From owner-freebsd-questions@FreeBSD.ORG  Tue Aug 13 16:42:09 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 53281C1D
 for <freebsd-questions@freebsd.org>; Tue, 13 Aug 2013 16:42:09 +0000 (UTC)
 (envelope-from aimass@yabarana.com)
Received: from mail-pd0-f175.google.com (mail-pd0-f175.google.com
 [209.85.192.175])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 285E823FB
 for <freebsd-questions@freebsd.org>; Tue, 13 Aug 2013 16:42:08 +0000 (UTC)
Received: by mail-pd0-f175.google.com with SMTP id q10so5091818pdj.20
 for <freebsd-questions@freebsd.org>; Tue, 13 Aug 2013 09:42:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type
 :content-transfer-encoding;
 bh=fspYxwXafSGdJuqlV8AaDbJxCH624wNTGByM2WIhR/U=;
 b=pT7Fele/pFDhIdbmez+FPbluDTGdIoGTFAs1U6J5EqM7fsdletIph/5Z2O5ABIZ/qx
 I8xZLZpVqMT3Rew8QOX/1nwjRNSDiEjSbau4L/6mV5aJzltJzADTbV2cfOp5a5gRXoAC
 H6YB5hqRCdj1/UJTYL3bf22L4hBkj6c0/2zoYCdCg0k7fuLsLRxBxFCIlpKZAwMD8I4R
 B/kYOVqsJwkVHWwCka8kilXKBkbaOi4F+aB+7a19MY/k1RTJbIMvvDicUVyXIrwqkAVa
 ISwcHpUEepunxdBTe5FDgfeji80CJ7pFe+unEeUzIx1zYww2Y3LNFK4P7MWF6sYZ2TRW
 8eeQ==
X-Gm-Message-State: ALoCoQmEWzb97coJFB4vkx/rW+ZTxvaf4Qy+ywxKhaie6RDXsH5b0Ci0W4KEDivZLMMV3pe6bAb0
MIME-Version: 1.0
X-Received: by 10.68.101.225 with SMTP id fj1mr5432334pbb.8.1376412128215;
 Tue, 13 Aug 2013 09:42:08 -0700 (PDT)
Received: by 10.66.11.41 with HTTP; Tue, 13 Aug 2013 09:42:07 -0700 (PDT)
In-Reply-To: <5209B28E.4000200@ShaneWare.Biz>
References: <CAO+PfDe3VDRpK9ALrsvwxBcAyejfN85FRvMLU3Q4CKmMgkG3+A@mail.gmail.com>
 <20130811173341.6d1cb2e7@arsenic> <20130811173630.24ed528c@arsenic>
 <CAO+PfDct3aXrrszdWOOu7KUPaxVKrPvboJJn29ipKUS9pCo+_g@mail.gmail.com>
 <alpine.BSF.2.00.1308121323550.90799@mail.fig.ol.no>
 <CAO+PfDfunKiUx=2SV678jZqzwWHoVPonUwi_MMyNvSJ_HCiUuQ@mail.gmail.com>
 <alpine.BSF.2.00.1308121407470.90799@mail.fig.ol.no>
 <5209B28E.4000200@ShaneWare.Biz>
Date: Tue, 13 Aug 2013 12:42:07 -0400
Message-ID: <CAHieY7Q-SetFrrfJDKgY=zOrfsnncf2RLfk+-hXdoYR4u4j-zQ@mail.gmail.com>
Subject: Re: sysvipc only for one jail
From: Alejandro Imass <aimass@yabarana.com>
To: Shane Ambler <FreeBSD@shaneware.biz>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: David Demelier <demelier.david@gmail.com>, Maciej Suszko <maciej@suszko.eu>,
 FreeBSD Questions <freebsd-questions@freebsd.org>,
 =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2013 16:42:09 -0000

On Tue, Aug 13, 2013 at 12:14 AM, Shane Ambler <FreeBSD@shaneware.biz> wrot=
e:
> On 12/08/2013 21:39, Trond Endrest=F8l wrote:
>>
>> On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote:
>
>
>>> And thus, it's not enabled as postgresql tells:
>>>
>>> creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL:
>>>   could not create shared memory segment: Function not implemented
>>
>>
>> I'll look into this by creating a new jail for PostgreSQL 9.2 when I
>> get home.
>>
>
> While it is currently in beta maybe you could also try 9.3 and verify tha=
t
> the shared memory update works or eliminates this configuration?
>


No need for any complication. Pg will work just fine by following this
simple recipe. I compute a UID unique to the overall system by
concatenating 70 (the natural UID for the pgsql user user in FBSD) and
the last 3 digits of the Jails'IP, but you can come up with any
numbering scheme as long as it's consistent and easily associated to a
specific jail.

For example for the Pg running on jail 192.168.101.124, install
PostgreSQL and before doing anything else:

pw usermod pgsql -u 70124
pw groupmod pgsql -g 70124
pw usermod pgsql -g 70124
chown -R pgsql /usr/local/pgsql/
chgrp -R pgsql /usr/local/pgsql/

Any other application that uses SYSV IPC should follow a similar
recipe, and it's compatible with al versions of Jails.

And that's it. I have dozens of jails with Pg running this way.
Likewise also make sure all of your network daemons listen
_specifically_ to that jail's IP, in Pg that would be postgresql.conf:
listen_addresses =3D 'xxxxxx' although the default 'localhost' should
work most of the time. Always double check all daemons with sockstat
(e.g. sockstat -4l) to make sure they only listen on that jail's
IP(s).

Best,

--=20
Alejandro Imass