Editing
VPS Management
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Starting jails: Quad/Safe Files == FreeBSD customer systems do not start up automatically at boot time. When one of our freebsd machines boots up, it boots up, and does nothing else. To start jails, we put the commands to start each jail into a shell script(s) and run the script(s). Jail startup is something that needs to be actively monitored, which is why we don’t just run the script automatically. More on monitoring later. NOTE: >=7.x we have moved to 1 quad file: <tt>quad1</tt>. Startups are not done by running each quad, but rather [[#startalljails|startalljails]] which relies on the contents of <tt>quad1</tt>. The specifics of this are lower in this article. What follows here applies for pre 7.x systems. There are eight files in <tt>/usr/local/jail/rc.d</tt>: <pre>jail3# ls /usr/local/jail/rc.d/ quad1 quad2 quad3 quad4 safe1 safe2 safe3 safe4 jail3#</pre> four quad files and four safe files. Each file contains an even number of system startup blocks (total number of jails divided by 4) The reason for this is, if we make one large script to startup all the systems at boot time, it will take too long - the first system in the script will start up right after system boot, which is great, but the last system may not start for another 20 minutes. Since there is no way to parralelize this during the startup procedure, we simply open four terminals (in screen window 9) and run each script, one in each terminal. This way they all run simultaneously, and the very last system in each startup script gets started in 1/4th the time it would if there was one large file The files are generally organized so that quad/safe 1&2 have only jails from disk 1, and quad/safe 3&4 have jails from disk 2. This helps ensure that only 2 fscks on any disk are going on at once. Further, they are balanced so that all quad/safe’s finish executing around the same time. We do this by making sure each quad/safe has a similar number of jails and represents a similar number of inodes (see js). The other, very important reason we do it this way, and this is the reason there are quad files and safe files, is that in the event of a system crash, every single vn-backed filesystem that was mounted at the time of system crash needs to be fsck'd. However, fsck'ing takes time, so if we shut the system down gracefully, we don't want to fsck. Therefore, we have two sets of scripts - the four quad scripts are identical to the four safe scripts except for the fact that the quad scripts contain fsck commands for each filesystem. So, if you shut a system down gracefully, start four terminals and run safe1 in window one, and safe2 in window 2, and so on. If you crash, start four terminals (or go to screen window 9) and run quad1 in window one, and quad2 in window 2, and so on. Here is a snip of (a 4.x version) quad2 from jail17: <pre>vnconfig /dev/vn16 /mnt/data2/69.55.228.7-col00820 fsck -y /dev/vn16 mount /dev/vn16c /mnt/data2/69.55.228.7-col00820-DIR chmod 0666 /mnt/data2/69.55.228.7-col00820-DIR/dev/null jail /mnt/data2/69.55.228.7-col00820-DIR mail1.phimail.com 69.55.228.7 /bin/sh /etc/rc # moved to data2 col00368 #vnconfig /dev/vn28 /mnt/data2/69.55.236.132-col00368 #fsck -y /dev/vn28 #mount /dev/vn28c /mnt/data2/69.55.236.132-col00368-DIR #chmod 0666 /mnt/data2/69.55.236.132-col00368-DIR/dev/null #jail /mnt/data2/69.55.236.132-col00368-DIR limehouse.org 69.55.236.132 /bin/sh /etc/rc echo ‘### NOTE ### ^C @ Local package initialization: pgsqlmesg: /dev/ttyp1: Operation not permitted’ vnconfig /dev/vn22 /mnt/data2/69.55.228.13-col01063 fsck -y /dev/vn22 mount /dev/vn22c /mnt/data2/69.55.228.13-col01063-DIR chmod 0666 /mnt/data2/69.55.228.13-col01063-DIR/dev/null jail /mnt/data2/69.55.228.13-col01063-DIR www.widestream.com.au 69.55.228.13 /bin/sh /etc/rc # cancelled col00106 #vnconfig /dev/vn15 /mnt/data2/69.55.238.5-col00106 #fsck -y /dev/vn15 #mount /dev/vn15c /mnt/data2/69.55.238.5-col00106-DIR #chmod 0666 /mnt/data2/69.55.238.5-col00106-DIR/dev/null #jail /mnt/data2/69.55.238.5-col00106-DIR mail.azebu.net 69.55.238.5 /bin/sh /etc/rc</pre> As you can see, two of the systems specified are commented out - presumably those customers cancelled, or were moved to new servers. As you can see, the vnconfig line is the simpler command line, not the longer one that was used when it was first configured. As you can see, all that is done is, vnconfig the filesystem, then fsck it, then mount it. The fourth command is the `jail` command used to start the