Apr 032014
 

Today I will be installing ezjail 3.3 on a FreeBSD 9.2 system. I will give an overview of the installation and go straight to the configuration of the first jail.

As I type this, I’m looking back at my old notes from 2008.

Installation

I installed ezjail with this command:

pkg install ezjail

Configuration

Enable ezjail by adding this command to /etc/rc.conf:

ezjail_enable="YES"

This system is configured with ZFS and each jail will have their own ZFS filesystem. The /usr/local/etc/ezjail.conf contains this (I have omitted the commented out directives):

# Setting this to YES will start to manage the basejail and newjail in ZFS
ezjail_use_zfs="YES"

# Setting this to YES will manage ALL new jails in their own zfs
ezjail_use_zfs_for_jails="YES"

ezjail_jailzfs="system/usr/jails"

After making those changes, I created the filesystem referenced above:

zfs create system/usr/jails

Creating the base jail

This command creates the base jail:

# ezjail-admin install -r 9.2-RELEASE
base.txz                                      100% of   64 MB  185 kBps 05m57s
lib32.txz                                     100% of   12 MB  185 kBps 01m06s
/usr/jails/basejail/bin
/usr/jails/basejail/bin/rcp
/usr/jails/basejail/bin/date
....
/usr/jails/basejail/usr/lib32/pam_securetty.so.5
/usr/jails/basejail/usr/lib32/libm.so.5
/usr/jails/basejail/usr/lib32/libkrb5.so
/usr/jails/basejail/usr/lib32/libm.a
/usr/jails/basejail/usr/lib32/libalias_smedia.so
110307 blocks
Note: a non-standard /etc/make.conf was copied to the template jail in order to get the ports collection running inside jails.

The next step is to upgrade the base jail to 9.2-RELEASE-p3.

Upgrading the base jail to the latest version

FreeBSD 9.2-RELEASE was originally installed on the host system. freebsd-update was then used to install the latest binary update of that release. Now the the host system is running FreeBSD 9.2-RELEASE-p3. The previous step installed FreeBSD 9.2-RELEASE into the basejail. This step will update that basejail to what we have in the host system. The basejail would work fine without this update, but I think it’s best to run the latest binary update.

ezjail-admin uses freebsd-update for this step, and will use the output of uname -r to determine what parameters to pass to freebsd-update:

ezjail-admin update -u 
Looking up update.FreeBSD.org mirrors... 5 mirrors found.
Fetching metadata signature for 9.2-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 3 patches.. done.
Applying patches... done.

The following files will be updated as part of updating to 9.2-RELEASE-p3:
/usr/lib/libbsnmp.a
/usr/lib/libbsnmp.so.6
/usr/lib/libbsnmp_p.a
/usr/lib32/libbsnmp.a
/usr/lib32/libbsnmp.so.6
/usr/lib32/libbsnmp_p.a
/usr/sbin/bsnmpd
/usr/sbin/freebsd-update
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/ntpd
Installing updates... done.

Creating the first jail

This command creates a jail with the given name and IP address:

ezjail-admin create mailjail.example.com  "em0|10.0.11.7"

The IP address will be dynamically added to em0 by ezjail when the jail is started, and removed when the jail stops.

Starting the jail

This command starts the jail:

$ sudo ezjail-admin start mailjail.example.com
Configuring jails:.
Starting jails: mailjail.example.com.

You can see the jail running via jls:

$ jls
   JID  IP Address      Hostname                      Path
     1  10.0.11.7       mailjail.example.com            /usr/jails/mailjail.example.com

Jail console

Now you can connect to the jail and do any post installation configuration.

$ sudo ezjail-admin console  mailjail.example.com
FreeBSD 9.2-RELEASE-p3 (GENERIC) #0: Sat Jan 11 03:25:02 UTC 2014

Welcome to FreeBSD!

Before seeking technical support, please use the following resources:

o  Security advisories and updated errata information for all releases are
   at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
   for your release first as it's updated frequently.

o  The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
   along with the mailing lists, can be searched by going to
   http://www.FreeBSD.org/search/.  If the doc package has been installed
   (or fetched via pkg_add -r lang-freebsd-doc, where lang is the
   2-letter language code, e.g. en), they are also available formatted
   in /usr/local/share/doc/freebsd.

If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list.  If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page.  If you are not familiar with manual pages, type `man man'.

Edit /etc/motd to change this login announcement.

root@mailjail:~ # 

Installation of packages within the jail

Now that you are root in the jail, you can do anything you want. I will be installing packages compiled by poudriere.

Hope this helps.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive