On Mon, May 30, 2016 at 09:40:42AM -0400, Ernie Luzar wrote: > Here are the bare truths without any sugar coating. > Vimage is officially described as experimental. You have to recompile > the kernel to included vimage. Enabling pf or ipf firewalls cause the > host to crash. ipfw firewall does not cause a crash but has next to no > real life usage on vimage. When stopping vimage jails there is a problem > with memory loss. You need a high proficiency in coding netgraph which > is used to tie the hosts network to each vimage jail. Needs a public > network with multiple static ip address & registered domain names even > to test it. > > A few brave soles have accepted these short comings and have deployed > vimage in a production environment with good results so they say, or at > best they have not reported any problems. I guess it all depends of what > your shop defines "production ready" as. At my shop vimage is NOT > considered something management is willing to base the business on. > Maybe your shop is different. > > There are a few write ups about how to configure vet/vimage jails, but > their out of date. IE: 8.x & 9.x releases which are at EOL [end of life, > unsupported]. The current production version of Freebsd is at 10.3 with > 11.0 due out in August. Only know of one utility jail tool that has > vnet/vimage function. Try the qjail port, it will shorten your learning > curve.
sysutils/iocage also supports VIMAGE > > Now there is a guy who is patching vimage trying to get it so it can be > incorporated into the base kernel. His goal was to get it into release > 11.0, but updates to 11.0 source are now suspended until 11.0 is > published so thats not going to happen. They sure would not incorporate > viamge without a general announcement calling for users to test drive it > first. This has not happened yet that I know of. You seem to forget that there have been fixes already in HEAD: http://freshbsd.org/search?branch=HEAD&project=freebsd&q=vimage+OR+vnet
pgp3ePKmkZuyH.pgp
Description: PGP signature
