Re: epair and vnet jail loose connection.
- In reply to: Johan Hendriks : "Re: epair and vnet jail loose connection."
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 12 Mar 2022 20:00:13 UTC
Hi Johan,
I created a setup similar to yours - so it's based on your config
files, but I had to tweak a few things to make it work.
Basically this what it looks like:
Host: Bare metal
Runs bhyve, bridge has 10.1.1.1, does NAT to the world
Bhyve VM runs 14-CURRENT (latest snapshot and has).
vtnet0
- 10.1.1.16/24
- 10.1.1.17/32
bridge0:
- ip: 10.233.185.1/24
- members: epair18a, epair20a
jails:
- haproxy.test.nl
ip: 10.233.185.20
haproxy: listens on 443 (alpn h2,http/1.1 tls), backend to
10.233.185.18 port 80
binat: 10.1.1.16
- web01.test.nl
ip: 10.233.185.18
nginx: listens on 80 and serves the static page from your example
binat: 10.1.1.17
Runing hey on this setup from the bare metal host that hosts the bhyve
vm works ok:
# hey -h2 -n 10 -c 10 -z 300s https://10.1.1.16
Summary:
Total: 300.0030 secs
Slowest: 5.0101 secs
Fastest: 0.0013 secs
Average: 0.0039 secs
Requests/sec: 2582.7142
Total data: 110024724 bytes
On Sat, 12 Mar 2022 15:18:38 +0100
Johan Hendriks <joh.hendriks@gmail.com> wrote:
> ....
> mount.devfs;
> sysvshm="new";
> sysvsem="new";
> allow.raw_sockets;
> allow.set_hostname = 0;
> allow.sysvipc;
> enforce_statfs = "2";
> devfs_ruleset = "11";
What is in devfs_ruleset 11? (it's not a standard one), I used "4" in
my tests.
>
> path = "/storage/jails/${name}";
> host.hostname = "${name}.${domain}";
>
>
> web01 {
> $ip = 18;
> }
I changed web01 to be the same setup as haproxy (that is, a full jail
based in /storage/jails/${name}), as I didn't really know how it worked
in your setup.
>
> haproxy {
> $ip = 20;
> mount.fstab = "";
> path = "/storage/jails/${name}";
> }
Best
Michael
--
Michael Gmelin