Thread: initdb dies during IpcSemaphoreCreate under BSD jail

initdb dies during IpcSemaphoreCreate under BSD jail

From
"Joel Burton"
Date:
(posted last week to pgsql-general; no responses there, so I'm seeing if
anyone here can contribute. Thanks!)


I'm working on a site hosted in a BSD Jail; they have MySQL installed but,
of course, I'd rather use PostgreSQL.

It installs fine but can't initdb; get the following:

Fixing permissions on existing directory /usr/local/pgsql/data... ok
creating directory /usr/local/pgsql/data/base... ok
creating directory /usr/local/pgsql/data/global... ok
creating directory /usr/local/pgsql/data/pg_xlog... ok
creating directory /usr/local/pgsql/data/pg_clog... ok
creating template1 database in /usr/local/pgsql/data/base/1...
IpcSemaphoreCreate: semget(key=1, num=17, 03600) failed:
Function not implemented

Earlier message traffic suggests that SYSV IPC has not been fixed to run
under BSD Jails.

The last time this was raised was ~1 year ago. Has there been any changes
here that anyone knows of? Any hope of getting PG running in our jail? (Or,
alternatively, can PG run on the real machine's processes so that the
different jails can access it?)

Any help would be appreciated!

Thanks.

Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton
Knowledge Management & Technology Consultant



Re: initdb dies during IpcSemaphoreCreate under BSD jail

From
Vince Vielhaber
Date:
On Mon, 25 Mar 2002, Joel Burton wrote:

> (posted last week to pgsql-general; no responses there, so I'm seeing if
> anyone here can contribute. Thanks!)
>
>
> I'm working on a site hosted in a BSD Jail; they have MySQL installed but,
> of course, I'd rather use PostgreSQL.
>
> It installs fine but can't initdb; get the following:
>
> Fixing permissions on existing directory /usr/local/pgsql/data... ok
> creating directory /usr/local/pgsql/data/base... ok
> creating directory /usr/local/pgsql/data/global... ok
> creating directory /usr/local/pgsql/data/pg_xlog... ok
> creating directory /usr/local/pgsql/data/pg_clog... ok
> creating template1 database in /usr/local/pgsql/data/base/1...
> IpcSemaphoreCreate: semget(key=1, num=17, 03600) failed:
> Function not implemented
>
> Earlier message traffic suggests that SYSV IPC has not been fixed to run
> under BSD Jails.
>
> The last time this was raised was ~1 year ago. Has there been any changes
> here that anyone knows of? Any hope of getting PG running in our jail? (Or,
> alternatively, can PG run on the real machine's processes so that the
> different jails can access it?)

I don't know about running PG in a jail, but if you have it running
on the parent or real machine the jails can access it just fine but
not as localhost.

Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    http://www.pop4.net        56K Nationwide Dialup from $16.00/mo
atPop4 Networking       Online Campground Directory    http://www.camping-usa.com      Online Giftshop Superstore
http://www.cloudninegifts.com
==========================================================================





Re: initdb dies during IpcSemaphoreCreate under BSD jail

From
"Alastair D'Silva"
Date:
You need to get your provider to set the sysctl jail.sysvipc_allowed to
1 in the host environment. If they're not willing to do this for you, we
provide this feature on our servers, and also have a shared Postgres
database you can use.

--
Alastair D'Silva B. Sc.            mob: 0413 485 733
Networking Consultant
New Millennium Networking  http://www.newmillennium.net.au 

> -----Original Message-----
> From: pgsql-hackers-owner@postgresql.org 
> [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of 
> Vince Vielhaber
> Sent: Tuesday, 26 March 2002 3:03 AM
> To: Joel Burton
> Cc: pgsql-hackers@postgresql.org
> Subject: Re: [HACKERS] initdb dies during IpcSemaphoreCreate 
> under BSD jail
> 
> 
> On Mon, 25 Mar 2002, Joel Burton wrote:
> 
> > (posted last week to pgsql-general; no responses there, so 
> I'm seeing 
> > if anyone here can contribute. Thanks!)
> >
> >
> > I'm working on a site hosted in a BSD Jail; they have MySQL 
> installed 
> > but, of course, I'd rather use PostgreSQL.
> >
> > It installs fine but can't initdb; get the following:
> >
> > Fixing permissions on existing directory 
> /usr/local/pgsql/data... ok 
> > creating directory /usr/local/pgsql/data/base... ok 
> creating directory 
> > /usr/local/pgsql/data/global... ok creating directory 
> > /usr/local/pgsql/data/pg_xlog... ok creating directory 
> > /usr/local/pgsql/data/pg_clog... ok creating template1 database in 
> > /usr/local/pgsql/data/base/1...
> > IpcSemaphoreCreate: semget(key=1, num=17, 03600) failed: 
> Function not 
> > implemented
> >
> > Earlier message traffic suggests that SYSV IPC has not been 
> fixed to 
> > run under BSD Jails.
> >
> > The last time this was raised was ~1 year ago. Has there been any 
> > changes here that anyone knows of? Any hope of getting PG 
> running in 
> > our jail? (Or, alternatively, can PG run on the real machine's 
> > processes so that the different jails can access it?)
> 
> I don't know about running PG in a jail, but if you have it 
> running on the parent or real machine the jails can access it 
> just fine but not as localhost.
> 
> Vince.
> -- 
> ==============================================================
> ============
> Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    
http://www.pop4.net        56K Nationwide Dialup from $16.00/mo at Pop4 Networking       Online Campground Directory
http://www.camping-usa.com     Online Giftshop Superstore    http://www.cloudninegifts.com
 
