Re: /etc/jail.conf documentation?
On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: > Valeri Galtsev wrote: > > Dear All, > > > > Can someone recommend something similar to FreeBSD handbook that > > describes > > building jails for newer systems meaning /etc/jail.conf as opposed to > > /etc/rc.conf which handbook currently has in its jails chapter. I > > still > > have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is > > time > > to build 10.x production boxes, and do things modern way (implying > > /etc/jail.conf). I still intend to keep building jails "old fashion > > way" > > as described in handbook, as opposed to using tools "ezjail" or > > similar. > > > > Thanks for all your advises! > > > > Valeri > > > > Check out the jail-primer and qjail port. (adding freebsd-jail list) Ernie, I don't think that this is what Valeri was looking for. Those are both jail-management utilities not really documentation on using jail(8) via configuration using jail.conf(5). I would be indeed be interested in a modern best-practices guide for using the base system jail management tools. smime.p7s Description: S/MIME cryptographic signature
Re: /etc/jail.conf documentation?
On Wed, October 28, 2015 1:41 pm, Michael B. Eichorn wrote: > On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: >> Valeri Galtsev wrote: >> > Dear All, >> > >> > Can someone recommend something similar to FreeBSD handbook that >> > describes >> > building jails for newer systems meaning /etc/jail.conf as opposed to >> > /etc/rc.conf which handbook currently has in its jails chapter. I >> > still >> > have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is >> > time >> > to build 10.x production boxes, and do things modern way (implying >> > /etc/jail.conf). I still intend to keep building jails "old fashion >> > way" >> > as described in handbook, as opposed to using tools "ezjail" or >> > similar. >> > >> > Thanks for all your advises! >> > >> > Valeri >> > >> >> Check out the jail-primer and qjail port. > > (adding freebsd-jail list) > > Ernie, I don't think that this is what Valeri was looking for. Those are > both jail-management utilities not really documentation on using jail(8) > via configuration using jail.conf(5). > > I would be indeed be interested in a modern best-practices guide for > using the base system jail management tools. Michael, thanks for your comment. You certainly are right. Ernie, thanks for your pointers. They are not exactly a chapter on how to do the whole jail manually new style - exactly as Michael says - similar to what is found in FreeBSD handbook (alas, for old style). However, thanks to your pointer, I've found http://jail-primer.sourceforge.net/ which at a first glance looks comprehensive and decent reading, and combined with my experience of setting up jails "by the book" in the past, is sufficient for me to do the same /etc/jail.conf way - I've got one running already; it will need some careful walkover sill, but I'm in business. Thanks again for your insights and help, Ernie and Michael! Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Ip not configured on local interface
>Hello, > >I'm running a FreeBSD 10.2 system and running jails created by ezjail. >I'm getting an error on jail creation that the IP selected for the >jail is not configured on any local interface, for example >192.168.0.1. > >This machine has only a single NIC connected to the network and I'm >cloning it repeatedly to a lo1 interface. > >After reading list traffic I'm wondering if my method, which I last >used several years back in the 5.4 days, is no longer valid. >Performance on my jails is sluggish, sometimes they have a hard time >reaching the internet sometimes they don't work at all, for example I >have a caching nameserver defined on the 192.168.x.x subnet and jails >on that subnet can't reach it. > >Is there something better out there than ezjail? If so, how hard will >it be to migrate configurations over? I've got two jails, the first >the caching nameserver, the second a web server/test server with a >great many packages. > >Thanks. >Dave. Hi Dave, So you cloned lo1, is the IP of the error proned jail an alias address on the lo1 interface or do any interface reside on the subnet 192.168.0.0/24 here is my lo1 interface that my ezjail's use. One alias for each jail. lo1: flags=8049metric 0 mtu 16384 options=63 inet 172.16.1.2 netmask 0x inet 172.16.1.3 netmask 0x inet 172.16.1.4 netmask 0x inet 172.16.1.5 netmask 0x inet 172.16.1.6 netmask 0x inet 172.16.1.7 netmask 0x inet 172.16.1.8 netmask 0x inet 172.16.1.9 netmask 0x inet 172.16.1.10 netmask 0x nd6 options=29 Regards James ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Ip not configured on local interface
Hello, I'm running a FreeBSD 10.2 system and running jails created by ezjail. I'm getting an error on jail creation that the IP selected for the jail is not configured on any local interface, for example 192.168.0.1. This machine has only a single NIC connected to the network and I'm cloning it repeatedly to a lo1 interface. After reading list traffic I'm wondering if my method, which I last used several years back in the 5.4 days, is no longer valid. Performance on my jails is sluggish, sometimes they have a hard time reaching the internet sometimes they don't work at all, for example I have a caching nameserver defined on the 192.168.x.x subnet and jails on that subnet can't reach it. Is there something better out there than ezjail? If so, how hard will it be to migrate configurations over? I've got two jails, the first the caching nameserver, the second a web server/test server with a great many packages. Thanks. Dave. ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: /etc/jail.conf documentation?
