Date: Sat, 9 Feb 2013 23:12:13 +0000 From: "Teske, Devin" <Devin.Teske@fisglobal.com> To: Fbsd8 <fbsd8@a1poweruser.com>, Nikos Vassiliadis <nvass@gmx.com> Cc: FreeBSD questions <questions@freebsd.org> Subject: RE: vnet without epair Message-ID: <13CA24D6AB415D428143D44749F57D7201EA6A3F@ltcfiswmsgmb21> In-Reply-To: <5116A452.6030104@a1poweruser.com> References: <511671FA.3050801@a1poweruser.com> <511680AD.1040209@gmx.com>,<5116A452.6030104@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 9 Feb 2013, Fbsd8 wrote: > Nikos Vassiliadis wrote: > > On 2/9/2013 5:57 PM, Fbsd8 wrote: > >> Has any one been able to get RELEASE 9.1 to enable jail vnet without > >> having to use epair? > > > > Yes, you can use vnet-enabled jails with several types of interfaces. > > Physical ones like em0 etc, virtual ones like vlan0 etc, netgraph > > ethernet-like interfaces like ngeth etc and if_epair interfaces. > > What all these have in common is that they all are ethernet-like. > > > > You don't mention what kind of use and more or less most interfaces > > are usable in a vnet jail. Could you share more on what you are > > trying to achieve? > > > > Nikos > > > > >=20 >=20 > Thanks for your reply and interest. >=20 > What I am doing is writing documentation that describes the new 9.1 jail > extensions for jail.conf and the rc.conf jail statements. I am going to > submit changes to /etc/defaults/rc.conf and as long as I was on the jail > subject thought I may as well include vnet because it was missing from > /etc/defaults/rc.conf. Thanks for taking this on. > I did google search and could only find 9.0 vnet jails using epair. I'm surprised you didn't find my own page on vnet jails using netgraph: http://druidbsd.sf.net/vimage.shtml What I did was dup' the old rc.d/jail script one day and modify it to suppo= rt vnet jails (read: it doesn't use jail.conf it uses the "old" style of rc= .conf(5) parameters) with the built-in ability to do bridging with netgraph= (if you enable the right kernel options and/or have the right modules load= ed). It also supports shoving any whole interfaces into the vnet jails (be = they real or pseudo interfaces, the only restriction is that it has to be a= valid parameter in "ifconfig <interface> vnet <jail_id>". ASIDE: The nice thing about using netgraph to do the bridging on the back-e= nd is that "ngctl dot | dot -Tsvg -o netgraph.svg" creates nice pictures of= your network layout (aside from being very versatile). > It was my understanding that epair was not necessary > to use vnet and thanks to you, you confirmed it. >=20 > As part of this self-appointed project I plan to also update "man jail" > and the handbook jail section which is really way out of date. I plan to > include vnet in all aspects of this project. I must point out this is > not just a writing project. I have been using rc.conf jail statements to > configure jails for some time now, I hope you'll look at my vimage package (we've been using it for a little o= ver 12 months now). $work has been very happy with it to say the least. > and have a test bed to test things I > write about so I can verify what I write is true and valid. I am working > with the author of the jail environment and already have discovered bugs > which are being addressed. I have never played with vimage as it's > labeled as experimental because it is not scp aware. I think you mean it conflicts with SCTP (network protocol like UDP and TCP). > IE: can not use more than a single cpu. I'm not so sure about that. > One of the 9.1 jail extensions deals with being able to use quotas > inside of jails. I am excited to begin testing this new function. Very cool -- looking forward to reading updates on that. > During my jail research I have come across posts where people have to > use a kernel patch to get xorg desktops to work inside of a jail. I have > a separate post to questions list trying to mine some info on that subjec= t. Excellent! > I am always open to input. If you have the background to support my > efforts in this project its welcomed. Yeah, we use vimages a lot at $work. For example, just yesterday, I had a n= eed to move a machine into the server room but it wasn't in a rack-mountabl= e case -- so I rsync'd the OS (minus /dev and /proc of course) to a directo= ry on the vimage server, spent a minute or two copy/pasting in /etc/rc.conf= , changing a couple values (like which em* interface to bridge to), and the= n I said "service vimage start [thename]" obsoleting the once-physical mach= ine for a new vimage. In this case, the server needed to run samba on a private network. Worked g= reat. Freed up some workstation hardware for an actual workstation and a se= rver that should have been in the rack is now running on server equipment a= s it should. It was a win for everybody and it took less than an hour (incl= uding the time to rsync). Now only if I could find a graceful solution to rsync dying with out of mem= ory errors on massive amounts of files and/or hard-links (rsync-3.0.7), I'd= be all set! --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13CA24D6AB415D428143D44749F57D7201EA6A3F>