[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] OpenVPN in a FreeBSD jail



On 2013-09-03 14:47, Dirk Engling wrote:
On 03.09.13 20:39, Dan Langille wrote:

jaildaemon -j <jid-of-your-openvpn-jail> -c /opt/openvpn-route-reset -t
route-reset -r

This makes me think you need to restart jaildaemon whenever that jail
is restarted.  I am quite confident that can be scripted.
Have you done that already?

No, you don't need to restart jaildaemon. It runs in daemon mode if
started with the -D option and spawns probes into the jail with the -c
option. And since a) the probe dies with the jail and b) potentially the
jid changes whenever the jail is restarted, it of course needs to be
respawned whenever the jail restarts

I am interesting in respawning of jaildaemon whenever the jail is restarted. I imagine that
can be tied into the ezjail scripts.

Going further: if you have multiple jails using this feature, multiple jailadaemon instances
are required?


Reading man 1 pkill, this sends a HUP to all processes with title =
'route-reset'.

This causes the spawned process to report back to the jaildaemon, which
then executes
the /opt/openvpn-route-reset script.

Correct. The -r option in the above call to jaildaemon makes the probe
auto-respawned.

erdgeist


--
Dan Langille - http://langille.org/