From owner-freebsd-stable@FreeBSD.ORG Mon Mar 12 21:12:30 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8FEA916A402 for ; Mon, 12 Mar 2007 21:12:30 +0000 (UTC) (envelope-from andrej@antiszoc.hu) Received: from mail.webmedia.hu (webmedia.hu [195.70.37.84]) by mx1.freebsd.org (Postfix) with ESMTP id 4F47B13C46A for ; Mon, 12 Mar 2007 21:12:30 +0000 (UTC) (envelope-from andrej@antiszoc.hu) X-Virus-Scanned: amavisd-new at webmedia.hu Received: from [192.168.1.5] (catv-506346c6.catv.broadband.hu [80.99.70.198]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.webmedia.hu (Postfix) with ESMTP id 4C1BF1EDE713 for ; Mon, 12 Mar 2007 22:12:27 +0100 (CET) Message-ID: <45F5C23B.8040303@antiszoc.hu> Date: Mon, 12 Mar 2007 22:12:27 +0100 From: =?ISO-8859-1?Q?Andras_G=F3t?= User-Agent: Thunderbird 1.5.0.10 (X11/20070306) MIME-Version: 1.0 To: FreeBSD Stable List References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Xen Dom0, are we making progress? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2007 21:12:30 -0000 Nikolas Britton wrote: > On 3/12/07, Ronald Klop wrote: >> On Mon, 12 Mar 2007 20:16:32 +0100, Nikolas Britton >> wrote: >> >> > Is FreeBSD making any progress in Xen Dom0 / Intel VT support? I'd >> > really like to consolidate some underutilized FreeBSD servers. Are >> > their any alternative solutions that will enable me to do this kind of >> > stuff with FreeBSD, or would it be better to go with Solaris Dom0 + >> > FreeBSD DomU? >> >> http://docs.freebsd.org/44doc/papers/jail/jail.html >> google: jail freebsd >> > > Yes I'd like to know more about jails, is there a high level / > executive summary type document that I can read somewhere? From what I > remember jails are mostly designed to partition stuff... for security > reasons. > > What I'd really love to do is split up each service (httpd, postgres, > samba/nfs, ldap/nis, asterisk, etc.) into discrete virtual machines. > It's too much work trying to make them all play nice on one system, > especially during upgrades. As it is right now I don't upgrade any > services once a system is in production use. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > Hi, For first read man jail. :) Apache, bind, mysql and postfix run fine in a jail. For postgres you've to turn on the jail.ipc. This is basicly not so bad, but definitely reduces security. For samba/nfs/ldap/nis and asterisk I don't have the experience, but if they not need ipc, they'll run fine out of the box. In jails I suggest that you mount your ports tree with some nullfs mount. With this you'll save some hd capacity. (The installed port list is in /var, not in /usr/ports.) In jails you can't do resource control, so keep that in mind. Regards, Andras