Add vnet jail configuration examples
This commit is contained in:
Devin Teske
parent
d29df4d060
commit
abd0b26213
|
|
@ -1,5 +1,49 @@
|
|||
# $FreeBSD$
|
||||
|
||||
See under share/examples/netgraph for some examples of
|
||||
Sample 1: jail.conf(5)
|
||||
|
||||
$ cp jib jng /usr/sbin/
|
||||
$ cat jail.xxx.conf >> /etc/jail.conf
|
||||
$ vi /etc/jail.conf
|
||||
# NB: Customize root directory and bridge interface
|
||||
$ sysrc jail_enable=YES
|
||||
# NB: Assumes jail_list="" (meaning ``all jails in jail.conf'')
|
||||
# NB: Assumes rc_conf_files="" (``below rc.conf(5) samples not used'')
|
||||
$ service jail start
|
||||
|
||||
Sample 2: rc.conf(5)
|
||||
|
||||
$ cp jib jng /usr/sbin/
|
||||
$ cp rc.conf.jails /etc/
|
||||
$ vi /etc/rc.conf.jails
|
||||
# NB: Customize root directory and bridge interface
|
||||
$ sysrc rc_conf_files+=/etc/rc.conf.jails
|
||||
# NB: Assumes /etc/jail.conf does not exist and jail_list=""
|
||||
$ service jail start
|
||||
|
||||
Sample 3: Per-jail jail.conf(5)
|
||||
|
||||
$ cp jib jng /usr/sbin/
|
||||
$ cp jail.xxx.conf /etc/
|
||||
$ vi /etc/jail.xxx.conf
|
||||
# NB: Customize root directory and bridge interface
|
||||
$ sysrc jail_enable=YES
|
||||
$ sysrc jail_list+=xxx
|
||||
# NB: Assumes rc_conf_files=""
|
||||
$ service jail start
|
||||
|
||||
Sample 4: Per-jail rc.conf(5)
|
||||
|
||||
$ cp jib jng /usr/sbin/
|
||||
$ cp rcjail.xxx.conf /etc/
|
||||
$ vi /etc/rcjail.xxx.conf
|
||||
# NB: Customize root directory and bridge interface
|
||||
$ sysrc jail_enable=YES
|
||||
$ sysrc jail_list+=xxx
|
||||
$ sysrc rc_conf_files+=/etc/rcjail.xxx.conf
|
||||
# NB: Assumes neither /etc/jail.conf nor /etc/jail.xxx.conf exist
|
||||
$ service jail start
|
||||
|
||||
For additional recipes, see share/examples/netgraph for
|
||||
making and hooking together jails using netgraph as the
|
||||
virtual networking fabric.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,35 @@
|
|||
# $FreeBSD$
|
||||
|
||||
xxx {
|
||||
host.hostname = "xxx.yyy"; # hostname
|
||||
path = "/vm/xxx"; # root directory
|
||||
|
||||
exec.clean;
|
||||
exec.system_user = "root";
|
||||
exec.jail_user = "root";
|
||||
|
||||
#
|
||||
# NB: Below 4-lines required
|
||||
#
|
||||
vnet;
|
||||
# netgraph
|
||||
vnet.interface = "ng0_xxx"; # vnet interface(s)
|
||||
exec.prestart += "jng bridge xxx em0"; # bridge interface(s)
|
||||
exec.poststop += "jng shutdown xxx"; # destroy interface(s)
|
||||
# if_bridge
|
||||
#vnet.interface = "e0b_xxx"; # vnet interface(s)
|
||||
#exec.prestart += "jib addm xxx em0"; # bridge interface(s)
|
||||
#exec.poststop += "jib destroy xxx"; # destroy interface(s)
|
||||
|
||||
# Standard recipe
|
||||
exec.start += "/bin/sh /etc/rc";
|
||||
exec.stop = "/bin/sh /etc/rc.shutdown";
|
||||
exec.consolelog = "/var/log/jail_xxx_console.log";
|
||||
mount.devfs; # mount devfs
|
||||
|
||||
# Optional (default off)
|
||||
#devfs_ruleset = "11"; # rule to unhide bpf for DHCP
|
||||
#allow.mount; # mount /etc/fstab.xxx
|
||||
#allow.set_hostname = 1; # Allow hostname to change
|
||||
#allow.sysvipc = 1; # Allow SysV Interprocess Comm.
|
||||
}
|
||||
|
|
@ -0,0 +1,76 @@
|
|||
# $FreeBSD$
|
||||
|
||||
###############################################################################
|
||||
############################# JAIL CONFIGURATIONS #############################
|
||||
###############################################################################
|
||||
|
||||
jail_enable="YES"
|
||||
jail_list="xxx"
|
||||
|
||||
#
|
||||
# Global presets for all jails
|
||||
#
|
||||
jail_devfs_enable="YES" # mount devfs
|
||||
# Optional (default off)
|
||||
#jail_sysvipc_allow="YES" # Allow SysV Interprocess Comm.
