From 991bc78d94dd8d3148f71571bc49c354456dc86b Mon Sep 17 00:00:00 2001 From: tschettervictor Date: Fri, 2 May 2025 12:25:17 -0600 Subject: [PATCH] docs: Add depend and netgraph --- docs/chapters/networking.rst | 14 ++++++++++++++ docs/chapters/startup-configuration.rst | 24 ++++++++++++++++++++++-- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/docs/chapters/networking.rst b/docs/chapters/networking.rst index 6bffb22d..cbf93b61 100644 --- a/docs/chapters/networking.rst +++ b/docs/chapters/networking.rst @@ -366,6 +366,20 @@ So if you only have a single IP address and if you want to create multiple containers and assign them all unique IP addresses, you'll need to create a new network. +Netgraph +-------- + +Bastille supports netgraph as an VNET management tool, thanks to the `jng` script. +To enable netgraph, run `bastille setup netgraph`. This will load and persist the +required kernel modules. Once netgraph is configured, any VNET jails +you create will be managed with netgraph. + +Note that you should only enable netgraph on a new system. Bastille is set up to use either +`netgraph` or `if_bridge` as the VNET management, and uses `if_bridge` as the default, as it +always has. The `netgraph` option is new, and should only be used with new systems. + +This value is set with the `bastille_network_vnet_type` option inside the config file. + loopback (bastille0) ^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/chapters/startup-configuration.rst b/docs/chapters/startup-configuration.rst index b6acbd55..b0d46279 100644 --- a/docs/chapters/startup-configuration.rst +++ b/docs/chapters/startup-configuration.rst @@ -1,5 +1,5 @@ -Startup Configuration -===================== +Jail Startup Configuration +========================== Bastille can start jails on system startup, and stop them on system shutdown. To enable this functionality, we must first enable Bastille as a service using ``sysrc bastille_enable=YES``. Once you reboot your host, all jails @@ -33,6 +33,26 @@ This value can be changed using ``bastille config TARGET set boot [on|off]``. This value will be shown using ``bastille list all``. +Depend +------ + +Bastille supports configuring jails to depend on each other when started and stopped. If jail1 "depends" on jail2, then +jail2 will be started if it is not running when `bastille start jail1` is called. Any jail that jail1 "depends" on will +first be verified running before jail1 is started. + +For example, I have 3 jails called nginx, mariadb and nextcloud. I want to ensure that nginx and mariadb are running before +nextcloud is started. + +First we add both jails to nextcloud's depend property with `bastille config nextcloud set depend "mariadb nginx"`. +Then when we start nextcloud with `bastille start nextcloud` it will verify that nginx and mariadb are running before +starting nextcloud. + +When stopping a jail, any jail that "depends" on it will first be stopped. For example, if we run `bastille stop nginx`, then +nextcloud will first be stopped because it "depends" on nginx. + +If we do a `bastille restart nginx`, then nextcloud will be stopped, because it "depends" on nginx, but nextcloud will not +be started again. + Startup Delay -------------