From owner-freebsd-isp@FreeBSD.ORG Tue Oct 27 10:13:25 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF453106566B for ; Tue, 27 Oct 2009 10:13:25 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: from mx02.interazioni.net (mx02.interazioni.net [80.94.114.204]) by mx1.freebsd.org (Postfix) with ESMTP id 1F0CF8FC24 for ; Tue, 27 Oct 2009 10:13:24 +0000 (UTC) Received: (qmail 4757 invoked by uid 88); 27 Oct 2009 10:13:23 -0000 Received: from unknown (HELO ?192.168.200.240?) (tonix@interazioni.it@217.19.158.67) by relay.interazioni.net with ESMTPA; 27 Oct 2009 10:13:22 -0000 Message-ID: <4AE6C7BD.907@interazioni.it> Date: Tue, 27 Oct 2009 11:13:17 +0100 From: "Tonix (Antonio Nati)" User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Subject: Jails creation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 10:13:25 -0000 Is there any architectural reason for which jails must be created only starting from sources? Would not it be simpler to create a jail cloning the host environment binaries (and then using the normal freebsd-update to keep it updated)? Would it be possible to suggest a funded project with this goal? Regards, Tonino -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@interazioni.it ------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Tue Oct 27 11:01:28 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5449B10656CE for ; Tue, 27 Oct 2009 11:01:28 +0000 (UTC) (envelope-from vince@unsane.co.uk) Received: from ostracod.unsane.co.uk (unsane-pt.tunnel.tserv5.lon1.ipv6.he.net [IPv6:2001:470:1f08:110::2]) by mx1.freebsd.org (Postfix) with ESMTP id 9238A8FC13 for ; Tue, 27 Oct 2009 11:01:27 +0000 (UTC) Received: from vhoffman.lon.namesco.net (75.69-246-213.ippool.namesco.net [213.246.69.75]) (authenticated bits=0) by ostracod.unsane.co.uk (8.14.3/8.14.3) with ESMTP id n9RB1URG055413 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Oct 2009 11:01:32 GMT (envelope-from vince@unsane.co.uk) Message-ID: <4AE6D302.9010100@unsane.co.uk> Date: Tue, 27 Oct 2009 11:01:22 +0000 From: Vincent Hoffman User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4AE6C7BD.907@interazioni.it> In-Reply-To: <4AE6C7BD.907@interazioni.it> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Jails creation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 11:01:28 -0000 Tonix (Antonio Nati) wrote: > > Is there any architectural reason for which jails must be created only > starting from sources? > Would not it be simpler to create a jail cloning the host environment > binaries (and then using the normal freebsd-update to keep it updated)? > Would it be possible to suggest a funded project with this goal? > I dont tend to use jails but my understanding is that you can use the standard install to create a jail (based on info from http://pbraun.nethence.com/doc/sysutils_bsd/dragonfly-freebsd-jail.html) mkdir -p /var/jails/base sysinstall then, sysinstall > Custom > Options > Install Root > /var/jails/base sysinstall > Custom > Distributions > Minimal sysinstall > Custom > Media > File System > /cdrom (I just used ftp myself, this meant i had to change the release from 7.2-RELEASE-p4 to 7.2-RELEASE in options) sysinstall > Custom > Commit [Visit the general configuration menu ?] > No Note. don't do the post-install, it would modify the host, not the guest. A quick jail /var/jails/base footest 10.0.0.2 /bin/sh gives me a shell in the jail so it seems to have worked, Time to add devfs etc i guess. >From here i'm going to have a look at sysutils/ezjail as that keeps coming up as a good way of managing jails, but I seem to have an working base system in /var/jails/base without compiling anything. I might have a play now and get updates etc working. regards, Vince > Regards, > > Tonino > From owner-freebsd-isp@FreeBSD.ORG Tue Oct 27 14:41:40 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A6B9C106566B for ; Tue, 27 Oct 2009 14:41:40 +0000 (UTC) (envelope-from vince@unsane.co.uk) Received: from ostracod.unsane.co.uk (unsane-pt.tunnel.tserv5.lon1.ipv6.he.net [IPv6:2001:470:1f08:110::2]) by mx1.freebsd.org (Postfix) with ESMTP id 11CCF8FC0C for ; Tue, 27 Oct 2009 14:41:39 +0000 (UTC) Received: from