2017-07-15 03:29:38 -07:00
<!DOCTYPE html>
<!-- [if IE 8]><html class="no - js lt - ie9" lang="en" > <![endif] -->
<!-- [if gt IE 8]><! --> < html class = "no-js" lang = "en" > <!-- <![endif] -->
< head >
< meta charset = "utf-8" >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
< link rel = "shortcut icon" href = "../img/favicon.ico" >
< title > FreeBSD Jails on FreeNAS - Trent Docs< / title >
< link href = 'https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel = 'stylesheet' type = 'text/css' >
< link rel = "stylesheet" href = "../css/theme.css" type = "text/css" / >
< link rel = "stylesheet" href = "../css/theme_extra.css" type = "text/css" / >
< link rel = "stylesheet" href = "../css/highlight.css" >
< script >
// Current page data
var mkdocs_page_name = "FreeBSD Jails on FreeNAS";
var mkdocs_page_input_path = "freebsd_jails_on_freenas.md";
var mkdocs_page_url = "/freebsd_jails_on_freenas/";
< / script >
< script src = "../js/jquery-2.1.1.min.js" > < / script >
< script src = "../js/modernizr-2.8.3.min.js" > < / script >
< script type = "text/javascript" src = "../js/highlight.pack.js" > < / script >
< / head >
< body class = "wy-body-for-nav" role = "document" >
< div class = "wy-grid-for-nav" >
< nav data-toggle = "wy-nav-shift" class = "wy-nav-side stickynav" >
< div class = "wy-side-nav-search" >
< a href = ".." class = "icon icon-home" > Trent Docs< / a >
< div role = "search" >
< form id = "rtd-search-form" class = "wy-form" action = "../search.html" method = "get" >
< input type = "text" name = "q" placeholder = "Search docs" / >
< / form >
< / div >
< / div >
< div class = "wy-menu wy-menu-vertical" data-spy = "affix" role = "navigation" aria-label = "main navigation" >
< ul class = "current" >
< li class = "toctree-l1" >
< a class = "" href = ".." > Home< / a >
< / li >
< li class = "toctree-l1" >
2017-07-23 11:49:29 -07:00
< a class = "" href = "../apt_pinning_artful_aardvark_packages_in_xenial_xerus/" > Apt Pinning Artful Aardvark Packages in Xenial Xerus< / a >
< / li >
< li class = "toctree-l1" >
2017-07-21 07:04:12 -07:00
< a class = "" href = "../lxd_container_home_server_networking_for_dummies/" > LXD Container Home Server Networking For Dummies< / a >
< / li >
< li class = "toctree-l1" >
2017-07-22 11:21:17 -07:00
< a class = "" href = "../how_to_reassign_a_static_ip_address_with_dnsmasq/" > How To Reassign A Static Ip Address with dnsmasq< / a >
< / li >
< li class = "toctree-l1" >
2017-07-15 03:29:38 -07:00
< a class = "" href = "../serve_and_share_apps_from_your_phone_with_fdroid/" > Serve And Share Apps From Your Phone With Fdroid< / a >
< / li >
< li class = "toctree-l1" >
< a class = "" href = "../nspawn/" > Nspawn< / a >
< / li >
< li class = "toctree-l1" >
< a class = "" href = "../mastodon_on_arch/" > Mastodon on Arch< / a >
< / li >
< li class = "toctree-l1" >
< a class = "" href = "../debian_nspawn_container_on_arch_for_testing_apache_configurations/" > Debian Nspawn Container On Arch For Testing Apache Configurations< / a >
< / li >
< li class = "toctree-l1" >
< a class = "" href = "../dynamic_cacheing_nginx_reverse_proxy_for_pacman/" > Dynamic Cacheing Nginx Reverse Proxy For Pacman< / a >
< / li >
< li class = "toctree-l1 current" >
< a class = "current" href = "./" > FreeBSD Jails on FreeNAS< / a >
< ul class = "subnav" >
< li class = "toctree-l2" > < a href = "#freebsd-jails-on-freenas" > FreeBSD Jails on FreeNAS< / a > < / li >
< ul >
< li > < a class = "toctree-l3" href = "#in-the-freenas-webgui-create-a-new-jail" > In The FreeNAS WebGui, Create A New Jail< / a > < / li >
< li > < a class = "toctree-l3" href = "#byobu" > Byobu< / a > < / li >
< li > < a class = "toctree-l3" href = "#vim" > vim< / a > < / li >
< li > < a class = "toctree-l3" href = "#python" > python< / a > < / li >
2017-07-16 04:50:39 -07:00
< li > < a class = "toctree-l3" href = "#running-gitit-under-the-supervision-of-supervisord" > running gitit under the supervision of supervisord< / a > < / li >
2017-07-15 03:29:38 -07:00
< / ul >
< / ul >
< / li >
< li class = "toctree-l1" >
< a class = "" href = "../arch_redis_nspawn/" > Quick Dirty Redis Nspawn Container on Arch Linux< / a >
< / li >
< li class = "toctree-l1" >
< a class = "" href = "../arch_postgresql_nspawn/" > Quick Dirty Postgresql Nspawn Container on Arch Linux< / a >
< / li >
< li class = "toctree-l1" >
< a class = "" href = "../self_signed_certs/" > Self Signed Certs< / a >
< / li >
