sleepy.wtf

User Tools

Site Tools

Trace:
freebsd:jails

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
freebsd:jails [2020/09/27 01:53] – created sleepyfreebsd:jails [2025/07/07 23:10] (current) – external edit 127.0.0.1
Line 9: Line 9:
 <code bash /etc/jail.conf> <code bash /etc/jail.conf>
 $j="/jails"; $j="/jails";
-$path="$j/$name";+path="$j/$name";
 host.hostname="$name.domain.com"; host.hostname="$name.domain.com";
  
Line 17: Line 17:
 exec.stop="sh /etc/rc.shutdown"; exec.stop="sh /etc/rc.shutdown";
  
-examplehost +#BASE 
- ip4.addr="10.0.0.70"; +# ip4.addr="10.0.0.70"; 
-}</code>+#       path="/jails/BASE" 
 +#}</code>
 ---- ----
 +
 +
 +
 ====== Create zfs jail base ====== ====== Create zfs jail base ======
 +===== Create from source =====
 <code bash> <code bash>
-zfs create -o quota=30G zroot/jails/BASE_12.2-STABLE+zfs create -o quota=30G zroot/jails/BASE
 cd /usr/src cd /usr/src
-make installworld DESTDIR=/jails/BASE_12.2-STABLE +make installworld DESTDIR=/jails/BASE 
-make distribution DESTDIR=/jails/BASE_12.2-STABLE+make distribution DESTDIR=/jails/BASE
 </code> </code>
 +
 +===== Create from release tarball =====
 +  * grab the **base** and **lib32** tarballs for your FreeBSD version <code bash>fetch https://download.freebsd.org/ftp/snapshots/amd64/12.2-PRERELEASE/base.txz
 +fetch https://download.freebsd.org/ftp/snapshots/amd64/12.2-PRERELEASE/lib32.txz</code>
 +  * extract snapshot tarballs to jail path <code bash>tar -xf base.txz -C /jails/BASE
 +tar -xf lib32.txz -C /jails/BASE</code> 
 +
 ---- ----
-===== Configure zfs jail base =====+ 
 +====== Configure zfs jail base ======
 <code bash> <code bash>
-touch /jails/BASE_12.2-STABLE/etc/fstab +touch /jails/BASE/etc/fstab /jails/BASE/etc/rc.conf 
-cp /etc/localtime /jails/BASE_12.2-STABLE/etc/ +mkdir -p /jails/BASE/usr/local/etc/pkg/repos 
-cp /etc/resolv.conf /jails/BASE_12.2-STABLE/etc/ +cp /usr/local/etc/pkg/repos/FreeBSD.conf /jails/BASE/usr/local/etc/pkg/repos 
-echo "sendmail_enable="NO">> /jails/BASE_12.2-STABLE/etc/rc.conf +cp /etc/localtime /jails/BASE/etc/ 
-echo "ntpd_enable="NO">> /jails/BASE_12.2-STABLE/etc/rc.conf +cp /etc/resolv.conf /jails/BASE/etc/ 
-echo "sshd_enable="YES">> /jails/BASE_12.2-STABLE/etc/rc.conf+echo 'sendmail_enable="NO">> /jails/BASE/etc/rc.conf 
 +echo 'ntpd_enable="NO">> /jails/BASE/etc/rc.conf 
 +echo 'sshd_enable="YES">> /jails/BASE/etc/rc.conf
 </code> </code>
-  * jails don't use fstab, but some programs need it <code bash>touch /jails/BASE_12.2-STABLE/etc/fstab</code> +  * jails don't use fstab, but some programs need it <code bash>touch /jails/BASE/etc/fstab</code> 
-  * jails will probably be in same timezone as host <code bash>cp /etc/localtime /jails/BASE_12.2-STABLE/etc/</code> +  * jails will probably be in same timezone as host <code bash>cp /etc/localtime /jails/BASE/etc/</code> 
-  * don't need to configure dns servers <code bash>cp /etc/resolv.conf /jails/BASE_12.2-STABLE/etc/</code> +  * don't need to configure dns servers <code bash>cp /etc/resolv.conf /jails/BASE/etc/</code> 
-  * don't need sendmail <code bash>echo "sendmail_enable="NO"" >> /jails/BASE_12.2-STABLE/etc/rc.conf</code> +  * don't need sendmail <code bash>echo "sendmail_enable="NO"" >> /jails/BASE/etc/rc.conf</code> 
-  * no need to run ntpd since jail cannot change time <code bash>echo "ntpd_enable="NO"" >> /jails/BASE_12.2-STABLE/etc/rc.conf</code> +  * no need to run ntpd since jail cannot change time <code bash>echo "ntpd_enable="NO"" >> /jails/BASE/etc/rc.conf</code> 
-  * enable sshd <code bash>echo "sshd_enable="YES"" >> /jails/BASE_12.2-STABLE/etc/rc.conf</code>+  * enable sshd <code bash>echo "sshd_enable="YES"" >> /jails/BASE/etc/rc.conf</code>
  
