docs/189199: make.conf should mention WITH_OPENSSL_PORT
>Number: 189199 >Category: docs >Synopsis: make.conf should mention WITH_OPENSSL_PORT >Confidential: no >Severity: non-critical >Priority: low >Responsible:freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Thu May 01 14:40:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Paul Hoffman >Release:9.2 >Organization: >Environment: FreeBSD labbackup.proper.com 9.2-RELEASE-p5 FreeBSD 9.2-RELEASE-p5 #0: Tue Apr 29 18:53:19 UTC 2014 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: In a recent thread on freebsd-security and freebsd-ports, it turns out that there is a very useful feature of make.conf called WITH_OPENSSL_PORT. This should be documented in the make.conf man page. >How-To-Repeat: >Fix: Proposed wording (but this needs to be checked the ports people): WITH_OPENSSL_PORT (bool) Causes port building to use the OpenSSL from the ports (if available) instead of the OpenSSL from base. >Release-Note: >Audit-Trail: >Unformatted: ___ freebsd-doc@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-doc To unsubscribe, send any mail to "freebsd-doc-unsubscr...@freebsd.org"
docs/189214: mlock(2) allocation limit description inaccurate
>Number: 189214 >Category: docs >Synopsis: mlock(2) allocation limit description inaccurate >Confidential: no >Severity: non-critical >Priority: low >Responsible:freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Fri May 02 00:10:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Lawrence "The Dreamer" Chen >Release:FreeBSD 9.2-RELEASE-p5 amd64 >Organization: >Environment: System: FreeBSD zen.lhaven.homeip.net 9.2-RELEASE-p5 FreeBSD 9.2-RELEASE-p5 #0: Tue Apr 29 19:09:13 UTC 2014 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 >Description: In mlock(2), it says: Since physical memory is a potentially scarce resource, processes are limited in how much they can lock down. A single process can mlock() the minimum of a system-wide ``wired pages'' limit vm.max_wired and the per-process RLIMIT_MEMLOCK resource limit. >How-To-Repeat: >Fix: The more correct answer is like its the minimum of the per-process RLIMIT_MEMLOCK resource limt, and the difference of the system-wide ''wired pages'' limit vm.max_wired and the total count of wired pages on the system vm.stat.vm.v_wire_count. Been trying to figure out why gnome-keyring-daemon can't lock any memory even though I have set "security.bsd.unprivileged_mlock=1" and RLIMIT_MEMLOCK default to 64 (kilobytes.) vm.max_wired on my system defaults to 1323555 (pages - pagesize is 4k.) Well, turns out vm.stat.vm.v_wire_count was 2020311 >Release-Note: >Audit-Trail: >Unformatted: ___ freebsd-doc@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-doc To unsubscribe, send any mail to "freebsd-doc-unsubscr...@freebsd.org"
docs/189216: [patch] add a handbook section on hosting VMs with bhyve
>Number: 189216 >Category: docs >Synopsis: [patch] add a handbook section on hosting VMs with bhyve >Confidential: no >Severity: non-critical >Priority: low >Responsible:freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri May 02 01:30:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Allan Jude >Release:10.0-STABLE >Organization: ScaleEngine Inc. >Environment: FreeBSD Trooper.HML3.ScaleEngine.net 10.0-STABLE FreeBSD 10.0-STABLE #0 Sat Mar 22 13:15:35 EDT 2014 r...@trooper.hml3.scaleengine.net:/usr/obj/media/10stable/sys/GENERIC amd64 >Description: This patch adds a bhyve section to the virtualization chapter, and separates the virtualbox chapter. Sponsored by: ScaleEngine Inc. >How-To-Repeat: >Fix: Patch attached with submission follows: Index: handbook/virtualization/chapter.xml === --- handbook/virtualization/chapter.xml (revision 44736) +++ handbook/virtualization/chapter.xml (working copy) @@ -20,6 +20,16 @@ Contributed by + + + + + Allan + Jude + + bhyve section by + + @@ -1110,8 +1120,8 @@ - -&os; as a Host + +&os; as a Host with VirtualBox &virtualbox; is an actively