jail.conf & cpuset.id

Miroslav Lachman 000.fbsd at quip.cz
Mon Sep 2 23:25:37 UTC 2013 

Jamie Gritton wrote:

[...]

>>
>> Hi Jamie,
>> I tried your suggestion with exec_poststart for setting the cpuset.
>> It doesn't work. I don't know if it worked for you with any older
>> version of FreeBSD. I tried it on FreeBSD 9.1-RELESE.
>>
>> I have this in rc.conf
>>
>> jail_fox_exec_poststart0="cpuset -c -l 5-6 -j `cat /var/run/jail_fox.id`"
>>
>> With rc_debug="YES", I get this error
>>
>> # service jail start fox
>> cat: /var/run/jail_fox.id: No such file or directory
>> cat: /var/run/jail_fox.id: No such file or directory
>>
>> [snip]
>>
>> /etc/rc.d/jail: DEBUG: fox exec post-start #1: cpuset -c -l 5-6 -j
>>
>> [snip]
>>
>> fox.example.comcpuset: option requires an argument -- j
>> usage: cpuset [-l cpu-list] [-s setid] cmd ...
>> cpuset [-l cpu-list] [-s setid] -p pid
>> cpuset [-c] [-l cpu-list] -C -p pid
>> cpuset [-cr] [-l cpu-list] [-j jailid | -p pid | -t tid | -s
>> setid | -x irq]
>> cpuset [-cgir] [-j jailid | -p pid | -t tid | -s setid | -x irq]
>>
>>
>> I think the problem is, that the command is evaluated befor the jail is
>> started.
>>
>> Or am I doing something wrong?
>>
>> I also tried following with no luck:
>>
>> jail_fox_exec_poststart0="cpuset -c -l 5-6 -j `jls -j fox jid`"
>
> I'm not seeing /var/run/jail_*.id either, despite it being mentioned in
> /etc/rc.d/jail. The jls one works for me, but then I'm running current
> so maybe that's the difference.

I made a diff between rc.d/jail from HEAD, 8.4-RELEASE and 9.1-RELEASE 
and there is no changes in code for _exec_poststart.

I don't know how it is possible, that it works for you and doesn't for 
for me.

If I interpret it correctly, the following code in the begining of 
init_variables() does the eval on the command and backticks are executed 
at this time - before the jail is started.
Am I wrong?


	i=0
	while : ; do
		eval 
_exec_poststart${i}=\"\${jail_${_j}_exec_poststart${i}:-\${jail_exec_poststart${i}}}\"
		[ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break
		i=$((i + 1))
	done


Then there is code for debug printing only


	i=0
	while : ; do
		eval out=\"\${_exec_poststart${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec post-start #${i}: ${out}"
		i=$((i + 1))
	done


And in jail_start() there is jail command executions followed by 
execution of poststart commands, but at this time, the command is 
"cpuset -c -l 5-6 -j" and not "cpuset -c -l 5-6 -j `jls -j fox jid`"


		eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
			\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \
			</dev/null

			i=0
			while : ; do
				eval out=\"\${_exec_poststart${i}:-''}\"
				[ -z "$out" ] && break
				${out}
				i=$((i + 1))
			done


So how can it works for you? Is there any changes in "sh" with eval and 
backticks evaluation in HEAD?

 > If all else fails, you can hardcode the
 > jail number - that'll work as long as you only ever let the jails load
 > on startup.

Unluckily I need to restart some jails manually, so I think I cannot use 
hardcoded JID numbers :(

Thank you for your reply.

Miroslav Lachman

More information about the freebsd-jail mailing list