From owner-freebsd-arch@FreeBSD.ORG Mon Jul 18 19:37:32 2011 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2CA31065674; Mon, 18 Jul 2011 19:37:32 +0000 (UTC) (envelope-from freebsd@psconsult.nl) Received: from mx1.psconsult.nl (mx1.psconsult.nl [80.89.238.138]) by mx1.freebsd.org (Postfix) with ESMTP id 23F408FC19; Mon, 18 Jul 2011 19:37:31 +0000 (UTC) Received: from mx1.psconsult.nl ([80.89.238.138]) by mx1.psconsult.nl (8.14.4/8.14.4) with ESMTP id p6IJ8dwO002741 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 18 Jul 2011 21:08:44 +0200 (CEST) (envelope-from freebsd@psconsult.nl) Received: (from paul@localhost) by mx1.psconsult.nl (8.14.4/8.14.4/Submit) id p6IJ8dNL002740; Mon, 18 Jul 2011 21:08:39 +0200 (CEST) (envelope-from freebsd@psconsult.nl) X-Authentication-Warning: mx1.psconsult.nl: paul set sender to freebsd@psconsult.nl using -f Date: Mon, 18 Jul 2011 21:08:39 +0200 From: Paul Schenkeveld To: freebsd-jail@freebsd.org Message-ID: <20110718190839.GA81421@psconsult.nl> References: <4E114EA9.4000605@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4E114EA9.4000605@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-arch@freebsd.org Subject: Re: New jail(8) with configuration files, not yet in head X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2011 19:37:32 -0000 Hi, On Sun, Jul 03, 2011 at 11:24:57PM -0600, Jamie Gritton wrote: > I'm hoping to get the latest version of jail(8) in before the door slams > shut on 9.0. If anyone wants to take a look at the new code and give it > a spin, it may help to ease RE's mind about my tardiness. The included > diff applies to the current usr.sbin/jail directory. In addition to the > new program, it adds a jail.conf(5) man page that explains the config > file format (hint: it's a typical C-style block config). Although I really like this new functionality, there is one issue that I am concerned about. Should all this functionality be integrated into the jail(8) command? In UNIX tradition we have simple interfaces[1] in the base system and jail(8) used to fit in quite well. Your new jail(8) tries to be an all singing and dancing subsystem for managing jails but there will always be users that need one more feature[2]. That's why we have ezjail, jailer, jailadmin and others in ports and over time there will be new ones with new features. Jail(8) is the one FreeBSD command to create, modify and destroy jails and is used by many of these wrappers. Your new jail(8) covers part of the functionality of these wrapper but not all. It may grow new features as people submit ideas and you or someone else is willing to code the feature but there will always be wrappers to suit needs not covered by this jail command. I don't want to start a bikeshed discussion and will shut up immediately if I appear to be the only one concerned but if others care like I do, I'd suggest to put this functionality into a separate program and leave jail(8) to be the minimalistic interface to just control the jail(2) system call from a command interpreter. Again, I'm not against your enhancements, I'm just worried about pollution of OS primitives. With kind regards, Paul Schenkeveld [1] Chown/chgrp/chmod are nice examples, I could easily think of at least a dozen enhancements like only operating on files matching a specific user/group or mapping a list of old uids/gids to a list of new ones or looking up user info in LDAP. Sometimes throwing in find(1) will help you solve the problem at hand, sometimes you need to write a script or program. [2] My favorites: starting jails in parallel, dependency graph of jails, monitoring jails and restarting them when they die, migration of jails to other hosts and populating new jails from a release DVD, /usr/src or the source repository and provisioning jails from a database. From owner-freebsd-arch@FreeBSD.ORG Tue Jul 19 16:36:39 2011 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A2F781065675 for ; Tue, 19 Jul 2011 16:36:39 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [64.34.175.71]) by mx1.freebsd.org (Postfix) with ESMTP id 735648FC0A for ; Tue, 19 Jul 2011 16:36:39 +0000 (UTC) Received: from denethor.gritton.org (c-174-52-133-59.hsd1.ut.comcast.net [174.52.133.59]) (authenticated bits=0) by gritton.org (8.14.3/8.14.3) with ESMTP id p6JG2bC6077686; Tue, 19 Jul 2011 10:02:38 -0600 (MDT) (envelope-from jamie@FreeBSD.org) Message-ID: <4E25BB7C.4090106@FreeBSD.org> Date: Tue, 19 Jul 2011 11:14:36 -0600 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:5.0) Gecko/20110711 Thunderbird/5.0 MIME-Version: 1.0 To: Paul Schenkeveld References: <4E114EA9.4000605@FreeBSD.org> <20110718190839.GA81421@psconsult.nl> In-Reply-To: <20110718190839.GA81421@psconsult.