svn commit: r295457 - head/share/examples/jails

Devin Teske dteske at FreeBSD.org
Wed Feb 10 04:04:33 UTC 2016 

Author: dteske
Date: Wed Feb 10 04:04:31 2016
New Revision: 295457
URL: https://svnweb.freebsd.org/changeset/base/295457

Log:
  Add vnet jail configuration examples

Added:
  head/share/examples/jails/jail.xxx.conf   (contents, props changed)
  head/share/examples/jails/rc.conf.jails   (contents, props changed)
  head/share/examples/jails/rcjail.xxx.conf   (contents, props changed)
Modified:
  head/share/examples/jails/README

Modified: head/share/examples/jails/README
==============================================================================
--- head/share/examples/jails/README	Wed Feb 10 04:00:01 2016	(r295456)
+++ head/share/examples/jails/README	Wed Feb 10 04:04:31 2016	(r295457)
@@ -1,5 +1,49 @@
 # $FreeBSD$
 
-See under share/examples/netgraph for some examples of
+Sample 1: jail.conf(5)
+
+	$ cp jib jng /usr/sbin/
+	$ cat jail.xxx.conf >> /etc/jail.conf
+	$ vi /etc/jail.conf
+	# NB: Customize root directory and bridge interface
+	$ sysrc jail_enable=YES
+	# NB: Assumes jail_list="" (meaning ``all jails in jail.conf'')
+	# NB: Assumes rc_conf_files="" (``below rc.conf(5) samples not used'')
+	$ service jail start
+
+Sample 2: rc.conf(5)
+
+	$ cp jib jng /usr/sbin/
+	$ cp rc.conf.jails /etc/
+	$ vi /etc/rc.conf.jails
+	# NB: Customize root directory and bridge interface
+	$ sysrc rc_conf_files+=/etc/rc.conf.jails
+	# NB: Assumes /etc/jail.conf does not exist and jail_list=""
+	$ service jail start
+
+Sample 3: Per-jail jail.conf(5)
+
+	$ cp jib jng /usr/sbin/
+	$ cp jail.xxx.conf /etc/
+	$ vi /etc/jail.xxx.conf
+	# NB: Customize root directory and bridge interface
+	$ sysrc jail_enable=YES
+	$ sysrc jail_list+=xxx
+	# NB: Assumes rc_conf_files=""
+	$ service jail start
+
+Sample 4: Per-jail rc.conf(5)
+
+	$ cp jib jng /usr/sbin/
+	$ cp rcjail.xxx.conf /etc/
+	$ vi /etc/rcjail.xxx.conf
+	# NB: Customize root directory and bridge interface
+	$ sysrc jail_enable=YES
+	$ sysrc jail_list+=xxx
+	$ sysrc rc_conf_files+=/etc/rcjail.xxx.conf
+	# NB: Assumes neither /etc/jail.conf nor /etc/jail.xxx.conf exist
+	$ service jail start
+
+For additional recipes, see share/examples/netgraph for
 making and hooking together jails using netgraph as the
 virtual networking fabric.

Added: head/share/examples/jails/jail.xxx.conf
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/examples/jails/jail.xxx.conf	Wed Feb 10 04:04:31 2016	(r295457)
@@ -0,0 +1,35 @@
+# $FreeBSD$
+
+xxx {
+	host.hostname = "xxx.yyy";	# hostname
+	path = "/vm/xxx";		# root directory
+
+	exec.clean;
+	exec.system_user = "root";
+	exec.jail_user = "root";
+
+	#
+	# NB: Below 4-lines required
+	#
+	vnet;
+	# netgraph
+	vnet.interface = "ng0_xxx";		# vnet interface(s)
+	exec.prestart += "jng bridge xxx em0";	# bridge interface(s)
+	exec.poststop += "jng shutdown xxx";	# destroy interface(s)
+	# if_bridge
+	#vnet.interface = "e0b_xxx";		# vnet interface(s)
+	#exec.prestart += "jib addm xxx em0";	# bridge interface(s)
+	#exec.poststop += "jib destroy xxx";	# destroy interface(s)
+
+	# Standard recipe
+	exec.start += "/bin/sh /etc/rc";
+	exec.stop = "/bin/sh /etc/rc.shutdown";
+	exec.consolelog = "/var/log/jail_xxx_console.log";
+	mount.devfs;	# mount devfs
+
+	# Optional (default off)
+	#devfs_ruleset = "11";		# rule to unhide bpf for DHCP
+	#allow.mount;			# mount /etc/fstab.xxx
+	#allow.set_hostname = 1;	# Allow hostname to change
+	#allow.sysvipc = 1;		# Allow SysV Interprocess Comm.
+}

