From owner-freebsd-jail@freebsd.org Wed Oct 28 18:39:21 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE5B5A1FA7E; Wed, 28 Oct 2015 18:39:21 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mx1.eichornenterprises.com (mx1.eichornenterprises.com [104.236.13.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.eichornenterprises.com", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 579E71A9A; Wed, 28 Oct 2015 18:39:20 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mail.eichornenterprises.com (cpe-184-59-147-149.neo.res.rr.com [184.59.147.149]) by mx1.eichornenterprises.com (OpenSMTPD) with ESMTP id e6c542f6; Wed, 28 Oct 2015 14:39:11 -0400 (EDT) Received: by mail.eichornenterprises.com (OpenSMTPD) with ESMTPSA id 392dd71d TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO; Wed, 28 Oct 2015 14:39:11 -0400 (EDT) Message-ID: <1446057716.1158.27.camel@michaeleichorn.com> Subject: Re: /etc/jail.conf documentation? From: "Michael B. Eichorn" To: Ernie Luzar , galtsev@kicp.uchicago.edu Cc: freebsd-questions@freebsd.org, freebsd-jail@freebsd.org Date: Wed, 28 Oct 2015 14:41:56 -0400 In-Reply-To: <56310570.4080900@gmail.com> References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <56310570.4080900@gmail.com> Content-Type: multipart/signed; micalg="sha-512"; protocol="application/x-pkcs7-signature"; boundary="=-7L8iWniMz3C4wMOi4fA/" X-Mailer: Evolution 3.16.5 Mime-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 18:39:21 -0000 --=-7L8iWniMz3C4wMOi4fA/ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: > Valeri Galtsev wrote: > > Dear All, > >=20 > > Can someone recommend something similar to FreeBSD handbook that > > describes > > building jails for newer systems meaning /etc/jail.conf as opposed to > > /etc/rc.conf which handbook currently has in its jails chapter. I > > still > > have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is > > time > > to build 10.x production boxes, and do things modern way (implying > > /etc/jail.conf). I still intend to keep building jails "old fashion > > way" > > as described in handbook, as opposed to using tools "ezjail" or > > similar. > >=20 > > Thanks for all your advises! > >=20 > > Valeri > >=20 >=20 > Check out the jail-primer and qjail port. (adding freebsd-jail list) Ernie, I don't think that this is what Valeri was looking for. Those are both jail-management utilities not really documentation on using jail(8) via configuration using jail.conf(5). I would be indeed be interested in a modern best-practices guide for using the base system jail management tools. --=-7L8iWniMz3C4wMOi4fA/ Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCCEqAw ggYwMIIFGKADAgECAgMOXcYwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQK Ew1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVu dCBDQTAeFw0xNTA2MTMyMDI0NDZaFw0xNjA2MTQwMDM1NTBaMEgxHzAdBgNVBAMMFmlrZUBtaWNo YWVsZWljaG9ybi5jb20xJTAjBgkqhkiG9w0BCQEWFmlrZUBtaWNoYWVsZWljaG9ybi5jb20wggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJVdWALPz5h2s5zUQGIJYl6Vp8FPtZNko8q/3s crCsxXJLprMaDdpnqTsmkbmEfKvsqPQE6HVOpGxVRTl/tCm+VvouW9eY9ITMigb1OnHdU13CKO0j drgeU1nHst0qxwsIofRD7nC4dakT6exnrVndlBmLrf/bLPh2qOM8YK5qKK6m33fE7AyYrwiYAWFT 3fERI7LakjaabrIoS/Y1rCdL5FaCTMOlRbZyduc8HkrgjT2JW+i4fVcKyGL5gExBJWfS3q1uGFaB ie6pYtl8lZPtvN0JSfibP003RBoLgzqHJKW91RL0qNeDjKZi/5nrlU398l9UoVvLLO3KxoPBXKCx AgMBAAGjggLcMIIC2DAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcD AgYIKwYBBQUHAwQwHQYDVR0OBBYEFJZqarc6CcrOs6eAwOgrMznk5ZWWMB8GA1UdIwQYMBaAFFNy 7ZKc4NrLAVx8fpY1TvLUuFGCMCEGA1UdEQQaMBiBFmlrZUBtaWNoYWVsZWljaG9ybi5jb20wggFM BgNVHSAEggFDMIIBPzCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcCARYiaHR0cDovL3d3 dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBh Y2NvcmRpbmcgdG8gdGhlIENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0 YXJ0Q29tIENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2Ug aW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wNgYDVR0fBC8w LTAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0dTEtY3JsLmNybDCBjgYIKwYBBQUH AQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczEv Y2xpZW50L2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIu Y2xhc3MxLmNsaWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20v MA0GCSqGSIb3DQEBCwUAA4IBAQB4K8iQw+0FRn3xEnB3vIIu2Vi4C3ZGnOMWP90FFXLrZ6uAu9AK xVCjXUVP6nAEsOopTMu769vVecdBvg0KO2i5aTDTdTLX4g9d020g4OLWW1NiynAkX8oKqJLqZ53q vHK4zP4KWPS3bSqDWVCosTMfI+H6tkg+6G3gS0HHoHTLKZhIT3z6PQZAfeofM7ed6NOdAcj0J2lP ODHzzz7Y9x4wMwYJdidorzUDVYkNIkim8ak7hK9F60NadA5w/BirFATSlzRyV0h1tl6oNisEaQcq tGvy6UoCTDhzaJ7pQValfDXJ/A47P0hNj/CX/PmkY1wQHsEJz2pbh5lqteP/fO0rMIIGMDCCBRig AwIBAgIDDl3GMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG A1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcN MTUwNjEzMjAyNDQ2WhcNMTYwNjE0MDAzNTUwWjBIMR8wHQYDVQQDDBZpa2VAbWljaGFlbGVpY2hv cm4uY29tMSUwIwYJKoZIhvcNAQkBFhZpa2VAbWljaGFlbGVpY2hvcm4uY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVXVgCz8+YdrOc1EBiCWJelafBT7WTZKPKv97HKwrMVyS6az Gg3aZ6k7JpG5hHyr7Kj0BOh1TqRsVUU5f7Qpvlb6LlvXmPSEzIoG9Tpx3VNdwijtI3a4HlNZx7Ld KscLCKH0Q+5wuHWpE+nsZ61Z3ZQZi63/2yz4dqjjPGCuaiiupt93xOwMmK8ImAFhU93xESOy2pI2 