vhoffman.lon.namesco.net (75.69-246-213.ippool.namesco.net [213.246.69.75]) (authenticated bits=0) by ostracod.unsane.co.uk (8.14.3/8.14.3) with ESMTP id n9REfiWJ043346 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Oct 2009 14:41:46 GMT (envelope-from vince@unsane.co.uk) Message-ID: <4AE706A0.8050409@unsane.co.uk> Date: Tue, 27 Oct 2009 14:41:36 +0000 From: Vincent Hoffman User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4AE6C7BD.907@interazioni.it> <4AE6D302.9010100@unsane.co.uk> In-Reply-To: <4AE6D302.9010100@unsane.co.uk> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Jails creation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 14:41:40 -0000 Vincent Hoffman wrote: > Tonix (Antonio Nati) wrote: > >> Is there any architectural reason for which jails must be created only >> starting from sources? >> Would not it be simpler to create a jail cloning the host environment >> binaries (and then using the normal freebsd-update to keep it updated)? >> Would it be possible to suggest a funded project with this goal? >> >> > I dont tend to use jails but my understanding is that you can use the > standard install to create a jail (based on info from > http://pbraun.nethence.com/doc/sysutils_bsd/dragonfly-freebsd-jail.html) > > mkdir -p /var/jails/base > sysinstall > then, > sysinstall > Custom > Options > Install Root > /var/jails/base > sysinstall > Custom > Distributions > Minimal > sysinstall > Custom > Media > File System > /cdrom (I just used ftp > myself, this meant i had to change the release from 7.2-RELEASE-p4 to > 7.2-RELEASE in options) > sysinstall > Custom > Commit > [Visit the general configuration menu ?] > No > Note. don't do the post-install, it would modify the host, not the guest. > > A quick > jail /var/jails/base footest 10.0.0.2 /bin/sh > gives me a shell in the jail so it seems to have worked, Time to add > devfs etc i guess. > > >From here i'm going to have a look at sysutils/ezjail as that keeps > coming up as a good way of managing jails, but I seem to have an working > base system in /var/jails/base without compiling anything. I might have > a play now and get updates etc working. > Ok now I have played with sysutils/ezjail, forget the first part ;) just "ezjail-admin install" will do a binary install for a base jail from an ftp server. you can use "ezjail-admin update -u" to update the base jail using freebsd-update for some reason this isnt in the manpage. Not exactly what you have asked for but close enough if you dont like installing from source. Vince > regards, > Vince > >> Regards, >> >> Tonino >> >> > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Tue Oct 27 14:51:45 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7EA05106568F for ; Tue, 27 Oct 2009 14:51:45 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: from mx02.interazioni.net (mx02.interazioni.net [80.94.114.204]) by mx1.freebsd.org (Postfix) with ESMTP id BF6858FC1D for ; Tue, 27 Oct 2009 14:51:44 +0000 (UTC) Received: (qmail 92780 invoked by uid 88); 27 Oct 2009 14:51:43 -0000 Received: from unknown (HELO ?192.168.200.240?) (tonix@interazioni.it@217.19.158.67) by relay.interazioni.net with ESMTPA; 27 Oct 2009 14:50:42 -0000 Message-ID: <4AE708AF.4070705@interazioni.it> Date: Tue, 27 Oct 2009 15:50:23 +0100 From: "Tonix (Antonio Nati)" User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <4AE6C7BD.907@interazioni.it> <4AE6D302.9010100@unsane.co.uk> <4AE706A0.8050409@unsane.co.uk> In-Reply-To: <4AE706A0.8050409@unsane.co.uk> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Jails creation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 14:51:45 -0000 Hi Vincent, I'm trying as much as possible to not install sources. I'm designing a general architecture with very small machines, smallest as possible, as I'd love to avoid sources (both locals and remote). Thanks, Tonino Vincent Hoffman ha scritto: > Vincent Hoffman wrote: > >> Tonix (Antonio Nati) wrote: >> >> >>> Is there any architectural reason for which jails must be created only >>> starting from sources? >>> Would not it be simpler to create a jail cloning the host environment >>> binaries (and then using the normal