From owner-freebsd-rc@FreeBSD.ORG Thu Sep 1 07:15:46 2011 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A13E7106566C; Thu, 1 Sep 2011 07:15:46 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id 66A268FC15; Thu, 1 Sep 2011 07:15:46 +0000 (UTC) Received: from sbhfislrext01.fnfis.com ([192.168.249.167]) by SCSFISLTC01 (8.14.3/8.14.3) with ESMTP id p817Fjpo015600; Thu, 1 Sep 2011 02:15:45 -0500 Received: from sbhfisltcgw02.FNFIS.COM (Not Verified[10.132.248.122]) by sbhfislrext01.fnfis.com with MailMarshal (v6, 5, 4, 7535) id ; Thu, 01 Sep 2011 02:15:39 -0500 Received: from smtp.fisglobal.com ([10.132.206.15]) by sbhfisltcgw02.FNFIS.COM with Microsoft SMTPSVC(6.0.3790.4675); Thu, 1 Sep 2011 02:15:44 -0500 Received: from [10.0.0.104] (10.14.152.54) by smtp.fisglobal.com (10.132.206.15) with Microsoft SMTP Server (TLS) id 14.1.289.1; Thu, 1 Sep 2011 02:15:32 -0500 MIME-Version: 1.0 (Apple Message framework v1084) From: Devin Teske In-Reply-To: Date: Thu, 1 Sep 2011 00:15:42 -0700 Message-ID: <61AAA988-00F5-44CA-B446-4894A16E682D@fisglobal.com> References: To: FreeBSD RC X-Mailer: Apple Mail (2.1084) X-Originating-IP: [10.14.152.54] X-OriginalArrivalTime: 01 Sep 2011 07:15:44.0291 (UTC) FILETIME=[F6CC3730:01CC6876] Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Julian Elischer Subject: Re: [PATCH] Add /etc/rc.d/vimage startup script for creating vnet jails X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Sep 2011 07:15:46 -0000 On Aug 27, 2011, at 10:47 AM, Devin Teske wrote: > Hi All, >=20 > I'd like to submit a patch for review (attached) that adds a new /etc/rc.= d script named "vimage". >=20 > =20 Updated. See attached file or see the web at http://druidbsd.sf.net/download/vimage_rc.20110831135736.= patch Highlights: - optional automatic network interface bridging using netgraph(4) - automatic MAC address management of ng_eiface(4) devices - easily create multiple virtual NICs bridged to one or more physical NICs - can point vimages at same directory and configure all virtual NICs for va= rious vimages in single rc.conf(5) - potentially scale up to maximum number of virtual NICs, 65,535 - new "_bridges" option helps simplify more complicated setups in combinati= on with existing "_vnets" option in rc.conf (hint: lagg + carp) - does not require bridge(4) or epair(4) -- but works fine with if that's w= hat you want >=20 > Essentially, a hand-tweaked version of /etc/rc.d/jail with added/removed = features. >=20 > Here's how we're using it in /etc/rc.conf to successfully start up vimage= jails at boot time: >=20 New excerpt below, highlighting the new feature (netgraph(4) bridging): =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D BEGIN rc.conf(5) EXCERPT =3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D vimage_enable=3D"YES" vimage_list=3D"v1 v2 v3" vimage_services=3D"sshd" # set all vimages to run sshd # Vimage with one network interface bridged to bge0 vimage_v1_rootdir=3D"/" vimage_v1_hostname=3D"vimage1" vimage_v1_bridges=3D"bge0" # Vimage with two network interfaces, both bridged to bge0 vimage_v2_rootdir=3D"/" vimage_v2_hostname=3D"vimage2" vimage_v2_bridges=3D"bge0 bge0" # Vimage with four network interfaces, bridged to various interfaces vimage_v3_rootdir=3D"/" vimage_v3_hostname=3D"vimage3" vimage_v3_bridges=3D"bge0 bge0 fxp0 em0 em1" # IP addresses for vimage1 ifconfig_ng0_v1=3D"inet 192.168.1.100/24" # IP addresses for vimage2 ifconfig_ng0_v2=3D"inet 192.168.1.101/24" ifconfig_ng1_v2=3D"inet 192.168.1.102/24" # IP addresses for vimage3 ifconfig_ng0_v3=3D"inet 192.168.1.103/24" ifconfig_ng1_v3=3D"inet 192.168.1.104/24" ifconfig_ng2_v3=3D"inet 10.0.0.13/24" ifconfig_ng3_v3=3D"inet 10.10.220.101/24" ifconfig_ng4_v3=3D"inet 10.10.220.102/24" =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D END rc.conf(5) EXCERPT =3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D Normally, you would put the IP address settings into an rc.conf(5) file tha= t is local to the vimage's root directory, but as seen above we pointed eac= h root directory to "/" so we can configure the network interface in the sa= me rc.conf(5). The names of the network interfaces that are created for each vimage are in= the form of: ng##_vimagename ASIDE: The reason for this may not be immediately obvious, but once you sta= rt expanding your virtual network or using ngctl(8) to dump your configurat= ion, you'll be happy that for the naming scheme chosen. However, there's a system limitation of 15 characters in length for network= interfaces displayed by ifconfig(8) (NOTE: ngctl(8) is happy to set the na= me to something longer than 15 characters but ifconfig(8) will refuse to di= splay that name, falling back to the real/default name). Therefore, it's im= portant to not make your vimage names too long (or if you do, make sure at = least the first 11 characters are unique as the script will truncate the na= me of the interface to fit within 15 characters). --=20 Cheers, Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. _____________