Re: Cant't access mysql.sock (running on a jail) from a separate jail
Thanks a lot for answering. The hard link method works (all jails in the same fs). I' ve also tried unionfs but never managed to get it working. Anyone care to share a working example with unionfs? It might be useful in future projects. -- Manolis Tzanidakis mtzanida...@gmail.com 07 Δεκ 2009, 0:32, ο/η Miroslav Lachman 000.f...@quip.cz έγραψε: Manolis Tzanidakis wrote: Hello all, maybe this is already answered, but searching the list's archives was not working at the moment. Anyway, I've got a server running 8.0-RELEASE with various jails, all setup with ezjail. One jail is running mysql and another is running apache. I have a directory /usr/jails/mysqltmp (owned by mysql:mysql) on the host system, which is mounted in both jails as /mysqltmp with: /etc/fstab.mysqljail: /usr/jails/mysqltmp /usr/jails/mysqljail/mysqltmp nullfs rw 0 0 /etc/fstab.apachejail: /usr/jails/mysqltmp /usr/jails/mysqlapache/mysqltmp nullfs ro 0 0 (tried it also with 'rw', same results) I've setup my.cnf in mysqljail to write the mysql.sock socket in /mysqltmp and I can access mysql from this jail without problems, as expected. On the apachejail the socket shows up in /mysqltmp, however I can't connect: # mysql -S /mysqltmp/mysql.sock -u root -p ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/mysqltmp/mysql.socket' (2) You can use hardlink if you have your jails on one filesystem, or you can try unionfs instead of nullfs. Miroslav Lachman ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: ezjail with vimage
Miroslav Lachman, Alexander Leidinger - big thanks! -- Петровский Александр / Alexander Petrovsky, ICQ: 350342118 Jabber: ju...@jabber.ru Phone: +7 914 8 820 815 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: ezjail with vimage
Alexander Petrovsky wrote:
Hello!
I want merge all my jails (ezjail framework) working under freebsd 7.2 to
freebsd 8.0 with support vimage. Ezjail don't support jail_NAME_flags=
Whether, I can simply change the line in /usr/local/etc/rc.d/ezjail:
# Pass control to jail script which does the actual work
[ ${ezjail_pass} ] sh /etc/rc.d/jail one${action%crypto} ${ezjail_pass}
and add some parametres like:
jail -c vnet name=*vnet1* host.hostname=*vnet1.example.net* path=/ persist
You can add what ever variables you want in to
/usr/local/etc/ezjail/vnet1_example_net
It will be exported to /etc/rc.d/jail, so you can use:
export jail_vnet1_example_net_flags=my special flags here
Or you can try to set it in /etc/rc.conf. Ezjail is not so special as it
looks.
Miroslav Lachman
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: ezjail with vimage
Alexander Leidinger wrote: Quoting Alexander Petrovsky askju...@gmail.com (from Mon, 7 Dec 2009 17:04:04 +0800): Hello! I want merge all my jails (ezjail framework) working under freebsd 7.2 to freebsd 8.0 with support vimage. Ezjail don't support jail_NAME_flags= http://www.leidinger.net/FreeBSD/current-patches/jail.diff Take only the part for the first two files. After that you have jail_NAME_jailname, jail_NAME_securelevel and jail_NAME_startparams. It also makes more sanity checks for the fstab entries. Hi, is this patch just for your private use or is it something commitable? The last time I wrote with Bjoern A. Zeeb about jailname, cpuset etc. support in rc.conf (back in March 2009) he stated that there is no need to add anything because it can be done by jail_NAME_flags. AFAIK current system still doesn't allow me to set cpuset to jail from rc.conf Miroslav Lachman ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Jail's syslogd log to host's syslogd with unix socket
Hello all, I want to log from a jail's syslogd to the host's syslogd using a unix socket. I've added in host's rc.conf (followed by syslogd restart): syslogd_flags=-ss -l /usr/jails/jail1/var/run/log Jail's rc.conf: syslogd_flags=-ss but nothing is logged in host's syslogd. I'd like to avoid UDP if possible. Any ideas? Best regards, Manolis -- Manolis Tzanidakis mtzanida...@gmail.com ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: ezjail with vimage
