From owner-freebsd-jail@FreeBSD.ORG Sun Jan 10 21:20:27 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id A61571065672
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 21:20:27 +0000 (UTC)
(envelope-from samankaya@netscape.net)
Received: from imr-ma04.mx.aol.com (imr-ma04.mx.aol.com [64.12.206.42])
by mx1.freebsd.org (Postfix) with ESMTP id 6AEFF8FC12
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 21:20:27 +0000 (UTC)
Received: from imo-da03.mx.aol.com (imo-da03.mx.aol.com [205.188.169.201])
by imr-ma04.mx.aol.com (8.14.1/8.14.1) with ESMTP id o0ALAFHN028238
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 16:10:15 -0500
Received: from samankaya@netscape.net
by imo-da03.mx.aol.com (mail_out_v42.5.) id n.bd7.61242043 (43905)
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 16:10:10 -0500 (EST)
Received: from [172.16.1.52] (mail.reformkurumsal.com [212.156.209.87]) by
cia-dc07.mx.aol.com (v127.7) with ESMTP id
MAILCIADC072-ab814b4a4230229; Sun, 10 Jan 2010 16:10:10 -0500
Message-ID: <4B4A422F.9060307@netscape.net>
Date: Sun, 10 Jan 2010 23:10:07 +0200
From: Kaya Saman <SamanKaya@netscape.net>
User-Agent: Thunderbird 2.0.0.21 (X11/20090323)
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AOL-IP: 212.156.209.87
X-Mailer: Unknown (No Version)
X-Spam-Flag: NO
X-AOL-SENDER: samankaya@netscape.net
Subject: Using 'Jails' like Solaris Zones??
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jan 2010 21:20:27 -0000
Hi,
I'm debating whether or not to install FreeBSD or Solaris on a new
mainframe that I'm going to get which is a Sun Fire V480 server.
Basically what I want this machine to do is all network infrastructure
services; meaning: ntp, dns primary/secondary, network monitoring with
cacti and munin and many more things!
Since virtualization is a little bit tricky on SPARC as tools such as
xVM, Citrix Xen, and VirtualBox don't run on any other then x86
platforms I am left with LDOMs which I think the machine may not be able
to handle as LDOMs require a minimum of 4GB of RAM plus a later
processor then the SPARC III chips inside.
Since FreeBSD has all the software I require and is quite easy on system
resources I was considering using 'Jails' where in Solaris I would be
using Zones to dedicate an individual IP address to each instance of Bind.
However, is it possible to dedicate a specific NIC to each instance of
Bind as well since this is really what I would be doing in Solaris???
Apologies if I seem a bit vague on which OS I will choose, it's just
that I am trying to consolidate as many services as possible without
requiring any more hardware.
Many thanks for any responses :-)
Regards,
Kaya
From owner-freebsd-jail@FreeBSD.ORG Sun Jan 10 22:00:25 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id CAE9E106566B
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 22:00:25 +0000 (UTC)
(envelope-from 000.fbsd@quip.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
by mx1.freebsd.org (Postfix) with ESMTP id 888618FC16
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 22:00:24 +0000 (UTC)
Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1])
by elsa.codelab.cz (Postfix) with ESMTP id 6D0E019E046;
Sun, 10 Jan 2010 23:00:23 +0100 (CET)
Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by elsa.codelab.cz (Postfix) with ESMTPSA id 4C14819E048;
Sun, 10 Jan 2010 23:00:21 +0100 (CET)
Message-ID: <4B4A4DF3.5010509@quip.cz>
Date: Sun, 10 Jan 2010 23:00:19 +0100
From: Miroslav Lachman <000.fbsd@quip.cz>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:1.9.1.6) Gecko/20091206 SeaMonkey/2.0.1
MIME-Version: 1.0
To: Kaya Saman <SamanKaya@netscape.net>
References: <4B4A422F.9060307@netscape.net>
In-Reply-To: <4B4A422F.9060307@netscape.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@freebsd.org
Subject: Re: Using 'Jails' like Solaris Zones??
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jan 2010 22:00:25 -0000
Kaya Saman wrote:
[...]
> Since FreeBSD has all the software I require and is quite easy on system
> resources I was considering using 'Jails' where in Solaris I would be
> using Zones to dedicate an individual IP address to each instance of Bind.
>
> However, is it possible to dedicate a specific NIC to each instance of
> Bind as well since this is really what I would be doing in Solaris???
>
> Apologies if I seem a bit vague on which OS I will choose, it's just
> that I am trying to consolidate as many services as possible without
> requiring any more hardware.
AFAIK FreeBSD jail can't be bound to a specific NIC, but can be bound to
IP address(es) and addresses can be assigned to a different NICs.
