Skip to content

Instantly share code, notes, and snippets.

@pwood

pwood/gist:336857

Created March 18, 2010 20:34
Show Gist options
  • Save pwood/336857 to your computer and use it in GitHub Desktop.
Save pwood/336857 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
Create New Base
---------------
* Create a new directory for base files:
mkdir /usr/data/jails/bases/YYYYMMDD
* In /usr/src:
make installworld DESTDIR=/usr/data/jails/bases/YYYYMMDD
mergemaster -D /usr/data/jails/bases/YYYYMMDD -i
* Copy resolv.conf and rc.conf template:
cp /etc/resolv.conf /usr/data/jails/bases/YYYYMMDD/etc
cp /usr/data/jails/templates/rc.conf /usr/data/jails/bases/YYYYMMDD/etc
cp /usr/data/jails/templates/syslog.conf /usr/data/jails/bases/YYYYMMDD/etc
* Clear MOTD and passwd crud:
cat /dev/null > /usr/data/jails/bases/YYYYMMDD/etc/motd
vipw -d /usr/data/jails/bases/YYYYMMDD/etc/
Create New Ports
----------------
* Create a new directory for port files:
mkdir /usr/data/jails/ports/YYYYMMDD
* Fetch new port tree:
portsnap fetch
* Extract new port tree:
portsnap extract -p /usr/data/jails/ports/YYYYMMDD
Create New Host
---------------
* Create new directory for shadow files:
mkdir -p /usr/data/jails/hosts/FQDN/usr/ports
* Add lines to /etc/fstab:
# Base Directory Host Directory FStype Mount Options Dump Pass
/usr/data/jails/bases/YYYMMMDD /usr/data/jails/hosts/FQDN unionfs rw,noatime,below 0 0
/usr/data/jails/ports/YYYMMMDD /usr/data/jails/hosts/FQDN/usr/ports unionfs rw,noatime,below 0 0
* Add IP alias lines to /etc/rc.conf:
ifconfig_em0_aliasX="AAA.BBB.CCC.DDD netmask 255.255.255.255"
* Add jail lines to /etc/rc.conf:
* Add host to jail_list, using FQDN with _ instead of .
jail_list="FQDN"
* Add hosts jail lines, using FQDN with _ instead of .
jail_FQDN_hostname="FQDN"
jail_FQDN_ip="AAA.BBB.CCC.DDD"
jail_FQDN_rootdir="/usr/data/jails/hosts/FQDN"
jail_FQDN_devfs_enable="YES"
* Add appropriate pf pass commands.
Configuring New Hosts
---------------------
* If host has no need for SSH, i.e. all access via jexec, then only set root password.
* Some hosts may require access to shared which will require nullfs.
/usr/data/shared/RESOURCE /usr/data/jails/hosts/FQDN/usr/data/shared/RESOURCE nullfs rw 0 0
Alastria Service Domains
------------------------
{alpha,beta,gamma,delta}.web.man.uk.alastria.net
{psi,omega}.mail.man.uk.alastria.net
{tau,upsilon}.mysql.man.uk.alastria.lan
{epsilon,zeta}.shell.man.uk.alastria.net
{iota,kappa}.nat.man.uk.alastria.net
{omicron,pi}.dns.man.uk.alastria.net
{rho,sigma}.nis.man.uk.alastria.lan
{nu,xi}.nfs.man.uk.alastria.lan
{lambda,mu}.admin.man.uk.alastria.net
eta,theta,,phi,chi,,
Required Jails
--------------
tau.mysql.man.uk.alastria.lan
alpha.web.man.uk.alastria.net
omega.mail.man.uk.alastria.net
epsilon.shell.man.uk.alastria.net
omicron.dns.man.uk.alastria.net
lambda.admin.man.uk.alastria.net
jabber.alastria.net
midnightsyndicate.eu
Midnight Syndicate Example Jail Lines
-------------------------------------
# Base Directory Host Directory FStype Mount Options Dump Pass
#/usr/data/jails/bases/20100318 /usr/data/jails/hosts/midnightsyndicate.eu unionfs rw,noatime,below 0 0
#/usr/data/jails/ports/20100318 /usr/data/jails/hosts/midnightsyndicate.eu/usr/ports unionfs rw,noatime,below 0 0
#jail_midnightsyndicate_eu_hostname="midnightsyndicate.eu"
#jail_midnightsyndicate_eu_ip="88.96.139.37"
#jail_midnightsyndicate_eu_rootdir="/usr/data/jails/hosts/midnightsyndicate.eu"
#jail_midnightsyndicate_eu_devfs_enable="YES"
#pass in on $external proto tcp from any to $midnightsyndicate_eu port ssh keep state
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment