Date: Thu, 29 Oct 2015 12:17:16 +0000 From: krad <kraduk@gmail.com> To: galtsev@kicp.uchicago.edu Cc: Mark Felder <feld@freebsd.org>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: /etc/jail.conf documentation? Message-ID: <CALfReycwGJfBsx1JB_HOpwRXj2BPt9JTDAFPZHHC4HA=-fiisw@mail.gmail.com> In-Reply-To: <20953.128.135.52.6.1446065026.squirrel@cosmo.uchicago.edu> References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <1446064085.1148620.422968569.0E47599D@webmail.messagingengine.com> <20953.128.135.52.6.1446065026.squirrel@cosmo.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
here is an extract from one of my jail configs which shows a few other
things to play with. Remember vnet and pf dont play at present.
# Typical static defaults:
# Use the rc scripts to start and stop jails. Mount jail's /dev.
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
# Dynamic wildcard parameter:
# Base the path off the jail name.
path = "/jails/$name";
emby {
host.hostname = "emby.intranet";
vnet.interface = emby_a;
vnet;
exec.prestart = "ifconfig emby_a destroy || true ";
exec.prestart += "ifconfig emby_b destroy || true";
exec.prestart += "ifconfig epair8 create up";
exec.prestart += "ifconfig epair8a name emby_a";
exec.prestart += "ifconfig epair8b name emby_b";
exec.prestart += "ifconfig emby_b up";
exec.prestart += "ifconfig bridge0 addm emby_b";
exec.prestart += "ifconfig emby_a ether 02:ff:25:fc:05:da";
exec.prestart += " df | grep -q /jails/emby/videos || mount
-t nullfs -o rw /videos /jails/emby/videos/";
exec.poststop = "ifconfig emby_a destroy";
exec.poststop += "ifconfig emby_b destroy";
exec.poststop += "/sbin/umount /jails/emby/videos || true ";
exec.start += "/sbin/dhclient emby_a";
exec.start += "ifconfig emby_a inet6 accept_rtadv";
exec.start += "/etc/rc.d/rtsold start";
}
On 28 October 2015 at 20:43, Valeri Galtsev <galtsev@kicp.uchicago.edu>
wrote:
>
> On Wed, October 28, 2015 3:28 pm, Mark Felder wrote:
> >
> >
> > On Wed, Oct 28, 2015, at 10:59, Valeri Galtsev wrote:
> >> Dear All,
> >>
> >> Can someone recommend something similar to FreeBSD handbook that
> >> describes
> >> building jails for newer systems meaning /etc/jail.conf as opposed to
> >> /etc/rc.conf which handbook currently has in its jails chapter. I still
> >> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is
> >> time
> >> to build 10.x production boxes, and do things modern way (implying
> >> /etc/jail.conf). I still intend to keep building jails "old fashion way"
> >> as described in handbook, as opposed to using tools "ezjail" or similar.
> >>
> >> Thanks for all your advises!
> >>
> >> Valeri
> >>
> >> PS I know I can always use UNIX way of getting information, like
> >>
> >> man jail.conf
> >>
> >> , still...
> >>
> >
> > Hi Valeri,
> >
> > It's simpler than you think. Your /etc/jail.conf can be as simple as:
> >
> > exec.start = "/bin/sh /etc/rc";
> > exec.stop = "/bin/sh /etc/rc.shutdown";
> > exec.clean;
> > mount.devfs;
> >
> > path = /zroot/jails/$name;
> >
> > myjail{
> > host.hostname = "myjail.local";
> > ip4.addr = 192.168.1.5;
> > }
> >
>
> Mark, thanks a lot! I already have it running; I have a couple more I'm
> sure I need to have:
>
> allow.set_hostname = 0;
> allow.sysvipc = 0;
>
> but I definitely didn't have
>
> exec.stop = "/bin/sh /etc/rc.shutdown";
>
> which seems to be really beneficial for jail "clean shutdown" akin we do
> when we shut down real system.
>
> Thanks!
>
> Valeri
>
> > You can add more options to the jail as required. Look at jail(8) man
> > page instead of jail.conf(5) which lists the format, but not the
> > options. I think this is kind of backwards myself, but I wasn't involved
> > in these docs.
> >
> > Now you can do "service jail start myjail" it will just work. :-)
> >
> >
> > --
> > Mark Felder
> > ports-secteam member
> > feld@FreeBSD.org
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe@freebsd.org"
> >
>
>
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReycwGJfBsx1JB_HOpwRXj2BPt9JTDAFPZHHC4HA=-fiisw>