freebsd-isp Digest, Vol 308, Issue 2
freebsd-i...@freebsd.org
freeb...@freebsd.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
or, via email, send a message with subject or body 'help' to
freebsd-i...@freebsd.org
You can reach the person managing the list at
freebsd-...@freebsd.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of freebsd-isp digest..."
Today's Topics:
1. Re: Jails creation (Vincent Hoffman)
2. Re: Jails creation (Tonix (Antonio Nati))
3. Re: Jails creation (Vincent Hoffman)
4. Re: Jails creation (Miroslav Lachman)
5. Re: Jails creation (Tonix (Antonio Nati))
6. Re: Jails creation (Miroslav Lachman)
7. Re: Jails creation (Blake Covarrubias)
8. Re: Jails creation (Tonix (Antonio Nati))
----------------------------------------------------------------------
Message: 1
Date: Tue, 27 Oct 2009 14:41:36 +0000
From: Vincent Hoffman <vi...@unsane.co.uk>
Subject: Re: Jails creation
To: "Tonix (Antonio Nati)" <to...@interazioni.it>
Cc: freeb...@freebsd.org
Message-ID: <4AE706A0...@unsane.co.uk>
Content-Type: text/plain; charset=ISO-8859-15
Vincent Hoffman wrote:
> Tonix (Antonio Nati) wrote:
>
>> Is there any architectural reason for which jails must be created only
>> starting from sources?
>> Would not it be simpler to create a jail cloning the host environment
>> binaries (and then using the normal freebsd-update to keep it updated)?
>> Would it be possible to suggest a funded project with this goal?
>>
>>
> I dont tend to use jails but my understanding is that you can use the
> standard install to create a jail (based on info from
> http://pbraun.nethence.com/doc/sysutils_bsd/dragonfly-freebsd-jail.html)
>
> mkdir -p /var/jails/base
> sysinstall
> then,
> sysinstall > Custom > Options > Install Root > /var/jails/base
> sysinstall > Custom > Distributions > Minimal
> sysinstall > Custom > Media > File System > /cdrom (I just used ftp
> myself, this meant i had to change the release from 7.2-RELEASE-p4 to
> 7.2-RELEASE in options)
> sysinstall > Custom > Commit
> [Visit the general configuration menu ?] > No
> Note. don't do the post-install, it would modify the host, not the guest.
>
> A quick
> jail /var/jails/base footest 10.0.0.2 /bin/sh
> gives me a shell in the jail so it seems to have worked, Time to add
> devfs etc i guess.
>
> >From here i'm going to have a look at sysutils/ezjail as that keeps
> coming up as a good way of managing jails, but I seem to have an working
> base system in /var/jails/base without compiling anything. I might have
> a play now and get updates etc working.
>
Ok now I have played with sysutils/ezjail, forget the first part ;)
just "ezjail-admin install" will do a binary install for a base jail
from an ftp server.
you can use "ezjail-admin update -u" to update the base jail using
freebsd-update for some reason this isnt in the manpage.
Not exactly what you have asked for but close enough if you dont like
installing from source.
Vince
> regards,
> Vince
>
>> Regards,
>>
>> Tonino
>>
>>
>
> _______________________________________________
> freeb...@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp...@freebsd.org"
>
------------------------------
Message: 2
Date: Tue, 27 Oct 2009 15:50:23 +0100
From: "Tonix (Antonio Nati)" <to...@interazioni.it>
Subject: Re: Jails creation
To: freeb...@freebsd.org
Message-ID: <4AE708AF...@interazioni.it>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Hi Vincent,
I'm trying as much as possible to not install sources.
I'm designing a general architecture with very small machines, smallest
as possible, as I'd love to avoid sources (both locals and remote).
Thanks,
Tonino
Vincent Hoffman ha scritto:
> Vincent Hoffman wrote:
>
>> Tonix (Antonio Nati) wrote:
>>
>>
>>> Is there any architectural reason for which jails must be created only
>>> starting from sources?
>>> Would not it be simpler to create a jail cloning the host environment
>>> binaries (and then using the normal freebsd-update to keep it updated)?
>>> Would it be possible to suggest a funded project with this goal?