It means, if you have following NICs: nic0, nic1 and IPS on NICs:
nic0 = 10.10.10.10
nic1 = 10.20.20.20
Then if you start first jail with IP 10.10.10.10 and second jail with IP
10.20.20.20, then first jail will use nic0 and second jail will use nic1
You can also use more than one IP from more than one NIC in one jail
thanks to BZs work on multi-ip jail (since 7.2)
Miroslav Lachman
From owner-freebsd-jail@FreeBSD.ORG Sun Jan 10 22:05:15 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id E4F96106568F
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 22:05:15 +0000 (UTC)
(envelope-from samankaya@netscape.net)
Received: from imr-da05.mx.aol.com (imr-da05.mx.aol.com [205.188.105.147])
by mx1.freebsd.org (Postfix) with ESMTP id A73578FC15
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 22:05:15 +0000 (UTC)
Received: from imo-ma04.mx.aol.com (imo-ma04.mx.aol.com [64.12.78.139])
by imr-da05.mx.aol.com (8.14.1/8.14.1) with ESMTP id o0AM50ru024969;
Sun, 10 Jan 2010 17:05:00 -0500
Received: from samankaya@netscape.net
by imo-ma04.mx.aol.com (mail_out_v42.5.) id d.be5.6ad89563 (37107);
Sun, 10 Jan 2010 17:04:59 -0500 (EST)
Received: from [172.16.1.52] (mail.reformkurumsal.com [212.156.209.87]) by
cia-db08.mx.aol.com (v127.7) with ESMTP id
MAILCIADB085-90f34b4a4f09200; Sun, 10 Jan 2010 17:04:59 -0500
Message-ID: <4B4A4F09.1080901@netscape.net>
Date: Mon, 11 Jan 2010 00:04:57 +0200
From: Kaya Saman <SamanKaya@netscape.net>
User-Agent: Thunderbird 2.0.0.21 (X11/20090323)
MIME-Version: 1.0
To: Miroslav Lachman <000.fbsd@quip.cz>
References: <4B4A422F.9060307@netscape.net> <4B4A4DF3.5010509@quip.cz>
In-Reply-To: <4B4A4DF3.5010509@quip.cz>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AOL-IP: 212.156.209.87
X-Mailer: Unknown (No Version)
X-Spam-Flag: NO
X-AOL-SENDER: samankaya@netscape.net
Cc: freebsd-jail@freebsd.org
Subject: Re: Using 'Jails' like Solaris Zones??
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jan 2010 22:05:16 -0000
>
> AFAIK FreeBSD jail can't be bound to a specific NIC, but can be bound
> to IP address(es) and addresses can be assigned to a different NICs.
> It means, if you have following NICs: nic0, nic1 and IPS on NICs:
> nic0 = 10.10.10.10
> nic1 = 10.20.20.20
>
> Then if you start first jail with IP 10.10.10.10 and second jail with
> IP 10.20.20.20, then first jail will use nic0 and second jail will use
> nic1
>
> You can also use more than one IP from more than one NIC in one jail
> thanks to BZs work on multi-ip jail (since 7.2)
>
> Miroslav Lachman
Thanks! This is actually a really great idea..... and probably will do
just what I want. I am guessing in a 4 NIC environment I can even use
this to create an internal private master/slave config and also have a
public master/slave too.
All I need to do now is learn how to configure and use 'Jails'.
Regards,
Kaya
From owner-freebsd-jail@FreeBSD.ORG Sun Jan 10 22:54:36 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 647F0106568B
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 22:54:36 +0000 (UTC)
(envelope-from samankaya@netscape.net)
Received: from imr-da05.mx.aol.com (imr-da05.mx.aol.com [205.188.105.147])
by mx1.freebsd.org (Postfix) with ESMTP id 257B78FC08
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 22:54:35 +0000 (UTC)
Received: from imo-da01.mx.aol.com (imo-da01.mx.aol.com [205.188.169.199])
by imr-da05.mx.aol.com (8.14.1/8.14.1) with ESMTP id o0AMsFC4028735;
Sun, 10 Jan 2010 17:54:15 -0500
Received: from samankaya@netscape.net
by imo-da01.mx.aol.com (mail_out_v42.5.) id o.d50.6517a103 (43905);
Sun, 10 Jan 2010 17:54:13 -0500 (EST)
Received: from [172.16.1.52] (mail.reformkurumsal.com [212.156.209.87]) by
cia-dc07.mx.aol.com (v127.7) with ESMTP id
MAILCIADC072-ab814b4a5a9033f; Sun, 10 Jan 2010 17:54:10 -0500
Message-ID: <4B4A5A88.4050108@netscape.net>
Date: Mon, 11 Jan 2010 00:54:00 +0200
From: Kaya Saman <SamanKaya@netscape.net>
User-Agent: Thunderbird 2.0.0.21 (X11/20090323)
MIME-Version: 1.0
To: Glen Barber <glen.j.barber@gmail.com>
References: <4B4A422F.9060307@netscape.net> <4B4A4DF3.5010509@quip.cz>
<20100110222638.GA5300@orion.hsd1.pa.comcast.net>
In-Reply-To: <20100110222638.GA5300@orion.hsd1.pa.comcast.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AOL-IP: 212.156.209.87
X-Mailer: Unknown (No Version)
X-Spam-Flag: NO
X-AOL-SENDER: samankaya@netscape.net
Cc: freebsd-jail@freebsd.org
Subject: Re: Using 'Jails' like Solaris Zones??
