2020-10 upd: we reached the first fundraising goal and rented a server in Hetzner for development! Thank you for donating !
Attention! Current pages describe CBSD version 13.0.x. If you are using an older version, please update first.
Attention! I apologize for the automatic translation of this text. You can improve it by sending me a more correct version of the text or fix html pages via GITHUB repository.
Profiles for jail creation
Command: jcreate
% cbsd jcreate
Description
Suppose you need to create a series of alike jails which all require a certain set of software and configuration,for example an environment with running an nginx http server with a custom index.html. One way to achieve this is to create a jail (eg jail1), perform all necessary adjustments and do a jexport. Afterwards whenever you need a new instance, run the command:
% cbsd jimport jname=jail1 newjname=jail2
This creates an image on the basis of jail1 called jail2. Another way to get similar results is making use of jclone. However, it is not always convenient (especially in terms of keeping software up to date in the original jail). Another way is to to apply profiles and alternative skel-directories for applications we need to change on the fly when creating fresh jails.
Example:
1) Write jconf:
If you want to create a non-interactive scripts, create a template from which to create new a jail. To do this, run cbsd jconstruct-tui and when asked if you want to create the jail immediately select not to. In this case, the command to be withdrawn for jcreate and the path to jconf - this is the configuration for which you are creating the jail. Alternatively, it is possible to write manually, for example:
% mkdir /root/share % cat > /root/share/nginx.jconf << EOF jname="jail1"; path="/usr/jails/jails/jail1"; host_hostname="jail1.my.domain"; ip4_addr="DHCP"; mount_devfs="1"; allow_mount="1"; allow_devfs="1"; allow_nullfs="1"; mount_fstab="/usr/jails/jails-fstab/fstab.jail1"; arch="amd64"; mkhostsfile="1"; devfs_ruleset="4"; ver="10.1"; basename=""; baserw="0"; mount_src="0"; mount_obj="0"; mount_kernel="0"; mount_ports="1"; astart="1"; data="/usr/jails/jails-data/jail1-data"; vnet="0"; applytpl="1"; mdsize="0"; rcconf="/usr/jails/jails-rcconf/rc.conf_jail1"; floatresolv="1"; exec_poststart="0"; exec_poststop=""; exec_prestart="0"; exec_prestop="0"; exec_master_poststart="0"; exec_master_poststop="0"; exec_master_prestart="0"; exec_master_prestop="0"; pkg_bootstrap="1"; user_pw_root='rootpw' interface="auto" jailskeldir="/root/share/nginx-jail" pkglist="/root/share/pkglist.txt"; exec_start="/bin/sh /etc/rc" exec_stop="/bin/sh /etc/rc.shutdown" EOF
Where the most important for us:
- jail1 - jail name
- user_pw_root - parameter sets the appropriate root password (you can generate password file instead in skel-dir)
- ip4_addr="DHCP" - causes CBSD take the first free IP range of nodepool
- jailskeldir="/root/share/nginx-jail" - alternative path to skel-dir, applied after the jail creation
- pkglist="/root/share/pkglist.txt" - path to a file that defines a set of software in the cell when it is created
2) Write pkglist.txt
Just listed origin or packagename of software that want to get in the jail:
% cat > /root/share/pkglist.txt << EOF www/nginx shells/bash EOF
3) skel-directories
Custimize directories of additional files that are copied to the jail. Namely - prescribe nginx in rc.conf inside the jail and push into /usr/local/www/nginx/index.html some text to output:
% cp -a /usr/local/cbsd/share/jail-skel /root/share/nginx-jail % mkdir -p /root/share/nginx-jail/usr/local/www/nginx % cat > /root/share/nginx-jail/usr/local/www/nginx/index.html << EOF <html> <body> <pre> It's been a hard day's night And I've been working like a dog It's been a hard day's night I should be sleeping like a log </pre> </body> </html> EOF % sysrc -f /root/share/nginx-jail/etc/rc.conf nginx_enable="YES"
4) the creation and launch
Create a environment, run and check:
% cbsd jcreate jconf=/root/share/nginx.jconf % cbsd jstart jail1 % curl http://X.Y.N.M It's been a hard day's night And I've been working like a dog It's been a hard day's night I should be sleeping like a log
Profiles for jconstruct-tui
If you want to manually create these jails, choosing when it should be necessary skel-directories or the default settings, create the directory $workdir/etc file named jail-freebsd-XXXX.conf with minimum content:
jail_profile="XXX"
where XXX - name of the profile. Profile vnet in CBSD is created as an example, you see it in $workdir/etc/defaults/jail-freebsd-vnet.conf
In turn, it overwrites the default values from the profile defaults: jail-freebsd-default.conf
If you rarely use the default profile and want to CBSD default offered at your profile, change the value default_profile putting it in the name of your profile:
echo 'default_profile="XXX"' > ~cbsd/etc/jail-freebsd-default.conf
Please note that the files in the $workdir/etc/defaults can not be edited - as well as in the /etc/defaults. If you want to override the default values, copy the directory $workdir/etc/defaults file with the same name in the directory $workdir/etc and change