[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Thanks and suggestions



Dirk Engling wrote:
> Jason But wrote:
>
>   
>> 1) Use of rc.conf _interface variables.
>>
>> Individual jail config variables are stored in
>> /usr/local/etc/ezjail/jail_name. The current /etc/rc.d/jail script
>> supports the "jail_(jailname)_interface" variable. If this variable is
>> defined then the following commands are run on jail startup (ifconfig
>> _interface alias _ip) and shutdown (ifconfig _interface -alias _ip).
>>
>> This allows us to not worry about configuring all 100+ IP addresses in
>> rc.conf. I tested by adding a jail_name_interface variable with the
>> interface name to the /usr/local/etc/ezjail files and found that it all
>> worked properly. I suggest an extra parameter to "ezjail-admin create"
>> to optionally specify the interface name and if provided to write this
>> variable to the jail config file.
>>     
>
> We've had lengthy discussions about making ezjail configuring IP
> addresses when starting jails. I also had that discussion at freebsd-rc.
> Philipp Wuensche and I came to the conclusion that this leads to
> complications when used in real world.
>
> Consider two jails using the same IP address. Now consider starting and
> stopping them both. Even worse: consider a jail sharing IP addresses
> with the host system. Now consider stopping the jail.
>
> Instead Philipp submitted a patch to FreeBSD that helps to configure
> CIDR-address ranges on interfaces. Use ipv4_addrs_IF to configure them.
>
>   
Thanks, didn't know about that variable.

I understand that our situation is a little different to regular jail
usage, but we would like automatically alias/unalias IP addresses jails
are brought up/down. The suggestion I made uses existing rc.conf
variables and usage would be optional. Your complications would exist if
I manually configured the jail_XXX_interface variable in rc.conf right now.

My suggestion was

ezjail-admin create ..... (do what it does now)

ezjail-admin create --if fxp0 .... (create an extra line in ezjail conf
file that reads export jail_foo_interface="fxp0"

> http://www.jp.freebsd.org/cgi/cvsweb.cgi/src/etc/network.subr.diff?r1=1.164&r2=1.164.2.2&f=h
>
>   
>> Please note that FIB support is not yet perfect on BSD yet and while
>> alot of stuff worked, some didn't. For this feature I am thinking more
>> of the future when they do work properly
>>     
>
> Yes, including FIB is certainly on the list of things to include in ezjail.
>
>   
Awesome. An extra variable in the conf file could easily be checked to
solve the "console" command issue
>> To save space (with hundreds of jails), we used to use sparse image
>> files as our disk images. These files grew as students installed files
>> in their jails. It would be extremely nice if the "exjail-admin create"
>> provided support for sparse file images as well.
>>     
>
> You mean calling dd with the conv=sparse parameter? I think, we can do
> this. Comments on this, anyone?
>
>   
I think so. Our old solution was binary (compiled C) and we did this bit
so long ago that I would have to go digging through piles of source code
to find out for sure.
> Regards,
>
>   erdgeist
>
>   


-- 

----------
Dr. Jason But
Lecturer
Centre for Advanced Internet Architectures
Faculty of Information and Communication Technologies
Swinburne University of Technology

Phone: +61 3 9214 4839
Email: jbut AT swin.edu DOT au
www:   http://caia.swin.edu.au