Re: jail.$jailname.conf not directly in /etc/ ?

Reply: Kyle Evans : "Re: jail.$jailname.conf not directly in /etc/ ?"
In reply to: Kyle Evans : "Re: jail.$jailname.conf not directly in /etc/ ?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Jon Clausen <freebsd-questions_at_ymmv.dk>
Date: Sun, 20 Feb 2022 11:19:25 UTC
On 2022-02-19 11:03:08 (-0600), Kyle Evans wrote:
> On Sat, Feb 19, 2022 at 3:29 AM Jon Clausen <freebsd-questions@ymmv.dk> wrote:

> > Any ideas?
> >
> 
> In main we've added a facility to organize jail confs a little
> differently: /etc/jail.conf.d/<jail>.conf.

Right

> I think, personally, if
> we're going to allow a flexible config here (which I think we should),
> we should just expand this latest form and leave the others be.

I think I agree: Leave the old way as is, but add the new option.

> I
> might've even brought this up in the review, because I had thought
> about it; maybe something like this:
> https://people.freebsd.org/~kevans/jail_conf_dirs.diff to search
> /etc/jail.conf.d and /usr/local/etc/jail.conf.d by default.
> 
> That doesn't really solve the problem at hand, but it might be a clean
> solution for the future.

Well, yes,and no.

Combining the input I got from some of the other replies (and some off-list)
I came up with this "solution", which actually seems to be working


1: copy the parse_options() function from /etc/rc.d/jail into
/usr/local/etc/rc.conf.d/jail/local_jail_functions


2: 'patch' the function as per the above diff. Which comes out something
like this (on a 13.0-RELEASE system):

+++ /usr/local/etc/rc.conf.d/jail/local_jail_functions	2022-02-20 11:31:51.675462000 +0100
@@ -29,14 +29,17 @@
 		if [ -r "$_jconf" ]; then
 			_conf="$_jconf"
 			return 0
-		elif [ -r "$jail_conf" ]; then
-			_conf="$jail_conf"
-			return 0
-		else
-			warn "Invalid configuration for $_j " \
-			    "(no jail.conf, no hostname, or no path).  " \
-			    "Jail $_j was ignored."
 		fi
+		for _jconf_dir in $jail_conf_dirs; do
+			_jconf="${_jconf_dir}/${_j}.conf"
+			if [ -r "$_jconf" ]; then
+				_conf="$_jconf"
+				return 0
+			fi
+		done
+		warn "Invalid configuration for $_j " \
+		    "(no jail.conf, no hostname, or no path).  " \
+		    "Jail $_j was ignored."
 		return 1
 	fi
 	eval _ip=\"\$jail_${_jv}_ip\"


3: Add this to /etc/rc.conf:
jail_conf_dirs="/usr/local/etc/jails/"


4: Move jail config and fstab into /usr/local/etc/jails/
In this example, the jail is "J3", so the jail config becomes J3.conf with
the accompanying J3.fstab
root@jh03:~ # ls -l /usr/local/etc/jails/J3*
-rw-r--r--  1 root  wheel  1375 Feb 20 11:37 /usr/local/etc/jails/J3.conf
-rw-r--r--  1 root  wheel   151 Jan  9 17:12 /usr/local/etc/jails/J3.fstab


5: test things out:
root@jh03:~ # jls
   JID  IP Address      Hostname                      Path
root@jh03:~ # service jail start J3
Starting jails: J3.
root@jh03:~ # jls
   JID  IP Address      Hostname                      Path
     5                  J3.ymmv.dk                    /usr/local/jails/J3
root@jh03:~ #



So basically, by overwriting the parse_options() function with a patched
version, I can get the system to handle a jail_conf_dirs setting in rc.conf.

Now, this is an acceptable situation for me, since this is all for my
personal little herd of jails, and it's only me messing with these systems.
But it's probably not something anyone would want to pursue in a real
production environment.

As a proof of concept, however I'd say this does seem to work, and it's 
actually pretty mush exactly what I was hoping for... so "yay!" :)

Now I just have to remember to to watch out for updates to the system, so my
local version doesn't get in the way if /etc/rc.d/jail gets updated
upstream... :P

But thanks everyone, for the responses :)

br
/jon

-- 
YMMV