vimage for jails

B

bsus

Hello,

I found this tutorial about setting up vimage network for jails.

I added the vimage options to my kernel config:
Code: 
# cat /root/kernels/CONFIG_S
include GENERIC

ident CONFIG_S

# GENERAL
nooptions 	SCTP
nooptions 	FFS
nooptions 	SOFTUPDATES
nooptions 	UFS_ACL
nooptions 	UFS_DIRHASH
nooptions 	UFS_GJOURNAL
nooptions	NFS_ROOT
#noptions	MSDOSFS
nooptions	CD9660
nooptions 	PROCFS
nooptions 	PSEUDOFS
nooptions       COMPAT_FREEBSD32
nooptions	COMPAT_FREEBSD4
nooptions	COMPAT_FREEBSD5
nooptions	COMPAT_FREEBSD6
nooptions	COMPAT_FREEBSD7
nooptions       KDTRACE_FRAME
nooptions	KDTRACE_HOOKS
options		VIMAGE

#...

I am not sure if VIMAGE now is really enabled than the vimage command is not available and making it fails:
Code: 
# cd /usr/src/tools/tools/vimage
# make install
install -s -o root -g wheel -m 555   vimage /usr/sbin
install: vimage: No such file or directory
*** Error code 71

Stop in /usr/src/tools/tools/vimage.
#


However I progressed in the how to and now fail at creating a internal network
Code: 
# ifconfig bridge create
bridge0
# ifconfig epair create
epair0a
# ifconfig epair create
epair1a
# ifconfig epair create
epair2a
# ifconfig epair create
epair3a
# ifconfig bridge0 addm em0 addm epair0a addm epair1a addm epair2a addm epair3a
# ifconfig bridge0 10.1.0.1
# ifconfig epair0a 10.0.0.1
# ifconfig epair1a 10.0.0.2
# ifconfig epair2a 10.0.0.3
# ifconfig epair3a 10.0.0.4
# ifconfig epair0b vnet 1
ifconfig: SIOCSIFVNET: Device not configured
#


Any suggestions where the error could be?

Regards
 
Did you actually build and install the new kernel?
Click to expand...

Yes, there was no error neither while building nor installing # cd /usr/src && make buildkernel KERNCONF=CONFIG_S && make installkernel KERNCONF=CONFIG_S && reboot.

Could this be related to the config type (the including)?
 
How can I check if vimage is enabled?

Now it is logical why I can't assign following:
# ifconfig epair0b vnet 1
this requires vnet to be set.
In the tutorial this happens with:
# jail -c vnet host.hostname=one.domain.tld path=/usr/jail/dir/one persist

How does this work under ezjail or am I totaly on the wrong way?

I found a helpful thread about ezjail and vimage:
http://forums.freebsd.org/showthread.php?t=9006

Are some required informations missing?
 
Unfortunately VIMAGE is seriously lacking documentation. Besides a few half-baked examples there isn't much to find about it :(
 
Yes, this truly is a problem.

I have written a message to two who already managed to bring this up. I also will write a small howto if I succeed.

The main issue seems to be the jail parameters which have to get set when starting the jail the rest would only be some ifconfig binding the epair to the bridge as to see in this post: http://forums.freebsd.org/showpost.php?p=113223&postcount=18
 
Code: 
# ifconfig epair0b vnet 1
ifconfig: SIOCSIFVNET: Device not configured
#

Did you actually start a jail? What is the output of the jls command?
 
If you like you could try the DruidBSD's vimage script at http://druidbsd.sourceforge.net/vimage.shtml. It uses netgraph instead of epair, but the result is similar, and it works fine.

ezjail does not support vimage AFAIK, you need to bake your own script or google for jailv2 [http://wiki.polymorf.fr/index.php?title=Howto:FreeBSD_jail_vnet]. The tutorial recommends to add PF to the kernel, that panics for me so I vote against it, but you might have better luck. Personally I think the jail_v2 stuff is too rough still, I rewrote that jail script to work better for me with just two epairs per jail - the configuation is simpler. (http://people.freebsd.org/~girgen/jail]). I don't use it in production yet so use it at your own risk. You also need to make install DESTDIR=... and make distribution DESTDIR=... yourself, it won't help you with that. (I use zfs snapshot + zfs clone for that)

The config for my jail script would be much simpler than the v2 stuff, albeit the v2 stuff is more flexible.

Code: 
jail_enable="YES"
jail_set_hostname_allow="YES"
jail_socket_unixiproute_only="NO"
jail_sysvipc_allow="YES"
jail_mount_enable="YES"
#jail_exec_start="/bin/sh /etc/rc"
jail_devfs_enable="YES"
jail_v2_enable="YES"
jail_vnet_enable="YES"
jail_procfs_enable="YES"
jail_fdescfs_enable="YES"

jail_list="palle palle2"

jail_palle_hostname="palle.example.com"
jail_palle_ip="bridge0|10.0.0.155/16,bridge1|192.168.1.155/24"
jail_palle_rootdir="/tank/master"

jail_palle2_hostname="palle2.example.com"
jail_palle2_ip="bridge0|10.0.0.156/16,bridge1|192.168.1.156/24"
jail_palle2_rootdir="/tank/masterpp"
 
You must log in or register to reply here.
Back
Top