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jan 2010 22:54:36 -0000
>
> As of 7.2, jails can be bound directly to a specific interface.
>
> The example in /etc/defaults/rc.conf shows:
>
> #jail_example_interface=""
>
>
>
>
Oh wow.... ok; this means that I can use Jails similarly to how I was
going to use the Solaris Zone!
No need for Solaris then and also I think that BSD is lighter on systems
then Solaris in general. Ok now that ZFS is in place no contest, but
before when using UFS v.1 I think BSD still gives better performance in
terms of freer system resources.
From owner-freebsd-jail@FreeBSD.ORG Sun Jan 10 22:56:34 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id C4B991065672
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 22:56:34 +0000 (UTC)
(envelope-from glen.j.barber@gmail.com)
Received: from mail-qy0-f174.google.com (mail-qy0-f174.google.com
[209.85.221.174])
by mx1.freebsd.org (Postfix) with ESMTP id 78EEE8FC0C
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 22:56:34 +0000 (UTC)
Received: by qyk4 with SMTP id 4so9192107qyk.7
for <freebsd-jail@freebsd.org>; Sun, 10 Jan 2010 14:56:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:received:received:date:from:to:cc:subject
:message-id:references:mime-version:content-type:content-disposition
:in-reply-to:user-agent;
bh=CqXKY2BxEi5jtod7cjMoFrSwXNHBls4TrzN9mLWg73w=;
b=N4dCKNUoSz26R34l4gyBAge6jgzCGnEGsNzHV5FgYK1jD3dw+pQkWcx4VhEPnwreyx
qSV77Hm5ujkxUJVNPZDdXtxYSfaAtUxTAhzyVu2fuGwF7aDYuLG9hUWTlD5vUaYuhgbR
NLFEbSzbj2l2gJbYfq0K+s1ACpOpyhhhFeOzE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=date:from:to:cc:subject:message-id:references:mime-version
:content-type:content-disposition:in-reply-to:user-agent;
b=ey7RfX6oiiJGaQIXH0ZvN3uo8Z7qbnzW9fEhJsvw5TCnoE7C7XBnuhmwzorvx+ci3U
VGpHDrIMNy/xxKOhs6cQjnbNdVMP9E8/yHV4xruveug5OllD3KeyRX6sGs7Kezpv46B5
U8sFxOu9cvEQfDxPz0CwwZweW5HE50bP1Hnqk=
Received: by 10.224.79.229 with SMTP id q37mr16233303qak.2.1263162599542;
Sun, 10 Jan 2010 14:29:59 -0800 (PST)
Received: from orion.hsd1.pa.comcast.net (c-71-230-240-241.hsd1.pa.comcast.net
[71.230.240.241])
by mx.google.com with ESMTPS id 23sm1897472qyk.15.2010.01.10.14.29.57
(version=SSLv3 cipher=RC4-MD5); Sun, 10 Jan 2010 14:29:58 -0800 (PST)
Date: Sun, 10 Jan 2010 17:26:38 -0500
From: Glen Barber <glen.j.barber@gmail.com>
To: Miroslav Lachman <000.fbsd@quip.cz>
Message-ID: <20100110222638.GA5300@orion.hsd1.pa.comcast.net>
References: <4B4A422F.9060307@netscape.net>
<4B4A4DF3.5010509@quip.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4B4A4DF3.5010509@quip.cz>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: freebsd-jail@freebsd.org
Subject: Re: Using 'Jails' like Solaris Zones??
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jan 2010 22:56:34 -0000
Hi,
Miroslav Lachman wrote:
> Kaya Saman wrote:
>
> [...]
>
> > Since FreeBSD has all the software I require and is quite easy on system
> > resources I was considering using 'Jails' where in Solaris I would be
> > using Zones to dedicate an individual IP address to each instance of Bind.
