Binding to other interfaces than lo1. #7
Comments
|
I've tried: [ez-instance:test] but it doesn't appear that that's being passed through to ezjail. |
|
hey, there. your usecase is definitely valid (i use it myself on several hosts - alas not (yet) with bsdploy) and in principal there is no reason why ploy_ezjail shouldn't support this. i'm just wondering, why wouldn't you simple assign the public ip directly to the jail? i haven't tried it yet but right now i cannot see why it shouldn't work. |
|
In my case, it's a bit more complicated than that. I have a private customer facing network, which needs DHCP/TFTP and some other thing. I also have a private internal management network (log stash, monitoring, etc). Actually I have jails that want to be on both networks. (And, the host jail box is on a public management network too!). Ploy appears to be good out of the box for applications that want to appear to be on a single public IP address, and have components implemented on jails. In my situation I want to manage externally facing services (without NAT or punching holes in firewalls), to provide network management capabilities. I'd like to help extend bsdploy in the direction of making the network configuration as flexible as it can be, so that more applications are possible. |
|
sounds good. @fschulze and i will talk this over ASAP with ezjail's author (he shares an office with me, so i'll just grab him at the next opportunity). the first step would be to make sure that ploy_ezjail isn't masking/blocking any features of ezjail. |
|
Excellent. My python is weak, but my networking foo fbsd foo are pucka. |
|
with me it's just the other way around :-D |
|
Perfect then! :) |
|
Hey, any feedback on this? |
|
No time yet, possibly this or next weekend on my side. |
|
Hi there, did you get any thoughts on the best way to do this? |
|
Hi, any thoughts on this yet? I'm also curious about providing IPv6 networking to Jails as well. |
|
hi @geoffgarside neither @fschulze nor myself use IPv6 for our jails yet (i know, it's almost 2016...) but keep in mind that bsdploy really just creates the have you tried simply assigning a v6 IP in ploy conf? (and configuring the appropriate device beforehand in a custom role). this should just work™ or perhaps i'm misreading your intention and you've already got this to work in your custom roles and simply would like bsdploy to support this OOTB? |
|
@Tomser, did anything come of your discussions with your colleague? |
|
@tomster I haven't actually tried yet, I'm still working on things with virtual box at the moment, but I will be using bsdploy on a server later which I'd like to have IPv6 available on. I'm not sure if I would be able to add multiple IPs, IPv4 & IPv6 in etc/ploy.conf and then how those would be applied to the jails. I shall give it a go once I've actually got something in an IPv6 network to try with. |
|
This should work with the upcoming 1.5.0 release. |
|
Good stuff. In the interim we're now using iocage with vimage and have rolled our own ansible to drive the bridge configuration of the host and the ip addresses in the cages. |
Sorry, this isn't really an issue, so much as a question.
I get that it's useful to container-ize using a loopback interface (lo1), so as to hide jails from the outside world, and use PF to open up network access to specific services from the host.
However, it is also just as useful to bridge jails onto host networks, so as to export jails in lieu of additional hardware.
I didn't see an option to allow a jail to be created with IP addresses other than on the lo1 loopback interface.
Did I miss something?
i.e. how do I create a jail that has a public IP address and is bridged with the host's em0, for example?
The text was updated successfully, but these errors were encountered: