Author: dteske
Date: Wed Feb 10 04:04:31 2016
New Revision: 295457
URL: https://svnweb.freebsd.org/changeset/base/295457
Log:
Add vnet jail configuration examples
Added:
head/share/examples/jails/jail.xxx.conf (contents, props changed)
head/share/examples/jails/rc.conf.jails (contents, props changed)
head/share/examples/jails/rcjail.xxx.conf (contents, props changed)
Modified:
head/share/examples/jails/README
Modified: head/share/examples/jails/README
==============================================================================
--- head/share/examples/jails/README Wed Feb 10 04:00:01 2016
(r295456)
+++ head/share/examples/jails/README Wed Feb 10 04:04:31 2016
(r295457)
@@ -1,5 +1,49 @@
# $FreeBSD$
-See under share/examples/netgraph for some examples of
+Sample 1: jail.conf(5)
+
+ $ cp jib jng /usr/sbin/
+ $ cat jail.xxx.conf >> /etc/jail.conf
+ $ vi /etc/jail.conf
+ # NB: Customize root directory and bridge interface
+ $ sysrc jail_enable=YES
+ # NB: Assumes jail_list="" (meaning ``all jails in jail.conf'')
+ # NB: Assumes rc_conf_files="" (``below rc.conf(5) samples not used'')
+ $ service jail start
+
+Sample 2: rc.conf(5)
+
+ $ cp jib jng /usr/sbin/
+ $ cp rc.conf.jails /etc/
+ $ vi /etc/rc.conf.jails
+ # NB: Customize root directory and bridge interface
+ $ sysrc rc_conf_files+=/etc/rc.conf.jails
+ # NB: Assumes /etc/jail.conf does not exist and jail_list=""
+ $ service jail start
+
+Sample 3: Per-jail jail.conf(5)
+
+ $ cp jib jng /usr/sbin/
+ $ cp jail.xxx.conf /etc/
+ $ vi /etc/jail.xxx.conf
+ # NB: Customize root directory and bridge interface
+ $ sysrc jail_enable=YES
+ $ sysrc jail_list+=xxx
+ # NB: Assumes rc_conf_files=""
+ $ service jail start
+
+Sample 4: Per-jail rc.conf(5)
+
+ $ cp jib jng /usr/sbin/
+ $ cp rcjail.xxx.conf /etc/
+ $ vi /etc/rcjail.xxx.conf
+ # NB: Customize root directory and bridge interface
+ $ sysrc jail_enable=YES
+ $ sysrc jail_list+=xxx
+ $ sysrc rc_conf_files+=/etc/rcjail.xxx.conf
+ # NB: Assumes neither /etc/jail.conf nor /etc/jail.xxx.conf exist
+ $ service jail start
+
+For additional recipes, see share/examples/netgraph for
making and hooking together jails using netgraph as the
virtual networking fabric.
Added: head/share/examples/jails/jail.xxx.conf
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/examples/jails/jail.xxx.conf Wed Feb 10 04:04:31 2016
(r295457)
@@ -0,0 +1,35 @@
+# $FreeBSD$
+
+xxx {
+ host.hostname = "xxx.yyy"; # hostname
+ path = "/vm/xxx"; # root directory
+
+ exec.clean;
+ exec.system_user = "root";
+ exec.jail_user = "root";
+
+ #
+ # NB: Below 4-lines required
+ #
+ vnet;
+ # netgraph
+ vnet.interface = "ng0_xxx"; # vnet interface(s)
+ exec.prestart += "jng bridge xxx em0"; # bridge interface(s)
+ exec.poststop += "jng shutdown xxx"; # destroy interface(s)
+ # if_bridge
+ #vnet.interface = "e0b_xxx"; # vnet interface(s)
+ #exec.prestart += "jib addm xxx em0"; # bridge interface(s)
+ #exec.poststop += "jib destroy xxx"; # destroy interface(s)
+
+ # Standard recipe
+ exec.start += "/bin/sh /etc/rc";
+ exec.stop = "/bin/sh /etc/rc.shutdown";
+ exec.consolelog = "/var/log/jail_xxx_console.log";
+ mount.devfs; # mount devfs
+
+ # Optional (default off)
+ #devfs_ruleset = "11"; # rule to unhide bpf for DHCP
+ #allow.mount; # mount /etc/fstab.xxx
+ #allow.set_hostname = 1; # Allow hostname to change
+ #allow.sysvipc = 1; # Allow SysV Interprocess Comm.