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org, freebsd-arch@FreeBSD.org Subject: Re: New jail(8) with configuration files, not yet in head X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2011 16:36:39 -0000 This project came from a desire to improve the jail startup procedure in rc.d/jail, which remains stuck handling the old fixed-parameter jails. Rather that continue to extend an already unwieldy number of rc.conf shell variables, I opted to add a configuration file like other subsystems use (e.g. apmd, devd). The new jail pseudo-parameters added to the config file exist mostly to match the existing rc.d/jail functionality - the mount.* and exec.* parameters are direct analogs to rc.conf shell variables. Some other parameters match the command-line options of the existing jail(8). I have tried to avoid bloating the command with new features that don't have a reasonably broad base; the only really new things I can think of are the "depend" parameter (dependency graph of jails, as you mentioned in your footnote [2]) and the "vnet.interface" parameter. I wouldn't want to do away with a config file, as that's a much cleaner way to define multiple jails than depending on the rc system or requiring a "roll your own" approach that is currently the only way to use the newer features. Since jail creation is so tied to processes running under them, the exec.* parameters as originally defined by the rc system are best kept; while a single "command" parameter would suffice for many (perhaps most) jails, the flexibility to run commands as either system or jail users, either before or after jail creation, seems an advantage worth keeping. The other big rc bits - mounting filesystems and preparing network interfaces, seem sufficiently broad-based to include for the general populace. There are still featured I'd like to add, mostly in flexibility of the config file - including files, better handling of auto-generated JIDs, stuff like that. I don't really see adding anything else that isn't tied to the basic definition of jails, and of starting them, stopping them, or changing their parameters - all of which the current command-lines usage already does, though not as well. It's clear now that this won't be happening in 9.0. So none of this is in danger of getting pushed through in a hurry. - Jamie On 07/18/11 13:08, Paul Schenkeveld wrote: > Hi, > > On Sun, Jul 03, 2011 at 11:24:57PM -0600, Jamie Gritton wrote: >> I'm hoping to get the latest version of jail(8) in before the door slams >> shut on 9.0. If anyone wants to take a look at the new code and give it >> a spin, it may help to ease RE's mind about my tardiness. The included >> diff applies to the current usr.sbin/jail directory. In addition to the >> new program, it adds a jail.conf(5) man page that explains the config >> file format (hint: it's a typical C-style block config). > > Although I really like this new functionality, there is one issue that > I am concerned about. Should all this functionality be integrated into > the jail(8) command? > > In UNIX tradition we have simple interfaces[1] in the base system and > jail(8) used to fit in quite well. Your new jail(8) tries to be an all > singing and dancing subsystem for managing jails but there will always > be users that need one more feature[2]. That's why we have ezjail, > jailer, jailadmin and others in ports and over time there will be new > ones with new features. > > Jail(8) is the one FreeBSD command to create, modify and destroy jails > and is used by many of these wrappers. Your new jail(8) covers part > of the functionality of these wrapper but not all. It may grow new > features as people submit ideas and you or someone else is willing to > code the feature but there will always be wrappers to suit needs not > covered by this jail command. > > I don't want to start a bikeshed discussion and will shut up immediately > if I appear to be the only one concerned but if others care like I do, > I'd suggest to put this functionality into a