Date: Wed, 14 Dec 2016 21:53:31 +0100 From: Michael Grimm <trashcan@ellael.org> To: freebsd-jail@FreeBSD.org Subject: Re: multiple interfaces for jail.conf(1) and jail_set(2) Message-ID: <818391CE-7425-49DF-8794-B6E43C1389AD@ellael.org> In-Reply-To: <907B489D-899A-4204-96D8-ACF86EE829A7@blackskyresearch.net> References: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <45822529-2096-4B32-8515-F5875BEF7101@ellael.org> <907B489D-899A-4204-96D8-ACF86EE829A7@blackskyresearch.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Isaac (.ike) Levy <ike@blackskyresearch.net> wrote
> Wow, that=E2=80=99s rad Michael,
>=20
>> On Dec 14, 2016, at 3:30 PM, Michael Grimm <trashcan@ellael.org> =
wrote:
>>=20
>> Isaac (.ike) Levy <ike@blackskyresearch.net> wrote:
>>=20
>>> Can I specify multiple IP interfaces and assign IP=E2=80=99s to them =
using jail.conf?
>>=20
>> Not sure if I understand your question correctly, but I do define the =
following in my jail.conf for VNET jails:
>>=20
>> #
>> # host dependent global settings
>> #
>> $ip6prefixLOCAL =3D "fd00:dead:beef:1234";
>>=20
>> #
>> # global jail settings
>> #
>> host.hostname =3D "${name}";
>> path =3D "/usr/home/jails/${name}";
>> mount.fstab =3D "/etc/fstab.${name}";
>> exec.consolelog =3D "/var/log/jail_${name}_console.log";
>> vnet =3D "new";
>> vnet.interface =3D "epair${jailID}b";
>> exec.clean;
>> mount.devfs;
>> persist;
>>=20
>> #
>> # network settings to apply/destroy during start/stop of every jail
>> #
>> exec.prestart =3D "sleep 2";
>> exec.prestart +=3D "/sbin/ifconfig epair${jailID} =
create up";
>> exec.prestart +=3D "/sbin/ifconfig bridge0 addm =
epair${jailID}a";
>> exec.start =3D "/sbin/sysctl net.inet6.ip6.dad_count=3D0";
>> exec.start +=3D "/sbin/ifconfig lo0 127.0.0.1 up";
>> exec.start +=3D "/sbin/ifconfig epair${jailID}b inet =
${ip4_addr}";
>> exec.start +=3D "/sbin/ifconfig epair${jailID}b inet6 =
${ip6_addr}";
>> exec.start +=3D "/sbin/route add default -gateway =
10.1.1.254";
>> exec.start +=3D "/sbin/route add -inet6 default -gateway =
${ip6prefixLOCAL}::254";
>> exec.stop =3D "/sbin/route del default";
>> exec.stop +=3D "/sbin/route del -inet6 default";
>> exec.stop +=3D "/bin/sh /etc/rc.shutdown";
>> exec.poststop =3D "/sbin/ifconfig epair${jailID}a =
destroy";
>>=20
>> #
>> # individual jail settings
>> #
>> dns {
>> $jailID =3D 1;
>> $ip4_addr =3D 10.1.1.1;
>> $ip4_addr_2 =3D 10.1.1.2;
>> $ip6_addr =3D ${ip6prefixLOCAL}::1/64;
>> $ip6_addr_2 =3D ${ip6prefixLOCAL}::2/64;
>> exec.start +=3D "/sbin/ifconfig epair${jailID}b inet =
${ip4_addr_2} alias";
>> exec.start +=3D "/sbin/ifconfig epair${jailID}b inet6 =
${ip6_addr_2} alias";
>> exec.start +=3D "/bin/sh /etc/rc";
>> }
>>=20
>> etc.
>=20
> I=E2=80=99ll need to study/look up some of that syntax, to fully grok =
this, but that comprehensive example appears to hit the nail on the head =
several times over with the exec.start/exec.stop action.
>=20
> Two questions though:
>=20
> - I=E2=80=99m confused how you define the shell style $ variables in =
your individual jail settings above, e.g. =E2=80=98$ip4_addr_2 =3D =
10.1.1.2;=E2=80=99, why/how does that work? Is that a variable to be =
expanded, or some other behavior?
This is described in jail.conf(5) under the section "variables". I do =
have 10 jails running, and those $ variables/parameters are very =
helpful, indeed.
>> Again, not sure if I do understand your issue correctly, but the =
shown examples of exec.start, exec.stop, etc. are quite versatile to =
use.
>>=20
>> I do start/stop my jails by "service jail start/stop=E2=80=9D.
>=20
> - Obviously you state you=E2=80=99re using service to start/stop =
jails, but shouldn=E2=80=99t this work with =E2=80=98jail -c =
<jailname>=E2=80=99, or are these subsystems not interoperable?
Hmm. I do have to admit that I never tried 'jail -c <jailname>', but I =
just gave it a try, and yes, it works as well :-)=20
I do use "service jail start/stop" because that will obey my pre-defined =
starting/stopping order of jails (which I do need to have, e.g. dns =
before mail and such) in /etc/rc.conf
jail_enable=3D"YES"
jail_reverse_stop=3D"YES"
jail_list=3D"dns mail ..."
Regards,
Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?818391CE-7425-49DF-8794-B6E43C1389AD>