Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Feb 2017 05:30:31 -0500
From:      Ernie Luzar <luzar722@gmail.com>
To:        Jeff Kletsky <freebsd@wagsky.com>
Cc:        freebsd-jail@freebsd.org
Subject:   Re: Using jail.conf array parameters in exec.* commands
Message-ID:  <58A42DC7.5040702@gmail.com>
In-Reply-To: <b54f6576-7627-f3c3-70b0-b2c9c54a4fd6@wagsky.com>
References:  <b54f6576-7627-f3c3-70b0-b2c9c54a4fd6@wagsky.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Jeff Kletsky wrote:
> TL;DR
> 
> Is there a patch available to allow substitution of "array" parameters
> into the strings used for exec.prestart, exec.poststop, and the like?
> 
> 
> Longer:
> 
> I'd like to be able to use array parameters in exec.* commands,
> but trying to do so results in
> 
>   jail: test-two: exec.prestart: array cannot be substituted inline
> 
> A quick check of the source didn't suggest it would work, but the
> bash-isms ${host.interface[*]} and ${host.interface[@]} failed too.
> 
> 
> The immediate application is in creating what will be the vnet.interface(s)
> using netgraph on the appropriate host interfaces
> 
>   vnet.interface = ng0, ng1;
> 
> Works well, once the interfaces are created, but I'd rather not have
> to define that list twice in each jail.
> 
> 
> If I could write something like:
> 
>   vnet.interface = ng0, ng1;
>   host.interface = re0, re0.100;
> 
> and then iterate over them in the prestart and poststop scripts to:
> 
>   * Create ng0 connected to re0
>   * Create ng1 connected to re0.100
> 
> it would be easier to maintain than having to write something like:
> 
>   vnet.interface = ng0, ng1;
>   parent.interfaces = "re0 re0.100";
>   cloned.interfaces = "ng0 ng1";
> 
> 
> 
> I'm open to ideas here, including if I can somehow "write back" to
> vnet.interface based on exec.prestart parsing the "custom" variables.
> 
> 
> TIA,
> 
> Jeff
> 

An alternate method to coding the jail.conf vnet.interface parameter is 
to use the "ifconfig vnet" command to enable it and "ifconfig -vnet" 
command to disable it in your netgraph script that starts and stops the 
vnet jail. Doing so would eliminate your current desire for array 
processing in the jail.conf definition all together.

I use the bridge/epair method my self because its so much easier to 
understand. If you don't mind sharing, I sure would like to see your 
netgraph script for vnet jail control once you get it working.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58A42DC7.5040702>