Page MenuHomeDevCentral

Create Uncle Slovius jail for Meteor apps testing
Closed, ResolvedPublic

Description

Create this jail to permit to test rocket.chat based on the Meteor framework.
rocket.chat repo
meteor repo

Event Timeline

amj created this task.Feb 11 2016, 18:06

DNS configuration

uncle-slovius.nasqueron.org.	86400	IN	CNAME	app1.nasqueron.org.

This is a good candidate for Drake network too:

172.27.26.35 PTR uncle-slovius.nasqueron.drake
uncle-slovius.nasqueron.drake A 172.27.26.35

Ports assign

Range 35000-35999 is reserved for Uncle Slovius jail.

Jail creation

$ ezjail-admin create uncle-slovius.nasqueron.org 'em0|172.27.26.35, em0|212.83.187.132'
[ The usual warnings about services listening to these IPs, like nginx *:80 ]
$ ezjail-admin start uncle-slovius.nasqueron.org
Starting jails: uncle-slovius.nasqueron.org.
/etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables  is obsolete.  Please consider to migrate to /etc/jail.conf.

Root and initial user account

$ jexec 5 csh
$ passwd
$ adduser
Username: amj 
Full name: Amaury J.
Uid (Leave empty for default): 
Login group [amj]:     
Login group is amj. Invite amj into other groups? []: wheel
Login class [default]: 
Shell (sh csh tcsh nologin) [sh]: 
Home directory [/home/amj]: 
Home directory permissions (Leave empty for default): 
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: 
Username   : amj
Password   : <disabled>
Full Name  : Amaury J.
Uid        : 1001
Class      : 
Groups     : amj wheel
Home       : /home/amj
Home Mode  : 
Shell      : /bin/sh
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (amj) to the user database.
Add another user? (yes/no): no
Goodbye!
$ mkdir -m 700 ~amj/.ssh
$ fetch -o ~amj/.ssh/authorized_keys http://…
$ chown -R amj ~amj/.ssh

Root password is stored in K58.

Run SSH server

$ cat >> /etc/rc.conf
sshd_enable="YES"
$ $EDITOR /etc/ssh/sshd_config
# Changed the port to 35022
$ /etc/rc.d/sshd start
Generating RSA1 host key.
2048 35:a3:9b:b2:07:99:29:fb:56:f0:46:31:a3:6a:ac:db  root@uncle-slovius.nasqueron.org (RSA1)
Generating RSA host key.
2048 46:ca:24:a0:4e:93:a3:9e:10:a6:1a:68:20:b2:69:ee  root@uncle-slovius.nasqueron.org (RSA)
Generating DSA host key.
1024 c0:1f:11:5e:21:1c:14:30:53:9d:a6:ec:2d:5b:f5:38  root@uncle-slovius.nasqueron.org (DSA)
Generating ECDSA host key.
256 c8:d0:63:30:51:12:56:69:1c:f0:27:ee:9a:07:b5:a4  root@uncle-slovius.nasqueron.org (ECDSA)
Performing sanity check on sshd configuration.
Starting sshd.

Okay, jail created and operational.

Should be reachable from Ysul through ssh -p 35022 172.27.26.35.

Edit /etc/sshd/sshd_config if you need it to be world reachable, you can listen to public IP too from the jail.

dereckson triaged this task as Normal priority.Feb 11 2016, 18:56
dereckson moved this task from Backlog to Pending review on the Servers board.
dereckson closed this task as Resolved.Feb 12 2016, 05:30

Okay network modified to use Ysul public IPs, not private IP.

So you can SSH to uncle-slovius.nasqueron.org port 35022.

$ jls | grep slovius
     3  212.83.187.132  uncle-slovius.nasqueron.org   /usr/local/jails/uncle-slovius.nasqueron.org

DNS configuration

DNS weren't configured by the way.

$ jexec 3 csh
$ host www.perdu.com
;; connection timed out; no servers could be reached
$ cat /etc/resolv.conf
cat: /etc/resolv.conf: No such file or directory
$ cat > /etc/resolv.conf
nameserver 4.2.2.1
nameserver 4.2.2.3
^D
$ host www.perdu.com
www.perdu.com has address 208.97.177.124