From owner-freebsd-jail@freebsd.org  Sun Dec 20 16:50:32 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B21BFA4E428;
 Sun, 20 Dec 2015 16:50:32 +0000 (UTC)
 (envelope-from trashcan@odo.in-berlin.de)
Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net
 [IPv6:2001:41d0:1008:bcb:1:1:0:1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 828FA143B;
 Sun, 20 Dec 2015 16:50:32 +0000 (UTC)
 (envelope-from trashcan@odo.in-berlin.de)
Received: from [IPv6:2003:45:4845:fc01:8d4a:3ac1:149c:b4b]
 (p200300454845FC018D4A3AC1149C0B4B.dip0.t-ipconnect.de
 [IPv6:2003:45:4845:fc01:8d4a:3ac1:149c:b4b])
 by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 3pNqg95rJ8zNw;
 Sun, 20 Dec 2015 17:50:29 +0100 (CET)
From: Michael Grimm <trashcan@odo.in-berlin.de>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: How to define the order of starting jails?
Message-Id: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
Date: Sun, 20 Dec 2015 17:50:28 +0100
To: freebsd-jail@freebsd.org, freebsd-questions <freebsd-questions@freebsd.org>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
X-Virus-Scanned: clamav-milter 0.99 at mail.kaan-bock.invalid
X-Virus-Status: Clean
X-Mailer: Apple Mail (2.2104)
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 16:50:32 -0000

Hi =E2=80=94

[Background: I wish to run (some of my) ezjail-made jails and VNET which =
cannot be done by ezjail, natively.]

But I found a way to mix both ezjail and basic jail(8) functionality. =
It's quite easy to fire up ezjail-made jails defined in jail.conf by =
jail. And, now I can apply VNET to those jails I do wish to run their =
own network stacks. That's all working well.

But I am bit stuck in finding a way to start my jails in a pre-defined =
order (e.g. first DNS, then mail, =E2=80=A6). Well, I can achieve that =
during boot time by using jail_list=3D"dns mail =E2=80=A6" in rc.conf. =
But, this is respected during boot time, *only*. Whenever I do run a =
"jail -rc '*'" that shutdown and starting order becomes arbitrary. It =
doesn't follow the sequence of my jail definitions in jail.conf, either. =
I thoroughly checked the jail.conf(5) man page for a functionality that =
would allow me to define a startup/shutdown sequence, but I couldn't =
find it.

Thus, I might have overlooked it, is there a way to achieve my goal =
using jail and jail.conf?
Or something else?

Thanks and regards,
Michael


From owner-freebsd-jail@freebsd.org  Sun Dec 20 19:25:22 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 21200A4D485;
 Sun, 20 Dec 2015 19:25:22 +0000 (UTC)
 (envelope-from ike@michaeleichorn.com)
Received: from mx1.eichornenterprises.com (mx1.eichornenterprises.com
 [104.236.13.122])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx1.eichornenterprises.com",
 Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id C6A571890;
 Sun, 20 Dec 2015 19:25:21 +0000 (UTC)
 (envelope-from ike@michaeleichorn.com)
Received: from mail.eichornenterprises.com (cpe-184-59-147-149.neo.res.rr.com
 [184.59.147.149])
 by mx1.eichornenterprises.com (OpenSMTPD) with ESMTP id 5e323a26;
 Sun, 20 Dec 2015 14:25:11 -0500 (EST)
Received: by mail.eichornenterprises.com (OpenSMTPD) with ESMTPSA id cdbf870c
 TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128
 verify=NO; Sun, 20 Dec 2015 14:25:11 -0500 (EST)
Message-ID: <1450639510.27618.8.camel@michaeleichorn.com>
Subject: Re: How to define the order of starting jails?
From: "Michael B. Eichorn" <ike@michaeleichorn.com>
To: Michael Grimm <trashcan@odo.in-berlin.de>, freebsd-jail@freebsd.org, 
 freebsd-questions <freebsd-questions@freebsd.org>
Date: Sun, 20 Dec 2015 14:25:10 -0500
In-Reply-To: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
Content-Type: multipart/signed; micalg="sha-256";
 protocol="application/x-pkcs7-signature";
 boundary="=-s0esCYRq7OwF0b7N89nz"
X-Mailer: Evolution 3.18.2 
Mime-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 19:25:22 -0000


--=-s0esCYRq7OwF0b7N89nz
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote:
> Hi =E2=80=94
>=20
> [Background: I wish to run (some of my) ezjail-made jails and VNET
> which cannot be done by ezjail, natively.]
>=20
> But I found a way to mix both ezjail and basic jail(8) functionality.
> It's quite easy to fire up ezjail-made jails defined in jail.conf by
> jail. And, now I can apply VNET to those jails I do wish to run their
> own network stacks. That's all working well.
>=20
> But I am bit stuck in finding a way to start my jails in a pre-
> defined order (e.g. first DNS, then mail, =E2=80=A6). Well, I can achieve
> that during boot time by using jail_list=3D"dns mail =E2=80=A6" in rc.con=
f.
> But, this is respected during boot time, *only*. Whenever I do run a
> "jail -rc '*'" that shutdown and starting order becomes arbitrary. It
> doesn't follow the sequence of my jail definitions in jail.conf,
> either. I thoroughly checked the jail.conf(5) man page for a
> functionality that would allow me to define a startup/shutdown
> sequence, but I couldn't find it.
>=20
> Thus, I might have overlooked it, is there a way to achieve my goal
> using jail and jail.conf?
> Or something else?
>=20
> Thanks and regards,
> Michael

jail(8)'s '*' operates on everything without concern for rc.conf, as
such jail_list is not respected. Perhaps try something tied to the rc.d
system. Does `service jail restart` do what you are looking for?

