Mirrors/BastilleBSD_bastille
1
0
Fork 1
mirror of https://github.com/BastilleBSD/bastille.git synced 2025-12-11 09:29:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1286 from BastilleBSD/docs-update

Browse Source
This commit is contained in:
tschettervictor
2025-11-16 13:01:10 -07:00
committed by GitHub
parent 75a0fb9650 3d55947402
commit 15020cc18e
9 changed files with 253 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

265
README.md
View File

@@ -1,71 +1,33 @@
Bastille 1.x
========
[Bastille](https://bastillebsd.org/) is an open-source system for automating
<p align="center">
<img src="docs/images/bastille.jpeg" width="60%" height="auto" />
</p>
----
Table of Contents
=================
* [Table of Contents](#table-of-contents)
* [Bastille](#bastille)
* [Installation](#installation)
* [Usage](#usage)
* [Getting Started](#getting-started)
* [Documentation](#documentation)
* [Comparing](#comparing)
* [Breaking Changes](#breaking-changes)
* [Support](#support)
# Bastille
Bastille is an open-source system for automating
deployment and management of containerized applications on FreeBSD.
Check the [Bastille Documentation](https://bastille.readthedocs.io/en/latest/)
[Official BastilleBSD Website](https://bastillebsd.org)
## Installation
Potentially breaking changes since 1.0 ⚠️
========================================
Up until version 1.0.20250714, Bastille has handled epairs for -V jails
using the jib script included in FreeBSD installs. However, for -B jails,
Bastille statically assigned an epair to each jail. This means you can only
run one type (-V or -B) of VNET jails on a given system.
Starting with version 1.0.20250714, we are now handling all epairs
dynamically, allowing the use of both types of VNET jails without issue. We
have also selected a naming scheme that will allow for consistency across
these jail types. The naming scheme is as follows:
`e0a_jailname` and `e0b_jailname` are the default epair interfaces for every
jail. The `e0a` side is on the host, while the `e0b` is in the jail. This will
allow better management when trying to figure out which jail a given epair is
linked to. Due to a limitations in how long an interface name can be, Bastille
will name any epairs whose jail names exceed the maximum length, to
`e0b_bastille1` and `e0b_bastille1` with the `1` incrementing by 1 for
each new epair. So, mylongjailname will be `e0a_bastille2` and `e0b_bastille2`.
If you decide to add an interface using the network sub-command, they will
be named `e1a_jailname` and `e1b_jailname` respectively. The number included
in the prefix `eXa_` will increment by 1 for each interface you add.
Mandatory
---------
We have tried our best to auto-convert each jails jail.conf and rc.conf
to the new syntax (this happens when the jail is stopped). It isn't a huge
change (only a handful of lines), but if you do have an issue please open a
bug report.
After updating, you must restart all your jails (probably one at a time, in
case of issues) to have Bastille convert the jail.conf and rc.conf files.
This simply involves renaming the epairs to the new syntax.
If you have used the network sub-command to add any number of interfaces, you
will have to edit the jail.conf and rc.conf files for each jail to update
the names of the epair interfaces. This is because all epairs will have been
renamed to e0... in both files. For each additional one, simply increment
the number by 1.
Important
---------
Due to the JIB script that gets used when creating VNET jails, you
will face changes with the MAC address if these jails.
If you have any VNET jails (created with -V), the MAC addresses
will change if you did not also use -M when creating them. This
is due to the JIB script generating a MAC based on the jail interface
name.
If you did use -M when creating them, the MAC should stay the same.
Comparing Bastille to Other Jail Managers
=========================================
See [Comparing](https://bastille.readthedocs.io/en/latest/chapters/comparing.html)
Installation
============
Bastille is available for installation from the official FreeBSD ports tree.
**pkg**
@@ -91,11 +53,13 @@ make install
sysrc bastille_enable=YES
```
Upgrading from a previous version
