FreeBSD Jail Task Driver

Task driver for FreeBSD jails.

• Website: https://www.nomadproject.io

Requirements

• Nomad 0.9+
• Go 1.11 (to build the provider plugin)
• FreeBSD 12.0-RELEASE Should work with 11
• Consul

Installation

Install(and compile) the jail-task-driver binary and put it in plugin_dir and then add a plugin "jail-task-driver" {} line in your nomad config file.

go get github.com/cneira/jail-task-driver
cp $GOPATH/bin/jail-task-driver YOURPLUGINDIR

Then in your nomad config file, set

plugin "jail-task-driver" {}

In developer/test mode(nomad agent -dev) , plugin_dir is unset it seems, so you will need to mkdir plugins and then copy the jail-task-driver binary to plugins and add a plugins_dir = "path/to/plugins" to the above config file. then you can run it like:

nomad agent -dev -config nomad.config

For more details see the nomad docs.

Parameters

Parameters used by the driver support most of JAIL(8) functionality, parameter names closely match the ones in JAIL(8).

Parameters documentation

Examples

Basic jail

job "test" {
  datacenters = ["dc1"]
  type        = "service"

  group "test" {
    restart {
      attempts = 0
      mode     = "fail"
    }

    task "test01" {
      driver = "jail-task-driver"

      config {
        Path    = "/zroot/iocage/jails/myjail/root"
	Persist  = true
	Ip4_addr = "192.168.1.102"
      }
    }
  }
}

Vnet jail example

job "vnet-example" {
  datacenters = ["dc1"]
  type        = "service"

  group "test" {
    restart {
      attempts = 0
      mode     = "fail"
    }

    task "test01" {
      driver = "jail-task-driver"

      config {
        Path    = "/zroot/iocage/jails/myjail/root"
	Persist  = true
 	Host_hostname = "mwl.io"
	Exec_clean = true	
	Exec_start = "sh /etc/rc"
	Exec_stop = "sh /etc/rc.shutdown"
	Mount_devfs = true
	Exec_prestart = "logger trying to start "	
	Exec_poststart = "logger jail has started"	
	Exec_prestop = "logger shutting down jail "	
	Exec_poststop = "logger has shut down jail "	
	Exec_consolelog ="/var/tmp/vnet-example"
	Vnet = true
	Vnet_nic = "e0b_loghost"
	Exec_prestart = "/usr/share/examples/jails/jib addm loghost em1"
	Exec_poststop = "/usr/share/examples/jails/jib destroy loghost "
      }
    }
  }
}

Setting resource limits

job "rctl-test" {
  datacenters = ["dc1"]
  type        = "service"

  group "test" {
    restart {
      attempts = 0
      mode     = "fail"
    }

    task "test01" {
      driver = "jail-task-driver"

      config {
        Path    = "/zroot/iocage/jails/myjail/root"
	Persist  = true
	Ip4_addr = "192.168.1.102"
	Rctl =  {
		Vmemoryuse = 1200000
	}
    }
  }
}
}

Demo

Support

It's also possible to support the project on Patreon

References

• Lucas, Michael W. FreeBSD Mastery: Jails (IT Mastery Book 15).
• FreeBSD HandBook
• RCTL(8)

TODO:

• Implement exec interface
• Test All jail options
• Refactor to match parameters as closely as JAIL(8)
• Create jails using docker images