Hi, I have, since upgrading to 5.x and updating my management tools, seen a number of problems relating to stopping jails. I'm maintaining several hosts with a number of full-featured jails (i.e. full virtual FreeBSD installations in each jail), and in general this works fine. However, whenever I stop a jail using 'jexec <id> kill -SIGNAL -1' or 'jexec <id> /bin/sh /etc/rc.shutdown' (in various combinations), jails have a tendency to stick around for minutes or hours - according to 'jls'. Often I see an entry in 'netstat -a' indicating that there is one or more sockets in FIN_WAIT state, preventing the jail from coming down. Taking the virtual network interface (alias) down does not help. All I can do at this point is wait. I normally use 'jls' to determine whether or not a jail can be restarted (i.e. it's not running), but this is pretty useless in such cases. And right now I have a case where 'netstat -a' shows me nothing pertaining to the jail, though it has no processes running. I have therefore force-started the jail again, which seems to work nicely, but now 'jls' gives me two entries for this jail, with different JIDs. What am I doing wrong here? /Eirik
On Tue, Jun 28, 2005 at 10:37:29AM +0200, Eirik ?verby wrote:> Hi, > > I have, since upgrading to 5.x and updating my management tools, seen > a number of problems relating to stopping jails. > > I'm maintaining several hosts with a number of full-featured jails > (i.e. full virtual FreeBSD installations in each jail), and in > general this works fine. However, whenever I stop a jail using 'jexec > <id> kill -SIGNAL -1' or 'jexec <id> /bin/sh /etc/rc.shutdown' (in > various combinations), jails have a tendency to stick around for > minutes or hours - according to 'jls'. Often I see an entry in > 'netstat -a' indicating that there is one or more sockets in FIN_WAIT > state, preventing the jail from coming down. Taking the virtual > network interface (alias) down does not help. All I can do at this > point is wait. > > I normally use 'jls' to determine whether or not a jail can be > restarted (i.e. it's not running), but this is pretty useless in such > cases. And right now I have a case where 'netstat -a' shows me > nothing pertaining to the jail, though it has no processes running. I > have therefore force-started the jail again, which seems to work > nicely, but now 'jls' gives me two entries for this jail, with > different JIDs. > > What am I doing wrong here?You could just use ps to check for jailed processes and check their respective jails using the procfs status entry (at least according to the ps manpage...) -- Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\ <> green@FreeBSD.org \ The Power to Serve! \ Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\
On Tuesday 28 June 2005 09:37, Eirik ?verby wrote:> Hi, > > I have, since upgrading to 5.x and updating my management tools, seen > a number of problems relating to stopping jails. > > I'm maintaining several hosts with a number of full-featured jails > (i.e. full virtual FreeBSD installations in each jail), and in > general this works fine. However, whenever I stop a jail using 'jexec > <id> kill -SIGNAL -1' or 'jexec <id> /bin/sh /etc/rc.shutdown' (in > various combinations), jails have a tendency to stick around for > minutes or hours - according to 'jls'. Often I see an entry in > 'netstat -a' indicating that there is one or more sockets in FIN_WAIT > state, preventing the jail from coming down. Taking the virtual > network interface (alias) down does not help. All I can do at this > point is wait.You could use tcpdrop(8) to close them? That might be enough to kick the jail out.> I normally use 'jls' to determine whether or not a jail can be > restarted (i.e. it's not running), but this is pretty useless in such > cases. And right now I have a case where 'netstat -a' shows me > nothing pertaining to the jail, though it has no processes running. I > have therefore force-started the jail again, which seems to work > nicely, but now 'jls' gives me two entries for this jail, with > different JIDs. > > What am I doing wrong here? > > /Eirik > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to > "freebsd-stable-unsubscribe@freebsd.org"HTH, -- Dominic GoodforBusiness.co.uk I.T. Services for SMEs in the UK.