From owner-freebsd-jail@FreeBSD.ORG Mon Jul 19 11:06:59 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2F44106564A for ; Mon, 19 Jul 2010 11:06:59 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C15F08FC16 for ; Mon, 19 Jul 2010 11:06:59 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o6JB6xQJ065746 for ; Mon, 19 Jul 2010 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o6JB6xwW065744 for freebsd-jail@FreeBSD.org; Mon, 19 Jul 2010 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 19 Jul 2010 11:06:59 GMT Message-Id: <201007191106.o6JB6xwW065744@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jul 2010 11:06:59 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/147162 jail [jail] [panic] Page Fault / Kernel panic when jail sta s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 7 problems total. From owner-freebsd-jail@FreeBSD.ORG Thu Jul 22 17:21:26 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 241D7106566C for ; Thu, 22 Jul 2010 17:21:26 +0000 (UTC) (envelope-from amweeden.earlham@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id B27B48FC08 for ; Thu, 22 Jul 2010 17:21:25 +0000 (UTC) Received: by wwe15 with SMTP id 15so3317473wwe.31 for ; Thu, 22 Jul 2010 10:21:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=6iupEoP1oJR1Qn8DOr/BXz6vbg/Ma900VInGeaa+umc=; b=ChsSIy3pyBIS2kUWA73EXbbcH39bxHKKfTnpanVHdzGPt7Nmsi8TgWZbXLutCxmJTN kemH+u3PacrMcDhk0rBJg7v5RsKUAw+uyb7HvYIySUujgYyoH/H4ReEWH4GPEd4tACMM uLR5pkTqlSzESGYgw0wLDUNls3KYEElOpxEOs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=BiTlrTzdJViwccTIt7AKyWSnk3Jc35LSHtblpvnMQnt3PpXlaKp07lzOh8F2QIazm5 HdTV9MvSHPMvjnvh2v/Mnk6/1/cwUKl/rIyFo4qwWILY2/Xq6mYc6am+0FYM2IeRShsh AdvwBofNONxR1B7a21LMq/xZWA1+5ig/6TkZc= MIME-Version: 1.0 Received: by 10.216.30.207 with SMTP id k57mr2125844wea.88.1279817484130; Thu, 22 Jul 2010 09:51:24 -0700 (PDT) Received: by 10.216.136.38 with HTTP; Thu, 22 Jul 2010 09:51:23 -0700 (PDT) Date: Thu, 22 Jul 2010 12:51:23 -0400 Message-ID: From: Aaron Weeden To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: CARP across two jails on one host? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jul 2010 17:21:26 -0000 My box is running FreeBSD version 8.1-PRERELEASE. I've created two jails and want them to be able to share an IP address via CARP. As I understand it, each host must use the same VHID and IP address on its carp interface in order to work as a failover for the other hosts. I'm also under the impression that jails cannot create interfaces, as my attempt to run 'ifconfig carp0 create' within a jail returned the error 'ifconfig: SIOCIFCREATE2: Operation not permitted'. I'm wondering, then, if it's possible to use CARP for two jails on one host, since attempting to create two carp interfaces with the same vhid on the parent produces the error 'ifconfig: SIOCSVH: File exists'. Does anyone here have experience running CARP in jails? Thank you, Aaron Weeden From owner-freebsd-jail@FreeBSD.ORG Thu Jul 22 19:46:22 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7C363106566B for ; Thu, 22 Jul 2010 19:46:22 +0000 (UTC) (envelope-from ike@blackskyresearch.net) Received: from rs54.luxsci.com (rs54.luxsci.com [66.216.127.6]) by mx1.freebsd.org (Postfix) with ESMTP id 509F88FC15 for ; Thu, 22 Jul 2010 19:46:22 +0000 (UTC) Received: from rs54.luxsci.com (localhost [127.0.0.1]) by rs54.luxsci.com (8.13.8/8.13.7) with ESMTP id o6MJYxUE021973 for ; Thu, 22 Jul 2010 14:35:00 -0500 Received: (from root@localhost) by rs54.luxsci.com (8.13.8/8.13.7/Submit) id o6MJYA7f020607 for freebsd-jail@freebsd.org; Thu, 22 Jul 2010 19:34:10 GMT Message-Id: <201007221934.o6MJYA7f020607@rs54.luxsci.com> Received: (from sender 74627) by LuxSci SP; Thu, 22 Jul 2010 19:34:05 +0000 From: Isaac Levy Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Thu, 22 Jul 2010 15:33:12 -0400 To: freebsd-jail@freebsd.org X-Comment: LuxSci SP Message ID - 1279827250-2596109.0434528 Subject: Re: sysvipc in jails + CURRENT X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jul 2010 19:46:22 -0000 Hi All, I could be doing something stupid, or I've dug up an old bug, = (http://www.mail-archive.com/freebsd-jail@freebsd.org/msg00859.html). I cannot get good ol' trusty enforce_statfs to work, allowing me to see = different mounts from within a jail. -- The example jail command I'm using, (new-style), jail -c path=3D$JDIR host.hostname=3D$JHOSTNAME ip4.addr=3D"$INET" = enforce_statfs=3D1 command=3D/bin/sh /etc/rc I've tried everything- including attempting to change my sysctls over = and over, (including /etc/sysctl.conf with rebooting). Interestingly: The old standard 'security.jail.enforce_statfs' was not something I = could modify, *until* I put a sysctl value in /etc/sysctl.conf which was = not 0 (1 or 2 both will let me set the sysctl value once the system is = booted). If I have "security.jail.enforce_statfs=3D0", to my surprise, I cannot = change that sysctl on the host system as I would usually expect. (This is what makes me think this smells like a bug) My extra mounts are UFS volumes, mounted right into the jail directory, = (on another ufs volume). What follows, are just machine stats if anyone wants them? I'd love any thoughts, urls, no matter how brief... Best, .ike -- $ sysctl security.jail security.jail.param.cpuset.id: 0 security.jail.param.host.hostid: 0 security.jail.param.host.hostuuid: 64 security.jail.param.host.domainname: 256 security.jail.param.host.hostname: 256 security.jail.param.children.max: 0 security.jail.param.children.cur: 0 security.jail.param.enforce_statfs: 0 security.jail.param.securelevel: 0 security.jail.param.path: 1024 security.jail.param.name: 256 security.jail.param.parent: 0 security.jail.param.jid: 0 security.jail.enforce_statfs: 1 security.jail.mount_allowed: 0 security.jail.chflags_allowed: 0 security.jail.allow_raw_sockets: 0 security.jail.sysvipc_allowed: 0 security.jail.socket_unixiproute_only: 1 security.jail.set_hostname_allowed: 0 security.jail.jail_max_af_ips: 255 security.jail.jailed: 0 -- More system stats: FreeBSD copper 8.0-RELEASE-p4 FreeBSD 8.0-RELEASE-p4 #5: Tue Jul 20 = 12:33:57 EDT 2010 = ike@copper.vault.tab:/usr/obj/usr/src/sys/80-amd64kernMay2010 amd64 ... # ikenote: additives to generic kernel, FreeBSD 7.2->8.0: # HTTPD/DNS Accept Filter Suport # (queues requests in OS socket until entire request is in) # Applications must make use of the syscall in their implementation, # (Apache 1.x-2.x is a clear case of use). # See the man page for accept_filter(9) for more info. options ACCEPT_FILTER_HTTP options ACCEPT_FILTER_DATA options ACCEPT_FILTER_DNS #FreeBSD 8.0 onward only # ZFS ADDITIVES # http://wiki.freebsd.org/ZFSTuningGuide # or alternatively, see: /usr/src/sys/i386/conf/NOTES ##options KVA_PAGES=3D512 # not required on amd64 # lagg(4) link aggregation and link failover interface device lagg # PF, CARP, ALTQ... device pf device