[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SAGE] JAILS (Re: Respondents needed for article on sysadmin survival)

To: sage-members@sage.org
Subject: [SAGE] JAILS (Re: Respondents needed for article on sysadmin survival)
From: Chuck Yerkes <chuck+sage@snew.com>
Date: Thu, 15 Jan 2004 23:23:43 -0500
Reply-To: sage-members@usenix.org
Sender: owner-sage-members@usenix.org
User-Agent: Mutt/1.4i


Quoting Dustin Puryear (dpuryear@usa.net):
> > infrastructure out of it. I've been tempted for some time to use some of
> > my copious spare time to create a paper describing an idealized
> > environment modeled on the paper but tied to specific applications
> > running in a homogenous FreeBSD environment. The idea is that it would
> > be become more "concrete" for folks that haven't been already been
> > thinking about this topic.
> 
> I would be interested in such a discussion. I am currently working to use
> jails under FreeBSD to move my services at one client from being based on
> machines to just "running" on a machine. My goal is that any system that I
> need can be built using a set of scripts. (Nothing new to this crowd.) For
> example, currently I can build a complete mail system in a jail with spam
> filtering and AV on a host server using:

Sounds like a case for  vmware or other machine virtualization.
I played with and trained on Linux for S/390 and was not impressed
at the S/390 baggage that was hauled along (that 500GB raidbox?  It's
presented as 2.1GB DASD volumes cause that's what we did back in the
70s.  Now use LVM to paste a bunch together into a 50GB drive.  Ick).

But a compelling aspect was "gang of processors" and "blob of RAM"
and virtual machines which cannot touch each other.

Chroot jails are as old as the sun (as is breaking out of them).
Handy to slow generic errors, but a well planned attack with certain
classes of bugs won't stop much.

The vmware/lpar model puts a different kernel on it.

I'd love to see some kernel action that did do some true segmenting
on a single machine - efficiently and allowing shared readonly code
segments.


> # mount buildsys:/dsk/buildsys /buildsys
> # /buildsys/builds/mail/install.sh
> # umount /buildsys

Sounds like it could be run with depot or several other package
installers.

How does that differ from:
wget http://packageserver/sendmail.pkg
pkgadd -d ./sendmail.pkg
rm ./sendmail.pkg

> I then just run the jail.

Then I just start the app...

> If I need to later move that mail system to another server I can either
> rebuild the mail system using mail/install.sh or, better yet, just do:
> 
> # /usr/local/etc/rc.d/stopjails.sh
> # scp -rp /my/jails/mail.example.com newsvr:/my/jails/mail.example.com
> # ssh newsvr /usr/local/etc/rc.d/startjails.sh
> 
> This description is very simplified, but that's the general idea, and it
> works. With a combination of this and NFS I'm pretty much set.
> 
> My technique is in no way original. I would like to see how others do it.

nothing about what you call "jails" sounds different than any app/package,
but I assume you left out instance information.

Follow-Ups:
- Re: [SAGE] JAILS (Re: Respondents needed for article on sysadminsurvival)
  - From: Scott Burch <scott.burch@camberwind.com>
- RE: [SAGE] JAILS (Re: Respondents needed for article on sysadmin survival)
  - From: "Dustin Puryear" <dpuryear@usa.net>

Prev by Date: [SAGE] Storage Networking: a survey
Next by Date: Re: [SAGE] JAILS (Re: Respondents needed for article on sysadminsurvival)
Prev by thread: [SAGE] Storage Networking: a survey
Next by thread: Re: [SAGE] JAILS (Re: Respondents needed for article on sysadminsurvival)
Index(es):
- Date
- Thread