Xen Dom0, are we making progress?
Nikolas Britton
nikolas.britton at gmail.com
Tue Mar 13 02:15:15 UTC 2007
On 3/12/07, Andras Gót <andrej at antiszoc.hu> wrote:
> Nikolas Britton wrote:
> > On 3/12/07, Ronald Klop <ronald-freebsd8 at klop.yi.org> wrote:
> >> On Mon, 12 Mar 2007 20:16:32 +0100, Nikolas Britton
> >> <nikolas.britton at gmail.com> wrote:
> >>
> >> > Is FreeBSD making any progress in Xen Dom0 / Intel VT support? I'd
> >> > really like to consolidate some underutilized FreeBSD servers. Are
> >> > their any alternative solutions that will enable me to do this kind of
> >> > stuff with FreeBSD, or would it be better to go with Solaris Dom0 +
> >> > FreeBSD DomU?
> >>
> >> http://docs.freebsd.org/44doc/papers/jail/jail.html
> >> google: jail freebsd
> >>
> >
> > Yes I'd like to know more about jails, is there a high level /
> > executive summary type document that I can read somewhere? From what I
> > remember jails are mostly designed to partition stuff... for security
> > reasons.
> >
> > What I'd really love to do is split up each service (httpd, postgres,
> > samba/nfs, ldap/nis, asterisk, etc.) into discrete virtual machines.
> > It's too much work trying to make them all play nice on one system,
> > especially during upgrades. As it is right now I don't upgrade any
> > services once a system is in production use.
> > _______________________________________________
> > freebsd-stable at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
> >
>
> Hi,
>
> For first read man jail. :) Apache, bind, mysql and postfix run fine in
> a jail. For postgres you've to turn on the jail.ipc.
> This is basicly not so bad, but definitely reduces security. For
> samba/nfs/ldap/nis and asterisk I don't have the experience, but if they
> not need ipc, they'll run fine out of the box. In jails I suggest that
> you mount your ports tree with some nullfs mount. With this you'll save
> some hd capacity. (The installed port list is in /var, not in
> /usr/ports.) In jails you can't do resource control, so keep that in mind.
>
Is their anyway to transfer jails on the fly between systems... For
example, say I wanted to transfer the http service to a more powerful
box because load was too high, can you do stuff like this?
More information about the freebsd-stable
mailing list