< / ul >
< / div >
< / nav >
< section data-toggle = "wy-nav-shift" class = "wy-nav-content-wrap" >
< nav class = "wy-nav-top" role = "navigation" aria-label = "top navigation" >
< i data-toggle = "wy-nav-top" class = "fa fa-bars" > < / i >
< a href = ".." > Trent Docs< / a >
< / nav >
< div class = "wy-nav-content" >
< div class = "rst-content" >
< div role = "navigation" aria-label = "breadcrumbs navigation" >
< ul class = "wy-breadcrumbs" >
< li > < a href = ".." > Docs< / a > » < / li >
< li > FreeBSD Jails on FreeNAS< / li >
< li class = "wy-breadcrumbs-aside" >
< / li >
< / ul >
< hr / >
< / div >
< div role = "main" >
< div class = "section" >
< h1 id = "freebsd-jails-on-freenas" > FreeBSD Jails on FreeNAS< / h1 >
< p > Mostly a personal distillation for getting a FreeBSD
Jail up and running on FreeNAS.< / p >
< h2 id = "in-the-freenas-webgui-create-a-new-jail" > In The FreeNAS WebGui, Create A New Jail< / h2 >
< p > The default networking configuration, will give
your jail an ip address on the lan. For now, I've
decided to just share a pkg cache with each jail.
Navigate to < code > Jails -> Storage -> Add Storage< / code > and
add the < code > pkg< / code > storage directory to < code > /var/cache/pkg< / code >
inside the jail. < / p >
< p > For instance, on my local FreeNAS server,
the pkg directory is at /mnt/VolumeOne/pkg/.< / p >
< p > If you ssh into the host server, you can type the command
< code > jls< / code > , to list the jails. Based on the output of the
command < code > jls< / code > , you can get a shell with < code > jexec < jail number> < / code >
of < code > jexec < jail hostname> < / code > .< / p >
< h3 id = "updating" > updating< / h3 >
< p > How about the command < code > pkg audit -F< / code > ? Downloads a
list of known security issues and checks your system
against that.< / p >
< p > I would recommend, to myself anyway, to shell into
the new jail with < code > jexec< / code > , run < code > pkg upgrade< / code > to install any new packages,
and then from the FreeNAS webgui, restart the jail. Although
the restarted jail will have a new jail number as reported by
the < code > jls< / code > command.< / p >
< h3 id = "locale" > locale< / h3 >
< p > When you use < code > jexec< / code > to get a shell, you get an environment
with an utf_8 locale. Not so if you ssh into the new jail.
For this put the following contents into ~/.login_conf< / p >
< pre > < code class = "conf" > # ~/.login_conf
me:\
:charset=UTF-8:\
:lang=en_US.UTF-8:\
:setenv=LC_COLLATE=C:
< / code > < / pre >
< h3 id = "ssh" > ssh< / h3 >
< p > To get ssh running, edit < code > /etc/rc.conf< / code > inside the jail.< / p >
< pre > < code class = "conf" > # /etc/rc.conf
sshd_enable=" YES"
< / code > < / pre >
< p > To start sshd immediately, make any necessary edits to
/etc/ssh/sshd_config, and run the following command.< / p >
< pre > < code class = "csh" > service sshd start
< / code > < / pre >
< h2 id = "byobu" > Byobu< / h2 >
< p > You'll need newt to configure byobu, and if you don't install tmux
then screen will become the backend.< / p >
< pre > < code class = "csh" > pkg install byobu tmux newt
< / code > < / pre >
< p > If you execute < code > byobu-config< / code > , by pressing < em > f9< / em > , the
following options seem to work. Some options, of course,
will prevent others from working so you have to enable them
one at a time to see what happens.< / p >
< ul >
< li > date< / li >
< li > disk< / li >
< li > distro< / li >
< li > hostname< / li >
< li > ip address< / li >
< li > load_average< / li >
< li > logo< / li >
< li > time< / li >
< li > uptime< / li >
< li > users< / li >
< li > whoami< / li >
< / ul >
< h2 id = "vim" > vim< / h2 >
< p > Via pkg, there are two options: vim and vim-lite. Note vim will pull
in a whole bunch of gui dependancies, but vim-lite is not build with python.< / p >
< p > For instance, powerline will not work with vim-lite because it's not built with
python. Also, vim-youcompleteme will not work with vim-lite. However, lightline
will work with vim-lite, and VimCompletesMe will work with vim-lite.< / p >
< p > To get lightline working update $TERM< / p >
< pre > < code class = "config" > # ~/.config/fish/config.fish
export TERM=xterm-256color
< / code > < / pre >
< p > And vimrc< / p >
< pre > < code class = "vim" > # ~/.vimrc
set ls=2
< / code > < / pre >
< p > Another option is to build vim from source via ports. You can prevent vim