|
||||
#jail_set_hostname_allow="YES" # Allow hostname to change
|
||||
|
||||
#
|
||||
# To allow dhclient(8) to work inside a jail, make sure the following appears
|
||||
# in /etc/devfs.rules (which should be created if it doesn't exist):
|
||||
#
|
||||
# [devfsrules_jail=11]
|
||||
# add include $devfsrules_hide_all
|
||||
# add include $devfsrules_unhide_basic
|
||||
# add include $devfsrules_unhide_login
|
||||
# add path 'bpf*' unhide
|
||||
#
|
||||
|
||||
############################################################ JAILS
|
||||
|
||||
# NETGRAPH TEMPLATE (copy/pate; then replace {name} with short name for jail)
|
||||
#
|
||||
# {name}
|
||||
#
|
||||
#jail_{name}_hostname="{name}.shxd.cx" # hostname
|
||||
#jail_{name}_rootdir="/vm/{name}" # root directory
|
||||
#jail_{name}_vnet_interfaces="ng0_{name}" # vnet interface(s)
|
||||
#jail_{name}_exec_prestart0="jng bridge {name} em0" # bridge interface(s)
|
||||
#jail_{name}_exec_poststop0="jng shutdown {name}" # destroy interface(s)
|
||||
# Optional (default off)
|
||||
#jail_{name}_devfs_ruleset="11" # rule to unhide bpf for DHCP
|
||||
#jail_{name}_mount_enable="YES" # mount /etc/fstab.{name}
|
||||
|
||||
# IF_BRIDGE TEMPLATE (copy/pate; then replace {name} with short name for jail)
|
||||
#
|
||||
# {name}
|
||||
#
|
||||
#jail_{name}_hostname="{name}.shxd.cx" # hostname
|
||||
#jail_{name}_rootdir="/vm/{name}" # root directory
|
||||
#jail_{name}_vnet_interfaces="e0b_{name}" # vnet interface(s)
|
||||
#jail_{name}_exec_prestart0="jib addm {name} em0" # bridge interface(s)
|
||||
#jail_{name}_exec_poststop0="jib destroy {name}" # destroy interface(s)
|
||||
# Optional (default off)
|
||||
#jail_{name}_devfs_ruleset="11" # rule to unhide bpf for DHCP
|
||||
#jail_{name}_mount_enable="YES" # mount /etc/fstab.{name}
|
||||
|
||||
#
|
||||
# XXX
|
||||
#
|
||||
jail_xxx_hostname="xxx.yyy" # hostname
|
||||
jail_xxx_rootdir="/vm/xxx" # root directory
|
||||
# netgraph
|
||||
jail_xxx_vnet_interface="ng0_xxx" # vnet interface(s)
|
||||
jail_xxx_exec_prestart0="jng bridge xxx em0" # bridge interface(s)
|
||||
jail_xxx_exec_poststop0="jng shutdown xxx" # destroy interface(s)
|
||||
# if_bridge
|
||||
#jail_xxx_vnet_interface="e0b_xxx" # vnet interface(s)
|
||||
#jail_xxx_exec_prestart0="jib addm xxx em0" # bridge interface(s)
|
||||
#jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s)
|
||||
# Optional (default off)
|
||||
#jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP
|
||||
#jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx
|
||||
|
||||
################################################################################
|
||||
# END
|
||||
################################################################################
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
# $FreeBSD$
|
||||
|
||||
jail_xxx_hostname="xxx.yyy" # hostname
|
||||
jail_xxx_rootdir="/vm/xxx" # root directory
|
||||
|
||||
#
|
||||
# NB: Below 3 lines required
|
||||
#
|
||||
# netgraph
|
||||
jail_xxx_vnet_interface="ng0_xxx" # vnet interface(s)
|
||||
jail_xxx_exec_prestart0="jng bridge xxx em0" # bridge interface(s)
|
||||
jail_xxx_exec_poststop0="jng shutdown xxx" # destroy interface(s)
|
||||
# if_bridge
|
||||
#jail_xxx_vnet_interface="e0b_xxx" # vnet interface(s)
|
||||
#jail_xxx_exec_prestart0="jib addm xxx em0" # bridge interface(s)
|
||||
#jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s)
|
||||
|
||||
# Standard recipe
|
||||
jail_xxx_devfs_enable="YES" # mount devfs
|
||||
|
||||
# Optional (default off)
|
||||
#jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP
|
||||
#jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx
|
||||
#jail_xxx_set_hostname_allow="YES" # Allow hostname to change
|
||||
#jail_xxx_sysvipc_allow="YES" # Allow SysV Interprocess Comm.
|
||||
Loading…
Reference in New Issue