mm6yKEv2NawnS+RWgkzDpUW2cnbnPB5K4I09iVvouH1XCshi+YBMQSVn0t6tbhhWgYnuqWLZfJWT 7bzdCUn4mz9NN0QaC4M6hySlvdUS9KjXg4ymYv+Z65VN/fJfVKFbyyztysaDwVygsQIDAQABo4IC 3DCCAtgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF BwMEMB0GA1UdDgQWBBSWamq3OgnKzrOngMDoKzM55OWVljAfBgNVHSMEGDAWgBRTcu2SnODaywFc fH6WNU7y1LhRgjAhBgNVHREEGjAYgRZpa2VAbWljaGFlbGVpY2hvcm4uY29tMIIBTAYDVR0gBIIB QzCCAT8wggE7BgsrBgEEAYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRp b24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNjb3JkaW5n IHRvIHRoZSBDbGFzcyAxIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFydENvbSBD QSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBs aWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDYGA1UdHwQvMC0wK6ApoCeG JWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8w OQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MxL2NsaWVudC9j YTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMS5j bGllbnQuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG 9w0BAQsFAAOCAQEAeCvIkMPtBUZ98RJwd7yCLtlYuAt2RpzjFj/dBRVy62ergLvQCsVQo11FT+pw BLDqKUzLu+vb1XnHQb4NCjtouWkw03Uy1+IPXdNtIODi1ltTYspwJF/KCqiS6med6rxyuMz+Clj0 t20qg1lQqLEzHyPh+rZIPuht4EtBx6B0yymYSE98+j0GQH3qHzO3nejTnQHI9CdpTzgx888+2Pce MDMGCXYnaK81A1WJDSJIpvGpO4SvRetDWnQOcPwYqxQE0pc0cldIdbZeqDYrBGkHKrRr8ulKAkw4 c2ie6UFWpXw1yfwOOz9ITY/wl/z5pGNcEB7BCc9qW4eZarXj/3ztKzCCBjQwggQcoAMCAQICAR4w DQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0 Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDE1NVoXDTE3MTAyNDIxMDE1 NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1 cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAx IFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAMcJg8zOLdgasSmkLhOrlr6KMoOMpohBllVHrdRvEg/q6r8jR+EK75xCGhR8ToREoqe7 zM9/UnC6TS2y9UKTpT1v7RSMzR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC+y7P3/1/X7U8ocb8 VpH/Clt+4iq7nirMcNh6qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxDz2UbFqE2+6vIZoL+ jb9x4Pa5gNf1TwSDkOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr/+N2JLKutIxMYqQO Jebr/f/h5t95m4JgrM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCAa0wggGpMA8GA1UdEwEB /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRTcu2SnODaywFcfH6WNU7y1LhRgjAf BgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5z dGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3Js MIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3Rh cnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t L2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBAAqDCH14qywGXLhjjF6uHLkjd02h cdh9hrw+VUsv+q1eeQWB21jWj3kJ96AUlPCoEGZ/ynJNScWy6QMVQjbbMXltUfO4n4bGGdKo3awP Wp61tjAFgraLJgDk+DsSvUD6EowjMTNx25GQgyYJ5RPIzKKR9tQW8gGK+2+RHxkUCTbYFnL6kl8C h507rUdPPipJ9CgJFws3kDS3gOS5WFMxcjO5DwKfKSETEPrHh7p5shuuNktvsv6hxHTLhiMKX893 gxdT3XLS9OKmCv87vkINQcNEcIIoFWbP9HORz9v3vQwR4e3ksLc2JZOAFK+ssS5XMEoznzpihEP0 PLc4dCBYjbvSD7kxgDwZ+Aj8Q9PkbvE9sIPP7ON0fz095HdThKjiVJe6vofq+n6b1NBc8XdrQvBm unwxD5nvtTW4vtN6VY7mUCmxsCieuoBJ9OlqmsVWQvifIYf40dJPZkk9YgGTzWLpXDSfLSplbY2L L9C9U0ptvjcDjefLTvqSFc7tw1sEhF0n/qpA2r0GpvkLRDmcSwVyPvmjFBGqUp/pNy8ZuPGQmHwF i2/14+xeSUDG2bwnsYJQG2EdJCB6luQ57GEnTA/yKZSTKI8dDQa8Sd3zfXb19mOgSF0bBdXbuKhE puP9wirslFe6fQ1t5j5R0xi72MZ8ikMu1RQZKCyDbMwazlHiMYIDnzCCA5sCAQEwgZQwgYwxCzAJ BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRh bCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkg SW50ZXJtZWRpYXRlIENsaWVudCBDQQIDDl3GMA0GCWCGSAFlAwQCAwUAoIIB2zAYBgkqhkiG9w0B CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTEwMjgxODQxNTZaME8GCSqGSIb3DQEJ BDFCBECl2t6sJqSksgnh7ZRjUt0MglzBuPpg6n2ocb+YjsBXGZCgJ93jY0Hyq2pJNZ9VG5eXzsu0 +ymZVKPAJEm51Y/MMIGlBgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQK Ew1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVu dCBDQQIDDl3GMIGnBgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoT DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25p bmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50 IENBAgMOXcYwDQYJKoZIhvcNAQEBBQAEggEAopTtXK4EVbdB9TzRgfe+i7dG0HdGQDIAYT3+m+38 3oOYtMhzpspq6OHnplUL0jU9EhVVSHWZjByNzDlUPdQKSEkuZg2jGNs2yE9OroAl8EQjlXvY1sc0 LVmt10h07egu4JnJyk2cGPgvTCTGpLouGy6mbbJaApdcaeyeB2dI2005KLCsK+ekKZ3Y5MUIfVZP TgSkfXCOnXU2fBCuqyYxYaQMLtf36kJWEqb/Ptob6zqKXfTL+Lv8O36cTTFzcRUjGKQmpLYGzPU0 5ieqrh7JpPEVWMs6htOddS2efCYifxAs6UVYRc/Ki+BxpupLrAzgOxpgtxkGJWc1K+36oiv1CgAA AAAAAA== --=-7L8iWniMz3C4wMOi4fA/-- From owner-freebsd-jail@freebsd.org Wed Oct 28 20:25:32 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 14CC2A203E0; Wed, 28 Oct 2015 20:25:32 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.70.90]) by mx1.freebsd.org (Postfix) with ESMTP id E54D61EBF; Wed, 28 Oct 2015 20:25:31 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 6BCE8CB8CA4; Wed, 28 Oct 2015 15:25:30 -0500 (CDT) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Wed, 28 Oct 2015 15:25:30 -0500 (CDT) Message-ID: <61253.128.135.52.6.1446063930.squirrel@cosmo.uchicago.edu> In-Reply-To: <1446057716.1158.27.camel@michaeleichorn.com> References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <56310570.4080900@gmail.com> <1446057716.1158.27.camel@michaeleichorn.com> Date: Wed, 28 Oct 2015 15:25:30 -0500 (CDT) Subject: Re: /etc/jail.conf documentation? From: "Valeri Galtsev" To: "Michael B. Eichorn" Cc: "Ernie Luzar" , galtsev@kicp.uchicago.edu, freebsd-questions@freebsd.org, freebsd-jail@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 20:25:32 -0000 On Wed, October 28, 2015 1:41 pm, Michael B. Eichorn wrote: > On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: >> Valeri Galtsev wrote: >> > Dear All, >> > >> > Can someone recommend something similar to FreeBSD handbook that >> > describes >> > building jails for newer systems meaning /etc/jail.conf as opposed to >> > /etc/rc.conf which handbook currently has in its jails chapter. I >> > still >> > have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is >> > time >> > to build 10.x production boxes, and do things modern way (implying >> > /etc/jail.conf). I still intend to keep building jails "old fashion >> > way" >> > as described in handbook, as opposed to using tools "ezjail" or >> > similar. >> > >> > Thanks for all your advises! >> > >> > Valeri >> > >> >> Check out the jail-primer and qjail port. > > (adding freebsd-jail list) > > Ernie, I don't think that this is what Valeri was looking for. Those are > both jail-management utilities not really documentation on using jail(8) > via configuration using jail.conf(5). > > I would be indeed be interested in a modern best-practices guide for > using the base system jail management tools. Michael, thanks for your comment. You certainly are right. Ernie, thanks for your pointers. They are not exactly a chapter on how to do the whole jail manually new style - exactly as Michael says - similar to what is found in FreeBSD handbook (alas, for old style). However, thanks to your pointer, I've found http://jail-primer.sourceforge.net/ which at a first glance looks comprehensive and decent reading, and combined with my experience of setting up jails "by the book" in the past, is sufficient for me to do the same /etc/jail.conf way - I've got one running already; it will need some careful walkover sill, but I'm in business. Thanks again for your insights and help, Ernie and Michael! Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-jail@freebsd.org Wed Oct 28 21:04:47 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0352A20E91 for ; Wed, 28 Oct 2015 21:04:47 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3B12915EB for ; Wed, 28 Oct 2015 21:04:47 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by wicll6 with SMTP id ll6so26841464wic.1 for ; Wed, 28 Oct 2015 14:04:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=6JUkzHtUsrJSWhMWn4e0GiytiieqgbE9loUrI2GDWgc=; b=hJKZWNFK5O9haib9hyof8o0TBn75pBlkcK9eSD/C3kdH76Chq0RzIUKXrlzXj9fUYB zzJk+DvYT7+bPuty06lH/ePzCTfoCv8BkHVyM6/T/jChAI15NsNlsVFh5Az869NfzH3N j+CnoDWFDHy4vIpQi/L+cJcc5i3GP126Pxqm8BNMtkmkAYc+ck2sDSnWgnM19MBkxfQV 05yIfCuq6TMfgFRfolt+FgjG38od2tlH/d0gJ8R5zwkH6lCJBgubNo7aH5OXpcpOvNMq Jo8NAWhezltsk3FNDYCAEDZkebtUrU8XGG7BDNsK90t6Jm0B8jLmedPz9MpzmQ6VPmos sL9A== MIME-Version: 1.0 X-Received: by 10.194.171.69 with SMTP id as5mr54424125wjc.137.1446066285630; Wed, 28 Oct 2015 14:04:45 -0700 (PDT) Received: by 10.194.162.100 with HTTP; Wed, 28 Oct 2015 14:04:45 -0700 (PDT) Date: Wed, 28 Oct 2015 17:04:45 -0400 Message-ID: Subject: Ip not configured on local interface From: David Mehler To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 21:04:47 -0000 Hello, I'm running a FreeBSD 10.2 system and running jails created by ezjail. I'm getting an error on jail creation that the IP selected for the jail is not configured on any local interface, for example 192.168.0.1. This machine has only a single NIC connected to the network and I'm cloning it repeatedly to a lo1 interface. After reading list traffic I'm wondering if my method, which I last used several years back in the 5.4 days, is no longer valid. Performance on my jails is sluggish, sometimes they have a hard time reaching the internet sometimes they don't work at all, for example I have a caching nameserver defined on the 192.168.x.x subnet and jails on that subnet can't reach it. Is there something better out there than ezjail? If so, how hard will it be to migrate configurations over? I've got two jails, the first the caching nameserver, the second a web server/test server with a great many packages. Thanks. Dave. From owner-freebsd-jail@freebsd.org Wed Oct 28 21:05:21 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94453A20EB0; Wed, 28 Oct 2015 21:05:21 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 511F3161C; Wed, 28 Oct 2015 21:05:20 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 970A628438; Wed, 28 Oct 2015 22:05:12 +0100 (CET) Received: from illbsd.quip.test (ip-89-177-49-111.net.upcbroadband.cz [89.177.49.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 3196128436; Wed, 28 Oct 2015 22:05:11 +0100 (CET) Message-ID: <56313886.8060109@quip.cz> Date: Wed, 28 Oct 2015 22:05:10 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:35.0) Gecko/20100101 Firefox/35.0 SeaMonkey/2.32 MIME-Version: 1.0 To: galtsev@kicp.uchicago.edu, "Michael B. Eichorn" CC: freebsd-jail@freebsd.org, freebsd-questions@freebsd.org Subject: Re: /etc/jail.conf documentation? References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <56310570.4080900@gmail.com> <1446057716.1158.27.camel@michaeleichorn.com> <61253.128.135.52.6.1446063930.squirrel@cosmo.uchicago.edu> In-Reply-To: <61253.128.135.52.6.1446063930.squirrel@cosmo.uchicago.