from pulling in a bunch of gui dependancies with the following in /etc/make.conf.< / p >
< pre > < code class = "conf" > # /etc/make.conf
WITHOUT_X11=yes
< / code > < / pre >
< p > And then when you compile vim from ports, run < code > make config< / code > where you can enable
python.< / p >
< h2 id = "python" > python< / h2 >
< p > For python3 virtualenv< / p >
< pre > < code class = "csh" > virtualenv-3.6 < directory>
2017-07-16 04:50:39 -07:00
< / code > < / pre >
< h2 id = "running-gitit-under-the-supervision-of-supervisord" > running gitit under the supervision of supervisord< / h2 >
< p > py27-supervisor and hs-gitit are available as pkg install, if you want to
run a gitit wiki.< / p >
< p > gitit doesn't come with an init service. To generate a sample config,
run < code > gitit --print-default-config > gitit.conf< / code > , and then if you want
you can reference gitit.conf by passing gitit the < em > -f< / em > flag.< / p >
< p > So for instance, after you install supervisord, add something like the
following to the end of < code > /usr/local/etc/supervisord.conf< / code > , and create
the directory < code > /var/log/supervisor/< / code > .< / p >
< pre > < code class = "conf" > [program:gitit]
user=< user>
directory=/path/to/wikidata/directory/
command=/usr/local/bin/gitit -f /usr/local/etc/gitit.conf
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true
< / code > < / pre >
< p > supervisord is a service you can enable in
< code > /etc/rc.conf< / code > < / p >
< pre > < code class = "conf" > # /etc/rc.conf
supervisord_enable=" YES"
< / code > < / pre >
< p > and then start with < code > service supervisord start< / code >
when you get supervisord running, you can start a
supervisorctl shell, i.e.< / p >
< pre > < code class = "sh" > supervisorctl
supervisor> status
# outputs
gitit RUNNING pid 98057, uptime 0:32:27
supervisor> start/restart/stop gitit
supervisor> exit
< / code > < / pre >
< p > But there is one other little detail, in that when you try to
run gitit as a daemon like this, on FreeBSD it will fail because it can't
find git. But the symlink solution is easy enough.< / p >
< pre > < code class = "csh" > ln -s /usr/local/bin/git /usr/bin/
2017-07-15 03:29:38 -07:00
< / code > < / pre >
2017-07-17 03:26:40 -07:00
< p > And you might as well stick a reverse proxy in front of it. Assuming
you configure gitit listen only on localhost:5001, install nginx.
< code > pkg install nginx< / code > < / p >
< p > enable nginx in /etc/rc.conf< / p >
< pre > < code class = "conf" > nginx_enable=" YES"
< / code > < / pre >
< p > Then, in the file < code > /usr/local/etc/nginx/nginx.conf< / code > change the location "< em > /< / em > "
so that it looks like this.< / p >
< pre > < code class = "nginx" > {
.....
location / {
# root /usr/local/www/nginx;
# index index.html index.htm;
proxy_pass http://127.0.0.1:5001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
....
}
< / code > < / pre >
< p > and then start nginx < code > service nginx start< / code > < / p >
2017-07-15 03:29:38 -07:00
< / div >
< / div >
< footer >
< div class = "rst-footer-buttons" role = "navigation" aria-label = "footer navigation" >
< a href = "../arch_redis_nspawn/" class = "btn btn-neutral float-right" title = "Quick Dirty Redis Nspawn Container on Arch Linux" > Next < span class = "icon icon-circle-arrow-right" > < / span > < / a >
< a href = "../dynamic_cacheing_nginx_reverse_proxy_for_pacman/" class = "btn btn-neutral" title = "Dynamic Cacheing Nginx Reverse Proxy For Pacman" > < span class = "icon icon-circle-arrow-left" > < / span > Previous< / a >
< / div >
< hr / >
< div role = "contentinfo" >
<!-- Copyright etc -->
< / div >
Built with < a href = "http://www.mkdocs.org" > MkDocs< / a > using a < a href = "https://github.com/snide/sphinx_rtd_theme" > theme< / a > provided by < a href = "https://readthedocs.org" > Read the Docs< / a > .
< / footer >
< / div >
< / div >
< / section >
< / div >
< div class = "rst-versions" role = "note" style = "cursor: pointer" >
< span class = "rst-current-version" data-toggle = "rst-current-version" >
< span > < a href = "../dynamic_cacheing_nginx_reverse_proxy_for_pacman/" style = "color: #fcfcfc;" > « Previous< / a > < / span >
< span style = "margin-left: 15px" > < a href = "../arch_redis_nspawn/" style = "color: #fcfcfc" > Next » < / a > < / span >
< / span >
< / div >
< script src = "../js/theme.js" > < / script >
< / body >
< / html >