Posted by Tres
Sat, 03 May 2008 13:49:00 GMT
Installing Postgres on FreeBSD, as always with packages and ports, is a breeze. pkg_add -r postgresql82-server or better yet, portinstall -P databases/postgresql82-server and a quick edit to /etc/rc.conf later, it’s Miller Time… Well almost…
Getting Postgres running in a FreeBSD jail requires that the jail host allows access to FreeBSD’s System V interprocess communication send and receive system calls.
Warning:This breaks down the separation of jailed processes from the host. If you’re paranoid about the security of your host environment, you’ll probably not want to do this – since the same namespace is used for IPC primitives of both the host and in the jail environment as well. This means that someone can potentially send and receive to processes being run in the host environment, or in other jailed environments. There is potential for denial of service, but so long as there are users on a box, there’s always a potential for denial of service, right?
So, to get things running just add the following to /etc/sysctl.conf in the host environment:
security.jail.sysvipc_allowed=1
That will make sure that things start up right whenever the box gets rebooted. To get things running right now, type the command in your terminal window.
sudo security.jail.sysvipc_allowed=1
Posted in FreeBSD, Sysadmin | Tags FreeBSD, Jail, postgresql, virtualization
Posted by Tres
Wed, 12 Jul 2006 11:27:00 GMT
Someone asked me to see about adding multiple IP addresses to a jail the other day. Now that management tools have finally been added, lack of functionality like multiple IP addresses and of fair time scheduling is really the biggest problem that jail has right now. It’s not really a competitive solution without them. Well, after looking around on the Interweb it seemed that the only “recent” (read 2003) patch was Pawel Jakub Dawidek’s patch for FreeBSD 5.3BETA.
So I updated the patch to work with 6.1-STABLE, and upgraded the startup script to handle multiple IP addresses.
This file will patch FreeBSD 6.1 stable to allow multiple IP addresses within a jail.
If you don’t want to cvsup and compile it yourself, you can download a pre-compiled kernel and jail files here.
Otherwise:
cvsup -g -L2 /usr/local/etc/stable-supfile
cd /usr/src
sudo patch -p1 < ~/downloads/multi_ip_patch
sudo make buldworld
sudo make buldkernel
sudo make installkernel
Warning: You really should follow the canonical method for updating your kernel outlined in the FreeBSD handbook. If you’re upgrading from a 6.1-RELEASE to 6.1-STABLE, and you’re willing to take responsibility for whatever damage your actions cause, you might do the following.
sudo make installworld
sudo mergemaster
When defining jails in /etc/rc.conf, separate all the IP addresses for the jail with commas, like this:
jail_testomatic_ip="10.20.30.8,10.20.30.9,10.20.30.10"
You can use the standard /etc/rc.d/jail interface for starting and stopping jails.
Posted in FreeBSD, Sysadmin | Tags 1, 6, Addresses, FreeBSD, IP, Jail, Kernel, Multiple, Patch | no comments