Otherwise I would just go with simple restart script such as:
#!/bin/sh
set -e
jail -r '*'
jail -c dns
jail -c mail
--=-s0esCYRq7OwF0b7N89nz
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCEqAw
ggYwMIIFGKADAgECAgMOXcYwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQK
Ew1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu
aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVu
dCBDQTAeFw0xNTA2MTMyMDI0NDZaFw0xNjA2MTQwMDM1NTBaMEgxHzAdBgNVBAMMFmlrZUBtaWNo
YWVsZWljaG9ybi5jb20xJTAjBgkqhkiG9w0BCQEWFmlrZUBtaWNoYWVsZWljaG9ybi5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJVdWALPz5h2s5zUQGIJYl6Vp8FPtZNko8q/3s
crCsxXJLprMaDdpnqTsmkbmEfKvsqPQE6HVOpGxVRTl/tCm+VvouW9eY9ITMigb1OnHdU13CKO0j
drgeU1nHst0qxwsIofRD7nC4dakT6exnrVndlBmLrf/bLPh2qOM8YK5qKK6m33fE7AyYrwiYAWFT
3fERI7LakjaabrIoS/Y1rCdL5FaCTMOlRbZyduc8HkrgjT2JW+i4fVcKyGL5gExBJWfS3q1uGFaB
ie6pYtl8lZPtvN0JSfibP003RBoLgzqHJKW91RL0qNeDjKZi/5nrlU398l9UoVvLLO3KxoPBXKCx
AgMBAAGjggLcMIIC2DAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcD
AgYIKwYBBQUHAwQwHQYDVR0OBBYEFJZqarc6CcrOs6eAwOgrMznk5ZWWMB8GA1UdIwQYMBaAFFNy
7ZKc4NrLAVx8fpY1TvLUuFGCMCEGA1UdEQQaMBiBFmlrZUBtaWNoYWVsZWljaG9ybi5jb20wggFM
BgNVHSAEggFDMIIBPzCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcCARYiaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBh
Y2NvcmRpbmcgdG8gdGhlIENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0
YXJ0Q29tIENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2Ug
aW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wNgYDVR0fBC8w
LTAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0dTEtY3JsLmNybDCBjgYIKwYBBQUH
AQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczEv
Y2xpZW50L2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIu
Y2xhc3MxLmNsaWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20v
MA0GCSqGSIb3DQEBCwUAA4IBAQB4K8iQw+0FRn3xEnB3vIIu2Vi4C3ZGnOMWP90FFXLrZ6uAu9AK
xVCjXUVP6nAEsOopTMu769vVecdBvg0KO2i5aTDTdTLX4g9d020g4OLWW1NiynAkX8oKqJLqZ53q
vHK4zP4KWPS3bSqDWVCosTMfI+H6tkg+6G3gS0HHoHTLKZhIT3z6PQZAfeofM7ed6NOdAcj0J2lP
ODHzzz7Y9x4wMwYJdidorzUDVYkNIkim8ak7hK9F60NadA5w/BirFATSlzRyV0h1tl6oNisEaQcq
tGvy6UoCTDhzaJ7pQValfDXJ/A47P0hNj/CX/PmkY1wQHsEJz2pbh5lqteP/fO0rMIIGMDCCBRig
AwIBAgIDDl3GMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD
b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG
A1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcN
MTUwNjEzMjAyNDQ2WhcNMTYwNjE0MDAzNTUwWjBIMR8wHQYDVQQDDBZpa2VAbWljaGFlbGVpY2hv
cm4uY29tMSUwIwYJKoZIhvcNAQkBFhZpa2VAbWljaGFlbGVpY2hvcm4uY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVXVgCz8+YdrOc1EBiCWJelafBT7WTZKPKv97HKwrMVyS6az
Gg3aZ6k7JpG5hHyr7Kj0BOh1TqRsVUU5f7Qpvlb6LlvXmPSEzIoG9Tpx3VNdwijtI3a4HlNZx7Ld
KscLCKH0Q+5wuHWpE+nsZ61Z3ZQZi63/2yz4dqjjPGCuaiiupt93xOwMmK8ImAFhU93xESOy2pI2
mm6yKEv2NawnS+RWgkzDpUW2cnbnPB5K4I09iVvouH1XCshi+YBMQSVn0t6tbhhWgYnuqWLZfJWT
7bzdCUn4mz9NN0QaC4M6hySlvdUS9KjXg4ymYv+Z65VN/fJfVKFbyyztysaDwVygsQIDAQABo4IC
3DCCAtgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF
BwMEMB0GA1UdDgQWBBSWamq3OgnKzrOngMDoKzM55OWVljAfBgNVHSMEGDAWgBRTcu2SnODaywFc
fH6WNU7y1LhRgjAhBgNVHREEGjAYgRZpa2VAbWljaGFlbGVpY2hvcm4uY29tMIIBTAYDVR0gBIIB
QzCCAT8wggE7BgsrBgEEAYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNjb3JkaW5n
IHRvIHRoZSBDbGFzcyAxIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFydENvbSBD
QSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBs
aWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDYGA1UdHwQvMC0wK6ApoCeG
JWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8w
OQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MxL2NsaWVudC9j
YTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMS5j
bGllbnQuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG
9w0BAQsFAAOCAQEAeCvIkMPtBUZ98RJwd7yCLtlYuAt2RpzjFj/dBRVy62ergLvQCsVQo11FT+pw
BLDqKUzLu+vb1XnHQb4NCjtouWkw03Uy1+IPXdNtIODi1ltTYspwJF/KCqiS6med6rxyuMz+Clj0
t20qg1lQqLEzHyPh+rZIPuht4EtBx6B0yymYSE98+j0GQH3qHzO3nejTnQHI9CdpTzgx888+2Pce
MDMGCXYnaK81A1WJDSJIpvGpO4SvRetDWnQOcPwYqxQE0pc0cldIdbZeqDYrBGkHKrRr8ulKAkw4
c2ie6UFWpXw1yfwOOz9ITY/wl/z5pGNcEB7BCc9qW4eZarXj/3ztKzCCBjQwggQcoAMCAQICAR4w
DQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0
Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDE1NVoXDTE3MTAyNDIxMDE1
NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1
cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAx
IFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMcJg8zOLdgasSmkLhOrlr6KMoOMpohBllVHrdRvEg/q6r8jR+EK75xCGhR8ToREoqe7
zM9/UnC6TS2y9UKTpT1v7RSMzR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC+y7P3/1/X7U8ocb8
VpH/Clt+4iq7nirMcNh6qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxDz2UbFqE2+6vIZoL+
jb9x4Pa5gNf1TwSDkOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr/+N2JLKutIxMYqQO
Jebr/f/h5t95m4JgrM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCAa0wggGpMA8GA1UdEwEB
/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRTcu2SnODaywFcfH6WNU7y1LhRgjAf
BgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH
MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5z
dGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3Js
MIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3Rh
cnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t
L2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBAAqDCH14qywGXLhjjF6uHLkjd02h
cdh9hrw+VUsv+q1eeQWB21jWj3kJ96AUlPCoEGZ/ynJNScWy6QMVQjbbMXltUfO4n4bGGdKo3awP
Wp61tjAFgraLJgDk+DsSvUD6EowjMTNx25GQgyYJ5RPIzKKR9tQW8gGK+2+RHxkUCTbYFnL6kl8C
h507rUdPPipJ9CgJFws3kDS3gOS5WFMxcjO5DwKfKSETEPrHh7p5shuuNktvsv6hxHTLhiMKX893
gxdT3XLS9OKmCv87vkINQcNEcIIoFWbP9HORz9v3vQwR4e3ksLc2JZOAFK+ssS5XMEoznzpihEP0
PLc4dCBYjbvSD7kxgDwZ+Aj8Q9PkbvE9sIPP7ON0fz095HdThKjiVJe6vofq+n6b1NBc8XdrQvBm
unwxD5nvtTW4vtN6VY7mUCmxsCieuoBJ9OlqmsVWQvifIYf40dJPZkk9YgGTzWLpXDSfLSplbY2L
L9C9U0ptvjcDjefLTvqSFc7tw1sEhF0n/qpA2r0GpvkLRDmcSwVyPvmjFBGqUp/pNy8ZuPGQmHwF
i2/14+xeSUDG2bwnsYJQG2EdJCB6luQ57GEnTA/yKZSTKI8dDQa8Sd3zfXb19mOgSF0bBdXbuKhE
puP9wirslFe6fQ1t5j5R0xi72MZ8ikMu1RQZKCyDbMwazlHiMYIDfzCCA3sCAQEwgZQwgYwxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRh
bCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkg
SW50ZXJtZWRpYXRlIENsaWVudCBDQQIDDl3GMA0GCWCGSAFlAwQCAQUAoIIBuzAYBgkqhkiG9w0B
CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTEyMjAxOTI1MTBaMC8GCSqGSIb3DQEJ
BDEiBCBvxWN6Sf17qumCXH0FkcGg1rDAlgNcxuwNoQYdKJgoAjCBpQYJKwYBBAGCNxAEMYGXMIGU
MIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJl
IERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQ
cmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAw5dxjCBpwYLKoZIhvcNAQkQAgsxgZeggZQw
gYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDDl3GMA0GCSqGSIb3DQEBAQUABIIBADtepFNU
iUPgzTx3gBj9R7orGf5vNKss0G/OjOJtvNztajxjAzd9FXYO3SuxV1LyeulZXIxmNWZSoYLXc80E
++R/jJT9KEeBstf+sJMx0cB5qmGEMNGXs4SmYD8muiEuri4EoVFtXWkeiPCVnvTbfJcAAMQOYZus
gbfsDlpTWj9eterZx4os5/V8SDdBnW6Bp47racu/7KLMetbWUhkxSSnwQrUb5enRptWYkHku21Zy
ZzKdI0VrAZcqDiiTH7HbJtMd/Xr4LPRys60Z248nobak04caWhDy1vjRzcH2cdjFNL1wLllHRzlR
4UfCjpNfnVjg342VLXzu+JIo7DYPhP8AAAAAAAA=


--=-s0esCYRq7OwF0b7N89nz--


From owner-freebsd-jail@freebsd.org  Sun Dec 20 19:57:45 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88457A4999A;
 Sun, 20 Dec 2015 19:57:45 +0000 (UTC)
 (envelope-from trashcan@odo.in-berlin.de)
Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [87.98.149.189])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 57AEB1631;
 Sun, 20 Dec 2015 19:57:44 +0000 (UTC)
 (envelope-from trashcan@odo.in-berlin.de)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Subject: Re: How to define the order of starting jails?
From: Michael Grimm <trashcan@odo.in-berlin.de>
In-Reply-To: <1450639510.27618.8.camel@michaeleichorn.com>
Date: Sun, 20 Dec 2015 20:57:33 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <BE5B509A-9D84-46A3-BADB-E641E6BD51F7@odo.in-berlin.de>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
 <1450639510.27618.8.camel@michaeleichorn.com>
To: freebsd-jail@freebsd.org, freebsd-questions <freebsd-questions@freebsd.org>
X-Mailer: Apple Mail (2.2104)
X-Virus-Scanned: clamav-milter 0.99 at mail.kaan-bock.invalid
X-Virus-Status: Clean
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 19:57:45 -0000

Michael B. Eichorn <ike@michaeleichorn.com> wrote
> On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote:

>> But I am bit stuck in finding a way to start my jails in a pre-
>> defined order (e.g. first DNS, then mail, =E2=80=A6).
[=E2=80=A6]
>> Thus, I might have overlooked it, is there a way to achieve my goal
>> using jail and jail.conf?
>> Or something else?

> jail(8)'s '*' operates on everything without concern for rc.conf, as
> such jail_list is not respected. Perhaps try something tied to the =
rc.d
> system. Does `service jail restart` do what you are looking for?

Bingo! That made the trick! Thank you very, very much! Cool! That =
command is stopping and starting jails in the order as listed in =
"jail_list". Ok, it isn't stopping jails in the reverse order, but that =
is no big deal, though.

[Arrrgh, I never heard of "service" before (after so many years with =
FBSD) :-( What a shame ...]

Thanks and with kind regards,
Michael




From owner-freebsd-jail@freebsd.org  Sun Dec 20 20:41:51 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9736BA4E292;
 Sun, 20 Dec 2015 20:41:51 +0000 (UTC)
 (envelope-from dweimer@dweimer.net)
Received: from webmail.dweimer.net (24-240-198-187.static.stls.mo.charter.com
 [24.240.198.187])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 509B518DB;
 Sun, 20 Dec 2015 20:41:50 +0000 (UTC)
 (envelope-from dweimer@dweimer.net)
Received: from webmail.dweimer.local (localhost [192.168.5.2])
 by webmail.dweimer.net (8.15.2/8.15.2) with ESMTPS id tBKKfhmW056452
 (version=TLSv1.2 cipher=DHE-RSA-CHACHA20-POLY1305 bits=256 verify=NO);
 Sun, 20 Dec 2015 14:41:43 -0600 (CST)
 (envelope-from dweimer@dweimer.net)
Received: (from www@localhost)
 by webmail.dweimer.local (8.15.2/8.15.2/Submit) id tBKKfgh5056451;
 Sun, 20 Dec 2015 14:41:42 -0600 (CST)
 (envelope-from dweimer@dweimer.net)
X-Authentication-Warning: webmail.dweimer.local: www set sender to
 dweimer@dweimer.net using -f
To: "Michael B. Eichorn" <ike@michaeleichorn.com>
Subject: Re: How to define the order of starting jails?
X-PHP-Script: www.dweimer.net/webmail/index.php for 192.168.5.1, 192.168.5.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Date: Sun, 20 Dec 2015 14:41:41 -0600
From: dweimer <dweimer@dweimer.net>
Cc: Michael Grimm <trashcan@odo.in-berlin.de>, freebsd-jail@freebsd.org,
 freebsd-questions <freebsd-questions@freebsd.org>,
 owner-freebsd-questions@freebsd.org
Organization: dweimer.net
Reply-To: dweimer@dweimer.net
Mail-Reply-To: dweimer@dweimer.net
In-Reply-To: <1450639510.27618.8.camel@michaeleichorn.com>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
 <1450639510.27618.8.camel@michaeleichorn.com>
Message-ID: <b538d6be51b83cf48e18f603ea1009a9@dweimer.net>
X-Sender: dweimer@dweimer.net
User-Agent: Roundcube Webmail/1.1.3
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 20:41:51 -0000

On 2015-12-20 1:25 pm, Michael B. Eichorn wrote:
> On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote:
>> Hi —
>> 
>> [Background: I wish to run (some of my) ezjail-made jails and VNET
>> which cannot be done by ezjail, natively.]
>> 
>> But I found a way to mix both ezjail and basic jail(8) functionality.
>> It's quite easy to fire up ezjail-made jails defined in jail.conf by
>> jail. And, now I can apply VNET to those jails I do wish to run their
>> own network stacks. That's all working well.
>> 
>> But I am bit stuck in finding a way to start my jails in a pre-
>> defined order (e.g. first DNS, then mail, …). Well, I can achieve
>> that during boot time by using jail_list="dns mail …" in rc.conf.
>> But, this is respected during boot time, *only*. Whenever I do run a
>> "jail -rc '*'" that shutdown and starting order becomes arbitrary. It
>> doesn't follow the sequence of my jail definitions in jail.conf,
>> either. I thoroughly checked the jail.conf(5) man page for a
>> functionality that would allow me to define a startup/shutdown
>> sequence, but I couldn't find it.
>> 
>> Thus, I might have overlooked it, is there a way to achieve my goal
>> using jail and jail.conf?
>> Or something else?
>> 
>> Thanks and regards,
>> Michael
> 
> jail(8)'s '*' operates on everything without concern for rc.conf, as
> such jail_list is not respected. Perhaps try something tied to the rc.d
> system. Does `service jail restart` do what you are looking for?
> 
> Otherwise I would just go with simple restart script such as:
> #!/bin/sh
> set -e
> jail -r '*'
> jail -c dns
> jail -c mail

You can also define a jail dependency to make sure a jail starts before 
another one

dns {
   ...
}
mail {
   ...
   depend = "dns"
}




-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/

From owner-freebsd-jail@freebsd.org  Sun Dec 20 20:57:34 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 190B5A4EB80;
 Sun, 20 Dec 2015 20:57:34 +0000 (UTC)
 (envelope-from trashcan@ellael.org)
Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [87.98.149.189])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id DB3171EF0;
 Sun, 20 Dec 2015 20:57:33 +0000 (UTC)
 (envelope-from trashcan@ellael.org)
Received: from [IPv6:2003:45:4845:fc01:8d4a:3ac1:149c:b4b]
 (p200300454845FC018D4A3AC1149C0B4B.dip0.t-ipconnect.de
 [IPv6:2003:45:4845:fc01:8d4a:3ac1:149c:b4b])
 by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 3pNx8B0mw7zh0;
 Sun, 20 Dec 2015 21:57:29 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Subject: Re: How to define the order of starting jails?
From: Michael Grimm <trashcan@ellael.org>
In-Reply-To: <b538d6be51b83cf48e18f603ea1009a9@dweimer.net>
Date: Sun, 20 Dec 2015 21:57:27 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <22ECAFEE-6EAF-4E67-A887-1E2D410A3DB6@ellael.org>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
 <1450639510.27618.8.camel@michaeleichorn.com>
 <b538d6be51b83cf48e18f603ea1009a9@dweimer.net>
To: freebsd-jail@freebsd.org, freebsd-questions <freebsd-questions@freebsd.org>
X-Virus-Scanned: clamav-milter 0.99 at mail.kaan-bock.invalid
X-Virus-Status: Clean
X-Mailer: Apple Mail (2.2104)
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 20:57:34 -0000

dweimer <dweimer@dweimer.net> wrote:
> On 2015-12-20 1:25 pm, Michael B. Eichorn wrote:
>> On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote:

[starting sequence definition, how to?]

