sysvipc only for one jail
Alejandro Imass
aimass at yabarana.com
Tue Aug 13 16:42:09 UTC 2013
On Tue, Aug 13, 2013 at 12:14 AM, Shane Ambler <FreeBSD at shaneware.biz> wrote:
> On 12/08/2013 21:39, Trond Endrestøl wrote:
>>
>> On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote:
>
>
>>> And thus, it's not enabled as postgresql tells:
>>>
>>> creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL:
>>> could not create shared memory segment: Function not implemented
>>
>>
>> I'll look into this by creating a new jail for PostgreSQL 9.2 when I
>> get home.
>>
>
> While it is currently in beta maybe you could also try 9.3 and verify that
> the shared memory update works or eliminates this configuration?
>
No need for any complication. Pg will work just fine by following this
simple recipe. I compute a UID unique to the overall system by
concatenating 70 (the natural UID for the pgsql user user in FBSD) and
the last 3 digits of the Jails'IP, but you can come up with any
numbering scheme as long as it's consistent and easily associated to a
specific jail.
For example for the Pg running on jail 192.168.101.124, install
PostgreSQL and before doing anything else:
pw usermod pgsql -u 70124
pw groupmod pgsql -g 70124
pw usermod pgsql -g 70124
chown -R pgsql /usr/local/pgsql/
chgrp -R pgsql /usr/local/pgsql/
Any other application that uses SYSV IPC should follow a similar
recipe, and it's compatible with al versions of Jails.
And that's it. I have dozens of jails with Pg running this way.
Likewise also make sure all of your network daemons listen
_specifically_ to that jail's IP, in Pg that would be postgresql.conf:
listen_addresses = 'xxxxxx' although the default 'localhost' should
work most of the time. Always double check all daemons with sockstat
(e.g. sockstat -4l) to make sure they only listen on that jail's
IP(s).
Best,
--
Alejandro Imass
More information about the freebsd-questions
mailing list