---------------------------------
### Upgrading
When upgrading from a previous version of bastille (e.g. 0.10.20230714 to
0.10.20231013) you will need to update your bastille.conf
Be sure to read the [Breaking Changes](#breaking-changes) below.
```shell
cd /usr/local/etc/bastille
diff -u bastille.conf bastille.conf.sample
@@ -104,143 +68,78 @@ diff -u bastille.conf bastille.conf.sample
Merge the lines that are present in the new bastille.conf.sample into
your bastille.conf
Basic Usage
-----------
```shell
Bastille is an open-source system for automating deployment and management of
containerized applications on FreeBSD.
## Usage
Usage:
bastille [options(s)] command [option(s)] TARGET [args]
See [Usage](https://bastille.readthedocs.io/en/latest/chapters/usage.html)
Available Commands:
bootstrap Bootstrap a release for jail base.
clone Clone an existing jail.
cmd Execute arbitrary command(s) in targeted jail(s).
config Get, set or remove a config value for the targeted jail(s).
console Console into a jail.
convert Convert thin jail to thick jai. Convert jail to custom release base.
cp cp(1) files from host to targeted jail(s).
create Create a jail.
destroy Destroy a jail or release.
edit Edit jail configuration files (advanced).
export Export a jail.
help Help about any command.
htop Interactive process viewer (requires htop).
import Import a jail.
jcp cp(1) files from a jail to jail(s).
limits Apply resources limits to targeted jail(s). See rctl(8) and cpuset(1).
list List jails, releases, templates and more...
migrate Migrate targeted jail(s) to a remote system.
mount Mount a volume inside targeted jail(s).
network Add or remove interfaces from targeted jail(s).
pkg Manipulate binary packages within targeted jail(s). See pkg(8).
rcp cp(1) files from a jail to host.
rdr Redirect host port to jail port.
rename Rename a jail.
restart Restart a jail.
service Manage services within targeted jail(s).
setup Attempt to auto-configure network, firewall, storage and more...
start Start a stopped jail.
stop Stop a running jail.
sysrc Safely edit rc files within targeted jail(s).
tags Add or remove tags to targeted jail(s).
template Apply file templates to targeted jail(s).
top Display and update information about the top(1) cpu processes.
umount Unmount a volume from targeted jail(s).
update Update jail base -pX release.
upgrade Upgrade jail release to X.Y-RELEASE.
verify Compare release against a "known good" index.
zfs Manage (get|set) ZFS attributes on targeted container(s).
## Getting Started
Use "bastille -v|--version" for version information.
Use "bastille command -h|--help" for more information about a command.
Use "bastille -c|--config config.conf command" to specify a non-default config file.
```
See [Getting Started](https://bastille.readthedocs.io/en/latest/chapters/getting-started.html)
## 1.x
This document outlines the basic usage of the Bastille container management
framework. This release is still considered beta.
## Documentation
Setup Requirements
==================
Bastille can now (attempt) to configure the networking, firewall and storage
automatically. This feature is new since version 0.10.20231013.
See [Documentation](https://bastille.readthedocs.io/en/latest/)
**bastille setup**
## Comparing
```shell
ishmael ~ # bastille setup -h
Usage: bastille setup [-p|pf|firewall] [-l|loopback] [-s|shared] [-z|zfs|storage] [-v|vnet] [-b|bridge]
```
See [Comparing](https://bastille.readthedocs.io/en/latest/chapters/comparing.html)
On fresh installations it is likely safe to run `bastille setup` with no
arguments. This will configure the firewall, the loopback interface and attempt
to determine ZFS vs UFS storage.
## Breaking Changes
If you have an existing firewall, or customized network design, you may want to
run individual options; eg `bastille setup zfs` or `bastille setup vnet`.
### Version 1.x
Note: The `bastille setup` command can configure and enable PF but it does not
automatically reload the firewall. You will still need to manually `service pf
start`. At that point you'll likely be disconnected if configuring a remote
host. Simply reconnect the ssh session and continue.
Up until version 1.0.20250714, Bastille has handled epairs for -V jails