>>> Thus, I might have overlooked it, is there a way to achieve my goal
>>> using jail and jail.conf?
>>> Or something else?

>> jail(8)'s '*' operates on everything without concern for rc.conf, as
>> such jail_list is not respected. Perhaps try something tied to the =
rc.d
>> system. Does `service jail restart` do what you are looking for?
>> Otherwise I would just go with simple restart script such as:
>> #!/bin/sh
>> set -e
>> jail -r '*'
>> jail -c dns
>> jail -c mail
>=20
> You can also define a jail dependency to make sure a jail starts =
before another one
>=20
> dns {
>  ...
> }
> mail {
>  ...
>  depend =3D "dns"
> }

Yep! That is working as well. And, now it will stop jails in the reverse =
order.

*BUT*, that doesn't work with "jail -rc '*'", reproducibly =E2=80=A6=20

	| testing> jail -rc '*'
	| ifconfig: : bad value
	| jail: dns: /sbin/ifconfig em0 inet  netmask 255.255.255.255 @ =
alias: failed

=E2=80=A6 and leaving me with all stopped but not started a single jail =
:-(

"service jail restart" works much better, never failing.

Thanks and with kind regards,
Michael


From owner-freebsd-jail@freebsd.org  Sun Dec 20 21:12:36 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 49809A4D642;
 Sun, 20 Dec 2015 21:12:36 +0000 (UTC) (envelope-from bsam@passap.ru)
Received: from forward11j.cmail.yandex.net (forward11j.cmail.yandex.net
 [IPv6:2a02:6b8:0:1630::b1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 074251A4A;
 Sun, 20 Dec 2015 21:12:35 +0000 (UTC) (envelope-from bsam@passap.ru)
Received: from smtp11.mail.yandex.net (smtp11.mail.yandex.net
 [IPv6:2a02:6b8:0:801:1::10])
 by forward11j.cmail.yandex.net (Yandex) with ESMTP id 359EC21465;
 Mon, 21 Dec 2015 00:12:32 +0300 (MSK)
Received: from smtp11.mail.yandex.net (localhost [127.0.0.1])
 by smtp11.mail.yandex.net (Yandex) with ESMTP id 8A1F17E05B7;
 Mon, 21 Dec 2015 00:12:31 +0300 (MSK)
Received: by smtp11.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id
 42eYtel643-CV9ORN9F; Mon, 21 Dec 2015 00:12:31 +0300
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client certificate not present)
X-Yandex-ForeignMX: US
Subject: Re: How to define the order of starting jails?
To: Michael Grimm <trashcan@odo.in-berlin.de>, freebsd-jail@freebsd.org,
 freebsd-questions <freebsd-questions@freebsd.org>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
From: Boris Samorodov <bsam@passap.ru>
Message-ID: <567719BE.9060309@passap.ru>
Date: Mon, 21 Dec 2015 00:12:30 +0300
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 21:12:36 -0000

20.12.15 19:50, Michael Grimm пишет:

> But I am bit stuck in finding a way to start my jails in a
> pre-defined order (e.g. first DNS, then mail, …). Well, I can achieve
> that during boot time by using jail_list="dns mail …" in rc.conf.
> But, this is respected during boot time, *only*. Whenever I do run a
> "jail -rc '*'" that shutdown and starting order becomes arbitrary. It
> doesn't follow the sequence of my jail definitions in jail.conf,
> either. I thoroughly checked the jail.conf(5) man page for a
> functionality that would allow me to define a startup/shutdown
> sequence, but I couldn't find it.

AFAIK ezjails start jails in reverse natural (by name) order and stops
in natural order... So I used to name a jail to be started first as
"zz..." one.

HTH
-- 
WBR, bsam

From owner-freebsd-jail@freebsd.org  Sun Dec 20 21:20:18 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 01B49A4DADE;
 Sun, 20 Dec 2015 21:20:18 +0000 (UTC)
 (envelope-from trashcan@ellael.org)
Received: from mx2.enfer-du-nord.net (mx2.enfer-du-nord.net
 [IPv6:2001:41d0:d:3049:1:1:0:1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C51C81C0F;
 Sun, 20 Dec 2015 21:20:17 +0000 (UTC)
 (envelope-from trashcan@ellael.org)
Received: from [IPv6:2003:45:4845:fc01:8d4a:3ac1:149c:b4b]
 (p200300454845FC018D4A3AC1149C0B4B.dip0.t-ipconnect.de
 [IPv6:2003:45:4845:fc01:8d4a:3ac1:149c:b4b])
 by mx2.enfer-du-nord.net (Postfix) with ESMTPSA id 3pNxfR4xzmzHpr;
 Sun, 20 Dec 2015 22:20:15 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Subject: Re: How to define the order of starting jails?
From: Michael Grimm <trashcan@ellael.org>
In-Reply-To: <567719BE.9060309@passap.ru>
Date: Sun, 20 Dec 2015 22:20:14 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <387681DB-6F5B-4226-B9DE-64F65A3A57E8@ellael.org>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
 <567719BE.9060309@passap.ru>
To: freebsd-jail@freebsd.org, freebsd-questions <freebsd-questions@freebsd.org>
X-Virus-Scanned: clamav-milter 0.99 at mail.mer-waases.invalid
X-Virus-Status: Clean
X-Mailer: Apple Mail (2.2104)
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 21:20:18 -0000

Boris Samorodov <bsam@passap.ru> wrote:
>=20
> 20.12.15 19:50, Michael Grimm =D0=BF=D0=B8=D1=88=D0=B5=D1=82:
>=20
>> But I am bit stuck in finding a way to start my jails in a
>> pre-defined order (e.g. first DNS, then mail, =E2=80=A6).=20
>=20
> AFAIK ezjails start jails in reverse natural (by name) order and stops
> in natural order... So I used to name a jail to be started first as
> "zz..." one.

ezail does the following:

	# To specify the start up order of your ezjails, use these lines =
to
	# create a Jail dependency tree. See rcorder(8) for more =
details.
	#
	# PROVIDE: mail
	# REQUIRE: dns
	# BEFORE:=20

[defined in /usr/local/etc/ezjail/mail]

But that isn't available any longer, if one goes for "/etc/jail.conf" =
and "jail", instead.

Regards,
Michael=

From owner-freebsd-jail@freebsd.org  Sun Dec 20 21:28:28 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4C48A4E05B;
 Sun, 20 Dec 2015 21:28:28 +0000 (UTC)
 (envelope-from ike@michaeleichorn.com)
Received: from mx1.eichornenterprises.com (mx1.eichornenterprises.com
 [104.236.13.122])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx1.eichornenterprises.com",
 Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 569761FE1;
 Sun, 20 Dec 2015 21:28:28 +0000 (UTC)
 (envelope-from ike@michaeleichorn.com)
Received: from mail.eichornenterprises.com (cpe-184-59-147-149.neo.res.rr.com
 [184.59.147.149])
 by mx1.eichornenterprises.com (OpenSMTPD) with ESMTP id 3077bcf8;
 Sun, 20 Dec 2015 16:28:23 -0500 (EST)
Received: by mail.eichornenterprises.com (OpenSMTPD) with ESMTPSA id 004b2374
 TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128
 verify=NO; Sun, 20 Dec 2015 16:28:23 -0500 (EST)
Message-ID: <1450646902.27618.19.camel@michaeleichorn.com>
Subject: Re: How to define the order of starting jails?
From: "Michael B. Eichorn" <ike@michaeleichorn.com>
To: Michael Grimm <trashcan@odo.in-berlin.de>, freebsd-jail@freebsd.org, 
 freebsd-questions <freebsd-questions@freebsd.org>
Date: Sun, 20 Dec 2015 16:28:22 -0500
In-Reply-To: <BE5B509A-9D84-46A3-BADB-E641E6BD51F7@odo.in-berlin.de>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
 <1450639510.27618.8.camel@michaeleichorn.com>
 <BE5B509A-9D84-46A3-BADB-E641E6BD51F7@odo.in-berlin.de>
Content-Type: multipart/signed; micalg="sha-256";
 protocol="application/x-pkcs7-signature";
 boundary="=-kOAlutYdlv1PCMaZNNbW"
X-Mailer: Evolution 3.18.2 
Mime-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 21:28:28 -0000


--=-kOAlutYdlv1PCMaZNNbW
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sun, 2015-12-20 at 20:57 +0100, Michael Grimm wrote:
> Michael B. Eichorn <ike@michaeleichorn.com> wrote
> > On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote:
>=20
> > > But I am bit stuck in finding a way to start my jails in a pre-
> > > defined order (e.g. first DNS, then mail, =E2=80=A6).
> [=E2=80=A6]
> > > Thus, I might have overlooked it, is there a way to achieve my
> > > goal
> > > using jail and jail.conf?
> > > Or something else?
>=20
> > jail(8)'s '*' operates on everything without concern for rc.conf,
> > as
> > such jail_list is not respected. Perhaps try something tied to the
> > rc.d
> > system. Does `service jail restart` do what you are looking for?
>=20
> Bingo! That made the trick! Thank you very, very much! Cool! That
> command is stopping and starting jails in the order as listed in
> "jail_list". Ok, it isn't stopping jails in the reverse order, but
> that is no big deal, though.

I think that this came up before and there was a patch sumbitted to
stop in the reverse order, It might be fixed in current. I don't really
remember the specifics and I cannot find it now, but something was done
about this before.

> [Arrrgh, I never heard of "service" before (after so many years with
> FBSD) :-( What a shame ...]

Always more to learn. :)
--=-kOAlutYdlv1PCMaZNNbW
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCEqAw
ggYwMIIFGKADAgECAgMOXcYwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQK
Ew1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu
aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVu
dCBDQTAeFw0xNTA2MTMyMDI0NDZaFw0xNjA2MTQwMDM1NTBaMEgxHzAdBgNVBAMMFmlrZUBtaWNo
YWVsZWljaG9ybi5jb20xJTAjBgkqhkiG9w0BCQEWFmlrZUBtaWNoYWVsZWljaG9ybi5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJVdWALPz5h2s5zUQGIJYl6Vp8FPtZNko8q/3s
crCsxXJLprMaDdpnqTsmkbmEfKvsqPQE6HVOpGxVRTl/tCm+VvouW9eY9ITMigb1OnHdU13CKO0j
drgeU1nHst0qxwsIofRD7nC4dakT6exnrVndlBmLrf/bLPh2qOM8YK5qKK6m33fE7AyYrwiYAWFT
3fERI7LakjaabrIoS/Y1rCdL5FaCTMOlRbZyduc8HkrgjT2JW+i4fVcKyGL5gExBJWfS3q1uGFaB
ie6pYtl8lZPtvN0JSfibP003RBoLgzqHJKW91RL0qNeDjKZi/5nrlU398l9UoVvLLO3KxoPBXKCx
AgMBAAGjggLcMIIC2DAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcD
AgYIKwYBBQUHAwQwHQYDVR0OBBYEFJZqarc6CcrOs6eAwOgrMznk5ZWWMB8GA1UdIwQYMBaAFFNy
7ZKc4NrLAVx8fpY1TvLUuFGCMCEGA1UdEQQaMBiBFmlrZUBtaWNoYWVsZWljaG9ybi5jb20wggFM
BgNVHSAEggFDMIIBPzCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcCARYiaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBh
Y2NvcmRpbmcgdG8gdGhlIENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0
YXJ0Q29tIENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2Ug
aW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wNgYDVR0fBC8w
LTAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0dTEtY3JsLmNybDCBjgYIKwYBBQUH
AQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczEv
Y2xpZW50L2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIu
Y2xhc3MxLmNsaWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20v
MA0GCSqGSIb3DQEBCwUAA4IBAQB4K8iQw+0FRn3xEnB3vIIu2Vi4C3ZGnOMWP90FFXLrZ6uAu9AK
xVCjXUVP6nAEsOopTMu769vVecdBvg0KO2i5aTDTdTLX4g9d020g4OLWW1NiynAkX8oKqJLqZ53q
vHK4zP4KWPS3bSqDWVCosTMfI+H6tkg+6G3gS0HHoHTLKZhIT3z6PQZAfeofM7ed6NOdAcj0J2lP
ODHzzz7Y9x4wMwYJdidorzUDVYkNIkim8ak7hK9F60NadA5w/BirFATSlzRyV0h1tl6oNisEaQcq
tGvy6UoCTDhzaJ7pQValfDXJ/A47P0hNj/CX/PmkY1wQHsEJz2pbh5lqteP/fO0rMIIGMDCCBRig
AwIBAgIDDl3GMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD
b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG
A1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcN
MTUwNjEzMjAyNDQ2WhcNMTYwNjE0MDAzNTUwWjBIMR8wHQYDVQQDDBZpa2VAbWljaGFlbGVpY2hv
cm4uY29tMSUwIwYJKoZIhvcNAQkBFhZpa2VAbWljaGFlbGVpY2hvcm4uY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVXVgCz8+YdrOc1EBiCWJelafBT7WTZKPKv97HKwrMVyS6az
Gg3aZ6k7JpG5hHyr7Kj0BOh1TqRsVUU5f7Qpvlb6LlvXmPSEzIoG9Tpx3VNdwijtI3a4HlNZx7Ld
KscLCKH0Q+5wuHWpE+nsZ61Z3ZQZi63/2yz4dqjjPGCuaiiupt93xOwMmK8ImAFhU93xESOy2pI2
mm6yKEv2NawnS+RWgkzDpUW2cnbnPB5K4I09iVvouH1XCshi+YBMQSVn0t6tbhhWgYnuqWLZfJWT
7bzdCUn4mz9NN0QaC4M6hySlvdUS9KjXg4ymYv+Z65VN/fJfVKFbyyztysaDwVygsQIDAQABo4IC
3DCCAtgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF
BwMEMB0GA1UdDgQWBBSWamq3OgnKzrOngMDoKzM55OWVljAfBgNVHSMEGDAWgBRTcu2SnODaywFc
fH6WNU7y1LhRgjAhBgNVHREEGjAYgRZpa2VAbWljaGFlbGVpY2hvcm4uY29tMIIBTAYDVR0gBIIB
QzCCAT8wggE7BgsrBgEEAYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNjb3JkaW5n
IHRvIHRoZSBDbGFzcyAxIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFydENvbSBD
QSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBs
aWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDYGA1UdHwQvMC0wK6ApoCeG
JWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8w
OQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MxL2NsaWVudC9j
YTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMS5j
bGllbnQuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG
9w0BAQsFAAOCAQEAeCvIkMPtBUZ98RJwd7yCLtlYuAt2RpzjFj/dBRVy62ergLvQCsVQo11FT+pw
BLDqKUzLu+vb1XnHQb4NCjtouWkw03Uy1+IPXdNtIODi1ltTYspwJF/KCqiS6med6rxyuMz+Clj0
t20qg1lQqLEzHyPh+rZIPuht4EtBx6B0yymYSE98+j0GQH3qHzO3nejTnQHI9CdpTzgx888+2Pce
MDMGCXYnaK81A1WJDSJIpvGpO4SvRetDWnQOcPwYqxQE0pc0cldIdbZeqDYrBGkHKrRr8ulKAkw4
c2ie6UFWpXw1yfwOOz9ITY/wl/z5pGNcEB7BCc9qW4eZarXj/3ztKzCCBjQwggQcoAMCAQICAR4w
DQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0
Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDE1NVoXDTE3MTAyNDIxMDE1
NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1
cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAx
IFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMcJg8zOLdgasSmkLhOrlr6KMoOMpohBllVHrdRvEg/q6r8jR+EK75xCGhR8ToREoqe7
zM9/UnC6TS2y9UKTpT1v7RSMzR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC+y7P3/1/X7U8ocb8
VpH/Clt+4iq7nirMcNh6qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxDz2UbFqE2+6vIZoL+
jb9x4Pa5gNf1TwSDkOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr/+N2JLKutIxMYqQO
Jebr/f/h5t95m4JgrM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCAa0wggGpMA8GA1UdEwEB
/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRTcu2SnODaywFcfH6WNU7y1LhRgjAf
BgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH
MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5z
dGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3Js
MIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3Rh
cnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t
L2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBAAqDCH14qywGXLhjjF6uHLkjd02h
cdh9hrw+VUsv+q1eeQWB21jWj3kJ96AUlPCoEGZ/ynJNScWy6QMVQjbbMXltUfO4n4bGGdKo3awP
Wp61tjAFgraLJgDk+DsSvUD6EowjMTNx25GQgyYJ5RPIzKKR9tQW8gGK+2+RHxkUCTbYFnL6kl8C
h507rUdPPipJ9CgJFws3kDS3gOS5WFMxcjO5DwKfKSETEPrHh7p5shuuNktvsv6hxHTLhiMKX893
gxdT3XLS9OKmCv87vkINQcNEcIIoFWbP9HORz9v3vQwR4e3ksLc2JZOAFK+ssS5XMEoznzpihEP0
PLc4dCBYjbvSD7kxgDwZ+Aj8Q9PkbvE9sIPP7ON0fz095HdThKjiVJe6vofq+n6b1NBc8XdrQvBm
unwxD5nvtTW4vtN6VY7mUCmxsCieuoBJ9OlqmsVWQvifIYf40dJPZkk9YgGTzWLpXDSfLSplbY2L
L9C9U0ptvjcDjefLTvqSFc7tw1sEhF0n/qpA2r0GpvkLRDmcSwVyPvmjFBGqUp/pNy8ZuPGQmHwF
i2/14+xeSUDG2bwnsYJQG2EdJCB6luQ57GEnTA/yKZSTKI8dDQa8Sd3zfXb19mOgSF0bBdXbuKhE
puP9wirslFe6fQ1t5j5R0xi72MZ8ikMu1RQZKCyDbMwazlHiMYIDfzCCA3sCAQEwgZQwgYwxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRh
bCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkg
SW50ZXJtZWRpYXRlIENsaWVudCBDQQIDDl3GMA0GCWCGSAFlAwQCAQUAoIIBuzAYBgkqhkiG9w0B
CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTEyMjAyMTI4MjJaMC8GCSqGSIb3DQEJ
BDEiBCAgIVbJr8lLH2c3VJIOpOdUaP5kRZz4qleO4dvWf6xdpTCBpQYJKwYBBAGCNxAEMYGXMIGU
MIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJl
IERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQ
cmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAw5dxjCBpwYLKoZIhvcNAQkQAgsxgZeggZQw
gYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDDl3GMA0GCSqGSIb3DQEBAQUABIIBAByoNbpa
aKvQZakvb9eVI6rli/IqlDiKCSMTalH5iCDy18Zub6yre4MJFQApUsmkzL7CESayKhPBj3S/GbOf
B4IEnwsBtFWoYolJN85CkrUoo6n6kFCtfXxGQ3b106IAb1lZKBqB8fxPKA+Ps6GIrA1sq17mG/b5
SCL5jKIuReOVTiHX3GMBT8pWaZdeBUbP4kJCxXOX9hZUmy9XvT9afFeH4dXqq0YALANrUbuuZXPN
iYs5DXqT21V1KiJ/5CxpoYbf8iA93j/VvfsHtR32NWdu1I9hGzL1VgmUQIRq09s/Ouv6W7/2RLFe
jge9TN80eEhYJTgZhPljIguzlwBB2iAAAAAAAAA=