system – but that will be covered later. Here is the safe2 file from jail17: <pre>vnconfig /dev/vn16 /mnt/data2/69.55.228.7-col00820 mount /dev/vn16c /mnt/data2/69.55.228.7-col00820-DIR chmod 0666 /mnt/data2/69.55.228.7-col00820-DIR/dev/null jail /mnt/data2/69.55.228.7-col00820-DIR mail1.phimail.com 69.55.228.7 /bin/sh /etc/rc # moved to data2 col00368 #vnconfig /dev/vn28 /mnt/data2/69.55.236.132-col00368 #mount /dev/vn28c /mnt/data2/69.55.236.132-col00368-DIR #chmod 0666 /mnt/data2/69.55.236.132-col00368-DIR/dev/null #jail /mnt/data2/69.55.236.132-col00368-DIR limehouse.org 69.55.236.132 /bin/sh /etc/rc echo ‘### NOTE ### ^C @ Local package initialization: pgsqlmesg: /dev/ttyp1: Operation not permitted’ vnconfig /dev/vn22 /mnt/data2/69.55.228.13-col01063 mount /dev/vn22c /mnt/data2/69.55.228.13-col01063-DIR chmod 0666 /mnt/data2/69.55.228.13-col01063-DIR/dev/null jail /mnt/data2/69.55.228.13-col01063-DIR www.widestream.com.au 69.55.228.13 /bin/sh /etc/rc # cancelled col00106 #vnconfig /dev/vn15 /mnt/data2/69.55.238.5-col00106 #mount /dev/vn15c /mnt/data2/69.55.238.5-col00106-DIR #chmod 0666 /mnt/data2/69.55.238.5-col00106-DIR/dev/null #jail /mnt/data2/69.55.238.5-col00106-DIR mail.azebu.net 69.55.238.5 /bin/sh /etc/rc</pre> As you can see, it is exactly the same, but it does not have the fsck lines. Take a look at the last entry - note that the file is named: /mnt/data2/69.55.238.5-col00106 and the mount point is named: /mnt/data2/69.55.238.5-col00106-DIR This is the general format on all the FreeBSD systems. The file is always named: IP-custnumber and the directory is named: IP-custnumber-DIR If you run safe when you need a fsck, the mount will fail and jail will fail: # mount /dev/vn1c /mnt/data2/jails/65.248.2.131-ns1.kozubik.com-DIR mount: /dev/vn1c: Operation not permitted No reboot needed, just run the quad script Starting with 6.x jails, we added block delimiters to the quad/safe files, the block looks like: <pre>echo '## begin ##: nuie.solaris.mu' fsck -y /dev/concat/v30v31a mount /dev/concat/v30v31a /mnt/data1/69.55.228.218-col01441-DIR mount_devfs devfs /mnt/data1/69.55.228.218-col01441-DIR/dev devfs -m /mnt/data1/69.55.228.218-col01441-DIR/dev rule -s 3 applyset jail /mnt/data1/69.55.228.218-col01441-DIR nuie.solaris.mu 69.55.228.218 /bin/sh /etc/rc echo '## end ##: nuie.solaris.mu'</pre> These are more than just informative when running quad/safe’s, the echo lines MUST be present for certain tools to work properly. So it’s important that any updates to the hostname also be updated on the 2 echo lines. For example, if you try to startjail a jail with a hostname which is on the jail line but not the echo lines, the command will return with host not found. === FreeBSD 7.x+ notes === Starting with the release of FreeBSD 7.x, we are doing jail startups in a slightly different way. First, thereis only 1 file: <tt>/usr/local/jail/rc.d/quad1</tt> There are no other quads or corresponding safe files. The reason for this is twofold, 1. We can pass –C to fsck which will tell is to skip the fsck if the fs is clean (no more need for safe files), 2. We have a new startup script which can be launched multiple times, running in parallel to start jails, where quad1 is the master jail file. Quad1 could still be run as a shell script, but it would take a very long time for it to run completely so it’s not advisable; or you should break it down into smaller chunks (like quad1, quad2, quad3, etc) Here is a snip of (a 7.x version) quad1 from jail2: <pre>echo '## begin ##: projects.tw.com' mdconfig -a -t vnode -f /mnt/data1/69.55.230.46-col01213 -u 50 fsck -Cy /dev/md50c mount /dev/md50c /mnt/data1/69.55.230.46-col01213-DIR mount -t devfs devfs /mnt/data1/69.55.230.46-col01213-DIR/dev devfs -m /mnt/data1/69.55.230.46-col01213-DIR/dev rule -s 3 applyset jail /mnt/data1/69.55.230.46-col01213-DIR projects.tw.com 69.55.230.46 /bin/sh /etc/rc echo '## end ##: projects.tw.com'</pre> Cancelled jails are no longer commented out and stored in quad1, rather they’re moved to <tt>/usr/local/jail/rc.d/deprecated</tt> To start these jails, start the 4 ssh sessions as you would for a normal crash and then instead of running quad1-4, instead run startalljails in each window. IMPORTANT- before running startalljails you should make sure you ran preboot once as it will clear out all the lockfiles and enable startalljails to work properly.
Summary:
Please note that all contributions to JCWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
JCWiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information