>>>
>>>
>>>
>> I dont tend to use jails but my understanding is that you can use the
>> standard install to create a jail (based on info from
>> http://pbraun.nethence.com/doc/sysutils_bsd/dragonfly-freebsd-jail.html)
>>
>> mkdir -p /var/jails/base
>> sysinstall
>> then,
>> sysinstall > Custom > Options > Install Root > /var/jails/base
>> sysinstall > Custom > Distributions > Minimal
>> sysinstall > Custom > Media > File System > /cdrom (I just used ftp
>> myself, this meant i had to change the release from 7.2-RELEASE-p4 to
>> 7.2-RELEASE in options)
>> sysinstall > Custom > Commit
>> [Visit the general configuration menu ?] > No
>> Note. don't do the post-install, it would modify the host, not the guest.
>>
>> A quick
>> jail /var/jails/base footest 10.0.0.2 /bin/sh
>> gives me a shell in the jail so it seems to have worked, Time to add
>> devfs etc i guess.
>>
>> >From here i'm going to have a look at sysutils/ezjail as that keeps
>> coming up as a good way of managing jails, but I seem to have an working
>> base system in /var/jails/base without compiling anything. I might have
>> a play now and get updates etc working.
>>
>>
>
> Ok now I have played with sysutils/ezjail, forget the first part ;)
> just "ezjail-admin install" will do a binary install for a base jail
> from an ftp server.
> you can use "ezjail-admin update -u" to update the base jail using
> freebsd-update for some reason this isnt in the manpage.
> Not exactly what you have asked for but close enough if you dont like
> installing from source.
>
>
> Vince
>
>
>> regards,
>> Vince
>>
>>
>>> Regards,
>>>
>>> Tonino
>>>
>>>
>>>
>> _______________________________________________
>> freeb...@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>> To unsubscribe, send any mail to "freebsd-isp...@freebsd.org"
>>
>>
>
> _______________________________________________
> freeb...@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp...@freebsd.org"
>
>
--
------------------------------------------------------------
Inter@zioni Interazioni di Antonio Nati
http://www.interazioni.it to...@interazioni.it
------------------------------------------------------------
------------------------------
Message: 3
Date: Tue, 27 Oct 2009 16:53:20 +0000
From: Vincent Hoffman <vi...@unsane.co.uk>
Subject: Re: Jails creation
To: "Tonix (Antonio Nati)" <to...@interazioni.it>
Cc: freeb...@freebsd.org
Message-ID: <4AE72580...@unsane.co.uk>
Content-Type: text/plain; charset=ISO-8859-15
Tonix (Antonio Nati) wrote:
> Hi Vincent,
>
> I'm trying as much as possible to not install sources.
> I'm designing a general architecture with very small machines,
> smallest as possible, as I'd love to avoid sources (both locals and
> remote).
>
As i said, i'm not a regular user of jails so i may be missing
something, but I rather thought that was my point. Using the ezjails
framework, I didnt need the sources installed. ezjail is a shell script
so it doesnt install anything else (no dependancies.) It installed the
base jail using the binary install packages from a remote FTP server. It
minimises your disk usage afterwards by using nullfs for the base system
in each jail, and it lets you update the base jail using freebsd-update.
I now have 2 jails (basic, just the freebsd base system) using a total
of 140M, each additional jail will start off taking just 1.8M. Since on
my host system my freebsd-update database alone is 665M I can see this
system as a big win for diskspace not to mention the nice centralized
update for all the jails.
Back to your original question, you dont have to install a jail from
source, I see no reason you couldnt just copy the base system into a
directory and use it as a jail if you wanted.
In fact a very quick test shows that taring up an existing system then
untaring and editing rc.conf and fstab comes up as a working jail.
(working as in network works and i can enter it by running jexec $jailid
sh )
Vince
> Thanks,
> Tonino
>
> Vincent Hoffman ha scritto:
>> Vincent Hoffman wrote:
>>
>>> Tonix (Antonio Nati) wrote:
>>>
>>>> Is there any architectural reason for which jails must be created only
>>>> starting from sources?
>>>> Would not it be simpler to create a jail cloning the host environment
>>>> binaries (and then using the normal freebsd-update to keep it
>>>> updated)?
