Freebsd vimage: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „Kategorie:Infrastruktur == VIMAGE == Netzwerk Stack Virtualisierung unter FreeBSD == Hardware Info == Virtualisiert durch intern:Freebert == Softwar…“) |
(kein Unterschied)
|
Version vom 18. Mai 2014, 18:23 Uhr
VIMAGE
Netzwerk Stack Virtualisierung unter FreeBSD
Hardware Info
Virtualisiert durch intern:Freebert
Software Info
- Kernel mit VIMAGE Support
Verwendungszweck
- eigener Network Stack für Jails
Beispiel
VIMAGE Einrichtung
cd /usr/ports/devel/subversion/ && make install clean
zfs create -o checksum=sha256 -o compression=lz4 -o mountpoint=/usr/src zroot/usr/src
zfs create -o checksum=sha256 -o compression=lz4 -o mountpoint=/usr/obj zroot/usr/obj
cd /usr
chflags -R noschg /usr/obj/*
rm -rfv /usr/obj/*
rm -rfv /usr/src/*
rm -rfv /usr/src/.svn
cd /usr/src
svn checkout https://svn0.eu.FreeBSD.org/base/releng/10.0 /usr/src
svn up /usr/src
cd /usr/src/sys/amd64/conf
mkdir /root/kernels
cp GENERIC /root/kernels/VIMAGE
ln -s /root/kernels/VIMAGE
vi /root/kernels/VIMAGE
### ### ### VIMAGE ### ### ###
#
cpu HAMMER
ident VIMAGE
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
makeoptions WITH_CTF=1 # Run ctfconvert(1) for DTrace support
### < --- --- --- >
###BUG###device pf
###BUG###device pflog
###BUG###device pfsync
###BUG###device carp
device lagg
device enc
device gre
options XBONEHACK
options TCP_SIGNATURE # include support for RFC 2385
options VIMAGE # Network Stack Virtualization
options NULLFS # NULL filesystem
### VIMAGE - if_bridge/epair virtualization // ###
device if_bridge
device epair
### // VIMAGE - if_bridge/epair virtualization ###
### VIMAGE - netgraph virtualization // ###
options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_BRIDGE
options NETGRAPH_EIFACE
options NETGRAPH_SOCKET
### // VIMAGE - netgraph virtualization ###
options ROUTETABLES=16 # max 16 FIB (Forward Information Base/multiple routing tables) support
device tap # virtual link layer 2 device
options ALTQ
options KTR_ALQ
options ALTQ_CBQ # Class Based Queueing
options ALTQ_RED # Random Early Detection
options ALTQ_RIO # RED In/Out
options ALTQ_HFSC # Hierarchical Packet Scheduler
options ALTQ_CDNR # Traffic conditioner
options ALTQ_PRIQ # Priority Queueing
options ALTQ_NOPCC # Required if the TSC is unusable
options VFS_AIO
### options TCP_OFFLOAD # TCP offload
options RACCT
options RCTL
device crypto # core crypto support
device cryptodev # /dev/crypto for access to h/w
device rndtest # FIPS 140-2 entropy tester
device hifn # Hifn 7951, 7781, etc.
options HIFN_DEBUG # enable debugging support: hw.hifn.debug
options HIFN_RNDTEST # enable rndtest support
device ubsec # Broadcom 5501, 5601, 58xx
options UBSEC_DEBUG # enable debugging support: hw.ubsec.debug
options UBSEC_RNDTEST # enable rndtest support
options IPSEC # IP security (requires device crypto)
options IPSEC_NAT_T # NAT-T support, UDP encap of ESP
options FDESCFS # File descriptor filesystem
#
### ### ### VIMAGE ### ### ###
cd /usr/src
time make buildkernel KERNCONF=VIMAGE
time make installkernel KERNCONF=VIMAGE
reboot
vi /etc/rc.conf
### VIMAGE // ###
cloned_interfaces="bridge0"
ifconfig_bridge0_name="vswitch0"
ifconfig_vswitch0="addm bge0"
### // VIMAGE ###
### EZJAIL // ###
ezjail_enable="YES"
jail_parameters="vnet=new"
### // EZJAIL ###
vi /etc/sysctl.conf
### EZJAIL // ###
security.jail.allow_raw_sockets=1
security.jail.param.allow.raw_sockets=1
#
net.add_addr_allfibs=4
### // EZJAIL ###
cd /usr/ports/sysutils/ezjail/ && make install clean
vi /usr/local/etc/ezjail.conf
### ### ### EZJAIL ### ### ###
# ezjail_sourcetree=/usr/src
ezjail_use_zfs="YES"
ezjail_use_zfs_for_jails="YES"
ezjail_jailzfs="zroot/ezjail"
ezjail_zfs_properties="-o checksum=fletcher4 -o compression=lz4 -o atime=off"
### ### ### EZJAIL ### ### ###
# EOF
ezjail-admin install
ezjail-admin update -P
ezjail-admin create test01 0.0.0.0
vi /usr/local/etc/ezjail/test01
export jail_test01_exec_stop="/bin/sh /etc/rc.shutdown"
export jail_test01_parameters="allow.raw_sockets=1 allow.sysvipc=1"
#export jail_test01_ip="0.0.0.0"
export jail_test01_exec_prestart0="ifconfig epair1 create up"
export jail_test01_exec_prestart1="ifconfig vswitch0 addm epair1a"
export jail_test01_exec_poststart0="ifconfig epair1b vnet test01"
export jail_test01_exec_poststart1="jexec test01 /sbin/ifconfig epair1b 192.168.0.101/24"
export jail_test01_exec_poststart2="jexec test01 /sbin/route add default 192.168.0.1"
export jail_test01_exec_poststop0="ifconfig epair1a destroy"
vi /usr/local/etc/ezjail/test01
export jail_test01_devfs_ruleset="20"
vi /etc/devfs.rules
### Jail - VIMAGE - // ###
[devfsrules_jail_vimage=20]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path mem unhide
add path kmem unhide
add path 'bpf*' unhide
add path 'tun*' unhide
### // Jail - VIMAGE - ###
vi /usr/local/etc/ezjail/test01
### OpenVPN // ###
export jail_test01_exec_prestart2="ifconfig tun0 create up"
export jail_test01_exec_poststart3="ifconfig tun0 vnet test01"
export jail_test01_exec_poststop1="ifconfig tun0 destroy"
### // OpenVPN ###
vi /usr/local/etc/ezjail/test01
export jail_test01_local_exec_poststart4="jexec test01_local /sbin/ifconfig epair1b inet6 ffff:ffff:ffff:ffff::ffff prefixlen 64"
export jail_test01_local_exec_poststart5="jexec test01_local /sbin/route add -inet6 default fe80::ffff:ffff:ffff:1dac%epair1b"
vi /etc/sysctl.conf
### VIMAGE // ###
net.link.tap.user_open=1
### // VIMAGE ###
vi /etc/devfs.rules
add path 'tap*' mode 0660 group operator
vi /etc/rc.conf
cloned_interfaces="bridge0 lagg0 tap0"
ifconfig_tap0="up"
ifconfig_vswitch0="addm lagg0 addm tap0"
VBoxManage modifyvm yourmachine --bridgeadapter1 tap0Log
- 18.05.2014 freebert_vimage_picture