From owner-freebsd-jail@FreeBSD.ORG Sun Jan 25 19:41:28 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 09C545BD for ; Sun, 25 Jan 2015 19:41:28 +0000 (UTC) Received: from mail-qg0-f44.google.com (na3sys010aog110.obsmtp.com [74.125.245.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 91E23E88 for ; Sun, 25 Jan 2015 19:41:26 +0000 (UTC) Received: from mail-qg0-f44.google.com ([209.85.192.44]) (using TLSv1) by na3sys010aob110.postini.com ([74.125.244.12]) with SMTP ID DSNKVMVG5STVBcoWo8r0glshHx0n+P8F79l1@postini.com; Sun, 25 Jan 2015 11:41:27 PST Received: by mail-qg0-f44.google.com with SMTP id l89so4408443qgf.3 for ; Sun, 25 Jan 2015 11:41:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=groupon.com; s=google; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=PWEgDisvQXpm1IU70kWuMJ84qtDXN36pnliaIHXNrYI=; b=jgBEhoKQllm1yAAS8lAm0+Mdxm28R+DQEtTqLnWZyGTCd3CX/EykCjibNh1zjEfM6H L29FErNGIqVAubrH/JNfzFOJtfStayEORop/b4vW6BOtpAAkUGA6h/NqLcdDv4CQSrvS JFiwV9bh8usy3jm0jQ3nc5Qw7NMiI/1GL62ZA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc :content-type; bh=PWEgDisvQXpm1IU70kWuMJ84qtDXN36pnliaIHXNrYI=; b=QvGdc/kcDtY12sTRCPctjqPqJI2mSzkcS2TFDBa55N+v2aHn20XQHH7MJ24tv0AuoH km8Z9t5q3YHEGS/c/zLSwIWtSeo5bFS9EtQ9+HOIdJlhENnlSiL5vGr5fAmn6+6Cm+2o EVjysZOu+M+BKZA4zurOECNSMqtmw2334z2a5Z61ZSZ7FN2MUPtEMBwq/+Z5/0pB2ehr ENyj3QDL+qi0KeYputxTvKtDF67b2KTHQiZsrdCcAkofNdvj+TE1aD8fdYNqYhkcBVfu 9Tb8UrRnp4YijYKzGq6/6yv+CKBrS0y4DYzj3wuqH95mKm4GqM3eHxGyDQnIDbB5uUaa 41+g== X-Gm-Message-State: ALoCoQmbolajIjJd1DXA4YdOREh6246bgJkUiLGh1Sr0e8Fa63tbj6mQH84I8QbSz/vTPYY0c8oDhw8svpQxTisYEv3eKkTSKPDrGPiWUbYcLkf2kAE0n/TyqSaAhIQDc7jqkTVjL0+xZxPgr9goa/DUOzbRqqRidA== X-Received: by 10.224.136.135 with SMTP id r7mr17250299qat.102.1422214885414; Sun, 25 Jan 2015 11:41:25 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.224.136.135 with SMTP id r7mr17250282qat.102.1422214885208; Sun, 25 Jan 2015 11:41:25 -0800 (PST) Received: by 10.96.150.3 with HTTP; Sun, 25 Jan 2015 11:41:24 -0800 (PST) Date: Sun, 25 Jan 2015 11:41:24 -0800 Message-ID: Subject: Re: preferred jail management tool From: Sean Chittenden To: jail@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "Michael W. Lucas" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jan 2015 19:41:28 -0000 Well this is a rather trendy topic of late and timely. I'm very happy to see a renaissance and renewed interest in container administration for FreeBSD. Last week at work we began an evaluation of the tooling and administration of FreeBSD containers. Despite being depreciated, we're still evaluating ezjail along with bsdploy, qjail, and manually creating jails (via ansible). Ideally we're looking for something with administrative parallels between bhyve and jails, and easy to integrate in to tooling. We're settling on a technology by Wednesday this week. For years I've used and endorsed ezjail, but as stated, it is depreciated. For a book, excluding ezjail would exclude a huge portion of the user base and seems like it would hurt credibility given its dominance as the preferred tool for jail administration. Until yesterday, I'd never seen iocage but in reviewing the implementation, I really like its use of ZFS attributes as the method of persisting jail attributes and properties. This provides a really clean encapsulation mechanism that works well with `zfs send`. "Thick" containers are not opaque at rest or at runtime, are easy to reason about for new administrators on the team (not layered via nullfs at runtime, space is cheap), and the configuration file is included in the dataset itself. Administratively iocage looks simple to use and it fits in well with our configuration tooling (Ansible). I think we will write an iocage ansible module to query and set attributes, at which point iocage will be very clean for our tooling. iocage is built on top of the OS primitives and utilities, was written in shell, and looks very clean in the code's structure. Applying changes to running jails without a restart is also nice. The "feel" of the interface, control, and abstraction provided by iocage sets it apart in my mind. The examples for future administrators is also important and lend itself well to HOWTO-like guides, which adds to the pragmatism of the utility. Again, because it's a single shell script calling OS primitives, it makes it easy to version internally and provide stability guarantees going forward. Support for vnet is nice but not something we're planning on using (instead we're going to advertise container IPs via BGP to TORs). Based on some of the reasoning above and provided there aren't any unaddressable concerns by the rest of the team, I expect we will adopt iocage. My quick $0.02. -sc -- Sean Chittenden From owner-freebsd-jail@FreeBSD.ORG Mon Jan 26 15:34:36 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C710223C for ; Mon, 26 Jan 2015 15:34:36 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 993331F6 for ; Mon, 26 Jan 2015 15:34:35 +0000 (UTC) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id C947A20098 for ; Mon, 26 Jan 2015 10:34:29 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Mon, 26 Jan 2015 10:34:29 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:in-reply-to :references:subject:date; s=smtpout; bh=ppvvQC6OERJIaKURr0Sbw1Bg 0Fk=; b=jGqXkvBX1WYvOoGgUStCRk8WpyUdnW9fvcfuY1O1QPQ4uupLRZX6wYQE YrPwrro4sNMnd8Ij4hAm8ew8snik/A8AQ6EGJJ1Jdbvkufd/eZNSxheelsFVxQCy 9jShKn1/y0ZKTxFZ1xwVsNepwK5Tv7qOiTMVkO+dEDpLg82lfvI= Received: by web3.nyi.internal (Postfix, from userid 99) id 9AC481081C6; Mon, 26 Jan 2015 10:34:29 -0500 (EST) Message-Id: <1422286469.3182385.219013237.42043664@webmail.messagingengine.com> X-Sasl-Enc: na3tBktpzlC04G2oxBz/vbjiMDPMfIVGNOAJdINEtJPk 1422286469 From: Mark Felder To: freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-46f3f2c7 In-Reply-To: <20150125013753.X33605@sola.nimnet.asn.au> References: <20150123210026.GA45086@mail.michaelwlucas.com> <54C30BEC.3090102@gmail.com> <20150125013753.X33605@sola.nimnet.asn.au> Subject: Re: preferred jail management tool Date: Mon, 26 Jan 2015 09:34:29 -0600 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2015 15:34:36 -0000 On Sat, Jan 24, 2015, at 09:16, Ian Smith wrote: > Excuse top-post, but the gmail header on this message was (surprisingly) > insufficiently anonymised to disguise its origin: > That could very well be Joe Barbish. It could also be someone in the same city who uses FreeBSD and likes qjails. Either way, I'm not sure how calling him out for advertising his own work adds any meaningful value to this discussion. And even if he is pushing his product it's not like he's misleading you about the current functional differences between qjail and ezjail... I understand there is bad blood from the forking of ezjail and lack of attribution (which I didn't care to involve myself in), but let's move on. It will either stand on its own merits or it will go the way of the dinosaurs... No point in making our community look so hostile. Thanks for your detailed review, Ernie. From owner-freebsd-jail@FreeBSD.ORG Mon Jan 26 18:56:45 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DF7FD68D for ; Mon, 26 Jan 2015 18:56:44 +0000 (UTC) Received: from mail-qc0-f169.google.com (mail-qc0-f169.google.com [209.85.216.169]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9F5D4C5B for ; Mon, 26 Jan 2015 18:56:44 +0000 (UTC) Received: by mail-qc0-f169.google.com with SMTP id b13so8476707qcw.0 for ; Mon, 26 Jan 2015 10:56:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=vg34Tbfsm7U4dXoU3EzBV1QwMS9U8HOrSEQPbWdmMsg=; b=ERof//GSGjyzdOpyTXi5h+Nj7yAz1ey4FZYVXEhP2Kw4HwCpi7xrp6EvW+4vXtbo6a fkx8Kla6Xu3zs/pcLS8hKtwV+Zho8RpFwl5eW8h3w8iBX8YQWZsFYrsKyAKHRewPSoVm ejylMZwvtkqxxYCAo7UY7IelBXzN2lziXCzK1B7uDkGn8bS9nqbuS4tcoF0OqXGDc+Mx qnyvnXB6NNw2duHZBihFCkwsRG+ZQ+tc6QN8BvoAuyl90UiSKDIh0pA+/udzSLW2MwU+ RMI5D8EJCAbXrILER2kar8jdLkMP78C56692AA7l1Iuln58uMY84xZMvRs43ChWqtbJY XsXA== X-Gm-Message-State: ALoCoQlYSWyMQ92p3x+8XR8daNopm7XiY5MpAqx8xi4E+QdDDYQaQ/gBRLqXsjY5DxRxyzRdUcM5 MIME-Version: 1.0 X-Received: by 10.224.79.82 with SMTP id o18mr43473890qak.3.1422294890407; Mon, 26 Jan 2015 09:54:50 -0800 (PST) Received: by 10.140.21.163 with HTTP; Mon, 26 Jan 2015 09:54:50 -0800 (PST) In-Reply-To: References: Date: Mon, 26 Jan 2015 12:54:50 -0500 Message-ID: Subject: Re: preferred jail management tool From: Alejandro Imass To: Sean Chittenden Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: jail@freebsd.org, "Michael W. Lucas" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2015 18:56:45 -0000 On Sun, Jan 25, 2015 at 2:41 PM, Sean Chittenden wrote: > Well this is a rather trendy topic of late and timely. I'm very happy to > see a renaissance and renewed interest in container administration for > FreeBSD. > > [...] > For years I've used and endorsed ezjail, but as stated, it is depreciated. > For a book, excluding ezjail would exclude a huge portion of the user base > and seems like it would hurt credibility given its dominance as the > preferred tool for jail administration. > Maybe is something obvious to the more technical crowd but as a user what does "depreciated" mean in this context? If it's "loosing value" how is this determined? by whom? or it being phased-out replaced by other tools? Or is this based on your evaluation? If so can you specify what is specifically missing/outdated/not maintained from EzJail, or is the whole jail system going in a direction to make EzJail and other tools obsolete? Thanks for any clarification! -- Alejandro Imass From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 01:23:50 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3B34B88D for ; Tue, 27 Jan 2015 01:23:50 +0000 (UTC) Received: from mail.soaustin.net (pancho.soaustin.net [76.74.250.40]) by mx1.freebsd.org (Postfix) with ESMTP id 1B517159 for ; Tue, 27 Jan 2015 01:23:49 +0000 (UTC) Received: by mail.soaustin.net (Postfix, from userid 502) id 30B8356163; Mon, 26 Jan 2015 19:23:48 -0600 (CST) Date: Mon, 26 Jan 2015 19:23:48 -0600 From: Mark Linimon To: Alejandro Imass Subject: Re: preferred jail management tool Message-ID: <20150127012347.GA4940@lonesome.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: jail@freebsd.org, "Michael W. Lucas" , Sean Chittenden X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 01:23:50 -0000 > > For years I've used and endorsed ezjail, but as stated, it is depreciated. Hmm, there's no notation at http://portsmon.freebsd.org/portoverview.py?category=sysutils&portname=ezjail , nor in the Makefile AFAICT. > > For a book, excluding ezjail would exclude a huge portion of the user base > > and seems like it would hurt credibility given its dominance as the > > preferred tool for jail administration. > > > On Mon, Jan 26, 2015 at 12:54:50PM -0500, Alejandro Imass wrote: > Maybe is something obvious to the more technical crowd but as a user what > does "depreciated" mean in this context? Really the word most people use is "deprecated" rather than "depreciated". It can mean any number of things: - it no longer works due to changes in other software - it has been replaced by something else - the author is no longer interested in maintaining it and so forth. I don't know the answer in this case. mcl From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 03:43:33 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AA2A7502 for ; Tue, 27 Jan 2015 03:43:33 +0000 (UTC) Received: from mail-qg0-f41.google.com (mail-qg0-f41.google.com [209.85.192.41]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 689CF216 for ; Tue, 27 Jan 2015 03:43:32 +0000 (UTC) Received: by mail-qg0-f41.google.com with SMTP id q108so10106111qgd.0 for ; Mon, 26 Jan 2015 19:43:26 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=VH/UtQg2FXdUq6gFRa8CsfbiWhhlSa72cYz52NiBO0M=; b=ZHsT8owd3w6x9nMYdW3N0+/vqXnQXwf3XohPhIYb6W/MQ6vqppPBmFVmksidJU5MOC B8X13sV5v08jlLYlM8V6KPTDbegjkDovif8fkvmxxrJoDlo9Dq/XI1Mq5LGiXQDArWFx DFdSVSFrQPQ5erIDX9QGBNqTHc55z/nPZ4U4tu6O5aEYZXStYgHDFNo6OZlNSnCD6dTK q67iBHbKajwUrGWj8jPntp++I6ozHQkX2Xg5HgYt9PRtto+dzIahh+ClcPBJ/5gFhg12 7LtMWXS9HGzBybG8gCC+Rb10xGRhU6yceH2+nt6JFzE/Mcke9jEjaeDkyVPrzr2Qnuyg YAew== X-Gm-Message-State: ALoCoQn4QeXaZaygQBzcs+p+nenNqgAg9dPeX5MJvlK4+3dFNs/1VgHghXGygI+CnFr1NbYv10iO MIME-Version: 1.0 X-Received: by 10.224.114.209 with SMTP id f17mr3952427qaq.68.1422329789400; Mon, 26 Jan 2015 19:36:29 -0800 (PST) Received: by 10.140.21.133 with HTTP; Mon, 26 Jan 2015 19:36:29 -0800 (PST) In-Reply-To: <20150127012347.GA4940@lonesome.com> References: <20150127012347.GA4940@lonesome.com> Date: Mon, 26 Jan 2015 22:36:29 -0500 Message-ID: Subject: Re: preferred jail management tool From: Alejandro Imass To: Mark Linimon Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: jail@freebsd.org, "Michael W. Lucas" , Sean Chittenden X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 03:43:33 -0000 On Mon, Jan 26, 2015 at 8:23 PM, Mark Linimon wrote: > > > For years I've used and endorsed ezjail, but as stated, it is > depreciated. > > > [...] > Really the word most people use is "deprecated" rather than "depreciated". > The OP seemed well versed in the topic so I'm pretty sure the intended word was "depreciated" (twice) such as in old asset with little or residual value. My question to the OP is precisely why the choice of word how it it asserted that EzJail is in fact depreciated. Best, -- Alejandro Imass From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 03:46:21 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 203FD6B5 for ; Tue, 27 Jan 2015 03:46:21 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8C7A4254 for ; Tue, 27 Jan 2015 03:46:19 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id t0R3k9sQ016368; Tue, 27 Jan 2015 14:46:09 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Tue, 27 Jan 2015 14:46:09 +1100 (EST) From: Ian Smith To: Mark Linimon Subject: Re: preferred jail management tool In-Reply-To: <20150127012347.GA4940@lonesome.com> Message-ID: <20150127141239.V77290@sola.nimnet.asn.au> References: <20150127012347.GA4940@lonesome.