From owner-freebsd-jail@FreeBSD.ORG Sun Jan 10 21:20:27 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A61571065672 for ; Sun, 10 Jan 2010 21:20:27 +0000 (UTC) (envelope-from samankaya@netscape.net) Received: from imr-ma04.mx.aol.com (imr-ma04.mx.aol.com [64.12.206.42]) by mx1.freebsd.org (Postfix) with ESMTP id 6AEFF8FC12 for ; Sun, 10 Jan 2010 21:20:27 +0000 (UTC) Received: from imo-da03.mx.aol.com (imo-da03.mx.aol.com [205.188.169.201]) by imr-ma04.mx.aol.com (8.14.1/8.14.1) with ESMTP id o0ALAFHN028238 for ; Sun, 10 Jan 2010 16:10:15 -0500 Received: from samankaya@netscape.net by imo-da03.mx.aol.com (mail_out_v42.5.) id n.bd7.61242043 (43905) for ; Sun, 10 Jan 2010 16:10:10 -0500 (EST) Received: from [172.16.1.52] (mail.reformkurumsal.com [212.156.209.87]) by cia-dc07.mx.aol.com (v127.7) with ESMTP id MAILCIADC072-ab814b4a4230229; Sun, 10 Jan 2010 16:10:10 -0500 Message-ID: <4B4A422F.9060307@netscape.net> Date: Sun, 10 Jan 2010 23:10:07 +0200 From: Kaya Saman User-Agent: Thunderbird 2.0.0.21 (X11/20090323) MIME-Version: 1.0 To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AOL-IP: 212.156.209.87 X-Mailer: Unknown (No Version) X-Spam-Flag: NO X-AOL-SENDER: samankaya@netscape.net Subject: Using 'Jails' like Solaris Zones?? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2010 21:20:27 -0000 Hi, I'm debating whether or not to install FreeBSD or Solaris on a new mainframe that I'm going to get which is a Sun Fire V480 server. Basically what I want this machine to do is all network infrastructure services; meaning: ntp, dns primary/secondary, network monitoring with cacti and munin and many more things! Since virtualization is a little bit tricky on SPARC as tools such as xVM, Citrix Xen, and VirtualBox don't run on any other then x86 platforms I am left with LDOMs which I think the machine may not be able to handle as LDOMs require a minimum of 4GB of RAM plus a later processor then the SPARC III chips inside. Since FreeBSD has all the software I require and is quite easy on system resources I was considering using 'Jails' where in Solaris I would be using Zones to dedicate an individual IP address to each instance of Bind. However, is it possible to dedicate a specific NIC to each instance of Bind as well since this is really what I would be doing in Solaris??? Apologies if I seem a bit vague on which OS I will choose, it's just that I am trying to consolidate as many services as possible without requiring any more hardware. Many thanks for any responses :-) Regards, Kaya From owner-freebsd-jail@FreeBSD.ORG Sun Jan 10 22:00:25 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CAE9E106566B for ; Sun, 10 Jan 2010 22:00:25 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 888618FC16 for ; Sun, 10 Jan 2010 22:00:24 +0000 (UTC) Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 6D0E019E046; Sun, 10 Jan 2010 23:00:23 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 4C14819E048; Sun, 10 Jan 2010 23:00:21 +0100 (CET) Message-ID: <4B4A4DF3.5010509@quip.cz> Date: Sun, 10 Jan 2010 23:00:19 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.6) Gecko/20091206 SeaMonkey/2.0.1 MIME-Version: 1.0 To: Kaya Saman References: <4B4A422F.9060307@netscape.net> In-Reply-To: <4B4A422F.9060307@netscape.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: Using 'Jails' like Solaris Zones?? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2010 22:00:25 -0000 Kaya Saman wrote: [...] > Since FreeBSD has all the software I require and is quite easy on system > resources I was considering using 'Jails' where in Solaris I would be > using Zones to dedicate an individual IP address to each instance of Bind. > > However, is it possible to dedicate a specific NIC to each instance of > Bind as well since this is really what I would be doing in Solaris??? > > Apologies if I seem a bit vague on which OS I will choose, it's just > that I am trying to consolidate as many services as possible without > requiring any more hardware. AFAIK FreeBSD jail can't be bound to a specific NIC, but can be bound