--=-kOAlutYdlv1PCMaZNNbW--


From owner-freebsd-jail@freebsd.org  Sun Dec 20 21:37:33 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A9861A4E545
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Sun, 20 Dec 2015 21:37:33 +0000 (UTC)
 (envelope-from allanjude@freebsd.org)
Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6])
 by mx1.freebsd.org (Postfix) with ESMTP id 7A2521434
 for <freebsd-jail@freebsd.org>; Sun, 20 Dec 2015 21:37:32 +0000 (UTC)
 (envelope-from allanjude@freebsd.org)
Received: from [10.1.1.2] (unknown [10.1.1.2])
 (Authenticated sender: allanjude.freebsd@scaleengine.com)
 by mx1.scaleengine.net (Postfix) with ESMTPSA id D29C4D022
 for <freebsd-jail@freebsd.org>; Sun, 20 Dec 2015 21:37:25 +0000 (UTC)
Subject: Re: How to define the order of starting jails?
To: freebsd-jail@freebsd.org
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
 <1450639510.27618.8.camel@michaeleichorn.com>
 <BE5B509A-9D84-46A3-BADB-E641E6BD51F7@odo.in-berlin.de>
From: Allan Jude <allanjude@freebsd.org>
Message-ID: <56771F8D.4040004@freebsd.org>
Date: Sun, 20 Dec 2015 16:37:17 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <BE5B509A-9D84-46A3-BADB-E641E6BD51F7@odo.in-berlin.de>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="RM0BJ24XUHMD9ilTF82A6nhXEiDjlCIR7"
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 21:37:33 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--RM0BJ24XUHMD9ilTF82A6nhXEiDjlCIR7
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 2015-12-20 14:57, Michael Grimm wrote:
> Michael B. Eichorn <ike@michaeleichorn.com> wrote
>> On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote:
>=20
>>> But I am bit stuck in finding a way to start my jails in a pre-
>>> defined order (e.g. first DNS, then mail, =E2=80=A6).
> [=E2=80=A6]
>>> Thus, I might have overlooked it, is there a way to achieve my goal
>>> using jail and jail.conf?
>>> Or something else?
>=20
>> jail(8)'s '*' operates on everything without concern for rc.conf, as
>> such jail_list is not respected. Perhaps try something tied to the rc.=
d
>> system. Does `service jail restart` do what you are looking for?
>=20
> Bingo! That made the trick! Thank you very, very much! Cool! That comma=
nd is stopping and starting jails in the order as listed in "jail_list". =
Ok, it isn't stopping jails in the reverse order, but that is no big deal=
, though.
>=20
> [Arrrgh, I never heard of "service" before (after so many years with FB=
SD) :-( What a shame ...]
>=20
> Thanks and with kind regards,
> Michael
>=20
>=20
>=20
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"=

>=20

'service' was not introduced until FreeBSD 8, iirc. It is mostly a
redhat thing, but is very handy.


