Christer,
Michael,
thank you very much for your answers.
I meanwhile could fix the issue. To provide the solution just in short my setup
and how I fixed it.
I run the machine in a data center and wanted GEOM GELI disk encyrption for
the jails partitions (one per jail). Therefor, I cannot use any scripting
solutions for jails management. Alle jails are run via generic command lines
(jail / jexec / ...). The jails were build via make world and also all daemons
were compiled using the ports collection. There are three jails, each with a
small bunch of IP addresses.
The issue was that I could not find out which rules FreeBSD follows when
deciding which of the IPs in a jail to use for outgoing connections. It did
NOT use the primary jail IP and I also could not bind daemons to a certain IP.
Solution: From the list of alias IPs as configured via ifconfig on the host
system, FreeBSD takes the one which comes first in the list of alias IPs to use
it for outgoing connections. If you do not want the IP selected by FreeBSD
for outgoing connections just remove the alias IP on the host system (ifconfig
-alias) and then add it again (ifconfig alias). Through this the IP will be
become the last in the list and another alias IP will then get selected for
outgoing connections from within the jail. You must go ahead with this method
until the right alias IP gets used.
That at least was my method to fix the issue. But may be there's anybody out
there knowing a better method ...
On Christens questions:
All jails are managed by generic jail commands (as forced by the GEOM GELI
setup). I can do this because there are not that many jails. I however do not
use any scripting or cfengine/puppy (never heard of it). I use sendmail only
in some jails to get the periodic status messages sent in my email box for
admin purposes (reduced sendmail setup of course and not listening outside). I
do not share ports. All jails are used for different purposes. Everything is
managed "by hand". Automating it would not pay off with that few jails. Thanks
for your link. Will visit it.
Thanks again to all
Tom
> pssh with pki keys to run multiple commands, ports in main. Make packages
> then pssh each to install the package
>
> -Original Message-
> From: Christer Solskogen
> Sent: Thursday, January 28, 2010 5:05 PM
> To: freebsd-jail@freebsd.org
> Subject: How do you manage your jails?
>
> So you have installed a FreeBSD server and setup several jails on your
> system. They run the services they need and everything works smoothly. But
> how do manage all of them? What do you do if you want to run a command on
> all jails? Do you run cfengine/puppy? How do you setup sendmail? Do
> you have sendmail on all jails?
> Do you share ports to all jails? How do you keep ports up to date on them?
> Do you have a set of scripts that you want to share? On
> http://antarctica.no/stuff/UNIX/FreeBSD/jails/ you'll find what I use.
>
> I'm preparing a talk for BLUG (the local Linux/BSD group) and I want to
> know how YOU manage your jails, there sure are more than one way do it.
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"