Discussion:
Configure jail in /etc/jail.my-jail-name.conf while allowing auto-start with "service jail start"
Andreas Sommer via freebsd-jail
2018-05-15 11:17:18 UTC
Permalink
Hi all,

as I can see, this combination simply isn't part of /etc/rc.d/jail and jail(8).
In fact, jail(8) always only reads one config file (`-f` parameter, default
/etc/jail.conf).

This also relates to why ezjail was still not ported to use jail.conf [0][1].

It would be a great fit to automated configuration management (e.g. via Ansible
or pkg POST-INSTALL scripts) because it allows overwriting complete files
instead of having to edit the global jail.conf to make changes.
# service jail onestart
Starting jails:.
(nothing started because jail not recognized as configured)

Jail configured in /etc/jail.my-jail-name.conf and "mentioned" as
# service jail onestart
Starting jails:jail: my-jail-name: new jail must persist or attach
(this means only /etc/jail.conf was parsed)

Any way to achieve this? I assume the answer is no, so here's a suggestion:
what about having jail(8) read/merge configuration from another file?
# cat /etc/jail.conf
my-jail-name { config = "/etc/jail.my-jail-name.conf"; }
# cat /etc/jail.my-jail-name.conf
my-jail-name { ...config goes here... }
Thanks,
Andreas

[0] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218849
[1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218849#c13 (ezjail maintainer comment)
Andreas Nilsson
2018-05-15 11:30:31 UTC
Permalink
On Tue, May 15, 2018 at 1:17 PM, Andreas Sommer via freebsd-jail <
Post by Andreas Sommer via freebsd-jail
Hi all,
as I can see, this combination simply isn't part of /etc/rc.d/jail and jail(8).
In fact, jail(8) always only reads one config file (`-f` parameter, default
/etc/jail.conf).
This also relates to why ezjail was still not ported to use jail.conf [0][1].
It would be a great fit to automated configuration management (e.g. via Ansible
or pkg POST-INSTALL scripts) because it allows overwriting complete files
instead of having to edit the global jail.conf to make changes.
# service jail onestart
Starting jails:.
(nothing started because jail not recognized as configured)
Jail configured in /etc/jail.my-jail-name.conf and "mentioned" as
# service jail onestart
Starting jails:jail: my-jail-name: new jail must persist or attach
(this means only /etc/jail.conf was parsed)
what about having jail(8) read/merge configuration from another file?
# cat /etc/jail.conf
my-jail-name { config = "/etc/jail.my-jail-name.conf"; }
# cat /etc/jail.my-jail-name.conf
my-jail-name { ...config goes here... }
Thanks,
Andreas
Hello Andreas,

at least on -CURRENT the files are read as long as the jail names are in
jail_list in rc.conf.

It is though somewhat frustrating that you do not get defaults set in
jail.conf, so you need to specify stuff like persist in jail.$name.conf

Best regards
Andreas

Loading...