From owner-freebsd-questions@freebsd.org  Sun Dec 20 23:02:49 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65238A4D61F;
 Sun, 20 Dec 2015 23:02:49 +0000 (UTC)
 (envelope-from wblock@wonkity.com)
Received: from wonkity.com (wonkity.com [67.158.26.137])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "wonkity.com", Issuer "wonkity.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 27AF518D8;
 Sun, 20 Dec 2015 23:02:48 +0000 (UTC)
 (envelope-from wblock@wonkity.com)
Received: from wonkity.com (localhost [127.0.0.1])
 by wonkity.com (8.15.2/8.15.2) with ESMTPS id tBKN1Uqm062317
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Sun, 20 Dec 2015 16:01:30 -0700 (MST)
 (envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
 by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id tBKN1TXH062303;
 Sun, 20 Dec 2015 16:01:29 -0700 (MST)
 (envelope-from wblock@wonkity.com)
Date: Sun, 20 Dec 2015 16:01:29 -0700 (MST)
From: Warren Block <wblock@wonkity.com>
To: dweimer <dweimer@dweimer.net>
cc: "Michael B. Eichorn" <ike@michaeleichorn.com>, freebsd-jail@freebsd.org,
 freebsd-questions <freebsd-questions@freebsd.org>,
 Michael Grimm <trashcan@odo.in-berlin.de>,
 owner-freebsd-questions@freebsd.org
Subject: Re: How to define the order of starting jails?
In-Reply-To: <b538d6be51b83cf48e18f603ea1009a9@dweimer.net>
Message-ID: <alpine.BSF.2.20.1512201558410.60560@wonkity.com>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
 <1450639510.27618.8.camel@michaeleichorn.com>
 <b538d6be51b83cf48e18f603ea1009a9@dweimer.net>
User-Agent: Alpine 2.20 (BSF 67 2015-01-07)
MIME-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (wonkity.com [127.0.0.1]); Sun, 20 Dec 2015 16:01:30 -0700 (MST)
X-Mailman-Approved-At: Sun, 20 Dec 2015 23:42:26 +0000
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8BIT
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 23:02:49 -0000

On Sun, 20 Dec 2015, dweimer wrote:

> On 2015-12-20 1:25 pm, Michael B. Eichorn wrote:
>> On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote:
>>> Hi —
>>> 
>>> [Background: I wish to run (some of my) ezjail-made jails and VNET
>>> which cannot be done by ezjail, natively.]
>>> 
>>> But I found a way to mix both ezjail and basic jail(8) functionality.
>>> It's quite easy to fire up ezjail-made jails defined in jail.conf by
>>> jail. And, now I can apply VNET to those jails I do wish to run their
>>> own network stacks. That's all working well.
>>> 
>>> But I am bit stuck in finding a way to start my jails in a pre-
>>> defined order (e.g. first DNS, then mail, …). Well, I can achieve
>>> that during boot time by using jail_list="dns mail …" in rc.conf.
>>> But, this is respected during boot time, *only*. Whenever I do run a
>>> "jail -rc '*'" that shutdown and starting order becomes arbitrary. It
>>> doesn't follow the sequence of my jail definitions in jail.conf,
>>> either. I thoroughly checked the jail.conf(5) man page for a
>>> functionality that would allow me to define a startup/shutdown
>>> sequence, but I couldn't find it.
>>> 
>>> Thus, I might have overlooked it, is there a way to achieve my goal
>>> using jail and jail.conf?
>>> Or something else?
>>> 
>>> Thanks and regards,
>>> Michael
>> 
>> jail(8)'s '*' operates on everything without concern for rc.conf, as
>> such jail_list is not respected. Perhaps try something tied to the rc.d
>> system. Does `service jail restart` do what you are looking for?
>> 
>> Otherwise I would just go with simple restart script such as:
>> #!/bin/sh
>> set -e
>> jail -r '*'
>> jail -c dns
>> jail -c mail
>
> You can also define a jail dependency to make sure a jail starts before 
> another one
>
> dns {
>  ...
> }
> mail {
>  ...
>  depend = "dns"
> }

I submitted an ezjail patch last year to be able to start a jail very 
early.  This is useful for me because that lets the DNS jail start early 
enough that the ezjail host can use it as a DNS server.

An update to ezjail came out a few weeks back, but did not include it.
From owner-freebsd-questions@freebsd.org  Sun Dec 20 23:54:56 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDA4AA4D2BD
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sun, 20 Dec 2015 23:54:56 +0000 (UTC)
 (envelope-from idouz@matrix.co.il)
Received: from mailout-hz.matrix.co.il (mailout-hz.matrix.co.il
 [199.203.148.203])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 513DD13DD
 for <freebsd-questions@FreeBSD.org>; Sun, 20 Dec 2015 23:54:56 +0000 (UTC)
 (envelope-from idouz@matrix.co.il)
Received: from EX1.Matrix.IT (10.90.13.211) by EX1.Matrix.IT (10.90.13.211)
 with Microsoft SMTP Server (TLS) id 15.0.1076.9; Mon, 21 Dec 2015 01:54:52
 +0200
Received: from EX1.Matrix.IT ([10.90.13.211]) by EX1.Matrix.IT
 ([10.90.13.211]) with mapi id 15.00.1076.000; Mon, 21 Dec 2015 01:54:52 +0200
From: Ido Uziel <idouz@matrix.co.il>
To: "kpneal@pobox.com" <kpneal@pobox.com>
CC: "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.org>
Subject: RE: HP server gen 9 support
Thread-Topic: HP server gen 9 support
Thread-Index: AdE7Z56PiSvXGx6mRSqwTOOCQ8iyb////X4A///L3uA=
Date: Sun, 20 Dec 2015 23:54:52 +0000
Message-ID: <d3b673859c844ab786d06190d5eda456@EX1.Matrix.IT>
References: <3069d2383aac49a7a2b93a2b1aa40ac7@EX1.Matrix.IT>
 <20151220223822.GA68564@neutralgood.org>
In-Reply-To: <20151220223822.GA68564@neutralgood.org>
Accept-Language: he-IL, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.90.13.90]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 23:54:56 -0000

