Date: Sat, 4 Feb 2012 12:46:45 -0800 From: Devin Teske <devin.teske@fisglobal.com> To: Hugo Silva <hugo@barafranca.com> Cc: freebsd-questions@freebsd.org Subject: Re: Jails V2, VIMAGE, and integration in the base system Message-ID: <92029D20-0433-4B95-BA0B-D4C0F40DD035@fisglobal.com> In-Reply-To: <4F2D7CB5.9040303@barafranca.com> References: <4F2C086B.9040307@barafranca.com> <040601cce295$ad453460$07cf9d20$@fisglobal.com> <4F2D7CB5.9040303@barafranca.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 4, 2012, at 10:45 AM, Hugo Silva wrote: > On 02/03/12 17:02, Devin Teske wrote: >> Please give this a try: >>=20 >> http://druidbsd.sf.net/vimage.shtml >> http://druidbsd.sf.net/download.shtml >>=20 >=20 > Hi, >=20 > Interesting. >=20 > Is it safe to run in production (VIMAGE/vnets) ? I can't speak to every application, release, or even purpose, but we've bee= n using between 2 and 3 dozen vimages for various purposes without problem = on 8.1-RELEASE-p6 (just haven't got around to updating to -p7 which is late= d RELENG_8_1 security patch). We've been running amd64 hosts with both amd64 and i386 jails. Doing compil= er builds, using them as web servers, shell servers, bastion's, gateways, p= roxies (both shell and web), and even for running legacy releases of FreeBS= D (running 4.11 i386 on an amd64 8.1 host). So the VIMAGE/vnets support seems pretty stable in 8.1-RELEASE. Oh, we did have to MFC SVN r207194 to fix a bug in sys/net/rtsock.c when ru= nning i386 route(8) in VIMAGE under amd64 host. Though you don't have to ap= ply the patch, as the workaround was simple -- copy the host's amd64 route(= 8) over vimage's i386 one. That's really the only bug we ever hit, but your= mileage may vary. We've been generally very happy with VIMAGE/vnets so far. Now, with respect to the script being production ready, I'd say yes with on= e minor nit... Unnecessarily starting/stopping vimages after boot is bad for two reasons: 1. In 8.1-RELEASE there's an necessary loss in VM pages everytime you remov= e a vimage jail with "jail -r" (this has been fixed in later releases). 2. The Ethernet HW address auto-calculations performed in my script are bas= ed on the order in which vimages are started and stopped. This is easily ov= ercome by setting the HW address in the ifconfig_* line within rc.conf(5) (= within the vimage rootdir). --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?92029D20-0433-4B95-BA0B-D4C0F40DD035>