deploy multiple vnets with VIMAGE/VNET + Production Ready?
Lars Engels
lars.engels at 0x20.net
Tue May 31 06:39:37 UTC 2016
On Mon, May 30, 2016 at 09:40:42AM -0400, Ernie Luzar wrote:
> Here are the bare truths without any sugar coating.
> Vimage is officially described as experimental. You have to recompile
> the kernel to included vimage. Enabling pf or ipf firewalls cause the
> host to crash. ipfw firewall does not cause a crash but has next to no
> real life usage on vimage. When stopping vimage jails there is a problem
> with memory loss. You need a high proficiency in coding netgraph which
> is used to tie the hosts network to each vimage jail. Needs a public
> network with multiple static ip address & registered domain names even
> to test it.
>
> A few brave soles have accepted these short comings and have deployed
> vimage in a production environment with good results so they say, or at
> best they have not reported any problems. I guess it all depends of what
> your shop defines "production ready" as. At my shop vimage is NOT
> considered something management is willing to base the business on.
> Maybe your shop is different.
>
> There are a few write ups about how to configure vet/vimage jails, but
> their out of date. IE: 8.x & 9.x releases which are at EOL [end of life,
> unsupported]. The current production version of Freebsd is at 10.3 with
> 11.0 due out in August. Only know of one utility jail tool that has
> vnet/vimage function. Try the qjail port, it will shorten your learning
> curve.
sysutils/iocage also supports VIMAGE
>
> Now there is a guy who is patching vimage trying to get it so it can be
> incorporated into the base kernel. His goal was to get it into release
> 11.0, but updates to 11.0 source are now suspended until 11.0 is
> published so thats not going to happen. They sure would not incorporate
> viamge without a general announcement calling for users to test drive it
> first. This has not happened yet that I know of.
You seem to forget that there have been fixes already in HEAD:
http://freshbsd.org/search?branch=HEAD&project=freebsd&q=vimage+OR+vnet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 603 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20160531/873fba86/attachment.sig>
More information about the freebsd-jail
mailing list