How to define the order of starting jails?

Sun Dec 20 23:02:49 UTC 2015

On Sun, 20 Dec 2015, dweimer wrote:

> On 2015-12-20 1:25 pm, Michael B. Eichorn wrote:
>> On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote:
>>> Hi —
>>> 
>>> [Background: I wish to run (some of my) ezjail-made jails and VNET
>>> which cannot be done by ezjail, natively.]
>>> 
>>> But I found a way to mix both ezjail and basic jail(8) functionality.
>>> It's quite easy to fire up ezjail-made jails defined in jail.conf by
>>> jail. And, now I can apply VNET to those jails I do wish to run their
>>> own network stacks. That's all working well.
>>> 
>>> But I am bit stuck in finding a way to start my jails in a pre-
>>> defined order (e.g. first DNS, then mail, …). Well, I can achieve
>>> that during boot time by using jail_list="dns mail …" in rc.conf.
>>> But, this is respected during boot time, *only*. Whenever I do run a
>>> "jail -rc '*'" that shutdown and starting order becomes arbitrary. It
>>> doesn't follow the sequence of my jail definitions in jail.conf,
>>> either. I thoroughly checked the jail.conf(5) man page for a
>>> functionality that would allow me to define a startup/shutdown
>>> sequence, but I couldn't find it.
>>> 
>>> Thus, I might have overlooked it, is there a way to achieve my goal
>>> using jail and jail.conf?
>>> Or something else?
>>> 
>>> Thanks and regards,
>>> Michael
>> 
>> jail(8)'s '*' operates on everything without concern for rc.conf, as
>> such jail_list is not respected. Perhaps try something tied to the rc.d
>> system. Does `service jail restart` do what you are looking for?
>> 
>> Otherwise I would just go with simple restart script such as:
>> #!/bin/sh
>> set -e
>> jail -r '*'
>> jail -c dns
>> jail -c mail
>
> You can also define a jail dependency to make sure a jail starts before 
> another one
>
> dns {
>  ...
> }
> mail {
>  ...
>  depend = "dns"
> }

I submitted an ezjail patch last year to be able to start a jail very 
early.  This is useful for me because that lets the DNS jail start early 
enough that the ezjail host can use it as a DNS server.

An update to ezjail came out a few weeks back, but did not include it.