+}
Added: head/share/examples/jails/rc.conf.jails
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/examples/jails/rc.conf.jails Wed Feb 10 04:04:31 2016
(r295457)
@@ -0,0 +1,76 @@
+# $FreeBSD$
+
+###############################################################################
+############################# JAIL CONFIGURATIONS #############################
+###############################################################################
+
+jail_enable="YES"
+jail_list="xxx"
+
+#
+# Global presets for all jails
+#
+jail_devfs_enable="YES" # mount devfs
+# Optional (default off)
+#jail_sysvipc_allow="YES" # Allow SysV Interprocess Comm.
+#jail_set_hostname_allow="YES" # Allow hostname to change
+
+#
+# To allow dhclient(8) to work inside a jail, make sure the following appears
+# in /etc/devfs.rules (which should be created if it doesn't exist):
+#
+# [devfsrules_jail=11]
+# add include $devfsrules_hide_all
+# add include $devfsrules_unhide_basic
+# add include $devfsrules_unhide_login
+# add path 'bpf*' unhide
+#
+
+############################################################ JAILS
+
+# NETGRAPH TEMPLATE (copy/pate; then replace {name} with short name for jail)
+#
+# {name}
+#
+#jail_{name}_hostname="{name}.shxd.cx" # hostname
+#jail_{name}_rootdir="/vm/{name}" # root directory
+#jail_{name}_vnet_interfaces="ng0_{name}" # vnet interface(s)
+#jail_{name}_exec_prestart0="jng bridge {name} em0" # bridge interface(s)
+#jail_{name}_exec_poststop0="jng shutdown {name}" # destroy interface(s)
+# Optional (default off)
+#jail_{name}_devfs_ruleset="11" # rule to unhide bpf
for DHCP
+#jail_{name}_mount_enable="YES" # mount
/etc/fstab.{name}
+
+# IF_BRIDGE TEMPLATE (copy/pate; then replace {name} with short name for jail)
+#
+# {name}
+#
+#jail_{name}_hostname="{name}.shxd.cx" # hostname
+#jail_{name}_rootdir="/vm/{name}" # root directory
+#jail_{name}_vnet_interfaces="e0b_{name}" # vnet interface(s)
+#jail_{name}_exec_prestart0="jib addm {name} em0" # bridge interface(s)
+#jail_{name}_exec_poststop0="jib destroy {name}" # destroy interface(s)
+# Optional (default off)
+#jail_{name}_devfs_ruleset="11" # rule to unhide bpf
for DHCP
+#jail_{name}_mount_enable="YES" # mount
/etc/fstab.{name}
+
+#
+# XXX
+#
+jail_xxx_hostname="xxx.yyy" # hostname
+jail_xxx_rootdir="/vm/xxx" # root directory
+# netgraph
+jail_xxx_vnet_interface="ng0_xxx" # vnet interface(s)
+jail_xxx_exec_prestart0="jng bridge xxx em0" # bridge interface(s)
+jail_xxx_exec_poststop0="jng shutdown xxx" # destroy interface(s)
+# if_bridge
+#jail_xxx_vnet_interface="e0b_xxx" # vnet interface(s)
+#jail_xxx_exec_prestart0="jib addm xxx em0" # bridge interface(s)
+#jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s)
+# Optional (default off)
+#jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP
+#jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx
+
+################################################################################
+# END
+################################################################################
Added: head/share/examples/jails/rcjail.xxx.conf
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/examples/jails/rcjail.xxx.conf Wed Feb 10 04:04:31 2016
(r295457)
@@ -0,0 +1,25 @@
+# $FreeBSD$
+
+jail_xxx_hostname="xxx.yyy" # hostname
+jail_xxx_rootdir="/vm/xxx" # root directory
+
+#
+# NB: Below 3 lines required
+#
+# netgraph
+jail_xxx_vnet_interface="ng0_xxx" # vnet interface(s)
+jail_xxx_exec_prestart0="jng bridge xxx em0" # bridge interface(s)
+jail_xxx_exec_poststop0="jng shutdown xxx" # destroy interface(s)
+# if_bridge
+#jail_xxx_vnet_interface="e0b_xxx" # vnet interface(s)
+#jail_xxx_exec_prestart0="jib addm xxx em0" # bridge interface(s)
+#jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s)
+
+# Standard recipe
+jail_xxx_devfs_enable="YES" # mount devfs
+
+# Optional (default off)
+#jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP
+#jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx
+#jail_xxx_set_hostname_allow="YES" # Allow hostname to change
+#jail_xxx_sysvipc_allow="YES" # Allow SysV Interprocess Comm.
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