Re: jail reverse order, there is a patch to address this, and a PR
somewhere I think:

https://reviews.freebsd.org/D2088

--=20
Allan Jude


--RM0BJ24XUHMD9ilTF82A6nhXEiDjlCIR7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWdx+WAAoJEBmVNT4SmAt+B/AQAIWJYny0UCX3sdujwmupiTYV
21s4Kfc3JQQvFERHaSXf/rvmwxQkURlL1gzJ4SYIpC3pHB4wOs1ttDS+hP1NP3x6
t8yeUecqqfWa5YMIlQpVfhzUcQzXKmf5zQKnHStEZljExcHMIQaQkxHVCtSZbF7H
N5UP9wBbNbI1JcDfErM1F7MTTwuT54yW27RHfoGH1Krw/0fm6QGzl6lTBXKIE97j
E7PiCCVpDS1gE+J6PvMXwSb9hnHT1x6+S87BXnSY92EI9PBd8baWRxLgV1Kd+AZu
I2+kK+l938mdk17bX4V97yqlP6oVmIzHiUoG4gIpOeqqs5kvtXJUhyUWaSjFHKe9
EBTC1oUjoN+fqFBWtyVoszykPOts8UvuZVoop6kuzPF0mROVKZHkcpBeqUXy1bep
yPVzONB2uA2iK20m9AwTGKl0R3ORqPcsAk5QBLo9TiTx8TEd0j8fyogoA8YqDzyO
Nvx4X/TKPSVDbtPpgrGGRbCkQLRF1jOsNOwPCembR76eP2rLUNVcidfCZM86Qmtd
NQiBoigdwZTkikA2EzG/hpCMB8LfsVO5Y6mWhco9QTQGltyCH6gM4ElKva6RYQ+Z
7j5eLigFUbZiE1SFhgArtcVzGf98oAoM1ekRO3wwpm8Pby6ys2OxgFEp8WoABiIt
ptmQNaJcjT1HOnGBYJwq
=h4a4
-----END PGP SIGNATURE-----

--RM0BJ24XUHMD9ilTF82A6nhXEiDjlCIR7--

From owner-freebsd-jail@freebsd.org  Sun Dec 20 21:45:13 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 57503A4EA48;
 Sun, 20 Dec 2015 21:45:13 +0000 (UTC)
 (envelope-from trashcan@odo.in-berlin.de)
Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [87.98.149.189])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 27DE61974;
 Sun, 20 Dec 2015 21:45:12 +0000 (UTC)
 (envelope-from trashcan@odo.in-berlin.de)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Subject: Re: How to define the order of starting jails?
From: Michael Grimm <trashcan@odo.in-berlin.de>
In-Reply-To: <1450646902.27618.19.camel@michaeleichorn.com>
Date: Sun, 20 Dec 2015 22:45:08 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <1AC66193-4091-4D5A-8183-FAECA843A739@odo.in-berlin.de>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
 <1450639510.27618.8.camel@michaeleichorn.com>
 <BE5B509A-9D84-46A3-BADB-E641E6BD51F7@odo.in-berlin.de>
 <1450646902.27618.19.camel@michaeleichorn.com>
To: freebsd-jail@freebsd.org, freebsd-questions <freebsd-questions@freebsd.org>
X-Mailer: Apple Mail (2.2104)
X-Virus-Scanned: clamav-milter 0.99 at mail.kaan-bock.invalid
X-Virus-Status: Clean
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 21:45:13 -0000

Michael B. Eichorn <ike@michaeleichorn.com> wrote:
>=20
> On Sun, 2015-12-20 at 20:57 +0100, Michael Grimm wrote:
>> Michael B. Eichorn <ike@michaeleichorn.com> wrote:

>>> Does `service jail restart` do what you are looking for?
>>=20
>> Bingo! That made the trick! Thank you very, very much! Cool! That
>> command is stopping and starting jails in the order as listed in
>> "jail_list". Ok, it isn't stopping jails in the reverse order, but
>> that is no big deal, though.
>=20
> I think that this came up before and there was a patch sumbitted to
> stop in the reverse order, It might be fixed in current. I don't =
really
> remember the specifics and I cannot find it now, but something was =
done
> about this before.

Ok. I'm following stable, thus it might arrive soon. But, at least at my =
servers, that is no big deal. Stopping is so fast =E2=80=A6 (only 8 =
service jails). But there might be conditions where reverse order might =
be of advantage.

>> [Arrrgh, I never heard of "service" before (after so many years with
>> FBSD) :-( What a shame ...]
>=20
> Always more to learn. :)

Yep, definitely so! [And I did start programming/computing with =
https://en.wikipedia.org/wiki/PDP-11 ;-)]

With kind regards,
Michael





From owner-freebsd-jail@freebsd.org  Sun Dec 20 21:54:11 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5B95DA4EFAC;
 Sun, 20 Dec 2015 21:54:11 +0000 (UTC)
 (envelope-from trashcan@ellael.org)
Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net
 [IPv6:2001:41d0:1008:bcb:1:1:0:1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 29FBA1D80;
 Sun, 20 Dec 2015 21:54:11 +0000 (UTC)
 (envelope-from trashcan@ellael.org)
Received: from [IPv6:2003:45:4845:fc01:8d4a:3ac1:149c:b4b]
 (p200300454845FC018D4A3AC1149C0B4B.dip0.t-ipconnect.de
 [IPv6:2003:45:4845:fc01:8d4a:3ac1:149c:b4b])
 by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 3pNyPY2Fs1zrM;
 Sun, 20 Dec 2015 22:54:09 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Subject: Re: How to define the order of starting jails?
From: Michael Grimm <trashcan@ellael.org>
In-Reply-To: <56771F8D.4040004@freebsd.org>
Date: Sun, 20 Dec 2015 22:54:08 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <9E7DF9FD-60D5-497B-8BA5-5350D8167A55@ellael.org>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
 <1450639510.27618.8.camel@michaeleichorn.com>
 <BE5B509A-9D84-46A3-BADB-E641E6BD51F7@odo.in-berlin.de>
 <56771F8D.4040004@freebsd.org>
To: freebsd-jail@freebsd.org, freebsd-questions <freebsd-questions@freebsd.org>
X-Virus-Scanned: clamav-milter 0.99 at mail.kaan-bock.invalid
X-Virus-Status: Clean
X-Mailer: Apple Mail (2.2104)
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 21:54:11 -0000

Allan Jude <allanjude@freebsd.org> wrote:
>=20
> On 2015-12-20 14:57, Michael Grimm wrote:

>> [Arrrgh, I never heard of "service" before (after so many years with =
FBSD) :-( What a shame =E2=80=A6]

> 'service' was not introduced until FreeBSD 8, iirc. It is mostly a
> redhat thing, but is very handy.

No, I am not excused, because I arrived at FBSD-6.1. I should have =
noticed it in the meantime :-C

> Re: jail reverse order, there is a patch to address this, and a PR
> somewhere I think:
>=20
> https://reviews.freebsd.org/D2088

August 2015, hmm. Well, it might make it into FBSD-11?

