New Year 2021
Pre-release
Bastille 0.8.20210101
I figured we should start out 2021 with a brand new Bastille release. Happy New Year!
This release increments the version number from 0.7.x to 0.8.x
Note: there is also a change to the bastille.conf in this release.
Bastille 0.8.20210101 brings a number of improvements, bug-fixes and new features. Details are included below.
Features
Default Templates
Bastille templates are now fully native. This means all new containers will automatically have one of the default templates applied when created. Default templates include: base, empty, thick, thin, and vnet.
bastille.conf changes
## Default Templates
bastille_template_base="default/base" ## default: "default/base"
bastille_template_empty="default/empty" ## default: "default/empty"
bastille_template_thick="default/thick" ## default: "default/thick"
bastille_template_thin="default/thin" ## default: "default/thin"
bastille_template_vnet="default/vnet" ## default: "default/vnet"
Development RELEASE
Bastille now supports bootstrapping 13-CURRENT releases for testing and development. Note: container version(s) must be <= host version. ie; only bootstrap 13-CURRENT containers on 13-CURRENT hosts.
32bit containers on 64bit hosts
Bastille supports bootstrapping and running 32bit (i386) containers on 64bit (amd64) hosts. Use the --32bit|--i386 option when bootstrapping the release.
bastille bootstrap 12.2-RELEASE --32bit
Template ARGS
Bastille templates now support dynamic definition of variables. By default $JAIL_NAME and $JAIL_IP are defined.
Bastillefile
# With a default:
ARG user=root
# Without a default:
ARG domain
# Then used in subsequent values:
CMD echo "${username}@${domain}"
Values can also be applied dynamically at the time of applying the template:
bastille template webjail bastillebsd-templates/nginx --arg username=admin --arg domain=example.com
bastille config
Bastille now supports the config sub-command that allows you to get or set values in the jail.conf. This is a welcome addition for Postgres users that need sysvmsg=new. This can now be done dynamically.
Examples
bastille config TARGET set sysvmsg new
bastille config ALL get securelevel
bastille config TARGET set interface lagg0
Note: this can be used inside a Bastillefile to dynamically configure your containers.
Bastillefile
CONFIG set sysvmsg new
RESTART
PKG postgres...
SYSRC ...
bastille template --convert
With this release we are deprecating the previous hook syntax in favor of the Bastillefile format. For this reason we have included a simple conversion tool that will generate a Bastillefile within an existing template directory based on the legacy hook files.
bastille template --convert template/foo
Bug-fixes
- bugfix for rctl limits (#289)
- log rctl events to /var/log/messages (#292 )
-
bastille configsub-command for get/set jail.conf values (#283) - respect exec.fib in
bastille consolecommand (#290 ) - convert old-style templates to Bastillefile format (#285)
- default template VARS include ${JAIL_NAME} and ${JAIL_IP} #287)
- new render sub-command to find replace Bastille-declared VARS in templates (#255)
- support 32-bit bootstrap on 64-bit host (#229)
- detect and report on actions requiring the container to be running (#251)
- bugfix in Makefile installation (#256)
- bugfix in overlay hook in Bastillefile (#231)
- Bastillefile improvements; mount|fstab, copy|cp (#242), (#249)
- template verify now supports Bastillefile (#236 )
- support for -CURRENT bootstrap (on -CURRENT host) (#248 )
- rdr rules now persistent between restarts (#268)
- fix limits sub-command argument check (#232)
- template failures now report failing component (#243)
- fix for bootstrap + update regression (#246)
- create and leverage global error functions (#250)
- improvement to upgrade thick jails (#273)
- template error reporting improvements (#243)
- pf documentation now supports multi-IP hosts properly (#258)