> >
> > However, is it possible to dedicate a specific NIC to each instance of
> > Bind as well since this is really what I would be doing in Solaris???
> >
> > Apologies if I seem a bit vague on which OS I will choose, it's just
> > that I am trying to consolidate as many services as possible without
> > requiring any more hardware.
>
> AFAIK FreeBSD jail can't be bound to a specific NIC, but can be bound to
> IP address(es) and addresses can be assigned to a different NICs.
> It means, if you have following NICs: nic0, nic1 and IPS on NICs:
> nic0 = 10.10.10.10
> nic1 = 10.20.20.20
As of 7.2, jails can be bound directly to a specific interface.
The example in /etc/defaults/rc.conf shows:
#jail_example_interface=""
>
> Then if you start first jail with IP 10.10.10.10 and second jail with IP
> 10.20.20.20, then first jail will use nic0 and second jail will use nic1
>
> You can also use more than one IP from more than one NIC in one jail
> thanks to BZs work on multi-ip jail (since 7.2)
>
> Miroslav Lachman
Regards,
--
Glen Barber
From owner-freebsd-jail@FreeBSD.ORG Mon Jan 11 09:51:55 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id B6C93106566B
for <freebsd-jail@freebsd.org>; Mon, 11 Jan 2010 09:51:55 +0000 (UTC)
(envelope-from 000.fbsd@quip.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
by mx1.freebsd.org (Postfix) with ESMTP id 746E18FC08
for <freebsd-jail@freebsd.org>; Mon, 11 Jan 2010 09:51:55 +0000 (UTC)
Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1])
by elsa.codelab.cz (Postfix) with ESMTP id 2337619E023;
Mon, 11 Jan 2010 10:51:54 +0100 (CET)
Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by elsa.codelab.cz (Postfix) with ESMTPSA id 0405519E019;
Mon, 11 Jan 2010 10:51:51 +0100 (CET)
Message-ID: <4B4AF4B7.7090802@quip.cz>
Date: Mon, 11 Jan 2010 10:51:51 +0100
From: Miroslav Lachman <000.fbsd@quip.cz>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:1.9.1.6) Gecko/20091206 SeaMonkey/2.0.1
MIME-Version: 1.0
To: Glen Barber <glen.j.barber@gmail.com>
References: <4B4A422F.9060307@netscape.net> <4B4A4DF3.5010509@quip.cz>
<20100110222638.GA5300@orion.hsd1.pa.comcast.net>
In-Reply-To: <20100110222638.GA5300@orion.hsd1.pa.comcast.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@freebsd.org
Subject: Re: Using 'Jails' like Solaris Zones??
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2010 09:51:55 -0000
Glen Barber wrote:
> Hi,
>
> Miroslav Lachman wrote:
>> Kaya Saman wrote:
>>
>> [...]
>>
>>> Since FreeBSD has all the software I require and is quite easy on system
>>> resources I was considering using 'Jails' where in Solaris I would be
>>> using Zones to dedicate an individual IP address to each instance of Bind.
>>>
>>> However, is it possible to dedicate a specific NIC to each instance of
>>> Bind as well since this is really what I would be doing in Solaris???
>>>
>>> Apologies if I seem a bit vague on which OS I will choose, it's just
>>> that I am trying to consolidate as many services as possible without
>>> requiring any more hardware.
>>
>> AFAIK FreeBSD jail can't be bound to a specific NIC, but can be bound to
>> IP address(es) and addresses can be assigned to a different NICs.
>> It means, if you have following NICs: nic0, nic1 and IPS on NICs:
>> nic0 = 10.10.10.10
>> nic1 = 10.20.20.20
>
> As of 7.2, jails can be bound directly to a specific interface.
>
> The example in /etc/defaults/rc.conf shows:
>
> #jail_example_interface=""
>
It is different thing and exists for more than 3 years.
As is stated in the manpage, this is just a rc.conf(5) variable used to
choose the interface where IP alias will be created, but is has nothing
to do with jail(8) command. The command takes list of IP addresses, not
NICs.
jail_<jname>_interface
(str) Unset by default. When set, sets the interface to use
when setting IP address alias. Note that the alias is cre-
ated at jail startup and removed at jail shutdown.
