From owner-freebsd-jail@FreeBSD.ORG  Mon Apr  1 03:53:21 2013
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id C35356CE
 for <freebsd-jail@freebsd.org>; Mon,  1 Apr 2013 03:53:21 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 by mx1.freebsd.org (Postfix) with ESMTP id 0BF702EB
 for <freebsd-jail@freebsd.org>; Mon,  1 Apr 2013 03:53:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id r313rBX0089259;
 Mon, 1 Apr 2013 14:53:11 +1100 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Mon, 1 Apr 2013 14:53:11 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Dirk Engling <erdgeist@erdgeist.org>
Subject: Re: rc.d/jail and jail.conf
In-Reply-To: <5158A379.2030702@erdgeist.org>
Message-ID: <20130401140510.Y56386@sola.nimnet.asn.au>
References: <515721F8.9090202@erdgeist.org> <51574D3F.9040300@quip.cz>
 <51588435.2010400@erdgeist.org> <51589607.7040401@quip.cz>
 <5158A379.2030702@erdgeist.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2013 03:53:21 -0000

On Sun, 31 Mar 2013 22:58:33 +0200, Dirk Engling wrote:
 > On 31.03.13 22:01, Miroslav Lachman wrote:
 > 
 > >> So I guess, I am out of luck here, because users used to think of their
 > >> jails as what they saw in the hostname field on jls. If I am writing
 > >> tools that use jail_getid to map the jailname to the jid, it will never
 > >> match that hostname and I also can not copy the hostname to the jailname.
 > > 
 > > I understand what you are talking about, but jails in these days are
 > > something different from what jails were at the begining in 4.x days and
 > > users must accept that jailname is something different than hostname.
 > 
 > > In these days, you can have jails with many IP addresses or without IP
 > > address. Hostname needn't to be unique etc.
 > >
 > > Dot (.) is not allowed in jailname because of hierarchical jails,
 > > where dot is used as hierarchy separator.
 > 
 > Humm, this seems a strange thing to answer to my question. Once you see
 > jails as virtual servers (which I understand is not the only way to do,
 > but the biased way I and most jail users I talk to happen to deploy them
 > in huge quantities), the natural approach to name them is via their
 > hostname. I find it hard to grasp to tell them "don't" ;)
 > 
 > And still I find the choice of '.' as a separator unfortunate, '/'
 > springs in mind, but there might have been reasons.

'/' would be just as problematic if you wanted to use jailnames as 
directories anywhere.  ':' maybe?  but likely too late for that ..

 > I also understand that the hostname is not an unique identifier anymore,
 > still for many (if not most) setups the mapping is bijective.
 > 
 > My problem now is that referring to a jail (in a sense of virtual host)
 > becomes unintuitive. I want to do stuff with my vhost "example.com" but
 > have to call it "example" or "example_com". Even worse with
 > "www.example.com" which now needs to be an ambigous "www" or some other
 > mapping of '.' to something else.
 >
 > If I want to write tools that accept intuitive jail identifiers, I would
 > have to implement heuristics that match the hostname once the identifier
 > contains '.' and I can't find a hierarchical jail with that name.

Consistent mapping of a fqdn's '.' to '_' might be more POSLA (slightly
less astonishment :) for these users?  Of course if they do want to use 
hierarchical jails they still need to know what '.' means and does, but 
then I guess people setting up and running jails-within-jails are going 
to need to have their heads screwed on pretty tightly anyway ..

 > > Plain jls without any options should be used just for backward
 > > compatibility with old scripts, because its output is insufficient for
 > > todays jails. (only one IP is shown and no jailname)
 > > 
 > > jls -v or jls -s is better with new jails.
 > 
 > Maybe it would be easier for me to understand if I knew, how those jails
 > "in these days" are supposed to work, what the overall vision is for
 > users to integrate them in their workflow. Besides a wish list that
 > doubles as todo list in
 > 
 >   https://wiki.freebsd.org/Jails
 > 
 > and an attempted handbook section rewrite, there seems to be little in
 > that regard. Maybe I just missed out on the discussions or could not
 > find the relevant documents?
 > 
 > Maybe meeting at a BSDcon over a beer would help ;)

Unlikely to hurt, anyway :)

cheers, Ian