pflog device pfsync # ALTQ, network card queue offloading # see the altq(4) man page for a list of supported drivers options ALTQ options ALTQ_CBQ # Class Bases Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build # DTRACE options KDTRACE_HOOKS options DDB_CTF options KDTRACE_FRAME # amd64 only -- dmesg -- Copyright (c) 1992-2009 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights = reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.0-RELEASE-p4 #5: Tue Jul 20 12:33:57 EDT 2010 ike@copper.vault.tab:/usr/obj/usr/src/sys/80-amd64kernMay2010 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz (2000.08-MHz = K8-class CPU) Origin =3D "GenuineIntel" Id =3D 0x1067a Stepping =3D 10 = Features=3D0xbfebfbff = Features2=3D0x40ce33d AMD Features=3D0x20100800 AMD Features2=3D0x1 TSC: P-state invariant real memory =3D 34359738368 (32768 MB) avail memory =3D 33150808064 (31615 MB) ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs FreeBSD/SMP: 1 package(s) x 8 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 cpu4 (AP): APIC ID: 4 cpu5 (AP): APIC ID: 5 cpu6 (AP): APIC ID: 6 cpu7 (AP): APIC ID: 7 ioapic0 irqs 0-23 on motherboard ioapic1 irqs 24-47 on motherboard kbd1 at kbdmux0 acpi0: on motherboard acpi0: [ITHREAD] acpi0: Power Button (fixed) unknown: I/O range not supported Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 pcib1: at device 2.0 on pci0 pci1: on pcib1 pcib2: irq 16 at device 0.0 on pci1 pci2: on pcib2 pcib3: irq 16 at device 0.0 on pci2 pci3: on pcib3 pcib4: irq 17 at device 1.0 on pci2 pci4: on pcib4 pcib5: irq 18 at device 2.0 on pci2 pci5: on pcib5 em0: port 0x2000-0x201f = mem 0xda220000-0xda23ffff,0xda200000-0xda21ffff irq 18 at device 0.0 on = pci5 em0: Using MSI interrupt em0: [FILTER] em0: Ethernet address: 00:30:48:f5:af:68 em1: port 0x2020-0x203f = mem 0xda260000-0xda27ffff,0xda240000-0xda25ffff irq 19 at device 0.1 on = pci5 em1: Using MSI interrupt em1: [FILTER] em1: Ethernet address: 00:30:48:f5:af:69 pcib6: at device 0.3 on pci1 pci6: on pcib6 pcib7: at device 4.0 on pci0 pci7: on pcib7 3ware device driver for 9000 series storage controllers, version: = 3.70.05.001 twa0: <3ware 9000 series Storage Controller> port 0x3000-0x30ff mem = 0xd8000000-0xd9ffffff,0xdad00000-0xdad00fff irq 16 at device 0.0 on pci7 twa0: [ITHREAD] twa0: INFO: (0x04: 0x0053): Battery capacity test is overdue:=20 twa0: INFO: (0x15: 0x1300): Controller details:: Model 9650SE-12ML, 12 = ports, Firmware FE9X 4.08.00.006, BIOS BE9X 4.08.00.001 pcib8: at device 6.0 on pci0 pci8: on pcib8 igb0: port = 0x4000-0x401f mem = 0xdac00000-0xdac1ffff,0xda400000-0xda7fffff,0xdac40000-0xdac43fff irq 18 = at device 0.0 on pci8 igb0: Using MSIX interrupts with 3 vectors igb0: [ITHREAD] igb0: [ITHREAD] igb0: [ITHREAD] igb0: Ethernet address: 00:1b:21:61:91:28 igb1: port = 0x4020-0x403f mem = 0xdac20000-0xdac3ffff,0xda800000-0xdabfffff,0xdac44000-0xdac47fff irq 19 = at device 0.1 on pci8 igb1: Using MSIX interrupts with 3 vectors igb1: [ITHREAD] igb1: [ITHREAD] igb1: [ITHREAD] igb1: Ethernet address: 00:1b:21:61:91:29 pci0: at device 8.0 (no driver attached) uhci0: port = 0x1800-0x181f irq 17 at device 29.0 on pci0 uhci0: [ITHREAD] uhci0: LegSup =3D 0x003b usbus0: on uhci0 uhci1: port = 0x1820-0x183f irq 19 at device 29.1 on pci0 uhci1: [ITHREAD] uhci1: LegSup =3D 0x0010 usbus1: on uhci1 uhci2: port = 0x1840-0x185f irq 18 at device 29.2 on pci0 uhci2: [ITHREAD] uhci2: LegSup =3D 0x0010 