to IP address(es) and addresses can be assigned to a different NICs. It means, if you have following NICs: nic0, nic1 and IPS on NICs: nic0 = 10.10.10.10 nic1 = 10.20.20.20 Then if you start first jail with IP 10.10.10.10 and second jail with IP 10.20.20.20, then first jail will use nic0 and second jail will use nic1 You can also use more than one IP from more than one NIC in one jail thanks to BZs work on multi-ip jail (since 7.2) Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Sun Jan 10 22:05:15 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E4F96106568F for ; Sun, 10 Jan 2010 22:05:15 +0000 (UTC) (envelope-from samankaya@netscape.net) Received: from imr-da05.mx.aol.com (imr-da05.mx.aol.com [205.188.105.147]) by mx1.freebsd.org (Postfix) with ESMTP id A73578FC15 for ; Sun, 10 Jan 2010 22:05:15 +0000 (UTC) Received: from imo-ma04.mx.aol.com (imo-ma04.mx.aol.com [64.12.78.139]) by imr-da05.mx.aol.com (8.14.1/8.14.1) with ESMTP id o0AM50ru024969; Sun, 10 Jan 2010 17:05:00 -0500 Received: from samankaya@netscape.net by imo-ma04.mx.aol.com (mail_out_v42.5.) id d.be5.6ad89563 (37107); Sun, 10 Jan 2010 17:04:59 -0500 (EST) Received: from [172.16.1.52] (mail.reformkurumsal.com [212.156.209.87]) by cia-db08.mx.aol.com (v127.7) with ESMTP id MAILCIADB085-90f34b4a4f09200; Sun, 10 Jan 2010 17:04:59 -0500 Message-ID: <4B4A4F09.1080901@netscape.net> Date: Mon, 11 Jan 2010 00:04:57 +0200 From: Kaya Saman User-Agent: Thunderbird 2.0.0.21 (X11/20090323) MIME-Version: 1.0 To: Miroslav Lachman <000.fbsd@quip.cz> References: <4B4A422F.9060307@netscape.net> <4B4A4DF3.5010509@quip.cz> In-Reply-To: <4B4A4DF3.5010509@quip.cz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AOL-IP: 212.156.209.87 X-Mailer: Unknown (No Version) X-Spam-Flag: NO X-AOL-SENDER: samankaya@netscape.net Cc: freebsd-jail@freebsd.org Subject: Re: Using 'Jails' like Solaris Zones?? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2010 22:05:16 -0000 > > AFAIK FreeBSD jail can't be bound to a specific NIC, but can be bound > to IP address(es) and addresses can be assigned to a different NICs. > It means, if you have following NICs: nic0, nic1 and IPS on NICs: > nic0 = 10.10.10.10 > nic1 = 10.20.20.20 > > Then if you start first jail with IP 10.10.10.10 and second jail with > IP 10.20.20.20, then first jail will use nic0 and second jail will use > nic1 > > You can also use more than one IP from more than one NIC in one jail > thanks to BZs work on multi-ip jail (since 7.2) > > Miroslav Lachman Thanks! This is actually a really great idea..... and probably will do just what I want. I am guessing in a 4 NIC environment I can even use this to create an internal private master/slave config and also have a public master/slave too. All I need to do now is learn how to configure and use 'Jails'. Regards, Kaya From owner-freebsd-jail@FreeBSD.ORG Sun Jan 10 22:54:36 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 647F0106568B for ; Sun, 10 Jan 2010 22:54:36 +0000 (UTC) (envelope-from samankaya@netscape.net) Received: from imr-da05.mx.aol.com (imr-da05.mx.aol.com [205.188.105.147]) by mx1.freebsd.org (Postfix) with ESMTP id 257B78FC08 for ; Sun, 10 Jan 2010 22:54:35 +0000 (UTC) Received: from imo-da01.mx.aol.com (imo-da01.mx.aol.com [205.188.169.199]) by imr-da05.mx.aol.com (8.14.1/8.14.1) with ESMTP id o0AMsFC4028735; Sun, 10 Jan 2010 17:54:15 -0500 Received: from samankaya@netscape.net by imo-da01.mx.aol.com (mail_out_v42.5.) id o.d50.6517a103 (43905); Sun, 10 Jan 2010 17:54:13 -0500 (EST) Received: from [172.16.1.52] (mail.reformkurumsal.com [212.156.209.87]) by cia-dc07.mx.aol.com (v127.7) with ESMTP id MAILCIADC072-ab814b4a5a9033f; Sun, 10 Jan 2010 17:54:10 -0500 Message-ID: <4B4A5A88.4050108@netscape.net> Date: Mon, 11 Jan 2010 00:54:00 +0200 From: Kaya Saman User-Agent: Thunderbird 2.0.0.21 (X11/20090323) MIME-Version: 1.0 To: Glen Barber References: <4B4A422F.9060307@netscape.net> <4B4A4DF3.5010509@quip.cz> <20100110222638.GA5300@orion.hsd1.pa.comcast.net> In-Reply-To: <20100110222638.GA5300@orion.hsd1.pa.comcast.