add new post about jails
This commit is contained in:
parent
4ef7c18c69
commit
5f2b36542c
|
@ -0,0 +1,103 @@
|
|||
+++
|
||||
title = "gotchas with IPs and Jails"
|
||||
date = "2016-06-26T19:00:00+00:00"
|
||||
author = "Gibheer"
|
||||
draft = false
|
||||
+++
|
||||
|
||||
Through some problems with installing postfix and opensmtpd at the same time, I
|
||||
again had the need to invest some time into FreeBSD Jails.
|
||||
|
||||
As I had some problems with the IP allocation, I document what I found out here.
|
||||
|
||||
First and foremost, I think I could have had it easier using VIMAGE/vnet, but that
|
||||
still isn't enabled per default on 10.2 and 10.3, the versions I tested.
|
||||
|
||||
The following settings are for the jail.conf system, but can also be used on the
|
||||
command line.
|
||||
|
||||
## configure an IP
|
||||
|
||||
The easiest setup is to define an IP on any interface and tell the jail system
|
||||
to use a specific one.
|
||||
|
||||
For this example, I use the `prestart` command to define the IP on any interface.
|
||||
|
||||
```
|
||||
# define on a public interface
|
||||
jail1 {
|
||||
exec.prestart = "ifconfig em0 192.168.1.2 alias";
|
||||
ip4.addr = 192.168.1.2;
|
||||
}
|
||||
|
||||
# define on loopback
|
||||
jail2 {
|
||||
exec.prestart = "ifconfig lo0 192.168.1.3 alias";
|
||||
ip4.addr = 192.168.1.3;
|
||||
}
|
||||
|
||||
# reuse 127.0.0.1 from the host
|
||||
jail3 {
|
||||
ip4.addr = 127.0.0.1;
|
||||
}
|
||||
```
|
||||
Using this mechanism, the IP is left alone when starting or stopping the jail.
|
||||
|
||||
## configure an IP on an interface
|
||||
|
||||
When specifing an IP together with an interface, jails will take over the
|
||||
life management. When the jail is started the IP is created and when stopping
|
||||
the jail, the IP is removed.
|
||||
|
||||
The following will show some ways how to do that:
|
||||
|
||||
```
|
||||
# set an IP on a public interface
|
||||
jail1 {
|
||||
ip4.addr = em0|192.168.1.2;
|
||||
}
|
||||
|
||||
# define a loopback address
|
||||
jail2 {
|
||||
ip4.addr = lo0|192.168.1.3;
|
||||
}
|
||||
```
|
||||
|
||||
There is also the `interface` option, which can be used to pin every IP to that
|
||||
specific interface.
|
||||
|
||||
```
|
||||
# define two addresses on the same interface, maintained by the jail system
|
||||
jail1 {
|
||||
interface = em0;
|
||||
ip4.addr = 192.168.1.10, 127.0.0.1;
|
||||
}
|
||||
```
|
||||
|
||||
This should be used when an IP is not used by the host or another jail. The
|
||||
following example would destroy the loopback address on shutdown:
|
||||
|
||||
```
|
||||
# removes localhost at jail shutdown
|
||||
jail1 {
|
||||
ip4.addr = lo0|127.0.0.1;
|
||||
}
|
||||
```
|
||||
|
||||
## mixing both options
|
||||
|
||||
In the case of poudriere, you have to mix both options. Poudriere wants to put
|
||||
`127.0.0.1` and `::1` into the child jails, so that these have to be defined
|
||||
in the poudriere jail too.
|
||||
|
||||
If other IPs are also needed, this can be done with the `ip4.addr` and `ip6.addr`
|
||||
options.
|
||||
|
||||
```
|
||||
# manage 192.168.1.11 using jails and use localhost unmanaged
|
||||
jail1 {
|
||||
ip4.addr = em0|192.168.1.11, 127.0.0.1;
|
||||
}
|
||||
```
|
||||
|
||||
Hope that helps to clarify, what exactly each option does.
|
Loading…
Reference in New Issue