[RESOLVED] ezjail question

fred974

fred974

Hi guys,

I have a file created at /etc/jails.conf with
Code: 
webjail {
   path = /local/jails/webjail;
   mount.devfs;
   devfs_ruleset = 4;
   host.hostname = webjail.mydomain.lan;
   ip4.addr = 192.168.0.115;
   exec.start = "/bin/sh /etc/rc";
   exec.stop = "/bin/sh /etc/rc.shutdown";
}
Could anyone tell me why I still get the following message in the /var/log/messages ?
Code: 
 /etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables  is obsolete.  Please consider to migrate to /etc/jail.conf.
Do I need to move everything from /usr/local/etc/ezjail/webjail to /etc/jails.conf and delete /usr/local/etc/ezjail/webjail ?

Thank you
 
Re: ezjail question

Show your ezjail.conf. I think that might be possibility that ezjail doesn't read from jails.conf. Under FreeBSD 10.0 I had similar problem. ezjail was reading options from rc.conf and /etc/jail.conf I had empty, jail worked. What version FreeBSD do you use? I guess 10?
 
Re: ezjail question

Hi @bryn1u
I'm using FreeBSD 10 as you guessed
/usr/local/etc/ezjail.conf
Code: 
ezjail_jaildir=/local/jails
ezjail_ftphost=ftp.freebsd.org
ezjail_use_zfs="YES"
ezjail_jailzfs="zroot/jails"
/etc/rc.conf
Code: 
### General Settings ###
zfs_enable="YES"
keymap="uk.iso"
sshd_enable="YES"
syslogd_enable="YES"
syslogd_flags="-ss"
moused_enable="NO"
dumpdev="NO"
rpc_bind_enable="NO"
ezjail_enable="YES"
inetd_enable="NO" # Make host jail-friendly
openntpd_enable="Yes" # Synchronize The Local Clock
openntpd_flags="-s"

### FIREWALL - Packet filter configuration ###
pf_enable="YES"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pf_rules="/etc/pf.conf"

### fail2ban intrusion prevention framework ###
fail2ban_enable="YES"

### Disable Sendmail MTA
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

### Enable Postfix MTA ###
postfix_enable="YES"

### external network configuration ###
hostname="kryten.mydomain.lan"
#ifconfig_bge0="dhcp"
ifconfig_bge0="inet 192.168.0.198 netmask 255.255.255.0"
defaultrouter="192.168.0.1"

### internal network configuration Jail interface aliases ###
ifconfig_bge0_alias0="inet 192.168.0.115 netmask 255.255.255.0" # webjail
ifconfig_bge0_alias1="inet 192.168.0.120 netmask 255.255.255.0" # sqljail
ifconfig_bge0_alias2="inet 192.168.0.125 netmask 255.255.255.0" # mailjail

### Enable Zabbix
zabbix_server_enable="YES"
zabbix_agentd_enable="YES"

### Enable Unbound DNS
local_unbound_enable="YES"
Thank you
 
Last edited by a moderator:
Re: ezjail question

Is this is only what you have in ezjail.conf? Are you sure that is enough to well working ezjail? If you have subscribed to jail.conf try using:
Code: 
 bsdinstall jail /path/to/jail
Then add to rc.conf
Code: 
jail_enable="YES"
And then use command jail -c webjail

Jail should start. Check with jls command.
 
Re: ezjail question

All the files in /usr/local/etc/ezjail are still the old rc.conf style of starting jails. Until ezjail plays catch up with the new jail.conf way of doing things, you'll get that warning. Don't worry about it too much. There is a compatibility layer that is converting the configuration for you when the jails are started. The converted files end up in /var/run/jail_<jail_name>.
 
Re: ezjail question

bryn1u said:
If you have subscribred to jail.conf trzy use:
Code: 
 bsdinstall jail /path/to/jail
then add to rc.conf jail_enable="YES" and then use command
Code: 
jail -c webjail
. Jail should start. Check with jls command.
Click to expand...
Sorry, not sure what you mean here.
do you mean add
Code: 
 bsdinstall jail /path/to/jail
to /ezjail.conf ?

The lines above is all that I have in my ezjail.conf.. the jails seem to be working but them again I am not that experience to knpw for sure..
What do you have in yours? So I can have an idea..
 
Re: ezjail question

I don't use ezjail but config should looks like below:
Code: 
 ezjail.conf - Example file, see ezjail.conf(5)
#
# Note: If you alter some of those variables AFTER creating your first
# jail, you may have to adapt /etc/fstab.* and EZJAIL_PREFIX/etc/ezjail/* by
# hand

# Location of jail root directories
#
# Note: If you have spread your jails to multiple locations, use softlinks
# to collect them in this directory
# ezjail_jaildir=/usr/jails

# Location of the tiny skeleton jail template
# ezjail_jailtemplate=${ezjail_jaildir}/newjail

# Location of the huge base jail
# ezjail_jailbase=${ezjail_jaildir}/basejail

# Location of your copy of FreeBSD's source tree
# ezjail_sourcetree=/usr/src

# This is where the install sub command defaults to fetch its packages from
# ezjail_ftphost=ftp.freebsd.org

# This is the command that is being executed by the console subcommand
# ezjail_default_execute="/usr/bin/login -f root"

# This is the flavour used by default when setting up a new jail
# ezjail_default_flavour=""

# This is the default location where ezjail archives its jails to
# ezjail_archivedir="${ezjail_jaildir}/ezjail_archives"

# base jail will provide a soft link from /usr/bin/perl to /usr/local/bin/perl
# to accomodate all scripts using '#!/usr/bin/perl'...
# ezjail_uglyperlhack="YES"

# Default options for newly created jails
# Note: Be VERY careful about disabling ezjail_mount_enable. Mounting
# basejail via nullfs depends on this. You will have to find other
# ways to provide your jail with essential system files
# ezjail_mount_enable="YES"
# ezjail_devfs_enable="YES"
# ezjail_devfs_ruleset="devfsrules_jail"
# ezjail_procfs_enable="YES"
# ezjail_fdescfs_enable="YES"

# ZFS options

# Setting this to YES will start to manage the basejail and newjail in ZFS
# ezjail_use_zfs="YES"

# Setting this to YES will manage ALL new jails in their own zfs
# ezjail_use_zfs_for_jails="YES"

# The name of the ZFS ezjail should create jails on, it will be mounted at the ezjail_jaildir

# ezjail_jailzfs="tank/ezjail"
# ADVANCED, be very careful!
# ezjail_zfs_properties="-o compression=lzjb -o atime=off"
# ezjail_zfs_jail_properties="-o dedup=on"

I show you example on my jail:
Code: 
bsdinstall jail /jails/Oksymoron
Command above will install jail in /jails/Oksymoron
Code: 
root@ks3360102:/usr/local/etc # cat /etc/jail.conf
Oksymoron {
        path = /jails/Oksymoron;
        mount.devfs;
        #allow.mount;
        #mount;
        host.hostname = Oksymoron.edu.pl;
        ip4.addr = 192.168.0.1;
        interface = lo1;
        exec.start = "/bin/sh /etc/rc";
        exec.stop = "/bin/sh /etc/rc.shutdown";
        
}
Command below will create and run jail
Code: 
jail -c Oksymoron

Now check using
Code: 
jls

Do you get it ?
 
You must log in or register to reply here.
Back
Top