Skip to content

Quarantine 2020

Pre-release
Pre-release
Compare
Choose a tag to compare
@cedwards cedwards released this 13 Apr 01:52
· 972 commits to master since this release
a95040a

This release is dedicated to everyone around the world quarantined by the COVID-19 pandemic.

"We really need to apologize to 2019 for the things we said about it." -- Everyone in 2020

Release highlights:

New features:

  • VNET
  • IPv6
  • bastille edit TARGET
  • bastille rename TARGET new-name
  • bastille import (iocage|ezjail)
  • bastille clone TARGET

Improvements:

  • HardenedBSD bootstrap improvements
  • bastille import ARCHIVE
  • man page expanded

VNET

Bastille now supports VNET containers in both static and DHCP configurations. VNET is achieved by connecting the host's external interface and container virtual interface(s) to a virtual switch (bridge). When creating a VNET container the interface argument refers to the host interface to be added to the virtual switch along with the container's interface.

bastille create -V folsom 12.1-RELEASE 10.17.89.13/24 em0

In the above example the "folsom" container will use 12.1-RELEASE and assign 10.17.89.13/24 as a static assignment to the container's vnet0 interface. The other end of the container's epair interface will be added to an "em0bridge" interface along with em0.

To configure the container to use DHCP instead of a static assignment use the address 0.0.0.0. When this is used Bastille will trigger DHCP active for that container's interface.

Using the new -V option is supported alongside the existing -T (thick).

bastille create -T -V folsom 12.1-RELEASE 10.17.89.13/24 em0

The create sub-command now supports: [-V|-T|--vnet|--thick|vnet|thick].

VNET requires the addition (or creation) of /etc/devfs.rules (NOT .conf!). Use the following example ruleset if you require VNET.

[bastille_vnet=13]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add include $devfsrules_jail
add path 'bpf*' unhide

IPv6

Bastille now supports IPV6 addresses in addition to IPv4. An IPV6 container is created using the same syntax but using an IPV6 address instead.

bastille create folsom 12.1-RELEASE fd29:e90c:3a81:9a9a::13

bastille edit

This release introduces a new edit sub-command allowing you to manually edit container configuration files. This feature is suggested for intermediate to advanced users. It is fully possible to break your containers if you're unfamiliar with these configurations.

By default the edit sub-command requires a target container and will open the jail.conf using vi. If you'd prefer to use a different editor simply set a variable EDITOR=foo (ie; vim, etc). Lastly, optional arguments include additional container configuration files such as fstab, rctl.conf.

export EDITOR=vim (define in .bashrc or equivalent to persist)
bastille edit TARGET (jail.conf by default)
bastille edit TARGET fstab
bastille edit TARGET rctl.conf
bastille rename

In the first half of the 0.6 series we included the ability to import and export containers. It quickly became apparent that we should include a simple method of renaming containers.

bastille rename TARGET new-name
bastille import

Bastille now supports importing container archives exported from iocage or ezjail. These archives can be placed in the bastille/backups directory or passed as a final argument to the import command.

bastille import filename.ext
bastille import /path/to/filename.ext

The import command supports importing from other Bastille systems, iocage and/or ezjail automatically.
bastille clone

Cloning containers is now possible allowing you to build once using template automation and clone copies of the finished build.

MISC

bootstrap improvements for HardenedBSD
convert improvements
import improvements for ZFS imports
import improvements for foreign imports (eg; iocage and ezjail)