Jails V2, VIMAGE, and integration in the base system
devin.teske at fisglobal.com
Sat Feb 4 20:46:50 UTC 2012
On Feb 4, 2012, at 10:45 AM, Hugo Silva wrote:
> On 02/03/12 17:02, Devin Teske wrote:
>> Please give this a try:
> Is it safe to run in production (VIMAGE/vnets) ?
I can't speak to every application, release, or even purpose, but we've been using between 2 and 3 dozen vimages for various purposes without problem on 8.1-RELEASE-p6 (just haven't got around to updating to -p7 which is lated RELENG_8_1 security patch).
We've been running amd64 hosts with both amd64 and i386 jails. Doing compiler builds, using them as web servers, shell servers, bastion's, gateways, proxies (both shell and web), and even for running legacy releases of FreeBSD (running 4.11 i386 on an amd64 8.1 host).
So the VIMAGE/vnets support seems pretty stable in 8.1-RELEASE.
Oh, we did have to MFC SVN r207194 to fix a bug in sys/net/rtsock.c when running i386 route(8) in VIMAGE under amd64 host. Though you don't have to apply the patch, as the workaround was simple -- copy the host's amd64 route(8) over vimage's i386 one. That's really the only bug we ever hit, but your mileage may vary. We've been generally very happy with VIMAGE/vnets so far.
Now, with respect to the script being production ready, I'd say yes with one minor nit...
Unnecessarily starting/stopping vimages after boot is bad for two reasons:
1. In 8.1-RELEASE there's an necessary loss in VM pages everytime you remove a vimage jail with "jail -r" (this has been fixed in later releases).
2. The Ethernet HW address auto-calculations performed in my script are based on the order in which vimages are started and stopped. This is easily overcome by setting the HW address in the ifconfig_* line within rc.conf(5) (within the vimage rootdir).
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
More information about the freebsd-questions