Page MenuHomeDevCentral

Create Uncle Slovius jail for Meteor apps testing
Closed, ResolvedPublic


Create this jail to permit to test based on the Meteor framework. repo
meteor repo

Event Timeline

amj created this task.Feb 11 2016, 18:06

DNS configuration	86400	IN	CNAME

This is a good candidate for Drake network too: PTR uncle-slovius.nasqueron.drake
uncle-slovius.nasqueron.drake A

Ports assign

Range 35000-35999 is reserved for Uncle Slovius jail.

Jail creation

$ ezjail-admin create 'em0|, em0|'
[ The usual warnings about services listening to these IPs, like nginx *:80 ]
$ ezjail-admin start
Starting jails:
/etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables  is obsolete.  Please consider to migrate to /etc/jail.conf.

Root and initial user account

$ jexec 5 csh
$ passwd
$ adduser
Username: amj 
Full name: Amaury J.
Uid (Leave empty for default): 
Login group [amj]:     
Login group is amj. Invite amj into other groups? []: wheel
Login class [default]: 
Shell (sh csh tcsh nologin) [sh]: 
Home directory [/home/amj]: 
Home directory permissions (Leave empty for default): 
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: 
Username   : amj
Password   : <disabled>
Full Name  : Amaury J.
Uid        : 1001
Class      : 
Groups     : amj wheel
Home       : /home/amj
Home Mode  : 
Shell      : /bin/sh
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (amj) to the user database.
Add another user? (yes/no): no
$ mkdir -m 700 ~amj/.ssh
$ fetch -o ~amj/.ssh/authorized_keys http://…
$ chown -R amj ~amj/.ssh

Root password is stored in K58.

Run SSH server

$ cat >> /etc/rc.conf
$ $EDITOR /etc/ssh/sshd_config
# Changed the port to 35022
$ /etc/rc.d/sshd start
Generating RSA1 host key.
2048 35:a3:9b:b2:07:99:29:fb:56:f0:46:31:a3:6a:ac:db (RSA1)
Generating RSA host key.
2048 46:ca:24:a0:4e:93:a3:9e:10:a6:1a:68:20:b2:69:ee (RSA)
Generating DSA host key.
1024 c0:1f:11:5e:21:1c:14:30:53:9d:a6:ec:2d:5b:f5:38 (DSA)
Generating ECDSA host key.
256 c8:d0:63:30:51:12:56:69:1c:f0:27:ee:9a:07:b5:a4 (ECDSA)
Performing sanity check on sshd configuration.
Starting sshd.

Okay, jail created and operational.

Should be reachable from Ysul through ssh -p 35022

Edit /etc/sshd/sshd_config if you need it to be world reachable, you can listen to public IP too from the jail.

dereckson triaged this task as Normal priority.Feb 11 2016, 18:56
dereckson moved this task from Backlog to Pending review on the Servers board.
dereckson closed this task as Resolved.Feb 12 2016, 05:30

Okay network modified to use Ysul public IPs, not private IP.

So you can SSH to port 35022.

$ jls | grep slovius
     3   /usr/local/jails/

DNS configuration

DNS weren't configured by the way.

$ jexec 3 csh
$ host
;; connection timed out; no servers could be reached
$ cat /etc/resolv.conf
cat: /etc/resolv.conf: No such file or directory
$ cat > /etc/resolv.conf
$ host has address