2020-02-16 14:23:05 -07:00
|
|
|
Bastille
|
|
|
|
|
========
|
2019-12-07 17:48:06 -07:00
|
|
|
[Bastille](https://bastillebsd.org/) is an open-source system for automating
|
|
|
|
|
deployment and management of containerized applications on FreeBSD.
|
2018-04-06 13:40:48 -06:00
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
[Bastille Documentation](https://bastille.readthedocs.io/en/latest/)
|
2019-08-02 10:00:03 -06:00
|
|
|
|
2018-11-18 20:37:03 -07:00
|
|
|
Installation
|
2019-06-22 09:28:42 -06:00
|
|
|
============
|
2023-10-10 19:51:10 -06:00
|
|
|
Bastille is available for installation from the official FreeBSD ports tree.
|
2018-11-18 20:37:03 -07:00
|
|
|
|
2019-06-22 09:28:42 -06:00
|
|
|
**pkg**
|
|
|
|
|
```shell
|
2019-03-11 17:51:32 -06:00
|
|
|
pkg install bastille
|
|
|
|
|
```
|
2018-11-18 20:37:03 -07:00
|
|
|
|
2019-06-22 09:28:42 -06:00
|
|
|
**ports**
|
|
|
|
|
```shell
|
2019-11-22 21:59:11 -07:00
|
|
|
portsnap fetch auto
|
2019-06-22 09:28:42 -06:00
|
|
|
make -C /usr/ports/sysutils/bastille install clean
|
2018-11-18 20:37:03 -07:00
|
|
|
```
|
|
|
|
|
|
2020-02-16 14:23:05 -07:00
|
|
|
**Git** (bleeding edge / unstable -- primarily for developers)
|
2019-11-28 09:21:13 -07:00
|
|
|
```shell
|
2023-10-10 19:51:10 -06:00
|
|
|
git clone https://github.com/bastillebsd/bastille.git
|
2019-11-28 09:21:13 -07:00
|
|
|
cd bastille
|
|
|
|
|
make install
|
|
|
|
|
```
|
|
|
|
|
|
2019-11-23 13:50:55 -07:00
|
|
|
**enable at boot**
|
|
|
|
|
```shell
|
|
|
|
|
sysrc bastille_enable=YES
|
|
|
|
|
```
|
|
|
|
|
|
2023-11-13 20:00:41 +11:00
|
|
|
Upgrading from a previous version
|
|
|
|
|
---------------------------------
|
|
|
|
|
When upgrading from a previous version of bastille (e.g. 0.10.20230714 to
|
|
|
|
|
0.10.20231013) you will need to update your bastille.conf
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
cd /usr/local/etc/bastille
|
2023-11-24 15:20:15 -07:00
|
|
|
diff -u bastille.conf bastille.conf.sample
|
2023-11-13 20:00:41 +11:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Merge the lines that are present in the new bastille.conf.sample into
|
|
|
|
|
your bastille.conf
|
|
|
|
|
|
2018-11-07 10:36:54 -07:00
|
|
|
Basic Usage
|
|
|
|
|
-----------
|
2018-11-20 21:03:08 -07:00
|
|
|
```shell
|
2019-11-22 21:59:11 -07:00
|
|
|
Bastille is an open-source system for automating deployment and management of
|
|
|
|
|
containerized applications on FreeBSD.
|
|
|
|
|
|
2018-11-07 10:36:54 -07:00
|
|
|
Usage:
|
2025-04-22 22:55:14 -06:00
|
|
|
bastille [options(s)] command [option(s)] TARGET [args]
|
2018-11-07 10:36:54 -07:00
|
|
|
|
|
|
|
|
Available Commands:
|
2025-04-22 22:59:01 -06:00
|
|
|
bootstrap Bootstrap a release for jail base.
|
|
|
|
|
clone Clone an existing jail.
|
|
|
|
|
cmd Execute arbitrary command on targeted jail(s).
|
|
|
|
|
config Get, set or remove a config value for the targeted jail(s).
|
|
|
|
|
console Console into a running jail.
|
2025-04-22 22:55:14 -06:00
|
|
|
convert Convert thin jail to thick jail, or convert a jail to a custom release.
|
2025-04-22 22:59:01 -06:00
|
|
|
cp cp(1) files from host or jail to host or targeted jail(s).
|
2025-04-22 22:55:14 -06:00
|
|
|
create Create a jail.
