From owner-freebsd-stable@FreeBSD.ORG Tue Mar 13 02:15:15 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F3C4D16A403 for ; Tue, 13 Mar 2007 02:15:14 +0000 (UTC) (envelope-from nikolas.britton@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.250]) by mx1.freebsd.org (Postfix) with ESMTP id B3B5413C458 for ; Tue, 13 Mar 2007 02:15:14 +0000 (UTC) (envelope-from nikolas.britton@gmail.com) Received: by an-out-0708.google.com with SMTP id c24so1552117ana for ; Mon, 12 Mar 2007 19:15:14 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=f3EY87CTtzjqa1F81urpoJsCWAbbc52AJkII9qR4Ed4nntLyAIv3iDGA7v/lGOYlk2IvjRFQAKT4ufxYqxSFMmezvtF8BmVkUhlSh+QwYmWjtLuatjeego4bCuAy8cxVVyeYODRnEvPB46Z1LtvY4utVr/JJHxWtQZl7csB+FBU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=YiEDNEiiT0kFGruS+k+Hm51jvWNYM8x09NPdhHGFfM4tWRpbP0oSEqIdcDjV63S/RPAbU4fLApUTNm8Z8r24Edmr0Ln2K6/Rs0CiQrglazlvSaHDgAqn0fV8QyjHzFxqtKd6ULjcLaVXS52497dZph/cMLzvpZG5Lna+RkVm1x8= Received: by 10.100.137.18 with SMTP id k18mr344050and.1173752114139; Mon, 12 Mar 2007 19:15:14 -0700 (PDT) Received: by 10.100.109.12 with HTTP; Mon, 12 Mar 2007 19:15:13 -0700 (PDT) Message-ID: Date: Mon, 12 Mar 2007 21:15:13 -0500 From: "Nikolas Britton" To: "=?ISO-8859-1?Q?Andras_G=F3t?=" In-Reply-To: <45F5C23B.8040303@antiszoc.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <45F5C23B.8040303@antiszoc.hu> Cc: FreeBSD Stable List Subject: Re: Xen Dom0, are we making progress? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2007 02:15:15 -0000 On 3/12/07, Andras G=F3t wrote: > Nikolas Britton wrote: > > On 3/12/07, Ronald Klop wrote: > >> On Mon, 12 Mar 2007 20:16:32 +0100, Nikolas Britton > >> wrote: > >> > >> > Is FreeBSD making any progress in Xen Dom0 / Intel VT support? I'd > >> > really like to consolidate some underutilized FreeBSD servers. Are > >> > their any alternative solutions that will enable me to do this kind = of > >> > stuff with FreeBSD, or would it be better to go with Solaris Dom0 + > >> > FreeBSD DomU? > >> > >> http://docs.freebsd.org/44doc/papers/jail/jail.html > >> google: jail freebsd > >> > > > > Yes I'd like to know more about jails, is there a high level / > > executive summary type document that I can read somewhere? From what I > > remember jails are mostly designed to partition stuff... for security > > reasons. > > > > What I'd really love to do is split up each service (httpd, postgres, > > samba/nfs, ldap/nis, asterisk, etc.) into discrete virtual machines. > > It's too much work trying to make them all play nice on one system, > > especially during upgrades. As it is right now I don't upgrade any > > services once a system is in production use. > > _______________________________________________ > > freebsd-stable@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.or= g" > > > > Hi, > > For first read man jail. :) Apache, bind, mysql and postfix run fine in > a jail. For postgres you've to turn on the jail.ipc. > This is basicly not so bad, but definitely reduces security. For > samba/nfs/ldap/nis and asterisk I don't have the experience, but if they > not need ipc, they'll run fine out of the box. In jails I suggest that > you mount your ports tree with some nullfs mount. With this you'll save > some hd capacity. (The installed port list is in /var, not in > /usr/ports.) In jails you can't do resource control, so keep that in mind= . > Is their anyway to transfer jails on the fly between systems... For example, say I wanted to transfer the http service to a more powerful box because load was too high, can you do stuff like this?