From owner-freebsd-questions@FreeBSD.ORG Wed May 10 16:50:30 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A26BA16A783 for ; Wed, 10 May 2006 16:50:30 +0000 (UTC) (envelope-from chad@shire.net) Received: from hobbiton.shire.net (hobbiton.shire.net [166.70.252.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C41B43DA7 for ; Wed, 10 May 2006 16:50:22 +0000 (GMT) (envelope-from chad@shire.net) Received: from [67.171.127.191] (helo=[192.168.99.68]) by hobbiton.shire.net with esmtpa (Exim 4.51) id 1FdrtF-000OTP-Tz; Wed, 10 May 2006 10:50:22 -0600 In-Reply-To: <18e02bd30605100133p58f81d28w5d30a8089304dbce@mail.gmail.com> References: <62b856460605090453o24f7de34ka71fffa392bfdedb@mail.gmail.com> <18e02bd30605100133p58f81d28w5d30a8089304dbce@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: "Chad Leigh -- Shire.Net LLC" Date: Wed, 10 May 2006 10:50:21 -0600 To: Iantcho Vassilev X-Mailer: Apple Mail (2.749.3) X-SA-Exim-Connect-IP: 67.171.127.191 X-SA-Exim-Mail-From: chad@shire.net X-SA-Exim-Scanned: No (on hobbiton.shire.net); SAEximRunCond expanded to false Cc: freebsd-questions@freebsd.org Subject: Re: jails or chroot? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 May 2006 16:50:34 -0000 On May 10, 2006, at 2:33 AM, Iantcho Vassilev wrote: > On 5/9/06, Chad Leigh -- Shire.Net LLC wrote: >> >> >> On May 9, 2006, at 5:53 AM, Michael Grant wrote: >> >> > >> > When it comes time to upgrade, how does one upgrade 100 different >> > jails? This will be a nightmare! >> >> Actually, not. You only need 1 master jail and a bunch of nullfs >> read only mounts plus some exclusive space for each jail. I run 44 >> jails at the moment this way. Upgrading is relatively easy as I only >> have to upgrade one master jail (and unfortunately lots of jail etc >> if such happens but a few scripts can automate much of that). >> >> >> All the jails run out of one installed jail and they also have the >> side benefit of the main system directories being read only so >> exploits in one jail cannot affect all the running jails. > > > > > Wow, > I really like the setup you have make.. > > One question.How do you update the system(and the jail) ? I shut all the jails down, and update the system. Then I boot without starting the jails and rebuild the master jail according to "man jail". Then I start a special main jail that was used to install ports used, if any, into a common area and do any updates necessary -- this last one from 5.4 to 6.0 I just made sure I had the 5x compatibility stuff installed and all was fine for now so I have more time to redo individual ports or SW built frmo scratch. When that is done I restart all the jails. I had about 40 jails active when I went from 5.4 to 6.0 on this particular machine (some earlier ones I did from 5.4 to 6.0 had maybe 1 or 2 jails so they were not the definitive test case). Had no problems once I made sure all the jails were accessing the compat 5x stuff (which I did by editing in each jail /etc -- you could use a script but I am lousy at writing more than simple scripts -- the rc.conf and making sure that "ldconfig_paths=" was set appropriately to the master jail wide compat5x library location... Done, finis Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net