On FreeBSD servers, we can use jails to divide processes.
This change installs ezjail and configure rc.
Logic to prepare the list of jails from the pillar
is handled by a custom execution module, to avoid
code in jinja templates.
Details
Details
- Reviewers
dereckson - Commits
- rOPScd3273b0679a: Provision jails
- ezjail-admin can be used
- /etc/rc.conf.d/jail contains the list of jails
- flake8 _modules/jails.py | grep -v F821 doesn't return any issue (F821 is the undefined name issue, for pillar and grains)
Diff Detail
Diff Detail
- Repository
- rOPS Nasqueron Operations
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
| _modules/jails.py | ||
|---|---|---|
| 132 | TypeError: list indices must be integers, not tuple get_jail returns: lo:
127.0.2.2
ipv4:
212.83.187.132
ipv6:
2001:470:1f13:9e1:0:c0ff:ee:1 | |
Comment Actions
Jails can be started
$ ezjail-admin start ftp … $ ezjail-admin start mumble … $ ezjail-admin stop mumble … $ ezjail-admin start mumble … $ jls JID IP Address Hostname Path 1 127.0.2.1 ftp /usr/jails/ftp 3 127.0.2.2 mumble /usr/jails/mumble
As we use ezjail, we still have the warning rc configuration should be moved to /etc/jail.conf instead.
But that's an ezjail upstream issue.
State is no-op
$ salt-call --local state.apply roles/paas-jails local: ---------- ID: ezjail Function: pkg.installed Result: True Comment: Package ezjail is already installed Started: 12:47:02.068759 Duration: 237.566 ms Changes: ---------- ID: jails_rc_jail Function: file.managed Name: /etc/rc.conf.d/jail Result: True Comment: File /etc/rc.conf.d/jail is in the correct state Started: 12:47:02.319780 Duration: 86.771 ms Changes: ---------- ID: jails_rc_netif Function: file.managed Name: /etc/rc.conf.d/netif Result: True Comment: File /etc/rc.conf.d/netif is in the correct state Started: 12:47:02.407031 Duration: 12.603 ms Changes: ---------- ID: jails_rc_ezjail Function: file.managed Name: /etc/rc.conf.d/ezjail Result: True Comment: File /etc/rc.conf.d/ezjail is in the correct state Started: 12:47:02.420105 Duration: 12.458 ms Changes: ---------- ID: generate_basejail Function: cmd.run Name: ezjail-admin install -p Result: True Comment: /usr/jails/basejail exists Started: 12:47:02.435720 Duration: 1.792 ms Changes: ---------- ID: generate_jail_ftp Function: cmd.run Name: ezjail-admin create ftp "lo1|127.0.2.1,igb0|212.83.187.132,gif0|2001:470:1f13:9e1:0:c0ff:ee:1" Result: True Comment: /usr/jails/ftp exists Started: 12:47:02.437962 Duration: 1.677 ms Changes: ---------- ID: generate_jail_mumble Function: cmd.run Name: ezjail-admin create mumble "lo1|127.0.2.2,igb0|212.83.187.132,gif0|2001:470:1f13:9e1:0:c0ff:ee:1" Result: True Comment: /usr/jails/mumble exists Started: 12:47:02.440080 Duration: 1.657 ms Changes: ---------- ID: generate_jail_tonderon Function: cmd.run Name: ezjail-admin create tonderon "lo1|127.0.2.3,igb0|212.83.187.132,gif0|2001:470:1f13:9e1:0:c0ff:ee:7" Result: True Comment: /usr/jails/tonderon exists Started: 12:47:02.442179 Duration: 1.648 ms Changes: Summary for local ------------ Succeeded: 8 Failed: 0 ------------ Total states run: 8 Total run time: 356.172 ms