freebsd-update to keep it updated)? >>> Would it be possible to suggest a funded project with this goal? >>> >>> >>> >> I dont tend to use jails but my understanding is that you can use the >> standard install to create a jail (based on info from >> http://pbraun.nethence.com/doc/sysutils_bsd/dragonfly-freebsd-jail.html) >> >> mkdir -p /var/jails/base >> sysinstall >> then, >> sysinstall > Custom > Options > Install Root > /var/jails/base >> sysinstall > Custom > Distributions > Minimal >> sysinstall > Custom > Media > File System > /cdrom (I just used ftp >> myself, this meant i had to change the release from 7.2-RELEASE-p4 to >> 7.2-RELEASE in options) >> sysinstall > Custom > Commit >> [Visit the general configuration menu ?] > No >> Note. don't do the post-install, it would modify the host, not the guest. >> >> A quick >> jail /var/jails/base footest 10.0.0.2 /bin/sh >> gives me a shell in the jail so it seems to have worked, Time to add >> devfs etc i guess. >> >> >From here i'm going to have a look at sysutils/ezjail as that keeps >> coming up as a good way of managing jails, but I seem to have an working >> base system in /var/jails/base without compiling anything. I might have >> a play now and get updates etc working. >> >> > > Ok now I have played with sysutils/ezjail, forget the first part ;) > just "ezjail-admin install" will do a binary install for a base jail > from an ftp server. > you can use "ezjail-admin update -u" to update the base jail using > freebsd-update for some reason this isnt in the manpage. > Not exactly what you have asked for but close enough if you dont like > installing from source. > > > Vince > > >> regards, >> Vince >> >> >>> Regards, >>> >>> Tonino >>> >>> >>> >> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> >> > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@interazioni.it ------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Tue Oct 27 16:53:26 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1A94C106566C for ; Tue, 27 Oct 2009 16:53:26 +0000 (UTC) (envelope-from vince@unsane.co.uk) Received: from ostracod.unsane.co.uk (unsane-pt.tunnel.tserv5.lon1.ipv6.he.net [IPv6:2001:470:1f08:110::2]) by mx1.freebsd.org (Postfix) with ESMTP id 3925D8FC2B for ; Tue, 27 Oct 2009 16:53:24 +0000 (UTC) Received: from vhoffman.lon.namesco.net (75.69-246-213.ippool.namesco.net [213.246.69.75]) (authenticated bits=0) by ostracod.unsane.co.uk (8.14.3/8.14.3) with ESMTP id n9RGrSsD044466 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Oct 2009 16:53:30 GMT (envelope-from vince@unsane.co.uk) Message-ID: <4AE72580.8030001@unsane.co.uk> Date: Tue, 27 Oct 2009 16:53:20 +0000 From: Vincent Hoffman User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4AE6C7BD.907@interazioni.it> <4AE6D302.9010100@unsane.co.uk> <4AE706A0.8050409@unsane.co.uk> <4AE708AF.4070705@interazioni.it> In-Reply-To: <4AE708AF.4070705@interazioni.it> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Jails creation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 16:53:26 -0000 Tonix (Antonio Nati) wrote: > Hi Vincent, > > I'm trying as much as possible to not install sources. > I'm designing a general architecture with very small machines, > smallest as possible, as I'd love to avoid sources (both locals and > remote). > As i said, i'm not a regular user of jails so i may be missing something, but I rather thought that was my point. Using the ezjails framework, I didnt need the sources installed. ezjail is a shell script so it doesnt install anything else (no dependancies.) It installed the base jail using the binary install packages from a remote FTP server. It minimises your disk usage afterwards by using nullfs for the base system in each jail, and it lets you update the base jail using freebsd-update. I now have 2 jails (basic, just the freebsd base system) using a total of 140M, each additional jail will start off taking just 1.8M. Since on my host system my freebsd-update database alone is 665M I can see this system as a big win for diskspace not to mention the nice centralized update for all the jails. Back to your original question, you dont have to install a jail from source, I