Date: Tue, 13 Aug 2013 12:42:07 -0400 From: Alejandro Imass <aimass@yabarana.com> To: Shane Ambler <FreeBSD@shaneware.biz> Cc: David Demelier <demelier.david@gmail.com>, Maciej Suszko <maciej@suszko.eu>, FreeBSD Questions <freebsd-questions@freebsd.org>, =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no> Subject: Re: sysvipc only for one jail Message-ID: <CAHieY7Q-SetFrrfJDKgY=zOrfsnncf2RLfk%2B-hXdoYR4u4j-zQ@mail.gmail.com> In-Reply-To: <5209B28E.4000200@ShaneWare.Biz> References: <CAO%2BPfDe3VDRpK9ALrsvwxBcAyejfN85FRvMLU3Q4CKmMgkG3%2BA@mail.gmail.com> <20130811173341.6d1cb2e7@arsenic> <20130811173630.24ed528c@arsenic> <CAO%2BPfDct3aXrrszdWOOu7KUPaxVKrPvboJJn29ipKUS9pCo%2B_g@mail.gmail.com> <alpine.BSF.2.00.1308121323550.90799@mail.fig.ol.no> <CAO%2BPfDfunKiUx=2SV678jZqzwWHoVPonUwi_MMyNvSJ_HCiUuQ@mail.gmail.com> <alpine.BSF.2.00.1308121407470.90799@mail.fig.ol.no> <5209B28E.4000200@ShaneWare.Biz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 13, 2013 at 12:14 AM, Shane Ambler <FreeBSD@shaneware.biz> wrot= e: > On 12/08/2013 21:39, Trond Endrest=F8l wrote: >> >> On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote: > > >>> And thus, it's not enabled as postgresql tells: >>> >>> creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: >>> could not create shared memory segment: Function not implemented >> >> >> I'll look into this by creating a new jail for PostgreSQL 9.2 when I >> get home. >> > > While it is currently in beta maybe you could also try 9.3 and verify tha= t > the shared memory update works or eliminates this configuration? > No need for any complication. Pg will work just fine by following this simple recipe. I compute a UID unique to the overall system by concatenating 70 (the natural UID for the pgsql user user in FBSD) and the last 3 digits of the Jails'IP, but you can come up with any numbering scheme as long as it's consistent and easily associated to a specific jail. For example for the Pg running on jail 192.168.101.124, install PostgreSQL and before doing anything else: pw usermod pgsql -u 70124 pw groupmod pgsql -g 70124 pw usermod pgsql -g 70124 chown -R pgsql /usr/local/pgsql/ chgrp -R pgsql /usr/local/pgsql/ Any other application that uses SYSV IPC should follow a similar recipe, and it's compatible with al versions of Jails. And that's it. I have dozens of jails with Pg running this way. Likewise also make sure all of your network daemons listen _specifically_ to that jail's IP, in Pg that would be postgresql.conf: listen_addresses =3D 'xxxxxx' although the default 'localhost' should work most of the time. Always double check all daemons with sockstat (e.g. sockstat -4l) to make sure they only listen on that jail's IP(s). Best, --=20 Alejandro Imass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHieY7Q-SetFrrfJDKgY=zOrfsnncf2RLfk%2B-hXdoYR4u4j-zQ>