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AOL-IP: 212.156.209.87 X-Mailer: Unknown (No Version) X-Spam-Flag: NO X-AOL-SENDER: samankaya@netscape.net Cc: freebsd-jail@freebsd.org Subject: Re: Using 'Jails' like Solaris Zones?? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2010 22:54:36 -0000 > > As of 7.2, jails can be bound directly to a specific interface. > > The example in /etc/defaults/rc.conf shows: > > #jail_example_interface="" > > > > Oh wow.... ok; this means that I can use Jails similarly to how I was going to use the Solaris Zone! No need for Solaris then and also I think that BSD is lighter on systems then Solaris in general. Ok now that ZFS is in place no contest, but before when using UFS v.1 I think BSD still gives better performance in terms of freer system resources. From owner-freebsd-jail@FreeBSD.ORG Sun Jan 10 22:56:34 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4B991065672 for ; Sun, 10 Jan 2010 22:56:34 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: from mail-qy0-f174.google.com (mail-qy0-f174.google.com [209.85.221.174]) by mx1.freebsd.org (Postfix) with ESMTP id 78EEE8FC0C for ; Sun, 10 Jan 2010 22:56:34 +0000 (UTC) Received: by qyk4 with SMTP id 4so9192107qyk.7 for ; Sun, 10 Jan 2010 14:56:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=CqXKY2BxEi5jtod7cjMoFrSwXNHBls4TrzN9mLWg73w=; b=N4dCKNUoSz26R34l4gyBAge6jgzCGnEGsNzHV5FgYK1jD3dw+pQkWcx4VhEPnwreyx qSV77Hm5ujkxUJVNPZDdXtxYSfaAtUxTAhzyVu2fuGwF7aDYuLG9hUWTlD5vUaYuhgbR NLFEbSzbj2l2gJbYfq0K+s1ACpOpyhhhFeOzE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=ey7RfX6oiiJGaQIXH0ZvN3uo8Z7qbnzW9fEhJsvw5TCnoE7C7XBnuhmwzorvx+ci3U VGpHDrIMNy/xxKOhs6cQjnbNdVMP9E8/yHV4xruveug5OllD3KeyRX6sGs7Kezpv46B5 U8sFxOu9cvEQfDxPz0CwwZweW5HE50bP1Hnqk= Received: by 10.224.79.229 with SMTP id q37mr16233303qak.2.1263162599542; Sun, 10 Jan 2010 14:29:59 -0800 (PST) Received: from orion.hsd1.pa.comcast.net (c-71-230-240-241.hsd1.pa.comcast.net [71.230.240.241]) by mx.google.com with ESMTPS id 23sm1897472qyk.15.2010.01.10.14.29.57 (version=SSLv3 cipher=RC4-MD5); Sun, 10 Jan 2010 14:29:58 -0800 (PST) Date: Sun, 10 Jan 2010 17:26:38 -0500 From: Glen Barber To: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <20100110222638.GA5300@orion.hsd1.pa.comcast.net> References: <4B4A422F.9060307@netscape.net> <4B4A4DF3.5010509@quip.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4B4A4DF3.5010509@quip.cz> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-jail@freebsd.org Subject: Re: Using 'Jails' like Solaris Zones?? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2010 22:56:34 -0000 Hi, Miroslav Lachman wrote: > Kaya Saman wrote: > > [...] > > > Since FreeBSD has all the software I require and is quite easy on system > > resources I was considering using 'Jails' where in Solaris I would be > > using Zones to dedicate an individual IP address to each instance of Bind. > > > > However, is it possible to dedicate a specific NIC to each instance of > > Bind as well since this is really what I would be doing in Solaris??? > > > > Apologies if I seem a bit vague on which OS I will choose, it's just > > that I am trying to consolidate as many services as possible without > > requiring any more hardware. > > AFAIK FreeBSD jail can't be bound to a specific NIC, but can be bound to > IP address(es) and addresses can be assigned to a different NICs. > It means, if you have following NICs: nic0, nic1 and IPS on NICs: > nic0 = 10.10.10.10 > nic1 = 10.20.20.20 As of 7.2, jails can be bound directly to a specific interface. The example in /etc/defaults/rc.conf shows: #jail_example_interface="" > > Then if you start first jail with IP 10.10.10.10 and second jail with IP > 10.20.20.20, then first jail will use nic0 and second jail will use nic1 > > You can also use more than one IP from more than one NIC in one jail > thanks to BZs work on multi-ip jail (since 7.2) > > Miroslav Lachman Regards, -- Glen Barber From owner-freebsd-jail@FreeBSD.ORG Mon Jan 11 09:51:55 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B6C93106566B for ; Mon, 