Date: Wed, 21 Mar 2007 12:10:31 -0400 From: Bill Moran <wmoran@potentialtech.com> To: "Jonathan Horne" <freebsd@dfwlp.com> Cc: freebsd-questions@freebsd.org Subject: Re: started playing with jails Message-ID: <20070321121031.d95cadf6.wmoran@potentialtech.com> In-Reply-To: <10072.167.246.36.14.1174492472.squirrel@webmail.dfwlp.org> References: <42991.167.246.36.14.1174490156.squirrel@webmail.dfwlp.org> <4601501C.3060605@gmail.com> <10072.167.246.36.14.1174492472.squirrel@webmail.dfwlp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to "Jonathan Horne" <freebsd@dfwlp.com>: > > 4) what about kernel and system updates? i would assume that i would have to > manually update these jails when i buildworld and kernel for other systems as > well (ie, that updating the host would not also update the jails)? Yes, except this is another place where the ezjail port makes life a breeze. ezjail pretty much automates upgrading all your jails at once (except ports). > 5) how about memory? is it basically one giant shared pool of physical memory > between the host and guests? is there any sort of memory "target" that i should > try to meet in order to have my jails run the best the can (or a ratio of memory > to host/jails)? There's no hard and fast rule that I know of. The more stuff you run in each jail, the more each of those will require. If you run relatively lightweight jails, you don't need as much. I've documented some of the stuff I learned here: http://people.collaborativefusion.com/~wmoran/howtos/sshdinjail.html It only describes creating a lightweight jail for sshd, but you can follow a similar process for httpd, or an email server, or whatever. Saves a LOT of memory and process space. Also, ezjail saves a LOT of disk space as you create more and more jails as it uses nullfs mounts to duplicate the base install instead of copying it. > finally, i suppose the best configuration might be to have my host just a > minimal install (avoiding anything that i dont need to function), and have my > jails set up as my service-providing hosts? and are there any services that > just dont work well in a jail (i think i can see NFS being one). Mostly. We run hardware-related stuff on the host system (i.e. snmpd) as well as some universal services (A DNS cache, sendmail). I've had trouble getting programs that use shared memory (such as Postgres) to run inside a jail, but it's been a while since I've tried. -- Bill Moran http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070321121031.d95cadf6.wmoran>