Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
On Mon, 15 Dec 2008, Brian A. Seklecki wrote: On Thu, 2008-12-11 at 22:53 +0100, Philipp Wuensche wrote: Not entirely true, the jls output is totaly different than before and breaks third-party applications like jailaudit and ezjail. Right, well, whether they check for VERSION > 70200x or 8, the format will is likely to change. Once everything has been sorted out, they can add support now, push out the updates, and the version in common use will be forward/backward compatible. Whatever we have to do to light a fire there -- I just don't want ezjail-admin compatibility to be a showstopper on this. Two comments: the format as is, is most likely to stay for the livetime of the 7.x branch once things are MFCed. For 8 with vimage and we'll get an entirely new management interface for all this. /bz PS: yes, I know rc.d/jail foo still needs integration. Has anyone tested what was posted? -- Bjoern A. Zeeb The greatest risk is not taking one. ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
On Thu, 2008-12-11 at 22:53 +0100, Philipp Wuensche wrote: > Not entirely true, the jls output is totaly different than before and > breaks third-party applications like jailaudit and ezjail. Right, well, whether they check for VERSION > 70200x or 8, the format will is likely to change. Once everything has been sorted out, they can add support now, push out the updates, and the version in common use will be forward/backward compatible. Whatever we have to do to light a fire there -- I just don't want ezjail-admin compatibility to be a showstopper on this. > > It is uneasy to parse too. -- Brian A. Seklecki Collaborative Fusion, Inc. signature.asc Description: This is a digitally signed message part
Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
Brian A. Seklecki wrote: > On Fri, 2008-12-05 at 20:47 +0100, Dag-Erling Smørgrav wrote: >> The question is, does it change existing behavior, or just add new >> functionality? > > The syntax semantics should be backward compatible, so likely the > latter. Not entirely true, the jls output is totaly different than before and breaks third-party applications like jailaudit and ezjail. It is uneasy to parse too. greetings, Philipp ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
Philipp Wuensche writes: > Not entirely true, the jls output is totaly different than before and > breaks third-party applications like jailaudit and ezjail. > > It is uneasy to parse too. jls | tail +3 | while read line ; do set $line if [ $# = 3 ] ; then echo "jail $1 (name $2 root $3) IPs:" elif [ $# = 1 ] ; then echo "$1" else echo "huh?" fi done DES -- Dag-Erling Smørgrav - d...@des.no ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
On Fri, 2008-12-05 at 20:47 +0100, Dag-Erling Smørgrav wrote: > The question is, does it change existing behavior, or just add new > functionality? The syntax semantics should be backward compatible, so likely the latter. -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. signature.asc Description: This is a digitally signed message part
Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
"Brian A. Seklecki" <[EMAIL PROTECTED]> writes: > alexus <[EMAIL PROTECTED]> writes: > > as far as I understood HEAD is 8.0-CURRENT > The trick is to bribe the right people to get it RFP'd into 7.2R. :) The question is, does it change existing behavior, or just add new functionality? If the former, it should not be MFCed. DES -- Dag-Erling Smørgrav - [EMAIL PROTECTED] ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
On Tue, 2008-12-02 at 21:00 -0500, alexus wrote: > as far as I understood HEAD is 8.0-CURRENT The trick is to bribe the right people to get it RFP'd into 7.2R. :) ~BAS -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. signature.asc Description: This is a digitally signed message part
Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
as far as I understood HEAD is 8.0-CURRENT is there a way for us to start using it before 8.0 hits -RELEASE which according to freebsd.org will be in june 2009, which we all know how accured their schedule is, so, my guess is very well Q4 of 2009 (if we lucky), I somehow was under impression (and i guess i was wrong) that it will come out in 7.1, I have a server that needs to be migrated and really doing so without multi ip patch will be a really big . -- http://alexus.org/ ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
Quoting "Bjoern A. Zeeb" <[EMAIL PROTECTED]> (from Mon, 1 Dec 2008 09:41:46 + (UTC)): Hi, as you may have already noticed multi-IPv4/v6/no-IP jails have hit HEAD. See commit message attached. Will this introduce changes how multicast is handled in jails, or is it the same behavior as before (whatever the previous behavior was). Additionally you can give a jail a name now using the -n option: jail -n "bz's private noip jail" / noip.example.net "" /bin/sh You may not want to use special characters or whitespace but it is just a string, so you can. There are no restrictions and even 10 jails could have the same name. The jail (inside) cannot change the name. It's set upon jail creation and unchangeable from then on. Is this private name visible inside the jail (I don't need this feature, so I don't care, but people should know so that they don't put offensive stuff there in case it is visible inside)? Bye, Alexander. -- Since we cannot hope for order, let us withdraw with style from the chaos. -- Tom Stoppard http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "[EMAIL PROTECTED]"
HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
Hi, as you may have already noticed multi-IPv4/v6/no-IP jails have hit HEAD. See commit message attached. The bad news first: expect an update on the rc script to make the more obscure rc features like configuring IPs on interfaces when starting jails and giving a possible netmask work with multiple IPs and IPv6. The good news: In case you do not use those features or still only use one IP per jail everything should just work fine and there are no changes needed. More news: In case you want to use multiple IPs or a mix of v4 and v6 addresses you just give them as a comma separated list on both the command line or in rc.conf like: jail / example 192.0.2.250,2001:db8::75,2001:db8::99,2001:db8::55,2001:db8::14,192.0.2.254 /bin/sh or: jail_example_ip="192.0.2.2,2001:db8::2,2001:db8::1,2001:db8::4,2001:db8::13,192.0.2.3" In case you do want to start a jail without any IP, give an empty argument on command line: jail / noip.example.net "" /bin/sh Additionally you can give a jail a name now using the -n option: jail -n "bz's private noip jail" / noip.example.net "" /bin/sh You may not want to use special characters or whitespace but it is just a string, so you can. There are no restrictions and even 10 jails could have the same name. The jail (inside) cannot change the name. It's set upon jail creation and unchangeable from then on. What else is new: the -h option to jail makes it resolve the hostname to IP addresses and will merge those to the jail IPs. Note: that this can give you unexpected results on the primary jail IP. See jail(8) for more information. jls tries to be as backward compatible as possible. That means it will only show one IPv4 if called as `jls`; obviously this won't work well for no-IP or IPv6-only jails. This was done to try to not confuse scripts people have in their classic setups. jls -v will give you the full information, including: - state: usually ACTIVE. - in case you also give '-a' you will also see jails in other states, for example jails hanging around waiting for a socket to timeout but with no processes left after it was stopped; it will say DYING. - Every jail gets its own cpuset inherited from the process that started the jail. You can list, etc the mask by jail id: cpuset -g -j 8 or by set id: cpuset -g -s 5 Or even change it if you want. Threads within jails should be able to further restrict themselves even within the jail but nothing outside their scope. See the cpuset manpages for further information. The IPs will be listed in the following order: the primary IP per AF which is the first IP of that AF given to the jail command and then they should be sorted in ascending order. jexec now takes the optional jail name to attach to a jail but will refuse to do anything if the jail cannot be uniquely identifed. In case you use the jail name you have to give an empty argument for the jail id like: jexec -n "bz's private noip jail" "" /bin/sh You can also give both jail name and jail ID and both will have to match, else it will complain. Obviously only giving the jail id still works. The -h hostname option is gone again. You should use the jail name for management purposes now. A sample full jls output (admittedly a bit ugly this way): sun$ jls -av JID Hostname Path Name State CPUSetID IP Address(es) 21 sun / hangtest DYING 6 192.0.2.99 8 noip.example.net / bz's private noip jailALIVE 5 3 j3.sunny.example.net /local/jails/j1 ALIVE 4 2001:db8::5 2 j2.sunny.example.net /local/jails/j1 ALIVE 3 192.0.2.1 1 j1.sunny.example.net /local/jails/j1 ALIVE 2 192.0.2.2 192.0.2.3 2001:db8::2 2001:db8::1 2001:db8::4 2001:db8::13 In case you have more questions the man pages do not address, or problem, etc. please follow-up to freebsd-jail@ . Regards, Bjoern PS: the MFC question was answered in the commit message so do not ask. -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. -- Forwarded message -- Date: Sat, 29 Nov 2008 14:32:14 + (UTC) Subject: svn commit: r185435 - in head: lib/libc/sys lib/libkvm share/man/man4 sys/compat/freebsd32 sys/kern sys/net sys/netinet sys/netinet6 sys/security/mac_bsdextended sys/sys usr.bin/cpuset usr.sbin/jai... Author: bz Date: Sat Nov 29 14:32:14 2008 New Revision: 185435 URL: http://svn.freebsd.org/changeset/base/185435 Log: MFp4: Bring in updated jail support from bz_jail branch. This enhances the current jail implementation to permit multiple addresses per jail. In addtion to IPv4, IPv6 is supported as we