>>>> Would it be possible to suggest a funded project with this goal?
>>>>
>>>>
>>> I dont tend to use jails but my understanding is that you can use the
>>> standard install to create a jail (based on info from
>>> http://pbraun.nethence.com/doc/sysutils_bsd/dragonfly-freebsd-jail.html)
>>>
>>>
>>> mkdir -p /var/jails/base
>>> sysinstall
>>> then,
>>> sysinstall > Custom > Options > Install Root > /var/jails/base
>>> sysinstall > Custom > Distributions > Minimal
>>> sysinstall > Custom > Media > File System > /cdrom (I just used ftp
>>> myself, this meant i had to change the release from 7.2-RELEASE-p4 to
>>> 7.2-RELEASE in options)
>>> sysinstall > Custom > Commit
>>> [Visit the general configuration menu ?] > No
>>> Note. don't do the post-install, it would modify the host, not the
>>> guest.
>>>
>>> A quick
>>> jail /var/jails/base footest 10.0.0.2 /bin/sh
>>> gives me a shell in the jail so it seems to have worked, Time to add
>>> devfs etc i guess.
>>>
>>> >From here i'm going to have a look at sysutils/ezjail as that keeps
>>> coming up as a good way of managing jails, but I seem to have an
>>> working
>>> base system in /var/jails/base without compiling anything. I might have
>>> a play now and get updates etc working.
>>>
>>
>> Ok now I have played with sysutils/ezjail, forget the first part ;)
>> just "ezjail-admin install" will do a binary install for a base jail
>> from an ftp server.
>> you can use "ezjail-admin update -u" to update the base jail using
>> freebsd-update for some reason this isnt in the manpage.
>> Not exactly what you have asked for but close enough if you dont like
>> installing from source.
>>
>>
>> Vince
>>
>>
>>> regards,
>>> Vince
>>>
>>>> Regards,
>>>>
>>>> Tonino
>>>>
>>>>
>>> _______________________________________________
>>> freeb...@freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>>> To unsubscribe, send any mail to "freebsd-isp...@freebsd.org"
>>>
>>
>> _______________________________________________
>> freeb...@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>> To unsubscribe, send any mail to "freebsd-isp...@freebsd.org"
>>
>>
>
>
------------------------------
Message: 4
Date: Tue, 27 Oct 2009 17:43:26 +0100
From: Miroslav Lachman <000....@quip.cz>
Subject: Re: Jails creation
To: "Tonix (Antonio Nati)" <to...@interazioni.it>
Cc: freeb...@freebsd.org
Message-ID: <4AE7232E...@quip.cz>
Content-Type: text/plain; charset=us-ascii; format=flowed
Tonix (Antonio Nati) wrote:
>
> Is there any architectural reason for which jails must be created only
> starting from sources?
> Would not it be simpler to create a jail cloning the host environment
> binaries (and then using the normal freebsd-update to keep it updated)?
> Would it be possible to suggest a funded project with this goal?
You are not the first one with this idea. You can easily use nullfs
mount of directories from base system, but people mostly prefer
independent directory with jail install shared by many jails.
And sometimes somebody needs jails with modified binaries, so it is not
possible to share theme with base system in all cases.
There are many ways to get jails running without sources, it is up to
you to choose one.
Miroslav Lachman
PS: there is freebs...@freebsd.org mailinglist
------------------------------
Message: 5
Date: Tue, 27 Oct 2009 18:08:08 +0100
From: "Tonix (Antonio Nati)" <to...@interazioni.it>
Subject: Re: Jails creation
To: freeb...@freebsd.org
Message-ID: <4AE728F8...@interazioni.it>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Miroslav Lachman ha scritto:
> Tonix (Antonio Nati) wrote:
>>
>> Is there any architectural reason for which jails must be created
>> only starting from sources?
>> Would not it be simpler to create a jail cloning the host environment
>> binaries (and then using the normal freebsd-update to keep it updated)?
>> Would it be possible to suggest a funded project with this goal?
>
> You are not the first one with this idea. You can easily use nullfs
> mount of directories from base system, but people mostly prefer
> independent directory with jail install shared by many jails.
>
> And sometimes somebody needs jails with modified binaries, so it is
> not possible to share theme with base system in all cases.
