From owner-freebsd-questions@FreeBSD.ORG Tue Dec 22 00:49:02 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D9B9C1065672 for ; Tue, 22 Dec 2009 00:49:02 +0000 (UTC) (envelope-from mkushnir@lohika.com) Received: from sbox.lohika.com (sbox.lohika.com [217.9.0.182]) by mx1.freebsd.org (Postfix) with ESMTP id 5064A8FC19 for ; Tue, 22 Dec 2009 00:49:01 +0000 (UTC) X-IronPort-AV: E=Sophos;i="4.47,434,1257112800"; d="scan'208";a="3524279" Received: from unknown (HELO dekker.lohika.com) ([172.20.100.30]) by sbox-local.lohika.com with ESMTP; 22 Dec 2009 02:48:59 +0200 Received: from [91.124.17.117] (117-17-124-91.pool.ukrtel.net [91.124.17.117]) (authenticated bits=0) by dekker.lohika.com (8.14.2/8.14.2) with ESMTP id nBM0qouP085062 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 22 Dec 2009 02:52:51 +0200 (EET) (envelope-from mkushnir@lohika.com) Message-ID: <4B30176D.8050803@lohika.com> Date: Tue, 22 Dec 2009 02:48:45 +0200 From: Markiyan Kushnir User-Agent: Thunderbird 2.0.0.23 (X11/20091208) MIME-Version: 1.0 To: Mel Flynn References: <20091218224047.GA37742@club.kyutech.ac.jp> <200912190353.16223.mel.flynn+fbsd.questions@mailing.thruhere.net> In-Reply-To: <200912190353.16223.mel.flynn+fbsd.questions@mailing.thruhere.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.94.2/10207/Mon Dec 21 15:39:48 2009 on dekker.lohika.com X-Virus-Status: Clean Cc: "freebsd-questions@freebsd.org" , Kouichiro Iwao Subject: Re: how to make vimage jail permanent by configuring rc.conf? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Dec 2009 00:49:02 -0000 Hello, I also wanted to have it work, but failed and just had to patch my /etc/rc.d/jail until it's resolved. The first problem is that currently /etc/rc.d/jail creates jails using the parameterless form of jail(8). Another issue is that after the jail is created, it currently seems not possible to squeeze the "ifconfig vnet ..." in between "jail ..." and "jexec ..." -- I mean using *_exec_afterstart and *_exec_poststart in the order they are invoked now by the jail rc script. I had to invent a kind of "exec_earlypoststart" locally, and call all routines the following order: 1. /usr/sbin/jail called in the parameter-aware mode 2. _exec_earlypoststart 3. _exec_afterstart 4. _exec_poststart Then the rc.conf would look like: cloned_interfaces="$cloned_interfaces epair0" ifconfig_bridge0="addm epair0a $ifconfig_bridge0" ifconfig_epair0a="up" jail_list="$jail_list QQ" jail_QQ_flags="-l -U root vnet persist name=QQ" jail_QQ_name="QQ" jail_QQ_rootdir="/usr/jails/QQ" jail_QQ_hostname="QQ.localhost" jail_QQ_exec_earlypoststart0="ifconfig epair0b vnet QQ" jail_QQ_exec_afterstart1="ifconfig epair0b 10.1.1.1" jail_QQ_exec_afterstart2="ifconfig epair0b inet6 2001::1:1:1 prefixlen 128" jail_QQ_exec_afterstart3="ifconfig lo0 127.0.0.1" jail_QQ_exec_afterstart4="route -n add default 10.0.0.1" # bridge0 jail_QQ_exec_afterstart5="route -n add -inet6 default 2001::1" # bridge0 jail_QQ_exec_afterstart6="/bin/sh /etc/rc" Note that the "/bin/sh /etc/rc" which is the default in the current jail rc script is called here explicitly, because parameter form of jail(8) cannot run commands inside jails. Markiyan. Mel Flynn wrote: > On Friday 18 December 2009 13:40:47 Kouichiro Iwao wrote: > >> I want to make it permanent. I want jails to start automatically when I >> rebooted the host environment. I add the following lines into rc.conf. >> >> jail_jail01_flags="-c vnet" >> jail_jail01_rootdir="/usr/jail/jail01" >> jail_jail01_hostname="jail01.example.jp" >> jail_jail01_ip="192.168.100.101" >> >> However, I failed "/etc/rc.d/jail onestart jail01" to start up the jail. >> How to configure rc.conf in order to make vimage jail permanent? >> >> rc.d/jail only support traditional jails? > > Please show the output, with rc_debug turned on in /etc/rc.conf.