Configure jail in /etc/jail.my-jail-name.conf while allowing auto-start with "service jail start"

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Configure jail in /etc/jail.my-jail-name.conf while allowing auto-start with "service jail start"

freebsd-jail mailing list
Hi all,

as I can see, this combination simply isn't part of /etc/rc.d/jail and jail(8).
In fact, jail(8) always only reads one config file (`-f` parameter, default
/etc/jail.conf).

This also relates to why ezjail was still not ported to use jail.conf [0][1].

It would be a great fit to automated configuration management (e.g. via Ansible
or pkg POST-INSTALL scripts) because it allows overwriting complete files
instead of having to edit the global jail.conf to make changes.

Jail configured only in /etc/jail.my-jail-name.conf:

> # service jail onestart
> Starting jails:.
(nothing started because jail not recognized as configured)

Jail configured in /etc/jail.my-jail-name.conf and "mentioned" as
`jail my-jail-name {}` in /etc/jail.conf:

> # service jail onestart
> Starting jails:jail: my-jail-name: new jail must persist or attach
(this means only /etc/jail.conf was parsed)

Any way to achieve this? I assume the answer is no, so here's a suggestion:
what about having jail(8) read/merge configuration from another file?

Example:
> # cat /etc/jail.conf
> my-jail-name { config = "/etc/jail.my-jail-name.conf"; }
> # cat /etc/jail.my-jail-name.conf
> my-jail-name { ...config goes here... }

Thanks,
 Andreas

[0] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218849
[1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218849#c13 (ezjail maintainer comment)
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Configure jail in /etc/jail.my-jail-name.conf while allowing auto-start with "service jail start"

Andreas Nilsson-8
On Tue, May 15, 2018 at 1:17 PM, Andreas Sommer via freebsd-jail <
[hidden email]> wrote:

> Hi all,
>
> as I can see, this combination simply isn't part of /etc/rc.d/jail and
> jail(8).
> In fact, jail(8) always only reads one config file (`-f` parameter, default
> /etc/jail.conf).
>
> This also relates to why ezjail was still not ported to use jail.conf
> [0][1].
>
> It would be a great fit to automated configuration management (e.g. via
> Ansible
> or pkg POST-INSTALL scripts) because it allows overwriting complete files
> instead of having to edit the global jail.conf to make changes.
>
> Jail configured only in /etc/jail.my-jail-name.conf:
>
> > # service jail onestart
> > Starting jails:.
> (nothing started because jail not recognized as configured)
>
> Jail configured in /etc/jail.my-jail-name.conf and "mentioned" as
> `jail my-jail-name {}` in /etc/jail.conf:
>
> > # service jail onestart
> > Starting jails:jail: my-jail-name: new jail must persist or attach
> (this means only /etc/jail.conf was parsed)
>
> Any way to achieve this? I assume the answer is no, so here's a suggestion:
> what about having jail(8) read/merge configuration from another file?
>
> Example:
> > # cat /etc/jail.conf
> > my-jail-name { config = "/etc/jail.my-jail-name.conf"; }
> > # cat /etc/jail.my-jail-name.conf
> > my-jail-name { ...config goes here... }
>
> Thanks,
>  Andreas
>
>
Hello Andreas,

at least on -CURRENT the files are read as long as the jail names are in
jail_list in rc.conf.

It is though somewhat frustrating that you do not get defaults set in
jail.conf, so you need to specify stuff like persist in jail.$name.conf

Best regards
Andreas
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"