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: jail@freebsd.org, "Michael W. Lucas" , Sean Chittenden X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 03:46:21 -0000 On Mon, 26 Jan 2015 19:23:48 -0600, Mark Linimon wrote: [Sean Chittenden wrote:] > > > For years I've used and endorsed ezjail, but as stated, it is depreciated. > > Hmm, there's no notation at > http://portsmon.freebsd.org/portoverview.py?category=sysutils&portname=ezjail , > nor in the Makefile AFAICT. > > > > For a book, excluding ezjail would exclude a huge portion of the user base > > > and seems like it would hurt credibility given its dominance as the > > > preferred tool for jail administration. I agree with this; given its history and installed base it certainly deserves some coverage with at least references to its documentation, as a precursor to more recently emerging, likely more comprehensive tools. > On Mon, Jan 26, 2015 at 12:54:50PM -0500, Alejandro Imass wrote: > > Maybe is something obvious to the more technical crowd but as a user what > > does "depreciated" mean in this context? > > Really the word most people use is "deprecated" rather than "depreciated". > > It can mean any number of things: > > - it no longer works due to changes in other software > - it has been replaced by something else > - the author is no longer interested in maintaining it > > and so forth. > > I don't know the answer in this case. As Alejandro went on to point out, depreciate means (ref Concise Oxford) 'Diminish in value' or 'Lower market price of; reduce purchasing power of (money); disparage, belittle' (L. pretiare f. pretium price), while deprecate means 'Plead against; express wish against or disapproval of (L. precari pray). Different, with some overlap regarding belittlement. The former term is prominent in Joe's http://jail-primer.sourceforge.net/ cheers, Ian From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 05:02:04 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A04162CB for ; Tue, 27 Jan 2015 05:02:04 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 5FB01C3B for ; Tue, 27 Jan 2015 05:02:03 +0000 (UTC) Received: from [192.168.1.2] (Seawolf.HML3.ScaleEngine.net [209.51.186.28]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 7D95E8FC98 for ; Tue, 27 Jan 2015 05:01:55 +0000 (UTC) Message-ID: <54C71BC9.5010103@freebsd.org> Date: Tue, 27 Jan 2015 00:02:01 -0500 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> In-Reply-To: <20150127141239.V77290@sola.nimnet.asn.au> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="q0jmlKAOpBBvhTkbTO9JequHDCIP0T4vQ" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 05:02:04 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --q0jmlKAOpBBvhTkbTO9JequHDCIP0T4vQ Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015-01-26 22:46, Ian Smith wrote: > On Mon, 26 Jan 2015 19:23:48 -0600, Mark Linimon wrote: > [Sean Chittenden wrote:] > > > > For years I've used and endorsed ezjail, but as stated, it is de= preciated. > >=20 > > Hmm, there's no notation at > > http://portsmon.freebsd.org/portoverview.py?category=3Dsysutils&port= name=3Dezjail , > > nor in the Makefile AFAICT. > >=20 > > > > For a book, excluding ezjail would exclude a huge portion of the= user base > > > > and seems like it would hurt credibility given its dominance as = the > > > > preferred tool for jail administration. >=20 > I agree with this; given its history and installed base it certainly=20 > deserves some coverage with at least references to its documentation, a= s=20 > a precursor to more recently emerging, likely more comprehensive tools.= >=20 > > On Mon, Jan 26, 2015 at 12:54:50PM -0500, Alejandro Imass wrote: > > > Maybe is something obvious to the more technical crowd but as a us= er what > > > does "depreciated" mean in this context? > >=20 > > Really the word most people use is "deprecated" rather than "depreci= ated". > >=20 > > It can mean any number of things: > >=20 > > - it no longer works due to changes in other software > > - it has been replaced by something else > > - the author is no longer interested in maintaining it > >=20 > > and so forth. > >=20 > > I don't know the answer in this case. >=20 > As Alejandro went on to point out, depreciate means (ref Concise Oxford= )=20 > 'Diminish in value' or 'Lower market price of; reduce purchasing power = > of (money); disparage, belittle' (L. pretiare f. pretium price), while = > deprecate means 'Plead against; express wish against or disapproval of = > (L. precari pray). Different, with some overlap regarding belittlement= =2E >=20 > The former term is prominent in Joe's http://jail-primer.sourceforge.ne= t/ >=20 > cheers, Ian > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 Ezjail still works perfectly fine. It is moderately actively maintained, it works very well with ZFS. The value of having a single basejail, rather than multiple is slightly diminished by the fact that we all have more disk space than we used to, and the fact that ZFS could clone a common dataset to save some space, but, when it comes time to upgrade the common basejail is useful. The process can be a bit awkward at times, but it generally works fine. I still use ezjail a lot, and have no problems with it. --=20 Allan Jude --q0jmlKAOpBBvhTkbTO9JequHDCIP0T4vQ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUxxvMAAoJEJrBFpNRJZKf580QAKtOwZ/K9yLwTIhUeTcUMvGV vhEP/ndPQK0KAd1sfdeC6wMdSjgzp03hF8M0PCJmhf1aTbOrXioQmc1RGEVPi+Zt sYenSobqH/A11KEyaqXPwdF+LNLIQGZVtZ3cAKfAExCPecPwlS/FQxU/MLbl+bkQ 2AIvm5wKRy1HRwkmGmn+72kmx/rmna9eUlHstv+NXIMpqdod5JmhvrSBU2jl7K4F 85kDPFgyCZe+V9IYCk/9fu0u02WK1/AGZo7xlx/FNM5XNXKctHcl21C7NhhTqDW6 9DF23FA73NdUeQ8eozIacVrsWVmtoUeYc9jS8mw6XpXDJ1gWkmK3MRPwuzlDN7CK 5t0Te7kQVzAuZTHVHEbceH1tbZ2OeBDrDPo5V/66I3Y8W51er1e/CPBQVZkewh6h WYghLIqLuGo8dBPy2C5TfP4/RdlNj9Tue7N+iqhFGUFIcPwb+2XO9i9eIQBjhhSC FWLteA/S49irZiZ8CvBuuNdOZKKIt77EWTKR/267UudW72nbYZioQ0+LHGGnuESe JXzz9Zi5IOYEMSSOtw+6L1U5niSVTHR3TcrInvyNkKH3E5NoCvNA061g157Jw0CO VjSyJ3GzlpcOt8JY6VhmGzZxuwTEkJf0ZahlzSCUPzcOlVxAZRK3NaStlM6h8hMW Qn7cR/6sfLUKtJZbSZsV =d8ho -----END PGP SIGNATURE----- --q0jmlKAOpBBvhTkbTO9JequHDCIP0T4vQ-- From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 13:41:31 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E6CE714 for ; Tue, 27 Jan 2015 13:41:30 +0000 (UTC) Received: from mail-pd0-x233.google.com (mail-pd0-x233.google.com [IPv6:2607:f8b0:400e:c02::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B198ECE6 for ; Tue, 27 Jan 2015 13:41:30 +0000 (UTC) Received: by mail-pd0-f179.google.com with SMTP id v10so18922794pde.10 for ; Tue, 27 Jan 2015 05:41:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=w2ZlS3gr+SzmW2/ftrx6lJo93AiqIptEGqonnfLJ+2A=; b=TVfxubm6+Gt1eKvJJMJhZS+lMqDFxGl+N5zZH1RljXxFKi2Bxl0OGeDTH1xBvtztmp eI38aTBh7IsbziZLqu9b2tG43m8MgFhBqECfXKjhy43eEgm7Ad31fNJysRrFPxHK9aLV azz2p9T1hCR8UMPwc7NWfU6odgOeO7yBGHzUHqznEMVe7o4Ak5Qp9dFItru9eOHVtUou vuH5Pr+/EKHhYaC5IL4YP1UMB/S+dG0tzywVvuuvw8q9XdEMDimS5hyxq5wyNFU7pkSi xsuxxZ19G/oue2pQ6JtHbjkRcHCXmvZLem8XckYVCwsKcPphTZQW8SqZ2E3Hatq4Sqan lvEA== X-Received: by 10.66.157.5 with SMTP id wi5mr2051856pab.37.1422366090295; Tue, 27 Jan 2015 05:41:30 -0800 (PST) Received: from [192.168.0.110] ([120.29.76.208]) by mx.google.com with ESMTPSA id bk8sm1702437pad.28.2015.01.27.05.41.28 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 27 Jan 2015 05:41:29 -0800 (PST) Message-ID: <54C7958B.40007@gmail.com> Date: Tue, 27 Jan 2015 21:41:31 +0800 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: jail@freebsd.org Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> In-Reply-To: <20150127141239.V77290@sola.nimnet.asn.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "Michael W. Lucas" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 13:41:31 -0000 Ian Smith wrote: > On Mon, 26 Jan 2015 19:23:48 -0600, Mark Linimon wrote: > [Sean Chittenden wrote:] > > > > For years I've used and endorsed ezjail, but as stated, it is depreciated. > > > > Hmm, there's no notation at > > http://portsmon.freebsd.org/portoverview.py?category=sysutils&portname=ezjail , > > nor in the Makefile AFAICT. > > > > > > For a book, excluding ezjail would exclude a huge portion of the user base > > > > and seems like it would hurt credibility given its dominance as the > > > > preferred tool for jail administration. > > I agree with this; given its history and installed base it certainly > deserves some coverage with at least references to its documentation, as > a precursor to more recently emerging, likely more comprehensive tools. > > > On Mon, Jan 26, 2015 at 12:54:50PM -0500, Alejandro Imass wrote: > > > Maybe is something obvious to the more technical crowd but as a user what > > > does "depreciated" mean in this context? > > > > Really the word most people use is . > > > > It can mean any number of things: > > > > - it no longer works due to changes in other software > > - it has been replaced by something else > > - the author is no longer interested in maintaining it > > > > and so forth. > > > > I don't know the answer in this case. > > As Alejandro went on to point out, depreciate means (ref Concise Oxford) > 'Diminish in value' or 'Lower market price of; reduce purchasing power > of (money); disparage, belittle' (L. pretiare f. pretium price), while > deprecate means 'Plead against; express wish against or disapproval of > (L. precari pray). Different, with some overlap regarding belittlement. > > The former term is prominent in Joe's http://jail-primer.sourceforge.net/ > > cheers, Ian > > Your correct that ezjail does not proclaim it self as "deprecated" / "depreciated". But if you were real jail users you would have seen the "deprecated" / "depreciated" message that pops out when you start a jail that is defined in rc.conf file in FreeBSD 10.0. That jail start up warning message also tells you to convert to using jail.conf file. With the progression of each new major Freebsd release since 9.1 jail(8) has become the jail driver and the rc.conf jail definition statements slowly being replaced by jail.conf as the only supported jail definition method. With this as a fact and a review of the ezjail change log it becomes evident that ezjail does not support jail.conf at this time. 11.0 will shortly be published and to my knowledge support for jails defined in rc.conf will no longer be supported. You do the math, ezjail is at end of life unless it under goes a major change to using the jail.conf file before 11.0 is published. This was pointed out in the original post, but which the readers choose to ignore. I hope the ezjail author takes this thread as incentive to keep his utility up to date and not let it die due to changing software in Freebsd base code. All I am doing is pointing out the facts here. I though it was important for the guy who wants to write a book on jails to know the facts so he can make an informed decision about which tools to write about, To me it would seem pretty silly to invest the time to write about a jail tool that at this time in its development is "deprecated" / "depreciated" by circumstances out of its control. In my opinion any port that does not include complete documentation in its man pages is next to useless and many people agree. Ezjail man pages lack documentation on 98 percent of its functions. I do not see HOW a book on jails can recommend a tool with such poor documentation. Doing so would put the creditability of every thing written in the book in doubt and NO author wants to get mud in their face for failing to completely understand the unpublished background of the subject targeted to write about. In a nut shell, since 9.1 jails have been a moving target as the implementation of jail(8) replaces the rc.d/jail method. Hopefully with 11.0 the jail target will stop moving. This means that most of the jail ports dealing with Releases 8.x, and 9.x, are obsolete for 11.0. On the subject of vimage/vnet, vimage has many outstanding PRs and has received absolutely no maintenance since it was first published. The bugs deal with memory leaks and failure to work with firewalls. Some ISP's have downplayed these show stopper problems and successfully created working production environments at the risk of their subscribers. An experts knowledge of networking and the availability of a range of static ip addresses is required. Vimage/vnet sure is not intended for the home user or small business. Vimage has to be compiled into the kernel and its kernel compile option has comment that it is highly experimental. That is all that needs to be said about vimage/vnet. When it comes to "deprecated" / "depreciated". Nit picking over the letter "i" in the spelling of the word is crazy. You all know Freebsd meaning and its not what the dictionary says. My dictionary shows both words mean the same thing, one being the USA spelling and the other being the British spelling. Enough said about spelling. From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 14:17:09 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5C0E7AE1 for ; Tue, 27 Jan 2015 14:17:09 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2B5DB15A for ; Tue, 27 Jan 2015 14:17:08 +0000 (UTC) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 6E23120AA8 for ; Tue, 27 Jan 2015 09:17:05 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute5.internal (MEProxy); Tue, 27 Jan 2015 09:17:05 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:subject :date:in-reply-to:references; s=smtpout; bh=8wJWvcUpKM2i806fz2HC 3cE3qvA=; b=f1+GEW8qaAYp5Ag06wZ27AOvUIj1RVkNMNA7U3zis0eQC64JVvHR 8dNVuYweGIxbz4qvOewXR0WkBjJgKXP82TOdx8QA0ADrR4a4W6ce+MBNd97Gezrc 2FHOqtJ/9E3nyOnkUsXwTFmfNRWwQov/XSY4B5bDMxGm2cM0RVTjbGA= Received: by web3.nyi.internal (Postfix, from userid 99) id 3E60910BA68; Tue, 27 Jan 2015 09:17:05 -0500 (EST) Message-Id: <1422368225.3958980.219494573.4EAD939C@webmail.messagingengine.com> X-Sasl-Enc: 41kSlclwzMNjGh+yZHzLPjIacddgPH4wfbQ9SAZR8JCe 1422368225 From: Mark Felder To: freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-46f3f2c7 Subject: Re: preferred jail management tool Date: Tue, 27 Jan 2015 08:17:05 -0600 In-Reply-To: <54C7958B.40007@gmail.com> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 14:17:09 -0000 On Tue, Jan 27, 2015, at 07:41, Ernie Luzar wrote: > > On the subject of vimage/vnet, vimage has many outstanding PRs and has > received absolutely no maintenance since it was first published. This statement is ridiculous. r276747 | rodrigc | 2015-01-06 03:03:03 -0600 (Tue, 06 Jan 2015) | 7 lines Instead of creating a purge thread for every vnet, create a single purge thread and clean up all vnets from this thread. r276746 | rodrigc | 2015-01-06 02:39:06 -0600 (Tue, 06 Jan 2015) | 14 lines Merge: r258322 from projects/pf branch Split functions that initialize various pf parts into their vimage parts and global parts. Since global parts appeared to be only mutex initializations, just abandon them and use MTX_SYSINIT() instead. Kill my incorrect VNET_FOREACH() iterator and instead use correct approach with VNET_SYSINIT(). r275599 | rodrigc | 2014-12-08 01:25:59 -0600 (Mon, 08 Dec 2014) | 11 lines Use CURVNET macros inside inet_get_local_port_range() function. Without this fix, a kernel with VIMAGE + Infiniband will panic on bootup. Certain necessary #include statements require LIST_HEAD. Add these includes to ofed/include/linux/list.h, because LIST_HEAD is specifically overridden in this file. r275555 | rodrigc | 2014-12-05 20:59:59 -0600 (Fri, 05 Dec 2014) | 8 lines MFp4: @181627 Allow UMA allocated memory to be freed when VNET jails are torn down. r274803 | rodrigc | 2014-11-21 11:57:37 -0600 (Fri, 21 Nov 2014) | 4 lines Create a vimage.9 link to vnet.9 r274745 | rodrigc | 2014-11-20 03:56:34 -0600 (Thu, 20 Nov 2014) | 8 lines MFp4: @179066 Add page which describes VNET network stack virtualization infrastructure. r274744 | rodrigc | 2014-11-20 02:11:54 -0600 (Thu, 20 Nov 2014) | 15 lines Set the current vnet inside the ioctl handler for ipfilter. Without this fix, the vnet was NULL and would crash. This fix is similar to what was done inside the ioctl handler for PF. Tested by: (1) Boot a kernel with "options VIMAGE" enabled (2) Type: echo "map lo0 from 10.0.0.0/24 to ! 