From owner-freebsd-questions@freebsd.org Thu Oct 29 15:04:25 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 347A2A218A6 for ; Thu, 29 Oct 2015 15:04:25 +0000 (UTC) (envelope-from ricky1252@hotmail.com) Received: from SNT004-OMC4S12.hotmail.com (snt004-omc4s12.hotmail.com [65.55.90.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 066081436; Thu, 29 Oct 2015 15:04:24 +0000 (UTC) (envelope-from ricky1252@hotmail.com) Received: from SNT146-W31 ([65.55.90.200]) by SNT004-OMC4S12.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Thu, 29 Oct 2015 08:04:24 -0700 X-TMN: [kyfGC5wAZwfnc2qaKEnJJmM7Zan64jyE] X-Originating-Email: [ricky1252@hotmail.com] Message-ID: From: Ricky G To: Mark Felder CC: "freebsd-questions@freebsd.org" Subject: RE: /etc/jail.conf documentation? Date: Thu, 29 Oct 2015 11:04:23 -0400 Importance: Normal In-Reply-To: <1446126519.3886654.423612921.572AA6CD@webmail.messagingengine.com> References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu>, <1446064085.1148620.422968569.0E47599D@webmail.messagingengine.com>, <20953.128.135.52.6.1446065026.squirrel@cosmo.uchicago.edu>, , <1446126519.3886654.423612921.572AA6CD@webmail.messagingengine.com> MIME-Version: 1.0 X-OriginalArrivalTime: 29 Oct 2015 15:04:24.0008 (UTC) FILETIME=[18EEC480:01D1125B] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Oct 2015 15:04:25 -0000 Saw this post and decided to share as well. When I started using jails I wa= nted the system to be easy and flexible. Reading the handbook=2C I liked th= is layout https://www.freebsd.org/doc/handbook/jails-application.html. I de= cided to make some scripts based on this layout and I also made some improv= ements based on problems I ran into using the layout. Basically the scripts create a readonly base and duplicates the base settin= g to readonly. Upgrading is simple because you just recreate the base shutd= own duplicate startup and the jails are updated. One side note that Id like= to add is my use of mergemaster is the safe way which is a bit more work. = (The scripts will do everything except create the base dataset). I still ha= ve some more work to do on these scripts with possible errors=2C but they w= ork well for what I need them for. As for my jail.conf host.hostname =3D "${name}"=3Bpath =3D "/usr/jails/${name}"=3Bmount.fstab = =3D "/etc/fstab.${name}"=3Bmount.devfs =3D "1"=3Bdevfs_ruleset =3D "4"=3Bex= ec.consolelog =3D "/var/log/jail_${name}_console.log"=3Binterface =3D "ue0= "=3Bexec.start =3D "/bin/sh /etc/rc"=3Bexec.stop =3D "/bin/sh /etc/rc.shu= tdown"=3Bexec.clean=3Bpersist=3B allow.raw_sockets =3D "1"=3Ballow.set_hostname =3D "0"=3B foo { ip4.addr =3D "192.168.1.9/24"=3B} ### For vnet ###bar { $if =3D "0"=3B $ip_addr =3D "192.168.1.10/24"=3B $ip= _route =3D "192.168.1.1"=3B interface =3D "bridge0"=3B vnet=3B vnet.inter= face =3D "epair${if}b"=3B exec.prestart =3D "ifconfig bridge0 create"=3B e= xec.prestart +=3D "ifconfig epair${if} create up"=3B exec.prestart +=3D "= ifconfig bridge0 addm epair${if}a"=3B exec.start =3D "/sbin/ifconfig lo0 1= 27.0.0.1 up"=3B exec.start +=3D "/sbin/ifconfig epair${if}b inet ${ip_addr= } up"=3B exec.start +=3D "/sbin/route add default ${ip_route}"=3B exec.sta= rt +=3D "/bin/sh /etc/rc"=3B exec.stop =3D "/bin/sh /etc/rc.shutdown"=3B = exec.poststop =3D "ifconfig bridge0 destroy"=3B exec.poststop +=3D "ifcon= fig epair${if}a destroy"=3B exec.clean=3B persist=3B} $ cat update #!/usr/bin/env bashTEMPLATE_ZFS_DIR=3D"tank/jails/template"TEM= PLATE_NAME=3D"main"TEMPLATE_DIR=3D"/usr/jails/template"TEMPLATE_SNAPSHOT_NA= ME=3D"now"JAIL_DIR=3D"/usr/jails"JAIL_ZFS_DIR=3D"tank/jails"JAILS=3D( $(jls= | grep ${JAIL_DIR} | awk '{ print $3 }') )SRC=3D"/usr/src" ZFS_TEMPLATE=3D"${TEMPLATE_ZFS_DIR}/${TEMPLATE_NAME}"TEMPLATE_SNAPSHOT=3D"$= {ZFS_TEMPLATE}@${TEMPLATE_SNAPSHOT_NAME}"TEMPLATE_OLD_SNAPSHOT=3D"${ZFS_TEM= PLATE}@old.$(openssl rand -hex 8)"TEMPLATE=3D"${TEMPLATE_DIR}/${TEMPLATE_NA= ME}"SKEL=3D"${TEMPLATE_DIR}/skel" ### Some error checking ###zfs list "${ZFS_TEMPLATE}" >& /dev/nullif [ $? -= eq 1 ]=3Bthen echo "Template dataset ${ZFS_TEMPLATE} not found=2C or wrong = Template name" exit 1fiif [ $(zfs get mountpoint "${ZFS_TEMPLATE}" | awk '{= print $3 }' | tail -n 1) !=3D "${TEMPLATE}" ]then echo "Template dataset n= ot mounted at ${TEMPLATE}" exit 1fiif [ $(zfs get mounted "${ZFS_TEMPLATE}"= | awk '{ print $3 }' | tail -n 1) !=3D yes ]then echo "Template dataset ${= ZFS_TEMPLATE} not mounted" exit 1fi### Destroy old template ###zfs set read= only=3Doff "${ZFS_TEMPLATE}"chflags -R 0 "${TEMPLATE}"rm -r "${TEMPLATE}"/*= cd "${SKEL}"rm -R media root etc mnt tmp var ### Create new template ###cd ${SRC}make installworld DESTDIR=3D"${TEMPLATE= }"if [ $? -eq 1 ]then echo "${SRC} Needs to be compiled. Run make buildworl= d." exit 1fimake distribution DESTDIR=3D"${TEMPLATE}" ### Recreate skel ###cd "${TEMPLATE}"for skel in media root etc mnt tmp var= do mv "${TEMPLATE}"/"${skel}" "${SKEL}"/done if [ -f /etc/resolv.conf ]then cp /etc/resolv.conf "${SKEL}"/etc/fiprintf '= hostname=3D""\nsendmail_enable=3D"NO"\nsendmail_submit_enable=3D"NO"\nsendm= ail_outbound_enable=3D"NO"\nsendmail_msp_queue_enable=3D"NO"' > "${SKEL}"/e= tc/rc.conf### Create links for new template ###for link in etc home mnt med= ia root tmp vardo ln -s s/${link} "${TEMPLATE}"/${link}doneln -s ../s/home = "${TEMPLATE}"/usr/homeln -s ../s/usr-X11R6 "${TEMPLATE}"/usr/X11R6mkdir "${= TEMPLATE}"/s ### Finish template by setting readonly=3Don ###zfs set readonly=3Don "${ZF= S_TEMPLATE}" ### Move old template to