From owner-freebsd-jail@FreeBSD.ORG Mon Mar 9 19:24:03 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3F1CFC62 for ; Mon, 9 Mar 2015 19:24:03 +0000 (UTC) Received: from internal.electricembers.net (internal.electricembers.net [208.90.215.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.electricembers.net", Issuer "DigiCert High Assurance CA-3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2994DBD7 for ; Mon, 9 Mar 2015 19:24:01 +0000 (UTC) Received: from mail.electricembers.net (npomail1 [208.90.215.73]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: ben) by internal.electricembers.net (Postfix) with ESMTPSA id 62D8B273A0 for ; Mon, 9 Mar 2015 12:23:55 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 09 Mar 2015 12:23:55 -0700 From: Benjamin Connelly To: freebsd-jail@freebsd.org Subject: ftasv and ScoreBoardFile on FreeBSD 10 with jails Message-ID: X-Sender: ben@electricembers.coop User-Agent: Roundcube Webmail/1.0.2 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Mar 2015 19:24:03 -0000 We recently upgraded some FreeBSD 9.1 servers to FreeBSD 10.1 and found it broke the scoreboard viewing utility we were using, the "ftasv" port (ftss). For that tool to work apache is supposed to be configured to use 'a "name based" shared memory segment' (from their README) by the directive ScoreBoardFile /var/run/apache_status That used to (on FreeBSD 9.1) create that "file". Then we could execute 'ftasv /var/run/apache_status' to interpret it and see what requests apache was working to serve. This even worked with many different apache instances running each in their own jail, where all the jails actually share the same basejail /usr/local/sbin/httpd binary. Inside each jail we could see just the requests that instance of apache was working on. But after the FreeBSD upgrade to 10.1 we no longer see the apache_status file in the filesystem, and ftasv seems to actually report the most recent hits from the most recently restarted instance of apache, even if that's in another jail!? (On a system with no jails and just the one instance of apache, it's not actually a problem!) Can anybody point me toward the right dials to turn if it's still possible to do this scoreboard viewing of each independent apache instance? (Like I think I may need security.jail.param.allow.sysvipc=1 in the jails, but I'm also finding with ezjail I'm not actually able to get that set because it's creating the /var/run/jail.JAILNAME.conf file with both these lines in it: allow.sysvipc = 0; allow.sysvipc=1; Ben