Re: Virtual Private Servers???
disclaimer...I have no personal experience with VM's...But, one of the list services I belong to has mentioned this before. See if Qemu might be of use. http://fabrice.bellard.free.fr/qemu/ Don ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Virtual Private Servers???
Ok, I'm a FreeBSD guy. Recently I moved into another company. All of their servers runs Linux. For my first assignment, I need to have a comparison between various Linux Virtualizations. So far I came up with Virtuozzo/OpenVZ, Xen, UML, Linux-Vserver. As far as I can understand, all of them are somewhat connected to the Linux kernel. Ok, it's not a simple software.. it uses the Linux kernel, and I cannot simply install it on my favorite OS. Questions: Do you know any sort of virtualization project ongoing on top of FreeBSD or any BSDs? As far as I can understand, the jail does virtualization but only with processes and not the entire Os, am I right? I don't know exactly where Xen for FreeBSD is at at the moment (keep meaning to go check), but I am pretty sure it can run as a guest OS. So you could have linux be the host and a bunch of FreeBSD guests... As for Jails, I have a box that has 2 jails on it that with very few exceptions look and feel like a full blown OS. I ssh to them. I run postfix, mysql, apache, rails, etc... all okay. The only isuses I run into are when trying to ping/traceroute/netstat/top.. Search around for 'ezjail'. It's a set of scripts meant to help you run a lot of jails while using very little space by sharing a lot of the files (ie, everything in /usr/(bin|lib|include)) -philip ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Virtual Private Servers???
Hi, Ok, I'm a FreeBSD guy. Recently I moved into another company. All of their servers runs Linux. For my first assignment, I need to have a comparison between various Linux Virtualizations. So far I came up with Virtuozzo/OpenVZ, Xen, UML, Linux-Vserver. As far as I can understand, all of them are somewhat connected to the Linux kernel. Ok, it's not a simple software.. it uses the Linux kernel, and I cannot simply install it on my favorite OS. Questions: Do you know any sort of virtualization project ongoing on top of FreeBSD or any BSDs? As far as I can understand, the jail does virtualization but only with processes and not the entire Os, am I right? That's all for now, hope you can help me. Thanks! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Virtual Private Servers/Jails
> I run them for development servers. oak is the physical box and runs
> postgresql. I've got 4 jails running apache so each developer can have
> his own sandbox and can royally screw things up without affecting the rest
> of us. Works awesome.
That's always useful. Like I said, I just never got the jails to speak to
each other. It might have had something to do with the specific setup I
had going. I no longer manage the webhosting I was using the jails in, but
I'll see if I can't get some time with one of my development boxes to play
with. Postgres I've never used, MySQL on the other hand..
> I don't use quotas since this isn't for a commercial web hosting
> environment
That's what I was using them for. All of the work I did with jails was
targeted towards that environment.
> > What I've found:
> > 1) Connecting (aka telnet, ftp, ssh) from one jail to another or even to
> > the physical host is supposed to work, but I was never able to make it
[snip]
> Works great for me... I can do all three b/n jails, host, and remote
> servers or any combination. Also updating ports with cvsup and/or
> installing them with porteasy also works just fine. Never tried using
> sysinstall.
I seem to be the only person unable to get it to go. I think it may have
had something to do with the firewall rules, but even allow any from any
didn't seem to have a big effect. Not sure if dummynet may have had
anything to do with it either, though I doubt it.
> Not realtime, but you could run a "du -hcs *" on the top level directory
> that holds the jails to get a count, then substract what a "bare" jail
> contains and this would give you a snapshot of how much space is being
> used. Granted in a commercial environment your users could use as much as
> they want and then remove it before you run the script, but that's life :)
Realtime quotas are a must in web hosting. The stuff I've had users do was
incredible. At one point, there were no quotas except as you described
above. The amount of trouble that caused.. *shakes head*
Anything that has to scan the files works okay in smaller environments.
But when you break 10-20k accounts things really bog down.
> > with root in a jail can't trash the main system, they can still do a lot
> > of damage.
>
> They can? How? Other than destroying that jail and thus anything on that
> IP, they can't touch the rest of the system.. at least that's my
> understanding. Please correct me if I'm wrong.