usbus2: on uhci2 ehci0: mem 0xdaf00000-0xdaf003ff irq = 17 at device 29.7 on pci0 ehci0: [ITHREAD] usbus3: EHCI version 1.0 usbus3: on ehci0 pcib9: at device 30.0 on pci0 pci9: on pcib9 vgapci0: port 0x5000-0x50ff mem = 0xd0000000-0xd7ffffff,0xdae00000-0xdae0ffff irq 18 at device 1.0 on pci9 isab0: at device 31.0 on pci0 isa0: on isab0 atapci0: port = 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x1860-0x186f at device 31.1 on pci0 ata0: on atapci0 ata0: [ITHREAD] pci0: at device 31.3 (no driver attached) acpi_button0: on acpi0 atrtc0: port 0x70-0x71 irq 8 on acpi0 atkbdc0: port 0x60,0x64 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] atkbd0: [ITHREAD] uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 uart0: [FILTER] uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0 uart1: [FILTER] fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on = acpi0 fdc0: [FILTER] cpu0: on acpi0 p4tcc0: on cpu0 cpu1: on acpi0 p4tcc1: on cpu1 cpu2: on acpi0 p4tcc2: on cpu2 cpu3: on acpi0 p4tcc3: on cpu3 cpu4: on acpi0 p4tcc4: on cpu4 cpu5: on acpi0 p4tcc5: on cpu5 cpu6: on acpi0 p4tcc6: on cpu6 cpu7: on acpi0 p4tcc7: on cpu7 orm0: at iomem 0xc0000-0xcafff,0xcb000-0xccfff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=3D0x300> vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on = isa0 ppc0: cannot reserve I/O port range Timecounters tick every 1.000 msec usbus0: 12Mbps Full Speed USB v1.0 usbus1: 12Mbps Full Speed USB v1.0 usbus2: 12Mbps Full Speed USB v1.0 usbus3: 480Mbps High Speed USB v2.0 ugen0.1: at usbus0 uhub0: on usbus0 ugen1.1: at usbus1 uhub1: on usbus1 ugen2.1: at usbus2 uhub2: on usbus2 ugen3.1: at usbus3 uhub3: on usbus3 uhub0: 2 ports with 2 removable, self powered uhub1: 2 ports with 2 removable, self powered uhub2: 2 ports with 2 removable, self powered uhub3: 6 ports with 6 removable, self powered da0 at twa0 bus 0 target 0 lun 0 da0: Fixed Direct Access SCSI-5 device=20 da0: 100.000MB/s transfers da0: 2861002MB (5859332096 512 byte sectors: 255H 63S/T 364726C) da1 at twa0 bus 0 target 1 lun 0 da1: Fixed Direct Access SCSI-5 device=20 da1: 100.000MB/s transfers da1: 2861002MB (5859332096 512 byte sectors: 255H 63S/T 364726C) SMP: AP CPU #3 Launched! SMP: AP CPU #1 Launched! SMP: AP CPU #2 Launched! SMP: AP CPU #7 Launched! SMP: AP CPU #5 Launched! SMP: AP CPU #6 Launched! SMP: AP CPU #4 Launched! GEOM: da0: partition 1 does not end on a track boundary. GEOM: da1: partition 1 does not end on a track boundary. Trying to mount root from ufs:/dev/da0s1a -- From owner-freebsd-jail@FreeBSD.ORG Fri Jul 23 09:57:21 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF7BB1065676 for ; Fri, 23 Jul 2010 09:57:21 +0000 (UTC) (envelope-from gavroche@gavroche.pl) Received: from mail.mercom.pl (mail.mercom.pl [195.187.153.4]) by mx1.freebsd.org (Postfix) with ESMTP id 886C38FC15 for ; Fri, 23 Jul 2010 09:57:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.mercom.pl (Postfix) with ESMTP id CFBFB278853 for ; Fri, 23 Jul 2010 11:48:19 +0200 (CEST) X-Virus-Scanned: by amavisd-new using ClamAV at mail.mercom.pl Received: from mail.mercom.pl ([127.0.0.1]) by localhost (mail.mercom.pl [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ix4LYOEICLj6; Fri, 23 Jul 2010 11:48:19 +0200 (CEST) Received: by mail.mercom.pl (Postfix, from userid 1002) id 6F92D278847; Fri, 23 Jul 2010 11:48:19 +0200 (CEST) Date: Fri, 23 Jul 2010 11:48:19 +0200 From: Dominik Zyla To: freebsd-jail@freebsd.org Message-ID: <20100723094819.GB13833@mail.mercom.pl> References: <20100723094503.GA13833@mail.mercom.pl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="i9LlY+UWpKt15+FH" Content-Disposition: inline In-Reply-To: <20100723094503.GA13833@mail.mercom.pl> X-PGP-Key: http://pavulon.underground.pl/~gavroche/gav.asc User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Re: CARP across two jails on one host? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jul 2010 09:57:21 -0000 --i9LlY+UWpKt15+FH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 23, 2010 at 11:45:03AM +0200, Dominik Zyla wrote: > On Thu, Jul 22, 2010 at 12:51:23PM -0400, Aaron Weeden wrote: > > My box is running FreeBSD version 8.1-PRERELEASE. I've created two > > jails and want them to be able to share an IP address via CARP. As I > > understand it, each host must use the same VHID and IP address on its > > carp interface in order to work as a failover for the other hosts. > > I'm also under the impression that jails cannot create interfaces, as > > my attempt to run 'ifconfig carp0 create' within a jail returned the > > error 'ifconfig: SIOCIFCREATE2: Operation not permitted'. I'm > > wondering, then, if it's possible to use CARP for two jails on one > > host, since attempting to create two carp interfaces with the same > > vhid on the parent produces the error 'ifconfig: SIOCSVH: File > > exists'. Does anyone here have experience running CARP in jails? >=20 > You can't run both, MASTER and BACKUP carp instances on the same host. To be more strict. I mean, you can't run both, MASTER and BACKUP carp instances with the same vhid on the same host. --=20 Dominik Zyla --i9LlY+UWpKt15+FH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkxJZWMACgkQYAyMP8U8kauY2gCg6Py8gJrGoWOr/PYZ8qlb+xp2 qAkAn2EZq8dv4smCm2bYLtMTAI8hpBaJ =RssI -----END PGP SIGNATURE----- --i9LlY+UWpKt15+FH-- From owner-freebsd-jail@FreeBSD.ORG Fri Jul 23 10:02:20 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB8801065673 for ; Fri, 23 Jul 2010 10:02:20 +0000 (UTC) (envelope-from gavroche@gavroche.pl) Received: from mail.mercom.pl (mail.mercom.pl [195.187.153.4]) by mx1.freebsd.org (Postfix) with ESMTP id A57448FC1A for ; Fri, 23 Jul 2010 10:02:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.mercom.pl (Postfix) with ESMTP id 6A53027884D for ; Fri, 23 Jul 2010 11:45:06 +0200 (CEST) X-Virus-Scanned: by amavisd-new using ClamAV at mail.mercom.pl Received: from mail.mercom.pl ([127.0.0.1]) by localhost (mail.mercom.pl [127.0.0.1]) (amavisd-new, port 10024) with LMTP id kXsuQQuRzymz; Fri, 23 Jul 2010 11:45:03 +0200 (CEST) Received: by mail.mercom.pl (Postfix, from userid 1002) id 16665278847; Fri, 23 Jul 2010 11:45:03 +0200 (CEST) Date: Fri, 23 Jul 2010 11:45:03 +0200 From: Dominik Zyla To: freebsd-jail@freebsd.org Message-ID: <20100723094503.GA13833@mail.mercom.pl> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sdtB3X0nJg68CQEu" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://pavulon.underground.pl/~gavroche/gav.asc User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Re: CARP across two jails on one host? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jul 2010 10:02:21 -0000 --sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 22, 2010 at 12:51:23PM -0400, Aaron Weeden wrote: > My box is running FreeBSD version 8.1-PRERELEASE. I've created two > jails and want them to be able to share an IP address via CARP. As I > understand it, each host must use the same VHID and IP address on its > carp interface in order to work as a failover for the other hosts. > I'm also under the impression that jails cannot create interfaces, as > my attempt to run 'ifconfig carp0 create' within a jail returned the > error 'ifconfig: SIOCIFCREATE2: Operation not permitted'. I'm > wondering, then, if it's possible to use CARP for two jails on one > host, since attempting to create two carp interfaces with the same > vhid on the parent produces the error 'ifconfig: SIOCSVH: File > exists'. Does anyone here have experience running CARP in jails? You can't run both, MASTER and BACKUP carp instances on the same host. --=20 Dominik Zyla --sdtB3X0nJg68CQEu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkxJZJ8ACgkQYAyMP8U8kavahgCg5htzcXXciDtroPOV1KOiU556 Gt4An1rdu5tiLJuVyw0J5Ryu4IhXcwnm =kmCg -----END PGP SIGNATURE----- --sdtB3X0nJg68CQEu-- From owner-freebsd-jail@FreeBSD.ORG Fri Jul 23 12:29:05 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 93A2D106566C for ; Fri, 23 Jul 2010 12:29:05 +0000 (UTC) (envelope-from fb-jail@psconsult.nl) Received: from mx1.psconsult.nl (psc11.adsl.iaf.nl [80.89.238.138]) by mx1.freebsd.org (Postfix) with ESMTP id 232C48FC18 for ; Fri, 23 Jul 2010 12:29:04 +0000 (UTC) Received: from mx1.psconsult.nl (psc11.adsl.iaf.nl [80.89.238.138]) by mx1.psconsult.nl (8.14.4/8.14.4) with ESMTP id o6NC9K6Q019144 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 23 Jul 2010 14:09:25 +0200 (CEST) (envelope-from fb-jail@psconsult.nl) Received: (from paul@localhost) by mx1.psconsult.nl (8.14.4/8.14.4/Submit) id o6NC9KAa019143 for freebsd-jail@freebsd.org; Fri, 23 Jul 2010 14:09:20 +0200 (CEST) (envelope-from fb-jail@psconsult.nl) X-Authentication-Warning: mx1.psconsult.nl: paul set sender to fb-jail@psconsult.nl using -f Date: Fri, 23 Jul 2010 14:09:20 +0200 From: Paul Schenkeveld To: freebsd-jail@freebsd.org Message-ID: <20100723120920.GA16582@psconsult.nl> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.19 (2009-01-05) Subject: Re: CARP across two jails on one host? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jul 2010 12:29:05 -0000 Hi, On Thu, Jul 22, 2010 at 12:51:23PM -0400, Aaron Weeden wrote: > My box is running FreeBSD version 8.1-PRERELEASE. I've created two > jails and want them to be able to share an IP address via CARP. As I > understand it, each host must use the same VHID and IP address on its > carp interface in order to work as a failover for the other hosts. > I'm also under the impression that jails cannot create interfaces, as > my attempt to run 'ifconfig carp0 create' within a jail returned the > error 'ifconfig: SIOCIFCREATE2: Operation not permitted'. I'm > wondering, then, if it's possible to use CARP for two jails on one > host, since attempting to create two carp interfaces with the same > vhid on the parent produces the error 'ifconfig: SIOCSVH: File > exists'. Does anyone here have experience running CARP in jails? The CARP protocol involves multicast hello packets among the master and backup nodes. Each CARP interface must also be capable of responding to ARP requests if it is operating in MASTER mode. With traditional jails traffic between jails on the same host is sent over the loopback interface which does not support multicasting so thest jails would not be able to see each others hello packets. Since FreeBSD 8 jails support virtual networking (a.k.a. vimage). It