11 Jan 2010 09:51:55 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 746E18FC08 for ; Mon, 11 Jan 2010 09:51:55 +0000 (UTC) Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 2337619E023; Mon, 11 Jan 2010 10:51:54 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 0405519E019; Mon, 11 Jan 2010 10:51:51 +0100 (CET) Message-ID: <4B4AF4B7.7090802@quip.cz> Date: Mon, 11 Jan 2010 10:51:51 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.6) Gecko/20091206 SeaMonkey/2.0.1 MIME-Version: 1.0 To: Glen Barber References: <4B4A422F.9060307@netscape.net> <4B4A4DF3.5010509@quip.cz> <20100110222638.GA5300@orion.hsd1.pa.comcast.net> In-Reply-To: <20100110222638.GA5300@orion.hsd1.pa.comcast.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: Using 'Jails' like Solaris Zones?? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jan 2010 09:51:55 -0000 Glen Barber wrote: > Hi, > > Miroslav Lachman wrote: >> Kaya Saman wrote: >> >> [...] >> >>> Since FreeBSD has all the software I require and is quite easy on system >>> resources I was considering using 'Jails' where in Solaris I would be >>> using Zones to dedicate an individual IP address to each instance of Bind. >>> >>> However, is it possible to dedicate a specific NIC to each instance of >>> Bind as well since this is really what I would be doing in Solaris??? >>> >>> Apologies if I seem a bit vague on which OS I will choose, it's just >>> that I am trying to consolidate as many services as possible without >>> requiring any more hardware. >> >> AFAIK FreeBSD jail can't be bound to a specific NIC, but can be bound to >> IP address(es) and addresses can be assigned to a different NICs. >> It means, if you have following NICs: nic0, nic1 and IPS on NICs: >> nic0 = 10.10.10.10 >> nic1 = 10.20.20.20 > > As of 7.2, jails can be bound directly to a specific interface. > > The example in /etc/defaults/rc.conf shows: > > #jail_example_interface="" > It is different thing and exists for more than 3 years. As is stated in the manpage, this is just a rc.conf(5) variable used to choose the interface where IP alias will be created, but is has nothing to do with jail(8) command. The command takes list of IP addresses, not NICs. jail__interface (str) Unset by default. When set, sets the interface to use when setting IP address alias. Note that the alias is cre- ated at jail startup and removed at jail shutdown. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Mon Jan 11 11:07:03 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78DE21065693 for ; Mon, 11 Jan 2010 11:07:03 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6873C8FC24 for ; Mon, 11 Jan 2010 11:07:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0BB73LN034708 for ; Mon, 11 Jan 2010 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0BB72iT034706 for freebsd-jail@FreeBSD.org; Mon, 11 Jan 2010 11:07:02 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 11 Jan 2010 11:07:02 GMT Message-Id: <201001111107.o0BB72iT034706@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jan 2010 11:07:03 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 5 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Jan 11 11:43:22 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B33F31065695; Mon, 11 Jan 2010 11:43:22 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 719538FC18; Mon, 11 Jan 2010 11:43:22 +0000 (UTC) Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id E81DC19E047; Mon, 11 Jan 2010 12:43:20 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id E427D19E046; Mon, 11 Jan 2010 12:43:18 +0100 (CET) Message-ID: <4B4B0ED6.9090200@quip.cz> Date: Mon, 11 Jan 2010 12:43:18 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.6) Gecko/20091206 SeaMonkey/2.0.1 MIME-Version: 1.0 To: freebsd-rc@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org Subject: MFC rc.d/jail (pre|post)(start|stop) jail hooks in to 7.x? