trent
/
trentdocs_website
mirror of https://github.com/TrentSPalmer/trentdocs_website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
trentdocs_website/site/freebsd_jails_on_freenas/index.html

368 lines
13 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="shortcut icon" href="../img/favicon.ico">
<title>FreeBSD Jails on FreeNAS - Trent Docs</title>
<link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="../css/theme.css" type="text/css" />
<link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
<link rel="stylesheet" href="../css/highlight.css">
<script>
// Current page data
var mkdocs_page_name = "FreeBSD Jails on FreeNAS";
var mkdocs_page_input_path = "freebsd_jails_on_freenas.md";
var mkdocs_page_url = "/freebsd_jails_on_freenas/";
</script>
<script src="../js/jquery-2.1.1.min.js"></script>
<script src="../js/modernizr-2.8.3.min.js"></script>
<script type="text/javascript" src="../js/highlight.pack.js"></script>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
<div class="wy-side-nav-search">
<a href=".." class="icon icon-home"> Trent Docs</a>
<div role="search">
<form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
<li class="toctree-l1">
<a class="" href="..">Home</a>
</li>
<li class="toctree-l1">
<a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
</li>
<li class="toctree-l1">
<a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
</li>
<li class="toctree-l1">
<a class="" href="../nspawn/">Nspawn</a>
</li>
<li class="toctree-l1">
<a class="" href="../mastodon_on_arch/">Mastodon on Arch</a>
</li>
<li class="toctree-l1">
<a class="" href="../debian_nspawn_container_on_arch_for_testing_apache_configurations/">Debian Nspawn Container On Arch For Testing Apache Configurations</a>
</li>
<li class="toctree-l1">
<a class="" href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
</li>
<li class="toctree-l1 current">
<a class="current" href="./">FreeBSD Jails on FreeNAS</a>
<ul class="subnav">
<li class="toctree-l2"><a href="#freebsd-jails-on-freenas">FreeBSD Jails on FreeNAS</a></li>
<ul>
<li><a class="toctree-l3" href="#in-the-freenas-webgui-create-a-new-jail">In The FreeNAS WebGui, Create A New Jail</a></li>
<li><a class="toctree-l3" href="#byobu">Byobu</a></li>
<li><a class="toctree-l3" href="#vim">vim</a></li>
<li><a class="toctree-l3" href="#python">python</a></li>
<li><a class="toctree-l3" href="#running-gitit-under-the-supervision-of-supervisord">running gitit under the supervision of supervisord</a></li>
</ul>
</ul>
</li>
<li class="toctree-l1">
<a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
</li>
<li class="toctree-l1">
<a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
</li>
<li class="toctree-l1">
<a class="" href="../self_signed_certs/">Self Signed Certs</a>
</li>
</ul>
</div>
&nbsp;
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="..">Trent Docs</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="..">Docs</a> &raquo;</li>
<li>FreeBSD Jails on FreeNAS</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
<hr/>
</div>
<div role="main">
<div class="section">
<h1 id="freebsd-jails-on-freenas">FreeBSD Jails on FreeNAS</h1>
<p>Mostly a personal distillation for getting a FreeBSD
Jail up and running on FreeNAS.</p>
<h2 id="in-the-freenas-webgui-create-a-new-jail">In The FreeNAS WebGui, Create A New Jail</h2>
<p>The default networking configuration, will give
your jail an ip address on the lan. For now, I've
decided to just share a pkg cache with each jail.
Navigate to <code>Jails -&gt; Storage -&gt; Add Storage</code> and
add the <code>pkg</code> storage directory to <code>/var/cache/pkg</code>
inside the jail. </p>
<p>For instance, on my local FreeNAS server,
the pkg directory is at /mnt/VolumeOne/pkg/.</p>
<p>If you ssh into the host server, you can type the command
<code>jls</code>, to list the jails. Based on the output of the
command <code>jls</code>, you can get a shell with <code>jexec &lt;jail number&gt;</code>
of <code>jexec &lt;jail hostname&gt;</code>.</p>
<h3 id="updating">updating</h3>
<p>How about the command <code>pkg audit -F</code>? Downloads a
list of known security issues and checks your system
against that.</p>
<p>I would recommend, to myself anyway, to shell into
the new jail with <code>jexec</code>, run <code>pkg upgrade</code> to install any new packages,
and then from the FreeNAS webgui, restart the jail. Although
the restarted jail will have a new jail number as reported by
the <code>jls</code> command.</p>
<h3 id="locale">locale</h3>
<p>When you use <code>jexec</code> to get a shell, you get an environment
with an utf_8 locale. Not so if you ssh into the new jail.
