Updating packages in Jails
Hi everyone, First off I am new to FreeBSD. I use Linux professorially and really looking forward to getting some FreeBSD boxes in production as well. My apologies if my questions are noobish and I have tried Googling for some of them but with limited results so I figure I would ask for help from the Alpha dogs of FreeBSD on this list. So with hat in had I humbly request help in managing jails. I have set up a FreeBSD 8.0 install and patched it with freebsd-update. I then created a jail based on the instructions from the latest BSDMagazine. It seems to work great. Now my issue come in once I try to update the Jail with Freebsd-update. FYI, I installed the jail from sysinstall using the minimal distribution option. when I run Freebsd-update I was getting: Installing updates...chflags: ///libexec/ld-elf.so.1: Operation not permitted but after restarting the jail I now get Cannot identify running kernel The Apache server running on the jail seems to be working fine as is the ssh server. Any thought on this issue? Is there a preferred way to update the jail env? Remember, noob here, please go easy on me. :) Also is there issues with mixing the install of ports from source and via pkg_add? Good / bad to mix or no big deal. This is more of a general knowledge question, not implying I would be mixing the two types :) Thanks all and look forward to being a part of the FreeBSD community. ++ Best regards, -Richard Houston -R.L.H. Consulting -E-Mail rhous...@rlhc.net -WWW http://www.rlhc.net -Blog http://www.rlhc.net/blog/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Updating packages in Jails
On Mon, Feb 8, 2010 at 2:35 PM, Richard L. Houston rhous...@rlhc.netwrote: Hi everyone, First off I am new to FreeBSD. I use Linux professorially and really looking forward to getting some FreeBSD boxes in production as well. My apologies if my questions are noobish and I have tried Googling for some of them but with limited results so I figure I would ask for help from the Alpha dogs of FreeBSD on this list. So with hat in had I humbly request help in managing jails. I have set up a FreeBSD 8.0 install and patched it with freebsd-update. I then created a jail based on the instructions from the latest BSDMagazine. It seems to work great. Now my issue come in once I try to update the Jail with Freebsd-update. FYI, I installed the jail from sysinstall using the minimal distribution option. when I run Freebsd-update I was getting: Installing updates...chflags: ///libexec/ld-elf.so.1: Operation not permitted but after restarting the jail I now get Cannot identify running kernel The Apache server running on the jail seems to be working fine as is the ssh server. Any thought on this issue? Is there a preferred way to update the jail env? Remember, noob here, please go easy on me. :) Also is there issues with mixing the install of ports from source and via pkg_add? Good / bad to mix or no big deal. This is more of a general knowledge question, not implying I would be mixing the two types :) Thanks all and look forward to being a part of the FreeBSD community. Use this as a starting point http://www.freebsd.org/doc/handbook/jails.html Anyways, host and jail need to run the exact same kernel. Normally I'll build my kernel and install it into the base as well as each individual jail so everything is consistent. Also check out /usr/ports/sysutils/ezjail -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Updating packages in Jails
Use this as a starting point http://www.freebsd.org/doc/handbook/jails.html Anyways, host and jail need to run the exact same kernel. Normally I'll build my kernel and install it into the base as well as each individual jail so everything is consistent. Why do they need to run the exact same kernel? I didn't see that anywhere in the document, unless I missed it. thanks Also check out /usr/ports/sysutils/ezjail -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Updating packages in Jails
On Mon, Feb 8, 2010 at 3:15 PM, Jason jhelf...@e-e.com wrote: Use this as a starting point http://www.freebsd.org/doc/handbook/jails.html Anyways, host and jail need to run the exact same kernel. Normally I'll build my kernel and install it into the base as well as each individual jail so everything is consistent. Why do they need to run the exact same kernel? I didn't see that anywhere in the document, unless I missed it. thanks They aren't a full form of visualization in terms of having a hypervisor, as it is dependent the system calls coming from a jail being the same calls that are present in the host kernel. Mismatched kernel version could break that mapping. Which is also why jails are a faster form of virtualization because all the call mappings are 1:1. At least that's my understanding. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Updating packages in Jails
-Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Adam Vande More Sent: Monday, February 08, 2010 3:28 PM To: Jason Cc: Richard L. Houston; freebsd-questions@freebsd.org Subject: Re: Updating packages in Jails On Mon, Feb 8, 2010 at 3:15 PM, Jason jhelf...@e-e.com wrote: Use this as a starting point http://www.freebsd.org/doc/handbook/jails.html Anyways, host and jail need to run the exact same kernel. Normally I'll build my kernel and install it into the base as well as each individual jail so everything is consistent. Why do they need to run the exact same kernel? I didn't see that anywhere in the document, unless I missed it. thanks They aren't a full form of visualization in terms of having a hypervisor, as it is dependent the system calls coming from a jail being the same calls that are present in the host kernel. Mismatched kernel version could break that mapping. Which is also why jails are a faster form of virtualization because all the call mappings are 1:1. At least that's my understanding. Question: Hopefully this isn't considered a hijack, but what are the *main* diffs between jails and vm's? I've never worked with jails but read about them several times. Do they allow controlling of CPU cycles, Memory regions, etc. in the same manner as the file system(s) and network? Asked another way, what are some Usage cases where jails would be equal or more appropriate than full on vm's and vice-versa. We use vm's quite extensively and I'm wondering of some of these can be done in jails instead. TIA! Gary PS: Note - no top posting this time! font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Updating packages in Jails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/02/2010 21:09, Adam Vande More wrote: Anyways, host and jail need to run the exact same kernel. Normally I'll build my kernel and install it into the base as well as each individual jail so everything is consistent. It's not so much 'need to run' as 'are running.' Jails don't have a separate kernel instance like (eg) LVM. Everything runs under the same kernel as the base system. You don't even need to install a kernel image into a jailed filesystem, and when using something like freebsd-update in a jail, just make the fairly obvious config file tweak that tells it to ignore kernel updates. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktxD28ACgkQ8Mjk52CukIwKNQCcClChgJZnkl7SFO6VOYZLLV+q om4An0YdvsueTOcxG9UtEUDdTCmQMYeZ =bT6d -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Updating packages in Jails
On 08/02/2010 22:13, Gary Gatten wrote: Hopefully this isn't considered a hijack, but what are the *main* diffs between jails and vm's? I've never worked with jails but read about them several times. Do they allow controlling of CPU cycles, Memory regions, etc. in the same manner as the file system(s) and network? Asked another way, what are some Usage cases where jails would be equal or more appropriate than full on vm's and vice-versa. We use vm's quite extensively and I'm wondering of some of these can be done in jails instead. The principal difference between Jails and full virtualisation is that a the base system and all jails on a machine run inside a single kernel instance. Jails see some or all of the same hardware which is shared with the base system and may be shared with other jails. Thus all jails have to run FreeBSD, and while you can install and run an older user-land on a newer base fairly successfully, (eg. a 7.2 jail running on an 8.0 base system) you can't do the converse. Trying to run an i386 jail on an amd64 base system is also not recommended. VMs don't have these limitations. The big advantage of jails is that they are very light-weight. You get the management advantages of virtualisation with almost none of the virtualisation overhead, other than disk usage. The whole jail concept is an elaboration of the well-known Unix chroot(2) system call. Jailing adds to this dedicated IP addresses for the jail -- but not a complete network stack just yet, so, for instance, you can't run a firewall inside the jail. Virtualisation of the network stack is a work in progress: google for VNET and VIMAGE if interested. You can use standard limits(1) controls on resource usage in the jail, and you can use cpuset(1) to tie jailed processes to specific CPU cores. Quotas tend not to work very well in jails: to control filesystem usage, it's best to create a separate filesystem of the appropriate size specifically for the jail. This is a very good situation for handling by ZFS. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard, Flat 3 Black Earth Consulting Ramsgate Kent, CT11 9PW Free and Open Source Solutions Tel: +44 (0)1843 580647 signature.asc Description: OpenPGP digital signature