looks like it should be possible to do CARP between jails using vnet instances. You'd need to do some network plumbing to get a virtual bus topology network between the jails (ng_ether probably) but I have not yet tried this myself. Also, beware that virtual networking is still not production quality as far as I know and rc.d/jail doesn't know how to set it up (yet). OTOH, is CARP the right solution for your problem? If you would succeed to build the setup using vnet, CARP would only fail over if CARP of the master jail stops sending hello packets. This would normally only occur when the master jail and vnet instance are torn down completely (or the CARP interface in the master jail destroyed). It would not kick in if the application inside the master jail stops responding. If you just want to simulate a multi-host network instead of doing application fail-over then vnet is your best bet. > Thank you, > Aaron Weeden HTH Paul Schenkeveld From owner-freebsd-jail@FreeBSD.ORG Sat Jul 24 09:54:54 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78C441065674 for ; Sat, 24 Jul 2010 09:54:54 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: from mailout-eu.gmx.com (mailout-eu.gmx.com [213.165.64.42]) by mx1.freebsd.org (Postfix) with SMTP id C11348FC19 for ; Sat, 24 Jul 2010 09:54:53 +0000 (UTC) Received: (qmail invoked by alias); 24 Jul 2010 09:54:52 -0000 Received: from adsl-175.109.242.130.tellas.gr (EHLO [192.168.73.199]) [109.242.130.175] by mail.gmx.com (mp-eu002) with SMTP; 24 Jul 2010 11:54:52 +0200 X-Authenticated: #46156728 X-Provags-ID: V01U2FsdGVkX18DKJd4O9wDhEKeixJTfINGvVgCmAV0Tf0T8GDBwA 2fU5q19N+WU2H4 Message-ID: <4C4AB802.3090408@gmx.com> Date: Sat, 24 Jul 2010 12:53:06 +0300 From: Nikos Vassiliadis User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100711 Thunderbird/3.0.6 MIME-Version: 1.0 To: Paul Schenkeveld References: <20100723120920.GA16582@psconsult.nl> In-Reply-To: <20100723120920.GA16582@psconsult.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Cc: freebsd-jail@freebsd.org Subject: Re: CARP across two jails on one host? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jul 2010 09:54:54 -0000 On 7/23/2010 3:09 PM, Paul Schenkeveld wrote: > Since FreeBSD 8 jails support virtual networking (a.k.a. vimage). It > looks like it should be possible to do CARP between jails using vnet > instances. You'd need to do some network plumbing to get a virtual > bus topology network between the jails (ng_ether probably) but I have > not yet tried this myself. Also, beware that virtual networking is > still not production quality as far as I know and rc.d/jail doesn't > know how to set it up (yet). CARP is not virtualized for the time being... > OTOH, is CARP the right solution for your problem? If you would > succeed to build the setup using vnet, CARP would only fail over if > CARP of the master jail stops sending hello packets. This would > normally only occur when the master jail and vnet instance are torn > down completely (or the CARP interface in the master jail destroyed). > It would not kick in if the application inside the master jail stops > responding. +1 CARP is designed to handle network layer failures, and such a failure will take the physical host down. Think power or system failures... I *believe* that the user space CARP implementation (net/ucarp) can fire up scripts. An other candidate you should examine would be sysutils/heartbeat. HTH, Nikos