> Am 28.10.2015 um 22:05 schrieb Miroslav Lachman <000.f...@quip.cz>: > > Valeri Galtsev wrote on 10/28/2015 21:25: >> >> On Wed, October 28, 2015 1:41 pm, Michael B. Eichorn wrote: >>> On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: Valeri Galtsev wrote: > Dear All, > > Can someone recommend something similar to FreeBSD handbook that > describes > building jails for newer systems meaning /etc/jail.conf as opposed to > /etc/rc.conf which handbook currently has in its jails chapter. I > still > have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is > time > to build 10.x production boxes, and do things modern way (implying > /etc/jail.conf). I still intend to keep building jails "old fashion > way" > as described in handbook, as opposed to using tools "ezjail" or > similar. > > Thanks for all your advises! > > Valeri > Check out the jail-primer and qjail port. >>> >>> (adding freebsd-jail list) >>> >>> Ernie, I don't think that this is what Valeri was looking for. Those are >>> both jail-management utilities not really documentation on using jail(8) >>> via configuration using jail.conf(5). >>> >>> I would be indeed be interested in a modern best-practices guide for >>> using the base system jail management tools. >> >> Michael, thanks for your comment. You certainly are right. >> >> Ernie, thanks for your pointers. They are not exactly a chapter on how to >> do the whole jail manually new style - exactly as Michael says - similar >> to what is found in FreeBSD handbook (alas, for old style). However, >> thanks to your pointer, I've found http://jail-primer.sourceforge.net/ >> which at a first glance looks comprehensive and decent reading, and >> combined with my experience of setting up jails "by the book" in the past, >> is sufficient for me to do the same /etc/jail.conf way - I've got one >> running already; it will need some careful walkover sill, but I'm in >> business. > > You can do your work with jails the same way (creation, updating, > upgrading...). You just need to convert your rc.conf configuration in to > jail.conf, which is more flexible. > Automatic conversion (by rc.d/jail from FreeBSD 10.x) didn't work for me. > Manual creation of jail.conf was easy. we currently use ezjail and on other boxes we roughly do it like this: http://savagedlight.me/2014/03/14/freebsd-jail-server-with-zfs-clone-and-jail-conf/ at least, that’s pretty close to how we do it. On UFS based systems we use cpdup instead of the ZFS cloning. For upgrades, we use Matt Simerson’s very nice `jailmanage` script: https://www.tnpi.net/computing/freebsd/jail_manage.txt which is pretty straight forward and just helps you with things (running freebsd-update etc) and doesn’t lock you in. Our jail.conf looks like this: -- exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; mount.devfs; path = "/usr/jails/$name“; jailname { host.hostname = 'jailname'; ip4.addr = x.x.x.x; } -- and then we just repeat the jailname-blocks. `jailmanage` expects each block to start like this. HTH, Philip ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Ip not configured on local interface
On 2015-10-28 17:04, David Mehler wrote: > Hello, > > I'm running a FreeBSD 10.2 system and running jails created by ezjail. > I'm getting an error on jail creation that the IP selected for the > jail is not configured on any local interface, for example > 192.168.0.1. > > This machine has only a single NIC connected to the network and I'm > cloning it repeatedly to a lo1 interface. > > After reading list traffic I'm wondering if my method, which I last > used several years back in the 5.4 days, is no longer valid. > Performance on my jails is sluggish, sometimes they have a hard time > reaching the internet sometimes they don't work at all, for example I > have a caching nameserver defined on the 192.168.x.x subnet and jails > on that subnet can't reach it. > > Is there something better out there than ezjail? If so, how hard will > it be to migrate configurations over? I've got two jails, the first > the caching nameserver, the second a web server/test server with a > great many packages. > > Thanks. > Dave. > ___ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" > In ezjail, if you just define the IP address as lo1|192.168.0.1 the jail system will automatically create the alias on that interface when the jail starts, and remove it when the jail stops. It is much easier than manually managing the interfaces. -- Allan Jude signature.asc Description: OpenPGP digital signature