========================================================================
==




---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org



Re: initdb dies during IpcSemaphoreCreate under BSD jail

From
"Joel Burton"
Date:
> -----Original Message-----
> From: Alastair D'Silva [mailto:deece@newmillennium.net.au]
> Sent: Tuesday, March 26, 2002 10:52 PM
> To: 'Vince Vielhaber'; 'Joel Burton'
> Cc: pgsql-hackers@postgresql.org
> Subject: RE: [HACKERS] initdb dies during IpcSemaphoreCreate under BSD
> jail
>
>
> You need to get your provider to set the sysctl jail.sysvipc_allowed to
> 1 in the host environment. If they're not willing to do this for you, we
> provide this feature on our servers, and also have a shared Postgres
> database you can use.

Thanks for the tip. I'm not a *BSD guru, so I'm not familiar with this
configuration change, but I've written to the Powers That Be at my ISP to
see if this is something that they feel they could change.



Re: initdb dies during IpcSemaphoreCreate under BSD jail

From
"Joel Burton"
Date:
> You need to get your provider to set the sysctl jail.sysvipc_allowed to
> 1 in the host environment. If they're not willing to do this for you, we
> provide this feature on our servers, and also have a shared Postgres
> database you can use.

My ISP responds to this point:

"""
>In the thread on the pgsql-hackers list, someone wrote to me to say that
>"You need to get your provider to set the sysctl jail.sysvipc_allowed to
>1 in the host environment." Apparently, according to this person, this will
>allow the use of PG in the jailed environments. Is this something that
imeme
>can configure? If this isn't clear, I'd be happy to find out more
>information for you about this configuration change and what other
>ramifications it might have for your servers.

This will allow you to run a single postgres in a single jail only one
user would have access to it.  If you try to run more then one it will
try to use the same shared memory and crash.
"""


Is this, in fact, the case?

Thanks!



Re: initdb dies during IpcSemaphoreCreate under BSD jail

From
Tom Lane
Date:
"Joel Burton" <joel@joelburton.com> writes:
>> This will allow you to run a single postgres in a single jail only one
>> user would have access to it.  If you try to run more then one it will
>> try to use the same shared memory and crash.

> Is this, in fact, the case?

Unless BSD jails have very bizarre shared memory behavior, this is
nonsense.  PG can easily run multiple postmasters in the same machine
(there are currently four postmasters of different vintages alive on
the machine I'm typing this on).  Give each one a different database
directory and a unique port number, and you're good to go.

It might be that postmasters in different jails on the same machine
would have to be assigned different port numbers to keep them from
conflicting.  Don't know exactly how airtight a BSD jail is ...
but there is an interaction between port number and shared memory
key.  I can imagine that a jail that hides processes but not shared
memory segments might confuse our startup logic that tries to detect
whether an existing shared memory segment is safe to reuse or not.
Perhaps your ISP has seen failures of that type from trying to
start multiple postmasters on the same port number in different
jails.
        regards, tom lane


Re: initdb dies during IpcSemaphoreCreate under BSD jail

From
Alex Hayward
Date:
On Wed, 27 Mar 2002, Tom Lane wrote:

> "Joel Burton" <joel@joelburton.com> writes:
> >> This will allow you to run a single postgres in a single jail only one
> >> user would have access to it.  If you try to run more then one it will
> >> try to use the same shared memory and crash.
>
> > Is this, in fact, the case?
>
> Unless BSD jails have very bizarre shared memory behavior, this is
> nonsense.  PG can easily run multiple postmasters in the same machine
> (there are currently four postmasters of different vintages alive on
> the machine I'm typing this on).  Give each one a different database
> directory and a unique port number, and you're good to go.
>
> It might be that postmasters in different jails on the same machine
> would have to be assigned different port numbers to keep them from
> conflicting.  Don't know exactly how airtight a BSD jail is ...
> but there is an interaction between port number and shared memory
> key.  I can imagine that a jail that hides processes but not shared
> memory segments might confuse our startup logic that tries to detect
> whether an existing shared memory segment is safe to reuse or not.
> Perhaps your ISP has seen failures of that type from trying to
> start multiple postmasters on the same port number in different
> jails.

FreeBSD jails are supposed to put just about everything in to different
namespaces/contention domains/whatever. You can't see processes running
outside a jail from within it, you can't see files outside your jail, you
can only use your jail's IP address, etc. However, this doesn't work for
SYSV IPC (not in FreeBSD-STABLE, at least) and everything goes in to one
machine-wide namespace - hence the sysctl to turn it on/off.

PostgreSQL will run quite happily using different port numbers in
different jails - but the port numbers MUST be different. Since the ISP is
probably using jails to make multiple users as unaware of each other as
possible this might be a problem for them...

You should probably also consider that someone in /another/ jail might be
able to get access to your shared memory segments. This would, most
likely, be a bad thing to happen.