Thread: initdb dies during IpcSemaphoreCreate under BSD jail
(posted last week to pgsql-general; no responses there, so I'm seeing if anyone here can contribute. Thanks!) I'm working on a site hosted in a BSD Jail; they have MySQL installed but, of course, I'd rather use PostgreSQL. It installs fine but can't initdb; get the following: Fixing permissions on existing directory /usr/local/pgsql/data... ok creating directory /usr/local/pgsql/data/base... ok creating directory /usr/local/pgsql/data/global... ok creating directory /usr/local/pgsql/data/pg_xlog... ok creating directory /usr/local/pgsql/data/pg_clog... ok creating template1 database in /usr/local/pgsql/data/base/1... IpcSemaphoreCreate: semget(key=1, num=17, 03600) failed: Function not implemented Earlier message traffic suggests that SYSV IPC has not been fixed to run under BSD Jails. The last time this was raised was ~1 year ago. Has there been any changes here that anyone knows of? Any hope of getting PG running in our jail? (Or, alternatively, can PG run on the real machine's processes so that the different jails can access it?) Any help would be appreciated! Thanks. Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton Knowledge Management & Technology Consultant
On Mon, 25 Mar 2002, Joel Burton wrote: > (posted last week to pgsql-general; no responses there, so I'm seeing if > anyone here can contribute. Thanks!) > > > I'm working on a site hosted in a BSD Jail; they have MySQL installed but, > of course, I'd rather use PostgreSQL. > > It installs fine but can't initdb; get the following: > > Fixing permissions on existing directory /usr/local/pgsql/data... ok > creating directory /usr/local/pgsql/data/base... ok > creating directory /usr/local/pgsql/data/global... ok > creating directory /usr/local/pgsql/data/pg_xlog... ok > creating directory /usr/local/pgsql/data/pg_clog... ok > creating template1 database in /usr/local/pgsql/data/base/1... > IpcSemaphoreCreate: semget(key=1, num=17, 03600) failed: > Function not implemented > > Earlier message traffic suggests that SYSV IPC has not been fixed to run > under BSD Jails. > > The last time this was raised was ~1 year ago. Has there been any changes > here that anyone knows of? Any hope of getting PG running in our jail? (Or, > alternatively, can PG run on the real machine's processes so that the > different jails can access it?) I don't know about running PG in a jail, but if you have it running on the parent or real machine the jails can access it just fine but not as localhost. Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo atPop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ==========================================================================
You need to get your provider to set the sysctl jail.sysvipc_allowed to 1 in the host environment. If they're not willing to do this for you, we provide this feature on our servers, and also have a shared Postgres database you can use. -- Alastair D'Silva B. Sc. mob: 0413 485 733 Networking Consultant New Millennium Networking http://www.newmillennium.net.au > -----Original Message----- > From: pgsql-hackers-owner@postgresql.org > [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of > Vince Vielhaber > Sent: Tuesday, 26 March 2002 3:03 AM > To: Joel Burton > Cc: pgsql-hackers@postgresql.org > Subject: Re: [HACKERS] initdb dies during IpcSemaphoreCreate > under BSD jail > > > On Mon, 25 Mar 2002, Joel Burton wrote: > > > (posted last week to pgsql-general; no responses there, so > I'm seeing > > if anyone here can contribute. Thanks!) > > > > > > I'm working on a site hosted in a BSD Jail; they have MySQL > installed > > but, of course, I'd rather use PostgreSQL. > > > > It installs fine but can't initdb; get the following: > > > > Fixing permissions on existing directory > /usr/local/pgsql/data... ok > > creating directory /usr/local/pgsql/data/base... ok > creating directory > > /usr/local/pgsql/data/global... ok creating directory > > /usr/local/pgsql/data/pg_xlog... ok creating directory > > /usr/local/pgsql/data/pg_clog... ok creating template1 database in > > /usr/local/pgsql/data/base/1... > > IpcSemaphoreCreate: semget(key=1, num=17, 03600) failed: > Function not > > implemented > > > > Earlier message traffic suggests that SYSV IPC has not been > fixed to > > run under BSD Jails. > > > > The last time this was raised was ~1 year ago. Has there been any > > changes here that anyone knows of? Any hope of getting PG > running in > > our jail? (Or, alternatively, can PG run on the real machine's > > processes so that the different jails can access it?) > > I don't know about running PG in a jail, but if you have it > running on the parent or real machine the jails can access it > just fine but not as localhost. > > Vince. > -- > ============================================================== > ============ > Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo at Pop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ======================================================================== == ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
> -----Original Message----- > From: Alastair D'Silva [mailto:deece@newmillennium.net.au] > Sent: Tuesday, March 26, 2002 10:52 PM > To: 'Vince Vielhaber'; 'Joel Burton' > Cc: pgsql-hackers@postgresql.org > Subject: RE: [HACKERS] initdb dies during IpcSemaphoreCreate under BSD > jail > > > You need to get your provider to set the sysctl jail.sysvipc_allowed to > 1 in the host environment. If they're not willing to do this for you, we > provide this feature on our servers, and also have a shared Postgres > database you can use. Thanks for the tip. I'm not a *BSD guru, so I'm not familiar with this configuration change, but I've written to the Powers That Be at my ISP to see if this is something that they feel they could change.
