Controlling Tinderbox from within a FreeBSD jail
How to control a Ports Tinderbox from within a FreeBSD jail
The problem:
By default, FreeBSD jails do not allow nullfs or NFS mounts from within the jail.
As Tinderbox requires either an NFS or nullfs mount to operate, this makes Tinderbox
operation from within a jail impossible.
The solution:
The goal here was simple: implement a way where a jail can control both the Tinderbox
web interface and the build queue without requiring chroot(8) access from the host.
The end result of the following configuration is this:
- A jail that is fully capable of creating build queue entries and new
builds1 - A jail that hosts the Tinderbox web interface
- A jail host that performs the tasks called from within the jail, for example
performing the actual builds
1 – Note that because FreeBSD jails cannot use chflags(8), you will still
need to create the Tinderbox jails from within the host.
It is assumed you have already created a FreeBSD jail for Tinderbox use.
Host configuration – install the basic Tinderbox dependencies:
- Using
make config, enable only the database client you
need - Install Tinderbox from Ports
- Create a nullfs mount from the host to the same logical
path within the jail - For example, if your host Tinderbox directory is
/usr/local/tinderbox,
the path within the jail must be the same.
Jail configuration – install the remaining Tinderbox dependencies:
- Install your favorite database server (and client)
- Install your favorite web server with PHP
- Install the PHP database connection dependencies
Getting started:
- Enable
tinderdin the host/etc/rc.conf - Install your Tinderbox jails as you normally would
- Log into the jail, install your Ports trees, and configure your builds
- At this point, you will be able to configure and control your Tinderbox build
environment from within your FreeBSD jail, including queueing from the web
interface