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jan 2010 11:43:22 -0000 Bjoern A. Zeeb wrote: > *mumble* *tired* *again* .. > > Let me cite man rc.conf to not mess it up again: > > jail__exec_afterstart > (str) Unset by default. This is the command run as Nth com- > mand in a jail after jail startup, where N is 1, 2, and so > on. > > jail__exec_poststart > (str) Unset by default. This is the command run as Nth com- > mand after jail startup, where N is 0, 1, and so on. It is > run outside the jail. Can you please merge revisions 191620 and 193939 in to 7-STABLE before 7.3 freeze? http://svn.freebsd.org/viewvc/base?view=revision&revision=191620 http://svn.freebsd.org/viewvc/base?view=revision&revision=193939 (pre|post)(start|stop) is in HEAD for 8 months and merge will not conflict with anything in 7.x branch. Should I file a PR? Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Thu Jan 14 12:35:28 2010 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1692A106568D; Thu, 14 Jan 2010 12:35:28 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id A160F8FC21; Thu, 14 Jan 2010 12:35:27 +0000 (UTC) Received: from outgoing.leidinger.net (pD9E2CF17.dip.t-dialin.net [217.226.207.23]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id A96008444CF; Thu, 14 Jan 2010 13:35:21 +0100 (CET) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id 1944E9A579; Thu, 14 Jan 2010 13:35:17 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1263472518; bh=MWaBjD4NLmOlrC1pihbH4lpMbRjKeIFr6q9Vm/KJkzc=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=Elz9CTj5RE8c09w9Yifk6Wwd6hDTIZYuq0L2KQeuYvgBSXiHM+JI9iLcn7ADIPb3q tS+H1VtLoNFQqErzH12MU/7auGNKFXKE3SLIZ5qoMrDT0zEMaFQ3wldVmnZ5/fb9cJ 7JRCcfUE+NE30WyltiOjSlp72EkncbKN8xiCdRLotkVzvYuc/xZU/PmVpsy0E20nIo 3GHE9UWIuTfnmh51H/MM0QQK5baNz1Pa/PWFw/Mt2Nb8W+5qzH6D7GBMkkcnUv9FL0 cupXtS9G1ZaEpivFf+8FL9YQVS5wxjQ8J+LMBsLx3sW8U6+ozigeIp0GPZUyCkeeSH kGcpXmhd7uDiw== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id o0ECZHWc070077; Thu, 14 Jan 2010 13:35:17 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Thu, 14 Jan 2010 13:35:16 +0100 Message-ID: <20100114133516.21277ik0pthwdo0s@webmail.leidinger.net> Date: Thu, 14 Jan 2010 13:35:16 +0100 From: Alexander Leidinger To: Remko Lodder References: <20091207080353.66241t4vpmnmrilc@webmail.leidinger.net> <20100105112447.00005e71@unknown> <0f8c4a9c3740e2185582ef1c922835b3.squirrel@www.jr-hosting.nl> In-Reply-To: <0f8c4a9c3740e2185582ef1c922835b3.squirrel@www.jr-hosting.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.4) X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: A96008444CF.AAAD7 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-1.44, required 6, autolearn=disabled, ALL_TRUSTED -1.44, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1264077323.33897@EP+FlUlVFgUM1AV6kSQafA X-EBL-Spam-Status: No Cc: jail@FreeBSD.org, simon@FreeBSD.org Subject: Re: starting jails in the background & dependencies X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2010 12:35:28 -0000 Quoting Remko Lodder (from Tue, 5 Jan 2010 11:35:48 +0100): > > On Tue, January 5, 2010 11:24 am, Alexander Leidinger wrote: >> On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger >> wrote: >> >>> Hi, >>> >>> now that jails are started in the background (which is good, to >> >> I just realized yesterday that it also stops in parallel (in the >> background). This is bad. It may be the case that a jail is not fully >> stopped via the rc scripts when the OS decides to kill the remaining >> processes during a shutdown. >> >> My first reaction is to only allow to start in the background, but >> everything else needs to be serialized. >> >> Any objections or better ideas out there? > I think the best way at this moment is to revert the change ( I can do > that , or someone else, I dont mind ) and think of a better concept. Simon > also mentioned that he didn't like the current way of doing things, so I > kept it in, for possible suggestions. Reverting the change would mean that > the old behaviour at least works and is with what people are used to. We > can then further improve it where needed. What about the following? Just have a look at the principle, I haven't tested it yet. What it does is: - revert