developed, complete virtualization package, that is available @@ -1273,7 +1283,310 @@ &prompt.root; service devfs restart + + +&os; as a Host with + bhyve + +Starting with &os; 10.0-RELEASE the BSD licensed hypervisor + bhyve is part of the base system. + bhyve supports a number of guests + including &os;, OpenBSD, and many flavors of &linux;. + bhyve currently only supports a + serial console and does not emulate a graphical console. + bhyve is a legacy-free hypervisor, + meaning that instead of translating instructions, and manually + managing memory mappings, it relies on the virtualization + offload features of newer CPUs. + bhyve also avoids emulating + compatible hardware for the guest, and instead relies on the + paravirtualization drivers, called + VirtIO. + +Due to the design of bhyve, it is + only possible to use bhyve on + computers with newer processors that support &intel; + EPT (Extended Page Tables) or &amd; + RVI (Rapid Virtualization Indexing, also know + as NPT or Nested Page Tables). Most newer + processors, specifically the &intel; &core; i3/i5/i7 and + &intel; &xeon; E3/E5/E7 support this feature, for a + complete list of &intel; processors that support + EPT see the http://ark.intel.com/search/advanced?s=t&ExtendedPageTables=true";>&intel; + ARK. RVI is found on the 3rd + generation and later of the &amd.opteron; (Barcelona) + processors. The easiest way to check for support of + EPT or RVI on a system is + to look for the POPCNT processor feature flag + on the Features2 line in + dmesg or + /var/run/dmesg.boot. + + + Preparing the Host + + The first step to creating a virtual machine in + bhyve is configuring the host + system. Load the bhyve kernel + module called vmm. Create a tap + interface for the network device in the virtual machine to + attach to. Optionally create a bridge interface and add the + tap interface as well as the physical + interface as members to allow the virtual machine to have + access to the network. + + &prompt.root; kldload vmm +&prompt.root; kldload nmdm +&prompt.root; ifconfig tap0 create +&prompt.root; sysctl net.link.tap.up_on_open=1 +net.link.tap.up_on_open: 0 -> 1 +&prompt.root; ifconfig bridge0 create +&prompt.root; ifconfig bridge0 addm igb0 addm tap0 +&prompt.root; ifconfig bridge0 up + + + + + Creating a FreeBSD Guest + + Create a file to use as the virtual disk for the guest + machine. + + &prompt.root; truncate -s 16G guest.img + + Download an installation image of &os; to install: + + &prompt.root; fetch ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/10.0/FreeBSD-10.0-RELEASE-amd64-bootonly.iso +FreeBSD-10.0-RELEASE-amd64-bootonly.iso 100% of 209 MB 570 kBps 06m17s + + &os; comes with an example script for running a virtual + machine in bhyve. The script will + start the virtual machine and run it in a loop, so it will + automatically restart if it crashes. The script takes a + number of options to control the configuration of the machine. + -c controls the number of virtual CPUs. + -m limits the amount of memory available to + the guest. -t defines which + tap device to use. -d + indicates which disk image to use. -i tell
Re: docs/189216: [patch] add a handbook section on hosting VMs with bhyve
On 2014-05-01 21:27, Allan Jude wrote: > >> Number: 189216 >> Category: docs >> Synopsis: [patch] add a handbook section on hosting VMs with bhyve >> Confidential: no >> Severity: non-critical >> Priority: low >> Responsible:freebsd-doc >> State: open >> Quarter: >> Keywords: >> Date-Required: >> Class: change-request >> Submitter-Id: current-users >> Arrival-Date: Fri May 02 01:30:00 UTC 2014 >> Closed-Date: >> Last-Modified: >> Originator: Allan Jude >> Release:10.0-STABLE >> Organization: > ScaleEngine Inc. >> Environment: > FreeBSD Trooper.HML3.ScaleEngine.net 10.0-STABLE FreeBSD 10.0-STABLE #0 Sat > Mar 22 13:15:35 EDT 2014 > r...