|
|
|
|
|
destroy Destroy a jail or release.
|
|
|
|
|
edit Edit jail configuration files (advanced).
|
|
|
|
|
export Exports a jail.
|
2023-03-23 23:14:39 +01:00
|
|
|
help Help about any command.
|
2018-11-07 10:36:54 -07:00
|
|
|
htop Interactive process viewer (requires htop).
|
2025-04-22 22:55:14 -06:00
|
|
|
import Import a jail.
|
2025-01-26 21:56:26 -05:00
|
|
|
jcp cp(1) files from a jail to jail(s).
|
2025-04-22 22:55:14 -06:00
|
|
|
limits Apply resources limits to targeted jail(s). See rctl(8).
|
|
|
|
|
list List jails, releases, templates etc...
|
|
|
|
|
mount Mount a volume inside targeted jail(s).
|
2025-03-26 23:49:42 -06:00
|
|
|
network Add or remove interfaces from targeted jail(s).
|
2025-04-22 22:55:14 -06:00
|
|
|
pkg Manipulate binary packages within targeted jail(s). See pkg(8).
|
2025-01-26 19:40:07 -07:00
|
|
|
rcp cp(1) files from a jail to host.
|
2020-02-01 16:06:13 +00:00
|
|
|
rdr Redirect host port to container port.
|
2025-04-22 22:55:14 -06:00
|
|
|
rename Rename a jail.
|
|
|
|
|
restart Restart a running jail.
|
|
|
|
|
service Manage services within targeted jail(s).
|
2023-10-10 19:51:10 -06:00
|
|
|
setup Attempt to auto-configure network, firewall and storage on new installs.
|
2025-04-22 22:55:14 -06:00
|
|
|
start Start a stopped jail.
|
|
|
|
|
stop Stop a running jail.
|
|
|
|
|
sysrc Safely edit rc files within targeted jail(s).
|
|
|
|
|
tags Add or remove tags to targeted jail(s).
|
|
|
|
|
template Apply file templates to targeted jail(s).
|
2018-11-07 10:36:54 -07:00
|
|
|
top Display and update information about the top(1) cpu processes.
|
2025-04-22 22:55:14 -06:00
|
|
|
umount Unmount a volume from targeted jail(s).
|
|
|
|
|
update Update jail base -pX release.
|
|
|
|
|
upgrade Upgrade jail release to X.Y-RELEASE.
|
2023-03-23 23:14:39 +01:00
|
|
|
verify Compare release against a "known good" index.
|
2020-11-27 19:20:47 -05:00
|
|
|
zfs Manage (get|set) ZFS attributes on targeted container(s).
|
2018-11-07 10:36:54 -07:00
|
|
|
|
|
|
|
|
Use "bastille -v|--version" for version information.
|
|
|
|
|
Use "bastille command -h|--help" for more information about a command.
|
2025-04-22 22:59:01 -06:00
|
|
|
Use "bastille [-c|--config config.conf] command" to specify a non-default config file.
|
2019-11-22 21:59:11 -07:00
|
|
|
|
2018-11-07 10:36:54 -07:00
|
|
|
```
|
|
|
|
|
|
2025-04-20 12:00:38 -05:00
|
|
|
## 0.14-beta
|
2019-11-22 21:59:11 -07:00
|
|
|
This document outlines the basic usage of the Bastille container management
|
2019-03-11 17:51:32 -06:00
|
|
|
framework. This release is still considered beta.
|
2018-04-07 14:57:48 -06:00
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
Setup Requirements
|
|
|
|
|
==================
|
|
|
|
|
Bastille can now (attempt) to configure the networking, firewall and storage
|
|
|
|
|
automatically. This feature is new since version 0.10.20231013.
|
2019-11-22 21:59:11 -07:00
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
**bastille setup**
|
2018-04-07 14:57:48 -06:00
|
|
|
|
|
|
|
|
```shell
|
2023-10-10 19:51:10 -06:00
|
|
|
ishmael ~ # bastille setup -h
|
2025-04-22 22:59:01 -06:00
|
|
|
Usage: bastille setup [-p|pf|firewall] [-l|loopback] [-s|shared] [-z|zfs|storage] [-v|vnet] [-b|bridge]
|
2018-11-07 10:36:54 -07:00
|
|
|
```
|
|
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
On fresh installations it is likely safe to run `bastille setup` with no
|
|
|
|
|
arguments. This will configure the firewall, the loopback interface and attempt
|
|
|
|
|
to determine ZFS vs UFS storage.
