blob: 24c1da5fbae40320604a4b6b692d85964051b461 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
#!/bin/sh
: ${hypervisor_trunk_interface:='lagg0'}
: ${hypervisor_default_vlan:='1'}
: ${hypervisor_default_prefix:='24'}
: ${hypervisor_default_os_quota:='24G'}
: ${hypervisor_default_data_quota:='8G'}
: ${hypervisor_vm_home:='/usr/local/bhyve'}
: ${hypervisor_vm_dataset:='tank/bhyve'}
: ${hypervisor_vm_default_cpus:='2'}
: ${hypervisor_vm_default_mem:='4G'}
: ${hypervisor_vm_template_size:='10G'}
: ${hypervisor_vm_default_autostart_delay:='2'}
: ${hypervisor_vm_default_zfs_opts:='-o primarycache=metadata -o compress=off'}
: ${hypervisor_vm_zfs_volblocksize:='64k'}
: ${hypervisor_jail_home:='/usr/local/jails'}
: ${hypervisor_jail_dataset:='tank/jails'}
: ${hypervisor_jail_default_zfs_opts:='-o compress=lz4'}
hypervisor_jail_bpf_ruleset=1000
# Required for vnet jails.
set_sysctl net.link.tap.up_on_open=1
# Required to for kerberized NFS within jails.
sysrc -v kld_list+='kgssapi kgssapi_krb5'
# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262189
set_sysctl vfs.zfs.vol.mode=2
# Load required kernel modules.
load_kernel_module vmm nmdm linux linux64
set_loader_conf \
vmm_load=YES \
nmdm_load=YES \
linux_load=YES \
linux64_load=YES \
kern.racct.enable=1
# Install vm/jail management dependencies.
pkg install -y \
bhyve-firmware \
cdrkit-genisoimage \
qemu-tools
# Create bhyve VM dataset.
create_dataset -o "mountpoint=${hypervisor_vm_home}" "$hypervisor_vm_dataset"
# Create dataset for bhyve templates.
create_dataset -o volmode=none -o mountpoint=none "${hypervisor_vm_dataset}/templates"
# Create jails dataset.
create_dataset -o mountpoint="${hypervisor_jail_home}" "$hypervisor_jail_dataset"
# Create dataset for jail templates.
create_dataset -o mountpoint="${hypervisor_jail_home}/templates" "${hypervisor_jail_dataset}/templates"
# Lock down permissions on the VM and jail directories.
chmod 700 "$hypervisor_vm_home" "$hypervisor_jail_home"
# Create directory for VM ISO files.
install_directory -m 0755 "${hypervisor_vm_home}/isos"
# Copy jail/bhyve management scripts.
install_directory -m 0755 /usr/local/etc/rc.d
install_file -m 0555 \
/usr/local/sbin/jailctl \
/usr/local/sbin/vmctl \
/usr/local/etc/rc.d/vmctl
install_template -m 0644 \
/usr/local/etc/jailctl.conf \
/usr/local/etc/vmctl.conf
install_template -m 0644 /etc/devfs.rules
# Enable jails/bhyve to start on boot.
sysrc -v \
vmctl_enable=YES \
jail_enable=YES
|