@trooper.hml3.scaleengine.net:/usr/obj/media/10stable/sys/GENERIC amd64 > >> Description: > This patch adds a bhyve section to the virtualization chapter, and separates > the virtualbox chapter. > > > Sponsored by: ScaleEngine Inc. >> How-To-Repeat: > >> Fix: > > > Patch attached with submission follows: > > Index: handbook/virtualization/chapter.xml > === > --- handbook/virtualization/chapter.xml (revision 44736) > +++ handbook/virtualization/chapter.xml (working copy) > @@ -20,6 +20,16 @@ > Contributed by > > > + > + > + > + > + Allan > + Jude > + > + bhyve section by > + > + > > > > @@ -1110,8 +1120,8 @@ > > > > - > -&os; as a Host > + > +&os; as a Host with VirtualBox > > &virtualbox; is an actively >developed, complete virtualization package, that is available > @@ -1273,7 +1283,310 @@ > >&prompt.root; service devfs > restart > > + > > + > +&os; as a Host with > + bhyve > + > +Starting with &os; 10.0-RELEASE the BSD licensed hypervisor > + bhyve is part of the base system. > + bhyve supports a number of guests > + including &os;, OpenBSD, and many flavors of &linux;. > + bhyve currently only supports a > + serial console and does not emulate a graphical console. > + bhyve is a legacy-free hypervisor, > + meaning that instead of translating instructions, and manually > + managing memory mappings, it relies on the virtualization > + offload features of newer CPUs. > + bhyve also avoids emulating > + compatible hardware for the guest, and instead relies on the > + paravirtualization drivers, called > + VirtIO. > + > +Due to the design of bhyve, it is > + only possible to use bhyve on > + computers with newer processors that support &intel; > + EPT (Extended Page Tables) or &amd; > + RVI (Rapid Virtualization Indexing, also know > + as NPT or Nested Page Tables). Most newer > + processors, specifically the &intel; &core; i3/i5/i7 and > + &intel; &xeon; E3/E5/E7 support this feature, for a > + complete list of &intel; processors that support > + EPT see the + > xlink:href="http://ark.intel.com/search/advanced?s=t&ExtendedPageTables=true";>&intel; > + ARK. RVI is found on the 3rd > + generation and later of the &amd.opteron; (Barcelona) > + processors. The easiest way to check for support of > + EPT or RVI on a system is > + to look for the POPCNT processor feature flag > + on the Features2 line in > + dmesg or > + /var/run/dmesg.boot. > + > + > + Preparing the Host > + > + The first step to creating a virtual machine in > + bhyve is configuring the host > + system. Load the bhyve kernel > + module called vmm. Create a tap > + interface for the network device in the virtual machine to > + attach to. Optionally create a bridge interface and add the > + tap interface as well as the physical > + interface as members to allow the virtual machine to have > + access to the network. > + > + &prompt.root; kldload vmm > +&prompt.root; kldload nmdm > +&prompt.root; ifconfig tap0 > create > +&prompt.root; sysctl net.link.tap.up_on_open=1 > +net.link.tap.up_on_open: 0 -> 1 > +&prompt.root; ifconfig bridge0 > create > +&prompt.root; ifconfig bridge0 addm > igb0 addm > tap0 > +&prompt.root; ifconfig bridge0 > up > + > + > + > + > + Creating a FreeBSD Guest > + > + Create a file to use as the virtual disk for the guest > + machine. > + > + &prompt.root; truncate -s > 16G > guest.img > + > + Download an installation image of &os; to install: > + > + &prompt.root; fetch > ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/10.0/FreeBSD-10.0-RELEASE-amd64-bootonly.iso > +FreeBSD-10.0-RELEASE-amd64-bootonly.iso 100% of 209 MB 570 kBps > 06m17s > + > + &os; comes with an example script for running a virtual > + machine in bhyve. The script will > + start the virtual machine and run it in a l
Re: docs/189216: [patch] add a handbook section on hosting VMs with bhyve
The following reply was made to PR docs/189216; it has been noted by GNATS. From: Mark Linimon To: bug-follo...@freebsd.org Cc: Subject: Re: docs/189216: [patch] add a handbook section on hosting VMs with bhyve Date: Thu, 1 May 2014 21:53:58 -0500 - Forwarded message from Allan Jude - >
