Date: Wed, 10 May 2006 10:50:21 -0600 From: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> To: Iantcho Vassilev <ianchov@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: jails or chroot? Message-ID: <F759C26A-B4B0-4121-AC5F-18C7A28574B8@shire.net> In-Reply-To: <18e02bd30605100133p58f81d28w5d30a8089304dbce@mail.gmail.com> References: <62b856460605090453o24f7de34ka71fffa392bfdedb@mail.gmail.com> <C60DD298-4A89-4B75-A3AF-88C612C47065@shire.net> <18e02bd30605100133p58f81d28w5d30a8089304dbce@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 10, 2006, at 2:33 AM, Iantcho Vassilev wrote: > On 5/9/06, Chad Leigh -- Shire.Net LLC <chad@shire.net> wrote: >> >> >> On May 9, 2006, at 5:53 AM, Michael Grant wrote: >> >> > >> > When it comes time to upgrade, how does one upgrade 100 different >> > jails? This will be a nightmare! >> >> Actually, not. You only need 1 master jail and a bunch of nullfs >> read only mounts plus some exclusive space for each jail. I run 44 >> jails at the moment this way. Upgrading is relatively easy as I only >> have to upgrade one master jail (and unfortunately lots of jail etc >> if such happens but a few scripts can automate much of that). >> >> <snipppage> >> All the jails run out of one installed jail and they also have the >> side benefit of the main system directories being read only so >> exploits in one jail cannot affect all the running jails. > > > > > Wow, > I really like the setup you have make.. > > One question.How do you update the system(and the jail) ? I shut all the jails down, and update the system. Then I boot without starting the jails and rebuild the master jail according to "man jail". Then I start a special main jail that was used to install ports used, if any, into a common area and do any updates necessary -- this last one from 5.4 to 6.0 I just made sure I had the 5x compatibility stuff installed and all was fine for now so I have more time to redo individual ports or SW built frmo scratch. When that is done I restart all the jails. I had about 40 jails active when I went from 5.4 to 6.0 on this particular machine (some earlier ones I did from 5.4 to 6.0 had maybe 1 or 2 jails so they were not the definitive test case). Had no problems once I made sure all the jails were accessing the compat 5x stuff (which I did by editing in each jail /etc -- you could use a script but I am lousy at writing more than simple scripts -- the rc.conf and making sure that "ldconfig_paths=" was set appropriately to the master jail wide compat5x library location... Done, finis Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F759C26A-B4B0-4121-AC5F-18C7A28574B8>
