# grep jail /etc/rc.conf jail_enable="YES" jail_list="dns mysql vhost0 clamav spamassassin mail webmail haproxy monitor" # service jail stop Stopping jails: dns mysql vhost0 clamav spamassassin mail webmail haproxy monitor. # service jail start Starting jails: dns mysql vhost0 clamav spamassassin mail webmail haproxy monitor. Notice that the ordering of jails is such that when starting up DNS comes online before web and mail servers. Web servers come up before haproxy. Makes sense, right? Notice that at shutdown time, the list is *not* reversed. So the later services end up having their resources (DNS, DB, etc..) ripped out from under them, causing them to take longer than necessary to shut down. I can't think of a time when jail_list shouldn't be reversed during shutdown/stop.
Created attachment 154424 [details] reverse jail list This seems fairly simple. It looks like etc/rc.d/jail stop routine works on $@ derived from ${jail_list}, which is _ALL by default: ${jail_list:-_ALL} It returns after shutting down all the jails if _ALL was provided, otherwise works on the ${jail_list} in a for loop. This simple patch creates a reverse list of the items in ${jail_list} and uses that for shutdown instead. I haven't tested, but it looks like it would work just fine.
Testing with patch applied: # service jail start Starting jails: dns mysql clamav spamassassin vpopmail smtp webmail haproxy monitor. # service jail stop Stopping jails: monitor haproxy webmail smtp vpopmail spamassassin clamav mysql dns. Looks great to me.
It might be more appropriate to name the variable $reverse_jail_list to make it a bit clearer, but otherwise glad to see this is functioning as intended. I'll see if I can flag someone down and confirm if this is OK for default behavior, but I can't see why not...
Created attachment 154450 [details] all sh(1) method alternate method so we don't have to fork out to awk
Tested again, and works as well as the last one. Thanks again for working on this.
Jamie, can you provide some feedback on this small patch to the jail rc.d script ? Thanks!
It does the right thing in its place. I would change the __j loop variable should just be _j though - or if you really want __j add it to the local declaration. I'd also like to see a similar reversal done in the _ALL case. In the usual case (jid not specified) jls will list jails in the order created, so reversing its output is still the right thing to do.
For posterity, I've opened an issue in Fabricator https://reviews.freebsd.org/D2088 Further discussion on the patch continuing there.
A commit references this bug: Author: feld Date: Wed Feb 10 16:13:59 UTC 2016 New revision: 295471 URL: https://svnweb.freebsd.org/changeset/base/295471 Log: Add new rc.conf parameter "jail_reverse_stop" When a user defines "jail_list" in rc.conf the jails are started in the order defined. Currently the jails are not are stopped in reverse order which may break dependencies between jails/services and prevent a clean shutdown. The new parameter "jail_reverse_stop" will shutdown jails in "jail_list" in reverse order when set to "YES". Please note that this does not affect manual invocation of the jail rc script. If a user runs the command # service jail stop jail1 jail2 jail3 the jails will be stopped in exactly the order specified regardless of jail_reverse_stop being defined in rc.conf. PR: 196152 Approved by: jamie MFC after: 1 week Relnotes: yes Differential Revision: https://reviews.freebsd.org/D5233 Changes: head/etc/defaults/rc.conf head/etc/rc.d/jail
taking this and keeping it open until I get the documentation for jail_list and jail_reverse_stop in rc.conf.5 https://reviews.freebsd.org/D5243
A commit references this bug: Author: feld Date: Fri Feb 12 17:55:06 UTC 2016 New revision: 295568 URL: https://svnweb.freebsd.org/changeset/base/295568 Log: Document the new jail_reverse_stop parameter While here clean up the documentation for jail_list PR: 196152 Approved by: jamie, wblock MFC after: 1 week, with r295471 Differential Revision: https://reviews.freebsd.org/D5243 Changes: head/share/man/man5/rc.conf.5
Thank you Mark!
A commit references this bug: Author: jamie Date: Sat Apr 30 15:06:19 UTC 2016 New revision: 298852 URL: https://svnweb.freebsd.org/changeset/base/298852 Log: MFC r295471: Add new rc.conf parameter "jail_reverse_stop" When a user defines "jail_list" in rc.conf the jails are started in the order defined. Currently the jails are not are stopped in reverse order which may break dependencies between jails/services and prevent a clean shutdown. The new parameter "jail_reverse_stop" will shutdown jails in "jail_list" in reverse order when set to "YES". Please note that this does not affect manual invocation of the jail rc script. If a user runs the command # service jail stop jail1 jail2 jail3 the jails will be stopped in exactly the order specified regardless of jail_reverse_stop being defined in rc.conf. MFC r295568: Document the new jail_reverse_stop parameter While here clean up the documentation for jail_list PR: 196152 Submitted by: feld Changes: _U stable/10/ stable/10/etc/defaults/rc.conf stable/10/etc/rc.d/jail stable/10/share/man/man5/rc.conf.5