a new name if it exists ###zfs list "${TEMPLATE_SN= APSHOT}" >& /dev/nullif [ $? -eq 0 ]=3Bthen zfs rename "${TEMPLATE_SNAPSHOT= }" "${TEMPLATE_OLD_SNAPSHOT}"fi ### Create snapshot of the new template ###zfs snapshot "${TEMPLATE_SNAPSHO= T}"### Updating jails that are currently running ###for jail in ${JAILS[@]}= =3Bdo if [ $(jls | grep ${jail} | awk '{ print $4 }') =3D=3D "${JAIL_DIR}"/= "${jail}" ] then cd /usr/src mergemaster -t "${JAIL_DIR}"/"${jail}"/var/t= mp/temproot -D "${JAIL_DIR}"/"${jail}"/s -i -F cd "${JAIL_DIR}"/"${jail}"/= s rm -r .cshrc .profile COPYRIGHT bin boot dev lib libexec proc rescue sbi= n sys usr cd /usr/src jail -r "${jail}" zfs destroy -f "${JAIL_ZFS_DIR}"= /"${jail}" zfs clone -o readonly=3Don -o mountpoint=3D"${JAIL_DIR}"/"${jai= l}" "${TEMPLATE_SNAPSHOT}" "${JAIL_ZFS_DIR}"/"${jail}" jail -c "${jail}" e= lse FAILED+=3D"${jail} " fidone ### Destroy old template ###zfs destroy "${TEMPLATE_OLD_SNAPSHOT}"if [ -n "= ${FAILED}" ]then printf "The following jails failed to update due to incorr= ect mountpoint... ${FAILED}\n"fiecho "Update Finished" $ cat duplicate #!/usr/bin/env bashTEMPLATE_ZFS_DIR=3D"tank/jails/template"= TEMPLATE_NAME=3D"main"TEMPLATE_DIR=3D"/usr/jails/template"TEMPLATE_SNAPSHOT= _NAME=3D"now"JAIL_DIR=3D"/usr/jails"JAIL_ZFS_DIR=3D"tank/jails" ZFS_TEMPLATE=3D"${TEMPLATE_ZFS_DIR}/${TEMPLATE_NAME}"TEMPLATE_SNAPSHOT=3D"$= {ZFS_TEMPLATE}@${TEMPLATE_SNAPSHOT_NAME}"TEMPLATE=3D"${TEMPLATE_DIR}/${TEMP= LATE_NAME}"SKEL=3D"${TEMPLATE_DIR}/skel" echo What will the jail name be?read -e JAIL_NAMEecho What will the ip4 add= ress be? ie 192.168.1.1/24?read -e IP4zfs list "${ZFS_TEMPLATE}" >& /dev/nu= llif [ $? -eq 1 ]=3Bthen echo "Incorrect template" exit 1fizfs list "${TEM= PLATE_SNAPSHOT}" >& /dev/nullif [ $? -eq 1 ]=3Bthen echo "Snapshot not foun= d" exit 1fi JAIL=3D"${JAIL_ZFS_DIR}/${JAIL_NAME}"JAIL_ZFS_DATA=3D"${TEMPLATE_ZFS_DIR}/$= {JAIL_NAME}"JAIL_ZFS_DATA_LOCAL=3D"${TEMPLATE_ZFS_DIR}/${JAIL_NAME}-local"J= AIL_DATA=3D"${TEMPLATE_DIR}/${JAIL_NAME}"JAIL_FSTAB=3D"${JAIL_DIR}/${JAIL_N= AME}" zfs clone -o readonly=3Don -o mountpoint=3D"${JAIL_FSTAB}" "${TEMPLATE_SNAP= SHOT}" "${JAIL}"if [ $? -eq 1 ]=3Bthen echo "clone failed" exit 1fiecho "cl= one successful"zfs create -o recordsize=3D1M -o compression=3Dlz4 -o mountp= oint=3D"${JAIL_DATA}" "${JAIL_ZFS_DATA}"zfs create -o recordsize=3D1M -o co= mpression=3Dlz4 -o canmount=3Dnoauto "${JAIL_ZFS_DATA_LOCAL}"cp -Ra "${SKEL= }"/* "${JAIL_DATA}"/umount "${JAIL_DATA}"rmdir "${JAIL_DATA}"zfs set canmou= nt=3Dnoauto "${JAIL_ZFS_DATA}"printf "${JAIL_ZFS_DATA} ${JAIL_FSTAB}/s\tzfs= \trw 0 0\n${JAIL_ZFS_DATA_LOCAL} ${JAIL_FSTAB}/usr/local\t zfs\trw 0 0" > /= etc/fstab."${JAIL_NAME}"printf "\n${JAIL_NAME} {\n ip4.addr =3D \"${IP4}\"= =3B\n}" >> /etc/jail.conf =