No, you can't mess with processes or files outside of the jail. However,
you can run processes which bring the system to its knees (think while(1)
{ fork; } <--don't laugh, I'm not making this up. People really do
run commands like that "just to see what would happen")
Also, if someone doesn't know any better (or doesn't have an option) they
might put the jail on one of their main partitions. FreeBSD may still
function, but it gets unhappy when a drive is totally full. Should you
have anything running that needs to save state (think databases here)
you'll have some problems.
That's what I was thinking of when I wrote what I did. I should have
clarified that, sorry.
> Check out the following ports which do what you want with maybe the
> exception of #2, but maybe even that, I don't remember.
>
> jailer-1.1.1Manage FreeBSD jail startup, shutdown and console
> jailutils-0.5.1 Several utilies for managing jails
I also saw a post made right after I composed mine with a JailAdmin tool
that looked very promising. I haven't used any of the tools above, but I'm
glad to see that many of my 'wishes' have already come true. =)
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: Virtual Private Servers/Jails
At 2002-12-04T01:33:02Z, Simon1 <[EMAIL PROTECTED]> writes: > 4) Needed utilities and commands. (Call it my wishlist) > 1) A way to list jails. > 2) A way to list processes BY jail, and a way to show (host side) > which jail a process belongs to. > 3) jail halt, jail restart commands to close out the jail, and > possibly restart it. My JailAdmin program (at http://subwiki.honeypot.net/cgi-bin/view/Freebsd/JailAdmin) handles those functions. For example: root@kanga:/home/kirk# jailadmin status all Server: vserver1 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 23688 0.0 0.1 944 532 ?? SsJ Mon10AM 0:00.21 /usr/sbin/syslogd -a 127.0.0.1/8 root 23695 0.0 0.1 1056 428 ?? IsJ Mon10AM 0:00.00 /usr/sbin/inetd -wWl root 23697 0.0 0.1 984 452 ?? IsJ Mon10AM 0:00.30 /usr/sbin/cron root 23699 0.0 0.2 2852 1440 ?? IsJ Mon10AM 0:00.66 /usr/sbin/sshd Server: vserver2 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 573 0.0 0.1 952 500 ?? SsJ Mon09AM 0:01.37 /usr/sbin/syslogd -a 127.0.0.1/8 root 581 0.0 0.1 1064 476 ?? IsJ Mon09AM 0:00.03 /usr/sbin/inetd -wWl root 583 0.0 0.1 988 476 ?? IsJ Mon09AM 0:00.36 /usr/sbin/cron root 585 0.0 0.1 2852 1052 ?? IsJ Mon09AM 0:00.51 /usr/sbin/sshd root 893 0.0 0.2 2788 1364 ?? IsJ Mon09AM 0:00.06 sendmail: Queue runner@00:30:00 for /var/spool/mqueue (sendmail) smmsp 896 0.0 0.2 2664 1260 ?? IsJ Mon09AM 0:00.05 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) news 22029 0.0 0.7 5536 5232 ?? IsJ 7:19PM 0:00.78 (leafnode) Server: vserver3 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 671 0.0 0.1 944 492 ?? SsJ Mon09AM 0:00.24 /usr/sbin/syslogd -a 127.0.0.1/8 root 678 0.0 0.1 1040 432 ?? IsJ Mon09AM 0:00.00 /usr/sbin/inetd -wWl root 680 0.0 0.1 976 484 ?? IsJ Mon09AM 0:00.43 /usr/sbin/cron root 682 0.0 0.1 2852 1012 ?? IsJ Mon09AM 0:00.64 /usr/sbin/sshd root 1002 0.0 0.1 1052 564 ?? IJ Mon09AM 0:00.00 cron: running job (cron) 1100 1009 0.0 0.1 2688 1148 ?? IsJ Mon09AM 0:00.02 /usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t 1100 1051 0.0 2.8 95876 21856 ?? SJ Mon09AM 90:21.23 /usr/local/jdk1.3.1/bin/i386/green_threads/java freenet.node.Main Stopping an individual jail: root@kanga:/home/kirk# jailadmin stop vserver1 Stopping server vserver1... Sending signal TERM to all processes in the jail Waiting 5 seconds to check success... Starting an individual jail: root@kanga:/home/kirk# jailadmin start vserver1 Starting server vserver1... Skipping disk checks ... Doing initial network setup:. ifconfig: ioctl (SIOCDIFADDR): permission denied lo0: flags=8049 mtu 16384 Additional routing options: tcp extensions=NOsysctl: net.inet.tcp.rfc1323: Operation not permitted TCP keepalive=YESsysctl: net.inet.tcp.always_keepalive: Operation not permitted . Routing daemons:. Additional daemons: syslogd. Doing additional network setup:. Starting final network daemons:. ELF ldconfig path: /usr/lib /usr/lib/compat /usr/X11R6/lib /usr/local/lib a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout /usr/X11R6/lib/aout Starting standard daemons: inetd cron sshd. Initial rc.i386 initialization:. Additional ABI support:. Local package initialization: pgsql apache jabberd mysqld Zope. Additional TCP options:. Wed Dec 4 01:43:08 GMT 2002 The version I finished yesterday has provisions for automatically