Date: Tue, 09 Feb 2010 07:55:49 +0000 From: Matthew Seaman <m.seaman@black-earth.co.uk> To: Gary Gatten <Ggatten@waddell.com> Cc: Adam Vande More <amvandemore@gmail.com>, "Richard L. Houston" <rhouston@rlhc.net>, freebsd-questions@freebsd.org, Jason <jhelfman@e-e.com> Subject: Re: Updating packages in Jails Message-ID: <4B711505.4020907@black-earth.co.uk> In-Reply-To: <11646_1265667228_4B708C9C_11646_2871_1_70C0964126D66F458E688618E1CD008A08CCF4FB@WADPEXV0.waddell.com> References: <12972016.97.1265661043611.JavaMail.root@goblin><32433176.107.1265661327344.JavaMail.root@goblin><6201873e1002081309m6a2d4916u828d39f1e0c9c2a@mail.gmail.com><20100208211524.GA57127@eggman.experts-exchange.com> <6201873e1002081327k20bb39aey5a24d1b9337e41f9@mail.gmail.com> <11646_1265667228_4B708C9C_11646_2871_1_70C0964126D66F458E688618E1CD008A08CCF4FB@WADPEXV0.waddell.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigCE3A29082C897995F5F932D7
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 08/02/2010 22:13, Gary Gatten wrote:
> Hopefully this isn't considered a hijack, but what are the *main* diffs=
> between jails and vm's? I've never worked with jails but read about
> them several times. Do they allow controlling of CPU cycles, Memory
> regions, etc. in the same manner as the file system(s) and network?
>=20
> Asked another way, what are some Usage cases where jails would be equal=
> or more appropriate than full on vm's and vice-versa. We use vm's quit=
e
> extensively and I'm wondering of some of these can be done in jails
> instead.
The principal difference between Jails and full virtualisation is that
a the base system and all jails on a machine run inside a single kernel
instance. Jails see some or all of the same hardware which is shared
with the base system and may be shared with other jails. Thus all
jails have to run FreeBSD, and while you can install and run an older
user-land on a newer base fairly successfully, (eg. a 7.2 jail running
on an 8.0 base system) you can't do the converse. Trying to run an
i386 jail on an amd64 base system is also not recommended. VMs don't
have these limitations.
The big advantage of jails is that they are very light-weight. You get
the management advantages of virtualisation with almost none of the
virtualisation overhead, other than disk usage.
The whole jail concept is an elaboration of the well-known Unix
chroot(2) system call. Jailing adds to this dedicated IP addresses for
the jail -- but not a complete network stack just yet, so, for
instance, you can't run a firewall inside the jail. Virtualisation of
the network stack is a work in progress: google for VNET and VIMAGE if
interested.
You can use standard limits(1) controls on resource usage in the jail,
and you can use cpuset(1) to tie jailed processes to specific CPU
cores. Quotas tend not to work very well in jails: to control
filesystem usage, it's best to create a separate filesystem of the
appropriate size specifically for the jail. This is a very good
situation for handling by ZFS.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard, Flat 3
Black Earth Consulting Ramsgate
Kent, CT11 9PW
Free and Open Source Solutions Tel: +44 (0)1843 580647
--------------enigCE3A29082C897995F5F932D7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktxFQwACgkQ8Mjk52CukIx6kACfTmMticUmSYUCSz4+4lN5mpPx
0JsAn2ZaoxiqQhAxD1uZzTpBA1+2qQ7T
=qItV
-----END PGP SIGNATURE-----
--------------enigCE3A29082C897995F5F932D7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B711505.4020907>