As a note to myself and to save the time in troubleshooting and chasing issues, few specifics to make the below services run in jail environment under FreeBSD 13.1.
First, the generic options:
# cat /etc/jail.conf
allow.raw_sockets = 1;
allow.set_hostname = 1;
allow.sysvipc = 1;
mount.devfs; # Mount devfs inside the jail
exec.start = "/bin/sh /etc/rc"; # Start command
exec.stop = "/bin/sh /etc/rc.shutdown"; # Stop command
1. PostgreSQL: few parameters need to be set in the jail.conf – sysvshm, sysvsem, sysvmsg
postgres {
host.hostname = postgres.dilyan.be; # Hostname
ip4.addr = 192.168.3.117; # IP address of the jail
path = "/zroot/jails/postgres"; # Path to the jail
sysvshm = new;
sysvsem = new;
sysvmsg = new;
}
2. MongoDB: all it needs is allow.mlock in the jail definition
mongodb {
host.hostname = mongodb.dilyan.be; # Hostname
ip4.addr = 192.168.3.118; # IP address of the jail
path = "/zroot/jails/mongodb"; # Path to the jail
allow.mlock;
}
3. Neo4j: due to the java you need to specify how to mount the local fstab
neo4j {
host.hostname = neo4j.dilyan.be; # Hostname
ip4.addr = 192.168.3.121; # IP address of the jail
path = "/zroot/jails/neo4j"; # Path to the jail
mount.fstab="/zroot/jails/neo4j/etc/fstab.neo4j"; # mount local fstab for the java
}
the content of the fstab in the jail is:
fdesc /dev/fd fdescfs rw 0 0
proc /proc procfs rw 0 0
4. Elastic Search and Kibana (ELK stack): same as for the Neo4j – you need to specify how to mount the local fstab
elk {
host.hostname = elk.dilyan.be; # Hostname
ip4.addr = 192.168.3.122; # IP address of the jail
path = "/zroot/jails/elk"; # Path to the jail
mount.fstab="/zroot/jails/elk/etc/fstab.java"; # mount local fstab for the java
}
cat /zroot/jails/elk/etc/fstab.java
fdesc /dev/fd fdescfs rw 0 0
proc /proc procfs rw 0 0
The rest of the service I ran in jails have no particularities in the defitionions – Apache, wikimedia, Django, OpenVPN