using the jib script included in FreeBSD installs. However, for -B jails,
Bastille statically assigned an epair to each jail. This means you can only
run one type (-V or -B) of VNET jails on a given system.
This step only needs to be done once in order to prepare the host.
Starting with version 1.0.20250714, we are now handling all epairs
dynamically, allowing the use of both types of VNET jails without issue. We
have also selected a naming scheme that will allow for consistency across
these jail types. The naming scheme is as follows:
Example (create, start, console)
================================
This example creates, starts and consoles into the container.
`e0a_jailname` and `e0b_jailname` are the default epair interfaces for every
jail. The `e0a` side is on the host, while the `e0b` is in the jail. This will
allow better management when trying to figure out which jail a given epair is
linked to. Due to a limitations in how long an interface name can be, Bastille
will name any epairs whose jail names exceed the maximum length, to
`e0b_bastille1` and `e0b_bastille1` with the `1` incrementing by 1 for
each new epair. So, mylongjailname will be `e0a_bastille2` and `e0b_bastille2`.
```shell
ishmael ~ # bastille create alcatraz 14.0-RELEASE 10.17.89.10/24
```
If you decide to add an interface using the network sub-command, they will
be named `e1a_jailname` and `e1b_jailname` respectively. The number included
in the prefix `eXa_` will increment by 1 for each interface you add.
```shell
ishmael ~ # bastille start alcatraz
[alcatraz]:
alcatraz: created
```
### Mandatory
```shell
ishmael ~ # bastille console alcatraz
[alcatraz]:
FreeBSD 14.0-RELEASE GENERIC
We have tried our best to auto-convert each jails jail.conf and rc.conf
to the new syntax (this happens when the jail is stopped). It isn't a huge
change (only a handful of lines), but if you do have an issue please open a
bug report.
Welcome to FreeBSD!
After updating, you must restart all your jails (probably one at a time, in
case of issues) to have Bastille convert the jail.conf and rc.conf files.
This simply involves renaming the epairs to the new syntax.
Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories: https://www.FreeBSD.org/security/
FreeBSD Handbook: https://www.FreeBSD.org/handbook/
FreeBSD FAQ: https://www.FreeBSD.org/faq/
Questions List: https://www.FreeBSD.org/lists/questions/
FreeBSD Forums: https://forums.FreeBSD.org/
If you have used the network sub-command to add any number of interfaces, you
will have to edit the jail.conf and rc.conf files for each jail to update
the names of the epair interfaces. This is because all epairs will have been
renamed to e0... in both files. For each additional one, simply increment
the number by 1.
Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with: pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.
### Important Limitations
Show the version of FreeBSD installed: freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages: man man
FreeBSD directory layout: man hier
Due to the JIB script that gets used when creating VNET jails, you
will face changes with the MAC address if these jails.
To change this login announcement, see motd(5).
root@alcatraz:~ #
```
If you have any VNET jails (created with -V), the MAC addresses
will change if you did not also use -M when creating them. This
is due to the JIB script generating a MAC based on the jail interface
name.
```shell
root@alcatraz:~ # ps -auxw
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 83222 0.0 0.0 6412 2492 - IsJ 02:21 0:00.00 /usr/sbin/syslogd -ss
root 88531 0.0 0.0 6464 2508 - SsJ 02:21 0:00.01 /usr/sbin/cron -s
root 6587 0.0 0.0 6912 2788 3 R+J 02:42 0:00.00 ps -auxw
root 92441 0.0 0.0 6952 3024 3 IJ 02:21 0:00.00 login [pam] (login)
root 92565 0.0 0.0 7412 3756 3 SJ 02:21 0:00.01 -csh (csh)
root@alcatraz:~ #
```
If you did use -M when creating them, the MAC should stay the same.
## Support
Community Support
=================
If you've found a bug in Bastille, please submit it to the [Bastille Issue
Tracker](https://github.com/bastillebsd/bastille/issues/new).
Tracker](https://github.com/bastillebsd/bastille/issues/new)