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 21:05:21 -0000 Valeri Galtsev wrote on 10/28/2015 21:25: > > On Wed, October 28, 2015 1:41 pm, Michael B. Eichorn wrote: >> On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: >>> Valeri Galtsev wrote: >>>> Dear All, >>>> >>>> Can someone recommend something similar to FreeBSD handbook that >>>> describes >>>> building jails for newer systems meaning /etc/jail.conf as opposed to >>>> /etc/rc.conf which handbook currently has in its jails chapter. I >>>> still >>>> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is >>>> time >>>> to build 10.x production boxes, and do things modern way (implying >>>> /etc/jail.conf). I still intend to keep building jails "old fashion >>>> way" >>>> as described in handbook, as opposed to using tools "ezjail" or >>>> similar. >>>> >>>> Thanks for all your advises! >>>> >>>> Valeri >>>> >>> >>> Check out the jail-primer and qjail port. >> >> (adding freebsd-jail list) >> >> Ernie, I don't think that this is what Valeri was looking for. Those are >> both jail-management utilities not really documentation on using jail(8) >> via configuration using jail.conf(5). >> >> I would be indeed be interested in a modern best-practices guide for >> using the base system jail management tools. > > Michael, thanks for your comment. You certainly are right. > > Ernie, thanks for your pointers. They are not exactly a chapter on how to > do the whole jail manually new style - exactly as Michael says - similar > to what is found in FreeBSD handbook (alas, for old style). However, > thanks to your pointer, I've found http://jail-primer.sourceforge.net/ > which at a first glance looks comprehensive and decent reading, and > combined with my experience of setting up jails "by the book" in the past, > is sufficient for me to do the same /etc/jail.conf way - I've got one > running already; it will need some careful walkover sill, but I'm in > business. You can do your work with jails the same way (creation, updating, upgrading...). You just need to convert your rc.conf configuration in to jail.conf, which is more flexible. Automatic conversion (by rc.d/jail from FreeBSD 10.x) didn't work for me. Manual creation of jail.conf was easy. Miroslav Lachman From owner-freebsd-jail@freebsd.org Wed Oct 28 21:14:16 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0FD15A201A9 for ; Wed, 28 Oct 2015 21:14:16 +0000 (UTC) (envelope-from James@Lodge.me.uk) Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3on0146.outbound.protection.outlook.com [157.55.234.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7D9241C95 for ; Wed, 28 Oct 2015 21:14:14 +0000 (UTC) (envelope-from James@Lodge.me.uk) Received: from VI1PR06MB1037.eurprd06.prod.outlook.com (10.162.123.156) by VI1PR06MB1040.eurprd06.prod.outlook.com (10.162.123.16) with Microsoft SMTP Server (TLS) id 15.1.312.18; Wed, 28 Oct 2015 21:14:04 +0000 Received: from VI1PR06MB1037.eurprd06.prod.outlook.com ([10.162.123.156]) by VI1PR06MB1037.eurprd06.prod.outlook.com ([10.162.123.156]) with mapi id 15.01.0312.014; Wed, 28 Oct 2015 21:14:04 +0000 From: James Lodge To: "freebsd-jail@freebsd.org" Subject: Re: Ip not configured on local interface Thread-Topic: Ip not configured on local interface Thread-Index: AQHREcRNkQljATEif0GxRFposArcg56BZaiY Date: Wed, 28 Oct 2015 21:14:04 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=James@Lodge.me.uk; x-originating-ip: [81.174.132.199] x-microsoft-exchange-diagnostics: 1; VI1PR06MB1040; 5:EFjXDLRBgQ9cDjgpDVXIDLfRK6H/qr54xCWc20uPXyWTd2aMDAAsmZdR6Ng1GwMVs9GEXOnsB6XSuafPELr0iETcvngSeEiaQZb+gx6YFoE1F4gwvcRJ2431BVJqhuS6Fy+MoWH/e4hEeXMVYVfVFA==; 24:3cVvgc5QMLOOaMZoZP5pV5WQVGdZUBLBFcyKGzpGQImxzTY+5GLQFdVgqq8UJdygVjluIkEoMQxkIWbQukDV12qedQ420aBqmz5wMn3bbrY=; 20:SstJ6ZUspNEqMOu6DdC2IQWMDh2ygPJK9xzbYP9gjqQpMVmlkd6k2E7MzUizXBjpD5naDA2vZWHJolLKhreFSA== x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR06MB1040; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(520078)(3002001)(10201501046)(102215026); SRVR:VI1PR06MB1040; BCL:0; PCL:0; RULEID:; SRVR:VI1PR06MB1040; x-forefront-prvs: 0743E8D0A6 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(199003)(5007970100001)(106356001)(66066001)(106116001)(76176999)(5004730100002)(2351001)(40100003)(54356999)(450100001)(11100500001)(50986999)(86362001)(122556002)(97736004)(102836002)(76576001)(74482002)(5002640100001)(5001920100001)(5001960100002)(2501003)(107886002)(81156007)(110136002)(77096005)(87936001)(80792005)(10400500002)(2900100001)(101416001)(92566002)(5003600100002)(2950100001)(74316001)(5008740100001)(33656002)(105586002)(189998001); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR06MB1040; H:VI1PR06MB1037.