Here are the bare truths without any sugar coating.
Vimage is officially described as experimental. You have to recompile
the kernel to included vimage. Enabling pf or ipf firewalls cause the
host to crash. ipfw firewall does not cause a crash but has next to no
real life usage on vimage. When stopping vimage jails there is a problem
with memory loss. You need a high proficiency in coding netgraph which
is used to tie the hosts network to each vimage jail. Needs a public
network with multiple static ip address & registered domain names even
to test it.
A few brave soles have accepted these short comings and have deployed
vimage in a production environment with good results so they say, or at
best they have not reported any problems. I guess it all depends of what
your shop defines "production ready" as. At my shop vimage is NOT
considered something management is willing to base the business on.
Maybe your shop is different.
There are a few write ups about how to configure vet/vimage jails, but
their out of date. IE: 8.x & 9.x releases which are at EOL [end of life,
unsupported]. The current production version of Freebsd is at 10.3 with
11.0 due out in August. Only know of one utility jail tool that has
vnet/vimage function. Try the qjail port, it will shorten your learning
curve.
Now there is a guy who is patching vimage trying to get it so it can be
incorporated into the base kernel. His goal was to get it into release
11.0, but updates to 11.0 source are now suspended until 11.0 is
published so thats not going to happen. They sure would not incorporate
viamge without a general announcement calling for users to test drive it
first. This has not happened yet that I know of.
vnet/vimage is like a stand alone computer. You have to login to it to
manage any firewall or other system function or port application. This
can be done from the host console or over the network.
Going down this road will make the shop totally dependent on you and
your ability. A mega size pay bump is in your future. The shop will be
fubar-ed if you die or get hurt requiring a hospital stay and long recovery.
User beware.
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
