From owner-freebsd-jail@FreeBSD.ORG Sun Jan 13 23:05:48 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D8A816A41A for ; Sun, 13 Jan 2008 23:05:48 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from postfix2-g20.free.fr (postfix2-g20.free.fr [212.27.60.43]) by mx1.freebsd.org (Postfix) with ESMTP id 1453C13C45D for ; Sun, 13 Jan 2008 23:05:47 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by postfix2-g20.free.fr (Postfix) with ESMTP id 2AD08222959A for ; Sun, 13 Jan 2008 21:33:10 +0100 (CET) Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp5-g19.free.fr (Postfix) with ESMTP id 1C6613F616B; Sun, 13 Jan 2008 23:33:50 +0100 (CET) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id 57F673F6169; Sun, 13 Jan 2008 23:33:49 +0100 (CET) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 05AEF9BF12; Sun, 13 Jan 2008 22:30:13 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id F0609405B; Sun, 13 Jan 2008 23:30:12 +0100 (CET) Date: Sun, 13 Jan 2008 23:30:12 +0100 From: Jeremie Le Hen To: Andrew Snow Message-ID: <20080113223012.GC27473@obiwan.tataz.chchile.org> References: <47841D07.20902@modulus.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <47841D07.20902@modulus.org> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: freebsd-jail@freebsd.org Subject: Re: Jails as a VPS X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jan 2008 23:05:48 -0000 Hi Andrew, On Wed, Jan 09, 2008 at 12:01:59PM +1100, Andrew Snow wrote: > I am running a hoster providing "VPS" using FreeBSD Jails on 6.2 > > FYI, I have patched my kernel in several places to make it work for me: > * jails have their own SYSV shared memory and semaphores > * per-jail number of processes limit > * jail ability to be bound to a given CPU core > * jails have a limited range of nice values (10 to -10) compared to the > host environment > > and last but not least: > * memory usage measurement and limiting. > > It is this last one that is causing me the most problems. I modified > obreak() to deny requests for more memory when memory limit is exceeded, and > that works OK. > > But measuring the jail memory usage in the first place is proving to be a > pain, and I wonder if you guys have any ideas. > > I am doing something similar to the Google SoC, by measuring the resident > page count of every VM map held by every process in the jail. > > This does not measure memory fairly - it counts shared memory too many > times. To see this in action, I can allocate a jail with 500mb memory limit > then try to start 10 or 20 large apache HTTPD processes. While using only a > small amount of actual system ram (under 100mb probably), it measures it to > be much larger. > > I am now looking at adding fields to VM memory maps and tagging them so I > can ensure I don't count them twice, but this is starting to get > non-trivial. > > Anyone else been able to solve this problem or have any better knowledge? Congratulations for your work. Any chance to disclose it? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-jail@FreeBSD.ORG Mon Jan 14 12:30:47 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EBE8816A419 for ; Mon, 14 Jan 2008 12:30:47 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [82.208.36.70]) by mx1.freebsd.org (Postfix) with ESMTP id BBE7613C467 for ; Mon, 14 Jan 2008 12:30:47 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 8554B19E02D; Mon, 14 Jan 2008 13:30:45 +0100 (CET) Received: from [192.168.1.2] (r3a200.net.upc.cz [213.220.192.200]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTP id D182719E023; Mon, 14 Jan 2008 13:30:38 +0100 (CET) Message-ID: <478B55F3.5080505@quip.cz> Date: Mon, 14 Jan 2008 13:30:43 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: Andrew Snow References: <47841D07.20902@modulus.org> In-Reply-To: <47841D07.20902@modulus.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: Jails as a VPS X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2008 12:30:48 -0000 Andrew Snow wrote: > > Hi Guys, > > I am running a hoster providing "VPS" using FreeBSD Jails on 6.2 > > FYI, I have patched my kernel in several places to make it work for me: > * jails have their own SYSV shared memory and semaphores > * per-jail number of processes limit > * jail ability to be bound to a given CPU core > * jails have a limited range of nice values (10 to -10) compared to the > host environment > > and last but not least: > * memory usage measurement and limiting. > > It is this last one that is causing me the most problems. I