Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create: Fix VNeT template not applying when mixed with thick or thin … #843

Merged
merged 3 commits into from
Feb 21, 2025
Merged

create: Fix VNeT template not applying when mixed with thick or thin … #843

merged 3 commits into from
Feb 21, 2025

Conversation

tschettervictor
Copy link
Collaborator

@tschettervictor tschettervictor mentioned this pull request Feb 13, 2025
Closed
michael-o
michael-o suggested changes Feb 14, 2025
View reviewed changes
Copy link
Contributor

@michael-o michael-o left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, gave it a spin. While the patch is correct, it is incomplete. If you consider that VNET comes always on top of a jail type, you need to modify the vnet template and document the (breaking) change if someone like me has forked the default templates. Moreover, the question is whether VNET and Linux jail can be combined at all. Never tried.

This is missing:

Index: vnet/Bastillefile
===================================================================
--- vnet/Bastillefile   (Revision 1900)
+++ vnet/Bastillefile   (Arbeitskopie)
@@ -1,8 +1,3 @@
-ARG BASE_TEMPLATE=dw/base
-ARG HOST_RESOLV_CONF=/etc/resolv.conf
-
-INCLUDE ${BASE_TEMPLATE} --arg HOST_RESOLV_CONF="${HOST_RESOLV_CONF}"
-
 ARG EPAIR
 ARG GATEWAY
 ARG IFCONFIG="SYNCDHCP"

and cut down to:

bastille template "${NAME}" ${bastille_template_vnet} --arg EPAIR="${uniq_epair}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}"

We need a discussion here.

@bmac2

@tschettervictor
Copy link
Collaborator Author

Linux jails can't do VNET because of a check that happens on line 734-737 so no worries there for now.

I think we should have the VNET template not include the base template as you said above, and instead just add the base template command to each of THICK, THIN, CLONE and THIN template INCLUDE commands.

@tschettervictor
Copy link
Collaborator Author

@michael-o I've now changed the VNET template to not do either the RESOLVE arg or the BASE_TEMPLATE arg. These are handled by the jail types, and rightly so.

michael-o
michael-o approved these changes Feb 14, 2025
View reviewed changes
Copy link
Contributor

@michael-o michael-o left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me, but still requires some sort of changelog entry to signal the change in the default template for forks.

@michael-o
Copy link
Contributor

@tschettervictor I think we are good to merge. The release just needs to mention this change, that's it. Thanks!

@bmac2
Copy link
Collaborator

bmac2 commented Feb 21, 2025

@michael-o did you test this code on your systems?

@tschettervictor @yaazkal

@michael-o
Copy link
Contributor

@michael-o did you test this code on your systems?

@tschettervictor @yaazkal

Yes, I did. Works perfectly.

@bmac2 bmac2 merged commit ac39928 into BastilleBSD:master Feb 21, 2025
1 check passed
@tschettervictor tschettervictor deleted the fix-create-thick-vnet branch February 22, 2025 18:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michael-o michael-o michael-o approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tschettervictor @michael-o @bmac2