10.0.0.0/24 -> 127.0.0.1/32" > /etc/ipnat.rules ; service ipnat onerestart r272889 | hrs | 2014-10-10 01:45:13 -0500 (Fri, 10 Oct 2014) | 5 lines Virtualize if_epair(4). An if_xname check for both "a" and "b" interfaces is added to return EEXIST when only "b" interface exists---this can happen when epairb is moved to a vnet jail and then "ifconfig epair create" is invoked there. r272386 | hrs | 2014-10-01 16:37:32 -0500 (Wed, 01 Oct 2014) | 10 lines Virtualize lagg(4) cloner. This change fixes a panic when tearing down if_lagg(4) interfaces which were cloned in a vnet jail. Sysctl nodes which are dynamically generated for each cloned interface (net.link.lagg.N.*) have been removed, and use_flowid and flowid_shift ifconfig(8) parameters have been added instead. Flags and per-interface statistics counters are displayed in "ifconfig -v". I could go on, but I'm sure you can search the svn logs yourself. > Vimage has to be compiled into the kernel and its kernel compile option > has comment that it is highly experimental. No it doesn't. # Network stack virtualization. #options VIMAGE #options VNET_DEBUG # debug for VIMAGE See for yourself: https://svnweb.freebsd.org/base/head/sys/conf/NOTES?view=markup From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 14:24:37 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BB925BBC for ; Tue, 27 Jan 2015 14:24:37 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8AB9D253 for ; Tue, 27 Jan 2015 14:24:37 +0000 (UTC) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 8269B20606 for ; Tue, 27 Jan 2015 09:24:36 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Tue, 27 Jan 2015 09:24:36 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:subject :date:in-reply-to:references; s=smtpout; bh=iZ8NeUwrQekcyYGXMRLI d7NKuZg=; b=rKNOEdhs5blErY8EFB1quQlH+bcDWzeYF6qLe7p8law0BZlKKc4K 5P792zuu6x1dMtRuTDLuog23+tyboyvT6HlvJlkwNSPBq69/S3F6teOt53bOCnkX yOXFcQI5fdHhm1b8P9I1K+It3UV83e2u1DMQJifCZvzSVjYDA+TEsfM= Received: by web3.nyi.internal (Postfix, from userid 99) id 5C2AE10BAEC; Tue, 27 Jan 2015 09:24:36 -0500 (EST) Message-Id: <1422368676.3961740.219503001.5902F45A@webmail.messagingengine.com> X-Sasl-Enc: /jtAAKStF17/cuyK0hLHm2Tc6YiTh1v6VfeIhvwJmW5V 1422368676 From: Mark Felder To: freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-46f3f2c7 Subject: Re: preferred jail management tool Date: Tue, 27 Jan 2015 08:24:36 -0600 In-Reply-To: <1422368225.3958980.219494573.4EAD939C@webmail.messagingengine.com> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <1422368225.3958980.219494573.4EAD939C@webmail.messagingengine.com> X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 14:24:37 -0000 On Tue, Jan 27, 2015, at 08:17, Mark Felder wrote: > On Tue, Jan 27, 2015, at 07:41, Ernie Luzar wrote: > > > Vimage has to be compiled into the kernel and its kernel compile option > > has comment that it is highly experimental. > > No it doesn't. > > # Network stack virtualization. > #options VIMAGE > #options VNET_DEBUG # debug for VIMAGE > > See for yourself: > > https://svnweb.freebsd.org/base/head/sys/conf/NOTES?view=markup > To clarify, I was referring to the kernel compile option being marked as experimental. You still have to custom compile a kernel to include it. From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 15:02:03 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D8691A0; Tue, 27 Jan 2015 15:02:03 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5A46E894; Tue, 27 Jan 2015 15:02:02 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id t0RF1x2a038941; Wed, 28 Jan 2015 02:01:59 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 28 Jan 2015 02:01:59 +1100 (EST) From: Ian Smith To: Mark Felder Subject: Re: preferred jail management tool In-Reply-To: <1422368676.3961740.219503001.5902F45A@webmail.messagingengine.com> Message-ID: <20150128015418.O77290@sola.nimnet.asn.au> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <1422368225.3958980.219494573.4EAD939C@webmail.messagingengine.com> <1422368676.3961740.219503001.5902F45A@webmail.messagingengine.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 15:02:03 -0000 On Tue, 27 Jan 2015 08:24:36 -0600, Mark Felder wrote: > On Tue, Jan 27, 2015, at 08:17, Mark Felder wrote: > > On Tue, Jan 27, 2015, at 07:41, Ernie Luzar wrote: > > > > > Vimage has to be compiled into the kernel and its kernel compile option > > > has comment that it is highly experimental. > > > > No it doesn't. > > > > # Network stack virtualization. > > #options VIMAGE > > #options VNET_DEBUG # debug for VIMAGE > > > > See for yourself: > > > > https://svnweb.freebsd.org/base/head/sys/conf/NOTES?view=markup > > > > To clarify, I was referring to the kernel compile option being marked as > experimental. You still have to custom compile a kernel to include it. And at least some of the recent and current vnet work is directed towards including VIMAGE in the GENERIC kernel, perhaps by 11.0 .. cheers, Ian From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 16:12:45 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 65ECEA7A for ; Tue, 27 Jan 2015 16:12:45 +0000 (UTC) Received: from mail-qa0-f45.google.com (mail-qa0-f45.google.com [209.85.216.45]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 22C03F8B for ; Tue, 27 Jan 2015 16:12:44 +0000 (UTC) Received: by mail-qa0-f45.google.com with SMTP id n8so12027396qaq.4 for ; Tue, 27 Jan 2015 08:12:38 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=v/HWZU48I+6KZsuHKQYyssxM1HaeK7cUvoCzhh64opQ=; b=IftSI/wNN+2fdd7udgAWagDHEVzChncNjU0d+zpFZbr00cVgY3scORfplp4yoHyppy 9VJLwCyY7rX5MJ+gzKdCzZV4PSWBlqazSXr8bk5Bsj2twrud/x6+7spXwqijc/+xiERZ fqKRNY++mH55UEWkCSXNkMMQWzl9j7XBgZmK08d1ou4TE4AbWlZBdDlfF4IhdfSZ/ho3 mo0C5XN3QSzcgBCdGjfwtGV5XYLIYh3I3gANhIbVuZnxQ3E/78uAzFVgnNmKGj3/OfGY JrgXdzMHaKT5S6o5XxdL9giggXy6HiFFSnPWdAsUW9izFk+E1iWEkOnBxw6L+ebjbJlo ihjQ== X-Gm-Message-State: ALoCoQn/nFclw/P60Vgig8FfguA2oB33sUOc1sx6/5pqspcTqOzJv2XHz7a1zgxy4bHdIeE/tT7N MIME-Version: 1.0 X-Received: by 10.140.108.134 with SMTP id j6mr3201408qgf.68.1422375157811; Tue, 27 Jan 2015 08:12:37 -0800 (PST) Received: by 10.140.21.133 with HTTP; Tue, 27 Jan 2015 08:12:37 -0800 (PST) In-Reply-To: <54C7958B.40007@gmail.com> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> Date: Tue, 27 Jan 2015 11:12:37 -0500 Message-ID: Subject: Re: preferred jail management tool From: Alejandro Imass To: Ernie Luzar Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: jail@freebsd.org, "Michael W. Lucas" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 16:12:45 -0000 On Tue, Jan 27, 2015 at 8:41 AM, Ernie Luzar wrote: > Ian Smith wrote: > >> On Mon, 26 Jan 2015 19:23:48 -0600, Mark Linimon wrote: >> [Sean Chittenden wrote:] >> > > > For years I've used and endorsed ezjail, but as stated, it is >> depreciated. >> > > Hmm, there's no notation at >> > http://portsmon.freebsd.org/portoverview.py?category= >> sysutils&portname=ezjail , >> > nor in the Makefile AFAICT. >> > > > > For a book, excluding ezjail would exclude a huge portion of >> the user base >> > > > and seems like it would hurt credibility given its dominance as the >> > > > preferred tool for jail administration. >> >> I agree with this; given its history and installed base it certainly >> deserves some coverage with at least references to its documentation, as a >> precursor to more recently emerging, likely more comprehensive tools. >> >> > On Mon, Jan 26, 2015 at 12:54:50PM -0500, Alejandro Imass wrote: >> > > Maybe is something obvious to the more technical crowd but as a user >> what >> > > does "depreciated" mean in this context? >> > > Really the word most people use is . >> > > It can mean any number of things: >> > > - it no longer works due to changes in other software >> > - it has been replaced by something else >> > - the author is no longer interested in maintaining it >> > > and so forth. >> > > I don't know the answer in this case. >> >> As Alejandro went on to point out, depreciate means (ref Concise Oxford) >> 'Diminish in value' or 'Lower market price of; reduce purchasing power of >> (money); disparage, belittle' (L. pretiare f. pretium price), while >> deprecate means 'Plead against; express wish against or disapproval of (L. >> precari pray). Different, with some overlap regarding belittlement. >> >> The former term is prominent in Joe's http://jail-primer.sourceforge.net/ >> >> cheers, Ian >> >> >> > [...] > to using the jail.conf file before 11.0 is published. This was pointed out > in the original post, but which the readers choose to ignore. > I just re-read the op and there is no mention of the jail.conf issue, unless you are referring to another thread. I have in fact read the deprecation message you are referring to but have been confident (perhaps naively) that is a transitory problem and will get fixed eventually. > I hope the ezjail author takes this thread as incentive to keep his > utility up to date and not let it die due to changing software in Freebsd > base code. All I am doing is pointing out the facts here. > > Why wouldn't it be so? After all it's been around for a while and has adapted well IMHO. As pointed out I have used it since FBSD 7 and hardly have had any issues. Of course mine is not an expert opinion, just the point of view of a regular user. > I though it was important for the guy who wants to write a book on jails > to know the facts so he can make an informed decision > about which tools to write about, To me it would seem pretty silly to > invest the time to write about a jail tool that at this time > in its development is "deprecated" / "depreciated" by circumstances out of > its control. > > In my opinion any port that does not include complete documentation in > its man pages is next to useless and many people agree. Ezjail man pages > lack documentation on 98 percent of its functions. I do not see HOW a book > on jails can recommend a tool with > such poor documentation. Doing so would put the creditability of every > thing written in the book in doubt and NO author wants to get > mud in their face for failing to completely understand the unpublished > background of the subject targeted to write about. > > Not sure what you are talking about here. I started using EzJail 8 years ago just by reading the project Web page and I use man ezjail-admin _all the time_ (my memory is pretty bad so I use this man page constantly). Not sure what the 98% missing functions are. There is basically a single command and at least all the functions I use are in that single man page. > In a nut shell, since 9.1 jails have been a moving target as the > implementation of jail(8) replaces the rc.d/jail method. Hopefully with > 11.0 the jail target will stop moving. This means that most of the jail > ports dealing with Releases 8.x, and 9.x, > are obsolete for 11.0. > > You mean that the jail features of the core OS will make the administration as easy as EzJail (and other such tools) and make them obsolete? [...] > When it comes to "deprecated" / "depreciated". Nit picking over the letter > "i" in the spelling of the word is crazy. > You all know Freebsd meaning and its not what the dictionary says. > My dictionary shows both words mean the same thing, one being the USA > spelling and the other being the British spelling. > Enough said about spelling. > > This was not my intention at all. I was under the impression that the intended word was actually "depreciated" (as in losing value over time) giving the benefit of the doubt to the OP that the intention was not to spread unnecessary FUD to the EzJail user base. If in fact as you say 11.0 will make tools like this obsolete (not just an EzJail thing) then the word is perfectly used in it's context and is not a spelling issue. If this is so, can you please expand a little on how 11.0 will make tools like this obsolete, or at least that is what I could interpret from your message. Thanks, -- Alejandro Imass From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 16:57:53 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AEF8D190 for ; Tue, 27 Jan 2015 16:57:53 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7DD826A8 for ; Tue, 27 Jan 2015 16:57:53 +0000 (UTC) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 1183D20817 for ; Tue, 27 Jan 2015 11:57:46 -0500 (EST) Received: from web5 ([10.202.2.215]) by compute4.internal (MEProxy); Tue, 27 Jan 2015 11:57:46 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:subject :date:in-reply-to:references; s=smtpout; bh=3Cj0tkPPA6FEO/wLsJkM yaXR82g=; b=HasvtY5zrzTrJtR9p5x1CL4MDj/zTaF3zKeEX3FZlVPJPZzpIT1l w7zcsRrvjCKuJ1M21bXguUkjEh8ddox7BhiU3K2qsWW7gT2zx3EaM6O6Ps3J/gA+ 4RnuwLtMat2B5721WfNdryVQrjTTiVB2u2nCDPDheFkSm90VCMuAXxw= Received: by web5.nyi.internal (Postfix, from userid 99) id DF85EA67F0A; Tue, 27 Jan 2015 11:57:45 -0500 (EST) Message-Id: <1422377865.3055728.219576589.684C5A1B@webmail.messagingengine.com> X-Sasl-Enc: Vr9+yPqNQ+ik5erMeWfzk1WJL6yzYKmhaZF9xB4dGm9C 1422377865 From: Mark Felder To: freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-46f3f2c7 Subject: Re: preferred jail management tool Date: Tue, 27 Jan 2015 10:57:45 -0600 In-Reply-To: References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 16:57:53 -0000 On Tue, Jan 27, 2015, at 10:12, Alejandro Imass wrote: > On Tue, Jan 27, 2015 at 8:41 AM, Ernie Luzar wrote: > > > Ian Smith wrote: > > > > In my opinion any port that does not include complete documentation in > > its man pages is next to useless and many people agree. Ezjail man pages > > lack documentation on 98 percent of its functions. I do not see HOW a book > > on jails can recommend a tool with > > such poor documentation. Doing so would put the creditability of every > > thing written in the book in doubt and NO author wants to get > > mud in their face for failing to completely understand the unpublished > > background of the subject targeted to write about. > > > > > Not sure what you are talking about here. I started using EzJail 8 years > ago just by reading the project Web page and I use man ezjail-admin _all > the time_ (my memory is pretty bad so I use this man page constantly). > Not > sure what the 98% missing functions are. There is basically a single > command and at least all the functions I use are in that single man page. > > I'll admit that last time I used ezjail I found it frustratingly difficult to locate concise documentation on exactly how flavours worked, and how to use scripts to do things to the new jails as well as copying in the files I wanted. Maybe I just didn't look hard enough, though. From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 17:03:20 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A13F02E3 for ; Tue, 27 Jan 2015 17:03:20 +0000 (UTC) Received: from elektropost.org (elektropost.org [217.115.13.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E0F8E7DB for ; Tue, 27 Jan 2015 17:03:19 +0000 (UTC) Received: (qmail 62208 invoked from network); 27 Jan 2015 17:03:11 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 27 Jan 2015 17:03:11 -0000 Message-ID: <54C7C4C4.60908@erdgeist.org> Date: Tue, 27 Jan 2015 18:03:00 +0100 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Mark Felder , freebsd-jail@freebsd.org Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <1422377865.3055728.219576589.684C5A1B@webmail.messagingengine.com> In-Reply-To: <1422377865.3055728.219576589.684C5A1B@webmail.messagingengine.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 17:03:20 -0000 On 27.01.15 17:57, Mark Felder wrote: > I'll admit that last time I used ezjail I found it frustratingly > difficult to locate concise documentation on exactly how flavours > worked, and how to use scripts to do things to the new jails as well as > copying in the files I wanted. Maybe I just didn't look hard enough, > though. Well, I built flavours as stupidly simply as it gets: all it does is to copy files and some of them happen to be located in /etc/rc.d, being executed at the first start up. If you would have taken a single look into the example flavour, you should have noticed. Even in the old docs this was pointed out, the overhauled man pages do that even more precisely. erdgeist From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 17:13:20 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 87B7846A for ; Tue, 27 Jan 2015 17:13:20 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5497A8FA for ; Tue, 27 Jan 2015 17:13:19 +0000 (UTC) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 02B4B2101F for ; Tue, 27 Jan 2015 12:13:18 -0500 (EST) Received: from web2 ([10.202.2.212]) by compute6.internal (MEProxy); Tue, 27 Jan 2015 12:13:19 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:subject :date:in-reply-to:references; s=smtpout; bh=lG7qCyMC/BszU3opxyFc csLtHDA=; b=Y/JGnpq18V7KCnHLc8gdcr2wNCosuV3wqepC51ANK3XLvisKJw0W 4M7JvgrKKfdW5Kr3ZewqlCtgKhVW05BR+cnQPe5V4J4BSrHlfBdzO60xfqbOtCVQ UGYmkUTdalkoxLritei0hd+O49HS+fet9+zjiFOB8YJ2J8mrWg/M9w8= Received: by web2.nyi.internal (Postfix, from userid 99) id BC747540442; Tue, 27 Jan 2015 12:13:18 -0500 (EST) Message-Id: <1422378798.471657.219584245.23835460@webmail.messagingengine.com> X-Sasl-Enc: dLQH7CuLpjzqF/bt2KIkNlzScnxceLNNXLhNukhYlIMv 1422378798 From: Mark Felder To: Dirk Engling , freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-46f3f2c7 Subject: Re: preferred jail management tool Date: Tue, 27 Jan 2015 11:13:18 -0600 In-Reply-To: <54C7C4C4.60908@erdgeist.org> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <1422377865.3055728.219576589.684C5A1B@webmail.messagingengine.com> <54C7C4C4.60908@erdgeist.org> X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 17:13:20 -0000 On Tue, Jan 27, 2015, at 11:03, Dirk Engling wrote: > On 27.01.15 17:57, Mark Felder wrote: > > > I'll admit that last time I used ezjail I found it frustratingly > > difficult to locate concise documentation on exactly how flavours > > worked, and how to use scripts to do things to the new jails as well as > > copying in the files I wanted. Maybe I just didn't look hard enough, > > though. > > Well, I built flavours as stupidly simply as it gets: all it does is to > copy files and some of them happen to be located in /etc/rc.d, being > executed at the first start up. If you would have taken a single look > into the example flavour, you should have noticed. > > Even in the old docs this was pointed out, the overhauled man pages do > that even more precisely. > Eventually I figured out I could just mirror hier(7) in the flavour and it would copy files in, but I swear there were references to people getting the flavour to run custom shell scripts during the creation of the jail but I couldn't find good examples of that. Again, this was a couple years ago. I don't have recent experience or memories of this exact problem. From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 17:17:33 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DAE4D56A for ; Tue, 27 Jan 2015 17:17:33 +0000 (UTC) Received: from elektropost.org (elektropost.org [217.115.13.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 27BE593B for ; Tue, 27 Jan 2015 17:17:32 +0000 (UTC) Received: (qmail 68101 invoked from network); 27 Jan 2015 17:17:30 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 27 Jan 2015 17:17:30 -0000 Message-ID: <54C7C828.4070703@erdgeist.org> Date: Tue, 27 Jan 2015 18:17:28 +0100 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Ernie Luzar , jail@freebsd.org Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> In-Reply-To: <54C7958B.40007@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Cc: "Michael W. Lucas" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 17:17:33 -0000 On 27.01.15 14:41, Ernie Luzar wrote: > I hope the ezjail author takes this thread as incentive to keep his > utility up to date and not let it die due to changing software in Freebsd > base code. All I am doing is pointing out the facts here. I am reading the thread. And I have been following the discussion for a long time. I have been served the jail.conf file format and offered my help improving the jail(8) tool to allow for manipulation of the jail.conf, because ezjail as a shell tool can not parse the format and keeping a shadow config with potentially conflicting information is not a stable way to maintain ones config A short summary is here: https://elektropost.org/ezjail/msg00149.html I also heard rumors that the jail.conf format is an intermediate format only, and/or there's gonna be a library to parse and manipulate all kind of structured config in FreeBSD. So I'd be very interested in keeping up with the base system's development, but regarding jail configs it looks like I'm stuck with the "use your vi to configure your jails" approach for 3 years now. Is there anyone feeling responsible for the jail(8) tool at the moment willing to accept patches and discuss development? erdgeist From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 17:23:13 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 278F8695 for ; Tue, 27 Jan 2015 17:23:13 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E9EA8A1C for ; Tue, 27 Jan 2015 17:23:12 +0000 (UTC) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id E674E213DD for ; Tue, 27 Jan 2015 12:23:11 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute2.internal (MEProxy); Tue, 27 Jan 2015 12:23:11 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to:cc :mime-version:content-transfer-encoding:content-type:in-reply-to :references:subject:date; s=smtpout; bh=jNenpreKhy52Yb9azFumyGqY JIQ=; b=edRUHvVPKuULEt7nicRsP4ib9vmEwmvqUkF9VF78inUKAdbfPlkNvXdJ 2YMdgcwbEDX8tQmOCc1uMbYlB3JsMwOxKInn19Ygx9hbAMd4LeL/kvPRpg+HyUpf sGkkTS3FjCASqXiKmnfKcGKinJ06byW/j89cUwdkYrDt7E19NEo= Received: by web3.nyi.internal (Postfix, from userid 99) id AF4E510C715; Tue, 27 Jan 2015 12:23:11 -0500 (EST) Message-Id: <1422379391.4042797.219588169.1818EA41@webmail.messagingengine.com> X-Sasl-Enc: lF4J/Joytv5alb3g7Memp96+d0IhOFrpYZd4j70xhUvW 1422379391 From: Mark Felder To: freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-46f3f2c7 In-Reply-To: <54C7C828.4070703@erdgeist.org> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> Subject: Future of jail(8) [WAS: preferred jail management tool] Date: Tue, 27 Jan 2015 11:23:11 -0600 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 17:23:13 -0000 On Tue, Jan 27, 2015, at 11:17, Dirk Engling wrote: > On 27.01.15 14:41, Ernie Luzar wrote: > > > I hope the ezjail author takes this thread as incentive to keep his > > utility up to date and not let it die due to changing software in Freebsd > > base code. All I am doing is pointing out the facts here. > > I am reading the thread. And I have been following the discussion for a > long time. > > I have been served the jail.conf file format and offered my help > improving the jail(8) tool to allow for manipulation of the jail.conf, > because ezjail as a shell tool can not parse the format and keeping a > shadow config with potentially conflicting information is not a stable > way to maintain ones config > > A short summary is here: > > https://elektropost.org/ezjail/msg00149.html > > I also heard rumors that the jail.conf format is an intermediate format > only, and/or there's gonna be a library to parse and manipulate all kind > of structured config in FreeBSD. > > So I'd be very interested in keeping up with the base system's > development, but regarding jail configs it looks like I'm stuck with the > "use your vi to configure your jails" approach for 3 years now. > > Is there anyone feeling responsible for the jail(8) tool at the moment > willing to accept patches and discuss development? > This makes sense to be broken out into its own thread. And I agree -- patches to jail(8) or a tool like sysrc(8) for editing jail.conf would be a great way to allow third party tools to manage jail.conf cleanly and effectively. From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 17:54:12 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BBB54E5 for ; Tue, 27 Jan 2015 17:54:12 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id 95752D8C for ; Tue, 27 Jan 2015 17:54:12 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id B0365CB8C9D; Tue, 27 Jan 2015 11:54:05 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Tue, 27 Jan 2015 11:54:05 -0600 (CST) Message-ID: <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> In-Reply-To: <54C7C828.4070703@erdgeist.org> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> Date: Tue, 27 Jan 2015 11:54:05 -0600 (CST) Subject: Re: preferred jail management tool From: "Valeri Galtsev" To: "Dirk Engling" Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: jail@freebsd.org, "Michael W. Lucas" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 17:54:12 -0000 On Tue, January 27, 2015 11:17 am, Dirk Engling wrote: > On 27.01.15 14:41, Ernie Luzar wrote: > >> I hope the ezjail author takes this thread as incentive to keep his >> utility up to date and not let it die due to changing software in >> Freebsd >> base code. All I am doing is pointing out the facts here. > > I am reading the thread. And I have been following the discussion for a > long time. > > I have been served the jail.conf file format and offered my help > improving the jail(8) tool to allow for manipulation of the jail.conf, > because ezjail as a shell tool can not parse the format and keeping a > shadow config with potentially conflicting information is not a stable > way to maintain ones config > > A short summary is here: > > https://elektropost.org/ezjail/msg00149.html > > I also heard rumors that the jail.conf format is an intermediate format > only, and/or there's gonna be a library to parse and manipulate all kind > of structured config in FreeBSD. > > So I'd be very interested in keeping up with the base system's > development, but regarding jail configs it looks like I'm stuck with the > "use your vi to configure your jails" approach for 3 years now. I for one would prefer this ("use vi to edit config files" which are plain human readable ASCII text). And I will be extremely displeased if config files become XML or any other format designed for fancy GUI presentation of plain information. And if I'm forced to use these GUI tools. This basically what happened in Linux recently with systemd forced down the throats of people. This caused new wave of refugees from Linux to other systems FreeBSD being one of them. (I myself am a refugee from Linux: some 5 or 6 years ago I started migrating most important servers to FreeBSD, workstations in our Department stay Linux though...) Just my $0.02 Valeri > > Is there anyone feeling responsible for the jail(8) tool at the moment > willing to accept patches and discuss development? > > erdgeist > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 18:06:18 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CFFD2614 for ; Tue, 27 Jan 2015 18:06:18 +0000 (UTC) Received: from elektropost.org (elektropost.org [217.115.13.