mirror of
https://github.com/TrentSPalmer/trentdocs_website.git
synced 2025-01-14 09:48:22 -08:00
411 lines
14 KiB
HTML
411 lines
14 KiB
HTML
<!DOCTYPE html>
|
|
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
|
|
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
|
|
|
|
<link rel="shortcut icon" href="../img/favicon.ico">
|
|
<title>FreeBSD Jails on FreeNAS - Trent Docs</title>
|
|
<link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
|
|
|
|
<link rel="stylesheet" href="../css/theme.css" type="text/css" />
|
|
<link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
|
|
<link rel="stylesheet" href="../css/highlight.css">
|
|
|
|
<script>
|
|
// Current page data
|
|
var mkdocs_page_name = "FreeBSD Jails on FreeNAS";
|
|
var mkdocs_page_input_path = "freebsd_jails_on_freenas.md";
|
|
var mkdocs_page_url = "/freebsd_jails_on_freenas/";
|
|
</script>
|
|
|
|
<script src="../js/jquery-2.1.1.min.js"></script>
|
|
<script src="../js/modernizr-2.8.3.min.js"></script>
|
|
<script type="text/javascript" src="../js/highlight.pack.js"></script>
|
|
|
|
</head>
|
|
|
|
<body class="wy-body-for-nav" role="document">
|
|
|
|
<div class="wy-grid-for-nav">
|
|
|
|
|
|
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
|
|
<div class="wy-side-nav-search">
|
|
<a href=".." class="icon icon-home"> Trent Docs</a>
|
|
<div role="search">
|
|
<form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
|
|
<input type="text" name="q" placeholder="Search docs" />
|
|
</form>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
|
|
<ul class="current">
|
|
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="..">Home</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../apt_pinning_artful_aardvark_packages_in_xenial_xerus/">Apt Pinning Artful Aardvark Packages in Xenial Xerus</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../lxd_container_foo/">LXD Container Foo</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../how_to_reassign_a_static_ip_address_with_dnsmasq/">How To Reassign A Static Ip Address with dnsmasq</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../nspawn/">Nspawn</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../gentoo_lxd_container/">Gentoo LXD Container</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../mastodon_on_arch/">Mastodon on Arch</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../debian_nspawn_container_on_arch_for_testing_apache_configurations/">Debian Nspawn Container On Arch For Testing Apache Configurations</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1 current">
|
|
|
|
<a class="current" href="./">FreeBSD Jails on FreeNAS</a>
|
|
<ul class="subnav">
|
|
|
|
<li class="toctree-l2"><a href="#freebsd-jails-on-freenas">FreeBSD Jails on FreeNAS</a></li>
|
|
|
|
<ul>
|
|
|
|
<li><a class="toctree-l3" href="#in-the-freenas-webgui-create-a-new-jail">In The FreeNAS WebGui, Create A New Jail</a></li>
|
|
|
|
<li><a class="toctree-l3" href="#byobu">Byobu</a></li>
|
|
|
|
<li><a class="toctree-l3" href="#vim">vim</a></li>
|
|
|
|
<li><a class="toctree-l3" href="#python">python</a></li>
|
|
|
|
<li><a class="toctree-l3" href="#running-gitit-under-the-supervision-of-supervisord">running gitit under the supervision of supervisord</a></li>
|
|
|
|
</ul>
|
|
|
|
|
|
</ul>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../misc_tips_troubleshooting/">Misc Tips, Trouble Shooting</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../self_signed_certs/">Self Signed Certs</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../selfoss_on_centos7/">Selfoss on Centos7</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../stupid_package_manager_tricks/">Stupid Package Manager Tricks</a>
|
|
</li>
|
|
|
|
<li class="toctree-l1">
|
|
|
|
<a class="" href="../stupid_kvm_tricks/">Stupid KVM Tricks</a>
|
|
</li>
|
|
|
|
</ul>
|
|
</div>
|
|
|
|
</nav>
|
|
|
|
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
|
|
|
|
|
|
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
|
|
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
|
|
<a href="..">Trent Docs</a>
|
|
</nav>
|
|
|
|
|
|
<div class="wy-nav-content">
|
|
<div class="rst-content">
|
|
<div role="navigation" aria-label="breadcrumbs navigation">
|
|
<ul class="wy-breadcrumbs">
|
|
<li><a href="..">Docs</a> »</li>
|
|
|
|
|
|
|
|
<li>FreeBSD Jails on FreeNAS</li>
|
|
<li class="wy-breadcrumbs-aside">
|
|
|
|
</li>
|
|
</ul>
|
|
<hr/>
|
|
</div>
|
|
<div role="main">
|
|
<div class="section">
|
|
|
|
<h1 id="freebsd-jails-on-freenas">FreeBSD Jails on FreeNAS</h1>
|
|
<p>Mostly a personal distillation for getting a FreeBSD
|
|
Jail up and running on FreeNAS.</p>
|
|
<h2 id="in-the-freenas-webgui-create-a-new-jail">In The FreeNAS WebGui, Create A New Jail</h2>
|
|
<p>The default networking configuration, will give
|
|
your jail an ip address on the lan. For now, I've
|
|
decided to just share a pkg cache with each jail.
