From owner-freebsd-jail@FreeBSD.ORG Sun Jan 24 18:24:27 2010 Return-Path: Delivered-To: jail@FreeBSD.org Received: from frankie.nitro.dk (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by hub.freebsd.org (Postfix) with ESMTP id 8724B1065670; Sun, 24 Jan 2010 18:24:26 +0000 (UTC) (envelope-from simon@nitro.dk) Received: by frankie.nitro.dk (Postfix, from userid 2000) id 0E095E04F1; Sun, 24 Jan 2010 19:24:26 +0100 (CET) Date: Sun, 24 Jan 2010 19:24:26 +0100 From: "Simon L. Nielsen" To: Alexander Leidinger Message-ID: <20100124182425.GC1314@frankie.nitro.dk> References: <20091207080353.66241t4vpmnmrilc@webmail.leidinger.net> <20100105112447.00005e71@unknown> <0f8c4a9c3740e2185582ef1c922835b3.squirrel@www.jr-hosting.nl> <20100114133516.21277ik0pthwdo0s@webmail.leidinger.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100114133516.21277ik0pthwdo0s@webmail.leidinger.net> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: jail@FreeBSD.org, Remko Lodder Subject: Re: starting jails in the background & dependencies X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jan 2010 18:24:27 -0000 B0;251;0cOn 2010.01.14 13:35:16 +0100, Alexander Leidinger wrote: > Quoting Remko Lodder (from Tue, 5 Jan 2010 > 11:35:48 +0100): > > > On Tue, January 5, 2010 11:24 am, Alexander Leidinger wrote: > >> On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger > >> wrote: > >> > >>> Hi, > >>> > >>> now that jails are started in the background (which is good, to > >> > >> I just realized yesterday that it also stops in parallel (in the > >> background). This is bad. It may be the case that a jail is not fully > >> stopped via the rc scripts when the OS decides to kill the remaining > >> processes during a shutdown. > >> > >> My first reaction is to only allow to start in the background, but > >> everything else needs to be serialized. > >> > >> Any objections or better ideas out there? > > > I think the best way at this moment is to revert the change ( I can do > > that , or someone else, I dont mind ) and think of a better concept. Simon > > also mentioned that he didn't like the current way of doing things, so I > > kept it in, for possible suggestions. Reverting the change would mean that > > the old behaviour at least works and is with what people are used to. We > > can then further improve it where needed. > > What about the following? Just have a look at the principle, I haven't > tested it yet. What it does is: > - revert back to serial startup by default > - allow to only start in the background (jail_parallel_start=YES) In some thread there was talk about parallel stop as well, but I must admit I never looked at it. > - take input from /dev/null: in case a start script inside the > jail wants to read from stdin (it shouldn't), it will not > switch the process into STOP state (but should generate some > message in the application log) This seems like a fine change - especially since the output from the actual jail is hidden. > Copy&paste, so maybe messed up tabs: The bottom part of rc.d/jail after the patch seems.... well, "messy" in lack of a better word, but since I can't come up with a better solution right now I think this patch should be committed, and then we can always improve the implementation later. Note that I haven't tsted it, but I don't see any errors in the patch. > ---snip--- > Index: share/man/man5/rc.conf.5 > =================================================================== > --- share/man/man5/rc.conf.5 (Revision 202277) > +++ share/man/man5/rc.conf.5 (Arbeitskopie) > @@ -24,7 +24,7 @@ > .\" > .\" $FreeBSD$ > .\" > -.Dd November 11, 2009 > +.Dd January 14, 2010 > .Dt RC.CONF 5 > .Os > .Sh NAME > @@ -3472,6 +3472,11 @@ > If set to > .Dq Li NO , > any configured jails will not be started. > +.It jail_parallel_start > +.Pq Vt bool > +If set to > +.Dq Li YES > +all configured jails will be started in the background (= in parallel). > .It Va jail_list > .Pq Vt str > A space separated list of names for jails. > Index: etc/rc.d/jail > =================================================================== > --- etc/rc.d/jail (Revision 202277) > +++ etc/rc.d/jail (Arbeitskopie) > @@ -636,7 +636,8 @@ > done > > eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \ > - \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 > + \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \ > + > if [ "$?" -eq 0 ] ; then > _jail_id=$(head -1 ${_tmp_jail}) > @@ -728,4 +729,19 @@ > if [ -n "$*" ]; then > jail_list="$*" > fi > -run_rc_command "${cmd}" & > + > +# Only allow the parallel start of jails, other commands are not > +# safe to execute in parallel. > +case "${cmd}" in > +*start) > + ;; > +*) > + jail_parallel_start=NO > +esac > + > +if checkyesno jail_parallel_start; then > + run_rc_command "${cmd}" & > +else > + run_rc_command "${cmd}" > +fi > + > Index: etc/defaults/rc.conf > =================================================================== > --- etc/defaults/rc.conf (Revision 202277) > +++ etc/defaults/rc.conf (Arbeitskopie) > @@ -630,6 +630,7 @@ > ### Jail Configuration ####################################### > ############################################################## > jail_enable="NO" # Set to NO to disable starting of any jails > +jail_parallel_start="NO" # Start jails in the background > jail_list="" # Space separated list of names of jails > jail_set_hostname_allow="YES" # Allow root user in a jail to change > its hostname > jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail > ---snip--- -- Simon L. Nielsen