For this put the following contents into ~/.login_conf</p>
<pre><code class="conf"># ~/.login_conf
me:\
:charset=UTF-8:\
:lang=en_US.UTF-8:\
:setenv=LC_COLLATE=C:
</code></pre>
<h3 id="ssh">ssh</h3>
<p>To get ssh running, edit <code>/etc/rc.conf</code> inside the jail.</p>
<pre><code class="conf"># /etc/rc.conf
sshd_enable=&quot;YES&quot;
</code></pre>
<p>To start sshd immediately, make any necessary edits to
/etc/ssh/sshd_config, and run the following command.</p>
<pre><code class="csh">service sshd start
</code></pre>
<h2 id="byobu">Byobu</h2>
<p>You'll need newt to configure byobu, and if you don't install tmux
then screen will become the backend.</p>
<pre><code class="csh">pkg install byobu tmux newt
</code></pre>
<p>If you execute <code>byobu-config</code>, by pressing <em>f9</em>, the
following options seem to work. Some options, of course,
will prevent others from working so you have to enable them
one at a time to see what happens.</p>
<ul>
<li>date</li>
<li>disk</li>
<li>distro</li>
<li>hostname</li>
<li>ip address</li>
<li>load_average</li>
<li>logo</li>
<li>time</li>
<li>uptime</li>
<li>users</li>
<li>whoami</li>
</ul>
<h2 id="vim">vim</h2>
<p>Via pkg, there are two options: vim and vim-lite. Note vim will pull
in a whole bunch of gui dependancies, but vim-lite is not build with python.</p>
<p>For instance, powerline will not work with vim-lite because it's not built with
python. Also, vim-youcompleteme will not work with vim-lite. However, lightline
will work with vim-lite, and VimCompletesMe will work with vim-lite.</p>
<p>To get lightline working update $TERM</p>
<pre><code class="config"># ~/.config/fish/config.fish
export TERM=xterm-256color
</code></pre>
<p>And vimrc</p>
<pre><code class="vim"># ~/.vimrc
set ls=2
</code></pre>
<p>Another option is to build vim from source via ports. You can prevent vim
from pulling in a bunch of gui dependancies with the following in /etc/make.conf.</p>
<pre><code class="conf"># /etc/make.conf
WITHOUT_X11=yes
</code></pre>
<p>And then when you compile vim from ports, run <code>make config</code> where you can enable
python.</p>
<h2 id="python">python</h2>
<p>For python3 virtualenv</p>
<pre><code class="csh">virtualenv-3.6 &lt;directory&gt;
</code></pre>
<h2 id="running-gitit-under-the-supervision-of-supervisord">running gitit under the supervision of supervisord</h2>
<p>py27-supervisor and hs-gitit are available as pkg install, if you want to
run a gitit wiki.</p>
<p>gitit doesn't come with an init service. To generate a sample config,
run <code>gitit --print-default-config &gt; gitit.conf</code>, and then if you want
you can reference gitit.conf by passing gitit the <em>-f</em> flag.</p>
<p>So for instance, after you install supervisord, add something like the
following to the end of <code>/usr/local/etc/supervisord.conf</code>, and create
the directory <code>/var/log/supervisor/</code>.</p>
<pre><code class="conf">[program:gitit]
user=&lt;user&gt;
directory=/path/to/wikidata/directory/
command=/usr/local/bin/gitit -f /usr/local/etc/gitit.conf
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true
</code></pre>
<p>supervisord is a service you can enable in
<code>/etc/rc.conf</code></p>
<pre><code class="conf"># /etc/rc.conf
supervisord_enable=&quot;YES&quot;
</code></pre>
<p>and then start with <code>service supervisord start</code>
when you get supervisord running, you can start a
supervisorctl shell, i.e.</p>
<pre><code class="sh">supervisorctl
supervisor&gt; status
# outputs
gitit RUNNING pid 98057, uptime 0:32:27
supervisor&gt; start/restart/stop gitit
supervisor&gt; exit
</code></pre>
<p>But there is one other little detail, in that when you try to
run gitit as a daemon like this, on FreeBSD it will fail because it can't
find git. But the symlink solution is easy enough.</p>
<pre><code class="csh">ln -s /usr/local/bin/git /usr/bin/
</code></pre>
<p>And you might as well stick a reverse proxy in front of it. Assuming
you configure gitit listen only on localhost:5001, install nginx.
<code>pkg install nginx</code></p>
<p>enable nginx in /etc/rc.conf</p>
<pre><code class="conf">nginx_enable=&quot;YES&quot;
</code></pre>
<p>Then, in the file <code>/usr/local/etc/nginx/nginx.conf</code> change the location "<em>/</em>"
so that it looks like this.</p>
<pre><code class="nginx">{
.....
location / {
# root /usr/local/www/nginx;
# index index.html index.htm;
proxy_pass http://127.0.0.1:5001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
....
}
</code></pre>
<p>and then start nginx <code>service nginx start</code></p>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="../arch_redis_nspawn/" class="btn btn-neutral float-right" title="Quick Dirty Redis Nspawn Container on Arch Linux">Next <span class="icon icon-circle-arrow-right"></span></a>
<a href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/" class="btn btn-neutral" title="Dynamic Cacheing Nginx Reverse Proxy For Pacman"><span class="icon icon-circle-arrow-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<!-- Copyright etc -->
</div>
Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" role="note" style="cursor: pointer">
<span class="rst-current-version" data-toggle="rst-current-version">
<span><a href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/" style="color: #fcfcfc;">&laquo; Previous</a></span>
<span style="margin-left: 15px"><a href="../arch_redis_nspawn/" style="color: #fcfcfc">Next &raquo;</a></span>
</span>
</div>
<script src="../js/theme.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink