From owner-freebsd-jail@freebsd.org Sun Dec 20 23:02:49 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65238A4D61F; Sun, 20 Dec 2015 23:02:49 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 27AF518D8; Sun, 20 Dec 2015 23:02:48 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.15.2/8.15.2) with ESMTPS id tBKN1Uqm062317 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 20 Dec 2015 16:01:30 -0700 (MST) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id tBKN1TXH062303; Sun, 20 Dec 2015 16:01:29 -0700 (MST) (envelope-from wblock@wonkity.com) Date: Sun, 20 Dec 2015 16:01:29 -0700 (MST) From: Warren Block To: dweimer cc: "Michael B. Eichorn" , freebsd-jail@freebsd.org, freebsd-questions , Michael Grimm , owner-freebsd-questions@freebsd.org Subject: Re: How to define the order of starting jails? In-Reply-To: Message-ID: References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de> <1450639510.27618.8.camel@michaeleichorn.com> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Sun, 20 Dec 2015 16:01:30 -0700 (MST) Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Dec 2015 23:02:49 -0000 On Sun, 20 Dec 2015, dweimer wrote: > On 2015-12-20 1:25 pm, Michael B. Eichorn wrote: >> On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote: >>> Hi — >>> >>> [Background: I wish to run (some of my) ezjail-made jails and VNET >>> which cannot be done by ezjail, natively.] >>> >>> But I found a way to mix both ezjail and basic jail(8) functionality. >>> It's quite easy to fire up ezjail-made jails defined in jail.conf by >>> jail. And, now I can apply VNET to those jails I do wish to run their >>> own network stacks. That's all working well. >>> >>> But I am bit stuck in finding a way to start my jails in a pre- >>> defined order (e.g. first DNS, then mail, …). Well, I can achieve >>> that during boot time by using jail_list="dns mail …" in rc.conf. >>> But, this is respected during boot time, *only*. Whenever I do run a >>> "jail -rc '*'" that shutdown and starting order becomes arbitrary. It >>> doesn't follow the sequence of my jail definitions in jail.conf, >>> either. I thoroughly checked the jail.conf(5) man page for a >>> functionality that would allow me to define a startup/shutdown >>> sequence, but I couldn't find it. >>> >>> Thus, I might have overlooked it, is there a way to achieve my goal >>> using jail and jail.conf? >>> Or something else? >>> >>> Thanks and regards, >>> Michael >> >> jail(8)'s '*' operates on everything without concern for rc.conf, as >> such jail_list is not respected. Perhaps try something tied to the rc.d >> system. Does `service jail restart` do what you are looking for? >> >> Otherwise I would just go with simple restart script such as: >> #!/bin/sh >> set -e >> jail -r '*' >> jail -c dns >> jail -c mail > > You can also define a jail dependency to make sure a jail starts before > another one > > dns { > ... > } > mail { > ... > depend = "dns" > } I submitted an ezjail patch last year to be able to start a jail very early. This is useful for me because that lets the DNS jail start early enough that the ezjail host can use it as a DNS server. An update to ezjail came out a few weeks back, but did not include it. From owner-freebsd-jail@freebsd.org Mon Dec 21 04:58:44 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61345A4B709; Mon, 21 Dec 2015 04:58:44 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DE89010A8; Mon, 21 Dec 2015 04:58:43 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id tBL4wMXp045109; Mon, 21 Dec 2015 15:58:24 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Mon, 21 Dec 2015 15:58:22 +1100 (EST) From: Ian Smith To: Michael Grimm cc: freebsd-jail@freebsd.org, freebsd-questions Subject: Re: How to define the order of starting jails? In-Reply-To: <9E7DF9FD-60D5-497B-8BA5-5350D8167A55@ellael.org> Message-ID: <20151221154512.P8562@sola.nimnet.asn.au> References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de> <1450639510.27618.8.camel@michaeleichorn.com> <56771F8D.4040004@freebsd.org> <9E7DF9FD-60D5-497B-8BA5-5350D8167A55@ellael.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Dec 2015 04:58:44 -0000 On Sun, 20 Dec 2015 22:54:08 +0100, Michael Grimm wrote: > Allan Jude wrote: > > On 2015-12-20 14:57, Michael Grimm wrote: > >> [Arrrgh, I never heard of "service" before (after so many years > >> with FBSD) :-( What a shame ÿÿ] > > 'service' was not introduced until FreeBSD 8, iirc. It is mostly a > > redhat thing, but is very handy. > No, I am not excused, because I arrived at FBSD-6.1. I should have > noticed it in the meantime :-C According to service(8): HISTORY The service utility first appeared in FreeBSD 7.3. But I didn't notice and start using it regularly until FreeBSD 9 :) Happy (winter there, summer here) Solstice, Ian