VIMAGE and jail.

[Nikos Vassiliadis]

Eirik Øverby wrote:
> On 2. okt. 2010, at 15:12, Nikos Vassiliadis <nvass9573 at gmx.com> wrote:
> 
>> Peter Ankerstål wrote:
>>> On 2 okt 2010, at 15.06, Nikos Vassiliadis wrote:
>>>> Peter Ankerstål wrote:
>>>>> Anyone here used the VIMAGE together with jail?
>>>> Is this some kind of poll?:)
>>>>
>>>> I have used VIMAGE and jail.
>>>>
>>>> Nikos
>>>>
>>>>
>>> Haha, sorry. Just wanted some pointers.
>> do ask...
> 
> Then I'd much appreciate some pointers to info about the vimage stuff, availability (8.x?), stability, real-world experiences and tales from the crypt..
> 
> In short: why do I want the visage stuff and what can it do for me? 

It appeared in its current form during the 7 branch and it was added
in the official source tree during the development of the 8 branch.
The concept is much older and there was a prototype based on the 4 branch.

I think that the VIMAGE code in branch 9 is more or less in-sync with the
VIMAGE code in the 8 branch.

I use it regularly in a lab environment. The only problem I am seeing
regularly(when a vnet is destroyed) is this message:
 > Freed UMA keg was not empty (203 items).  Lost 1 pages of memory.
 > Freed UMA keg was not empty (36 items).  Lost 2 pages of memory.

I don't remember having any panics out of the blue since a long time.
Do note that VIMAGE option is an experimental feature.

Don't have any tale from the crypt. I *believe* that it can handle 
real-world traffic without problems. But... not all network related
things work along with option VIMAGE and that may annoy you(or not).
Among the things that are virtualized and work, are:
inet, inet6, netgraph, ipsec, ipfw

Among the popular things that don't work is pf. Keep in mind that
VIMAGE is under development and things may change soon...

The above lists are not exhaustive by far, there are other things
that work and other that don't.

A 2 cents of worth opinion is that I would use VIMAGE on a jailed server
and still be able to sleep peacefully.

HTH, Nikos