modified > obreak() to deny requests for more memory when memory limit is exceeded, > and that works OK. > > But measuring the jail memory usage in the first place is proving to be > a pain, and I wonder if you guys have any ideas. > > I am doing something similar to the Google SoC, by measuring the > resident page count of every VM map held by every process in the jail. > > This does not measure memory fairly - it counts shared memory too many > times. To see this in action, I can allocate a jail with 500mb memory > limit then try to start 10 or 20 large apache HTTPD processes. While > using only a small amount of actual system ram (under 100mb probably), > it measures it to be much larger. > > I am now looking at adding fields to VM memory maps and tagging them so > I can ensure I don't count them twice, but this is starting to get > non-trivial. > > Anyone else been able to solve this problem or have any better knowledge? It would be nice to have those features in base FreeBSD 6/7. Can I (we) hope you publish your work? Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Thu Jan 17 10:57:43 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AD6C16A46B for ; Thu, 17 Jan 2008 10:57:43 +0000 (UTC) (envelope-from Andre.olsson@c2solutions.se) Received: from mailrelay2.bredband.net (mailrelay2.bredband.net [195.54.107.70]) by mx1.freebsd.org (Postfix) with ESMTP id D656F13C447 for ; Thu, 17 Jan 2008 10:57:42 +0000 (UTC) (envelope-from Andre.olsson@c2solutions.se) Received: from mailrelay1.bredband.net (mailrelay1.bredband.net [195.54.107.83]) by mailrelay2.bredband.net (Postfix) with ESMTP id E74E420B252 for ; Thu, 17 Jan 2008 11:17:34 +0100 (CET) Received: from smtp.c2solutions.se (static-213-115-32-187.sme.bredbandsbolaget.se [213.115.32.187]) by mailrelay1.bredband.net (Postfix) with ESMTP id 5CBC5508009; Thu, 17 Jan 2008 11:27:40 +0100 (CET) MIME-Version: 1.0 Date: Thu, 17 Jan 2008 11:30:00 +0100 Message-ID: <560C0DF65A89F34DB1782E1B8890DDA656F5@ssp> Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Citrix client within jail Thread-Index: AchY8+oSHN4mJ/7gQBiUfXUV2Hpydw== From: =?iso-8859-1?Q?Andr=E9_Olsson?= To: Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: alexander@leidinger.net Subject: Citrix client within jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jan 2008 10:57:43 -0000 Hi we are trying to set up a client with FreeBSD 6.2-RELEASE as the host OS = and with two jails configured on it. Each jail is going to run a Citrix-client against two different = separated Citrix-systems. Since the user is going to work locally on the client we need it to be = possible to run both the X-server and the=20 X-application (citrix client) from within the same jail. We have the jails installed with Gnome and The citrix client.=20 I have read your earlier posts in a similar case and seen that its = possible to run a x-server in a jail=20 and connect to a x-application in another jail. Is it possible from within a jail to run both the X-server and the = X-application, and do a SSH-connect=20 against the jail-localhost to start the Citrix client, or will we get a = problem connecting the application to=20 a local Display? Our goal is to connect one jail1 to one Display and the jail2 to another = Display and for the User to to jump inbetween the citrix-sessions ( Ctrl-Alt- F3...Ctrl-Alt-F4). When starting X we get error:xf86OpenDisplay: No console driver found. * Section jail in host rc.conf: jail_enable=3D"YES" jail_interface=3D"bge0" jail_devfs_enable=3D"YES" jail_procfs_enable=3D"YES" jail_list=3D"myjail" jail_myjail_rootdir=3D"/usr/jail/myjail" jail_myjail_hostname=3D"myjail.example.com" jail_myjail_ip=3D"192.168.0.155" * Output of mount on host: devfs on /usr/jail/myjail/dev (devfs, local) procfs on /usr/jail/myjail/proc (procfs, local) =20 =20 * Output of ls in /dev on jail: fd null ptyp1 stderr stdout ttyp1 zero log ptyp0 random stdin ttyp0 urandom * Syntax to connect to jail from host: ssh -X -l root 192.168.0.155 * Output when starting X inside jail: Fatal server error: xf86OpenConsole: No console driver found Supported drivers: pccons (with X support), syscons, pcvt Check your kernel's console driver configuration and /dev entries * syntax to start xterm within jail ssh -f -X -T 192.168.0.155 xterm & " output from above syntax xterm Xt error: Cant open display: %s xterm: DISPLAY is not set We've never runned any X-applications within a jail before, only = bind,apache,mysql and such, but I hope=20 I've made my question understandable anyway:)=20 Maybe we are barkin up the wrong tree and there is an easier way to = connect 2 jails to 2 different local displays? Best regards Andr=E9 From owner-freebsd-jail@FreeBSD.ORG Thu Jan 17 13:08:08 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 175C716A420 for ; Thu, 17 Jan 2008 13:08:08 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id AD8F613C43E for ; Thu, 17 Jan 2008 13:08:07 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A5437D.dip.t-dialin.net [84.165.67.125]) by redbull.bpaserver.net (Postfix) with ESMTP id 703D92E0BC; Thu, 17 Jan 2008 14:07:54 +0100 (CET) Received: from webmail.leidinger.net (webmail.Leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id DBF618A79C; Thu, 17 Jan 2008 14:06:20 +0100 (CET) Received: (from www@localhost) by webmail.leidinger.net (8.14.2/8.13.8/Submit) id m0HD6Kos079209; Thu, 17 Jan 2008 14:06:20 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Thu, 17 Jan 2008 14:06:20 +0100 Message-ID: <20080117140620.d8rgqla11cocswow@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Thu, 17 Jan 2008 14:06:20 +0100 From: Alexander Leidinger To: =?utf-8?b?QW5kcsOp?= Olsson References: <560C0DF65A89F34DB1782E1B8890DDA656F5@ssp> In-Reply-To: <560C0DF65A89F34DB1782E1B8890DDA656F5@ssp> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.1.5) / FreeBSD-8.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-14, required 6, BAYES_00 -15.00, J_CHICKENPOX_46 0.60, MIME_8BIT_HEADER 0.30, RDNS_DYNAMIC 0.10) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: freebsd-jail@freebsd.org Subject: Re: Citrix client within jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jan 2008 13:08:08 -0000 Quoting Andr=C3=A9 Olsson (from Thu, 17 Jan = =20 2008 11:30:00 +0100): > Hi > > we are trying to set up a client with FreeBSD 6.2-RELEASE as the =20 > host OS and with two jails configured on it. > Each jail is going to run a Citrix-client against two different =20 > separated Citrix-systems. > > Since the user is going to work locally on the client we need it to =20 > be possible to run both the X-server and the > X-application (citrix client) from within the same jail. You need kernel patches to be able to run an X-server in a jail. The =20 trick is to allow access to /dev/mem (or some similar sensible device, =20 can't remember from the top of my head) even from a jail. Then you =20 need to add /dev/mem and some other devices to the jail (I use a =20 custom ruleset for devfs). I only have patches for 7.x or -current =20 (not online). > Our goal is to connect one jail1 to one Display and the jail2 to =20 > another Display and for the User to > to jump inbetween the citrix-sessions ( Ctrl-Alt- F3...Ctrl-Alt-F4). Because of the access to the /dev/mem, root of one jail can take over =20 the entire machine. Below I will propose something different. I don't know if it is possible to switch via Fx to different servers =20 (I never tried this). You can have two graphic cards (or one with two =20 outputs) in the machine and connect two screens (and optionally two =20 keyboards/mice) to it, and have them displayed at the same time. > * syntax to start xterm within jail > > ssh -f -X -T 192.168.0.155 xterm & > > " output from above syntax > xterm Xt error: Cant open display: %s > xterm: DISPLAY is not set If you want to have the xterm displayed on the system where you ssh =20 from, you need to check some things. Maybe the path to xauth is not =20 set correctly in sshd (the path changed with a recent ports tree). > We've never runned any X-applications within a jail before, only =20 > bind,apache,mysql and such, but I hope > I've made my question understandable anyway:) > Maybe we are barkin up the wrong tree and there is an easier way to =20 > connect 2 jails to 2 different > local displays? There are several. The following ones don't open up a side-channel =20 between jails which have /dev/mem accessible. You start the X-server(s) on the host (not in a jail), and in the =20 startup you connect to the jails via a passwordless ssh-key and let =20 the applications from the two jails display their stuff on the =20 X-server of the host. You start a vnc server in each jail and let the user connect to the =20 vnc server either from the host with one X server running on it =20 (alternatively you can connect to the vnc server from other machines). Bye, Alexander. --=20 The value of a program is proportional to the weight of its output. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137