From owner-freebsd-questions Tue Dec 3 17:47:10 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2938D37B401 for ; Tue, 3 Dec 2002 17:47:08 -0800 (PST) Received: from cypress.adhesivemedia.com (cypress.adhesivemedia.com [207.202.159.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E0BC43EB2 for ; Tue, 3 Dec 2002 17:47:07 -0800 (PST) (envelope-from philip@adhesivemedia.com) Received: from cypress.adhesivemedia.com (localhost [127.0.0.1]) by cypress.adhesivemedia.com (8.12.3/8.12.3) with ESMTP id gB41koFk097276; Tue, 3 Dec 2002 17:46:50 -0800 (PST) (envelope-from philip@adhesivemedia.com) Received: from localhost (philip@localhost) by cypress.adhesivemedia.com (8.12.3/8.12.3/Submit) with ESMTP id gB41kote097273; Tue, 3 Dec 2002 17:46:50 -0800 (PST) X-Authentication-Warning: cypress.adhesivemedia.com: philip owned process doing -bs Date: Tue, 3 Dec 2002 17:46:50 -0800 (PST) From: Philip Hallstrom To: Simon1 Cc: Greg Goodman , Subject: Re: Virtual Private Servers/Jails In-Reply-To: <20021203193834.X471-100000@server.simon1.net> Message-ID: <20021203173839.P94322-100000@cypress.adhesivemedia.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > Does anyone have any information on setting up virtual private > > servers with Freebsd? There are a lot of people doing it out there > > but I can't seem to find any documentation supporting it. > > FreeBSD doesn't offer true virtual machines. FreeBSD does come with > jails. Which can provide similar functionality in many cases. Jails aren't > nearly as polished as the virtual servers I've seen in the linux world. The only glitch I've run into to date is that you can't run *multiple* instances of an app that uses shared memory such as PostgreSQL. Put the database on a separate server and let the jails talk to it though and it's fine. And some apps like top don't work right (something to do with accessing kernel paramaters that don't technically exist in the jail). Not a big deal though since if you want top there's a good chance your an admin and should probably be on the host box anyway :) The rest of my comments concern FreeBSD version: 4.7-RC FreeBSD 4.7-RC #2: Fri Oct 11 15:44:24 PDT 2002 > I've run jails on production webservers, in most cases to consolidate I run them for development servers. oak is the physical box and runs postgresql. I've got 4 jails running apache so each developer can have his own sandbox and can royally screw things up without affecting the rest of us. Works awesome. > me. I hammer quotas a lot, because of how important they and other limits > are in the web hosting environments I was using them in. I don't use quotas since this isn't for a commercial web hosting environment.... > What I've found: > 1) Connecting (aka telnet, ftp, ssh) from one jail to another or even to > the physical host is supposed to work, but I was never able to make it > happen. If anyone knows why, please chip in... The jails could access the > internet, but not its host or sister jails. /stand/sysinstall also didn't > like to download ports, which I'm guessing is for a related reason. Works great for me... I can do all three b/n jails, host, and remote servers or any combination. Also updating ports with cvsup and/or installing them with porteasy also works just fine. Never tried using sysinstall. > 2) Quotas work, but its painful. > The FreeBSD quota system/utilities hasn't really been modified > for jails. It works, but it isn't fun getting it to. I've seen one, > maybe two sites out there that actually give some good information on > this. Essentially, FreeBSD tracks quotas by UID, host side. They're still > effective in jails, but you have to make sure that you don't have two > UID's on the same filesystem. Not realtime, but you could run a "du -hcs *" on the top level directory that holds the jails to get a count, then substract what a "bare" jail contains and this would give you a snapshot of how much space is being used. Granted in a commercial environment your users could use as much as they want and then remove it before you run the script, but that's life :) > with root in a jail can't trash the main system, they can still do a lot > of damage. They can? How? Other than destroying that jail and thus anything on that IP, they can't touch the rest of the system.. at least that's my understanding. Please correct me if I'm wrong. > 4) Needed utilities and commands. (Call it my wishlist) > 1) A way to list jails. > 2) A way to list processes BY jail, and a way to show (host side) > which jail a process belongs to. > 3) jail halt, jail restart commands to close out the jail, and > possibly restart it. Check out the following ports which do what you want with maybe the exception of #2, but maybe even that, I don't remember. jailer-1.1.1 Manage FreeBSD jail startup, shutdown and console jailutils-0.5.1 Several utilies for managing jails > I was very happy with how wells the jails worked, but I would have So far I've been very happy as well... -philip To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message