see no reason you couldnt just copy the base system into a directory and use it as a jail if you wanted. In fact a very quick test shows that taring up an existing system then untaring and editing rc.conf and fstab comes up as a working jail. (working as in network works and i can enter it by running jexec $jailid sh ) Vince > Thanks, > Tonino > > Vincent Hoffman ha scritto: >> Vincent Hoffman wrote: >> >>> Tonix (Antonio Nati) wrote: >>> >>>> Is there any architectural reason for which jails must be created only >>>> starting from sources? >>>> Would not it be simpler to create a jail cloning the host environment >>>> binaries (and then using the normal freebsd-update to keep it >>>> updated)? >>>> Would it be possible to suggest a funded project with this goal? >>>> >>>> >>> I dont tend to use jails but my understanding is that you can use the >>> standard install to create a jail (based on info from >>> http://pbraun.nethence.com/doc/sysutils_bsd/dragonfly-freebsd-jail.html) >>> >>> >>> mkdir -p /var/jails/base >>> sysinstall >>> then, >>> sysinstall > Custom > Options > Install Root > /var/jails/base >>> sysinstall > Custom > Distributions > Minimal >>> sysinstall > Custom > Media > File System > /cdrom (I just used ftp >>> myself, this meant i had to change the release from 7.2-RELEASE-p4 to >>> 7.2-RELEASE in options) >>> sysinstall > Custom > Commit >>> [Visit the general configuration menu ?] > No >>> Note. don't do the post-install, it would modify the host, not the >>> guest. >>> >>> A quick >>> jail /var/jails/base footest 10.0.0.2 /bin/sh >>> gives me a shell in the jail so it seems to have worked, Time to add >>> devfs etc i guess. >>> >>> >From here i'm going to have a look at sysutils/ezjail as that keeps >>> coming up as a good way of managing jails, but I seem to have an >>> working >>> base system in /var/jails/base without compiling anything. I might have >>> a play now and get updates etc working. >>> >> >> Ok now I have played with sysutils/ezjail, forget the first part ;) >> just "ezjail-admin install" will do a binary install for a base jail >> from an ftp server. >> you can use "ezjail-admin update -u" to update the base jail using >> freebsd-update for some reason this isnt in the manpage. >> Not exactly what you have asked for but close enough if you dont like >> installing from source. >> >> >> Vince >> >> >>> regards, >>> Vince >>> >>>> Regards, >>>> >>>> Tonino >>>> >>>> >>> _______________________________________________ >>> freebsd-isp@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >>> >> >> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> >> > > From owner-freebsd-isp@FreeBSD.ORG Tue Oct 27 17:02:44 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CEFC106566B for ; Tue, 27 Oct 2009 17:02:44 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 0DABD8FC0C for ; Tue, 27 Oct 2009 17:02:43 +0000 (UTC) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id A564619E023; Tue, 27 Oct 2009 17:43:29 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 0889519E019; Tue, 27 Oct 2009 17:43:27 +0100 (CET) Message-ID: <4AE7232E.2070208@quip.cz> Date: Tue, 27 Oct 2009 17:43:26 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4AE6C7BD.907@interazioni.it> In-Reply-To: <4AE6C7BD.907@interazioni.it> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Jails creation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 17:02:44 -0000 Tonix (Antonio Nati) wrote: > > Is there any architectural reason for which jails must be created only > starting from sources? > Would not it be simpler to create a jail cloning the host environment > binaries (and then using the normal freebsd-update to keep it updated)? > Would it be possible to suggest a funded project with this goal? You are not the first one with this idea. You can easily use nullfs mount of directories from base system, but people mostly prefer independent directory with jail install shared by many jails. And sometimes somebody needs jails with modified binaries, so it is not possible to share theme with base system in all cases. There are many ways to get jails running without sources, it is up to you to choose