Miroslav Lachman
From owner-freebsd-jail@FreeBSD.ORG Mon Jan 11 11:07:03 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 78DE21065693
for <freebsd-jail@FreeBSD.org>; Mon, 11 Jan 2010 11:07:03 +0000 (UTC)
(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id 6873C8FC24
for <freebsd-jail@FreeBSD.org>; Mon, 11 Jan 2010 11:07:03 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0BB73LN034708
for <freebsd-jail@FreeBSD.org>; Mon, 11 Jan 2010 11:07:03 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0BB72iT034706
for freebsd-jail@FreeBSD.org; Mon, 11 Jan 2010 11:07:02 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 11 Jan 2010 11:07:02 GMT
Message-Id: <201001111107.o0BB72iT034706@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-jail@FreeBSD.org
Cc:
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2010 11:07:03 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with
5 problems total.
From owner-freebsd-jail@FreeBSD.ORG Mon Jan 11 11:43:22 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id B33F31065695;
Mon, 11 Jan 2010 11:43:22 +0000 (UTC)
(envelope-from 000.fbsd@quip.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
by mx1.freebsd.org (Postfix) with ESMTP id 719538FC18;
Mon, 11 Jan 2010 11:43:22 +0000 (UTC)
Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1])
by elsa.codelab.cz (Postfix) with ESMTP id E81DC19E047;
Mon, 11 Jan 2010 12:43:20 +0100 (CET)
Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by elsa.codelab.cz (Postfix) with ESMTPSA id E427D19E046;
Mon, 11 Jan 2010 12:43:18 +0100 (CET)
Message-ID: <4B4B0ED6.9090200@quip.cz>
Date: Mon, 11 Jan 2010 12:43:18 +0100
From: Miroslav Lachman <000.fbsd@quip.cz>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:1.9.1.6) Gecko/20091206 SeaMonkey/2.0.1
MIME-Version: 1.0
To: freebsd-rc@FreeBSD.org
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@FreeBSD.org
Subject: MFC rc.d/jail (pre|post)(start|stop) jail hooks in to 7.x?
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2010 11:43:22 -0000
Bjoern A. Zeeb wrote:
> *mumble* *tired* *again* ..
>
> Let me cite man rc.conf to not mess it up again:
>
> jail_<jname>_exec_afterstart<N>
> (str) Unset by default. This is the command run as Nth com-
> mand in a jail after jail startup, where N is 1, 2, and so
> on.
>
> jail_<jname>_exec_poststart<N>
> (str) Unset by default. This is the command run as Nth com-
> mand after jail startup, where N is 0, 1, and so on. It is
> run outside the jail.
Can you please merge revisions 191620 and 193939 in to 7-STABLE before
7.3 freeze?
http://svn.freebsd.org/viewvc/base?view=revision&revision=191620
http://svn.freebsd.org/viewvc/base?view=revision&revision=193939
(pre|post)(start|stop) is in HEAD for 8 months and merge will not
conflict with anything in 7.x branch.
Should I file a PR?
Miroslav Lachman
From owner-freebsd-jail@FreeBSD.ORG Thu Jan 14 12:35:28 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 1692A106568D;
Thu, 14 Jan 2010 12:35:28 +0000 (UTC)
(envelope-from alexander@leidinger.net)
Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de
[217.11.53.44])
by mx1.freebsd.org (Postfix) with ESMTP id A160F8FC21;
Thu, 14 Jan 2010 12:35:27 +0000 (UTC)
Received: from outgoing.leidinger.net (pD9E2CF17.dip.t-dialin.net
[217.226.207.23])
by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id A96008444CF;
Thu, 14 Jan 2010 13:35:21 +0100 (CET)
Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102])
by outgoing.leidinger.net (Postfix) with ESMTP id 1944E9A579;
Thu, 14 Jan 2010 13:35:17 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net;
s=outgoing-alex; t=1263472518;
bh=MWaBjD4NLmOlrC1pihbH4lpMbRjKeIFr6q9Vm/KJkzc=;
h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To:
MIME-Version:Content-Type:Content-Transfer-Encoding;
b=Elz9CTj5RE8c09w9Yifk6Wwd6hDTIZYuq0L2KQeuYvgBSXiHM+JI9iLcn7ADIPb3q
tS+H1VtLoNFQqErzH12MU/7auGNKFXKE3SLIZ5qoMrDT0zEMaFQ3wldVmnZ5/fb9cJ
7JRCcfUE+NE30WyltiOjSlp72EkncbKN8xiCdRLotkVzvYuc/xZU/PmVpsy0E20nIo
3GHE9UWIuTfnmh51H/MM0QQK5baNz1Pa/PWFw/Mt2Nb8W+5qzH6D7GBMkkcnUv9FL0
cupXtS9G1ZaEpivFf+8FL9YQVS5wxjQ8J+LMBsLx3sW8U6+ozigeIp0GPZUyCkeeSH
kGcpXmhd7uDiw==
Received: (from www@localhost)
by webmail.leidinger.net (8.14.3/8.13.8/Submit) id o0ECZHWc070077;
Thu, 14 Jan 2010 13:35:17 +0100 (CET)
