Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* base-jailhost ensures that the service host has necessary infrastructure installed and configured (ezjail) * jail role is to be used to create jails on the jail host * remove ezjail.flavour file (we do not use it at the moment) * do not enable 'jail' service, enable 'ezjail' instead * use 'ftp.freebsd.org' (for some reason I had problems with freebsd.isc.org) * do not install lib32 stuff in ports tree * introduce a number of base-jailhost variables to avoid typing errors
- Loading branch information
Mikhail Sobolev
committed
Dec 30, 2014
1 parent
f075e58
commit 217148a
Showing
8 changed files
with
66 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,10 @@ | ||
--- | ||
# Directory where jails are created | ||
ezjail_jaildir: /usr/local/jail | ||
jail_log_dir: /var/log/jail | ||
# Directory where the ezjail-admin keeps jail configuration files | ||
ezjail_conf_dir: /usr/local/etc/ezjail | ||
# Main ezjail configuration file | ||
ezjail_conf_file: /usr/local/etc/ezjail.conf | ||
# NOTE: these two are different | ||
ezjail_base_jail: base | ||
ezjail_default_flavour: base |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
--- | ||
dependencies: | ||
- base-jailhost | ||
allow_duplicates: yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,24 @@ | ||
--- | ||
# Most bits on the file system use the safename instead of the full name. | ||
- name: Set jail safename | ||
shell: echo -n '{{ name }}' | tr -c '[:alnum:]' _ | ||
register: jail_safename | ||
changed_when: false | ||
|
||
- name: Install jail | ||
command: "ezjail-admin create -f base {{ name }} {{ ip_address|join(',') }}" | ||
- name: create jail | ||
command: "ezjail-admin create -f {{ ezjail_default_flavour }} {{ name }} {{ ip_address|join(',') }}" | ||
args: | ||
creates: '/usr/local/etc/ezjail/{{ jail_safename.stdout }}' | ||
creates: "{{ ezjail_conf_dir }}/{{ name }}" | ||
register: jail_created | ||
|
||
- name: Add jail to jail.conf | ||
- name: set jail's hostname | ||
lineinfile: | ||
line: '{{ jail_safename.stdout }} { host.hostname = "{{ hostname }}"; path = "{{ ezjail_jaildir }}/{{ name }}"; ip4.addr += "{{ ip_address|join(",") }}"; exec.clean; exec.system_user = "root"; exec.jail_user = "root"; exec.start += "/bin/sh /etc/rc"; exec.stop = ""; exec.consolelog = "/var/log/jail/{{ jail_safename.stdout }}"; mount.devfs; mount.fstab = "/etc/fstab.{{ jail_safename.stdout }}"; allow.set_hostname = 0; allow.sysvipc = 0; allow.raw_sockets = 0; jid = {{ jid }} ; }' | ||
state: present | ||
regexp: '^\s*{{ jail_safename.stdout }}\s*\{' | ||
dest: /etc/jail.conf | ||
create: yes | ||
dest: "{{ ezjail_conf_dir }}/{{ name }}" | ||
regexp: "^export jail_{{ name }}_hostname=" | ||
line: 'export jail_{{ name }}_hostname="{{ hostname }}"' | ||
when: jail_created|changed | ||
|
||
- name: check if the jail is running | ||
shell: "jls -j {{ name }} > /dev/null 2>&1" | ||
ignore_errors: True | ||
register: jail_running | ||
|
||
- name: start the jail | ||
command: "ezjail-admin start {{ name }}" | ||
when: jail_running|failed | ||
|
||
# vim:ts=2:sw=2:noai:nosi |