From owner-freebsd-current@FreeBSD.ORG Tue Apr 11 14:36:57 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 709DA16A400; Tue, 11 Apr 2006 14:36:57 +0000 (UTC) (envelope-from mistry.7@osu.edu) Received: from mail.united-ware.com (am-productions.biz [69.61.164.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB94743D55; Tue, 11 Apr 2006 14:36:56 +0000 (GMT) (envelope-from mistry.7@osu.edu) Received: from [192.168.1.100] (am-productions.biz [69.61.164.22]) (authenticated bits=0) by mail.united-ware.com (8.13.4/8.13.4) with ESMTP id k3BEqb10026783 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 11 Apr 2006 10:52:43 -0400 (EDT) (envelope-from mistry.7@osu.edu) From: Anish Mistry To: freebsd-current@freebsd.org Date: Tue, 11 Apr 2006 10:36:34 -0400 User-Agent: KMail/1.9.1 References: <20060411123827.GB77666@uk.tiscali.com> In-Reply-To: <20060411123827.GB77666@uk.tiscali.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1801295.voH1xXMspK"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200604111036.50766.mistry.7@osu.edu> X-Spam-Status: No, score=-8.5 required=5.0 tests=ALL_TRUSTED,BAYES_50, MYFREEBSD2,MYFREEBSD3 autolearn=failed version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on mail.united-ware.com X-Virus-Scanned: ClamAV 0.88.1/1389/Mon Apr 10 08:58:55 2006 on mail.united-ware.com X-Virus-Status: Clean Cc: "Ricardo A. Reis" , current@freebsd.org, Brian Candler Subject: Re: [RFC] Ideas for new distribuition: base-jail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Apr 2006 14:36:57 -0000 --nextPart1801295.voH1xXMspK Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 11 April 2006 08:38, Brian Candler wrote: > On Mon, Apr 10, 2006 at 05:27:18PM -0300, Ricardo A. Reis wrote: > > I think in one new distribution, this idea is for decrease > > create time for start jails after release install, the base-jail > > is distribute in CD1. After install RELEASE and update with > > freebsd-update a admin create a jail > > with ( cd /usr/local/base-jail; make jail DESTDIR=3D/XXXX ) very > > fast > > How about prototyping this? I offer as a starting point: > > -- 8< > -------------------------------------------------------------- > DISTBASE?=3D/cdrom > DESTDIR?=3D. > jail: > cd $(DISTBASE)/base && ./install.sh DESTDIR=3D$(DESTDIR) > -- 8< > -------------------------------------------------------------- > > What else does it need to have? I guess you could automatically add > jail_* entries in /etc/rc.conf, but it would need to prompt for > several pieces of information in order to be able to set them all. > > jail_enable=3D"YES" > jail_list=3D"foo" > jail_foo_rootdir=3D"/XXXX" > jail_foo_hostname=3D"foo.example.com" > jail_foo_ip=3D"192.168.1.1" > jail_foo_exec_start=3D"/bin/sh /etc/rc" > jail_foo_exec_stop=3D"/bin/sh /etc/rc.shutdown" > jail_foo_devfs_enable=3D"YES" > jail_foo_devfs_ruleset=3D"devfsrules_jail" > > You might also want to prompt for, and set, the jail's root > password. > > You could copy some key files from the host environment assuming > they will be the same within the jail (e.g. /etc/resolv.conf, > /etc/hosts, /etc/localtime) > > You might also want a template directory for other files to be > installed into the jail (e.g. /etc/rc.conf might have > sshd_enable=3D"YES" as its default), but the contents of these files > are likely to be very specific to your particular needs. The same > goes for installing additional distribution sets or packages. > Perhaps the jail builder could invoke sysinstall somehow, such that > it can be driven from an install.cfg script. This isn't done in a Makefile, but a normal shell script but it's what=20 I use to setup jails. It makes setup incredibly simple. Run it and=20 follow the prompts, the non-interactive mode doesn't work yet. http://am-productions.biz/docs/make-jail.sh I just updated it to work with the /etc/rc.d/jail changes in CURRENT=20 so it might be broken to everything else. An MFC should be imminent=20 for RELENG_6. I intentionally omitted adding jail_enable=3D"YES" to rc.conf to force=20 the user to actually know what they're enabling. =2D-=20 Anish Mistry --nextPart1801295.voH1xXMspK Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQBEO78CxqA5ziudZT0RApnJAKDQgq3qaJ9tAfwfMGowv5EMDn5/SQCffGUP 9yczlw2PnNMjjVu9D/oQe/4= =9Jaf -----END PGP SIGNATURE----- --nextPart1801295.voH1xXMspK--