>
> There are many ways to get jails running without sources, it is up to
> you to choose one.
>
> Miroslav Lachman
>
> PS: there is freebs...@freebsd.org mailinglist
> _______________________________________________
> freeb...@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp...@freebsd.org"
>
I have nothing against shared dirs, but my question is this: why the
basic jail creation command requires compilation? Given the fact jail
must have exactly the same version of base system, why the base create
command dos not simply copy the existing binaries? It would avoid local
source, remote packages, etc...
Regards,
Tonino
--
------------------------------------------------------------
Inter@zioni Interazioni di Antonio Nati
http://www.interazioni.it to...@interazioni.it
------------------------------------------------------------
------------------------------
Message: 6
Date: Tue, 27 Oct 2009 19:41:29 +0100
From: Miroslav Lachman <000....@quip.cz>
Subject: Re: Jails creation
To: "Tonix (Antonio Nati)" <to...@interazioni.it>
Cc: freeb...@freebsd.org, freebs...@freebsd.org
Message-ID: <4AE73ED9...@quip.cz>
Content-Type: text/plain; charset=us-ascii; format=flowed
Tonix (Antonio Nati) wrote:
> Miroslav Lachman ha scritto:
[...]
>> You are not the first one with this idea. You can easily use nullfs
>> mount of directories from base system, but people mostly prefer
>> independent directory with jail install shared by many jails.
>>
>> And sometimes somebody needs jails with modified binaries, so it is
>> not possible to share theme with base system in all cases.
>>
>> There are many ways to get jails running without sources, it is up to
>> you to choose one.
[...]
> I have nothing against shared dirs, but my question is this: why the
> basic jail creation command requires compilation? Given the fact jail
> must have exactly the same version of base system, why the base create
> command dos not simply copy the existing binaries? It would avoid local
> source, remote packages, etc...
It is not true. Jail command does not requires compilation, nor exactly
same version. I am running 6.x version jail on system with 7.2 and you
can run 32bit (i386) jail on 64bit (amd64) system.
The `jail` command is there just for starting the jail, not for building
it. The jail even does not need to be a full installed system!
There are too many different scenarios with jails, that there can not be
"one command to satisfy them all".
It is up to administrator to prepare the best environment for his/her needs.
If you need the full copy of the base system, you can do it really
easily (by tar as was suggested by Vincet Hoffman or dump & restore),
and if you do it for each jail, you loose the benefits of shared
read-only base directory (you will need more disk space and more memory).
If you do not want to spend some time by compilation, you can install
the jail from installation media you already have from system install.
cd /some/media/7.2-RELEASE/base
mkdir /path/to/myjail
setenv DESTDIR /path/to/myjail
sh install.sh
That's all! It is too simple in contrast to source build or manually
copy something from base.
If you are using ZFS, you can use snapshots and clones...
And many more scenarios exist.
I am CCing freebsd-jail@, it is more appropriate list to contionue.
Miroslav Lachman
------------------------------
Message: 7
Date: Tue, 27 Oct 2009 12:32:01 -0700
From: Blake Covarrubias <bl...@ekalb.net>
Subject: Re: Jails creation
To: Miroslav Lachman <000....@quip.cz>
Cc: freeb...@freebsd.org
Message-ID: <2E43F01D-92BD-425A...@ekalb.net>
Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes
Hi,
This is how I perform binary updates and installation of jails. I used
a file called install.cfg to hold my sysinstall variables.
### install.cfg ###
installVarDefaults
releaseName=7.2-RELEASE
_ftpPath=
ftp://ftp.freebsd.org/pub/FreeBSD/
mediaSetFTP
dists=base man
distSetCustom
installRoot=/srv/jails/example.domain.tld/root
installCommit
################
# Install
mkdir -p /srv/jails/example.domain.tld/root
sysinstall configFile=/root/install.cfg loadConfig
freebsd-update works within the jail to update patches. For migrating
point releases (7.1 to 7.2) after updating the host OS I use the
commands below.
env UNAME_r=7.1-RELEASE-p5 freebsd-update -b /srv/jails/
example.domain.tld/root -r 7.2-RELEASE upgrade
freebsd-update -b /srv/jails/example.domain.tld/root install
/etc/rc.d/jail restart <jail>
freebsd-update -b /srv/jails/example.domain.tld/root install
Works great in my environment.