On Mon, 7 Dec 2009, Miroslav Lachman wrote: Hi Miroslav, The last time I wrote with Bjoern A. Zeeb about jailname, cpuset etc. support in rc.conf (back in March 2009) he stated that there is no need to add anything because it can be done by jail_NAME_flags. AFAIK current system still doesn't allow me to set cpuset to jail from rc.conf Check /etc/defaults/rc.conf for jail_example_exec_afterstart. /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: Jail's syslogd log to host's syslogd with unix socket
On Mon, Dec 07, 2009 at 06:27:50PM +0200, Manolis Tzanidakis wrote: Hello all, I want to log from a jail's syslogd to the host's syslogd using a unix socket. I've added in host's rc.conf (followed by syslogd restart): syslogd_flags=-ss -l /usr/jails/jail1/var/run/log Jail's rc.conf: syslogd_flags=-ss but nothing is logged in host's syslogd. I'd like to avoid UDP if possible. Any ideas? man syslogd -s Operate in secure mode. Do not log messages from remote machines. If specified twice, no network socket will be opened at all, which also disables logging to remote machines. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: ezjail with vimage
Bjoern A. Zeeb wrote: On Mon, 7 Dec 2009, Miroslav Lachman wrote: Hi Miroslav, The last time I wrote with Bjoern A. Zeeb about jailname, cpuset etc. support in rc.conf (back in March 2009) he stated that there is no need to add anything because it can be done by jail_NAME_flags. AFAIK current system still doesn't allow me to set cpuset to jail from rc.conf Check /etc/defaults/rc.conf for jail_example_exec_afterstart. You already said that in the past and it was the reason why I found bug in cpuset. http://lists.freebsd.org/pipermail/freebsd-jail/2009-April/000830.html As I said, exec_afterstart is executed inside the jail and it means that I can not use it to bind the jail to specific CPU cores. ...but maybe I am blind. Can you correct me if I am wrong? From my point of view, it can be done in rc.subr as more general way allowing to use cpuset for any process started by rc.subr similar to what is proposed in this patch for setfib http://www.kes.net.ua/softdev/fib_patch.html Miroslav Lachman ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: Jail's syslogd log to host's syslogd with unix socket
Manolis Tzanidakis wrote: syslogd_flags=-ss -l /usr/jails/jail1/var/run/log When starting syslogd from the shell you can add the -d flag, that might print an error message if the socket cannot be opened. Jail's rc.conf: syslogd_flags=-ss The jails should not start any syslogd, use syslogd_enable=NO. -- Martin ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: ezjail with vimage
On Mon, 7 Dec 2009, Miroslav Lachman wrote: Bjoern A. Zeeb wrote: On Mon, 7 Dec 2009, Miroslav Lachman wrote: Hi Miroslav, The last time I wrote with Bjoern A. Zeeb about jailname, cpuset etc. support in rc.conf (back in March 2009) he stated that there is no need to add anything because it can be done by jail_NAME_flags. AFAIK current system still doesn't allow me to set cpuset to jail from rc.conf Check /etc/defaults/rc.conf for jail_example_exec_afterstart. You already said that in the past and it was the reason why I found bug in cpuset. http://lists.freebsd.org/pipermail/freebsd-jail/2009-April/000830.html As I said, exec_afterstart is executed inside the jail and it means that I can not use it to bind the jail to specific CPU cores. ...but maybe I am blind. Can you correct me if I am wrong? *mumble* *tired* *again* .. Let me cite man rc.conf to not mess it up again: jail_jname_exec_afterstartN (str) Unset by default. This is the command run as Nth com- mand in a jail after jail startup, where N is 1, 2, and so on. jail_jname_exec_poststartN (str) Unset by default. This is the command run as Nth com- mand after jail startup, where N is 0, 1, and so on. It is run outside the jail. HTH /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