 ---- ----
Line 49: Line 64:
 ==== install typical packages, add user, install dotfiles, copy keys.==== ==== install typical packages, add user, install dotfiles, copy keys.====
 <cli green uppercase> <cli green uppercase>
-jexec -BASE pkg install nano zsh git-lite +pkg -BASE install nano zsh git-lite python37 py37-pip 
-jexec -l BASE adduser sleepy +jexec -l BASE adduser
-jexec BASE adduser+
 jexec -l -U sleepy BASE git clone https://gitlab.com/ikiryuta/dotfiles.git jexec -l -U sleepy BASE git clone https://gitlab.com/ikiryuta/dotfiles.git
 jexec -l -U sleepy BASE /home/sleepy/dotfiles/install_links.sh jexec -l -U sleepy BASE /home/sleepy/dotfiles/install_links.sh
Line 57: Line 71:
 jexec -l BASE chsh -s zsh jexec -l BASE chsh -s zsh
 jexec -l -u sleepy BASE mkdir /home/sleepy/.ssh jexec -l -u sleepy BASE mkdir /home/sleepy/.ssh
-cp ~sleepy/.ssh/authorized_keys_jails /jails/BASE_12.2-STABLE/home/sleepy/.ssh/authorized_keys+cp ~sleepy/.ssh/authorized_keys_jails /jails/BASE/home/sleepy/.ssh/authorized_keys
 jexec -l BASE chown -R sleepy:sleepy /home/sleepy/.ssh jexec -l BASE chown -R sleepy:sleepy /home/sleepy/.ssh
 jexec -l BASE chmod 700 /home/sleepy/.ssh jexec -l BASE chmod 700 /home/sleepy/.ssh
Line 65: Line 79:
  
 Snapshot the BASE jail Snapshot the BASE jail
-<code bash>zfs snapshot zroot/jails/BASE_12.2-STABLE@CLEAN_JAILS_BASE</code>+<code bash>zfs snapshot zroot/jails/BASE@CLEAN_JAILS_BASE</code>
  
 ---- ----
 ====== Create jail ====== ====== Create jail ======
-  * create new jail dataset <code bash>zfs clone zroot/jails/BASE_12.2-STABLE@2020-09-21_12.2-PRERELEASE_clean zroot/jails/python</code>+  * create new jail dataset <code bash>zfs clone zroot/jails/BASE@2020-09-21_12.2-PRERELEASE_clean zroot/jails/python</code>
   * add entry to **/etc/jail.conf** for new jail <code bash /etc/jail.conf>   * add entry to **/etc/jail.conf** for new jail <code bash /etc/jail.conf>
 python { python {
Line 75: Line 89:
 }</code> }</code>
   * add entry to **/etc/rc.conf** new jail ip alias <code bash /etc/rc.conf>ifconfig_igb0_alias2="inet 10.0.0.50 netmask 255.255.255.0"</code> or <code bash /etc/rc.conf>ifconfig_igb0_aliases="inet 10.0.0.49-69 netmask 255.255.255.0"</code>   * add entry to **/etc/rc.conf** new jail ip alias <code bash /etc/rc.conf>ifconfig_igb0_alias2="inet 10.0.0.50 netmask 255.255.255.0"</code> or <code bash /etc/rc.conf>ifconfig_igb0_aliases="inet 10.0.0.49-69 netmask 255.255.255.0"</code>
- 
  
 ---- ----
 +====== Updating jails ======
 +===== using source =====
 +assuming you have already built and installed world and kernel. Stop the running jail(s) first.
 +<code>cd /usr/make
 +make installworld DESTDIR=/jails/path
 +mergemaster -iFU -D /jails/path
 +</code>
 +==== jails_update.sh ====
 +Script to automate the updates, just make sure to update the jails paths.
 +<code bash jails_update.sh>
 +jails="/jails/postgres /jails/python /jails/nginx /jails/bitbot"
  
 +cd /usr/src
 +
 +for jail in $jails
 +do
 +    make installworld DESTDIR=$jail
 +    mergemaster -iFU -D $jail
 +done
 +</code>
 +
 +===== using freebsd-update binaries =====
 +<code bash>
 +freebsd-update -b /jails/path fetch
 +freebsd-update -b /jails/path install
 +</code>
 +----
 ====== To Do ====== ====== To Do ======
-  * create ZFS dataset with 20% reserve quota  +  * create ZFS dataset with 20% reserve quota <code bash>zfs create -o quota=300G -o mountpoint=/jails zroot/jails</code> 
-    * **zfs create -o quota=300G -o mountpoint=/jails zroot/jails** +  * replace hardcoded jail paths with variable<code bash>export jail=/jails/BASE 
-  * disable syslogd's network access with -ss +echo $jail</code> 
-    * **sysrc syslogd_flags="-ss"*+  add UTF8 configuration to BASE jail 
-  * bind SSHd to specific IP +  * need to create alias for jail ip on hosts network interface during jail creation. 
-    * **/etc/ssh/sshd_config** <code>ListenAddress 10.0.0.1</code>+    * using ''ifconfig'' for one-time use <code bash>ifconfig igb0 alias 10.0.0.92 netmask 255.255.255.0</code> 
 +    permanent using ''rc.conf'' <code bash /etc/rc.conf>ifconfig_igb0_alias2="10.0.0.92 netmask 255.255.255.0"</code>
freebsd/jails.1601171623.txt.gz · Last modified: (external edit)