Date: Thu, 21 Jan 2010 22:42:59 +0100 From: Philipp Wuensche <cryx-freebsd@h3q.com> To: David BERARD <david@nfrance.com> Cc: freebsd-jail@freebsd.org Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail Message-ID: <4B58CA63.2070307@h3q.com> In-Reply-To: <4B58BE30.2050402@h3q.com> References: <201001200940.o0K9e4lO032467@freefall.freebsd.org> <4B586095.8020109@h3q.com> <4B58842C.6080106@h3q.com> <4B5894FE.1000506@nfrance.com> <4B58BE30.2050402@h3q.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------020805010102090300070906
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Philipp Wuensche wrote:
> I'm taking this off bug-followup for now.
>
> David BERARD wrote:
>>> I did some testing with vnet and I find the way of using _poststart and
>>> _afterstart to configure ip-addr. inside a vimage jail very impractical.
>>> First we loose all the nice features of configuring ipaddrs. via
>>> ipv4_addrs_if in rc.conf from inside the jail and second, more
>>> important, the jail will be fully bootet before any ipaddr. is
>>> configured or even interfaces are configured. This will result in
>>> services not starting correctly, firewalling going nuts, routing-daemons
>>> not working etc.pp.
>>>
>>
>> I had to patch rc to support this, and use this in rc.conf
>> jail_example_exec_earlypoststart0="ifconfig epair0b vnet example"
>> jail_example_exec_afterstart0="ifconfig epair0b x.x.x.x"
>
> I'm not sure I do understand this correct, but this doesn't solve the
> problem I described.
My idea would be something like:
jail_myjail_exec_prestart0="ifconfig epair0 create"
jail_myjail_exec_prestart1="ifconfig epair0b name jailif_myjail"
jail_myjail_exec_pre_rcrun0="ifconfig jailif_myjail vnet myjail"
jail_myjail_exec_poststop0="ifconfig epair0a destroy"
jail_myjail_cpuset="0,1"
_pre_rcrun (just an example name) is run between creating the jail dummy
and booting it fully via /etc/rc. cpuset could be applied in the same step
Inside the jail the jailif_myjail interface is configured via
ifconfig_jailif_myjail="" in rc.conf, loopback is configured by
/etc/rc.d/netif in the exact same way as a non-jail freebsd.
greetings,
philipp
--------------020805010102090300070906
Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0";
name="jail_newjail.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="jail_newjail.patch"
--- jail.orig 2010-01-21 14:55:57.907587199 +0100
+++ jail 2010-01-21 22:33:18.361193803 +0100
@@ -38,6 +38,7 @@
_fdescdir="${_devdir}/fd"
_procdir="${_rootdir}/proc"
eval _hostname=\"\$jail_${_j}_hostname\"
+ eval _name=\"\$jail_${_j}_name\"
eval _ip=\"\$jail_${_j}_ip\"
eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
eval _exec=\"\$jail_${_j}_exec\"
@@ -51,7 +52,14 @@
eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
- i=1
+ i=0
+ while : ; do
+ eval _exec_pre_rcrun${i}=\"\${jail_${_j}_exec_pre_rcrun${i}:-\${jail_exec_pre_rcrun${i}}}\"
+ [ -z "$(eval echo \"\$_exec_pre_rcrun${i}\")" ] && break
+ i=$((i + 1))
+ done
+
+ i=0
while : ; do
eval _exec_afterstart${i}=\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_afterstart${i}}}\"
[ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && break
@@ -110,10 +118,12 @@
eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
[ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
- [ -z "${_flags}" ] && _flags="-l -U root"
+ [ -z "${_flags}" ] && _flags="-l -U root -c"
eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\"
+ eval _cpuset=\"\${jail_${_j}_cpuset:-${jail_cpuset}}\"
+ eval _vnet=\"\${jail_${_j}_vnet_enable:-"NO"}\"
# Debugging aid
#
@@ -121,11 +131,14 @@
debug "$_j fdescfs enable: $_fdescfs"
debug "$_j procfs enable: $_procfs"
debug "$_j mount enable: $_mount"
+ debug "$_j vnet enable: $_vnet"
debug "$_j hostname: $_hostname"
+ debug "$_j name: $_name"
debug "$_j ip: $_ip"
jail_show_addresses ${_j}
debug "$_j interface: $_interface"
debug "$_j fib: $_fib"
+ debug "$_j cpuset: $_cpuset"
debug "$_j root: $_rootdir"
debug "$_j devdir: $_devdir"
debug "$_j fdescdir: $_fdescdir"
@@ -145,7 +158,7 @@
debug "$_j exec start: $_exec_start"
- i=1
+ i=0
while : ; do
eval out=\"\${_exec_afterstart${i}:-''}\"
@@ -481,10 +494,16 @@
*) ;;
esac
- # Append address to list of addresses for the jail command.
- case "${_addrl}" in
- "") _addrl="${_addr}" ;;
- *) _addrl="${_addrl},${_addr}" ;;
+ # Append address to list of addresses for the jail command.
+ case "${_type}" in
+ "inet") case "${_addrlv4}" in
+ "") _addrlv4="${_addr}" ;;
+ *) _addrlv4="${_addrlv4},${_addr}" ;;
+ esac;;
+ "inet6") case "${_addrlv6}" in
+ "") _addrlv6="${_addr}" ;;
+ *) _addrlv6="${_addrlv6},${_addr}" ;;
+ esac;;
esac
# Configure interface alias if requested by a given interface
@@ -566,7 +585,8 @@
echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]"
continue;
fi
- _addrl=""
+ _addrlv4=""
+ _addrlv6=""
jail_ips "add"
if [ -n "${_fib}" ]; then
_setfib="setfib -F '${_fib}'"
@@ -635,12 +655,36 @@
i=$((i + 1))
done
- eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
- \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
+ _start_cmd="${_setfib} jail -J ${_tmp_jail} ${_flags} path=${_rootdir} host.hostname=${_hostname} \
+ name=\"${_name}\""
+ if checkyesno _vnet; then
+ _start_cmd="${_start_cmd} vnet"
+ else
+ _start_cmd="${_start_cmd} ip4.addr=\"${_addrlv4}\" ip6.addr=\"${_addrlv6}\""
+ fi
+ _start_cmd="${_start_cmd} persist"
+
+ # create a jail dummy without running /etc/rc
+ eval ${_start_cmd} > /dev/null 2>&1
+
if [ "$?" -eq 0 ] ; then
- _jail_id=$(head -1 ${_tmp_jail})
- i=1
+ _jail_id=$(awk -F '=| ' '{print $2}' ${_tmp_jail})
+
+
+ i=0
+ while : ; do
+ eval out=\"\${_exec_pre_rcrun${i}:-''}\"
+ [ -z "$out" ] && break
+ ${out}
+ i=$((i + 1))
+ done
+
+ # boot the jail into multiuser by running /etc/rc
+ jail -m jid=${_jail_id} command=${_exec_start} > /dev/null 2>&1
+ [ "${_cpuset}" ] && cpuset -l ${_cpuset} -j ${_jail_id}
+
+ i=0
while : ; do
eval out=\"\${_exec_afterstart${i}:-''}\"
@@ -700,6 +744,7 @@
killall -j ${_jail_id} -TERM > /dev/null 2>&1
sleep 1
killall -j ${_jail_id} -KILL > /dev/null 2>&1
+ jail -r ${_jail_id}
jail_umount_fs
echo -n " $_hostname"
--------------020805010102090300070906--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B58CA63.2070307>