This change allows to specify a watchdog(9) timeout for a system
shutdown. The timeout is activated when the watchdogd daemon is
stopped. The idea is to a prevent any indefinite hang during late
stages of the shutdown. The feature is implemented in rc.d/watchdogd,
it builds upon watchdogd -x option.
Note that the shutdown timeout is not actiavted when the watchdogd
service is individually stopped by an operator. It is also not
activated for the 'shutdown' to the single-user mode. In those cases it
is assumed that the operator knows what they are doing and they have
means to recover the system should it hang.
Significant subchanges and implementation details:
- the argument to rc.shutdown, completely unused before, is assigned to
rc_shutdown variable that can be inspected by rc scripts
- init(8) passes "single" or "reboot" as the argument, this is not
changed
- the argument is not mandatory and if it is not set then rc_shutdown is
set to "unspecified"
- however, the default jail management scripts and jail configuration
examples have been updated to pass "jail" to rc.shutdown, just in case
- the new timeout can be set via watchdogd_shutdown_timeout rc option
- for consistency, the regular timeout can now be set via
watchdogd_timeout rc option
- watchdogd_shutdown_timeout and watchdogd_timeout override timeout
specifications in watchdogd_flags
- existing configurations, where the new rc options are not set, should
keep working as before
I am not particularly wed to any of the implementation specifics.
I am open to changing or removing any of them as long as the provided
functionality is the same (or very close) to the proposed one.
For example, I think it can be implemented without using watchdogd -x,
by means of watchdog(1) alone. In that case there would be a small
window between stopping watchdogd and running watchdog, but I think that
that is acceptable.
Reviewed by: bcr (man page changes)
MFC after: 5 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D21221
The provided example jail configs do not work for multiple interfaces.
Multiple interfaces need to be specified as a comma separated list or
using multiple += lines in jail.conf. In the given example, a space-
separated string is used, which doesn't work with multiple interfaces.
Also added a note to the README about VIMAGE being built-in by default
on amd64 in FreeBSD 12, with appropriate instructions for loading the
necessary netgraph ether module (ng_ether) since it is neither built-
in nor autoloads.
Submitted by: Ryan Moeller <ryan@freqlabs.com>
Reported by: Ryan Moeller <ryan@freqlabs.com>
MFC after: 3 days
Sponsored by: Smule, Inc.
Differential Revision: https://reviews.freebsd.org/D17697
While "jng" or "jib" without arguments told you what each sub-command does,
sub-command usage didn't tell you (e.g., "jng bridge" or "jib addm" gave
only usage and not description).
Reduce differences between jib/jng and fix a bug that would prevent
additional interfaces from being created if the first of many already
existed (counter wasn't incremented before calling only continue).
Adding `!' before an interface name will disable MAC allocation, falling
back to driver mechanics. Alternatively adding `=' before an interface name
causes the MAC address to be cloned (for ng_bridge(4) back-end only). While
here, disable the auto-detection of wlan* since this knocks the host off;
requiring the host that defines the jail to explicitly enable this feature
by preceding the interface with `='.
Documented in iwn(4), "Only one virtual interface may be configured at any
time." However, netgraph with a cloned MAC address is able to communicate
over an ng_eiface attached to an ng_bridge linked to the wlan(4) interface.
While here, introduce syntax to specify the MAC address is to be cloned if
the named interface begins with equals [=].
