Controlling Tinderbox from within a FreeBSD jail


How to control a Ports Tinderbox from within a FreeBSD jail
The problem:
By default, FreeBSD jails do not allow nullfs or NFS mounts from within the jail.
As Tinderbox requires either an NFS or nullfs mount to operate, this makes Tinderbox
operation from within a jail impossible.
The solution:
The goal here was simple: implement a way where a jail can control both the Tinderbox
web interface and the build queue without requiring chroot(8) access from the host.

The end result of the following configuration is this:

  • A jail that is fully capable of creating build queue entries and new
    builds1
  • A jail that hosts the Tinderbox web interface
  • A jail host that performs the tasks called from within the jail, for example
    performing the actual builds

1 – Note that because FreeBSD jails cannot use chflags(8), you will still
need to create the Tinderbox jails from within the host.

It is assumed you have already created a FreeBSD jail for Tinderbox use.

Host configuration – install the basic Tinderbox dependencies:

  • Using make config, enable only the database client you
    need
  • Install Tinderbox from Ports
  • Create a nullfs mount from the host to the same logical
    path within the jail
  • For example, if your host Tinderbox directory is /usr/local/tinderbox,
    the path within the jail must be the same.

Jail configuration – install the remaining Tinderbox dependencies:

  • Install your favorite database server (and client)
  • Install your favorite web server with PHP
  • Install the PHP database connection dependencies

Getting started:

  • Enable tinderd in the host /etc/rc.conf
  • Install your Tinderbox jails as you normally would
  • Log into the jail, install your Ports trees, and configure your builds
  • At this point, you will be able to configure and control your Tinderbox build
    environment from within your FreeBSD jail, including queueing from the web
    interface