FreeBSD 10.0-RELEASE dropping conection pf + jail + tcp

[alfikmik]

According to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193194 is there any patch for 10.0-R to solve this problem?

I have MySQL on jail. Internal connection is fine, but when I want to do somthing in jailed MySQL often get "connection lost during query", with web server I found solution without NAT and RDR (proxy in main system)

Anyone solve this problem with 10.0-R?

 

[junovitch@]

You should upgrade to 10.1-RELEASE as 10.0-RELEASE just hit end of life 4 days ago and is no longer support for security updates. As said in the PR the issue has been resolved in 10.1-RELEASE which is supported until December 31, 2016 once you upgrade.

See https://www.freebsd.org/security/unsupported.html and https://forums.freebsd.org/threads/topics-about-unsupported-freebsd-versions.40469/.

 

[alfikmik]

Yes but I have many jails on that machine, and can't stop it for a long time. As you now, patch for kernel, and reboot is much faster Break will be for one minute or somthing like that.

 

[junovitch@]

Of course. Using freebsd-update(8) it would be 2 reboots, one for the kernel and one for the userland. You can always update userland for your jails later on, perhaps one by one if you aren't using a shared base jail model. That doesn't seem like it would that big of a difference time wise. Consider that if your plan for high availability relies on not touching anything then things won't end well when the inevitable happens. Sooner or later something will happen be it a dead power supply, too many dead drives, a flood in your server room, dead HVAC, or something. Plan your maintenance before either your software or hardware decides for you.

 

[alfikmik]

Jail are placed according to the manual https://www.freebsd.org/doc/handbook/jails.html

# setenv D /here/is/the/jail
# mkdir -p $D
# cd /usr/src
# make buildworld 
# make installworld DESTDIR=$D 
# make distribution DESTDIR=$D

from this point I create full jail structure that I'm treated as skeleton

than I do cp -Rp skeleton to new jail instance and do needed modifications

I'm affraid that the software compiled in each jail from ports can be unstable, and therefore the whole process will take longer time for update, so patch for kernel only is the simpliest way to solve my problem.

I found that patch http://lists.freebsd.org/pipermail/freebsd-net/2014-February/037864.html

I'm not sure if it can help so only one way is to run it at virtual enviroment such as vitual box and test it empirically