trentdocs_website/docs/freebsd_jails_on_freenas.md

5.1 KiB

FreeBSD Jails on FreeNAS

Mostly a personal distillation for getting a FreeBSD Jail up and running on FreeNAS.

In The FreeNAS WebGui, Create A New Jail

The default networking configuration, will give your jail an ip address on the lan. For now, I've decided to just share a pkg cache with each jail. Navigate to Jails -> Storage -> Add Storage and add the pkg storage directory to /var/cache/pkg inside the jail.

For instance, on my local FreeNAS server, the pkg directory is at /mnt/VolumeOne/pkg/.

If you ssh into the host server, you can type the command jls, to list the jails. Based on the output of the command jls, you can get a shell with jexec <jail number> of jexec <jail hostname>.

updating

How about the command pkg audit -F? Downloads a list of known security issues and checks your system against that.

I would recommend, to myself anyway, to shell into the new jail with jexec, run pkg upgrade to install any new packages, and then from the FreeNAS webgui, restart the jail. Although the restarted jail will have a new jail number as reported by the jls command.

locale

When you use jexec to get a shell, you get an environment with an utf_8 locale. Not so if you ssh into the new jail. For this put the following contents into ~/.login_conf

# ~/.login_conf
me:\
        :charset=UTF-8:\
        :lang=en_US.UTF-8:\
        :setenv=LC_COLLATE=C:

ssh

To get ssh running, edit /etc/rc.conf inside the jail.

# /etc/rc.conf
sshd_enable="YES"

To start sshd immediately, make any necessary edits to /etc/ssh/sshd_config, and run the following command.

service sshd start

Byobu

You'll need newt to configure byobu, and if you don't install tmux then screen will become the backend.

pkg install byobu tmux newt

If you execute byobu-config, by pressing f9, the following options seem to work. Some options, of course, will prevent others from working so you have to enable them one at a time to see what happens.

  • date
  • disk
  • distro
  • hostname
  • ip address
  • load_average
  • logo
  • time
  • uptime
  • users
  • whoami

vim

Via pkg, there are two options: vim and vim-lite. Note vim will pull in a whole bunch of gui dependancies, but vim-lite is not build with python.

For instance, powerline will not work with vim-lite because it's not built with python. Also, vim-youcompleteme will not work with vim-lite. However, lightline will work with vim-lite, and VimCompletesMe will work with vim-lite.

To get lightline working update $TERM

# ~/.config/fish/config.fish
export TERM=xterm-256color

And vimrc

# ~/.vimrc
set ls=2

Another option is to build vim from source via ports. You can prevent vim from pulling in a bunch of gui dependancies with the following in /etc/make.conf.

# /etc/make.conf
WITHOUT_X11=yes

And then when you compile vim from ports, run make config where you can enable python.

python

For python3 virtualenv

virtualenv-3.6 <directory>

running gitit under the supervision of supervisord

py27-supervisor and hs-gitit are available as pkg install, if you want to run a gitit wiki.

gitit doesn't come with an init service. To generate a sample config, run gitit --print-default-config > gitit.conf, and then if you want you can reference gitit.conf by passing gitit the -f flag.

So for instance, after you install supervisord, add something like the following to the end of /usr/local/etc/supervisord.conf, and create the directory /var/log/supervisor/.

[program:gitit]
user=<user>
directory=/path/to/wikidata/directory/
command=/usr/local/bin/gitit -f /usr/local/etc/gitit.conf
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true

supervisord is a service you can enable in /etc/rc.conf

# /etc/rc.conf
supervisord_enable="YES"

and then start with service supervisord start when you get supervisord running, you can start a supervisorctl shell, i.e.

supervisorctl
supervisor> status
# outputs
gitit                            RUNNING   pid 98057, uptime 0:32:27
supervisor> start/restart/stop gitit
supervisor> exit

But there is one other little detail, in that when you try to run gitit as a daemon like this, on FreeBSD it will fail because it can't find git. But the symlink solution is easy enough.

ln -s /usr/local/bin/git /usr/bin/

And you might as well stick a reverse proxy in front of it. Assuming you configure gitit listen only on localhost:5001, install nginx. pkg install nginx

enable nginx in /etc/rc.conf

nginx_enable="YES"

Then, in the file /usr/local/etc/nginx/nginx.conf change the location "/" so that it looks like this.

{
.....
        location / {
            # root   /usr/local/www/nginx;
            # index  index.html index.htm;
                proxy_pass http://127.0.0.1:5001;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
....
}

and then start nginx service nginx start