Date: Sun, 20 Dec 2015 16:01:29 -0700 (MST) From: Warren Block <wblock@wonkity.com> To: dweimer <dweimer@dweimer.net> Cc: "Michael B. Eichorn" <ike@michaeleichorn.com>, freebsd-jail@freebsd.org, freebsd-questions <freebsd-questions@freebsd.org>, Michael Grimm <trashcan@odo.in-berlin.de>, owner-freebsd-questions@freebsd.org Subject: Re: How to define the order of starting jails? Message-ID: <alpine.BSF.2.20.1512201558410.60560@wonkity.com> In-Reply-To: <b538d6be51b83cf48e18f603ea1009a9@dweimer.net> References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de> <1450639510.27618.8.camel@michaeleichorn.com> <b538d6be51b83cf48e18f603ea1009a9@dweimer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 20 Dec 2015, dweimer wrote:
> On 2015-12-20 1:25 pm, Michael B. Eichorn wrote:
>> On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote:
>>> Hi —
>>>
>>> [Background: I wish to run (some of my) ezjail-made jails and VNET
>>> which cannot be done by ezjail, natively.]
>>>
>>> But I found a way to mix both ezjail and basic jail(8) functionality.
>>> It's quite easy to fire up ezjail-made jails defined in jail.conf by
>>> jail. And, now I can apply VNET to those jails I do wish to run their
>>> own network stacks. That's all working well.
>>>
>>> But I am bit stuck in finding a way to start my jails in a pre-
>>> defined order (e.g. first DNS, then mail, …). Well, I can achieve
>>> that during boot time by using jail_list="dns mail …" in rc.conf.
>>> But, this is respected during boot time, *only*. Whenever I do run a
>>> "jail -rc '*'" that shutdown and starting order becomes arbitrary. It
>>> doesn't follow the sequence of my jail definitions in jail.conf,
>>> either. I thoroughly checked the jail.conf(5) man page for a
>>> functionality that would allow me to define a startup/shutdown
>>> sequence, but I couldn't find it.
>>>
>>> Thus, I might have overlooked it, is there a way to achieve my goal
>>> using jail and jail.conf?
>>> Or something else?
>>>
>>> Thanks and regards,
>>> Michael
>>
>> jail(8)'s '*' operates on everything without concern for rc.conf, as
>> such jail_list is not respected. Perhaps try something tied to the rc.d
>> system. Does `service jail restart` do what you are looking for?
>>
>> Otherwise I would just go with simple restart script such as:
>> #!/bin/sh
>> set -e
>> jail -r '*'
>> jail -c dns
>> jail -c mail
>
> You can also define a jail dependency to make sure a jail starts before
> another one
>
> dns {
> ...
> }
> mail {
> ...
> depend = "dns"
> }
I submitted an ezjail patch last year to be able to start a jail very
early. This is useful for me because that lets the DNS jail start early
enough that the ezjail host can use it as a DNS server.
An update to ezjail came out a few weeks back, but did not include it.
From owner-freebsd-jail@freebsd.org Mon Dec 21 04:58:44 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61345A4B709;
Mon, 21 Dec 2015 04:58:44 +0000 (UTC)
(envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id DE89010A8;
Mon, 21 Dec 2015 04:58:43 +0000 (UTC)
(envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id tBL4wMXp045109;
Mon, 21 Dec 2015 15:58:24 +1100 (EST)
(envelope-from smithi@nimnet.asn.au)
Date: Mon, 21 Dec 2015 15:58:22 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Michael Grimm <trashcan@ellael.org>
cc: freebsd-jail@freebsd.org, freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: How to define the order of starting jails?
In-Reply-To: <9E7DF9FD-60D5-497B-8BA5-5350D8167A55@ellael.org>
Message-ID: <20151221154512.P8562@sola.nimnet.asn.au>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
<1450639510.27618.8.camel@michaeleichorn.com>
<BE5B509A-9D84-46A3-BADB-E641E6BD51F7@odo.in-berlin.de>
<56771F8D.4040004@freebsd.org>
<9E7DF9FD-60D5-497B-8BA5-5350D8167A55@ellael.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>;
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2015 04:58:44 -0000
On Sun, 20 Dec 2015 22:54:08 +0100, Michael Grimm wrote:
> Allan Jude <allanjude@freebsd.org> wrote:
> > On 2015-12-20 14:57, Michael Grimm wrote:
> >> [Arrrgh, I never heard of "service" before (after so many years
> >> with FBSD) :-( What a shame ÿÿ]
> > 'service' was not introduced until FreeBSD 8, iirc. It is mostly a
> > redhat thing, but is very handy.
> No, I am not excused, because I arrived at FBSD-6.1. I should have
> noticed it in the meantime :-C
According to service(8):
HISTORY
The service utility first appeared in FreeBSD 7.3.
But I didn't notice and start using it regularly until FreeBSD 9 :)
Happy (winter there, summer here) Solstice, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1512201558410.60560>