From owner-svn-src-all@freebsd.org Wed Feb 10 04:04:33 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47149AA2A28; Wed, 10 Feb 2016 04:04:33 +0000 (UTC) (envelope-from dteske@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0998DCDB; Wed, 10 Feb 2016 04:04:32 +0000 (UTC) (envelope-from dteske@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u1A44WPD088664; Wed, 10 Feb 2016 04:04:32 GMT (envelope-from dteske@FreeBSD.org) Received: (from dteske@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u1A44VQA088660; Wed, 10 Feb 2016 04:04:31 GMT (envelope-from dteske@FreeBSD.org) Message-Id: <201602100404.u1A44VQA088660@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dteske set sender to dteske@FreeBSD.org using -f From: Devin Teske Date: Wed, 10 Feb 2016 04:04:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r295457 - head/share/examples/jails X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 04:04:33 -0000 Author: dteske Date: Wed Feb 10 04:04:31 2016 New Revision: 295457 URL: https://svnweb.freebsd.org/changeset/base/295457 Log: Add vnet jail configuration examples Added: head/share/examples/jails/jail.xxx.conf (contents, props changed) head/share/examples/jails/rc.conf.jails (contents, props changed) head/share/examples/jails/rcjail.xxx.conf (contents, props changed) Modified: head/share/examples/jails/README Modified: head/share/examples/jails/README ============================================================================== --- head/share/examples/jails/README Wed Feb 10 04:00:01 2016 (r295456) +++ head/share/examples/jails/README Wed Feb 10 04:04:31 2016 (r295457) @@ -1,5 +1,49 @@ # $FreeBSD$ -See under share/examples/netgraph for some examples of +Sample 1: jail.conf(5) + + $ cp jib jng /usr/sbin/ + $ cat jail.xxx.conf >> /etc/jail.conf + $ vi /etc/jail.conf + # NB: Customize root directory and bridge interface + $ sysrc jail_enable=YES + # NB: Assumes jail_list="" (meaning ``all jails in jail.conf'') + # NB: Assumes rc_conf_files="" (``below rc.conf(5) samples not used'') + $ service jail start + +Sample 2: rc.conf(5) + + $ cp jib jng /usr/sbin/ + $ cp rc.conf.jails /etc/ + $ vi /etc/rc.conf.jails + # NB: Customize root directory and bridge interface + $ sysrc rc_conf_files+=/etc/rc.conf.jails + # NB: Assumes /etc/jail.conf does not exist and jail_list="" + $ service jail start + +Sample 3: Per-jail jail.conf(5) + + $ cp jib jng /usr/sbin/ + $ cp jail.xxx.conf /etc/ + $ vi /etc/jail.xxx.conf + # NB: Customize root directory and bridge interface + $ sysrc jail_enable=YES + $ sysrc jail_list+=xxx + # NB: Assumes rc_conf_files="" + $ service jail start + +Sample 4: Per-jail rc.conf(5) + + $ cp jib jng /usr/sbin/ + $ cp rcjail.xxx.conf /etc/ + $ vi /etc/rcjail.xxx.conf + # NB: Customize root directory and bridge interface + $ sysrc jail_enable=YES + $ sysrc jail_list+=xxx + $ sysrc rc_conf_files+=/etc/rcjail.xxx.conf + # NB: Assumes neither /etc/jail.conf nor /etc/jail.xxx.conf exist + $ service jail start + +For additional recipes, see share/examples/netgraph for making and hooking together jails using netgraph as the virtual networking fabric. Added: head/share/examples/jails/jail.xxx.conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/examples/jails/jail.xxx.conf Wed Feb 10 04:04:31 2016 (r295457) @@ -0,0 +1,35 @@ +# $FreeBSD$ + +xxx { + host.hostname = "xxx.yyy"; # hostname + path = "/vm/xxx"; # root directory + + exec.clean; + exec.system_user = "root"; + exec.jail_user = "root"; + + # + # NB: Below 4-lines required + # + vnet; + # netgraph + vnet.interface = "ng0_xxx"; # vnet interface(s) + exec.prestart += "jng bridge xxx em0"; # bridge interface(s) + exec.poststop += "jng shutdown xxx"; # destroy interface(s) + # if_bridge + #vnet.interface = "e0b_xxx"; # vnet interface(s) + #exec.prestart += "jib addm xxx em0"; # bridge interface(s) + #exec.poststop += "jib destroy xxx"; # destroy interface(s) + + # Standard recipe + exec.start += "/bin/sh /etc/rc"; + exec.stop = "/bin/sh /etc/rc.shutdown"; + exec.consolelog = "/var/log/jail_xxx_console.log"; + mount.devfs; # mount devfs + + # Optional (default off) + #devfs_ruleset = "11"; # rule to unhide bpf for DHCP + #allow.mount; # mount /etc/fstab.xxx + #allow.set_hostname = 1; # Allow hostname to change + #allow.sysvipc = 1; # Allow SysV Interprocess Comm. +} Added: head/share/examples/jails/rc.conf.jails ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/examples/jails/rc.conf.jails Wed Feb 10 04:04:31 2016 (r295457) @@ -0,0 +1,76 @@ +# $FreeBSD$ + +############################################################################### +############################# JAIL CONFIGURATIONS ############################# +############################################################################### + +jail_enable="YES" +jail_list="xxx" + +# +# Global presets for all jails +# +jail_devfs_enable="YES" # mount devfs +# Optional (default off) +#jail_sysvipc_allow="YES" # Allow SysV Interprocess Comm. +#jail_set_hostname_allow="YES" # Allow hostname to change + +# +# To allow dhclient(8) to work inside a jail, make sure the following appears +# in /etc/devfs.rules (which should be created if it doesn't exist): +# +# [devfsrules_jail=11] +# add include $devfsrules_hide_all +# add include $devfsrules_unhide_basic +# add include $devfsrules_unhide_login +# add path 'bpf*' unhide +# + +############################################################ JAILS + +# NETGRAPH TEMPLATE (copy/pate; then replace {name} with short name for jail) +# +# {name} +# +#jail_{name}_hostname="{name}.shxd.cx" # hostname +#jail_{name}_rootdir="/vm/{name}" # root directory +#jail_{name}_vnet_interfaces="ng0_{name}" # vnet interface(s) +#jail_{name}_exec_prestart0="jng bridge {name} em0" # bridge interface(s) +#jail_{name}_exec_poststop0="jng shutdown {name}" # destroy interface(s) +# Optional (default off) +#jail_{name}_devfs_ruleset="11" # rule to unhide bpf for DHCP +#jail_{name}_mount_enable="YES" # mount /etc/fstab.{name} + +# IF_BRIDGE TEMPLATE (copy/pate; then replace {name} with short name for jail) +# +# {name} +# +#jail_{name}_hostname="{name}.shxd.cx" # hostname +#jail_{name}_rootdir="/vm/{name}" # root directory +#jail_{name}_vnet_interfaces="e0b_{name}" # vnet interface(s) +#jail_{name}_exec_prestart0="jib addm {name} em0" # bridge interface(s) +#jail_{name}_exec_poststop0="jib destroy {name}" # destroy interface(s) +# Optional (default off) +#jail_{name}_devfs_ruleset="11" # rule to unhide bpf for DHCP +#jail_{name}_mount_enable="YES" # mount /etc/fstab.{name} + +# +# XXX +# +jail_xxx_hostname="xxx.yyy" # hostname +jail_xxx_rootdir="/vm/xxx" # root directory +# netgraph +jail_xxx_vnet_interface="ng0_xxx" # vnet interface(s) +jail_xxx_exec_prestart0="jng bridge xxx em0" # bridge interface(s) +jail_xxx_exec_poststop0="jng shutdown xxx" # destroy interface(s) +# if_bridge +#jail_xxx_vnet_interface="e0b_xxx" # vnet interface(s) +#jail_xxx_exec_prestart0="jib addm xxx em0" # bridge interface(s) +#jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s) +# Optional (default off) +#jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP +#jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx + +################################################################################ +# END +################################################################################ Added: head/share/examples/jails/rcjail.xxx.conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/examples/jails/rcjail.xxx.conf Wed Feb 10 04:04:31 2016 (r295457) @@ -0,0 +1,25 @@ +# $FreeBSD$ + +jail_xxx_hostname="xxx.yyy" # hostname +jail_xxx_rootdir="/vm/xxx" # root directory + +# +# NB: Below 3 lines required +# +# netgraph +jail_xxx_vnet_interface="ng0_xxx" # vnet interface(s) +jail_xxx_exec_prestart0="jng bridge xxx em0" # bridge interface(s) +jail_xxx_exec_poststop0="jng shutdown xxx" # destroy interface(s) +# if_bridge +#jail_xxx_vnet_interface="e0b_xxx" # vnet interface(s) +#jail_xxx_exec_prestart0="jib addm xxx em0" # bridge interface(s) +#jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s) + +# Standard recipe +jail_xxx_devfs_enable="YES" # mount devfs + +# Optional (default off) +#jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP +#jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx +#jail_xxx_set_hostname_allow="YES" # Allow hostname to change +#jail_xxx_sysvipc_allow="YES" # Allow SysV Interprocess Comm.