back to serial startup by default - allow to only start in the background (jail_parallel_start=YES) - take input from /dev/null: in case a start script inside the jail wants to read from stdin (it shouldn't), it will not switch the process into STOP state (but should generate some message in the application log) Copy&paste, so maybe messed up tabs: ---snip--- Index: share/man/man5/rc.conf.5 =================================================================== --- share/man/man5/rc.conf.5 (Revision 202277) +++ share/man/man5/rc.conf.5 (Arbeitskopie) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 11, 2009 +.Dd January 14, 2010 .Dt RC.CONF 5 .Os .Sh NAME @@ -3472,6 +3472,11 @@ If set to .Dq Li NO , any configured jails will not be started. +.It jail_parallel_start +.Pq Vt bool +If set to +.Dq Li YES +all configured jails will be started in the background (= in parallel). .It Va jail_list .Pq Vt str A space separated list of names for jails. Index: etc/rc.d/jail =================================================================== --- etc/rc.d/jail (Revision 202277) +++ etc/rc.d/jail (Arbeitskopie) @@ -636,7 +636,8 @@ done eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \ - \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 + \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \ + Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 60AC01065694; Thu, 14 Jan 2010 12:41:10 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 08C958FC18; Thu, 14 Jan 2010 12:41:09 +0000 (UTC) Received: from outgoing.leidinger.net (pD9E2CF17.dip.t-dialin.net [217.226.207.23]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 08FDA844E74; Thu, 14 Jan 2010 13:41:03 +0100 (CET) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id 891F29A778; Thu, 14 Jan 2010 13:41:00 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1263472860; bh=63h8xmBr7JhbdYx/bL6HJYV/yBwlEIBMP1Bg8jGJAgg=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=QlsCQk76enwGyR9r9C/8XeHpQgokeHnAxqrxKn0TtoXferBwK4666T2V4mGOdGGIy wGseyYM2EwfT1RjpJ7BHkinH6FLOMyyi3WkpnLt8A9Ptf2Kdi8eoEo5FXeuHNvlwN1 BhGyNkviCtD8ekvWhVY/wk20k1j9OzOpQ3epN6ULA4hbvkVr/yRO8FCGojCb/cSzd8 Ee+ljXmoUHoPb1DXeOiYbA2ETH4yNSh91ihSKVu3Qrx7CQxIuoCIT03Twzzz1+IIhB dcyqg3vxsd3mtrt/6pI4CX/XlfvRQTzaypWuxxSXTJRPjELCo5i9zasNoyIAKRuXNQ YbsXvyTgBPArQ== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id o0ECex53071700; Thu, 14 Jan 2010 13:40:59 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Thu, 14 Jan 2010 13:40:59 +0100 Message-ID: <20100114134059.1929551uvux5y3wo@webmail.leidinger.net> Date: Thu, 14 Jan 2010 13:40:59 +0100 From: Alexander Leidinger To: Miroslav Lachman <000.fbsd@quip.cz> References: <20091207080353.66241t4vpmnmrilc@webmail.leidinger.net> <20100105112447.00005e71@unknown> <4B43184E.1010106@quip.cz> In-Reply-To: <4B43184E.1010106@quip.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.4) X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: 08FDA844E74.076C7 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-1.44, required 6, autolearn=disabled, ALL_TRUSTED -1.44, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1264077666.15659@5lc/GqeKMOxOVw05CE/swg X-EBL-Spam-Status: No Cc: jail@freebsd.org, remko@freebsd.org Subject: Re: starting jails in the background & dependencies X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2010 12:41:10 -0000 Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Tue, 05 Jan 2010 11:45:34 +0100): > Alexander Leidinger wrote: >> On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger >> wrote: >> >>> Hi, >>> >>> now that jails are started in the background (which is good, to >> >> I just realized yesterday that it also stops in parallel (in the >> background). This is bad. It may be the case that a jail is not fully >> stopped via the rc scripts when the OS decides to kill the remaining >> processes during a shutdown. >> >> My first reaction is to only allow to start in the background, but >> everything else needs to be serialized. >> >> Any objections or better ideas out there? > > Maybe stopping can be done