Defaults in jail.conf not applied if jail block is not existing

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Defaults in jail.conf not applied if jail block is not existing

Luca Pizzamiglio-2
Hi all,

I have 2 silly questions and I think I know the answer.
I'd like to use the command line jail tool start and configure my jails;
however, I'd like to have defaults set up in a central place.

I thought I could put those defaults in /etc/jail.conf and then dynamically
create my jails with the cli tool.
However, if the jail create (or stop) is not explicitly listed in
jail.conf, the defaults are not applied.
If I add an empty configuration block, then the default values are applied.

Is this an intended behavior?

The second question is about not persistent jails.
Once all processes in the jail exits, the jail is automatically destroyed.
However, without invoking jail -r , there is no way (that I'm aware of) to
invoke a poststop script automatically.
Is there a workaround or a suggested way to have a callback/script invoked
when a jail disappear? (currently, I'm not happily considering a cronjob as
a solution)

Thanks in advance for the support!

Best regards.
pizzamig@
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Defaults in jail.conf not applied if jail block is not existing

James Gritton
If I'm reading it right, then yes the behavior on creating jails if
intended.  The defaults in jail.conf are only defaults to the jails listed
in jail.conf, not defaults to command-line-generated jails.  So even if you
only include an empty block for the jail, it then is a jail.conf jail and
not a command-line jail.

For the non-persistent jail poststop scripts, the only way to run them
outside the jail is to have a process outside the jail to run them from.
Cron isn't a perfect solution, but a pretty workable one.  If your jail has
a single process that runs from start to finish (i.e. not something like a
typical "command=sh /etc/rc"), then you could simply have a subshell that
runs the jail and then runs the poststop script itself:
# (jail -c name=foo command=sleep 10; echo doing cleanup) &

You may be interested in the suggested patch for jail notifications in
devctl.  That way, a jail-watch process can tell when jails start and stop.

- Jamie

On Fri, Jul 19, 2019 at 10:29 AM Luca Pizzamiglio <[hidden email]>
wrote:

> Hi all,
>
> I have 2 silly questions and I think I know the answer.
> I'd like to use the command line jail tool start and configure my jails;
> however, I'd like to have defaults set up in a central place.
>
> I thought I could put those defaults in /etc/jail.conf and then dynamically
> create my jails with the cli tool.
> However, if the jail create (or stop) is not explicitly listed in
> jail.conf, the defaults are not applied.
> If I add an empty configuration block, then the default values are applied.
>
> Is this an intended behavior?
>
> The second question is about not persistent jails.
> Once all processes in the jail exits, the jail is automatically destroyed.
> However, without invoking jail -r , there is no way (that I'm aware of) to
> invoke a poststop script automatically.
> Is there a workaround or a suggested way to have a callback/script invoked
> when a jail disappear? (currently, I'm not happily considering a cronjob as
> a solution)
>
> Thanks in advance for the support!
>
> Best regards.
> pizzamig@
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "[hidden email]"
>
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Defaults in jail.conf not applied if jail block is not existing

Luca Pizzamiglio-2
Hi Jamie,
Thanks for the quick answer. I guess I have to decide to go full
command-line or full jail.conf.
The devctl patch seems pretty cool. Actually, I like the idea to have a
jaild daemon that take care of all the pre/post start/stop stuff, doable if
the devctl notifications system is in place, but it adds more complexity.
Probably, it's something I can work on in the future, even if it can
overlap with what an orchestrator does.

Thanks again for the support
Best regards,
pizzamig@

On Sat, Jul 20, 2019 at 12:01 AM James Gritton <[hidden email]> wrote:

> If I'm reading it right, then yes the behavior on creating jails if
> intended.  The defaults in jail.conf are only defaults to the jails listed
> in jail.conf, not defaults to command-line-generated jails.  So even if you
> only include an empty block for the jail, it then is a jail.conf jail and
> not a command-line jail.
>
> For the non-persistent jail poststop scripts, the only way to run them
> outside the jail is to have a process outside the jail to run them from.
> Cron isn't a perfect solution, but a pretty workable one.  If your jail has
> a single process that runs from start to finish (i.e. not something like a
> typical "command=sh /etc/rc"), then you could simply have a subshell that
> runs the jail and then runs the poststop script itself:
> # (jail -c name=foo command=sleep 10; echo doing cleanup) &
>
> You may be interested in the suggested patch for jail notifications in
> devctl.  That way, a jail-watch process can tell when jails start and stop.
>
> - Jamie
>
> On Fri, Jul 19, 2019 at 10:29 AM Luca Pizzamiglio <[hidden email]>
> wrote:
>
>> Hi all,
>>
>> I have 2 silly questions and I think I know the answer.
>> I'd like to use the command line jail tool start and configure my jails;
>> however, I'd like to have defaults set up in a central place.
>>
>> I thought I could put those defaults in /etc/jail.conf and then
>> dynamically
>> create my jails with the cli tool.
>> However, if the jail create (or stop) is not explicitly listed in
>> jail.conf, the defaults are not applied.
>> If I add an empty configuration block, then the default values are
>> applied.
>>
>> Is this an intended behavior?
>>
>> The second question is about not persistent jails.
>> Once all processes in the jail exits, the jail is automatically destroyed.
>> However, without invoking jail -r , there is no way (that I'm aware of) to
>> invoke a poststop script automatically.
>> Is there a workaround or a suggested way to have a callback/script invoked
>> when a jail disappear? (currently, I'm not happily considering a cronjob
>> as
>> a solution)
>>
>> Thanks in advance for the support!
>>
>> Best regards.
>> pizzamig@
>> _______________________________________________
>> [hidden email] mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
>> To unsubscribe, send any mail to "[hidden email]"
>>
>
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"