Date: Thu, 21 Aug 2014 06:40:11 -0600 From: James Gritton <jamie@gritton.org> To: freebsd-jail@freebsd.org Subject: Re: heartbeat inside jail Message-ID: <53F5E8AB.2010404@gritton.org> In-Reply-To: <CALkSRfwAki1jFQJ-vqj0XPj1h-Fs_94Ucjv9BU0SZM9sDONvyw@mail.gmail.com> References: <CALkSRfwAki1jFQJ-vqj0XPj1h-Fs_94Ucjv9BU0SZM9sDONvyw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/21/2014 5:05 AM, Василий Татаренко wrote:
> I use FreeBSD 10.0-p7
> I try use heartbeat (/usr/ports/sysutils/heartbeat) inside jail.
> My /etc/jail.conf:
>
>> allow.raw_sockets = "true";
>> allow.mount = "true";
>> allow.mount.devfs = "true";
>> mount.devfs = "true";
>> exec.start = "sh /etc/rc";
>> exec.stop = "sh /etc/rc.shutdown";
>> webcl {
>> enforce_statfs = "1";
>> vnet = "new";
>> exec.prestart = "ifconfig epair1 create up";
>> exec.prestart += "ifconfig bridge0 addm epair1a";
>> exec.start = "ifconfig epair1b link **:**:**:**:**:**";
>> exec.start += "sh /etc/rc";
>> vnet.interface = "epair1b";
>> exec.poststop = "ifconfig bridge0 deletem epair1a";
>> exec.poststop += "ifconfig epair1a destroy";
>> path = "/jails/webcl";
>> name = "webcl";
>> host.hostname = "************";
>> allow.mount.nullfs = "true";
>> allow.mount.procfs = "true";
>> allow.sysvipc = "true";
>> }
> When i start heartbeat by
>
>> service heartbeat onestart
> I get errors like this:
>
>> Aug 21 10:38:39 de heartbeat: [40637]: ERROR: Unable to set scheduler
>> parameters.: Operation not permitted
>> Aug 21 10:38:39 de heartbeat: [40637]: ERROR: Unable to lock pid 40637 in
>> memory: Operation not permitted
> Aug 21 10:39:10 de heartbeat: [40647]: ERROR: unable to (re)set scheduler
>> parameters.: Operation not permitted
>
> I tried to figure out what function exactly get Operation not permitted by
>
>> find /usr/ports/sysutils/heartbeat -exec grep -l 'Unable to set scheduler
>> parameters' "{}" \;
>>
> And only file which is source is
>
>> /usr/ports/sysutils/heartbeat/work/STABLE-2.1.4/lib/clplumbing/realtime.c
> So i dig inside and see that:
>
>> if ((staticp=sched_getscheduler(0)) < 0) {
>> cl_perror("unable to get scheduler parameters.");
>> }else{
>> memset(&sp, 0, sizeof(sp));
>> sp.sched_priority = priority;
>> if (sched_setscheduler(0, spolicy, &sp) < 0) {
>> cl_perror("Unable to set scheduler parameters.");
>> }
>> }
> heartbeat process are all run from root.
> What can i do to make it work?
You'll have to excise the sched_setscheduler call, and possibly similar
bits in other places (I haven't looked at heartbeat code). That's the
kind of thing that affects the rest of the system, and jails don't allow
it for that reason. If heartbeat won't work (or won't work well)
without it, and you're inclined to hack around in the kernel, you could
add PRIV_SCHED_SET to prison_priv_check in kern_jail.c.
But my guess is heartbeat will work well enough without setting
scheduler priorities. If it doesn't, it's questionable whether that's
the kind of thing you want to run in hails anyway.
- Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53F5E8AB.2010404>