[RFC] Ideas for new distribuition: base-jail

From: Ricardo A. Reis <ricardo_bsd_at_yahoo.com.br>
Date: Tue, 11 Apr 2006 16:56:56 -0300
Brian and Anish,

    I don't have any prototyping for this, but is not a problem i public
my idea for collect opnions and new possibilities , i think that  
integration with makefile is
very useful because FreeBSD Community is accustomed with make options.
    Using makefile approach is very easy integrate ncurse menu  `OPTIONS`  
like ports for interact create, the make variables in non-interactive  
create is easy set for include  file, like this


while read DESTDIR JNAME JROOT JHOSTNAME JIP;do
	cd $(DISTBASE)/base && ./install.sh DESTDIR=$(DESTDIR) >/tmp/jail.XXXXX  
2>&1 &
       exec 3<&0
       exec >> $RCCONFJAIL
	cat <<EOF
       jail_list="${JNAME}"
       jail_${JNAME}_rootdir="${JROOT}"
       jail_${JNAME}_hostname="${JHOSTNAME}"
       jail_${JNAME}_ip="${JIP}"
       jail_${JNAME}_exec_start="/bin/sh /etc/rc"
       jail_${JNAME}_exec_stop="/bin/sh /etc/rc.shutdown"
       jail_${JNAME}_devfs_enable="YES"
       jail_${JNAME}_devfs_ruleset="devfsrules_jail"
EOF
       exec 0<&3
       exec 3<&-
done < $JAILIST

   Is simple sample for create multi jails in paralel, is very interesting  
feature for create many jails.
   Anish i will reading your script in next week, i think in next steep is  
create
a list the programs for base-jail

   Any ideas for this ?

Thanks

  Ricardo A. Reis
  UNIFESP
  Unix and Network Admin


On Tuesday 11 April 2006 08:38, Brian Candler wrote:
> On Mon, Apr 10, 2006 at 05:27:18PM -0300, Ricardo A. Reis wrote:
> >    I think in one new distribution, this idea is for decrease
> > create time for start jails after release install, the base-jail
> > is distribute in CD1. After install RELEASE and update with
> > freebsd-update a admin create a jail
> > with ( cd /usr/local/base-jail; make jail DESTDIR=/XXXX ) very
> > fast
>
> How about prototyping this? I offer as a starting point:
>
> -- 8<
> --------------------------------------------------------------
> DISTBASE?=/cdrom
> DESTDIR?=.
> jail:
> 	cd $(DISTBASE)/base && ./install.sh DESTDIR=$(DESTDIR)
> -- 8<
> --------------------------------------------------------------
>
> What else does it need to have? I guess you could automatically add
> jail_* entries in /etc/rc.conf, but it would need to prompt for
> several pieces of information in order to be able to set them all.
>
>     jail_enable="YES"
>     jail_list="foo"
>     jail_foo_rootdir="/XXXX"
>     jail_foo_hostname="foo.example.com"
>     jail_foo_ip="192.168.1.1"
>     jail_foo_exec_start="/bin/sh /etc/rc"
>     jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
>     jail_foo_devfs_enable="YES"
>     jail_foo_devfs_ruleset="devfsrules_jail"
>
> You might also want to prompt for, and set, the jail's root
> password.
>
> You could copy some key files from the host environment assuming
> they will be the same within the jail (e.g. /etc/resolv.conf,
> /etc/hosts, /etc/localtime)
>
> You might also want a template directory for other files to be
> installed into the jail (e.g. /etc/rc.conf might have
> sshd_enable="YES" as its default), but the contents of these files
> are likely to be very specific to your particular needs. The same
> goes for installing additional distribution sets or packages.
> Perhaps the jail builder could invoke sysinstall somehow, such that
> it can be driven from an install.cfg script.
This isn't done in a Makefile, but a normal shell script but it's what
I use to setup jails.  It makes setup incredibly simple.  Run it and
follow the prompts, the non-interactive mode doesn't work yet.
http://am-productions.biz/docs/make-jail.sh

I just updated it to work with the /etc/rc.d/jail changes in CURRENT
so it might be broken to everything else.  An MFC should be imminent
for RELENG_6.

I intentionally omitted adding jail_enable="YES" to rc.conf to force
the user to actually know what they're enabling.


		
_______________________________________________________ 
Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no celular e anti-spam realmente eficaz. 
http://br.info.mail.yahoo.com/
Received on Tue Apr 11 2006 - 20:56:58 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:54 UTC