--
Blake Covarrubias
On Oct 27, 2009, at 11:41 AM, Miroslav Lachman wrote:
> Tonix (Antonio Nati) wrote:
>
>> Miroslav Lachman ha scritto:
> [...]
>>> You are not the first one with this idea. You can easily use
>>> nullfs mount of directories from base system, but people mostly
>>> prefer independent directory with jail install shared by many jails.
>>>
>>> And sometimes somebody needs jails with modified binaries, so it
>>> is not possible to share theme with base system in all cases.
>>>
>>> There are many ways to get jails running without sources, it is up
>>> to you to choose one.
>
> [...]
>
>> I have nothing against shared dirs, but my question is this: why
>> the basic jail creation command requires compilation? Given the
>> fact jail must have exactly the same version of base system, why
>> the base create command dos not simply copy the existing binaries?
>> It would avoid local source, remote packages, etc...
>
> It is not true. Jail command does not requires compilation, nor
> exactly same version. I am running 6.x version jail on system with
> 7.2 and you can run 32bit (i386) jail on 64bit (amd64) system.
> The `jail` command is there just for starting the jail, not for
> building it. The jail even does not need to be a full installed
> system!
> There are too many different scenarios with jails, that there can
> not be "one command to satisfy them all".
> It is up to administrator to prepare the best environment for his/
> her needs.
>
> If you need the full copy of the base system, you can do it really
> easily (by tar as was suggested by Vincet Hoffman or dump &
> restore), and if you do it for each jail, you loose the benefits of
> shared read-only base directory (you will need more disk space and
> more memory).
>
> If you do not want to spend some time by compilation, you can
> install the jail from installation media you already have from
> system install.
>
> cd /some/media/7.2-RELEASE/base
> mkdir /path/to/myjail
> setenv DESTDIR /path/to/myjail
> sh install.sh
>
> That's all! It is too simple in contrast to source build or manually
> copy something from base.
>
> If you are using ZFS, you can use snapshots and clones...
>
> And many more scenarios exist.
>
> I am CCing freebsd-jail@, it is more appropriate list to contionue.
>
> Miroslav Lachman
> _______________________________________________
> freeb...@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp...@freebsd.org"
------------------------------
Message: 8
Date: Wed, 28 Oct 2009 08:33:22 +0100
From: "Tonix (Antonio Nati)" <to...@interazioni.it>
Subject: Re: Jails creation
To: freeb...@freebsd.org
Message-ID: <4AE7F3C2...@interazioni.it>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Miroslav Lachman ha scritto:
> It is not true. Jail command does not requires compilation, nor
> exactly same version. I am running 6.x version jail on system with 7.2
> and you can run 32bit (i386) jail on 64bit (amd64) system.
I did not know, and this is very useful to me also. I supposed, as the
jail kernel is a "fake" kernel, both systems should have the same
version, but if I can mix it's a great opportunity.
> The `jail` command is there just for starting the jail, not for
> building it. The jail even does not need to be a full installed system!
> There are too many different scenarios with jails, that there can not
> be "one command to satisfy them all".
> It is up to administrator to prepare the best environment for his/her
> needs.
>
> If you need the full copy of the base system, you can do it really
> easily (by tar as was suggested by Vincet Hoffman or dump & restore),
> and if you do it for each jail, you loose the benefits of shared
> read-only base directory (you will need more disk space and more memory).
>
> If you do not want to spend some time by compilation, you can install
> the jail from installation media you already have from system install.
>
> cd /some/media/7.2-RELEASE/base
> mkdir /path/to/myjail
> setenv DESTDIR /path/to/myjail
> sh install.sh
>
> That's all! It is too simple in contrast to source build or manually
> copy something from base.
>
Thanks! In this way it is a lot more easier to setup and/or customize.
Tonino
--
------------------------------------------------------------
Inter@zioni Interazioni di Antonio Nati
http://www.interazioni.it to...@interazioni.it
------------------------------------------------------------
------------------------------
End of freebsd-isp Digest, Vol 308, Issue 2
*******************************************