rc.d/jail and jail.conf

Mon Apr 1 03:53:21 UTC 2013

On Sun, 31 Mar 2013 22:58:33 +0200, Dirk Engling wrote:
 > On 31.03.13 22:01, Miroslav Lachman wrote:
 > 
 > >> So I guess, I am out of luck here, because users used to think of their
 > >> jails as what they saw in the hostname field on jls. If I am writing
 > >> tools that use jail_getid to map the jailname to the jid, it will never
 > >> match that hostname and I also can not copy the hostname to the jailname.
 > > 
 > > I understand what you are talking about, but jails in these days are
 > > something different from what jails were at the begining in 4.x days and
 > > users must accept that jailname is something different than hostname.
 > 
 > > In these days, you can have jails with many IP addresses or without IP
 > > address. Hostname needn't to be unique etc.
 > >
 > > Dot (.) is not allowed in jailname because of hierarchical jails,
 > > where dot is used as hierarchy separator.
 > 
 > Humm, this seems a strange thing to answer to my question. Once you see
 > jails as virtual servers (which I understand is not the only way to do,
 > but the biased way I and most jail users I talk to happen to deploy them
 > in huge quantities), the natural approach to name them is via their
 > hostname. I find it hard to grasp to tell them "don't" ;)
 > 
 > And still I find the choice of '.' as a separator unfortunate, '/'
 > springs in mind, but there might have been reasons.

'/' would be just as problematic if you wanted to use jailnames as 
directories anywhere.  ':' maybe?  but likely too late for that ..

 > I also understand that the hostname is not an unique identifier anymore,
 > still for many (if not most) setups the mapping is bijective.
 > 
 > My problem now is that referring to a jail (in a sense of virtual host)
 > becomes unintuitive. I want to do stuff with my vhost "example.com" but
 > have to call it "example" or "example_com". Even worse with
 > "www.example.com" which now needs to be an ambigous "www" or some other
 > mapping of '.' to something else.
 >
 > If I want to write tools that accept intuitive jail identifiers, I would
 > have to implement heuristics that match the hostname once the identifier
 > contains '.' and I can't find a hierarchical jail with that name.

Consistent mapping of a fqdn's '.' to '_' might be more POSLA (slightly
less astonishment :) for these users?  Of course if they do want to use 
hierarchical jails they still need to know what '.' means and does, but 
then I guess people setting up and running jails-within-jails are going 
to need to have their heads screwed on pretty tightly anyway ..

 > > Plain jls without any options should be used just for backward
 > > compatibility with old scripts, because its output is insufficient for
 > > todays jails. (only one IP is shown and no jailname)
 > > 
 > > jls -v or jls -s is better with new jails.
 > 
 > Maybe it would be easier for me to understand if I knew, how those jails
 > "in these days" are supposed to work, what the overall vision is for
 > users to integrate them in their workflow. Besides a wish list that
 > doubles as todo list in
 > 
 >   https://wiki.freebsd.org/Jails
 > 
 > and an attempted handbook section rewrite, there seems to be little in
 > that regard. Maybe I just missed out on the discussions or could not
 > find the relevant documents?
 > 
 > Maybe meeting at a BSDcon over a beer would help ;)

Unlikely to hurt, anyway :)

cheers, Ian