in parallel, but rc script should wait > (in loop) until all jails are stopped or some configurable timeout > (for example 60 seconds). Feel free to come up with a proof of concept... but the timeout on stop should be "forever" IMO. If you have a busy software which needs to be shutdown correctly for data safety or consistency reasons, I do not want that a reboot or shutdown prevents the correct shutdown. Bye, Alexander. -- Beware of Programmers who carry screwdrivers. -- Leonard Brandwein http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From owner-freebsd-jail@FreeBSD.ORG Thu Jan 14 17:14:43 2010 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A6273106566B; Thu, 14 Jan 2010 17:14:43 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 602438FC0C; Thu, 14 Jan 2010 17:14:42 +0000 (UTC) Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 325A519E047; Thu, 14 Jan 2010 18:14:41 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id BB6F219E023; Thu, 14 Jan 2010 18:14:38 +0100 (CET) Message-ID: <4B4F50FD.8090207@quip.cz> Date: Thu, 14 Jan 2010 18:14:37 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.7) Gecko/20100104 SeaMonkey/2.0.2 MIME-Version: 1.0 To: Alexander Leidinger References: <20091207080353.66241t4vpmnmrilc@webmail.leidinger.net> <20100105112447.00005e71@unknown> <4B43184E.1010106@quip.cz> <20100114134059.1929551uvux5y3wo@webmail.leidinger.net> In-Reply-To: <20100114134059.1929551uvux5y3wo@webmail.leidinger.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: jail@freebsd.org, remko@freebsd.org Subject: Re: starting jails in the background & dependencies X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2010 17:14:43 -0000 Alexander Leidinger wrote: > Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Tue, 05 Jan 2010 > 11:45:34 +0100): > >> Alexander Leidinger wrote: >>> On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger >>> wrote: >>> >>>> Hi, >>>> >>>> now that jails are started in the background (which is good, to >>> >>> I just realized yesterday that it also stops in parallel (in the >>> background). This is bad. It may be the case that a jail is not fully >>> stopped via the rc scripts when the OS decides to kill the remaining >>> processes during a shutdown. >>> >>> My first reaction is to only allow to start in the background, but >>> everything else needs to be serialized. >>> >>> Any objections or better ideas out there? >> >> Maybe stopping can be done in parallel, but rc script should wait (in >> loop) until all jails are stopped or some configurable timeout (for >> example 60 seconds). > > Feel free to come up with a proof of concept... but the timeout on stop > should be "forever" IMO. If you have a busy software which needs to be > shutdown correctly for data safety or consistency reasons, I do not want > that a reboot or shutdown prevents the correct shutdown. I misunderstand the whole thing from the begining. It's all about wording "background" and "parallel". My first understanding was if I have 4 jails, they are started in parallel (each other) something like: for J in jail1 jail2 jail3 jail4 do jail_start $J & done and similar for stoping them. But now I see that it is just a start jails in serial as usual but rc.d/jail runs in the background, so next rc script will start right after rc.d/jail, not waiting to jails come up. Both approaches have its pros and cons. In the first case (starting and stopping each jail in the background) stopping can be easy as: for J in $jail_list do jail_stop $J & done while [ -n "`jls`" ] do sleep 1 done echo "all jails were stopped" For the second case, where jails are started / stopped as usual but whole rc.d/jail is backgrounded the only solution I got in my mind is the second rc script (for example bgjail_stop) with similar loop as above executed as one of the last rc scripts on system shutdown. (but I know it is ugly solution) I hope somebody will come with better idea :) Miroslav Lachman PS: as my english is not so well, it is sometimes hard to me to understand and sometimes hard to explain things