|
|
Navigate to <code>Jails -> Storage -> Add Storage</code> and
|
|
add the <code>pkg</code> storage directory to <code>/var/cache/pkg</code>
|
|
inside the jail. </p>
|
|
<p>For instance, on my local FreeNAS server,
|
|
the pkg directory is at /mnt/VolumeOne/pkg/.</p>
|
|
<p>If you ssh into the host server, you can type the command
|
|
<code>jls</code>, to list the jails. Based on the output of the
|
|
command <code>jls</code>, you can get a shell with <code>jexec <jail number></code>
|
|
of <code>jexec <jail hostname></code>.</p>
|
|
<h3 id="updating">updating</h3>
|
|
<p>How about the command <code>pkg audit -F</code>? Downloads a
|
|
list of known security issues and checks your system
|
|
against that.</p>
|
|
<p>I would recommend, to myself anyway, to shell into
|
|
the new jail with <code>jexec</code>, run <code>pkg upgrade</code> to install any new packages,
|
|
and then from the FreeNAS webgui, restart the jail. Although
|
|
the restarted jail will have a new jail number as reported by
|
|
the <code>jls</code> command.</p>
|
|
<h3 id="locale">locale</h3>
|
|
<p>When you use <code>jexec</code> to get a shell, you get an environment
|
|
with an utf_8 locale. Not so if you ssh into the new jail.
|
|
For this put the following contents into ~/.login_conf</p>
|
|
<pre><code class="conf"># ~/.login_conf
|
|
me:\
|
|
:charset=UTF-8:\
|
|
:lang=en_US.UTF-8:\
|
|
:setenv=LC_COLLATE=C:
|
|
</code></pre>
|
|
|
|
<h3 id="ssh">ssh</h3>
|
|
<p>To get ssh running, edit <code>/etc/rc.conf</code> inside the jail.</p>
|
|
<pre><code class="conf"># /etc/rc.conf
|
|
sshd_enable="YES"
|
|
</code></pre>
|
|
|
|
<p>To start sshd immediately, make any necessary edits to
|
|
/etc/ssh/sshd_config, and run the following command.</p>
|
|
<pre><code class="csh">service sshd start
|
|
</code></pre>
|
|
|
|
<h2 id="byobu">Byobu</h2>
|
|
<p>You'll need newt to configure byobu, and if you don't install tmux
|
|
then screen will become the backend.</p>
|
|
<pre><code class="csh">pkg install byobu tmux newt
|
|
</code></pre>
|
|
|
|
<p>If you execute <code>byobu-config</code>, by pressing <em>f9</em>, the
|
|
following options seem to work. Some options, of course,
|
|
will prevent others from working so you have to enable them
|
|
one at a time to see what happens.</p>
|
|
<ul>
|
|
<li>date</li>
|
|
<li>disk</li>
|
|
<li>distro</li>
|
|
<li>hostname</li>
|
|
<li>ip address</li>
|
|
<li>load_average</li>
|
|
<li>logo</li>
|
|
<li>time</li>
|
|
<li>uptime</li>
|
|
<li>users</li>
|
|
<li>whoami</li>
|
|
</ul>
|
|
<h2 id="vim">vim</h2>
|
|
<p>Via pkg, there are two options: vim and vim-lite. Note vim will pull
|
|
in a whole bunch of gui dependancies, but vim-lite is not build with python.</p>
|
|
<p>For instance, powerline will not work with vim-lite because it's not built with
|
|
python. Also, vim-youcompleteme will not work with vim-lite. However, lightline
|
|
will work with vim-lite, and VimCompletesMe will work with vim-lite.</p>
|
|
<p>To get lightline working update $TERM</p>
|
|
<pre><code class="config"># ~/.config/fish/config.fish
|
|
export TERM=xterm-256color
|
|
</code></pre>
|
|
|
|
<p>And vimrc</p>
|
|
<pre><code class="vim"># ~/.vimrc
|
|
set ls=2
|
|
</code></pre>
|
|
|
|
<p>Another option is to build vim from source via ports. You can prevent vim
|
|
from pulling in a bunch of gui dependancies with the following in /etc/make.conf.</p>
|
|
<pre><code class="conf"># /etc/make.conf
|
|
WITHOUT_X11=yes
|
|
</code></pre>
|
|
|
|
<p>And then when you compile vim from ports, run <code>make config</code> where you can enable
|
|
python.</p>
|
|
<h2 id="python">python</h2>
|
|
<p>For python3 virtualenv</p>
|
|
<pre><code class="csh">virtualenv-3.6 <directory>
|
|
</code></pre>
|
|
|
|
<h2 id="running-gitit-under-the-supervision-of-supervisord">running gitit under the supervision of supervisord</h2>
|
|