one. Miroslav Lachman PS: there is freebsd-jail@freebsd.org mailinglist From owner-freebsd-isp@FreeBSD.ORG Tue Oct 27 17:08:21 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 035B0106568B for ; Tue, 27 Oct 2009 17:08:21 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: from mx02.interazioni.net (mx02.interazioni.net [80.94.114.204]) by mx1.freebsd.org (Postfix) with ESMTP id 4B6E48FC19 for ; Tue, 27 Oct 2009 17:08:20 +0000 (UTC) Received: (qmail 41761 invoked by uid 88); 27 Oct 2009 17:08:17 -0000 Received: from unknown (HELO ?192.168.200.240?) (tonix@interazioni.it@217.19.158.67) by relay.interazioni.net with ESMTPA; 27 Oct 2009 17:08:09 -0000 Message-ID: <4AE728F8.7020809@interazioni.it> Date: Tue, 27 Oct 2009 18:08:08 +0100 From: "Tonix (Antonio Nati)" User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <4AE6C7BD.907@interazioni.it> <4AE7232E.2070208@quip.cz> In-Reply-To: <4AE7232E.2070208@quip.cz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Jails creation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 17:08:21 -0000 Miroslav Lachman ha scritto: > Tonix (Antonio Nati) wrote: >> >> Is there any architectural reason for which jails must be created >> only starting from sources? >> Would not it be simpler to create a jail cloning the host environment >> binaries (and then using the normal freebsd-update to keep it updated)? >> Would it be possible to suggest a funded project with this goal? > > You are not the first one with this idea. You can easily use nullfs > mount of directories from base system, but people mostly prefer > independent directory with jail install shared by many jails. > > And sometimes somebody needs jails with modified binaries, so it is > not possible to share theme with base system in all cases. > > There are many ways to get jails running without sources, it is up to > you to choose one. > > Miroslav Lachman > > PS: there is freebsd-jail@freebsd.org mailinglist > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > I have nothing against shared dirs, but my question is this: why the basic jail creation command requires compilation? Given the fact jail must have exactly the same version of base system, why the base create command dos not simply copy the existing binaries? It would avoid local source, remote packages, etc... Regards, Tonino -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@interazioni.it ------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Tue Oct 27 18:41:33 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E3D3C106568F; Tue, 27 Oct 2009 18:41:33 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 9E9A68FC0C; Tue, 27 Oct 2009 18:41:33 +0000 (UTC) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 550BE19E023; Tue, 27 Oct 2009 19:41:32 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id CE18F19E019; Tue, 27 Oct 2009 19:41:29 +0100 (CET) Message-ID: <4AE73ED9.5000505@quip.cz> Date: Tue, 27 Oct 2009 19:41:29 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4AE6C7BD.907@interazioni.it> <4AE7232E.2070208@quip.cz> <4AE728F8.7020809@interazioni.it> In-Reply-To: <4AE728F8.7020809@interazioni.it> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org, freebsd-jail@freebsd.org Subject: Re: Jails creation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 18:41:34 -0000 Tonix (Antonio Nati) wrote: > Miroslav Lachman ha scritto: [...] >> You are not the first one with this idea. You can easily use nullfs >> mount of directories from base system, but people mostly prefer >> independent directory with jail install shared by many jails. >> >> And sometimes somebody needs jails with modified binaries, so it is >> not possible to share theme with base system in all cases. >> >> There are many ways to get jails running without sources, it is up to >> you to choose one. [...] > I have nothing against shared dirs, but my question is this: why the > basic jail creation command requires compilation? Given the fact jail > must have exactly the same version of base system, why the base create > command dos not simply copy the existing binaries? It would avoid local > source, remote packages, etc... It is not true. Jail command does not