As I type this, I’m looking back at my old notes from 2008.
I installed ezjail with this command:
pkg install ezjail
Enable ezjail by adding this command to /etc/rc.conf:
This system is configured with ZFS and each jail will have their own ZFS filesystem. The /usr/local/etc/ezjail.conf contains this (I have omitted the commented out directives):
# Setting this to YES will start to manage the basejail and newjail in ZFS ezjail_use_zfs="YES" # Setting this to YES will manage ALL new jails in their own zfs ezjail_use_zfs_for_jails="YES" ezjail_jailzfs="system/usr/jails"
After making those changes, I created the filesystem referenced above:
zfs create system/usr/jails
Creating the base jail
This command creates the base jail:
# ezjail-admin install -r 9.2-RELEASE base.txz 100% of 64 MB 185 kBps 05m57s lib32.txz 100% of 12 MB 185 kBps 01m06s /usr/jails/basejail/bin /usr/jails/basejail/bin/rcp /usr/jails/basejail/bin/date .... /usr/jails/basejail/usr/lib32/pam_securetty.so.5 /usr/jails/basejail/usr/lib32/libm.so.5 /usr/jails/basejail/usr/lib32/libkrb5.so /usr/jails/basejail/usr/lib32/libm.a /usr/jails/basejail/usr/lib32/libalias_smedia.so 110307 blocks Note: a non-standard /etc/make.conf was copied to the template jail in order to get the ports collection running inside jails.
The next step is to upgrade the base jail to 9.2-RELEASE-p3.
Upgrading the base jail to the latest version
FreeBSD 9.2-RELEASE was originally installed on the host system. freebsd-update was then used to install the latest binary update of that release. Now the the host system is running FreeBSD 9.2-RELEASE-p3. The previous step installed FreeBSD 9.2-RELEASE into the basejail. This step will update that basejail to what we have in the host system. The basejail would work fine without this update, but I think it’s best to run the latest binary update.
ezjail-admin uses freebsd-update for this step, and will use the output of uname -r to determine what parameters to pass to freebsd-update:
ezjail-admin update -u Looking up update.FreeBSD.org mirrors... 5 mirrors found. Fetching metadata signature for 9.2-RELEASE from update4.freebsd.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. Fetching 3 patches.. done. Applying patches... done. The following files will be updated as part of updating to 9.2-RELEASE-p3: /usr/lib/libbsnmp.a /usr/lib/libbsnmp.so.6 /usr/lib/libbsnmp_p.a /usr/lib32/libbsnmp.a /usr/lib32/libbsnmp.so.6 /usr/lib32/libbsnmp_p.a /usr/sbin/bsnmpd /usr/sbin/freebsd-update /usr/sbin/lwresd /usr/sbin/named /usr/sbin/ntpd Installing updates... done.
Creating the first jail
This command creates a jail with the given name and IP address:
ezjail-admin create mailjail.example.com "em0|10.0.11.7"
The IP address will be dynamically added to em0 by ezjail when the jail is started, and removed when the jail stops.
Starting the jail
This command starts the jail:
$ sudo ezjail-admin start mailjail.example.com Configuring jails:. Starting jails: mailjail.example.com.
You can see the jail running via jls:
$ jls JID IP Address Hostname Path 1 10.0.11.7 mailjail.example.com /usr/jails/mailjail.example.com
Now you can connect to the jail and do any post installation configuration.
$ sudo ezjail-admin console mailjail.example.com FreeBSD 9.2-RELEASE-p3 (GENERIC) #0: Sat Jan 11 03:25:02 UTC 2014 Welcome to FreeBSD! Before seeking technical support, please use the following resources: o Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently. o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search/. If the doc package has been installed (or fetched via pkg_add -r lang-freebsd-doc, where lang is the 2-letter language code, e.g. en), they are also available formatted in /usr/local/share/doc/freebsd. If you still have a question or problem, please take the output of `uname -a', along with any relevant error messages, and email it as a question to the questions@FreeBSD.org mailing list. If you are unfamiliar with FreeBSD's directory layout, please refer to the hier(7) manual page. If you are not familiar with manual pages, type `man man'. Edit /etc/motd to change this login announcement. root@mailjail:~ #
Installation of packages within the jail
Now that you are root in the jail, you can do anything you want. I will be installing packages compiled by poudriere.
Hope this helps.