started playing with jails

Jonathan Horne freebsd at dfwlp.com
Wed Mar 21 15:54:39 UTC 2007 

> Jonathan Horne wrote:
>> i started playing with jails today, and after following and re-following the
>> man
>> page and the freebsddiary article a few times, i finally got it to work!  i
>> have
>> one jail that starts on startup, and actually the hump i was getting over was
>> getting the jail to actually kick off the sshd daemon.  all that is working,
>> and
>> i can reboot my host, and then log into the jail that auto-starts via ssh.
>>
>> a couple of general questions that i cannot find the answers to:
>
> First let me say that you may be interested in sysutils/ezjail which
> takes care of creating and managing of multiple jails.
>
> Have a look at http://erdgeist.org/arts/software/ezjail/
>
>> 1) if i want more than one jail, what is the proper syntax in the host's
>> /etc/rc.conf file for the jail_list="jailed" statement?  multiple jail_list
>> lines, or a single line that specifies more than one jail?
>
> $ grep "jail_list=" /etc/defaults/rc.conf
> jail_list=""            # Space separated list of names of jails
>
>> 2) what happens to a jail when i 'shutdown -p now' on the host?  what caveats
>> do
>> i need to watch for when rebooting or shutting down the host?
>
> I use multiple jails (max 3 per host) and never had any problems with
> that. I use ezjail, so jails are started/stopped by rc.d script. You may
> wait for more technical answer for that, though.
>
>> 3) i would like to build some ports in my jailed process, but for my
>> environment, this requires mounting the export from my main box on my network.
>> so far, i am not able to mount a NFS share to /usr/ports (mount_nfs:
>> /usr/ports:
>> Operation not permitted).
>
> I'm not really experienced with NFS but how about mounting NFS share in
> /usr/ports on host system and then using mount_nullfs to mount that into
> jails? Just like ezjail uses mount_nullfs to mount host's /usr/ports
> into jails.
>
> HTH,
>
> Karol
>
> --
> Karol Kwiatkowski   <karol.kwiat at gmail dot com>
> OpenPGP 0x06E09309
>
>

ah thank you bill and karol.  the mount_nullfs did work for mounting my ports,
and away it goes!  ill take a look at ezjail too, that sounds like a neat tool.

ok, here are a couple other questions:

4) what about kernel and system updates?  i would assume that i would have to
manually update these jails when i buildworld and kernel for other systems as
well (ie, that updating the host would not also update the jails)?

5) how about memory?  is it basically one giant shared pool of physical memory
between the host and guests?  is there any sort of memory "target" that i should
try to meet in order to have my jails run the best the can (or a ratio of memory
to host/jails)?

finally, i suppose the best configuration might be to have my host just a
minimal install (avoiding anything that i dont need to function), and have my
jails set up as my service-providing hosts?  and are there any services that
just dont work well in a jail (i think i can see NFS being one).

thanks all,
jonathan

More information about the freebsd-questions mailing list