Date: Thu, 28 Jan 2010 23:45:18 +0100 From: "tom@diogunix.com" <tom@diogunix.com> To: freebsd-jail@freebsd.org Subject: Re: How do you manage your jails? Message-ID: <201001282345.19033.tom@diogunix.com> In-Reply-To: <223601caa066$ecec32d5$0d01460a@secnap.com> References: <223601caa066$ecec32d5$0d01460a@secnap.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Christer, Michael, thank you very much for your answers. I meanwhile could fix the issue. To provide the solution just in short my setup and how I fixed it. I run the machine in a data center and wanted GEOM GELI disk encyrption for the jails partitions (one per jail). Therefor, I cannot use any scripting solutions for jails management. Alle jails are run via generic command lines (jail / jexec / ...). The jails were build via make world and also all daemons were compiled using the ports collection. There are three jails, each with a small bunch of IP addresses. The issue was that I could not find out which rules FreeBSD follows when deciding which of the IPs in a jail to use for outgoing connections. It did NOT use the primary jail IP and I also could not bind daemons to a certain IP. Solution: From the list of alias IPs as configured via ifconfig on the host system, FreeBSD takes the one which comes first in the list of alias IPs to use it for outgoing connections. If you do not want the IP selected by FreeBSD for outgoing connections just remove the alias IP on the host system (ifconfig -alias) and then add it again (ifconfig alias). Through this the IP will be become the last in the list and another alias IP will then get selected for outgoing connections from within the jail. You must go ahead with this method until the right alias IP gets used. That at least was my method to fix the issue. But may be there's anybody out there knowing a better method ... On Christens questions: All jails are managed by generic jail commands (as forced by the GEOM GELI setup). I can do this because there are not that many jails. I however do not use any scripting or cfengine/puppy (never heard of it). I use sendmail only in some jails to get the periodic status messages sent in my email box for admin purposes (reduced sendmail setup of course and not listening outside). I do not share ports. All jails are used for different purposes. Everything is managed "by hand". Automating it would not pay off with that few jails. Thanks for your link. Will visit it. Thanks again to all Tom > pssh with pki keys to run multiple commands, ports in main. Make packages > then pssh each to install the package > > -----Original Message----- > From: Christer Solskogen <christer.solskogen@gmail.com> > Sent: Thursday, January 28, 2010 5:05 PM > To: freebsd-jail@freebsd.org <freebsd-jail@freebsd.org> > Subject: How do you manage your jails? > > So you have installed a FreeBSD server and setup several jails on your > system. They run the services they need and everything works smoothly. But > how do manage all of them? What do you do if you want to run a command on > all jails? Do you run cfengine/puppy? How do you setup sendmail? Do > you have sendmail on all jails? > Do you share ports to all jails? How do you keep ports up to date on them? > Do you have a set of scripts that you want to share? On > http://antarctica.no/stuff/UNIX/FreeBSD/jails/ you'll find what I use. > > I'm preparing a talk for BLUG (the local Linux/BSD group) and I want to > know how YOU manage your jails, there sure are more than one way do it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001282345.19033.tom>