SGVsbG8gdGhhbmtzIGZvciB0aGUgcXVpY2sgYW5zd2VyLg0KDQpCdXQgSSB0aGluayB5b3UgbWlz
dW5kZXJzdG9vZCBtZS4gSSBoYXZlIEhQIERMIDM2MCBHZW4gOSBzZXJ2ZXIgd2l0aCBIUCBzbWFy
dCBhcnJheSBwNDQwIGNvbnRyb2xsZXIsIGl04oCZcyB0aGUgY29tbW9uIG9uZSBvZiBIUCBnZW4g
OSBzZXJ2ZXIuDQpJIGFsc28gaGF2ZSBIUCBzbWFydCBhcnJheSBwODQwLCBIUCBzbWFydCBhcnJh
eSBwMjQwIGJ1dCBub25lIG9mIHRoZW0gaXMgbm90IG9uIHlvdXIgbGlzdC4NClNvIHdoYXQgaXMg
eW91ciBzb2x1dGlvbiBmb3IgY3VzdG9tZXIgd2l0aCBIUCBzZXJ2ZXIgbGlrZSBtZT8NCg0KSWRv
IFV6aWVsIHwgSFAgcHJvZHVjdCBtYW5hZ2VyIHwgSW50ZWdyYXRpb24gJiBJbmZyYXN0cnVjdHVy
ZSBEaXZpc2lvbiB8IMKgTWF0cml4DQpNb2JpbGU6ICs5NzItNTQtOTAwMDI3NSB8IE9mZmljZTog
Kzk3Mi0zLTY1MDYwNzkgfCBJZG91ekBtYXRyaXguY28uaWwgfMKgIHd3dy5tYXRyaXguY28uaWwN
Cg0KDQoNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IGtwbmVhbEBwb2JveC5j
b20gW21haWx0bzprcG5lYWxAcG9ib3guY29tXSANClNlbnQ6IE1vbmRheSwgRGVjZW1iZXIgMjEs
IDIwMTUgMTI6MzggQU0NClRvOiBJZG8gVXppZWwNCkNjOiBmcmVlYnNkLXF1ZXN0aW9uc0BGcmVl
QlNELm9yZw0KU3ViamVjdDogUmU6IEhQIHNlcnZlciBnZW4gOSBzdXBwb3J0DQoNCk9uIFN1biwg
RGVjIDIwLCAyMDE1IGF0IDA4OjUxOjAxUE0gKzAwMDAsIElkbyBVemllbCB3cm90ZToNCj4gSGVs
bG8gdGVhbQ0KPiANCj4gV2Ugd291bGQgbGlrZSB0byBidXkgeW91ciBzb2Z0d2FyZSB3aXRoIEhQ
IGhhcmR3YXJlLCB3ZSBkb27igJl0IHNlZSBhbnkgb2YgSFAgZ2VuIDkgY29udHJvbGxlcnMgc3Vw
cG9ydCBpbiB5b3VyIGxpc3QgKGh0dHBzOi8vd3d3LmZyZWVic2Qub3JnL3JlbG5vdGVzL0NVUlJF
TlQvaGFyZHdhcmUvc3VwcG9ydC5odG1sICkgLg0KDQpZb3UgbWlzdW5kZXJzdGFuZC4gVGhlcmUg
aXMgbm8gcHJvZHVjdC4gVGhlIHNvZnR3YXJlIGlzIGZyZWUuIEp1c3QgZG93bmxvYWQgaXQgYW5k
IGluc3RhbGwgaXQuIElmIHlvdSBuZWVkIGhlbHAgeW91IGNhbiBhc2sgb24gdGhlIGxpc3RzIGhl
cmUgYXMgeW91IGFyZSBkb2luZyBub3cuDQoNCj4gRG8geW91IGhhdmUgYW55IHNvbHV0aW9uIGZv
ciBIUCBnZW4gOSBzZXJ2ZXJzPw0KDQpZb3UnbGwgcHJvYmFibHkgZ2V0IGJldHRlciBhbnN3ZXJz
IG9uIHRoZSBmcmVlYnNkLXN0YWJsZSBsaXN0LiANCg0KLS0gDQpLZXZpbiBQLiBOZWFsICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICBodHRwOi8vd3d3LnBvYm94LmNvbS9+a3BuLw0KIk9o
LCBJJ3ZlIGhlYXJkIHRoYXQgcGFyYWRveCBhIGNvdXBsZSBvZiB0aW1lcywgYnV0IHRoZXJlJ3Mg
c29tZXRoaW5nIGFib3V0IGEgY2F0IGR5aW5nIGFuZCBJIGhhdGUgdG8gdGhpbmsgb2Ygc3VjaCB0
aGluZ3MuIg0KICAtIERyLiBEb25hbGQgS251dGggc3BlYWtpbmcgb2YgU2Nocm9kaW5nZXIncyBj
YXQsIERlY2VtYmVyIDgsIDE5OTksIE1JVA0KDQpUaGlzIG1haWwgd2FzIHJlY2VpdmVkIGFuZCB0
ZXN0ZWQgdXNpbmcgUGluZUFwcA0KDQoNCg==