[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Thanks and suggestions

Dirk Engling wrote:
> Jason But wrote:
>> 1) Use of rc.conf _interface variables.
>> Individual jail config variables are stored in
>> /usr/local/etc/ezjail/jail_name. The current /etc/rc.d/jail script
>> supports the "jail_(jailname)_interface" variable. If this variable is
>> defined then the following commands are run on jail startup (ifconfig
>> _interface alias _ip) and shutdown (ifconfig _interface -alias _ip).
>> This allows us to not worry about configuring all 100+ IP addresses in
>> rc.conf. I tested by adding a jail_name_interface variable with the
>> interface name to the /usr/local/etc/ezjail files and found that it all
>> worked properly. I suggest an extra parameter to "ezjail-admin create"
>> to optionally specify the interface name and if provided to write this
>> variable to the jail config file.
> We've had lengthy discussions about making ezjail configuring IP
> addresses when starting jails. I also had that discussion at freebsd-rc.
> Philipp Wuensche and I came to the conclusion that this leads to
> complications when used in real world.
> Consider two jails using the same IP address. Now consider starting and
> stopping them both. Even worse: consider a jail sharing IP addresses
> with the host system. Now consider stopping the jail.
> Instead Philipp submitted a patch to FreeBSD that helps to configure
> CIDR-address ranges on interfaces. Use ipv4_addrs_IF to configure them.
Thanks, didn't know about that variable.

I understand that our situation is a little different to regular jail
usage, but we would like automatically alias/unalias IP addresses jails
are brought up/down. The suggestion I made uses existing rc.conf
variables and usage would be optional. Your complications would exist if
I manually configured the jail_XXX_interface variable in rc.conf right now.

My suggestion was

ezjail-admin create ..... (do what it does now)

ezjail-admin create --if fxp0 .... (create an extra line in ezjail conf
file that reads export jail_foo_interface="fxp0"

> http://www.jp.freebsd.org/cgi/cvsweb.cgi/src/etc/network.subr.diff?r1=1.164&r2=
>> Please note that FIB support is not yet perfect on BSD yet and while
>> alot of stuff worked, some didn't. For this feature I am thinking more
>> of the future when they do work properly
> Yes, including FIB is certainly on the list of things to include in ezjail.
Awesome. An extra variable in the conf file could easily be checked to
solve the "console" command issue
>> To save space (with hundreds of jails), we used to use sparse image
>> files as our disk images. These files grew as students installed files
>> in their jails. It would be extremely nice if the "exjail-admin create"
>> provided support for sparse file images as well.
> You mean calling dd with the conv=sparse parameter? I think, we can do
> this. Comments on this, anyone?
I think so. Our old solution was binary (compiled C) and we did this bit
so long ago that I would have to go digging through piles of source code
to find out for sure.
> Regards,
>   erdgeist


Dr. Jason But
Centre for Advanced Internet Architectures
Faculty of Information and Communication Technologies
Swinburne University of Technology

Phone: +61 3 9214 4839
Email: jbut AT swin.edu DOT au
www:   http://caia.swin.edu.au