<p>py27-supervisor and hs-gitit are available as pkg install, if you want to
|
|
run a gitit wiki.</p>
|
|
<p>gitit doesn't come with an init service. To generate a sample config,
|
|
run <code>gitit --print-default-config > gitit.conf</code>, and then if you want
|
|
you can reference gitit.conf by passing gitit the <em>-f</em> flag.</p>
|
|
<p>So for instance, after you install supervisord, add something like the
|
|
following to the end of <code>/usr/local/etc/supervisord.conf</code>, and create
|
|
the directory <code>/var/log/supervisor/</code>.</p>
|
|
<pre><code class="conf">[program:gitit]
|
|
user=<user>
|
|
directory=/path/to/wikidata/directory/
|
|
command=/usr/local/bin/gitit -f /usr/local/etc/gitit.conf
|
|
stdout_logfile=/var/log/supervisor/%(program_name)s.log
|
|
stderr_logfile=/var/log/supervisor/%(program_name)s.log
|
|
autorestart=true
|
|
</code></pre>
|
|
|
|
<p>supervisord is a service you can enable in
|
|
<code>/etc/rc.conf</code></p>
|
|
<pre><code class="conf"># /etc/rc.conf
|
|
supervisord_enable="YES"
|
|
</code></pre>
|
|
|
|
<p>and then start with <code>service supervisord start</code>
|
|
when you get supervisord running, you can start a
|
|
supervisorctl shell, i.e.</p>
|
|
<pre><code class="sh">supervisorctl
|
|
supervisor> status
|
|
# outputs
|
|
gitit RUNNING pid 98057, uptime 0:32:27
|
|
supervisor> start/restart/stop gitit
|
|
supervisor> exit
|
|
</code></pre>
|
|
|
|
<p>But there is one other little detail, in that when you try to
|
|
run gitit as a daemon like this, on FreeBSD it will fail because it can't
|
|
find git. But the symlink solution is easy enough.</p>
|
|
<pre><code class="csh">ln -s /usr/local/bin/git /usr/bin/
|
|
</code></pre>
|
|
|
|
<p>And you might as well stick a reverse proxy in front of it. Assuming
|
|
you configure gitit listen only on localhost:5001, install nginx.
|
|
<code>pkg install nginx</code></p>
|
|
<p>enable nginx in /etc/rc.conf</p>
|
|
<pre><code class="conf">nginx_enable="YES"
|
|
</code></pre>
|
|
|
|
<p>Then, in the file <code>/usr/local/etc/nginx/nginx.conf</code> change the location "<em>/</em>"
|
|
so that it looks like this.</p>
|
|
<pre><code class="nginx">{
|
|
.....
|
|
location / {
|
|
# root /usr/local/www/nginx;
|
|
# index index.html index.htm;
|
|
proxy_pass http://127.0.0.1:5001;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
....
|
|
}
|
|
</code></pre>
|
|
|
|
<p>and then start nginx <code>service nginx start</code></p>
|
|
|
|
</div>
|
|
</div>
|
|
<footer>
|
|
|
|
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
|
|
|
|
<a href="../arch_redis_nspawn/" class="btn btn-neutral float-right" title="Quick Dirty Redis Nspawn Container on Arch Linux">Next <span class="icon icon-circle-arrow-right"></span></a>
|
|
|
|
|
|
<a href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/" class="btn btn-neutral" title="Dynamic Cacheing Nginx Reverse Proxy For Pacman"><span class="icon icon-circle-arrow-left"></span> Previous</a>
|
|
|
|
</div>
|
|
|
|
|
|
<hr/>
|
|
|
|
<div role="contentinfo">
|
|
<!-- Copyright etc -->
|
|
|
|
</div>
|
|
|
|
Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
|
|
</footer>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
</section>
|
|
|
|
</div>
|
|
|
|
<div class="rst-versions" role="note" style="cursor: pointer">
|
|
<span class="rst-current-version" data-toggle="rst-current-version">
|
|
|
|
|
|
<span><a href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/" style="color: #fcfcfc;">« Previous</a></span>
|
|
|
|
|
|
<span style="margin-left: 15px"><a href="../arch_redis_nspawn/" style="color: #fcfcfc">Next »</a></span>
|
|
|
|
</span>
|
|
</div>
|
|
<script>var base_url = '..';</script>
|
|
<script src="../js/theme.js"></script>
|
|
<script src="../search/require.js"></script>
|
|
<script src="../search/search.js"></script>
|
|
|
|
</body>
|
|
</html>
|