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: Lodge.me.uk does not designate permitted sender hosts) spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Lodge.me.uk X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2015 21:14:04.2551 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ded56ae9-7c77-4cf6-bbfd-39e6a505742d X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR06MB1040 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 21:14:16 -0000 >Hello, > >I'm running a FreeBSD 10.2 system and running jails created by ezjail. >I'm getting an error on jail creation that the IP selected for the >jail is not configured on any local interface, for example >192.168.0.1. > >This machine has only a single NIC connected to the network and I'm >cloning it repeatedly to a lo1 interface. > >After reading list traffic I'm wondering if my method, which I last >used several years back in the 5.4 days, is no longer valid. >Performance on my jails is sluggish, sometimes they have a hard time >reaching the internet sometimes they don't work at all, for example I >have a caching nameserver defined on the 192.168.x.x subnet and jails >on that subnet can't reach it. > >Is there something better out there than ezjail? If so, how hard will >it be to migrate configurations over? I've got two jails, the first >the caching nameserver, the second a web server/test server with a >great many packages. > >Thanks. >Dave. Hi Dave, So you cloned lo1, is the IP of the error proned jail an alias address on t= he lo1 interface or do any interface reside on the subnet 192.168.0.0/24 here is my lo1 interface that my ezjail's use. One alias for each jail.=20 lo1: flags=3D8049 metric 0 mtu 16384 options=3D600003 inet 172.16.1.2 netmask 0xffffffff inet 172.16.1.3 netmask 0xffffffff inet 172.16.1.4 netmask 0xffffffff inet 172.16.1.5 netmask 0xffffffff inet 172.16.1.6 netmask 0xffffffff inet 172.16.1.7 netmask 0xffffffff inet 172.16.1.8 netmask 0xffffffff inet 172.16.1.9 netmask 0xffffffff inet 172.16.1.10 netmask 0xffff0000 nd6 options=3D29 Regards James = From owner-freebsd-jail@freebsd.org Wed Oct 28 22:29:15 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ECBA5A200CE for ; Wed, 28 Oct 2015 22:29:14 +0000 (UTC) (envelope-from pjlists@netzkommune.com) Received: from mx2.nkhosting.net (mx2.nkhosting.net [109.75.177.32]) by mx1.freebsd.org (Postfix) with ESMTP id 72D1E1F1D for ; Wed, 28 Oct 2015 22:29:13 +0000 (UTC) (envelope-from pjlists@netzkommune.com) Received: from mx2filter1.nkhosting.net (unknown [109.75.177.32]) by mx2.nkhosting.net (Postfix) with ESMTP id 0ADAC2D6CBA8; Wed, 28 Oct 2015 23:19:23 +0100 (CET) X-Virus-Scanned: amavisd-new at mx2.nkhosting.net X-Spam-Flag: NO X-Spam-Score: -2.9 X-Spam-Level: X-Spam-Status: No, score=-2.9 tagged_above=-999 required=6.2 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mx2.nkhosting.net ([109.75.177.32]) by mx2filter1.nkhosting.net (mx2filter1.nkhosting.net [109.75.177.32]) (amavisd-new, port 10024) with ESMTP id gCdfW05r5FfX; Wed, 28 Oct 2015 23:19:19 +0100 (CET) Received: from [192.168.19.11] (b2b-130-180-30-42.unitymedia.biz [130.180.30.42]) by mx2.nkhosting.net (Postfix) with ESMTPSA id 1A1E12D6CBA6; Wed, 28 Oct 2015 23:19:18 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Subject: Re: /etc/jail.conf documentation? From: Philip Jocks In-Reply-To: <56313886.8060109@quip.cz> Date: Wed, 28 Oct 2015 23:19:18 +0100 Cc: galtsev@kicp.uchicago.edu, "Michael B. Eichorn" , freebsd-jail@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <1790D059-5FB1-4CBB-BC4E-FFFC4CFD32FE@netzkommune.com> References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <56310570.4080900@gmail.com> <1446057716.1158.27.camel@michaeleichorn.com> <61253.128.135.52.6.1446063930.squirrel@cosmo.uchicago.edu> <56313886.8060109@quip.cz> To: Miroslav Lachman <000.fbsd@quip.cz> X-Mailer: Apple Mail (2.2104) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 22:29:15 -0000 > Am 28.10.2015 um 22:05 schrieb Miroslav Lachman <000.fbsd@quip.cz>: >=20 > Valeri Galtsev wrote on 10/28/2015 21:25: >>=20 >> On Wed, October 28, 2015 1:41 pm, Michael B. Eichorn wrote: >>> On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: >>>> Valeri Galtsev wrote: >>>>> Dear All, >>>>>=20 >>>>> Can someone recommend something similar to FreeBSD handbook that >>>>> describes >>>>> building jails for newer systems meaning /etc/jail.conf as opposed = to >>>>> /etc/rc.conf which handbook currently has in its jails chapter. I >>>>> still >>>>> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it = is >>>>> time >>>>> to build 10.x production boxes, and do things modern way (implying >>>>> /etc/jail.conf). I still intend to keep building jails "old = fashion >>>>> way" >>>>> as described in handbook, as opposed to using tools "ezjail" or >>>>> similar. >>>>>=20 >>>>> Thanks for all your advises! >>>>>=20 >>>>> Valeri >>>>>=20 >>>>=20 >>>> Check out the jail-primer and qjail port. >>>=20 >>> (adding freebsd-jail list) >>>=20 >>> Ernie, I don't think that this is what Valeri was looking for. Those = are >>> both jail-management utilities not really documentation on using = jail(8) >>> via configuration using jail.conf(5). >>>=20 >>> I would be indeed