Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

When VNET devices ready is after start jail by iocage ?

Status
Not open for further replies.

lexxai

Junior Member
Joined
Nov 9, 2016
Messages
24
I want do isolate jail from jail by bridge private feature.

I try set script as poststart option to jail:
iocage set exec_poststart=/root/test/pstart.sh foo

/root/test/pstart.sh:
#!/bin/sh
ifconfig bridge0 | grep member: |grep -v PRIVATE | awk '{ print $2 }' | grep 'vnet' | xargs ifconfig bridge0 private
echo `ifconfig bridge0` >> /root/test/list.txt

This script search all bridge0 members with name 'vnet', and mark it as PRIVATE member of bridge0.

But debug log file (/root/test/list.txt) not have any members of vnet interfaces still. Will say that script start too early.

Later after iocage start foo finished this vnet interfaces present on bridge0.

How automate it process of bridge0 isolation when auto boot enabled for jail?
And in future may be interest will set to GUI jail isolation options ?


p.s:
detected that exec_poststart start after iocage start foo message * Starting foo and wait finishing exec_poststart cmd with exit 0, then have message + Started OK.

I modified script for run in background other subscript that wait vnet interfaces, but iocage wait until finished subscript too and result of all task NEGATIVE.

pstart.sh
#!/bin/sh
nohup sh -x /root/test/pstart-e.sh &

Subscript pstart-e.sh
#!/bin/sh
maxloop=20
BRIDGE="bridge0"
while [ "${maxloop}" -ne "0" ]
do
maxloop=`expr $maxloop - 1`
if [ ! -z "`/sbin/ifconfig ${BRIDGE} | /usr/bin/grep 'member: vnet' | /usr/bin/grep -v PRIVATE`" ]; then
/sbin/ifconfig ${BRIDGE} | /usr/bin/grep member: |/usr/bin/grep -v PRIVATE | awk '{ print $2 }' | /usr/bin/grep 'vnet' | xargs -I % ifconfig ${BRIDGE} private %
echo `/sbin/ifconfig bridge0` >> /root/test/list.txt
break
else
sleep 1
echo "Loop id:" ${maxloop} | wall
fi
done



My method work only if script run before start jail iocage start foo.
./pstart-e.sh&
iocage start foo

But in this case it not started automatically if system reboot.


Next not clear solution but work: run via at scheduler in next minute after start jail
iocage set exec_poststart='at -f /root/test/pstart.sh now + 1 minute' foo
but next minute it approx. time since crontab run every /5 minutes atrun cmd
*/5 * * * * root /usr/libexec/atrun > /dev/null 2>&1
It solution work after reboot automatically, with delayed protection jails up to 5 mins after it start.
 
Last edited:
Status
Not open for further replies.
Top