(envelope-from Alexander@Leidinger.net)
Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by
webmail.leidinger.net (Horde Framework) with HTTP; Thu, 14 Jan 2010
13:35:16 +0100
Message-ID: <20100114133516.21277ik0pthwdo0s@webmail.leidinger.net>
Date: Thu, 14 Jan 2010 13:35:16 +0100
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Remko Lodder <remko@FreeBSD.org>
References: <20091207080353.66241t4vpmnmrilc@webmail.leidinger.net>
<20100105112447.00005e71@unknown>
<0f8c4a9c3740e2185582ef1c922835b3.squirrel@www.jr-hosting.nl>
In-Reply-To: <0f8c4a9c3740e2185582ef1c922835b3.squirrel@www.jr-hosting.nl>
MIME-Version: 1.0
Content-Type: text/plain;
charset=UTF-8;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.4)
X-EBL-MailScanner-Information: Please contact the ISP for more information
X-EBL-MailScanner-ID: A96008444CF.AAAD7
X-EBL-MailScanner: Found to be clean
X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN,
SpamAssassin (not cached, score=-1.44, required 6,
autolearn=disabled, ALL_TRUSTED -1.44, DKIM_SIGNED 0.00,
DKIM_VERIFIED -0.00)
X-EBL-MailScanner-From: alexander@leidinger.net
X-EBL-MailScanner-Watermark: 1264077323.33897@EP+FlUlVFgUM1AV6kSQafA
X-EBL-Spam-Status: No
Cc: jail@FreeBSD.org, simon@FreeBSD.org
Subject: Re: starting jails in the background & dependencies
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jan 2010 12:35:28 -0000
Quoting Remko Lodder <remko@FreeBSD.org> (from Tue, 5 Jan 2010
11:35:48 +0100):
>
> On Tue, January 5, 2010 11:24 am, Alexander Leidinger wrote:
>> On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger
>> <Alexander@Leidinger.net> wrote:
>>
>>> Hi,
>>>
>>> now that jails are started in the background (which is good, to
>>
>> I just realized yesterday that it also stops in parallel (in the
>> background). This is bad. It may be the case that a jail is not fully
>> stopped via the rc scripts when the OS decides to kill the remaining
>> processes during a shutdown.
>>
>> My first reaction is to only allow to start in the background, but
>> everything else needs to be serialized.
>>
>> Any objections or better ideas out there?
> I think the best way at this moment is to revert the change ( I can do
> that , or someone else, I dont mind ) and think of a better concept. Simon
> also mentioned that he didn't like the current way of doing things, so I
> kept it in, for possible suggestions. Reverting the change would mean that
> the old behaviour at least works and is with what people are used to. We
> can then further improve it where needed.
What about the following? Just have a look at the principle, I haven't
tested it yet. What it does is:
- revert back to serial startup by default
- allow to only start in the background (jail_parallel_start=YES)
- take input from /dev/null: in case a start script inside the
jail wants to read from stdin (it shouldn't), it will not
switch the process into STOP state (but should generate some
message in the application log)
Copy&paste, so maybe messed up tabs:
---snip---
Index: share/man/man5/rc.conf.5
===================================================================
--- share/man/man5/rc.conf.5 (Revision 202277)
+++ share/man/man5/rc.conf.5 (Arbeitskopie)
@@ -24,7 +24,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd November 11, 2009
+.Dd January 14, 2010
.Dt RC.CONF 5
.Os
.Sh NAME
@@ -3472,6 +3472,11 @@
If set to
.Dq Li NO ,
any configured jails will not be started.
+.It jail_parallel_start
+.Pq Vt bool
+If set to
+.Dq Li YES
+all configured jails will be started in the background (= in parallel).
.It Va jail_list
.Pq Vt str
A space separated list of names for jails.
Index: etc/rc.d/jail
===================================================================
--- etc/rc.d/jail (Revision 202277)
+++ etc/rc.d/jail (Arbeitskopie)
@@ -636,7 +636,8 @@
done
eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
- \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
+ \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \
+ </dev/null
if [ "$?" -eq 0 ] ; then
_jail_id=$(head -1 ${_tmp_jail})
@@ -728,4 +729,19 @@
if [ -n "$*" ]; then
jail_list="$*"
fi
-run_rc_command "${cmd}" &
+
+# Only allow the parallel start of jails, other commands are not
+# safe to execute in parallel.