be interested in a modern best-practices guide for >>> using the base system jail management tools. >>=20 >> Michael, thanks for your comment. You certainly are right. >>=20 >> Ernie, thanks for your pointers. They are not exactly a chapter on = how to >> do the whole jail manually new style - exactly as Michael says - = similar >> to what is found in FreeBSD handbook (alas, for old style). However, >> thanks to your pointer, I've found = http://jail-primer.sourceforge.net/ >> which at a first glance looks comprehensive and decent reading, and >> combined with my experience of setting up jails "by the book" in the = past, >> is sufficient for me to do the same /etc/jail.conf way - I've got one >> running already; it will need some careful walkover sill, but I'm in >> business. >=20 > You can do your work with jails the same way (creation, updating, = upgrading...). You just need to convert your rc.conf configuration in to = jail.conf, which is more flexible. > Automatic conversion (by rc.d/jail from FreeBSD 10.x) didn't work for = me. Manual creation of jail.conf was easy. we currently use ezjail and on other boxes we roughly do it like this: = http://savagedlight.me/2014/03/14/freebsd-jail-server-with-zfs-clone-and-j= ail-conf/ at least, that=E2=80=99s pretty close to how we do it. On UFS based = systems we use cpdup instead of the ZFS cloning. For upgrades, we use Matt Simerson=E2=80=99s very nice `jailmanage` = script: https://www.tnpi.net/computing/freebsd/jail_manage.txt which is pretty straight forward and just helps you with things (running = freebsd-update etc) and doesn=E2=80=99t lock you in. Our jail.conf looks = like this: -- exec.start =3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; exec.clean; mount.devfs; path =3D "/usr/jails/$name=E2=80=9C; jailname { host.hostname =3D 'jailname'; ip4.addr =3D x.x.x.x; } -- and then we just repeat the jailname-blocks. `jailmanage` expects each = block to start like this. HTH, Philip= From owner-freebsd-jail@freebsd.org Thu Oct 29 00:23:26 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 71B77A1F61C for ; Thu, 29 Oct 2015 00:23:26 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) by mx1.freebsd.org (Postfix) with ESMTP id 4A9181FC1 for ; Thu, 29 Oct 2015 00:23:25 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [10.1.1.2] (unknown [10.1.1.2]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id A2419DD57 for ; Thu, 29 Oct 2015 00:23:19 +0000 (UTC) Subject: Re: Ip not configured on local interface To: freebsd-jail@freebsd.org References: From: Allan Jude Message-ID: <563166F9.1040902@freebsd.org> Date: Wed, 28 Oct 2015 20:23:21 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Nqbq36unWVdhDnefN8oBV3VtgIvuFM3Cd" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Oct 2015 00:23:26 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Nqbq36unWVdhDnefN8oBV3VtgIvuFM3Cd Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015-10-28 17:04, David Mehler wrote: > Hello, >=20 > I'm running a FreeBSD 10.2 system and running jails created by ezjail. > I'm getting an error on jail creation that the IP selected for the > jail is not configured on any local interface, for example > 192.168.0.1. >=20 > This machine has only a single NIC connected to the network and I'm > cloning it repeatedly to a lo1 interface. >=20 > After reading list traffic I'm wondering if my method, which I last > used several years back in the 5.4 days, is no longer valid. > Performance on my jails is sluggish, sometimes they have a hard time > reaching the internet sometimes they don't work at all, for example I > have a caching nameserver defined on the 192.168.x.x subnet and jails > on that subnet can't reach it. >=20 > Is there something better out there than ezjail? If so, how hard will > it be to migrate configurations over? I've got two jails, the first > the caching nameserver, the second a web server/test server with a > great many packages. >=20 > Thanks. > Dave. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 In ezjail, if you just define the IP address as lo1|192.168.0.1 the jail system will automatically create the alias on that interface when the jail starts, and remove it when the jail stops. It is much easier than manually managing the interfaces. --=20 Allan Jude --Nqbq36unWVdhDnefN8oBV3VtgIvuFM3Cd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWMWb8AAoJEBmVNT4SmAt+BXsP/jgHUeuqIvYu15RTuFGAeun8 70qbOKpgPa9nAi5fm8KDsGDpywv4pzIDmhi1jnHz01/XgZKoR9mjZsXALLBj1hSP ii2/Z6TP9jIBJd5+LwLUik+h9NuGBEt6rFHJPvBaOkrzn9mC+TlSECi4zz9LgPb+ eNLneSAPrtWuSEYvYAqof0u315899YyFwWlni9bVtCSrsUfqjrtAmExVNMcPS68c X+KMO2rBXdll59h+L72KpnqI1FNWiJkws3qLTywEfihCCeBV0czysYoE5sGJW6DB 0ahXtrSqDdcC3UvU6YsSENS+YCce3wI450NtFOciBKxvqniXWYCP1UTsuxYrv7cc RyHsGn6Zp7BGYLqaLTejTt+OqsU//0MedIekAkdV+xLC3nkgaSDrtx3yHrrGXqYy sqhRdMUx1OhqH3ur67h+2fFA828lXG5HpvQHOqA12PHcdd0H0dYvNXsKFeNLctgw pwU0HYtUjhc8lVhVKx+qXTcMSHLWjnzcy/7gR4XTq0Q0Pam/0oqUvCNz1joQODdq CenUc6c7zICoDwFXkgmYjE537oRtwN75B9YfMqv9aAMY5eBN+a8dbtGqFeiaquZc VmESTJsVDKAU1ZE1UgNrOUOeaBrqPrCjiVYNrUKVvQTzNakgDMSiPKrFIMdlKyAZ a9pU0/YN792EqF6CRHbo =VThv -----END PGP SIGNATURE----- --Nqbq36unWVdhDnefN8oBV3VtgIvuFM3Cd-- From owner-freebsd-jail@freebsd.org Thu Oct 29 11:53:44 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 43557A20188 for ; Thu, 29 Oct 2015 11:53:44 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0F10B180E for ; Thu, 29 Oct 2015 11:53:43 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: by iody8 with SMTP id y8so42415359iod.1 for ; Thu, 29 Oct 2015 04:53:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=clintarmstrong.