> You need to get your provider to set the sysctl jail.sysvipc_allowed to > 1 in the host environment. If they're not willing to do this for you, we > provide this feature on our servers, and also have a shared Postgres > database you can use. My ISP responds to this point: """ >In the thread on the pgsql-hackers list, someone wrote to me to say that >"You need to get your provider to set the sysctl jail.sysvipc_allowed to >1 in the host environment." Apparently, according to this person, this will >allow the use of PG in the jailed environments. Is this something that imeme >can configure? If this isn't clear, I'd be happy to find out more >information for you about this configuration change and what other >ramifications it might have for your servers. This will allow you to run a single postgres in a single jail only one user would have access to it. If you try to run more then one it will try to use the same shared memory and crash. """ Is this, in fact, the case? Thanks!
"Joel Burton" <joel@joelburton.com> writes:
>> This will allow you to run a single postgres in a single jail only one
>> user would have access to it. If you try to run more then one it will
>> try to use the same shared memory and crash.
> Is this, in fact, the case?
Unless BSD jails have very bizarre shared memory behavior, this is
nonsense. PG can easily run multiple postmasters in the same machine
(there are currently four postmasters of different vintages alive on
the machine I'm typing this on). Give each one a different database
directory and a unique port number, and you're good to go.
It might be that postmasters in different jails on the same machine
would have to be assigned different port numbers to keep them from
conflicting. Don't know exactly how airtight a BSD jail is ...
but there is an interaction between port number and shared memory
key. I can imagine that a jail that hides processes but not shared
memory segments might confuse our startup logic that tries to detect
whether an existing shared memory segment is safe to reuse or not.
Perhaps your ISP has seen failures of that type from trying to
start multiple postmasters on the same port number in different
jails.
regards, tom lane
On Wed, 27 Mar 2002, Tom Lane wrote: > "Joel Burton" <joel@joelburton.com> writes: > >> This will allow you to run a single postgres in a single jail only one > >> user would have access to it. If you try to run more then one it will > >> try to use the same shared memory and crash. > > > Is this, in fact, the case? > > Unless BSD jails have very bizarre shared memory behavior, this is > nonsense. PG can easily run multiple postmasters in the same machine > (there are currently four postmasters of different vintages alive on > the machine I'm typing this on). Give each one a different database > directory and a unique port number, and you're good to go. > > It might be that postmasters in different jails on the same machine > would have to be assigned different port numbers to keep them from > conflicting. Don't know exactly how airtight a BSD jail is ... > but there is an interaction between port number and shared memory > key. I can imagine that a jail that hides processes but not shared > memory segments might confuse our startup logic that tries to detect > whether an existing shared memory segment is safe to reuse or not. > Perhaps your ISP has seen failures of that type from trying to > start multiple postmasters on the same port number in different > jails. FreeBSD jails are supposed to put just about everything in to different namespaces/contention domains/whatever. You can't see processes running outside a jail from within it, you can't see files outside your jail, you can only use your jail's IP address, etc. However, this doesn't work for SYSV IPC (not in FreeBSD-STABLE, at least) and everything goes in to one machine-wide namespace - hence the sysctl to turn it on/off. PostgreSQL will run quite happily using different port numbers in different jails - but the port numbers MUST be different. Since the ISP is probably using jails to make multiple users as unaware of each other as possible this might be a problem for them... You should probably also consider that someone in /another/ jail might be able to get access to your shared memory segments. This would, most likely, be a bad thing to happen.