mounting a (list of) filesystem(s) before starting the jail, and umounting them (in reverse order) after stopping the jail. I did this to simplify sharing /usr/ports/distfiles via NFS from the host environment among all of the jail environments: root@kanga:/home/kirk# cat /usr/local/etc/jailadmin.conf jaildir=/usr/export vserver1 ip: 10.0.0.32 hostname: virtual1.honeypot.net mount: /usr/ports/distfiles JailAdmin comes with a few other features, such as an SNMP module for the 'net-snmp' port, allowing Cricket, MRTG, etc. to graph statistics from the jails on a given server. Right now, the module only returns a minimal amount of information (IP, hostname, number of loaded processes, etc.), but I wrote it with expandability in mind. -- Kirk Strauser In Googlis non est, ergo non est. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Virtual Private Servers/Jails
> > Does anyone have any information on setting up virtual private > > servers with Freebsd? There are a lot of people doing it out there > > but I can't seem to find any documentation supporting it. > > FreeBSD doesn't offer true virtual machines. FreeBSD does come with > jails. Which can provide similar functionality in many cases. Jails aren't > nearly as polished as the virtual servers I've seen in the linux world. The only glitch I've run into to date is that you can't run *multiple* instances of an app that uses shared memory such as PostgreSQL. Put the database on a separate server and let the jails talk to it though and it's fine. And some apps like top don't work right (something to do with accessing kernel paramaters that don't technically exist in the jail). Not a big deal though since if you want top there's a good chance your an admin and should probably be on the host box anyway :) The rest of my comments concern FreeBSD version: 4.7-RC FreeBSD 4.7-RC #2: Fri Oct 11 15:44:24 PDT 2002 > I've run jails on production webservers, in most cases to consolidate I run them for development servers. oak is the physical box and runs postgresql. I've got 4 jails running apache so each developer can have his own sandbox and can royally screw things up without affecting the rest of us. Works awesome. > me. I hammer quotas a lot, because of how important they and other limits > are in the web hosting environments I was using them in. I don't use quotas since this isn't for a commercial web hosting environment > What I've found: > 1) Connecting (aka telnet, ftp, ssh) from one jail to another or even to > the physical host is supposed to work, but I was never able to make it > happen. If anyone knows why, please chip in... The jails could access the > internet, but not its host or sister jails. /stand/sysinstall also didn't > like to download ports, which I'm guessing is for a related reason. Works great for me... I can do all three b/n jails, host, and remote servers or any combination. Also updating ports with cvsup and/or installing them with porteasy also works just fine. Never tried using sysinstall. > 2) Quotas work, but its painful. > The FreeBSD quota system/utilities hasn't really been modified > for jails. It works, but it isn't fun getting it to. I've seen one, > maybe two sites out there that actually give some good information on > this. Essentially, FreeBSD tracks quotas by UID, host side. They're still > effective in jails, but you have to make sure that you don't have two > UID's on the same filesystem. Not realtime, but you could run a "du -hcs *" on the top level directory that holds the jails to get a count, then substract what a "bare" jail contains and this would give you a snapshot of how much space is being used. Granted in a commercial environment your users could use as much as they want and then remove it before you run the script, but that's life :) > with root in a jail can't trash the main system, they can still do a lot > of damage. They can? How? Other than destroying that jail and thus anything on that IP, they can't touch the rest of the system.. at least that's my understanding. Please correct me if I'm wrong. > 4) Needed utilities and commands. (Call it my wishlist) > 1) A way to list jails. > 2) A way to list processes BY jail, and a way to show (host side) > which jail a process belongs to. > 3) jail halt, jail restart commands to close out the jail, and > possibly restart it. Check out the following ports which do what you want with maybe the exception of #2, but maybe even that, I don't remember. jailer-1.1.1Manage FreeBSD jail startup, shutdown and console jailutils-0.5.1 Several utilies for managing jails > I was very happy with how wells the jails worked, but I would have So far I've been very happy as well... -philip To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Virtual Private Servers/Jails
