Am 21.07.2011, 18:37 Uhr, schrieb Robert Millan <rmh@debian.org>:
2011/7/21 Darko Hojnik <hojnik@virtualizing.org>:Hi thereI'm currently playing again with Debian kFreeBSD based jails under a FreeBSDHost.Make sure you read the FAQ entry [1] and associated links.[1] http://wiki.debian.org/Debian_GNU/kFreeBSD_FAQ#Q._Can_I_run_Debian_GNU.2BAC8-kFreeBSD_in_a_chroot_under_FreeBSD.3FIt's possible you also need: http://anonscm.debian.org/viewvc/glibc-bsd/trunk/kfreebsd-8/debian/patches/111_linprocfs_kthread.diff?revision=3458&view=markup but I'm not familiar with linprocfs. Perhaps someone else can give a better answer.In fact Debian has no real useful solution to bring Debian kFreeBSD on physical servers.Why do you say that?But for running Debian kFreeBSD inside masshostingenvironment (what is a real attractive idea) like jail based VServers thats will be the pain in the ass. I've noticed that some guys here are porting jails to Debian kFreeBSD. I hope they will read this post and thinking aboutit.Doesn't seem hard, I might do this if I find a minute.
The Debian Installer can not handle good enough ZFS. And the infrastructure of it never could be the base for an impressive and powerful solution. I know that patches are welcome, but they are some radical changes needed. I don't think that these changes would be accepted from Debian. Every work about a patch is useless. On the last Linuxday I've talked with Arno Töll several hours about it. Also I've written it more enough here on this list. On kFreeBSD I'm missing some features that gives me a native FreeBSD installation. Almost features with jails and networking. With jails also I'm missing VIMAGE that gives a virtualized networkstack. I know squeeze is a preview and I hope that the next version in two years would haves a better and even more robust softwarestack.
Debian kFreeBSD in a Jail runs, that is no secret. But services inside a Debian kFreeBSD jail needs a mounted linprocfs. Yesterday I've created a Debian based Jail and installed from backports PostgreSQL 9 inside. It runs like a charm. Some tweaks on the host are needed, PostgreSQL is a beast. To start a Jail, I've to mount /proc in the jail before. And that is a possible security leak. Thats the reason why I could never give untrusted customers rootaccess to an Debian kFreeBSD jail. That is the essence of my preview message. I'm not a BSD Developer and in god I don't trust, in Java I code. But I hope that other people maybe would think more about this issue.
In the future FreeBSD has features to limit and control resources and usage about the CPU. And that for processes and also for jails. A combination with this plus a real good networkstack and other impressive features from the FreeBSD Kernel such like jails or ZFS is nice. But add a Debian based softwarestack with the Debian packagemanagement that is glory. That could eat Oracle Solaris and smash it to dust.
I think some idea's about linprocfs are needed or Debian turns back to the normal FreeBSD procfs ;) Also a feature to limit the full output from dmesg inside jails. I am convinced that this could rapidly brings it on thousands servers. Because that is cheaper and even more powerful then something what is linux based
cheers Darko