From owner-freebsd-questions@FreeBSD.ORG Sat Feb 4 20:46:50 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A1288106566C for ; Sat, 4 Feb 2012 20:46:50 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id 651DA8FC0C for ; Sat, 4 Feb 2012 20:46:49 +0000 (UTC) Received: from pps.filterd (ltcfislmsgpa06 [127.0.0.1]) by ltcfislmsgpa06.fnfis.com (8.14.4/8.14.4) with SMTP id q14KQrmD023256; Sat, 4 Feb 2012 14:46:46 -0600 Received: from smtp.fisglobal.com ([10.132.206.17]) by ltcfislmsgpa06.fnfis.com with ESMTP id 12s6eg8sxt-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sat, 04 Feb 2012 14:46:46 -0600 Received: from [10.0.0.102] (10.14.152.28) by smtp.fisglobal.com (10.132.206.17) with Microsoft SMTP Server (TLS) id 14.1.323.3; Sat, 4 Feb 2012 14:46:45 -0600 MIME-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset="us-ascii" From: Devin Teske In-Reply-To: <4F2D7CB5.9040303@barafranca.com> Date: Sat, 4 Feb 2012 12:46:45 -0800 Content-Transfer-Encoding: quoted-printable Message-ID: <92029D20-0433-4B95-BA0B-D4C0F40DD035@fisglobal.com> References: <4F2C086B.9040307@barafranca.com> <040601cce295$ad453460$07cf9d20$@fisglobal.com> <4F2D7CB5.9040303@barafranca.com> To: Hugo Silva X-Mailer: Apple Mail (2.1084) X-Originating-IP: [10.14.152.28] X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.6.7361, 1.0.260, 0.0.0000 definitions=2012-02-04_05:2012-02-03, 2012-02-04, 1970-01-01 signatures=0 Cc: freebsd-questions@freebsd.org Subject: Re: Jails V2, VIMAGE, and integration in the base system X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 20:46:50 -0000 On Feb 4, 2012, at 10:45 AM, Hugo Silva wrote: > On 02/03/12 17:02, Devin Teske wrote: >> Please give this a try: >>=20 >> http://druidbsd.sf.net/vimage.shtml >> http://druidbsd.sf.net/download.shtml >>=20 >=20 > Hi, >=20 > Interesting. >=20 > Is it safe to run in production (VIMAGE/vnets) ? I can't speak to every application, release, or even purpose, but we've bee= n using between 2 and 3 dozen vimages for various purposes without problem = on 8.1-RELEASE-p6 (just haven't got around to updating to -p7 which is late= d RELENG_8_1 security patch). We've been running amd64 hosts with both amd64 and i386 jails. Doing compil= er builds, using them as web servers, shell servers, bastion's, gateways, p= roxies (both shell and web), and even for running legacy releases of FreeBS= D (running 4.11 i386 on an amd64 8.1 host). So the VIMAGE/vnets support seems pretty stable in 8.1-RELEASE. Oh, we did have to MFC SVN r207194 to fix a bug in sys/net/rtsock.c when ru= nning i386 route(8) in VIMAGE under amd64 host. Though you don't have to ap= ply the patch, as the workaround was simple -- copy the host's amd64 route(= 8) over vimage's i386 one. That's really the only bug we ever hit, but your= mileage may vary. We've been generally very happy with VIMAGE/vnets so far. Now, with respect to the script being production ready, I'd say yes with on= e minor nit... Unnecessarily starting/stopping vimages after boot is bad for two reasons: 1. In 8.1-RELEASE there's an necessary loss in VM pages everytime you remov= e a vimage jail with "jail -r" (this has been fixed in later releases). 2. The Ethernet HW address auto-calculations performed in my script are bas= ed on the order in which vimages are started and stopped. This is easily ov= ercome by setting the HW address in the ifconfig_* line within rc.conf(5) (= within the vimage rootdir). --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.