Avoiding repetition within jail configurations

Leave a Comment / FreeBSD, Jails, Open Source / By

Without resorting to configuration tools, such as Ansible, I wonder if there is an easy way to avoid repeating a list of datasets within a jail configuration.

First, some facts:

  1. FreeBSD 14.0
  2. I use plain vanilla jails
  3. I know this can be easily scripted with a configuration tool; that is out of scope for this post
  4. I want to explicitly list the datasets; taking all the children of a given dataset is out of scope
  5. Why both unmounting (see below)? It simplifies manipulation of the jails dataset when other datasets are not mounted within it

For example, my dev-nginx01 jail (the website part of https://dev.freshports.org/), has this within /etc/jail.conf.d/pkg01.conf:

    # jail all the things.
    exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache";
    exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/categories";
    exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/commits";
    exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/daily";
    exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/general";
    exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/news";
    exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/packages";
    exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/pages";
    exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/ports";
    exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/spooling";

    exec.created+="zfs jail $name data02/freshports/jailed/dev-nginx01/cache";

    # mount things
    exec.created+="zfs mount data02/freshports/dev-nginx01/www/freshports";
    exec.created+="zfs mount data02/freshports/dev-nginx01/www/freshsource";




    # unjail and umount so we can get access to the underlying mount points
    # when required/
    exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache";
    exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/categories";
    exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/commits";
    exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/daily";
    exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/general";
    exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/news";
    exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/packages";
    exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/pages";
    exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/ports";
    exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/spooling";

    exec.poststop+="zfs umount data02/freshports/jailed/dev-nginx01/cache";
    exec.poststop+="zfs umount data02/freshports/jailed/dev-nginx01/cache/categories";
    exec.poststop+="zfs umount data02/freshports/jailed/dev-nginx01/cache/commits";
    exec.poststop+="zfs umount data02/freshports/jailed/dev-nginx01/cache/daily";
    exec.poststop+="zfs umount data02/freshports/jailed/dev-nginx01/cache/general";
    exec.poststop+="zfs umount data02/freshports/jailed/dev-nginx01/cache/news";
    exec.poststop+="zfs umount data02/freshports/jailed/dev-nginx01/cache/packages";
    exec.poststop+="zfs umount data02/freshports/jailed/dev-nginx01/cache/pages";
    exec.poststop+="zfs umount data02/freshports/jailed/dev-nginx01/cache/ports";
    exec.poststop+="zfs umount data02/freshports/jailed/dev-nginx01/cache/spooling";


    exec.poststop+="zfs umount data02/freshports/dev-nginx01/www/freshports";
    exec.poststop+="zfs umount data02/freshports/dev-nginx01/www/freshsource";

To summarize the above:

  • lines 1-11 jails the filesets which this jail uses and allows the jail to directly manipulate them (in this case, rollack)
  • lines 22-44 unjails those same filesets and unmounts them
  • lines 16-17 mounts two datasets which store the source code for the websites I’m working on. They’re on SSD, the jail itself is not

    • .

  • lines 47-48 unmounts those two datasets

Shell code example

What I could do is this:

#!/bin/sh

DATASETS="categories commits daily general html news packages pages ports spooling"

for data in ${DATASETS}
do
  echo exec.created+=\"zfs set jailed=on  data02/freshports/jailed/dev-nginx01/cache/$data\";
done


for data in ${DATASETS}
do
  echo exec.poststop+=\"zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/$data\";
done

Running that, we get:

[18:53 r730-01 dvl /etc/jail.conf.d] % ~/tmp/shell.sh    
exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/categories"
exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/commits"
exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/daily"
exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/general"
exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/html"
exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/news"
exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/packages"
exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/pages"
exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/ports"
exec.created+="zfs set jailed=on data02/freshports/jailed/dev-nginx01/cache/spooling"
exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/categories"
exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/commits"
exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/daily"
exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/general"
exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/html"
exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/news"
exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/packages"
exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/pages"
exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/ports"
exec.poststop+="zfs set jailed=off data02/freshports/jailed/dev-nginx01/cache/spooling"
[18:53 r730-01 dvl /etc/jail.conf.d] %

Success. How do I do that within the jail configuration file?

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top