Added: head/share/examples/jails/rc.conf.jails
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/examples/jails/rc.conf.jails	Wed Feb 10 04:04:31 2016	(r295457)
@@ -0,0 +1,76 @@
+# $FreeBSD$
+
+###############################################################################
+############################# JAIL CONFIGURATIONS #############################
+###############################################################################
+
+jail_enable="YES"
+jail_list="xxx"
+
+#
+# Global presets for all jails
+#
+jail_devfs_enable="YES"		# mount devfs
+# Optional (default off)
+#jail_sysvipc_allow="YES"	# Allow SysV Interprocess Comm.
+#jail_set_hostname_allow="YES"	# Allow hostname to change
+
+#
+# To allow dhclient(8) to work inside a jail, make sure the following appears
+# in /etc/devfs.rules (which should be created if it doesn't exist):
+#
+# [devfsrules_jail=11]
+# add include $devfsrules_hide_all
+# add include $devfsrules_unhide_basic
+# add include $devfsrules_unhide_login
+# add path 'bpf*' unhide
+#
+
+############################################################ JAILS
+
+# NETGRAPH TEMPLATE (copy/pate; then replace {name} with short name for jail)
+#
+# {name}
+#
+#jail_{name}_hostname="{name}.shxd.cx"		# hostname
+#jail_{name}_rootdir="/vm/{name}"		# root directory
+#jail_{name}_vnet_interfaces="ng0_{name}"	# vnet interface(s)
+#jail_{name}_exec_prestart0="jng bridge {name} em0"	# bridge interface(s)
+#jail_{name}_exec_poststop0="jng shutdown {name}"	# destroy interface(s)
+# Optional (default off)
+#jail_{name}_devfs_ruleset="11"			# rule to unhide bpf for DHCP
+#jail_{name}_mount_enable="YES"			# mount /etc/fstab.{name}
+
+# IF_BRIDGE TEMPLATE (copy/pate; then replace {name} with short name for jail)
+#
+# {name}
+#
+#jail_{name}_hostname="{name}.shxd.cx"		# hostname
+#jail_{name}_rootdir="/vm/{name}"		# root directory
+#jail_{name}_vnet_interfaces="e0b_{name}"	# vnet interface(s)
+#jail_{name}_exec_prestart0="jib addm {name} em0"	# bridge interface(s)
+#jail_{name}_exec_poststop0="jib destroy {name}"	# destroy interface(s)
+# Optional (default off)
+#jail_{name}_devfs_ruleset="11"			# rule to unhide bpf for DHCP
+#jail_{name}_mount_enable="YES"			# mount /etc/fstab.{name}
+
+#
+# XXX
+#
+jail_xxx_hostname="xxx.yyy"			# hostname
+jail_xxx_rootdir="/vm/xxx"			# root directory
+# netgraph
+jail_xxx_vnet_interface="ng0_xxx"		# vnet interface(s)
+jail_xxx_exec_prestart0="jng bridge xxx em0"	# bridge interface(s)
+jail_xxx_exec_poststop0="jng shutdown xxx"	# destroy interface(s)
+# if_bridge
+#jail_xxx_vnet_interface="e0b_xxx"		# vnet interface(s)
+#jail_xxx_exec_prestart0="jib addm xxx em0"	# bridge interface(s)
+#jail_xxx_exec_poststop0="jib destroy xxx"	# destroy interface(s)
+# Optional (default off)
+#jail_xxx_devfs_ruleset="11"			# rule to unhide bpf for DHCP
+#jail_xxx_mount_enable="YES"			# mount /etc/fstab.xxx
+
+################################################################################
+# END
+################################################################################

Added: head/share/examples/jails/rcjail.xxx.conf
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/examples/jails/rcjail.xxx.conf	Wed Feb 10 04:04:31 2016	(r295457)
@@ -0,0 +1,25 @@
+# $FreeBSD$
+
+jail_xxx_hostname="xxx.yyy"			# hostname
+jail_xxx_rootdir="/vm/xxx"			# root directory
+
+#
+# NB: Below 3 lines required
+#
+# netgraph
+jail_xxx_vnet_interface="ng0_xxx"		# vnet interface(s)
+jail_xxx_exec_prestart0="jng bridge xxx em0"	# bridge interface(s)
+jail_xxx_exec_poststop0="jng shutdown xxx"	# destroy interface(s)
+# if_bridge
+#jail_xxx_vnet_interface="e0b_xxx"		# vnet interface(s)
+#jail_xxx_exec_prestart0="jib addm xxx em0"	# bridge interface(s)
+#jail_xxx_exec_poststop0="jib destroy xxx"	# destroy interface(s)
+
+# Standard recipe
+jail_xxx_devfs_enable="YES"			# mount devfs
+
+# Optional (default off)
+#jail_xxx_devfs_ruleset="11"			# rule to unhide bpf for DHCP
+#jail_xxx_mount_enable="YES"			# mount /etc/fstab.xxx
+#jail_xxx_set_hostname_allow="YES"		# Allow hostname to change
+#jail_xxx_sysvipc_allow="YES"			# Allow SysV Interprocess Comm.

More information about the svn-src-head mailing list