separate program and leave > jail(8) to be the minimalistic interface to just control the jail(2) > system call from a command interpreter. > > Again, I'm not against your enhancements, I'm just worried about > pollution of OS primitives. > > With kind regards, > > Paul Schenkeveld > > [1] Chown/chgrp/chmod are nice examples, I could easily think of at > least a dozen enhancements like only operating on files matching a > specific user/group or mapping a list of old uids/gids to a list of > new ones or looking up user info in LDAP. Sometimes throwing in > find(1) will help you solve the problem at hand, sometimes you need > to write a script or program. > > [2] My favorites: starting jails in parallel, dependency graph of jails, > monitoring jails and restarting them when they die, migration of > jails to other hosts and populating new jails from a release DVD, > /usr/src or the source repository and provisioning jails from a > database. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-arch@FreeBSD.ORG Thu Jul 21 11:52:15 2011 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D6C861065672; Thu, 21 Jul 2011 11:52:15 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id DDB388FC0C; Thu, 21 Jul 2011 11:52:14 +0000 (UTC) Received: from odyssey.starpoint.kiev.ua (alpha-e.starpoint.kiev.ua [212.40.38.101]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id OAA19107; Thu, 21 Jul 2011 14:52:12 +0300 (EEST) (envelope-from avg@FreeBSD.org) Message-ID: <4E2812EB.1090307@FreeBSD.org> Date: Thu, 21 Jul 2011 14:52:11 +0300 From: Andriy Gapon User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:5.0) Gecko/20110705 Thunderbird/5.0 MIME-Version: 1.0 To: John Baldwin References: <4E0213A9.5050303@FreeBSD.org> <201106230854.59823.jhb@freebsd.org> In-Reply-To: <201106230854.59823.jhb@freebsd.org> X-Enigmail-Version: 1.2pre Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-arch@FreeBSD.org Subject: Re: stop scheduler in panic context X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2011 11:52:15 -0000 on 23/06/2011 15:54 John Baldwin said the following: > On Wednesday, June 22, 2011 12:09:13 pm Andriy Gapon wrote: >> >> I would like to present the following diff for review and discussion: >> http://people.freebsd.org/~avg/stop_scheduler_on_panic.diff > > If it makes your life easier, go ahead and kill the RESTARTABLE_PANICS > option (perhaps do that as a separate commit first?). I have not forgotten about this generous offer :-) Here is a patch: http://people.freebsd.org/~avg/restartable_panics.diff Compile tested with LINT and all modules on amd64. -- Andriy Gapon From owner-freebsd-arch@FreeBSD.ORG Thu Jul 21 15:53:41 2011 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3F221065678; Thu, 21 Jul 2011 15:53:41 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 7AB928FC23; Thu, 21 Jul 2011 15:53:41 +0000 (UTC) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id 3159C46B35; Thu, 21 Jul 2011 11:53:41 -0400 (EDT) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id AC8928A03D; Thu, 21 Jul 2011 11:53:40 -0400 (EDT) From: John Baldwin To: Andriy Gapon Date: Thu, 21 Jul 2011 11:47:24 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110617; KDE/4.5.5; amd64; ; ) References: <4E0213A9.5050303@FreeBSD.org> <201106230854.59823.jhb@freebsd.org> <4E2812EB.1090307@FreeBSD.org> In-Reply-To: <4E2812EB.1090307@FreeBSD.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201107211147.24363.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (bigwig.baldwin.cx); Thu, 21 Jul 2011 11:53:40 -0400 (EDT) Cc: freebsd-arch@freebsd.org Subject: Re: stop scheduler in panic context X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2011 15:53:41 -0000 On Thursday, July 21, 2011 7:52:11 am Andriy Gapon wrote: > on 23/06/2011 15:54 John Baldwin said the following: > > On Wednesday, June 22, 2011 12:09:13 pm Andriy Gapon wrote: > >> > >> I would like to present the following diff for review and discussion: > >> http://people.freebsd.org/~avg/stop_scheduler_on_panic.diff > > > > If it makes your life easier, go ahead and kill the RESTARTABLE_PANICS > > option (perhaps do that as a separate commit first?). > > I have not forgotten about this generous offer :-) > Here is a patch: http://people.freebsd.org/~avg/restartable_panics.diff > Compile tested with LINT and all modules on amd64. Go for it! -- John Baldwin