27
docs/chapters/configuration.rst
View File

@@ -4,9 +4,10 @@ Configuration
Bastille is configured using a default config file located at
``/usr/local/etc/bastille/bastille.conf``. When first installing bastille, you
should run ``bastille setup``. This will ask if you want to copy the sample
config file to the above location. The defaults are sensible for UFS, but if you
want to use ZFS, you will have to change a few options. See the chapter on ZFS
Support.
config file to the above location. The defaults are sensible for UFS, but
if you use ZFS, ``bastille setup`` will configure it for you. If you have
multiple zpools, Bastille will ask which one you want to use. See also
:doc:`ZFS Support <chapters/zfs-support>`.
This is the default `bastille.conf` file.
@@ -98,28 +99,12 @@ This is the default `bastille.conf` file.
bastille_template_clone="default/clone" ## default: "default/clone"
bastille_template_thin="default/thin" ## default: "default/thin"
bastille_template_vnet="default/vnet" ## default: "default/vnet"
Notes
-----
The options here are fairly self-explanitory, but there are some things to note.
* If you use ZFS, DO NOT create the bastille dataset. You must only create the
parent. Bastille must be allowed to create the ``bastille`` child dataset, or
you will have issues. So, if you want bastille to live at
``zroot/data/bastille`` you should set ``bastille_zfs_zpool`` to ``zroot`` and
``bastille_zfs_prefix`` to ``data/bastille`` but you should only create
``zroot/data`` before running bastille for the first time.
* Bastille will mount the dataset it creates at ``bastille_prefix`` which
defaults to ``/usr/local/bastille``. So if you want to navigate to your jails,
you will use the ``bastille_prefix`` as the location because this is where the
will be mounted.
bastille_template_vlan="default/vlan" ## default: "default/vlan"
Custom Configuration
--------------------
Bastille now supports using a custom config in addition to the default one. This
Bastille supports using a custom config in addition to the default one. This
is nice if you have multiple users, or want to store different
jails at different locations based on your needs.

101
docs/chapters/getting-started.rst Normal file
View File

@@ -0,0 +1,101 @@
Getting Started
===============
Bastille has many different options when it comes to creating
and managing jails. This guide is meant to show some basic
setup and configuration options.
Setup
-----
The first command a new user should run is ``bastille setup``. This
will configure the networking, storage, and firewall on your system
for use with Bastille.
By default the ``bastille setup`` will configure a loopback interface, storage (ZFS if
enabled, otherwise UFS) and the ``pf`` firewall.
Alternatively, you can run ``bastille setup OPTION`` command with any of the supported
options to configure the selected option by itself.
To see a list of available options, see the ``setup`` subcommand.
.. code-block:: shell
ishmael ~ # bastille setup
Now we are ready to bootstrap a release and start creating jails.
Bootstrapping a Release
-----------------------
To bootstrap a release, run ``bastille bootstrap RELEASE``.
.. code-block:: shell
ishmael ~ # bastille bootstrap 14.2-RELEASE
This will fetch the necessary components of the specified release, and
enable us to create jails from the downloaded release.
Creating a Jail
---------------
There are a few different types of jails we can create, described below.
* Thin jails are the default, and are called thin because they use symlinks to
the bootstrapped release. They are lightweight and are created quickly.
* Thick jails use the entire release, which is copied into the jail. The jail
then acts like a full BSD install, completely independent of the release.
Created with the ``--thick|-T`` option.
* Clone jails are essentially clones of the bootstrapped release. Changes to the
release will affect the clone jail. Created with the ``--clone|-C`` option.
* Empty jails are just that, empty. These should be used only if you know what
you are doing. Created with the ``--empty|-E`` option.
* Linux jails are jails that run linux. Created with the ``--linux|-L`` option.
See :doc:`Linux Jails <chapters/linux-jails>`.
We will focus on thin jails for this guide.
Classic/Standard Jail
^^^^^^^^^^^^^^^^^^^^^
.. code-block:: shell
ishmael ~ # bastille create nextcloud 14.2-RELEASE 10.1.1.4/24
This will create a classic jail, which uses the loopback interface
(created with ``bastille setup``) for outbound connections.
To be able to reach a service inside the jail, use ``bastille rdr``.
.. code-block:: shell
ishmael ~ # bastille rdr nextcloud tcp 80 80
This will forward traffic from port 80 on the host to port 80 inside the jail.
See also :doc:`rdr <rdr>`.
VNET Jail
^^^^^^^^^
VNET jails can use either a host interface with ``-V`` or a manually created
bridge interface with ``-B``. You can also optionally set a static MAC for the
jail interface with ``-M``.
.. code-block:: shell
ishmael ~ # bastille create -BM nextcloud 14.2-RELEASE 192.168.1.50/24 bridge0
or
.. code-block:: shell
ishmael ~ # bastille create -VM nextcloud 14.2-RELEASE 192.168.1.50/24 vtnet0
The IP used for VNET jails should be an IP reachable inside your local network.
You can also specify 0.0.0.0 or DHCP to use DHCP.

