[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Thanks and suggestions

Jason But wrote:

> 1) Use of rc.conf _interface variables.
> Individual jail config variables are stored in
> /usr/local/etc/ezjail/jail_name. The current /etc/rc.d/jail script
> supports the "jail_(jailname)_interface" variable. If this variable is
> defined then the following commands are run on jail startup (ifconfig
> _interface alias _ip) and shutdown (ifconfig _interface -alias _ip).
> This allows us to not worry about configuring all 100+ IP addresses in
> rc.conf. I tested by adding a jail_name_interface variable with the
> interface name to the /usr/local/etc/ezjail files and found that it all
> worked properly. I suggest an extra parameter to "ezjail-admin create"
> to optionally specify the interface name and if provided to write this
> variable to the jail config file.

We've had lengthy discussions about making ezjail configuring IP
addresses when starting jails. I also had that discussion at freebsd-rc.
Philipp Wuensche and I came to the conclusion that this leads to
complications when used in real world.

Consider two jails using the same IP address. Now consider starting and
stopping them both. Even worse: consider a jail sharing IP addresses
with the host system. Now consider stopping the jail.

Instead Philipp submitted a patch to FreeBSD that helps to configure
CIDR-address ranges on interfaces. Use ipv4_addrs_IF to configure them.


> Please note that FIB support is not yet perfect on BSD yet and while
> alot of stuff worked, some didn't. For this feature I am thinking more
> of the future when they do work properly

Yes, including FIB is certainly on the list of things to include in ezjail.

> To save space (with hundreds of jails), we used to use sparse image
> files as our disk images. These files grew as students installed files
> in their jails. It would be extremely nice if the "exjail-admin create"
> provided support for sparse file images as well.

You mean calling dd with the conv=sparse parameter? I think, we can do
this. Comments on this, anyone?