+case "${cmd}" in
+*start)
+ ;;
+*)
+ jail_parallel_start=NO
+esac
+
+if checkyesno jail_parallel_start; then
+ run_rc_command "${cmd}" &
+else
+ run_rc_command "${cmd}"
+fi
+
Index: etc/defaults/rc.conf
===================================================================
--- etc/defaults/rc.conf (Revision 202277)
+++ etc/defaults/rc.conf (Arbeitskopie)
@@ -630,6 +630,7 @@
### Jail Configuration #######################################
##############################################################
jail_enable="NO" # Set to NO to disable starting of any jails
+jail_parallel_start="NO" # Start jails in the background
jail_list="" # Space separated list of names of jails
jail_set_hostname_allow="YES" # Allow root user in a jail to change
its hostname
jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail
---snip---
Bye,
Alexander.
--
For certain people, after fifty, litigation takes the place of sex.
-- Gore Vidal
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
From owner-freebsd-jail@FreeBSD.ORG Thu Jan 14 12:41:10 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 60AC01065694;
Thu, 14 Jan 2010 12:41:10 +0000 (UTC)
(envelope-from alexander@leidinger.net)
Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de
[217.11.53.44])
by mx1.freebsd.org (Postfix) with ESMTP id 08C958FC18;
Thu, 14 Jan 2010 12:41:09 +0000 (UTC)
Received: from outgoing.leidinger.net (pD9E2CF17.dip.t-dialin.net
[217.226.207.23])
by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 08FDA844E74;
Thu, 14 Jan 2010 13:41:03 +0100 (CET)
Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102])
by outgoing.leidinger.net (Postfix) with ESMTP id 891F29A778;
Thu, 14 Jan 2010 13:41:00 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net;
s=outgoing-alex; t=1263472860;
bh=63h8xmBr7JhbdYx/bL6HJYV/yBwlEIBMP1Bg8jGJAgg=;
h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To:
MIME-Version:Content-Type:Content-Transfer-Encoding;
b=QlsCQk76enwGyR9r9C/8XeHpQgokeHnAxqrxKn0TtoXferBwK4666T2V4mGOdGGIy
wGseyYM2EwfT1RjpJ7BHkinH6FLOMyyi3WkpnLt8A9Ptf2Kdi8eoEo5FXeuHNvlwN1
BhGyNkviCtD8ekvWhVY/wk20k1j9OzOpQ3epN6ULA4hbvkVr/yRO8FCGojCb/cSzd8
Ee+ljXmoUHoPb1DXeOiYbA2ETH4yNSh91ihSKVu3Qrx7CQxIuoCIT03Twzzz1+IIhB
dcyqg3vxsd3mtrt/6pI4CX/XlfvRQTzaypWuxxSXTJRPjELCo5i9zasNoyIAKRuXNQ
YbsXvyTgBPArQ==
Received: (from www@localhost)
by webmail.leidinger.net (8.14.3/8.13.8/Submit) id o0ECex53071700;
Thu, 14 Jan 2010 13:40:59 +0100 (CET)
(envelope-from Alexander@Leidinger.net)
Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by
webmail.leidinger.net (Horde Framework) with HTTP; Thu, 14 Jan 2010
13:40:59 +0100
Message-ID: <20100114134059.1929551uvux5y3wo@webmail.leidinger.net>
Date: Thu, 14 Jan 2010 13:40:59 +0100
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Miroslav Lachman <000.fbsd@quip.cz>
References: <20091207080353.66241t4vpmnmrilc@webmail.leidinger.net>
<20100105112447.00005e71@unknown> <4B43184E.1010106@quip.cz>
In-Reply-To: <4B43184E.1010106@quip.cz>
MIME-Version: 1.0
Content-Type: text/plain;
charset=UTF-8;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.4)
X-EBL-MailScanner-Information: Please contact the ISP for more information
X-EBL-MailScanner-ID: 08FDA844E74.076C7
X-EBL-MailScanner: Found to be clean
X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN,
SpamAssassin (not cached, score=-1.44, required 6,
autolearn=disabled, ALL_TRUSTED -1.44, DKIM_SIGNED 0.00,
DKIM_VERIFIED -0.00)
X-EBL-MailScanner-From: alexander@leidinger.net
X-EBL-MailScanner-Watermark: 1264077666.15659@5lc/GqeKMOxOVw05CE/swg
X-EBL-Spam-Status: No
Cc: jail@freebsd.org, remko@freebsd.org
Subject: Re: starting jails in the background & dependencies
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jan 2010 12:41:10 -0000
Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Tue, 05 Jan 2010
11:45:34 +0100):
> Alexander Leidinger wrote:
>> On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger
>> <Alexander@Leidinger.net> wrote:
>>
>>> Hi,
>>>
>>> now that jails are started in the background (which is good, to
>>
>> I just realized yesterday that it also stops in parallel (in the
>> background). This is bad. It may be the case that a jail is not fully
>> stopped via the rc scripts when the OS decides to kill the remaining
>> processes during a shutdown.