requires compilation, nor exactly same version. I am running 6.x version jail on system with 7.2 and you can run 32bit (i386) jail on 64bit (amd64) system. The `jail` command is there just for starting the jail, not for building it. The jail even does not need to be a full installed system! There are too many different scenarios with jails, that there can not be "one command to satisfy them all". It is up to administrator to prepare the best environment for his/her needs. If you need the full copy of the base system, you can do it really easily (by tar as was suggested by Vincet Hoffman or dump & restore), and if you do it for each jail, you loose the benefits of shared read-only base directory (you will need more disk space and more memory). If you do not want to spend some time by compilation, you can install the jail from installation media you already have from system install. cd /some/media/7.2-RELEASE/base mkdir /path/to/myjail setenv DESTDIR /path/to/myjail sh install.sh That's all! It is too simple in contrast to source build or manually copy something from base. If you are using ZFS, you can use snapshots and clones... And many more scenarios exist. I am CCing freebsd-jail@, it is more appropriate list to contionue. Miroslav Lachman From owner-freebsd-isp@FreeBSD.ORG Tue Oct 27 19:49:34 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 781D11065694 for ; Tue, 27 Oct 2009 19:49:34 +0000 (UTC) (envelope-from blake@ekalb.net) Received: from rupert.ekalb.net (rupert.ekalb.net [65.49.170.80]) by mx1.freebsd.org (Postfix) with ESMTP id 3EFEB8FC2D for ; Tue, 27 Oct 2009 19:49:34 +0000 (UTC) Received: from [10.1.0.164] (ip-208-47-103-98.mwv.sta.beamspeed.net [208.47.103.98]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by rupert.ekalb.net (Postfix) with ESMTPSA id 242516932F; Tue, 27 Oct 2009 12:31:21 -0700 (MST) Mime-Version: 1.0 (Apple Message framework v1076) Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes From: Blake Covarrubias In-Reply-To: <4AE73ED9.5000505@quip.cz> Date: Tue, 27 Oct 2009 12:32:01 -0700 Content-Transfer-Encoding: 7bit Message-Id: <2E43F01D-92BD-425A-B0A9-F29178B60200@ekalb.net> References: <4AE6C7BD.907@interazioni.it> <4AE7232E.2070208@quip.cz> <4AE728F8.7020809@interazioni.it> <4AE73ED9.5000505@quip.cz> To: Miroslav Lachman <000.fbsd@quip.cz> X-Mailer: Apple Mail (2.1076) Cc: freebsd-isp@freebsd.org Subject: Re: Jails creation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 19:49:34 -0000 Hi, This is how I perform binary updates and installation of jails. I used a file called install.cfg to hold my sysinstall variables. ### install.cfg ### installVarDefaults releaseName=7.2-RELEASE _ftpPath= ftp://ftp.freebsd.org/pub/FreeBSD/ mediaSetFTP dists=base man distSetCustom installRoot=/srv/jails/example.domain.tld/root installCommit ################ # Install mkdir -p /srv/jails/example.domain.tld/root sysinstall configFile=/root/install.cfg loadConfig freebsd-update works within the jail to update patches. For migrating point releases (7.1 to 7.2) after updating the host OS I use the commands below. env UNAME_r=7.1-RELEASE-p5 freebsd-update -b /srv/jails/ example.domain.tld/root -r 7.2-RELEASE upgrade freebsd-update -b /srv/jails/example.domain.tld/root install /etc/rc.d/jail restart freebsd-update -b /srv/jails/example.domain.tld/root install Works great in my environment. -- Blake Covarrubias On Oct 27, 2009, at 11:41 AM, Miroslav Lachman wrote: > Tonix (Antonio Nati) wrote: > >> Miroslav Lachman ha scritto: > [...] >>> You are not the first one with this idea. You can easily use >>> nullfs mount of directories from base system, but people mostly >>> prefer independent directory with jail install shared by many jails. >>> >>> And sometimes somebody needs jails with modified binaries, so it >>> is not possible to share theme with base system in all cases. >>> >>> There are many ways to get jails running without sources, it is up >>> to you to choose one. > > [...] > >> I have nothing against shared dirs, but my question is this: why >> the basic jail creation command requires compilation? Given the >> fact jail must have exactly the same version of base system, why >> the base create command dos not simply copy the existing binaries? >> It would avoid local source, remote packages, etc... > > It is not true. Jail command does not requires compilation, nor > exactly same version. I am running 6.x version jail on system with > 7.2 and you can run 32bit (i386) jail on 64bit (amd64) system. > The `jail` command is there just for starting the jail, not for > building it. The jail even does not need to be a full installed > system! > There are too many different scenarios with jails, that there can > not be "one command to satisfy them all". > It is up to administrator to prepare the best environment for his/ > her needs. > > If you need the full copy of the base system, you can do it really > easily (by tar as was suggested by Vincet Hoffman or dump & > restore), and if you do it for each jail, you loose the benefits of > shared read-only base directory (you will need more disk space and > more memory). > > If you do not want to spend some time by compilation, you can > install the jail from installation media you already have from > system install. > > cd /some/media/7.2-RELEASE/base > mkdir /path/to/myjail > setenv DESTDIR /path/to/myjail > sh install.sh > > That's all! It is too simple in contrast to source build or manually > copy something from base. > > If you are using ZFS, you can use snapshots and clones... > > And many more scenarios exist. > > I am CCing freebsd-jail@, it is more appropriate list to contionue. > > Miroslav Lachman > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Oct 28 07:33:32 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 11DE71065679 for ; Wed, 28 Oct 2009 07:33:32 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: from mx02.interazioni.net (mx02.interazioni.net [80.94.114.204]) by mx1.freebsd.org (Postfix) with ESMTP id 71FA18FC25 for ; Wed, 28 Oct 2009 07:33:31 +0000 (UTC) Received: (qmail 72341 invoked by uid 88); 28 Oct 2009 07:33:22 -0000 Received: from unknown (HELO ?192.168.56.198?) (tonix@interazioni.it@85.18.206.139) by relay.interazioni.net with ESMTPA; 28 Oct 2009 07:33:22 -0000 Message-ID: <4AE7F3C2.4030607@interazioni.it> Date: Wed, 28 Oct 2009 08:33:22 +0100 From: "Tonix (Antonio Nati)" User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <4AE6C7BD.907@interazioni.it> <4AE7232E.2070208@quip.cz> <4AE728F8.7020809@interazioni.it> <4AE73ED9.5000505@quip.cz> In-Reply-To: <4AE73ED9.5000505@quip.cz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Jails creation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2009 07:33:32 -0000 Miroslav Lachman ha scritto: > It is not true. Jail command does not requires compilation, nor > exactly same version. I am running 6.x version jail on system with 7.2 > and you can run 32bit (i386) jail on 64bit (amd64) system. I did not know, and this is very useful to me also. I supposed, as the jail kernel is a "fake" kernel, both systems should have the same version, but if I can mix it's a great opportunity. > The `jail` command is there just for starting the jail, not for > building it. The jail even does not need to be a full installed system! > There are too many different scenarios with jails, that there can not > be "one command to satisfy them all". > It is up to administrator to prepare the best environment for his/her > needs. > > If you need the full copy of the base system, you can do it really > easily (by tar as was suggested by Vincet Hoffman or dump & restore), > and if you do it for each jail, you loose the benefits of shared > read-only base directory (you will need more disk space and more memory). > > If you do not want to spend some time by compilation, you can install > the jail from installation media you already have from system install. > > cd /some/media/7.2-RELEASE/base > mkdir /path/to/myjail > setenv DESTDIR /path/to/myjail > sh install.sh > > That's all! It is too simple in contrast to source build or manually > copy something from base. > Thanks! In this way it is a lot more easier to setup and/or customize. Tonino -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@interazioni.it ------------------------------------------------------------