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=836dNAnU7iO0TYTH1clLqjivSTAXqenppfaZjUDnGsM=; b=sKZE09FRNgkOTwpAsBjF5Hv89rM7aSArauByO0hMbyzcedFompndGcs/7KPyHmL1Ak Czf8sEp8K+h6/f6A5UPEtjfJqwhUuAgA20UlDyRR7YEhvoiKINWGb5WMe7dgb6QJptwR ZL11xkrgqZkzaDSu69sCCZKHkrBSBwhFZW+fI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=836dNAnU7iO0TYTH1clLqjivSTAXqenppfaZjUDnGsM=; b=HR8S9e4eVAlbef2knsLR499yOjpDZRXIdGIILYh1Sqpk24nXEVZk1zPCxUoRNOXHNX O7wcqs5DY6VBfNUBboACqW+ww3CkJICQKuwMt/DzQNIScLRt6Sua4Ubqpo1bbLHlchqX EzYL71k1B3KF2MycDBacFsmSsNR2QUf8ixXfS3dHh/4f1GuEa03GQIe0BNBv/KM0U9B4 jYEcwnPtVbvbXukm1HRTd+J7l3OuYZy0r3NjzYp2hxxKti9CrhkLfpc5FRDTSKjPTxwz SxsA3dEn3/WIOXUvTGli0kgefU9+fDPd1c4xtc8pZw9BrpvGdrSYTLzVQTbdtvSpNAuk UdTA== X-Gm-Message-State: ALoCoQmyQ4lxCpdImopm4kslOboIWeYKQ1p+gIqhPDdG0b4GV2M6sJUQsSHICLm68O3NMkffZ9I3 X-Received: by 10.107.132.138 with SMTP id o10mr2848075ioi.176.1446119622796; Thu, 29 Oct 2015 04:53:42 -0700 (PDT) MIME-Version: 1.0 References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <56310570.4080900@gmail.com> <1446057716.1158.27.camel@michaeleichorn.com> <61253.128.135.52.6.1446063930.squirrel@cosmo.uchicago.edu> <56313886.8060109@quip.cz> <1790D059-5FB1-4CBB-BC4E-FFFC4CFD32FE@netzkommune.com> In-Reply-To: <1790D059-5FB1-4CBB-BC4E-FFFC4CFD32FE@netzkommune.com> From: Clint Armstrong Date: Thu, 29 Oct 2015 11:53:33 +0000 Message-ID: Subject: Re: /etc/jail.conf documentation? To: Philip Jocks , Miroslav Lachman <000.fbsd@quip.cz> Cc: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Oct 2015 11:53:44 -0000 A little while ago I wrote up an overview of how I build jails using jail.conf at http://clinta.github.io/freebsd-jails-the-hard-way/. On Wed, Oct 28, 2015 at 6:29 PM Philip Jocks wrote: > > > Am 28.10.2015 um 22:05 schrieb Miroslav Lachman <000.fbsd@quip.cz>: > > > > Valeri Galtsev wrote on 10/28/2015 21:25: > >> > >> On Wed, October 28, 2015 1:41 pm, Michael B. Eichorn wrote: > >>> On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: > >>>> Valeri Galtsev wrote: > >>>>> Dear All, > >>>>> > >>>>> Can someone recommend something similar to FreeBSD handbook that > >>>>> describes > >>>>> building jails for newer systems meaning /etc/jail.conf as opposed = to > >>>>> /etc/rc.conf which handbook currently has in its jails chapter. I > >>>>> still > >>>>> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it i= s > >>>>> time > >>>>> to build 10.x production boxes, and do things modern way (implying > >>>>> /etc/jail.conf). I still intend to keep building jails "old fashion > >>>>> way" > >>>>> as described in handbook, as opposed to using tools "ezjail" or > >>>>> similar. > >>>>> > >>>>> Thanks for all your advises! > >>>>> > >>>>> Valeri > >>>>> > >>>> > >>>> Check out the jail-primer and qjail port. > >>> > >>> (adding freebsd-jail list) > >>> > >>> Ernie, I don't think that this is what Valeri was looking for. Those > are > >>> both jail-management utilities not really documentation on using > jail(8) > >>> via configuration using jail.conf(5). > >>> > >>> I would be indeed be interested in a modern best-practices guide for > >>> using the base system jail management tools. > >> > >> Michael, thanks for your comment. You certainly are right. > >> > >> Ernie, thanks for your pointers. They are not exactly a chapter on how > to > >> do the whole jail manually new style - exactly as Michael says - simil= ar > >> to what is found in FreeBSD handbook (alas, for old style). However, > >> thanks to your pointer, I've found http://jail-primer.sourceforge.net/ > >> which at a first glance looks comprehensive and decent reading, and > >> combined with my experience of setting up jails "by the book" in the > past, > >> is sufficient for me to do the same /etc/jail.conf way - I've got one > >> running already; it will need some careful walkover sill, but I'm in > >> business. > > > > You can do your work with jails the same way (creation, updating, > upgrading...). You just need to convert your rc.conf configuration in to > jail.conf, which is more flexible. > > Automatic conversion (by rc.d/jail from FreeBSD 10.x) didn't work for > me. Manual creation of jail.conf was easy. > > we currently use ezjail and on other boxes we roughly do it like this: > > > http://savagedlight.me/2014/03/14/freebsd-jail-server-with-zfs-clone-and-= jail-conf/ > > at least, that=E2=80=99s pretty close to how we do it. On UFS based syste= ms we use > cpdup instead of the ZFS cloning. > > For upgrades, we use Matt Simerson=E2=80=99s very nice `jailmanage` scrip= t: > > https://www.tnpi.net/computing/freebsd/jail_manage.txt > > which is pretty straight