pkg install -y bastille<\/code><\/pre>\n\n\n\nMy host is running FreeBSD 13.1-RELEASE so I’ll use the same version for my jails, so firstly, I need to have it available:<\/p>\n\n\n\n
bastille bootstrap 13.1-RELEASE<\/code><\/pre>\n\n\n\nNow, it’s time to create the network interface bastille0<\/em> with the NAT<\/p>\n\n\n\nsysrc cloned_interfaces=\"lo1\"\nsysrc ifconfig_lo1_name=\"bastille0\"\nsysrc pf_enable=\"YES\"\nsysrc pf_rules=\"\/etc\/pf.conf\"\nsysrc bastille_enable=\"YES\"<\/code><\/pre>\n\n\n\nIf you already have an \/etc\/pf.conf<\/strong> file, you need to take the part needed for jails and nothing more
This configuration is only a minimalist one.<\/p>\n\n\n\n# external interface.\next_if=\"vtnet0\"\n\ntable <jails> persist\n\nset skip on lo\nscrub in on $ext_if all fragment reassemble\n\nnat on $ext_if from <jails> to any -> ($ext_if:0)\nrdr-anchor \"rdr\/*\"\n\npass out quick modulate state\nantispoof for $ext_if inet\nantispoof for $ext_if inet6<\/code><\/pre>\n\n\n\nIt’s time to restart pf, and start the new interface:<\/p>\n\n\n\n
service pf restart\nservice netif cloneup<\/code><\/pre>\n\n\n\nAdd swapfile (optional)<\/h3>\n\n\n\n
Swap isn’t bad because it can avoid having the OOM-killer kill the last compilation step for example.<\/p>\n\n\n\n
Let’s create an 8GB\u2026<\/p>\n\n\n\n
dd if=\/dev\/zero of=\/usr\/swap.bin bs=1M count=8192\nchmod 0600 \/usr\/swap.bin\necho \"md99 none swap sw,file=\/usr\/swap.bin,late 0 0\" >> \/etc\/fstab\nswapon -aL<\/code><\/pre>\n\n\n\nI put the option late<\/em> because the swapfile is a lower priority than other entries in fstab at boot time.<\/p>\n\n\n\n\nIf the option “late” is specified, the file system will be automatically mounted at a stage of system startup after remote mount points are mounted.<\/p>\n<\/blockquote>\n\n\n\n
Jenkins worker (agent)<\/h2>\n\n\n\n
Let’s create the jail:<\/p>\n\n\n\n
\n- name: jw-rust<\/li>\n\n\n\n
- release used: 13.1-RELEASE<\/li>\n\n\n\n
- ip address: 192.168.0.2<\/li>\n<\/ul>\n\n\n\n
bastille create jw-rust 13.1-RELEASE 192.168.0.2<\/code><\/pre>\n\n\n\nOpen a shell<\/p>\n\n\n\n
bastille cmd jenkins-worker sh<\/code><\/pre>\n\n\n\nNow, it’s time to finalize the setup<\/p>\n\n\n\n
# Switch to latest (optional)\nsed -i '' 's\/quarterly\/latest\/' \/etc\/pkg\/FreeBSD.conf\n\n# Install Java needed for the agent\npkg install -y openjdk19\n\n# Install your stack\npkg install -y rust\n\n#create jenkins user\npw user add -n jenkins -d \/home\/jenkins -m -s \/bin\/sh\n\n# get agent.jar from the server\nfetch http:\/\/MY_JENKINS_INTERNAL_NAME:8080\/jnlpJars\/agent.jar\nmv agent.jar \/usr\/local\/\n\n# create the service file\ncat > \/etc\/rc.d\/jenkins_agent << EOF\n#!\/bin\/sh\n#\n# PROVIDE: jenkins_agent\n# REQUIRE: LOGIN\n# KEYWORD: shutdown\n#\n# Note:\n# Set \"jenkins_agent_enable=yes\" in either \/etc\/rc.conf, \/etc\/rc.conf.local to make\n# this script actually do something.\n#\n\n. \/etc\/rc.subr\n\nname=\"jenkins_agent\"\nrcvar=\"${name}_enable\"\n\nstart_cmd=\"${name}_start\"\nstop_cmd=\"${name}_stop\"\n\nload_rc_config $name\n\njenkins_agent_start() {\n if [ ! -f \/var\/run\/jenkins_agent.pid ]\n then\n echo -n \"Starting jenkins agent\"\n su jenkins -c \"cd \/usr\/local && \/usr\/local\/openjdk19\/bin\/java -jar agent.jar -jnlpUrl http:\/\/JENKINS_INTERNAL_NAME:8080\/manage\/computer\/MY_WORKER_NAME\/jenkins-agent.jnlp -secret SECRET_FROM_JENKINS -workDir '\/home\/jenkins' &\"\n ps aux | grep jenkins | grep \"\\-jar agent\" | cut -d \" \" -f2 > \/var\/run\/jenkins_agent.pid\n echo \".\"\n else\n echo \"jenkins agent is already running!\"\n fi\n}\n\njenkins_agent_stop() {\n if [ ! -f \/var\/run\/jenkins_agent.pid ]\n then\n echo \"jenkins agent is not running\"\n else\n echo -n \"Stopping jenkins agent\"\n kill `cat \/var\/run\/jenkins_agent.pid`\n rm \/var\/run\/jenkins_agent.pid\n echo \".\"\n fi\n}\n\nrun_rc_command \"$1\"\nEOF\n\nchmod +x \/etc\/rc.d\/jenkins_agent\n\n# set the service to start on boot\nsysrc jenkins_agent_enable=yes\n\n# start it now\nservice jenkins_agent start<\/code><\/pre>\n\n\n\nConclusion<\/h2>\n\n\n\n
We don’t need Docker on FreeBSD and it’s easy to know why with this setup.
BastilleBSD can create jails using templates so the entire setup done manually can be fully automated which replaces Docker.<\/p>\n\n\n\n
Happy building on FreeBSD \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"
Jails are Linux containers in FreeBSD’s world. It’s time to build it. Why running it in jail? Jails are like Linux containers so we can create specific jails like this schema: The jail is like your docker base image, you install your requirements and you build. We can snapshot a jail so post creation, you […]<\/p>\n","protected":false},"author":1,"featured_media":84,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"saved_in_kubio":false,"footnotes":""},"categories":[28],"tags":[34],"_links":{"self":[{"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/posts\/276"}],"collection":[{"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/comments?post=276"}],"version-history":[{"count":1,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/posts\/276\/revisions"}],"predecessor-version":[{"id":277,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/posts\/276\/revisions\/277"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/media\/84"}],"wp:attachment":[{"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/media?parent=276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/categories?post=276"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/tags?post=276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}