With kind regards,
Michael



From owner-freebsd-jail@freebsd.org  Sun Dec 20 23:02:49 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65238A4D61F;
 Sun, 20 Dec 2015 23:02:49 +0000 (UTC)
 (envelope-from wblock@wonkity.com)
Received: from wonkity.com (wonkity.com [67.158.26.137])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "wonkity.com", Issuer "wonkity.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 27AF518D8;
 Sun, 20 Dec 2015 23:02:48 +0000 (UTC)
 (envelope-from wblock@wonkity.com)
Received: from wonkity.com (localhost [127.0.0.1])
 by wonkity.com (8.15.2/8.15.2) with ESMTPS id tBKN1Uqm062317
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Sun, 20 Dec 2015 16:01:30 -0700 (MST)
 (envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
 by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id tBKN1TXH062303;
 Sun, 20 Dec 2015 16:01:29 -0700 (MST)
 (envelope-from wblock@wonkity.com)
Date: Sun, 20 Dec 2015 16:01:29 -0700 (MST)
From: Warren Block <wblock@wonkity.com>
To: dweimer <dweimer@dweimer.net>
cc: "Michael B. Eichorn" <ike@michaeleichorn.com>, freebsd-jail@freebsd.org,
 freebsd-questions <freebsd-questions@freebsd.org>,
 Michael Grimm <trashcan@odo.in-berlin.de>,
 owner-freebsd-questions@freebsd.org
Subject: Re: How to define the order of starting jails?
In-Reply-To: <b538d6be51b83cf48e18f603ea1009a9@dweimer.net>
Message-ID: <alpine.BSF.2.20.1512201558410.60560@wonkity.com>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
 <1450639510.27618.8.camel@michaeleichorn.com>
 <b538d6be51b83cf48e18f603ea1009a9@dweimer.net>
User-Agent: Alpine 2.20 (BSF 67 2015-01-07)
MIME-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (wonkity.com [127.0.0.1]); Sun, 20 Dec 2015 16:01:30 -0700 (MST)
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8BIT
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 23:02:49 -0000

On Sun, 20 Dec 2015, dweimer wrote:

> On 2015-12-20 1:25 pm, Michael B. Eichorn wrote:
>> On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote:
>>> Hi —
>>> 
>>> [Background: I wish to run (some of my) ezjail-made jails and VNET
>>> which cannot be done by ezjail, natively.]
>>> 
>>> But I found a way to mix both ezjail and basic jail(8) functionality.
>>> It's quite easy to fire up ezjail-made jails defined in jail.conf by
>>> jail. And, now I can apply VNET to those jails I do wish to run their
>>> own network stacks. That's all working well.
>>> 
>>> But I am bit stuck in finding a way to start my jails in a pre-
>>> defined order (e.g. first DNS, then mail, …). Well, I can achieve
>>> that during boot time by using jail_list="dns mail …" in rc.conf.
>>> But, this is respected during boot time, *only*. Whenever I do run a
>>> "jail -rc '*'" that shutdown and starting order becomes arbitrary. It
>>> doesn't follow the sequence of my jail definitions in jail.conf,
>>> either. I thoroughly checked the jail.conf(5) man page for a
>>> functionality that would allow me to define a startup/shutdown
>>> sequence, but I couldn't find it.
>>> 
>>> Thus, I might have overlooked it, is there a way to achieve my goal
>>> using jail and jail.conf?
>>> Or something else?
>>> 
>>> Thanks and regards,
>>> Michael
>> 
>> jail(8)'s '*' operates on everything without concern for rc.conf, as
>> such jail_list is not respected. Perhaps try something tied to the rc.d
>> system. Does `service jail restart` do what you are looking for?
>> 
>> Otherwise I would just go with simple restart script such as:
>> #!/bin/sh
>> set -e
>> jail -r '*'
>> jail -c dns
>> jail -c mail
>
> You can also define a jail dependency to make sure a jail starts before 
> another one
>
> dns {
>  ...
> }
> mail {
>  ...
>  depend = "dns"
> }

I submitted an ezjail patch last year to be able to start a jail very 
early.  This is useful for me because that lets the DNS jail start early 
enough that the ezjail host can use it as a DNS server.

An update to ezjail came out a few weeks back, but did not include it.
From owner-freebsd-jail@freebsd.org  Mon Dec 21 04:58:44 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61345A4B709;
 Mon, 21 Dec 2015 04:58:44 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id DE89010A8;
 Mon, 21 Dec 2015 04:58:43 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id tBL4wMXp045109;
 Mon, 21 Dec 2015 15:58:24 +1100 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Mon, 21 Dec 2015 15:58:22 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Michael Grimm <trashcan@ellael.org>
cc: freebsd-jail@freebsd.org, freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: How to define the order of starting jails?
In-Reply-To: <9E7DF9FD-60D5-497B-8BA5-5350D8167A55@ellael.org>
Message-ID: <20151221154512.P8562@sola.nimnet.asn.au>
References: <5D6BA0FE-60E1-4C6B-906B-BB62A1AB9BE8@odo.in-berlin.de>
 <1450639510.27618.8.camel@michaeleichorn.com>
 <BE5B509A-9D84-46A3-BADB-E641E6BD51F7@odo.in-berlin.de>
 <56771F8D.4040004@freebsd.org>
 <9E7DF9FD-60D5-497B-8BA5-5350D8167A55@ellael.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2015 04:58:44 -0000

On Sun, 20 Dec 2015 22:54:08 +0100, Michael Grimm wrote:
 > Allan Jude <allanjude@freebsd.org> wrote:
 > > On 2015-12-20 14:57, Michael Grimm wrote:

 > >> [Arrrgh, I never heard of "service" before (after so many years
 > >> with FBSD) :-( What a shame ÿÿ]

 > > 'service' was not introduced until FreeBSD 8, iirc. It is mostly a
 > > redhat thing, but is very handy.

 > No, I am not excused, because I arrived at FBSD-6.1. I should have
 > noticed it in the meantime :-C

According to service(8):
HISTORY
     The service utility first appeared in FreeBSD 7.3.

But I didn't notice and start using it regularly until FreeBSD 9 :)

Happy (winter there, summer here) Solstice, Ian

From owner-freebsd-jail@freebsd.org  Sat Dec 26 20:24:44 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4F35CA53B47;
 Sat, 26 Dec 2015 20:24:44 +0000 (UTC)
 (envelope-from trashcan@ellael.org)
Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [87.98.149.189])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2269D174E;
 Sat, 26 Dec 2015 20:24:43 +0000 (UTC)
 (envelope-from trashcan@ellael.org)
From: Michael Grimm <trashcan@ellael.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: ipsec tunnel and vnet jails: routing, howto?
Message-Id: <E105CD2A-042C-42E6-9AD0-A24C22F6C37E@ellael.org>
Date: Sat, 26 Dec 2015 21:24:34 +0100
To: freebsd-jail@freebsd.org,
 freebsd-net@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
X-Mailer: Apple Mail (2.2104)
X-Virus-Scanned: clamav-milter 0.99 at mail
X-Virus-Status: Clean
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Dec 2015 20:24:44 -0000

Hi,

I am currently stuck, somehow, and I do need your input. Thus, let me =
explain, what I do want to achieve:

I do have two servers connected via an ipsec/tunnel ...
	[A] dead:beef:1234:abcd::1 <=E2=80=94> dead:feed:abcd:1234::1 =
[B]
=E2=80=A6 which is sending all traffic destined for =
dead:beef:1234:abcd::/64 and dead:feed:abcd:1234::/64 through the =
tunnel, and vice versa.

That did run perfectly well during the last years until I decided to =
give VNET jails a try. Previously, some of my old fashioned jails got an =
IPv6 address attached like dead:beef:1234:abcd:1:2::3, and I could reach =
that address from the remote server without any routing/re-directing or =
alike, necessary. Now, after having moved those jails to VNET jails =
(having those addresses bound to their epairXXb interfaces), I cannot =
reach those addresses within those jails any longer.

=46rom my point of view and understanding this must have to do with lack =
of proper routing, but I am not sure, if that is correct, thus my =
questions to the experts:

1) Is my assumption correct, that my tunnel is "ending" after having =
passed my firewalls at each server, *bevor* decrypting its ESP traffic =
into its final destination (yes, I do have pf rules to allow for esp =
traffic to pass my outer internet facing interface)?

2) If that is true, racoon has to decide where to deliver those packets, =
finally?

3) If that is true, I do have an issue with routing that *cannot* be =
solved by pf firewall rules, right?

4) If that is true, what do I have to look for? What am I missing? How =
can I route incoming and finally decrypted traffic to its final =
destination within a VNET jail?

5) Do I need to look for a completely different approach? Every hint is =
highly welcome.

Thanks in advance and with kind regards,
Michael