OpenSolaris Zones/Containers FreeBSD Port?

z3R0

z3R0

I would like to see OpenSolaris Zones/Containers ported over to FreeBSD.

It's an important resource management and security feature that is a lot better then chroot and jails. If you look a Zones or Linux vServer you will see that Jails pale in comparison.

ZFS and Dtrace are excellent tools/features. Please bring in Zones!
 
What for?

FreeBSD provides the same functionality (OS level virtualization) with FreeBSD Jails.

Check latest improovements in Jails in latest FreeBSD 7.2 release.
 
vermaden said:
What for?

FreeBSD provides the same functionality (OS level virtualization) with FreeBSD Jails.

Check latest improvements in Jails in latest FreeBSD 7.2 release.
Click to expand...

Why not? Zones are FreeBSD Jails on steroids, easier to manage not to mention better integrated with ZFS.

OpenVS and VServer might be ahead though.
http://en.wikipedia.org/wiki/Jail_(computer_security)#Implementations

Would anyone care highlight a detailed feature by feature comparison of Zones vs Jails, throw in OpenVS

Interesting.
 
I eagerly anticipate your detailed analysis followed by patches to implement zones on FreeBSD.

Seriously, while there are some nice things about zones (memory limits, cpu limits), very few people are paid to work on FreeBSD while all the developers for Solaris are paid. Sitting around and saying "X should be done" is only going to cause people (like me) of calling you an armchair general.
 
gordon@ said:
I eagerly anticipate your detailed analysis followed by patches to implement zones on FreeBSD.

Seriously, while there are some nice things about zones (memory limits, cpu limits), very few people are paid to work on FreeBSD while all the developers for Solaris are paid. Sitting around and saying "X should be done" is only going to cause people (like me) of calling you an armchair general.
Click to expand...

Well it is merely a feature I would love to see in FreeBSD the "armchair general" comment was not necessary. I appreciate the hard work that FreeBSD developers carryout.

I just don't see what is wrong with making a suggestion to incorporate Solaris Zones. For example ZFS, Dtrace are being incorporated from Solaris, PF from OpenBSD, launchd from Darwin and I'm sure other features from other OS's.

Zones is a feature that shouldn't be overlooked.

I don't mind helping out with patches either but I'm curious to see how others feel about it and where to start.
 
Other features to consider are:
1) Building the Sun grid engine into the kernel
2) Adding clustering into ZFS and
3) Bootable ZFS

Just a thought.
 
gordon@ said:
I eagerly anticipate your detailed analysis followed by patches to implement zones on FreeBSD.

Seriously, while there are some nice things about zones (memory limits, cpu limits), very few people are paid to work on FreeBSD while all the developers for Solaris are paid. Sitting around and saying "X should be done" is only going to cause people (like me) of calling you an armchair general.
Click to expand...

I don't remember where I saw it (most likely a mailing list posting), but there's someone working on implementing resource limits for jails.
 
z3R0 said:
If you look a Zones or Linux vServer you will see that Jails pale in comparison.
Click to expand...

Please elaborate.

z3R0 said:
Zones are FreeBSD Jails on steroids, easier to manage not to mention better integrated with ZFS.
Click to expand...

I'm curious what you mean exactly by "easier to manage". I haven't had problems managing FreeBSD Jails.

z3R0 said:
I don't mind helping out with patches either but I'm curious to see how others feel about it and where to start.
Click to expand...

I have not worked with Zones (but I've compared notes with Solaris sysadmins at work). Frankly I have zero interest (intentional pun :)) in seeing Zones ported to FreeBSD. But I'm hoping you will have a compelling argument that will pique my interest in the possibility.
 
anomie said:
I'm curious what you mean exactly by "easier to manage". I haven't had problems managing FreeBSD Jails.
Click to expand...

OpenSolaris provides easier to use tools for the creation and management of Zones (zonecfg, zoneadm, zlogin, etc...)

Though some work has been done on JailResourceLimits as mentioned above
http://wiki.freebsd.org/JailResourceLimits

Zones are stronger in this area so why reinvent the wheel? (And if you try to reinvent the wheel why not see how its done in Zones? You might learn a thing or two.
 
Jails already exist, how is it "re-inventing the wheel" to continue to use jails? It would be "re-inventing the wheel" to drop jails, and try to port zones. Better to improve jails, perhaps looking at how openvz/vserver and zones work.
 
phoenix said:
Jails already exist, how is it "re-inventing the wheel" to continue to use jails? It would be "re-inventing the wheel" to drop jails, and try to port zones. Better to improve jails, perhaps looking at how openvz/vserver and zones work.
Click to expand...

In the sense that Zones are an extension of Jails. So instead of having to add functionality that is already in Zones(or that has already been extended for you) to Jails, why not just incorporate the code in Zones? Or better yet merge both, and simplify the management of Jails with better utilities.
 
@z3R0

phoenix propably had in mind that adding these features to Jails will take a lot less time then porting whole Zones to FreeBSD.

BTW, have you tried ezjail from Ports?
 
Exactly.

What z3R0 is recommending is to rip out jails, and import Zones. IOW, re-invent the wheel (jails), start from scratch (zones)/do something new, abandon many many years of work (jails), and import a whole new class of undiscovered bugs (zones).

What I'm recommending is keeping jails, and use that as a basis to extend outward until all/most of the desired features from Solaris Zones (or Linux-VServer or any other container software) are included. IOW, exactly what the FreeBSD devs are doing. :)
 
I think we should buy solaris 10 cds and put freebsd stickers on them, to make the solaris mavens happy. We can do that with ubunutu cds too. Hell, go whole hog and sticker up some bootleg botnet pre-infected winders7 cds as freebsd server edition 1999.
 
fronclynne said:
I think we should buy solaris 10 cds and put freebsd stickers on them, to make the solaris mavens happy.
Click to expand...
We could entice Sun to revert back to 4.4BSD for Solaris 12 or 13, just like the olden days with SunOS :e

We can do that with ubunutu cds too. Hell, go whole hog and sticker up some bootleg botnet pre-infected winders7 cds as freebsd server edition 1999.
Click to expand...
The horror x(
 
phoenix said:
Exactly.

What z3R0 is recommending is to rip out jails, and import Zones. IOW, re-invent the wheel (jails), start from scratch (zones)/do something new, abandon many many years of work (jails), and import a whole new class of undiscovered bugs (zones).

What I'm recommending is keeping jails, and use that as a basis to extend outward until all/most of the desired features from Solaris Zones (or Linux-VServer or any other container software) are included. IOW, exactly what the FreeBSD devs are doing. :)
Click to expand...

Never said anything about ripping out Jails. I suggested adding Zones. For example FreeBSD has added PF, yet they also have IPFW and IPFilter. Nothing wrong with having multiple mechanisms.
 
You must log in or register to reply here.
Back
Top