> Does anyone have any information on setting up virtual private > servers with Freebsd? There are a lot of people doing it out there > but I can't seem to find any documentation supporting it. FreeBSD doesn't offer true virtual machines. FreeBSD does come with jails. Which can provide similar functionality in many cases. Jails aren't nearly as polished as the virtual servers I've seen in the linux world. In most cases, the problems I've dealt with either aren't jail specific, or else are caused by the various utilities inability to adapt to jailed environments. I've run jails on production webservers, in most cases to consolidate older legacy systems, so I've got some experience with them. I also took on the fun task of porting a lot of the custom utilities we used over to them. Now, I haven't worked with jails since the end of July, but I doubt much has changed in the past 4 or 5 months. If I'm wrong, please correct me. I hammer quotas a lot, because of how important they and other limits are in the web hosting environments I was using them in. What I've found: 1) Connecting (aka telnet, ftp, ssh) from one jail to another or even to the physical host is supposed to work, but I was never able to make it happen. If anyone knows why, please chip in... The jails could access the internet, but not its host or sister jails. /stand/sysinstall also didn't like to download ports, which I'm guessing is for a related reason. 2) Quotas work, but its painful. The FreeBSD quota system/utilities hasn't really been modified for jails. It works, but it isn't fun getting it to. I've seen one, maybe two sites out there that actually give some good information on this. Essentially, FreeBSD tracks quotas by UID, host side. They're still effective in jails, but you have to make sure that you don't have two UID's on the same filesystem. Also, to make the jails work happily with quotas and, almost as important, quota utilities, you've got to hack things up a bit with the init scripts. Make sure the jails /etc/fstab actually does list the *real* devices if you want to do anything quota related from them. The jail may not need to know about the devices in /etc/fstab, but almost all of the quota utilities do. The perl quota module can't cope with the jail environment, edquota will work, but I think I had to use the /etc/fstab workaround to get it to function. To make the quotas work, and to make them editable /from within the jail/ you have to mount the root of the filesystem to a point *within the jail.* 3) Virtual Filesystems are a no-no. In theory, you'd just make a new vfs for each jail. That sidesteps the problem of duplicate quotas on a single fs and/or migrating. To migrate, you just move the file to a new host and issue the mount/jail start commands. That's the theory anyhow. Do they work, yes. Do they work well? No. I had so many problems with the things deadlocking. Once that happens, you're screwed. If you issue a reboot command FreeBSD hangs while waiting for the fs to unmount -- which it can't do sence a write/read is pending/hung. Very nasty when you're working on a server you don't have physical access too. Also, when mounting/unmounting these things, espically during the creation process, I found that unmounts wouldn't always work cleanly. Probably related to the above problems. You'd issue an unmount command, and it would work.. sort of. Except you couldn't remount the vfs to a new device, nor could you use the old vfs device either.. It just wouldn't show up in df anymore. A couple of points: DO use a separate filesystem for each jail DO NOT use the virtual filesystems for it. DO make sure to use separate UID's for /each/ jail if at all possible. I would use ranges for each jail (ie: 5,000-10,000 for the firt one, 10,001-12,000 for the second and so on.. ) DO mount proc for process commands to show up. The linux virtual servers I played with a bit were more like true virtual machines. Which is probably what you're after. The jail is more or less a locked down subset of the main, physical host. Aside from the quotas, it also wasn't possible to set jail-specific limits. IE: 10% of processor, 2gb total disk space for the jail, etc. Also, while someone with root in a jail can't trash the main system, they can still do a lot of damage. If you're thinking of using shared filesystems for multiple jails, and use quotas, you're going to have problems if two users share the same UID. --Quotas are checked against UID /on the physical host side/, and then checked by the filesystem (again, on the physical host side). Since root wasn't given out, except to people with root access on the physical machine, I didn't have pro