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 348C9EDE for ; Tue, 27 Jan 2015 18:06:17 +0000 (UTC) Received: (qmail 87325 invoked from network); 27 Jan 2015 18:06:14 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 27 Jan 2015 18:06:14 -0000 Message-ID: <54C7D371.9010609@erdgeist.org> Date: Tue, 27 Jan 2015 19:05:37 +0100 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: galtsev@kicp.uchicago.edu Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> In-Reply-To: <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Cc: jail@freebsd.org, "Michael W. Lucas" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 18:06:18 -0000 On 27.01.15 18:54, Valeri Galtsev wrote: > I for one would prefer this ("use vi to edit config files" which are plain > human readable ASCII text). And I will be extremely displeased if config > files become XML or any other format designed for fancy GUI presentation > of plain information. And if I'm forced to use these GUI tools. This > basically what happened in Linux recently with systemd forced down the > throats of people. This caused new wave of refugees from Linux to other > systems FreeBSD being one of them. (I myself am a refugee from Linux: some > 5 or 6 years ago I started migrating most important servers to FreeBSD, > workstations in our Department stay Linux though...) Did you take a look into the jail.conf format, recently? The mess you describe is exactly what we're stuck with, now. A structured file format you're supposed to edit with vi (and not mess up the structure) due to the lack of proper shell tools to manipulate it with. With the old approach "each jail config is contained in its own jail_JAILNAME_* variable name space", we could at least distribute config in different files and declare some of them being in another realm, like ezjail did. You could edit them by hand and more or less efficiently manipulate them in a tool. erdgeist From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 18:28:14 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4AFE6AAE for ; Tue, 27 Jan 2015 18:28:14 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id 079611CD for ; Tue, 27 Jan 2015 18:28:13 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 839A9CB8C9C; Tue, 27 Jan 2015 12:28:13 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Tue, 27 Jan 2015 12:28:13 -0600 (CST) Message-ID: <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> In-Reply-To: <54C7D371.9010609@erdgeist.org> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> Date: Tue, 27 Jan 2015 12:28:13 -0600 (CST) Subject: Re: preferred jail management tool From: "Valeri Galtsev" To: "Dirk Engling" Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: jail@freebsd.org, "Michael W. Lucas" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 18:28:14 -0000 On Tue, January 27, 2015 12:05 pm, Dirk Engling wrote: > On 27.01.15 18:54, Valeri Galtsev wrote: > > >> I for one would prefer this ("use vi to edit config files" which are >> plain >> human readable ASCII text). And I will be extremely displeased if config >> files become XML or any other format designed for fancy GUI presentation >> of plain information. And if I'm forced to use these GUI tools. This >> basically what happened in Linux recently with systemd forced down the >> throats of people. This caused new wave of refugees from Linux to other >> systems FreeBSD being one of them. (I myself am a refugee from Linux: >> some >> 5 or 6 years ago I started migrating most important servers to FreeBSD, >> workstations in our Department stay Linux though...) > > Did you take a look into the jail.conf format, recently? The mess you > describe is exactly what we're stuck with, now. A structured file format > you're supposed to edit with vi (and not mess up the structure) due to > the lack of proper shell tools to manipulate it with. > > With the old approach "each jail config is contained in its own > jail_JAILNAME_* variable name space", we could at least distribute > config in different files and declare some of them being in another > realm, like ezjail did. > You could edit them by hand and more or less > efficiently manipulate them in a tool. > The last is exactly what hardly anybody will object. I must confess all my jails are still on FreeBSD 9.3, configuration is in /etc/rc.conf (jails set up without using special tools or scripts, just by following FreeBSD excellent handbook - "by the book" ;-) I just took a quick look into man jail.conf. All still is plain ASCII text; different syntax, but it doesn't call for any complaint in me. What I described (systemd has many controversy sides, I mentioned only format of config file) is different: imagine rc.conf or jail.conf all wrapped into XML tags inside, which is pure junk obscuring everything, and serving mere purpose of GUI tool nicely presenting that information. THAT is a mess! jail.conf, though different in syntax from what I have in /etc/rc.conf, is still OK for me. I just got scared by someone saying what sounded to me like: I want GUI config tool, I don't want to edit with vi (or any plain text editor) plain text config file. Next step will be config file is not human readable. Which scared me to death, so I decided to speak up. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 20:01:42 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5F46CACA for ; Tue, 27 Jan 2015 20:01:42 +0000 (UTC) Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DA4DEF95 for ; Tue, 27 Jan 2015 20:01:41 +0000 (UTC) Received: by mail-la0-f52.google.com with SMTP id ge10so15294386lab.11 for ; Tue, 27 Jan 2015 12:01:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=UVNes/R0qlRZ4pYvG2yUeAJJMxEkjVJ2Jtb9klYRauM=; b=wlAJhsa1npIjE5gTf0qmfwTB9z99DkhMbwmDKpUoEGZ/Khrle96E7xq0U0YHvvJU+z g/Jn4bs/Yi6C2c72TJMhQiF+RWXHIxCbdKrTJgybumLmq+HuezAn9BW8FLzvgJzkQOCQ 4aUytkP30NQ4nkbgmBe2KNEl0JTPcPBsij1dRZiQO/mIM+OrwdyVCnRrqUkTgF/+5S2q v/4XVyqH/VBIJFiBU/BjTLTzeqeAJjEI/g1RqLHsGP8aGbRkHWJ3h3WhT52+5/O/hoRh w1PRXl18oH0LL8LjGk8DJSDW7qpZ3P5FHjm0ki5QNC0JRZDpF6fVrkwa5B+jrIDc4wvf fAcw== MIME-Version: 1.0 X-Received: by 10.152.43.103 with SMTP id v7mr3870343lal.29.1422388899929; Tue, 27 Jan 2015 12:01:39 -0800 (PST) Received: by 10.25.16.220 with HTTP; Tue, 27 Jan 2015 12:01:39 -0800 (PST) In-Reply-To: <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> Date: Wed, 28 Jan 2015 09:01:39 +1300 Message-ID: Subject: Re: preferred jail management tool From: Peter Toth To: jail@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 20:01:42 -0000 A good start could be to leverage something like sysrc(8) for jail configuration (as someone already suggested). Also, nothing enforces the explicit use of jail.conf or reliance on it (it is just another way to set up jails). The most important part is jail(8) and properties can be passed to jail(8) very easily. This is the very reason I stopped relying on any rc.d/jai or jail.conf for iocage. It is much easier/simpler to add/modify features when dealing with jail(8) directly. On Wed, Jan 28, 2015 at 7:28 AM, Valeri Galtsev wrote: > > On Tue, January 27, 2015 12:05 pm, Dirk Engling wrote: > > On 27.01.15 18:54, Valeri Galtsev wrote: > > > > > >> I for one would prefer this ("use vi to edit config files" which are > >> plain > >> human readable ASCII text). And I will be extremely displeased if config > >> files become XML or any other format designed for fancy GUI presentation > >> of plain information. And if I'm forced to use these GUI tools. This > >> basically what happened in Linux recently with systemd forced down the > >> throats of people. This caused new wave of refugees from Linux to other > >> systems FreeBSD being one of them. (I myself am a refugee from Linux: > >> some > >> 5 or 6 years ago I started migrating most important servers to FreeBSD, > >> workstations in our Department stay Linux though...) > > > > Did you take a look into the jail.conf format, recently? The mess you > > describe is exactly what we're stuck with, now. A structured file format > > you're supposed to edit with vi (and not mess up the structure) due to > > the lack of proper shell tools to manipulate it with. > > > > With the old approach "each jail config is contained in its own > > jail_JAILNAME_* variable name space", we could at least distribute > > config in different files and declare some of them being in another > > realm, like ezjail did. > > > You could edit them by hand and more or less > > efficiently manipulate them in a tool. > > > > The last is exactly what hardly anybody will object. > > I must confess all my jails are still on FreeBSD 9.3, configuration is in > /etc/rc.conf (jails set up without using special tools or scripts, just by > following FreeBSD excellent handbook - "by the book" ;-) I just took a > quick look into man jail.conf. All still is plain ASCII text; different > syntax, but it doesn't call for any complaint in me. What I described > (systemd has many controversy sides, I mentioned only format of config > file) is different: imagine rc.conf or jail.conf all wrapped into XML tags > inside, which is pure junk obscuring everything, and serving mere purpose > of GUI tool nicely presenting that information. THAT is a mess! jail.conf, > though different in syntax from what I have in /etc/rc.conf, is still OK > for me. I just got scared by someone saying what sounded to me like: I > want GUI config tool, I don't want to edit with vi (or any plain text > editor) plain text config file. Next step will be config file is not human > readable. Which scared me to death, so I decided to speak up. > > Valeri > > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 20:12:09 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BD1B7E62 for ; Tue, 27 Jan 2015 20:12:09 +0000 (UTC) Received: from elektropost.org (elektropost.org [217.115.13.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 05A56210 for ; Tue, 27 Jan 2015 20:12:08 +0000 (UTC) Received: (qmail 32031 invoked from network); 27 Jan 2015 20:12:04 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 27 Jan 2015 20:12:04 -0000 Message-ID: <54C7F109.2040405@erdgeist.org> Date: Tue, 27 Jan 2015 21:11:53 +0100 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Peter Toth , jail@freebsd.org Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 20:12:09 -0000 On 27.01.15 21:01, Peter Toth wrote: > The most important part is jail(8) and properties can be passed to jail(8) > very easily. > > This is the very reason I stopped relying on any rc.d/jai or jail.conf for > iocage. It is much easier/simpler to add/modify features when dealing with > jail(8) directly. This means that you need to keep your config in yet another place. I think it's much nicer to point a user to a defined location where he would find everything that magically creates those jail containers at system startup. I think that rc.d/jail and its config should provide all the means necessary to describe the state of the system's jails after booting up. If it doesn't, the tool is useless. Could you please explain what features are missing in jail.conf for you to not use it? Maybe we can layout a path to a better config abstraction. erdgeist From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 20:36:28 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0DD8F917 for ; Tue, 27 Jan 2015 20:36:28 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id D9F7D75D for ; Tue, 27 Jan 2015 20:36:27 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 4D98BCB8C9D; Tue, 27 Jan 2015 14:36:26 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Tue, 27 Jan 2015 14:36:26 -0600 (CST) Message-ID: <61100.128.135.70.2.1422390986.squirrel@cosmo.uchicago.edu> In-Reply-To: <54C7F109.2040405@erdgeist.org> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> Date: Tue, 27 Jan 2015 14:36:26 -0600 (CST) Subject: Re: preferred jail management tool From: "Valeri Galtsev" To: "Dirk Engling" Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 20:36:28 -0000 On Tue, January 27, 2015 2:11 pm, Dirk Engling wrote: > On 27.01.15 21:01, Peter Toth wrote: > >> The most important part is jail(8) and properties can be passed to >> jail(8) >> very easily. >> >> This is the very reason I stopped relying on any rc.d/jai or jail.conf >> for >> iocage. It is much easier/simpler to add/modify features when dealing >> with >> jail(8) directly. > > This means that you need to keep your config in yet another place. I > think it's much nicer to point a user to a defined location where he > would find everything that magically creates those jail containers at > system startup. > > I think that rc.d/jail and its config should provide all the means > necessary to describe the state of the system's jails after booting up. > If it doesn't, the tool is useless. Could you please explain what > features are missing in jail.conf for you to not use it? Maybe we can > layout a path to a better config abstraction. > Now I feel ultimately confused. I [still] have all my jail configurations in /etc/rc.conf, and I can start or stop one of the jails by /etc/rc.d/jail [start|stop] jailname If I switch all configurations to /etc/jail.conf, will the same commands work for starting/stopping jails? Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 20:38:01 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B6451A29 for ; Tue, 27 Jan 2015 20:38:01 +0000 (UTC) Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 30910770 for ; Tue, 27 Jan 2015 20:38:01 +0000 (UTC) Received: by mail-la0-f49.google.com with SMTP id gf13so15361181lab.8 for ; Tue, 27 Jan 2015 12:37:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vvlnx/Jmtd4V1C/fdcdSapW0iDMwhhH0CxcXZbxfe+M=; b=zXlBDKaSs5ETFn2m16c5iTB355W555znH8IIC/iPQtupe2LLgKwBd88iteRaHU4gKW hIOo491FsgCBDqx55w8YMjCZgvbbAr5rCPG7V25AE559B11vw99guuEY4CihAw0UCGtf xA4CMRObuH/mjeBWxv4mBn2898IsYXpE3uUnbl6IMuhVmHCjnxCwOEKEj17tXyJA6SdK JPHkQ9TohHqbQPoKAwzD7SR1CP1xWDwTU8JtvCj6eTsiTXKyiRhf41J2z8pC6tWJvu77 WzyFWjL90xzt42sc2BGkHytadaMN04uR+zdMSw6d7oL76Xwmo3YEv8XffPN6sfvKzoBh EFRg== MIME-Version: 1.0 X-Received: by 10.152.4.8 with SMTP id g8mr4019247lag.58.1422391079230; Tue, 27 Jan 2015 12:37:59 -0800 (PST) Received: by 10.25.16.220 with HTTP; Tue, 27 Jan 2015 12:37:59 -0800 (PST) In-Reply-To: <54C7F109.2040405@erdgeist.org> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> Date: Wed, 28 Jan 2015 09:37:59 +1300 Message-ID: Subject: Re: preferred jail management tool From: Peter Toth To: Dirk Engling Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 20:38:01 -0000 What I was missing the most was a simple out of the box experience with safe defaults for the end user with the ability to change properties in an atomic fashion. Also, jail(8) or jail.conf is by no means a comprehensive tool for managing all jail aspects. A lot of new technologies emerged/matured in FreeBSD in the recent years, we have resource containers (rctl), ZFS, VIMAGE/VNET, cpuset - just to name a few. These are a blessing when it comes to managing/using jails. These (awesome) technologies really set FreeBSD apart from other Unix like operating systems - yet no integration points existed for jails. So to answer the question again, jail.conf or the standard rc.d/jail felt too limiting with a lot of these features simply missing. On Wed, Jan 28, 2015 at 9:11 AM, Dirk Engling wrote: > On 27.01.15 21:01, Peter Toth wrote: > > > The most important part is jail(8) and properties can be passed to > jail(8) > > very easily. > > > > This is the very reason I stopped relying on any rc.d/jai or jail.conf > for > > iocage. It is much easier/simpler to add/modify features when dealing > with > > jail(8) directly. > > This means that you need to keep your config in yet another place. I > think it's much nicer to point a user to a defined location where he > would find everything that magically creates those jail containers at > system startup. > > I think that rc.d/jail and its config should provide all the means > necessary to describe the state of the system's jails after booting up. > If it doesn't, the tool is useless. Could you please explain what > features are missing in jail.conf for you to not use it? Maybe we can > layout a path to a better config abstraction. > > erdgeist > From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 20:38:47 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 23643A60 for ; Tue, 27 Jan 2015 20:38:47 +0000 (UTC) Received: from elektropost.org (elektropost.org [217.115.13.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5EFA7777 for ; Tue, 27 Jan 2015 20:38:45 +0000 (UTC) Received: (qmail 40729 invoked from network); 27 Jan 2015 20:38:44 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 27 Jan 2015 20:38:43 -0000 Message-ID: <54C7F74C.7040302@erdgeist.org> Date: Tue, 27 Jan 2015 21:38:36 +0100 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: galtsev@kicp.uchicago.edu Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> <61100.128.135.70.2.1422390986.squirrel@cosmo.uchicago.edu> In-Reply-To: <61100.128.135.70.2.1422390986.squirrel@cosmo.uchicago.edu> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 20:38:47 -0000 On 27.01.15 21:36, Valeri Galtsev wrote: > Now I feel ultimately confused. I [still] have all my jail configurations > in /etc/rc.conf, and I can start or stop one of the jails by > > /etc/rc.d/jail [start|stop] jailname > > If I switch all configurations to /etc/jail.conf, will the same commands > work for starting/stopping jails? Yes, using per-jail-variables in your rc.conf has been deprecated but will still work in 10. If you migrate to jail.conf, everything will be working as you expect. erdgeist From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 20:45:37 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AEC54E5C for ; Tue, 27 Jan 2015 20:45:37 +0000 (UTC) Received: from elektropost.org (elektropost.org [217.115.13.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EAE2D86C for ; Tue, 27 Jan 2015 20:45:36 +0000 (UTC) Received: (qmail 44173 invoked from network); 27 Jan 2015 20:45:34 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 27 Jan 2015 20:45:34 -0000 Message-ID: <54C7F8ED.2020205@erdgeist.org> Date: Tue, 27 Jan 2015 21:45:33 +0100 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Peter Toth Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 20:45:37 -0000 On 27.01.15 21:37, Peter Toth wrote: > So to answer the question again, jail.conf or the standard rc.d/jail > felt too limiting with a lot of these features simply missing. I completely agree, yet I think that it should not be up to third party tools to implement those features independently and – in worst case – against the inventors intentions. That's why I tried to map everything possible to what's there in rc.d/jail in ezjail. Laying out everything that needs to go into a proper jail config container should be done here on the list and then implemented either in a format that jail(8) can consume and that other tools can reliably modify. erdgeist From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 21:01:48 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3F5DC44B for ; Tue, 27 Jan 2015 21:01:48 +0000 (UTC) Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AD0A7A5C for ; Tue, 27 Jan 2015 21:01:47 +0000 (UTC) Received: by mail-lb0-f178.google.com with SMTP id u10so15282866lbd.9 for ; Tue, 27 Jan 2015 13:01:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=bK8MFzVx7Muzi0sC5FQGEIECsYZzQsTH1sNrxMPjLDA=; b=1GzOZd3x6IjnT/mpRNYUBJ0H0PaR6TFr+D/na3+BtTNVilXDYYNSPI2F5XUmHWwkpI Al0DjTf8KGJDeBVlgiCbdv83UxnuP2BUC2XB8U/kLAIRwyrksJ9aq814ljN3+LCd22Rg MirV8OnX1K5EreEtkb7Afg/Fza11/aIuhUCFC7Cbihy9X1sgGo021M8kZyviK+VEmwox BlUxfmMpNi2pGjTzRWRcYr9yE716Lb6mEwMJdKfwPEL7WIF5NmbgUfQ1eEJ5PToJ162f 102ySYZWC2NcFY0tc4SkvSct9kPZ6X4S/og6S+OZ/4x1aonN/Uvls8z3g+38TNg5hu+m ZZJw== MIME-Version: 1.0 X-Received: by 10.112.12.65 with SMTP id w1mr4138135lbb.68.1422392505844; Tue, 27 Jan 2015 13:01:45 -0800 (PST) Received: by 10.25.16.220 with HTTP; Tue, 27 Jan 2015 13:01:45 -0800 (PST) In-Reply-To: <54C7F8ED.2020205@erdgeist.org> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> <54C7F8ED.2020205@erdgeist.org> Date: Wed, 28 Jan 2015 10:01:45 +1300 Message-ID: Subject: Re: preferred jail management tool From: Peter Toth To: Dirk Engling Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 21:01:48 -0000 Dirk, I agree with most of that - but in many cases it comes down to simple things like: "the right tool for the right job". In my case there was a need to solve these issues with jails - relatively quickly - so I just decided to do it, instead of "wasting" time (unfortunately my life is very busy). I am not saying there are no better ways to tackle this in the community, I just needed a solution and decided to put it on Github to share it. Peter On Wed, Jan 28, 2015 at 9:45 AM, Dirk Engling wrote= : > On 27.01.15 21:37, Peter Toth wrote: > > > So to answer the question again, jail.conf or the standard rc.d/jail > > felt too limiting with a lot of these features simply missing. > > I completely agree, yet I think that it should not be up to third party > tools to implement those features independently and =E2=80=93 in worst ca= se =E2=80=93 > against the inventors intentions. That's why I tried to map everything > possible to what's there in rc.d/jail in ezjail. > > Laying out everything that needs to go into a proper jail config > container should be done here on the list and then implemented either in > a format that jail(8) can consume and that other tools can reliably modif= y. > > erdgeist > From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 21:12:18 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5897CA5A for ; Tue, 27 Jan 2015 21:12:18 +0000 (UTC) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0B947BBD for ; Tue, 27 Jan 2015 21:12:17 +0000 (UTC) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 7DF952842B; Tue, 27 Jan 2015 22:12:14 +0100 (CET) Received: from illbsd.quip.test (ip-89-177-50-74.net.upcbroadband.cz [89.177.50.74]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id BD81B28429; Tue, 27 Jan 2015 22:12:13 +0100 (CET) Message-ID: <54C7FF2D.2070802@quip.cz> Date: Tue, 27 Jan 2015 22:12:13 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:33.0) Gecko/20100101 Firefox/33.0 SeaMonkey/2.30 MIME-Version: 1.0 To: Peter Toth , Dirk Engling Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 21:12:18 -0000 Peter Toth wrote on 01/27/2015 21:37: [...] > A lot of new technologies emerged/matured in FreeBSD in the recent years, > we have resource containers (rctl), ZFS, VIMAGE/VNET, cpuset - just to name > a few. > These are a blessing when it comes to managing/using jails. > These (awesome) technologies really set FreeBSD apart from other Unix like > operating systems - yet no integration points existed for jails. Yes. Sometimes I have a feeling that jails or some other features are unwanted children. I had PR opened for years with patche to rc.d/jail or etc/rc.subr to incorporate nice, or cpuset. And it never found it's way to the tree. In the time of my maintaining of Jails wiki page I tried to convince developers to write about their work in progress publicly in this list. But it never happend. It was almost everytime "quite hidden work and then commit". As a result we have many features in the base system, but no way to use them all together just with base startup scripts and tools. That's why we need 3rd party tools like iocage, cbsd, ezjail etc. to fix this gap. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 21:21:41 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 161A8D4E for ; Tue, 27 Jan 2015 21:21:41 +0000 (UTC) Received: from elektropost.org (elektropost.org [217.115.13.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5222AC40 for ; Tue, 27 Jan 2015 21:21:39 +0000 (UTC) Received: (qmail 56738 invoked from network); 27 Jan 2015 21:21:37 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 27 Jan 2015 21:21:37 -0000 Message-ID: <54C80145.3070201@erdgeist.org> Date: Tue, 27 Jan 2015 22:21:09 +0100 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Miroslav Lachman <000.fbsd@quip.cz>, Peter Toth Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> <54C7FF2D.2070802@quip.cz> In-Reply-To: <54C7FF2D.2070802@quip.cz> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 21:21:41 -0000 On 27.01.15 22:12, Miroslav Lachman wrote: > Yes. Sometimes I have a feeling that jails or some other features are > unwanted children. I had PR opened for years with patche to rc.d/jail or > etc/rc.subr to incorporate nice, or cpuset. And it never found it's way > to the tree. How's that possible? I felt similarly frustrated when I went to 2013's BSDCan trying to talk to the "jaily people" and noone was around. Jamie couldn't attend but said that he's busy with other stuff and couldn't commit time to jail development. Which, of course, is fine. It leaves a void, though. What good are features that are neither documented nor exposed to the users? How do we move on from here and get config and docs synchronized and where can I get a big picture of what's the big plan for the future? erdgeist From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 21:42:26 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D4CFE75E for ; Tue, 27 Jan 2015 21:42:26 +0000 (UTC) Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D919EFF for ; Tue, 27 Jan 2015 21:42:26 +0000 (UTC) Received: by mail-la0-f42.google.com with SMTP id ms9so15718208lab.1 for ; Tue, 27 Jan 2015 13:42:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=2SFkFBTeRB837qs91hk0M9mAovl2NKwzIXsp18TUOhA=; b=nZsaslx9Jb+4s8RnVWZhr0bmy58SMI27G0gvlttiI07tW2hsyajZvNCpYt52rtaBam CYeab9jj912RLBiTWSWqFJ9vfbjmrgxCFe3NitLO4/5tWkZ+X9BvvycTStnJGcDtc4B9 cGr7lM9SE53RVm/IGR4h6HPqCWl1Hb98ebimwdSloWLtYBIdLCmhX4/xZBZ02cb1s6S+ sXMYra9dL56IOCiuD2fPpl24I/+GW/GbPByap2gbGzikSNegZtSbbup2Dfqp26SbLwwM Lqpro2jtQP+mJvvqoK1H/du2AgIQSHqS6YNPtDB2O554KRLkSqCsHw1U+GGqBWVRTq+t j4SQ== MIME-Version: 1.0 X-Received: by 10.152.182.235 with SMTP id eh11mr3642672lac.9.1422394944372; Tue, 27 Jan 2015 13:42:24 -0800 (PST) Received: by 10.25.16.220 with HTTP; Tue, 27 Jan 2015 13:42:24 -0800 (PST) In-Reply-To: <54C80145.3070201@erdgeist.org> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> <54C7FF2D.2070802@quip.cz> <54C80145.3070201@erdgeist.org> Date: Wed, 28 Jan 2015 10:42:24 +1300 Message-ID: Subject: Re: preferred jail management tool From: Peter Toth To: Dirk Engling , Michael Lucas Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 21:42:26 -0000 I think Michael didn't really know that he opened Pandora's box by starting this thread! These discussions are long overdue - especially nowadays, when containers are hyped all over the world. On Wed, Jan 28, 2015 at 10:21 AM, Dirk Engling wrote: > On 27.01.15 22:12, Miroslav Lachman wrote: > > > Yes. Sometimes I have a feeling that jails or some other features are > > unwanted children. I had PR opened for years with patche to rc.d/jail or > > etc/rc.subr to incorporate nice, or cpuset. And it never found it's way > > to the tree. > > How's that possible? > > I felt similarly frustrated when I went to 2013's BSDCan trying to talk > to the "jaily people" and noone was around. Jamie couldn't attend but > said that he's busy with other stuff and couldn't commit time to jail > development. Which, of course, is fine. It leaves a void, though. > > What good are features that are neither documented nor exposed to the > users? How do we move on from here and get config and docs synchronized > and where can I get a big picture of what's the big plan for the future? > > erdgeist > From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 21:43:55 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9AAC77A3 for ; Tue, 27 Jan 2015 21:43:55 +0000 (UTC) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4B2B5F0C for ; Tue, 27 Jan 2015 21:43:54 +0000 (UTC) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id B043628423; Tue, 27 Jan 2015 22:43:52 +0100 (CET) Received: from illbsd.quip.test (ip-89-177-50-74.net.upcbroadband.cz [89.177.50.74]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id EAB6D28428; Tue, 27 Jan 2015 22:43:51 +0100 (CET) Message-ID: <54C80697.5070204@quip.cz> Date: Tue, 27 Jan 2015 22:43:51 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:33.0) Gecko/20100101 Firefox/33.0 SeaMonkey/2.30 MIME-Version: 1.0 To: Dirk Engling , Peter Toth Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> <54C7FF2D.2070802@quip.cz> <54C80145.3070201@erdgeist.org> In-Reply-To: <54C80145.3070201@erdgeist.