forward and just helps you with things (running > freebsd-update etc) and doesn=E2=80=99t lock you in. Our jail.conf looks = like this: > > -- > exec.start =3D "/bin/sh /etc/rc"; > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > exec.clean; > mount.devfs; > path =3D "/usr/jails/$name=E2=80=9C; > > jailname { > host.hostname =3D 'jailname'; > ip4.addr =3D x.x.x.x; > } > -- > > and then we just repeat the jailname-blocks. `jailmanage` expects each > block to start like this. > > HTH, > > Philip > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-jail@freebsd.org Thu Oct 29 12:19:45 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84930A20F9F for ; Thu, 29 Oct 2015 12:19:45 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 40DE8136A for ; Thu, 29 Oct 2015 12:19:44 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 024BB28411; Thu, 29 Oct 2015 13:19:43 +0100 (CET) Received: from illbsd.quip.test (ip-89-177-49-111.net.upcbroadband.cz [89.177.49.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 59D5F2842F; Thu, 29 Oct 2015 13:19:38 +0100 (CET) Message-ID: <56320EDA.3090101@quip.cz> Date: Thu, 29 Oct 2015 13:19:38 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:35.0) Gecko/20100101 Firefox/35.0 SeaMonkey/2.32 MIME-Version: 1.0 To: Clint Armstrong , Philip Jocks CC: freebsd-jail@freebsd.org Subject: Re: /etc/jail.conf documentation? References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <56310570.4080900@gmail.com> <1446057716.1158.27.camel@michaeleichorn.com> <61253.128.135.52.6.1446063930.squirrel@cosmo.uchicago.edu> <56313886.8060109@quip.cz> <1790D059-5FB1-4CBB-BC4E-FFFC4CFD32FE@netzkommune.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Oct 2015 12:19:45 -0000 Clint Armstrong wrote on 10/29/2015 12:53: > A little while ago I wrote up an overview of how I build jails using > jail.conf at http://clinta.github.io/freebsd-jails-the-hard-way/. I noticed your are using unionfs. Is it working without any problems? Every time (in the past) I read that somebody tried it, it always has some problems with stability etc. And what you are using to update / upgrade modified system files in thinjail1? (if nullfs ro shared base is updated / upgraded) Miroslav Lachman From owner-freebsd-jail@freebsd.org Thu Oct 29 13:02:23 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4436EA12B68 for ; Thu, 29 Oct 2015 13:02:23 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0F3D21BA8 for ; Thu, 29 Oct 2015 13:02:23 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: by iofz202 with SMTP id z202so44401710iof.2 for ; Thu, 29 Oct 2015 06:02:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=clintarmstrong.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=caTd3jRUPjwvjzoZGJPGIIKoGdck/dqP90guvMWIjBs=; b=g1jo6LK2QmDp7pyvNTJkAwLUcGUn6P9doeGKC4R46U3pZJX0fA+XtfiXAtVUmL1CHa 2k39cLoVQKuDqqFN0soiYifCAM5nbpzGdtwVHclvLezdXmjBfKEvdcxHr189kPk/zBrh WwDYAA8B4zxMqjUGa0JqZ7Aa5VT6wOkWIsbYI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=caTd3jRUPjwvjzoZGJPGIIKoGdck/dqP90guvMWIjBs=; b=MVCpCIc8qUS6QWgnLGdNHQ39FeO7ul1vAfslhwdPHDKY68UiSIbYN7tfas/2110y60 j4R8Aeloq0CJCck5v07W6XkiAL4BU1ch3LdifPi0bToC2ns/7myzBTjhyhHAuOK6x0Qi YfL9saMRRvDW3G7iNwaULzE5p/euyat5JqAlqrgS47tH/nDnQ0GhKzMxbVYRJrjrlcH3 8QfWV4fLqiWDqF32172Ckn2TaWPaEuaBR9fKLpgf6FxZiUGdIojyVFKLei1zr8T4qhdD 53w3NSJL5GTA+SE6XVroNjyFKEoRuRLzxjoPPG42RHeMP5AkiQ19r8UIaH9HhDcTdmfn 0zlg== X-Gm-Message-State: ALoCoQllxb4hwZRrfHw6W1Iw4Tm/1SjMaN7FQfDtlGSfMd4AK9lP57jxc1Hptp7uL6fg/Sl0KRkA X-Received: by 10.107.132.138 with SMTP id o10mr3233214ioi.176.1446123742352; Thu, 29 Oct 2015 06:02:22 -0700 (PDT) MIME-Version: 1.0 References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <56310570.4080900@gmail.com> <1446057716.1158.27.camel@michaeleichorn.com> <61253.128.135.52.6.1446063930.squirrel@cosmo.uchicago.edu> <56313886.8060109@quip.cz> <1790D059-5FB1-4CBB-BC4E-FFFC4CFD32FE@netzkommune.com> <56320EDA.3090101@quip.cz> In-Reply-To: <56320EDA.3090101@quip.cz> From: Clint Armstrong Date: Thu, 29 Oct 2015 13:02:13 +0000 Message-ID: Subject: Re: /etc/jail.conf documentation? To: Miroslav Lachman <000.fbsd@quip.cz>, Philip Jocks Cc: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Oct 2015 13:02:23 -0000 I didn't have stability trouble with unionfs, but I only used it for a few weeks before I switched to using zfs clones because I wanted to delegate zfs datasets to jails. To upgrade, I basically didn't, instead I'd just create a new upgraded base then change the jail fstab to point to the new base. On Thu, Oct 29, 2015, 08:19 Miroslav Lachman <000.fbsd@quip.cz> wrote: > Clint Armstrong wrote on 10/29/2015 12:53: > > A little while ago I wrote up an overview of how I build jails using > > jail.conf at http://clinta.github.io/freebsd-jails-the-hard-way/. > > I noticed your are using unionfs. Is it working without any problems? > Every time (in the past) I read that somebody tried it, it always has > some problems with stability etc. > > And what you are using to update / upgrade modified system files in > thinjail1? (if nullfs ro shared base is updated / upgraded) > > Miroslav Lachman >