>>
>> My first reaction is to only allow to start in the background, but
>> everything else needs to be serialized.
>>
>> Any objections or better ideas out there?
>
> Maybe stopping can be done in parallel, but rc script should wait
> (in loop) until all jails are stopped or some configurable timeout
> (for example 60 seconds).
Feel free to come up with a proof of concept... but the timeout on
stop should be "forever" IMO. If you have a busy software which needs
to be shutdown correctly for data safety or consistency reasons, I do
not want that a reboot or shutdown prevents the correct shutdown.
Bye,
Alexander.
--
Beware of Programmers who carry screwdrivers.
-- Leonard Brandwein
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
From owner-freebsd-jail@FreeBSD.ORG Thu Jan 14 17:14:43 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id A6273106566B;
Thu, 14 Jan 2010 17:14:43 +0000 (UTC)
(envelope-from 000.fbsd@quip.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
by mx1.freebsd.org (Postfix) with ESMTP id 602438FC0C;
Thu, 14 Jan 2010 17:14:42 +0000 (UTC)
Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1])
by elsa.codelab.cz (Postfix) with ESMTP id 325A519E047;
Thu, 14 Jan 2010 18:14:41 +0100 (CET)
Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by elsa.codelab.cz (Postfix) with ESMTPSA id BB6F219E023;
Thu, 14 Jan 2010 18:14:38 +0100 (CET)
Message-ID: <4B4F50FD.8090207@quip.cz>
Date: Thu, 14 Jan 2010 18:14:37 +0100
From: Miroslav Lachman <000.fbsd@quip.cz>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:1.9.1.7) Gecko/20100104 SeaMonkey/2.0.2
MIME-Version: 1.0
To: Alexander Leidinger <Alexander@Leidinger.net>
References: <20091207080353.66241t4vpmnmrilc@webmail.leidinger.net>
<20100105112447.00005e71@unknown> <4B43184E.1010106@quip.cz>
<20100114134059.1929551uvux5y3wo@webmail.leidinger.net>
In-Reply-To: <20100114134059.1929551uvux5y3wo@webmail.leidinger.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: jail@freebsd.org, remko@freebsd.org
Subject: Re: starting jails in the background & dependencies
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jan 2010 17:14:43 -0000
Alexander Leidinger wrote:
> Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Tue, 05 Jan 2010
> 11:45:34 +0100):
>
>> Alexander Leidinger wrote:
>>> On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger
>>> <Alexander@Leidinger.net> wrote:
>>>
>>>> Hi,
>>>>
>>>> now that jails are started in the background (which is good, to
>>>
>>> I just realized yesterday that it also stops in parallel (in the
>>> background). This is bad. It may be the case that a jail is not fully
>>> stopped via the rc scripts when the OS decides to kill the remaining
>>> processes during a shutdown.
>>>
>>> My first reaction is to only allow to start in the background, but
>>> everything else needs to be serialized.
>>>
>>> Any objections or better ideas out there?
>>
>> Maybe stopping can be done in parallel, but rc script should wait (in
>> loop) until all jails are stopped or some configurable timeout (for
>> example 60 seconds).
>
> Feel free to come up with a proof of concept... but the timeout on stop
> should be "forever" IMO. If you have a busy software which needs to be
> shutdown correctly for data safety or consistency reasons, I do not want
> that a reboot or shutdown prevents the correct shutdown.
I misunderstand the whole thing from the begining. It's all about
wording "background" and "parallel".
My first understanding was if I have 4 jails, they are started in
parallel (each other)
something like:
for J in jail1 jail2 jail3 jail4
do
jail_start $J &
done
and similar for stoping them.
But now I see that it is just a start jails in serial as usual but
rc.d/jail runs in the background, so next rc script will start right
after rc.d/jail, not waiting to jails come up.
Both approaches have its pros and cons.
In the first case (starting and stopping each jail in the background)
stopping can be easy as:
for J in $jail_list
do
jail_stop $J &
done
while [ -n "`jls`" ]
do
sleep 1
done
echo "all jails were stopped"
For the second case, where jails are started / stopped as usual but
whole rc.d/jail is backgrounded the only solution I got in my mind is
the second rc script (for example bgjail_stop) with similar loop as
above executed as one of the last rc scripts on system shutdown.
(but I know it is ugly solution)
I hope somebody will come with better idea :)
Miroslav Lachman
PS: as my english is not so well, it is sometimes hard to me to
understand and sometimes hard to explain things