sense for every possible use of jail(2). The module doesn't follow mounts when calculating disks and files. In the future I'm thinking of moving to ZFS for my jails, one fs per jail, and that'd make it far quicker and easier to calculate disks and file usage. That is, if the top level path of a jail is a mount point, then bsnmp-jail could just use info straight from that mount point instead of walking the tree inefficiently. > And to my understanding the cpu usage reported is at best a snapshot > guess but no clean statics value. I'm centainly no expert at this, however I've thought that the CPU usage is one of the more accurate parts of bsnmp-jail. It monitors ki_childtime + ki_runtime for all the processes. In addition when a process that has a parent outside the jail exits (ie: a daemon restarting), it keeps track of that process's ki_childtime + ki_runtime and keeps it in the counters. The above opens a small window of time when CPU usage may be missed. The time between the last monitoring cycle (3 seconds by default) and the when a daemon process exits, may be missed. In reality this happens very rarely and the CPU statistics have been usable. > I admit that those things (apart from traffic which really belongs > elsewhere) can become interesting with resource limit patches where we > get get proper values from elsewhere w/o having to do guess-math. Yes, it goes without saying, that kernel counters for CPU usage on the xprison structure then that'd make things far simpler and more accurate. > - no support for jails in HEAD (and soon in 7) So far only two versions of xprison structure are supported. The original single IP, and those patches that have been floating around. But it'd be easy to add support for the new jails. > - does the MIB list the IP address(es)? Nope, but it could be done easily, given the need. > - private copies of xprison structures Not sure I understand what you mean here. bsnmp-jail tracks jails by hostname, not by jid, since those are volatile. It also has to do strange gymnastics to get around the 'phantom jail' effect on FreeBSD 6.x (and other versions?) where a jail hangs around in the kernel due to TCP TIME_WAIT. > I have the feeling that this will need a bit of polishing and > separation of things... Yup certainly, and it's my hope that it will become more useful over time. Thanks for your advice. Cheers, Stef From owner-freebsd-jail@FreeBSD.ORG Wed Jan 21 20:18:51 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0FEF8106568B for ; Wed, 21 Jan 2009 20:18:51 +0000 (UTC) (envelope-from shteryana@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.155]) by mx1.freebsd.org (Postfix) with ESMTP id 8DBBA8FC16 for ; Wed, 21 Jan 2009 20:18:50 +0000 (UTC) (envelope-from shteryana@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so2278629fgb.35 for ; Wed, 21 Jan 2009 12:18:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:reply-to:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=pylIGtZ+5KQOoF182Ik+viia5YnARdQE92BR1pgPM/g=; b=V9kWcIdKWu0mPSjuvjEqy3PDkuNZHfwE2/VRFgPsi+SIvF2WDiK7o8K7XCRjJM7HVR CJZzY4zqOai4J7//yiPqz7DBVRMir4nsIE64NUqQlcEGqHAB+a4E1R6lL6f/HCqqawxx iTcl4ILRL6lRDcCokrUMeAOPfWY3NDkfxSRB8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:reply-to:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=OND/H8/e9XFdDzR402g5dtBcGn7MB/n8YfW6FOgZOVZEz7vPwwi6k1Yd+8XDm6rw74 5oJPY8GhSVK4+WYySyNew5X+8LJ0P0sRRemtLN+W3FBRCBJQH2Nns68lmN2WsoUpZT3e 0fneFZCZc3NaSSAuIlCU7dppPox4tMJqABAQ0= MIME-Version: 1.0 Sender: shteryana@gmail.com Received: by 10.181.159.11 with SMTP id l11mr1703784bko.186.1232567265483; Wed, 21 Jan 2009 11:47:45 -0800 (PST) In-Reply-To: <20090121160023.960DC8C2862@mx.npubs.com> References: <20090120011951.D26228C282E@mx.npubs.com> <4975B8F3.7010008@quip.cz> <20090121032610.548568C2A3D@mx.npubs.com> <497719E9.1080107@quip.cz> <20090121131105.P45399@maildrop.int.zabbadoz.net> <20090121160023.960DC8C2862@mx.npubs.com> Date: Wed, 21 Jan 2009 21:47:45 +0200 X-Google-Sender-Auth: ec836fa293e103b3 Message-ID: <61b573980901211147y48188ec1t2606faa420c67f40@mail.gmail.com> From: Shteryana Shopova To: stef@memberwebs.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: "Bjoern A. Zeeb" , freebsd-jail@freebsd.org Subject: Re: bsnmp module for monitoring jails: bsnmp-jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: syrinx@FreeBSD.org List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2009 20:18:52 -0000 Hi, Just to elaborate Bjoern's opinion - * traffic monitoring per ip/flow might not be of interest to jails only and I believe it belongs to a separate module * in terms of jail resource monitoring (and limits) I believe the direction to go is using jtune (Cris Jones'es SoC 2006 patch) even if we have to live with #ifdef JTUNE inside bsnmp_jails until it hits the tree (which I hope it will at one point) * the module badly needs to list the IP addresses of a jail - which I believe should be done in a separate table - e.g indexed by jail id and IP address - the question here is how to handle IPv4 vs IPv6 - separate tables or a common table adding a InetAddress column as index - the latter will not work with bsnmptools until they're fixed to support it; I am also guessing we need a RowStatus column so that one can assign IP addresses to a jail via SNMP Furthermore - * there is no way to create or destroy a jail via snmp-jail - jailEntry is missing a RowStatus column maybe? * I am missing a column for the jail's root * jailname, number of IPv4, IPv6'es in terms of jails in CURRENT? * SNMP equivalents for the controls under security.jail sysctl MIB? * I don't like the fact the the module includes pre-generated jails_oid.h, jails_tree.h and jails_tree.c - we have a bsd.snmpmod.mk for this, which puts all files in place (e.g MIB, def) I can try summing up my ideas in a MIB and publishing it for discussion these days but unfotunatelly I don't have the time to do any coding on this right now. One last thought, we certainly want a bsnmp_jails (the notation so far is to use underscore in the name) module as part of base but it should cover as wide as usage scenarios of jail(8) as possible. cheers, Shteryana P.P. Please keep me in the CC list as I am not subscribed to (this) list