|
2018-04-07 14:57:48 -06:00
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
If you have an existing firewall, or customized network design, you may want to
|
|
|
|
|
run individual options; eg `bastille setup zfs` or `bastille setup vnet`.
|
2020-02-01 16:06:13 +00:00
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
Note: The `bastille setup` command can configure and enable PF but it does not
|
|
|
|
|
automatically reload the firewall. You will still need to manually `service pf
|
|
|
|
|
start`. At that point you'll likely be disconnected if configuring a remote
|
|
|
|
|
host. Simply reconnect the ssh session and continue.
|
2018-11-07 10:36:54 -07:00
|
|
|
|
|
|
|
|
This step only needs to be done once in order to prepare the host.
|
|
|
|
|
|
|
|
|
|
Example (create, start, console)
|
|
|
|
|
================================
|
2019-11-22 21:59:11 -07:00
|
|
|
This example creates, starts and consoles into the container.
|
2018-11-07 10:36:54 -07:00
|
|
|
|
|
|
|
|
```shell
|
2023-11-24 15:20:15 -07:00
|
|
|
ishmael ~ # bastille create alcatraz 14.0-RELEASE 10.17.89.10/24
|
2018-11-07 10:36:54 -07:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
ishmael ~ # bastille start alcatraz
|
|
|
|
|
[alcatraz]:
|
|
|
|
|
alcatraz: created
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
ishmael ~ # bastille console alcatraz
|
|
|
|
|
[alcatraz]:
|
2023-11-24 15:20:15 -07:00
|
|
|
FreeBSD 14.0-RELEASE GENERIC
|
2018-11-07 10:36:54 -07:00
|
|
|
|
|
|
|
|
Welcome to FreeBSD!
|
|
|
|
|
|
|
|
|
|
Release Notes, Errata: https://www.FreeBSD.org/releases/
|
|
|
|
|
Security Advisories: https://www.FreeBSD.org/security/
|
|
|
|
|
FreeBSD Handbook: https://www.FreeBSD.org/handbook/
|
|
|
|
|
FreeBSD FAQ: https://www.FreeBSD.org/faq/
|
2023-10-10 19:51:10 -06:00
|
|
|
Questions List: https://www.FreeBSD.org/lists/questions/
|
2018-11-07 10:36:54 -07:00
|
|
|
FreeBSD Forums: https://forums.FreeBSD.org/
|
|
|
|
|
|
|
|
|
|
Documents installed with the system are in the /usr/local/share/doc/freebsd/
|
|
|
|
|
directory, or can be installed later with: pkg install en-freebsd-doc
|
|
|
|
|
For other languages, replace "en" with a language code like de or fr.
|
|
|
|
|
|
|
|
|
|
Show the version of FreeBSD installed: freebsd-version ; uname -a
|
|
|
|
|
Please include that output and any error messages when posting questions.
|
|
|
|
|
Introduction to manual pages: man man
|
|
|
|
|
FreeBSD directory layout: man hier
|
|
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
To change this login announcement, see motd(5).
|
2018-11-07 10:36:54 -07:00
|
|
|
root@alcatraz:~ #
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
root@alcatraz:~ # ps -auxw
|
|
|
|
|
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
|
|
|
|
|
root 83222 0.0 0.0 6412 2492 - IsJ 02:21 0:00.00 /usr/sbin/syslogd -ss
|
|
|
|
|
root 88531 0.0 0.0 6464 2508 - SsJ 02:21 0:00.01 /usr/sbin/cron -s
|
|
|
|
|
root 6587 0.0 0.0 6912 2788 3 R+J 02:42 0:00.00 ps -auxw
|
|
|
|
|
root 92441 0.0 0.0 6952 3024 3 IJ 02:21 0:00.00 login [pam] (login)
|
|
|
|
|
root 92565 0.0 0.0 7412 3756 3 SJ 02:21 0:00.01 -csh (csh)
|
|
|
|
|
root@alcatraz:~ #
|
|
|
|
|
```
|
|
|
|
|
|
2018-11-18 23:11:02 -07:00
|
|
|
Community Support
|
|
|
|
|
=================
|
|
|
|
|
If you've found a bug in Bastille, please submit it to the [Bastille Issue
|
|
|
|
|
Tracker](https://github.com/bastillebsd/bastille/issues/new).
|