118
docs/chapters/gettingstarted.rst
View File

@@ -1,118 +0,0 @@
Getting Started
===============
This guide is meant to get you up and running with bastille, and will show you
a number of different options to create and manage your jails.
Setup
-----
The first command a new user should run is the ``bastille setup`` command. This
will attempt to configure the networking, storage, and firewall on your system
for use with Bastille.
By default the setup command will configure a loopback interface, storage (ZFS if
enabled, otherwise UFS) and the pf firewall if you run it as below without any
options.
Alternatively, you can run the ``setup`` command with any of the supported
options to configure the selected option by itself.
To see a list of available options and switches, see the ``setup`` subcommand.
.. code-block:: shell
ishmael ~ # bastille setup
Bootstrapping a Release
-----------------------
Then we need to bootstrap a release for bastille to use. We will use
14.2-RELEASE.
.. code-block:: shell
ishmael ~ # bastille bootstrap 14.2-RELEASE
Creating a Jail
---------------
Next we can create our first jail. Bastille can create a few different types of
jails.
* Thin jails are the default, and are called thin because they use symlinks to
the bootstrapped release. They are lightweight and are created quickly.
* Thick jails used the entire release, which is copied into the jail. The jail
then acts like a full BSD install, completely independent of the release.
Created with ``bastille create -T``.
* Clone jails are essentially clones of the bootstrapped release. Changes to the
release will affect the clone jail. Created with ``bastille create -C``.
* Empty jails are just that, empty. These should be used only if you know what
you are doing. Created with ``bastille create -E``.
* Linux jails are jails that run linux. Created with ``bastille create -L``.
Only clone, thin, and thick jails can be created with ``-V`` ``-B`` and ``-M``.
We will focus on thin jails for the guide.
Classic/Standard Jail
^^^^^^^^^^^^^^^^^^^^^
.. code-block:: shell
ishmael ~ # bastille create nextcloud 14.2-RELEASE 10.1.1.4/24 vtnet0
This will create a classic jail and add the IP as an alias to the vtnet0
interface. This jail will use NAT for its outbound traffic. If you want to run
a webserver of something similar inside it, you will have to redirect traffic
from the host using ``bastille rdr``
It the IP is reachable within your local subnet, however, then it is not
necessary to redirect the traffic. It will pass in and out normally.
.. code-block:: shell
ishmael ~ # bastille rdr nextcloud tcp 80 80
This will forward traffic from port 80 on the host to port 80 inside the jail.
VNET Jail
^^^^^^^^^
VNET jails can use either a host interface with ``-V`` or a manually created
bridge interface with ``-B``. You can also optionally set a static MAC for the
jail interface with ``-M``.
.. code-block:: shell
ishmael ~ # bastille create -BM nextcloud 14.2-RELEASE 192.168.1.50/24 bridge0
or
.. code-block:: shell
ishmael ~ # bastille create -VM nextcloud 14.2-RELEASE 192.168.1.50/24 vtnet0
The IP used for VNET jails should be an IP reachable inside your local network.
You can also specify 0.0.0.0 or DHCP to use DHCP.
Linux Jail
^^^^^^^^^^
Linux jails are still considered experimental, but they seem to work. First we
must bootstrap a linux distro (Linux distros are bootstrapped with the Debian
tool debootstrap).
.. code-block:: shell
ishmael ~ # bastille bootstrap bionic
Then we can create our linux jail using this release. This will take a while...
.. code-block:: shell
ishmael ~ # bastille create -L linux_jail bionic 10.1.1.7/24 vtnet0

