misc/146053: shutdown of jails breaks intra-jail dependencies

Mon Apr 26 06:10:01 UTC 2010

>Number:         146053
>Category:       misc
>Synopsis:       shutdown of jails breaks intra-jail dependencies
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 26 06:10:00 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Chad Milios
>Release:        7.3-RELEASE
>Organization:
Crop Circle Systems
>Environment:
FreeBSD sensei.ccsys.org 7.3-RELEASE FreeBSD 7.3-RELEASE #2: Sun Apr 11 14:55:27 UTC 2010     root at sarge.ccsys.org:/usr/obj/usr/src/sys/IPSEC  amd64
>Description:
jails shutdown in the same order they are started. this makes it impossible to have one jail depend on any of the services of another. (for instance, my first jail to start up provides a caching dns resolver that the other jails use) as implemented currently, that jail shuts down first, causing other jails to loose their ability to look up names. if any other jail needs that functionality (or anything provided by an earlier-started jail for that matter) in order to shut down gracefully, it will timeout and often timeout rc.shutdown as well.
>How-To-Repeat:
create a couple jails. boot multi-user, then shutdown. note the order.
>Fix:
add boolean rc.conf variable jail_reverse_shutdown. reverse jail_list when doing jail_stop in rc.d/jail if it is set to yes. i would argue that the default should be enabled (a la: rcorder in rc.shutdown) but to preserve existing behavior it probably ought to be off by default.

i have been using this small straightforward patch in production for years, and been meaning to kick it upstream for a long time. please get this into 7.4 and 8.1. (if not 7.3-STABLE or 7.3-RELEASE-p?)

Patch attached with submission follows:

diff -rNU3 ../src.dist/etc/defaults/rc.conf ./etc/defaults/rc.conf

--- ../src.dist/etc/defaults/rc.conf	2010-02-10 00:26:20.000000000 +0000
+++ ./etc/defaults/rc.conf	2010-04-25 21:20:23.000000000 +0000
@@ -621,6 +621,7 @@
 jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname
 jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail
 jail_sysvipc_allow="NO"	# Allow SystemV IPC use from within a jail
+jail_reverse_shutdown="NO"	# Shutdown jails in reverse order
 
 #
 # To use rc's built-in jail infrastructure create entries for
diff -rNU3 ../src.dist/etc/rc.d/jail ./etc/rc.d/jail
--- ../src.dist/etc/rc.d/jail	2010-02-10 00:26:20.000000000 +0000
+++ ./etc/rc.d/jail	2010-04-25 21:20:23.000000000 +0000
@@ -679,6 +679,9 @@
 jail_stop()
 {
 	echo -n 'Stopping jails:'
+	if checkyesno jail_reverse_shutdown; then
+		jail_list=`reverse_list $jail_list`
+	fi
 	for _jail in ${jail_list}
 	do
 		if [ -f "/var/run/jail_${_jail}.id" ]; then


>Release-Note:
>Audit-Trail:
>Unformatted:
