From 946e3ee71b4a2e4ca9e723682b7e55cd2cb3024c Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Sun, 16 May 2021 18:34:38 +0100 Subject: more on the jail stuff --- .../2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html | 12 +++++++----- content/html/gemfeed/atom.xml | 14 ++++++++------ 2 files changed, 15 insertions(+), 11 deletions(-) (limited to 'content/html') diff --git a/content/html/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html b/content/html/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html index b9100ead..5165562f 100644 --- a/content/html/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html +++ b/content/html/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html @@ -83,7 +83,7 @@ zfs::create { 'ztank/foo': filesystem => '/srv/foo', require => File['/srv'], -}¬ +}

Puppet run:

@@ -137,7 +137,7 @@ zsh: exit 1     grep foo

Jails

Here is an example in how a FreeBSD Jail can be created. The Jail will have its own public IPv6 address. And it will have its own internal IPv4 address with IPv4 NAT to the internet (this is due to the limitation that the host server only got one public IPv4 address which requires sharing between all the Jails).

-

Furthermore, Puppet will ensure that the Jail will have its own ZFS file system (internally it is using the ZFS module). Please notice that the NAT requires the packet filter to be setup correctly (not mentioned in this blog post how to do that).

+

Furthermore, Puppet will ensure that the Jail will have its own ZFS file system (internally it is using the ZFS module). Please notice that the NAT requires the packet filter to be setup correctly (not covered in this blog post).

 include jail::freebsd
 
@@ -267,13 +267,13 @@ lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
      nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Inside-Jail Puppet

-

To automatically setup the applications running in the Jail I am using Puppet as well. I wrote a few scripts which bootstrap Puppet inside of a newly created Jail. It is:

+

To automatically setup the applications running in the Jail I am using Puppet as well. I wrote a few scripts which bootstrap Puppet inside of a newly created Jail. It is doing the following:

@@ -410,7 +410,9 @@ Notice: Finished catalog run in 206.09 seconds
 
  • A Jail for the MTA
    • 
 
  • A Jail for the Webserver
    • 
 
  • A Jail for BIND DNS server
    • 
+
  • A Jail for syncing data forth and back between various servers
    • 
 
  • A Jail for other personal (experimental) use
    • 
+
  • ...etc
    • 
 
 
    All done in a pretty automated manor. 
    
 
    E-Mail me your thoughts at comments@mx.buetow.org!
    
diff --git a/content/html/gemfeed/atom.xml b/content/html/gemfeed/atom.xml
index eee2e9ba..d626a57f 100644
--- a/content/html/gemfeed/atom.xml
+++ b/content/html/gemfeed/atom.xml
@@ -1,6 +1,6 @@
 
 
-    2021-05-16T18:29:45+01:00
+    2021-05-16T18:34:25+01:00
     buetow.org feed
     Having fun with computers!
     
@@ -985,7 +985,7 @@ zfs::create { 'ztank/foo':
   filesystem => '/srv/foo',
 
   require => File['/srv'],
-}¬
+}

    Puppet run:

    @@ -1039,7 +1039,7 @@ zsh: exit 1     grep foo

    Jails

    Here is an example in how a FreeBSD Jail can be created. The Jail will have its own public IPv6 address. And it will have its own internal IPv4 address with IPv4 NAT to the internet (this is due to the limitation that the host server only got one public IPv4 address which requires sharing between all the Jails).

    -

    Furthermore, Puppet will ensure that the Jail will have its own ZFS file system (internally it is using the ZFS module). Please notice that the NAT requires the packet filter to be setup correctly (not mentioned in this blog post how to do that).

    +

    Furthermore, Puppet will ensure that the Jail will have its own ZFS file system (internally it is using the ZFS module). Please notice that the NAT requires the packet filter to be setup correctly (not covered in this blog post).

     include jail::freebsd
 
@@ -1169,13 +1169,13 @@ lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
      nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

    Inside-Jail Puppet

    -

    To automatically setup the applications running in the Jail I am using Puppet as well. I wrote a few scripts which bootstrap Puppet inside of a newly created Jail. It is:

    +

    To automatically setup the applications running in the Jail I am using Puppet as well. I wrote a few scripts which bootstrap Puppet inside of a newly created Jail. It is doing the following:

    @@ -1312,7 +1312,9 @@ Notice: Finished catalog run in 206.09 seconds
 
  • A Jail for the MTA
    • 
 
  • A Jail for the Webserver
    • 
 
  • A Jail for BIND DNS server
    • 
+
  • A Jail for syncing data forth and back between various servers
    • 
 
  • A Jail for other personal (experimental) use
    • 
+
  • ...etc
    • 
 
 
    All done in a pretty automated manor. 
    
 
    E-Mail me your thoughts at comments@mx.buetow.org!
    
-- 
cgit v1.2.3