8
docs/chapters/installation.rst
View File

@@ -1,5 +1,6 @@
Installation
============
Bastille is available in the official FreeBSD ports tree at
``sysutils/bastille``. Binary packages are available in quarterly and latest
repositories.
@@ -18,9 +19,6 @@ pkg
.. code-block:: shell
pkg install bastille
bastille setup
To install from source (don't worry, no compiling):
ports
-----
@@ -28,7 +26,6 @@ ports
.. code-block:: shell
make -C /usr/ports/sysutils/bastille install clean
bastille setup
git
---
@@ -38,9 +35,8 @@ git
git clone https://github.com/BastilleBSD/bastille.git
cd bastille
make install
bastille setup
This method will install the latest files from GitHub directly onto your
The ``git`` method will install the latest files from GitHub directly onto your
system. It is verbose about the files it installs (for later removal), and also
has a ``make uninstall`` target. You may need to manually copy the sample
config into place before Bastille will run. (ie;

2
docs/chapters/jail-startup-configuration.rst
View File

@@ -11,7 +11,7 @@ the priority option. Jails will start in order starting at the lowest value, and
will stop in order starting at the highest value. So, jails with a priority value
of 1 will start first, and stop last.
See the chapter on targeting for more info.
See :doc:`Targeting <chapters/targeting>`for more info.
Boot
----

29
docs/chapters/linux-jails.rst Normal file
View File

@@ -0,0 +1,29 @@
Linux Jails
===========
Bastille can create Linux jails using the ``debootstrap`` tool. When
attempting to create a Linux jail, Bastille will need to load some modules
as well as install the ``debootstrap`` package. When prompted, enter
'yes' when bootstrapping a Linux release.
Bootstrapping a Linux Release
-----------------------------
To bootstrap a Linux release, run ``bastille bootstrap bionic`` or
whichever release you want to bootstrap. Once bootstrapped, we can
use the ``--linux|-L`` option to create a Linux jail.
Creating a Linux Jail
---------------------
To create a Linux jail, run ``bastille create -L mylinuxjail bionic 10.1.1.3``.
This will create and initialize your jail using the ``debootstrap`` tool.
Once the jail is created, proceed to do your "linux stuff".
Limitations
-----------
* Linux jails are still considered experimental.
* Linux jails cannot be created with any type of VNET options.

39
docs/chapters/targeting.rst
View File

@@ -2,21 +2,20 @@ Targeting
=========
Bastille uses a ``subcommand TARGET ARGS`` syntax, meaning that each command
requires a target. Targets are usually containers, but can also be releases.
requires a target. Targets are usually jails, but can also be releases.
Targeting a container is done by providing the exact jail name, the JID of the
jail, a tag, or by typing the starting few characters of a jail. If more than one
matching jail is found, you will see an error saying so.
Targeting a jail is done by providing the exact jail name, the JID of the
jail, a tag, or by typing the starting few characters of a jail.
If you use a tag as the TARGET, Bastille will target any and all jail(s) that have
the tag assigned. If you have a jail with the same name as the tag you are trying to
If you use a tag as the TARGET, Bastille will target any and all jails that have
that tag assigned. If you have a jail with the same name as the tag you are trying to
target, Bastille will target the jail, and not the tag.
Targeting a release is done by providing the exact release name. (Note: do not
include the ``-pX`` point-release version.)
Bastille includes a pre-defined keyword [ALL|all] to target all running
containers. It is also possible to target multiple jails by grouping them in
Bastille includes a pre-defined keyword of [ALL|all] to target all running
jails. It is also possible to target multiple jails by grouping them in
quotes, as seen below.
.. code-block:: shell
@@ -27,7 +26,7 @@ Priority
--------
The priority value determines in what order commands are executed if multiple
jails are targetted, including the ALL target.
jails are targetted, including the [ALL|all] target.
It also controls in what order jails are started and stopped on system startup
and shutdown. This requires Bastille to be enabled with ``sysrc bastille_enable=YES``.
@@ -43,8 +42,8 @@ This value can be changed using ``bastille config TARGET set priority VALUE``.
This value will be shown using ``bastille list all``.
Examples: Containers
--------------------
Examples: Jails
---------------
.. code-block:: shell
@@ -53,25 +52,25 @@ Examples: Containers
+-----------+--------+------------------+-------------------------------------------------------------+
| command | target | args | description |
+===========+========+==================+=============================================================+
| cmd | ALL | 'sockstat -4' | execute `sockstat -4` in ALL containers (ip4 sockets) |
| cmd | ALL | 'sockstat -4' | execute `sockstat -4` in ALL jails (ip4 sockets) |
+-----------+--------+-----+------------+-------------------------------------------------------------+
| console | mariadb02 | --- | console (shell) access to mariadb02 |
+----+------+--------+-----+------------+-------------------------------------------------------------+
| pkg | web01 | 'install nginx' | install nginx package in web01 container |
| pkg | web01 | 'install nginx' | install nginx package in web01 jail |
+-----------+--------+------------------+-------------------------------------------------------------+
| pkg | ALL | upgrade | upgrade packages in ALL containers |
| pkg | ALL | upgrade | upgrade packages in ALL jails |
+-----------+--------+------------------+-------------------------------------------------------------+
| pkg | ALL | audit | (CVE) audit packages in ALL containers |
| pkg | ALL | audit | (CVE) audit packages in ALL jails |
+-----------+--------+------------------+-------------------------------------------------------------+
| sysrc | web01 | nginx_enable=YES | execute `sysrc nginx_enable=YES` in web01 container |
| sysrc | web01 | nginx_enable=YES | execute `sysrc nginx_enable=YES` in web01 jail |
+-----------+--------+------------------+-------------------------------------------------------------+
| template | ALL | username/base | apply `username/base` template to ALL containers |
| template | ALL | username/base | apply `username/base` template to ALL jails |
+-----------+--------+------------------+-------------------------------------------------------------+
| start | web02 | --- | start web02 container |
| start | web02 | --- | start web02 jail |
+----+------+----+---+------------------+--------------+----------------------------------------------+
| cp | bastion03 | /tmp/resolv.conf-cf etc/resolv.conf | copy host-path to container-path in bastion03|
| cp | bastion03 | /tmp/resolv.conf-cf etc/resolv.conf | copy host-path to jail-path in bastion03 |
+----+------+----+---+---------------------------------+----------------------------------------------+
| create | folsom | 13.2-RELEASE 10.17.89.10 | create 13.2 container named `folsom` with IP |
| create | folsom | 13.2-RELEASE 10.17.89.10 | create 13.2 jail named `folsom` with IP |
+-----------+--------+---------------------------------+----------------------------------------------+

25
docs/index.rst
View File

@@ -11,23 +11,24 @@ https://docs.bastillebsd.org.
:maxdepth: 2
:caption: Contents:
chapters/installation
chapters/gettingstarted
chapters/configuration
chapters/targeting
chapters/jail-startup-configuration
chapters/networking
chapters/usage
chapters/comparing
chapters/upgrading
chapters/centralized-assets
chapters/subcommands/index
chapters/template
chapters/installation
chapters/getting-started
chapters/configuration
chapters/jail-config
chapters/zfs-support
chapters/jail-startup-configuration
chapters/targeting
chapters/subcommands/index
chapters/usage
chapters/networking
chapters/gcp
chapters/upgrading
chapters/migration
chapters/centralized-assets
chapters/template
chapters/linux-jails
chapters/pkgbase
chapters/zfs-support
copyright