Re: Virtual Private Servers
At 2002-12-04T00:01:49Z, Greg Goodman <[EMAIL PROTECTED]> writes: > Hello freebsd-questions, > > Does anyone have any information on setting up virtual private > servers with Freebsd? There are a lot of people doing it out there > but I can't seem to find any documentation supporting it. > > Any information would be much appreciated. > > Thanks I wrote something about that at: http://subwiki.honeypot.net/cgi-bin/view/Freebsd/JailEnvironment Be sure to check out the BuildAndUpdateJails link for a mini-HOWTO. -- Kirk Strauser In Googlis non est, ergo non est. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Virtual Private Servers
From: "Greg Goodman" <[EMAIL PROTECTED]> Subject: Virtual Private Servers > Hello freebsd-questions, > > Does anyone have any information on setting up virtual private > servers with Freebsd? There are a lot of people doing it out there > but I can't seem to find any documentation supporting it. > > Any information would be much appreciated. > > Thanks > > -- > Best regards, > Greg Goodman > $cd /usr/ports $make search key=vpn Port: poptop-1.1.3_1 Path: /usr/ports/net/poptop Info: Windows 9x compatible PPTP (VPN) server Maint: [EMAIL PROTECTED] Index: net B-deps: R-deps: Port: pptpclient-1.1.0 Path: /usr/ports/net/pptpclient Info: PPTP client for establishing a VPN link with an NT server Maint: [EMAIL PROTECTED] Index: net B-deps: libgnugetopt-1.2 R-deps: libgnugetopt-1.2 Port: openvpn-1.3.0 Path: /usr/ports/security/openvpn Info: Secure IP/Ethernet tunnel daemon Maint: [EMAIL PROTECTED] Index: security B-deps: lzo-1.08_1 R-deps: lzo-1.08_1 Port: tinc-1.0p8_1 Path: /usr/ports/security/tinc Info: A Virtual Private Network (VPN) daemon Maint: [EMAIL PROTECTED] Index: security B-deps: expat-1.95.5 gettext-0.11.5_1 libiconv-1.8_1 R-deps: expat-1.95.5 gettext-0.11.5_1 libiconv-1.8_1 Port: vpnd-1.1.0 Path: /usr/ports/security/vpnd Info: VPN daemon offering transparent blowfish encryption between networks Maint: [EMAIL PROTECTED] Index: security B-deps: R-deps: Kevin Kinsey DaleCo, S.P. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Virtual Private Servers
Not sure if this is what you want, but try 'man jail' - Original Message - From: "Greg Goodman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 03, 2002 7:01 PM Subject: Virtual Private Servers > Hello freebsd-questions, > > Does anyone have any information on setting up virtual private > servers with Freebsd? There are a lot of people doing it out there > but I can't seem to find any documentation supporting it. > > Any information would be much appreciated. > > Thanks > > -- > Best regards, > Greg Goodman > > Chief Technical Officer mailto:[EMAIL PROTECTED] > > Fastserve Network >http://www.fastserve.net > (213)673-4440 ext 204 > 548 S. Spring St. Suite 1100 >Los Angeles Ca. 90013 >The Net Never Sleeps And Neither Do We > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Virtual Private Servers
> Does anyone have any information on setting up virtual private > servers with Freebsd? There are a lot of people doing it out there > but I can't seem to find any documentation supporting it. As far as I know "virtual private server" is a remote FreeBSD server with root access. What ACTUALLY do you want to know? mail, web, ftp, dns? http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=freebsd+virtual+p rivate+server To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Virtual Private Servers
Hello freebsd-questions, Does anyone have any information on setting up virtual private servers with Freebsd? There are a lot of people doing it out there but I can't seem to find any documentation supporting it. Any information would be much appreciated. Thanks -- Best regards, Greg Goodman Chief Technical Officer mailto:[EMAIL PROTECTED] Fastserve Network http://www.fastserve.net (213)673-4440 ext 204 548 S. Spring St. Suite 1100 Los Angeles Ca. 90013 The Net Never Sleeps And Neither Do We To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
