[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Ezjail and fixed JID



Hi,

Sorry please ignore this line in my previous post:

ifconfig_vlan99="192.168.99.1/24 vlan 99 vlandev rl0" ( copy/paste issue :D )

On Fri, 31 May 2013 08:27:53 +0300, nikolay AT dachev DOT info wrote:
Hi,

Try with this (work for FBSD 9.1)

:> sysctl -a |grep jail.param

if you see something like:

security.jail.param.jid: 0

you can just add in your jail (ezjail config) simple export for this value

try with EXPORT jailname.jid = 7;

(7 - is jid) i'm not sure for correct syntax (jailname.jid or
something similar)

from FBSD 9.0/1 i use only integrated /etc/jail.conf for jail creation

example for /etc/jail.com wiht ZFS and VIMAGE(vnet+epair) support.

in /etc/rc.conf only create required bridge if.

zfs_enable="YES" (if you use ZFS)

cloned_interfaces="bridge99"
ifconfig_vlan99="192.168.99.1/24 vlan 99 vlandev rl0"

and you can start any jail with  jail -c www (www is jailname)
you can put this in /etc/rc.local for exmaple and etc ...

also you need to rebuild you kernel with VIMGE support (you can
search i-net for how to'S)

:> cat /etc/jail.conf
# Default Settings

vnet;
mount.devfs;
#exec.start = "/bin/sh /etc/rc";
exec.start = "ifconfig lo0 127.0.0.1/8";
exec.stop = "/bin/sh /etc/rc.shutdown";

# Jails Settings

www
{
path = /zfs/jails/www;
host.hostname = www.hostname.lan;
jid = 1;
allow.sysvipc=1;
#mount.fstab = /etc/fstab.www;
devfs_ruleset = 5;
exec.prestart = "ifconfig epair1 create";
exec.prestart += "ifconfig bridge99 addm epair1a up";
exec.prestart += "ifconfig bridge99 alias 10.10.15.1/24";
exec.prestart += "ifconfig epair1a up";
vnet.interface = epair1b;
exec.start += "ifconfig epair1b 10.10.15.100/24";
exec.start += "ifconfig epair1b alias 10.10.15.150/24";
exec.start += "route add default 10.10.15.1";
exec.start += "/bin/sh /etc/rc";
exec.poststop = "ifconfig bridge99 deletem epair1a";
exec.poststop += "ifconfig bridge99 -alias 10.10.15.1";
exec.poststop += "ifconfig epair1a destroy";
}

I'm sure you can integrate all of this with ezjail, or you can use
ezjail only to create jail environment
and manage it with native jail config (you need FBSD 9.1)

Best regards and good luck.


On Fri, 31 May 2013 02:24:02 +0200, Moritz Wilhelmy wrote:
Hi Uroš,

On Tue, May 28, 2013 at 22:54:57 +0200, Uroš Gruber wrote:
Is it possible to force ezjail, to use fixed JID and not increment it every restart. Is this something I can owerride with ezjail or this is pure rc.d/jail stuff? I tried to set things up in ezjail configs but without
success.

Personally, I use names to identify my jails with a fixed identifier.
This isn't
exactly what you asked for, but I prefer human readable labels over
integers. I
use the following workaround/"hack":

--snip--
export jail_www_flags="-n www -l -U root"
--snip--

The interesting part here is obviously -n www, which assigns a name
to the jail.
I then use it via jexec www csh or something similar.

I'm not sure this is the official or even intended way to do it, but it works
for me.

Best regards,

Moritz