One of my goals with the server I’m setting up is putting non-public services into jails with non-routable IP addresses. Today, I’ve been working on getting PostgreSQL into a jail. The problem I have been grappling with is not putting PostgreSQL into a jail but routing. It took me a while to figure out where […]
FreeBSD jails on non-routable IP addresses Read More »
If you see this: Dec 28 12:48:07 toiler dhcpd: Forward map from dent.unixathome.org to 10.55.0.60 FAILED: REFUSED Perhaps you forgot to unfreeze a domain. In my case: rndc unfreeze 1.8.10.in-addr.arpa. For more info, see this blog post on dynamic dns.
dhcpd: Forward map FAILED: REFUSED Read More »
With this new server, I am taking a new approach. Each jail will have at least three IP addresses: The public IP4 address, used by internet facing services (e.g. http or https) The public IPv6 address, similar to the above A VPN address, used for system administration and private services (e.g. nrpe) In this article,
Accessing FreeBSD Jails over OpenVPN Read More »
A few days I configured a new server to be an Ansible node. This will allow my Ansible configuration tool to configure and install software. Installing Ansible and getting it running is not covered by the post. All I show here is how I got a remote server ready to be configured by Ansible. The
Bootstrapping a new FreeBSD jail host as an Ansible node Read More »
This is zuul, the server I’ve been setting up to be a new jail host. I like to store away this type of documentation, in case I need it later. The partitions: The ZFS file systems: The ada0 drive details: And ada1 drive details: And finally, dmesg:
Over the past few weeks, I worked with two different configuration tools: Salt and Ansible. I started working with Salt. I quickly created a setup for a Salt server and for a Salt minion. The modules I saw looked great. However, I had consistently had trouble converting from the documentation to a practical usage. The
Ansible versus Salt Read More »
Tonight I asked a question in the OpenVPN IRC channel on FreeNode. me: I’m getting ready to set up a new server, running an OpenVPN client. It will be running several virtual machines (FreeBSD Jails). Each VM will have both a public IP address and a non-routable IP address. I’m hoping to access all those
Routing with jails Read More »
I have an exciting project ahead of me. I will soon be configuring a new server. It will be ZFSROOT running a pair of mirrored 500GB disks. I plan to use a configuration tool for management of this server. The final choice of tools is yet to be decided. The services provided by this server
Exciting project ahead Read More »
Sometimes you want to do things alone. Or rather, without intervention. Unattended. Bootstrapping the pkgng package management tool is one of those things. From the pkgng documentation, “FreeBSD 9.1 and later includes a bootstrap utility which can be used to download and install pkgng, along with its manual pages”. Let me show you how that
Bootstrapping / installing pkg on FreeBSD unattended and without answering Yes Read More »
I am a big fan of OpenVPN. I’ve been using it since 2008. It’s been extremely reliable and stable. Out of the box, at least on FreeBSD, it runs as nobody:nobody (not really, but that’s how most people configure it). I can’t point to am immediate security issue with this situation. However, I’d prefer it
running OpenVPN as something other than nobody:nobody Read More »