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 21:43:55 -0000 Dirk Engling wrote on 01/27/2015 22:21: > On 27.01.15 22:12, Miroslav Lachman wrote: > >> Yes. Sometimes I have a feeling that jails or some other features are >> unwanted children. I had PR opened for years with patche to rc.d/jail or >> etc/rc.subr to incorporate nice, or cpuset. And it never found it's way >> to the tree. > > How's that possible? > > I felt similarly frustrated when I went to 2013's BSDCan trying to talk > to the "jaily people" and noone was around. Jamie couldn't attend but > said that he's busy with other stuff and couldn't commit time to jail > development. Which, of course, is fine. It leaves a void, though. > > What good are features that are neither documented nor exposed to the > users? How do we move on from here and get config and docs synchronized > and where can I get a big picture of what's the big plan for the future? I don't know if it is because "FreeBSD has insufficient man power" to fulfill all related tasks. I just think this is the root cause why we still have "simple jails" while Linux folks pushed their train hard and now are far away with many "jail like" containers solutions allowing projects like Docker to happened. And this is sad. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 21:54:01 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BF89A8D3 for ; Tue, 27 Jan 2015 21:54:01 +0000 (UTC) Received: from mail.michaelwlucas.com (mail.michaelwlucas.com [108.61.84.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7A5B7FF2 for ; Tue, 27 Jan 2015 21:54:01 +0000 (UTC) Received: from mail.michaelwlucas.com (localhost [127.0.0.1]) by mail.michaelwlucas.com (8.14.7/8.14.7) with ESMTP id t0RLrsWJ066072 for ; Tue, 27 Jan 2015 16:53:54 -0500 (EST) (envelope-from mwlucas@mail.michaelwlucas.com) Received: (from mwlucas@localhost) by mail.michaelwlucas.com (8.14.7/8.14.7/Submit) id t0RLrrG6066071 for jail@freebsd.org; Tue, 27 Jan 2015 16:53:53 -0500 (EST) (envelope-from mwlucas) Date: Tue, 27 Jan 2015 16:53:53 -0500 From: "Michael W. Lucas" To: jail@freebsd.org Subject: Re: preferred jail management tool Message-ID: <20150127215353.GA66054@mail.michaelwlucas.com> References: <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> <54C7FF2D.2070802@quip.cz> <54C80145.3070201@erdgeist.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.michaelwlucas.com X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mail.michaelwlucas.com [127.0.0.1]); Tue, 27 Jan 2015 16:53:54 -0500 (EST) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 21:54:01 -0000 On Wed, Jan 28, 2015 at 10:42:24AM +1300, Peter Toth wrote: > I think Michael didn't really know that he opened Pandora's box by > starting this thread! I keep popcorn on hand for when this happens. Seriously, it's all good discussion and will help inform the book. Me picking one or two tools is not anything against other tools, it's just that I can't cover everything. ==ml -- Michael W. Lucas - mwlucas@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 22:02:09 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 64907B50 for ; Tue, 27 Jan 2015 22:02:09 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 23863179 for ; Tue, 27 Jan 2015 22:02:08 +0000 (UTC) Received: from [192.168.1.2] (Seawolf.HML3.ScaleEngine.net [209.51.186.28]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 571DC9022A for ; Tue, 27 Jan 2015 22:02:07 +0000 (UTC) Message-ID: <54C80ADF.8010802@freebsd.org> Date: Tue, 27 Jan 2015 17:02:07 -0500 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> In-Reply-To: <54C7C828.4070703@erdgeist.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gkvxhhmfBeUGtd4GCeIJaQAFNULB6cqPp" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 22:02:09 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --gkvxhhmfBeUGtd4GCeIJaQAFNULB6cqPp Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015-01-27 12:17, Dirk Engling wrote: > On 27.01.15 14:41, Ernie Luzar wrote: >=20 >> I hope the ezjail author takes this thread as incentive to keep his >> utility up to date and not let it die due to changing software in Free= bsd >> base code. All I am doing is pointing out the facts here. >=20 > I am reading the thread. And I have been following the discussion for a= > long time. >=20 > I have been served the jail.conf file format and offered my help > improving the jail(8) tool to allow for manipulation of the jail.conf, > because ezjail as a shell tool can not parse the format and keeping a > shadow config with potentially conflicting information is not a stable > way to maintain ones config >=20 > A short summary is here: >=20 > https://elektropost.org/ezjail/msg00149.html >=20 > I also heard rumors that the jail.conf format is an intermediate format= > only, and/or there's gonna be a library to parse and manipulate all kin= d > of structured config in FreeBSD. >=20 > So I'd be very interested in keeping up with the base system's > development, but regarding jail configs it looks like I'm stuck with th= e > "use your vi to configure your jails" approach for 3 years now. >=20 > Is there anyone feeling responsible for the jail(8) tool at the moment > willing to accept patches and discuss development? >=20 > erdgeist > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 Jail.conf is one of the targets for my command line tool to interface with libUCL (the library for parsing and manipulating structured configs, already used by pkg). The jail.conf format will likely need to be tweaked a bit to make it compatible. My main reason for wanting to do this, is that the current jail.conf can not easily be programmatically edited by tools like puppet. That is why I use ezjail, in addition to its existing interface, its rc.conf style means I can edit an ezjail config with the sysrc tool included in base. ezjail would not lose its value even if the base jail tools were very easy to use. EZJail has features, like the 'basejail', that the base tool is never going to have. Not everyone needs that feature, but I like = it. EZJail is not going away. --=20 Allan Jude --gkvxhhmfBeUGtd4GCeIJaQAFNULB6cqPp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUyAriAAoJEJrBFpNRJZKfqEUQAL/OVhqzAv03nX5ngrl1PEcO vGDSl2y6zvD0USdGtUqtbF5nJuKsQ7Iw0LK5giY3uFiJeD/528Tgt8zgPVJurgCB eJ6GYHuerSmuuaBGz1rXwO2GCjs3UNa0C/FnqNf0tlw2NCOP3jr6UGBlCZTjG465 TholjOh4dBsnCphhlRdmqrQncOq0IfbpLpy8fdRGH1EgSYA7GbjEckZTxf4Py+Kc jmb0rSKiuyyh7uzGkeVn2cugGREKFE3WW9UkwX4vZ5jWL7b8+aoZoPZ8RfnnBIX+ LtvJlHDB8s0lC7ipsako6sIJArD7XjVTBS6YFxtJVZMrlote1t7ZAiTh/3woFXrw ZPKhL/jSY8UfzMKV8GANZLtxuD9zte0ZB14I54Bb9C5r//40eyZZL+a3ng8PR3lY S3ffNj9YbHpYS1+fDC0Oy3Ftv3kwhu/YmLjRNt8zXi+/4ju2VKhocJeoA6pE+nF0 1EyMzEe1s6GpaAsSiLFyK3cW2Ao+4fvjBl6XkVnDDFmCmAnG5AsRYseRc7Vp0eg9 IclD0a277SH7lfO7HnjisRN/CMGWELcEIIG36UJc28dHLKQc8sFz7x/G8pSJJEGh +2U+9qoy7vJZfnMQZHy3gqGoXJ7jVjLnWtMnY+FuNRbKz+J3AGxKjuxXX0QznG7n sbFKW47aFYEVkDzWZ6VT =ABoY -----END PGP SIGNATURE----- --gkvxhhmfBeUGtd4GCeIJaQAFNULB6cqPp-- From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 22:05:46 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 04B51BE0 for ; Tue, 27 Jan 2015 22:05:46 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id B7A1419A for ; Tue, 27 Jan 2015 22:05:45 +0000 (UTC) Received: from [192.168.1.2] (Seawolf.HML3.ScaleEngine.net [209.51.186.28]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 842429023D for ; Tue, 27 Jan 2015 22:05:39 +0000 (UTC) Message-ID: <54C80BBB.50806@freebsd.org> Date: Tue, 27 Jan 2015 17:05:47 -0500 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: Future of jail(8) [WAS: preferred jail management tool] References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <1422379391.4042797.219588169.1818EA41@webmail.messagingengine.com> In-Reply-To: <1422379391.4042797.219588169.1818EA41@webmail.messagingengine.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XpQjUldiSsDVR6pF8TubuRWSKbhV4QRoe" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 22:05:46 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XpQjUldiSsDVR6pF8TubuRWSKbhV4QRoe Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015-01-27 12:23, Mark Felder wrote: >=20 >=20 > On Tue, Jan 27, 2015, at 11:17, Dirk Engling wrote: >> On 27.01.15 14:41, Ernie Luzar wrote: >> >>> I hope the ezjail author takes this thread as incentive to keep his >>> utility up to date and not let it die due to changing software in Fre= ebsd >>> base code. All I am doing is pointing out the facts here. >> >> I am reading the thread. And I have been following the discussion for = a >> long time. >> >> I have been served the jail.conf file format and offered my help >> improving the jail(8) tool to allow for manipulation of the jail.conf,= >> because ezjail as a shell tool can not parse the format and keeping a >> shadow config with potentially conflicting information is not a stable= >> way to maintain ones config >> >> A short summary is here: >> >> https://elektropost.org/ezjail/msg00149.html >> >> I also heard rumors that the jail.conf format is an intermediate forma= t >> only, and/or there's gonna be a library to parse and manipulate all ki= nd >> of structured config in FreeBSD. >> >> So I'd be very interested in keeping up with the base system's >> development, but regarding jail configs it looks like I'm stuck with t= he >> "use your vi to configure your jails" approach for 3 years now. >> >> Is there anyone feeling responsible for the jail(8) tool at the moment= >> willing to accept patches and discuss development? >> >=20 > This makes sense to be broken out into its own thread. And I agree -- > patches to jail(8) or a tool like sysrc(8) for editing jail.conf would > be a great way to allow third party tools to manage jail.conf cleanly > and effectively. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 I am working on such a tool, and hope to make it available via the ports tree after a few more tweaks. https://github.com/allanjude/uclcmd I have presented a little about the UCL config format at MeetBSD: http://www.slideshare.net/iXsystems/ucl-all-of-the-things-meetbsd-califor= nia-2014-lightning-talk And I am planning to present about my tool, and the ucl config format in general, at AsiaBSDCon and probably BSDCan (I submitted 2 topics). I have a prototype of newsyslog converted to a UCL based config file as well. The jail.conf file may need a little tweaking (UCL uses the dot delimiter differently, so the name or structure of some of the variables may need to change slightly) As with my change to newsyslog, the new config format will use a 'version sentinel' at the top of the file, if that is not present, the config file will be parsed with the legacy code. --=20 Allan Jude --XpQjUldiSsDVR6pF8TubuRWSKbhV4QRoe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUyAu7AAoJEJrBFpNRJZKfkYMQAKQlkvQKz12QDpMeF3/SKai8 q5G4pTnGeKEp4s6F0aNzN+EhkTnXrNwZvEF9OjtfMpGyGmQmzT/PJFReP4YY/Ukt ZLHBiK/AlSxZiOdv6kbwJF6tNGCV+Ctm2S3lbDhtuY9KHq9F0azyz3nvG2LTZcd/ YEpi7slMdtzMNNHjCbncTELaklN7oW8mO0qOCAfYfXQFTrQqzUT3ng7Jo2+89QJa gWWqSktF//npOvnUVKlQlCaZY2BAo4pQbqgheILG/apNfyE/06ue618xdDzJx6/F blPb86SuXFjxHpLvR/q7FXrafS+C66S8TA/X2VKJr3qw2YYd8sY7usdlEKfSV776 +DX7JhPAtRuDnZf9lSwZsbWxY9OKpdIhrKtZQ+J64gry9y50cQjJ/5ogTqr9vTzv nSc43TIl9GUFV3LZYkBY5t9l7i85dePlszuSZzJy7rJXzLb9EryUd39aVLmTB2Pp sHgj2XAyZmYi/RaVH0dHzI2uJnmRrGK8OkJ1SQglJYoSmKvMVgQTy+fHatyu4oxJ LSMOLcqhagUR+NYBDkgDMGEwCYf02R6FUVJI8DQxpMwyFwO/ck+i5xD053EvfnHN TXuZkkbD39VIrCcw6/WwKp1UCrK7XAgwyOFbKuRPaZUQt55e9f6r1VTeMW5/e8AL 9iA19UEP3rDe+0dWoj/v =kN+q -----END PGP SIGNATURE----- --XpQjUldiSsDVR6pF8TubuRWSKbhV4QRoe-- From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 22:12:08 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EBE5ED2B for ; Tue, 27 Jan 2015 22:12:07 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id BE1D4286 for ; Tue, 27 Jan 2015 22:12:06 +0000 (UTC) Received: from [192.168.1.2] (Seawolf.HML3.ScaleEngine.net [209.51.186.28]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 4276D9027B for ; Tue, 27 Jan 2015 22:12:01 +0000 (UTC) Message-ID: <54C80D3D.6050601@freebsd.org> Date: Tue, 27 Jan 2015 17:12:13 -0500 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> <54C7FF2D.2070802@quip.cz> <54C80145.3070201@erdgeist.org> In-Reply-To: <54C80145.3070201@erdgeist.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="NVdbsWXbMjj52RQnrBCf692pLjE3kSXMp" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 22:12:08 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NVdbsWXbMjj52RQnrBCf692pLjE3kSXMp Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015-01-27 16:21, Dirk Engling wrote: > On 27.01.15 22:12, Miroslav Lachman wrote: >=20 >> Yes. Sometimes I have a feeling that jails or some other features are >> unwanted children. I had PR opened for years with patche to rc.d/jail = or >> etc/rc.subr to incorporate nice, or cpuset. And it never found it's wa= y >> to the tree. >=20 > How's that possible? >=20 > I felt similarly frustrated when I went to 2013's BSDCan trying to talk= > to the "jaily people" and noone was around. Jamie couldn't attend but > said that he's busy with other stuff and couldn't commit time to jail > development. Which, of course, is fine. It leaves a void, though. >=20 > What good are features that are neither documented nor exposed to the > users? How do we move on from here and get config and docs synchronized= > and where can I get a big picture of what's the big plan for the future= ? >=20 > erdgeist > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 If there are problems with documentation, and you have corrections or suggested additions, I would be happy to help shepard those into the handbook or manpages --=20 Allan Jude --NVdbsWXbMjj52RQnrBCf692pLjE3kSXMp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUyA09AAoJEJrBFpNRJZKfcrkQAKQQmH4EFN/xbVeT2NwkwUHU IMh7nicUtYKOKykw9KB2NduQ0SpSvV5YqoQ0rD+Oww6I4F+qBA6oHwYbB8or9Dca dXal5nhIKCqvlNU4qD/Ov0bjJuXoRCSXambSmVhu8umGHwH5LhRAV2D+I5+1Q52h bxELQalWYI/YKEvAKA2VBxshH4R3ASkzZXf7RckZcInYR05E6iqthZkEonF9Whd/ wNp/j1lVeQMRKT2kZ+QID/Umd8iQZ0v0eW7MD5NUf2gcVDvUWDTid43yPM2JxGN5 tExvH4693yaKWMgf2+sYVWCeuANCyuVCQ3BaD1w0kyjnrtCphdHyVwPFxAoIJcbX PklYf0CGmfFkz2VM/s8BAnoZpuGbO+/OIAZQYIeYCzjvsUsAaLj2nmvqIR/Vbxbc KW7oE385qf3lUgTPr+gsfAyRPp2oJCHvsYkZ39HrkUUqr8/U8AQQesQe9HgDQSvA oIncTpqAoBAwi8cHm1m18kK+dVuQ15fhclW4xS/eS/tXgEEcSY0dc2qsTpqnp+i2 KE34YiF7KcPpd/bkUeUS9Cak3ml4ua8Xj6mxPPQrDmsgGXOIo+IE57RqpVgJQJqj 6GRDx0jtqLSJYLp48Zfede7PfpyRdWNu4+sSBh3Wt0tG/yKMKORM/uwk98VF5M+u 2p7U0w6d4GYeBdsgrIfk =KCXp -----END PGP SIGNATURE----- --NVdbsWXbMjj52RQnrBCf692pLjE3kSXMp-- From owner-freebsd-jail@FreeBSD.ORG Wed Jan 28 14:06:27 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 285FAB09 for ; Wed, 28 Jan 2015 14:06:27 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E929C883 for ; Wed, 28 Jan 2015 14:06:26 +0000 (UTC) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 97DF6207DA for ; Wed, 28 Jan 2015 09:06:25 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute6.internal (MEProxy); Wed, 28 Jan 2015 09:06:25 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:in-reply-to :references:subject:date; s=smtpout; bh=WONeNPuhmfyOkFE1AZi+ZOZH /DY=; b=E2MdGaM9FbyDJMJ/XbqcZBh3eyohe2f+RM3tGv1yaZDCyIfoZUCRLTHg EES8gFqNy7R2HQMCG9kCCik57yXgVryH/zbdgJcs9gCZHGaPo4O7uO1td3ubWnsa TFoK2+U6poJrqTDwjNfeJdzorzsUBbstyrJZKI47AFvz1BjcZ48= Received: by web3.nyi.internal (Postfix, from userid 99) id 6C0BD110E67; Wed, 28 Jan 2015 09:06:25 -0500 (EST) Message-Id: <1422453985.507433.219992653.382EEAD3@webmail.messagingengine.com> X-Sasl-Enc: wls+WUvn2efLcfqLuDqaZqTqk2+o6RYeUjxF/f+wbWeF 1422453985 From: Mark Felder To: freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-46f3f2c7 In-Reply-To: <54C80BBB.50806@freebsd.org> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <1422379391.4042797.219588169.1818EA41@webmail.messagingengine.com> <54C80BBB.50806@freebsd.org> Subject: Re: Future of jail(8) [WAS: preferred jail management tool] Date: Wed, 28 Jan 2015 08:06:25 -0600 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2015 14:06:27 -0000 On Tue, Jan 27, 2015, at 16:05, Allan Jude wrote: > On 2015-01-27 12:23, Mark Felder wrote: > > > > > > On Tue, Jan 27, 2015, at 11:17, Dirk Engling wrote: > >> On 27.01.15 14:41, Ernie Luzar wrote: > >> > >>> I hope the ezjail author takes this thread as incentive to keep his > >>> utility up to date and not let it die due to changing software in Freebsd > >>> base code. All I am doing is pointing out the facts here. > >> > >> I am reading the thread. And I have been following the discussion for a > >> long time. > >> > >> I have been served the jail.conf file format and offered my help > >> improving the jail(8) tool to allow for manipulation of the jail.conf, > >> because ezjail as a shell tool can not parse the format and keeping a > >> shadow config with potentially conflicting information is not a stable > >> way to maintain ones config > >> > >> A short summary is here: > >> > >> https://elektropost.org/ezjail/msg00149.html > >> > >> I also heard rumors that the jail.conf format is an intermediate format > >> only, and/or there's gonna be a library to parse and manipulate all kind > >> of structured config in FreeBSD. > >> > >> So I'd be very interested in keeping up with the base system's > >> development, but regarding jail configs it looks like I'm stuck with the > >> "use your vi to configure your jails" approach for 3 years now. > >> > >> Is there anyone feeling responsible for the jail(8) tool at the moment > >> willing to accept patches and discuss development? > >> > > > > This makes sense to be broken out into its own thread. And I agree -- > > patches to jail(8) or a tool like sysrc(8) for editing jail.conf would > > be a great way to allow third party tools to manage jail.conf cleanly > > and effectively. > > _______________________________________________ > > freebsd-jail@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > > > > I am working on such a tool, and hope to make it available via the ports > tree after a few more tweaks. > > https://github.com/allanjude/uclcmd > > I have presented a little about the UCL config format at MeetBSD: > http://www.slideshare.net/iXsystems/ucl-all-of-the-things-meetbsd-california-2014-lightning-talk > > And I am planning to present about my tool, and the ucl config format in > general, at AsiaBSDCon and probably BSDCan (I submitted 2 topics). > > I have a prototype of newsyslog converted to a UCL based config file as > well. > > The jail.conf file may need a little tweaking (UCL uses the dot > delimiter differently, so the name or structure of some of the variables > may need to change slightly) > > As with my change to newsyslog, the new config format will use a > 'version sentinel' at the top of the file, if that is not present, the > config file will be parsed with the legacy code. > Fantastic. Look forward to seeing your hard work in the tree! From owner-freebsd-jail@FreeBSD.ORG Wed Jan 28 15:47:57 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A9840E7E; Wed, 28 Jan 2015 15:47:57 +0000 (UTC) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5C9DB5FB; Wed, 28 Jan 2015 15:47:57 +0000 (UTC) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.14.9/8.14.9) with ESMTP id t0SFltMj017846 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 28 Jan 2015 08:47:55 -0700 (MST) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.14.9/8.14.9/Submit) with ESMTP id t0SFltMk017843; Wed, 28 Jan 2015 08:47:55 -0700 (MST) (envelope-from wblock@wonkity.com) Date: Wed, 28 Jan 2015 08:47:55 -0700 (MST) From: Warren Block To: Allan Jude Subject: Re: preferred jail management tool In-Reply-To: <54C71BC9.5010103@freebsd.org> Message-ID: References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C71BC9.5010103@freebsd.org> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Wed, 28 Jan 2015 08:47:55 -0700 (MST) Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2015 15:47:57 -0000 On Tue, 27 Jan 2015, Allan Jude wrote: > Ezjail still works perfectly fine. It is moderately actively maintained, > it works very well with ZFS. The value of having a single basejail, > rather than multiple is slightly diminished by the fact that we all have > more disk space than we used to, and the fact that ZFS could clone a > common dataset to save some space, but, when it comes time to upgrade > the common basejail is useful. The process can be a bit awkward at > times, but it generally works fine. The single basejail is ezjail's killer feature. Agreed, it's not so much a matter of disk space as of making it possible to upgrade all the jails at one pass. From owner-freebsd-jail@FreeBSD.ORG Wed Jan 28 16:12:13 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4F82056A for ; Wed, 28 Jan 2015 16:12:13 +0000 (UTC) Received: from frv189.fwdcdn.com (frv189.fwdcdn.com [212.42.77.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0C80B924 for ; Wed, 28 Jan 2015 16:12:12 +0000 (UTC) Received: from [10.10.1.28] (helo=frv196.fwdcdn.com) by frv189.fwdcdn.com with esmtp ID 1YGVDn-0005mm-Sq for freebsd-jail@freebsd.org; Wed, 28 Jan 2015 18:12:03 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-Id:Cc:To:Subject:From:Date; bh=20X/DoQ/VljByfsGjmywHGOhAIBiAbz7O8r3mE0x/WE=; b=mbp1KaW6LV4V3wPY9O9tgEaSXGOt4bRl+8TgVpZ5Z6sdj3E0xbGaWKda2wwDV+JHWO4Lx/zPxQXe2FQBMCeGTRHrTLidcAo0ah+HyikIA6+smKNZCNNaGi8dmAoiDUgCrdsHdQipcEGH38iabnl21GuIUUeORfU3NGmPAVI/zFc=; Received: from [10.10.10.34] (helo=frv34.fwdcdn.com) by frv196.fwdcdn.com with smtp ID 1YGVDg-000ABH-1n for freebsd-jail@freebsd.org; Wed, 28 Jan 2015 18:11:56 +0200 Date: Wed, 28 Jan 2015 18:11:55 +0200 From: wishmaster Subject: Re[2]: preferred jail management tool To: Warren Block X-Mailer: mail.ukr.net 5.0 Message-Id: <1422460591.608730864.q8oky1s8@frv34.fwdcdn.com> In-Reply-To: References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C71BC9.5010103@freebsd.org> MIME-Version: 1.0 Received: from artemrts@ukr.net by frv34.fwdcdn.com; Wed, 28 Jan 2015 18:11:55 +0200 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: binary Content-Disposition: inline Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2015 16:12:13 -0000 --- Original message --- From: "Warren Block" Date: 28 January 2015, 17:48:05 > On Tue, 27 Jan 2015, Allan Jude wrote: > > > Ezjail still works perfectly fine. It is moderately actively maintained, > > it works very well with ZFS. The value of having a single basejail, > > rather than multiple is slightly diminished by the fact that we all have > > more disk space than we used to, and the fact that ZFS could clone a > > common dataset to save some space, but, when it comes time to upgrade > > the common basejail is useful. The process can be a bit awkward at > > times, but it generally works fine. > > The single basejail is ezjail's killer feature. Agreed, it's not so > much a matter of disk space as of making it possible to upgrade all the > jails at one pass. Really? This is not killer feature, this something "imperfection" (sorry, Dirk. Without insults). And I was forced to migrate to own solution when defined it. Basejail must has not only base system's configs as well as all installed software needed in jails. So, I have 5 jails and only one installation of nginx/php, one installation of MySQL and so on. Just update basejail's software and restart services in all others jails. -- Vitaly From owner-freebsd-jail@FreeBSD.ORG Wed Jan 28 16:19:11 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3F54C70E for ; Wed, 28 Jan 2015 16:19:11 +0000 (UTC) Received: from elektropost.org (elektropost.org [217.115.13.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7EFF996A for ; Wed, 28 Jan 2015 16:19:09 +0000 (UTC) Received: (qmail 85695 invoked from network); 28 Jan 2015 16:19:06 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 28 Jan 2015 16:19:06 -0000 Message-ID: <54C90BF7.2050402@erdgeist.org> Date: Wed, 28 Jan 2015 17:19:03 +0100 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: wishmaster , Warren Block Subject: Re: preferred jail management tool References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C71BC9.5010103@freebsd.org> <1422460591.608730864.q8oky1s8@frv34.fwdcdn.com> In-Reply-To: <1422460591.608730864.q8oky1s8@frv34.fwdcdn.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2015 16:19:11 -0000 On 28.01.15 17:11, wishmaster wrote: > This is not killer feature, this something "imperfection" (sorry, > Dirk. Without insults). No offense taken. Everyone has their own requirements and we worked out that you are not the run-of-the-mill ezjail customer. Fine. No need to convince others that your use case is the only valid one, though. I still think that the FHS has defined a decent line for what in a FreeBSD installation is static shareable and can be provided read only to all jails. If you have actual users with their own requirements you want to contain in a jail, they DO expect a vanilla installation to do their stuff with. And this is what ezjail was built for originally. erdgeist From owner-freebsd-jail@FreeBSD.ORG Thu Jan 29 15:17:24 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6FC36F09; Thu, 29 Jan 2015 15:17:24 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E31F7917; Thu, 29 Jan 2015 15:17:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id t0TFHK4j039243; Fri, 30 Jan 2015 02:17:21 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 30 Jan 2015 02:17:20 +1100 (EST) From: Ian Smith To: Mark Felder Subject: Re: preferred jail management tool In-Reply-To: <1422286469.3182385.219013237.42043664@webmail.messagingengine.com> Message-ID: <20150130015830.D36378@sola.nimnet.asn.au> References: <20150123210026.GA45086@mail.michaelwlucas.com> <54C30BEC.3090102@gmail.com> <20150125013753.X33605@sola.nimnet.asn.au> <1422286469.3182385.219013237.42043664@webmail.messagingengine.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2015 15:17:24 -0000 On Mon, 26 Jan 2015 09:34:29 -0600, Mark Felder wrote: > On Sat, Jan 24, 2015, at 09:16, Ian Smith wrote: > > Excuse top-post, but the gmail header on this message was (surprisingly) > > insufficiently anonymised to disguise its origin: > > > > That could very well be Joe Barbish. It could also be someone in the > same city who uses FreeBSD and likes qjails. Either way, I'm not sure > how calling him out for advertising his own work adds any meaningful > value to this discussion. And even if he is pushing his product it's not > like he's misleading you about the current functional differences > between qjail and ezjail... Fair enough, you're a stickler for evidence; I'm one for probity, and tend to decry attempts to advance one's cause by belittlement of others, so yes, I wasn't referring to purely technical aspects. > I understand there is bad blood from the forking of ezjail and lack of > attribution (which I didn't care to involve myself in), but let's move > on. It will either stand on its own merits or it will go the way of the > dinosaurs... No point in making our community look so hostile. So I got a brickbat on-list and a surprise bouquet off-list, both from people I respect; also fair enough. But I won't cop that I was purporting to speak for the community. Like everybody else - short of official announcements, security advisories and the like - I speak only for myself, no such disclaimer required. > Thanks for your detailed review, Ernie. cheers, Ian