sleepy.wtf

User Tools

Site Tools

Trace: 2021_desktop_build jails
freebsd:jails

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
freebsd:jails [2020/09/28 08:23] sleepyfreebsd:jails [2025/07/07 23:10] (current) – external edit 127.0.0.1
Line 19: Line 19:
 #BASE { #BASE {
 # ip4.addr="10.0.0.70"; # ip4.addr="10.0.0.70";
-#       path="/jails/BASE_12.2-STABLE"+#       path="/jails/BASE"
 #}</code> #}</code>
 ---- ----
 +
 +
 +
 ====== Create zfs jail base ====== ====== Create zfs jail base ======
 +===== Create from source =====
 <code bash> <code bash>
-zfs create -o quota=30G zroot/jails/BASE_12.2-STABLE+zfs create -o quota=30G zroot/jails/BASE
 cd /usr/src cd /usr/src
-make installworld DESTDIR=/jails/BASE_12.2-STABLE +make installworld DESTDIR=/jails/BASE 
-make distribution DESTDIR=/jails/BASE_12.2-STABLE+make distribution DESTDIR=/jails/BASE
 </code> </code>
 +
 +===== Create from release tarball =====
 +  * grab the **base** and **lib32** tarballs for your FreeBSD version <code bash>fetch https://download.freebsd.org/ftp/snapshots/amd64/12.2-PRERELEASE/base.txz
 +fetch https://download.freebsd.org/ftp/snapshots/amd64/12.2-PRERELEASE/lib32.txz</code>
 +  * extract snapshot tarballs to jail path <code bash>tar -xf base.txz -C /jails/BASE
 +tar -xf lib32.txz -C /jails/BASE</code> 
 +
 ---- ----
-===== Configure zfs jail base =====+ 
 +====== Configure zfs jail base ======
 <code bash> <code bash>
-touch /jails/BASE_12.2-STABLE/etc/fstab +touch /jails/BASE/etc/fstab /jails/BASE/etc/rc.conf 
-cp /etc/localtime /jails/BASE_12.2-STABLE/etc/ +mkdir -p /jails/BASE/usr/local/etc/pkg/repos 
-cp /etc/resolv.conf /jails/BASE_12.2-STABLE/etc/ +cp /usr/local/etc/pkg/repos/FreeBSD.conf /jails/BASE/usr/local/etc/pkg/repos 
-touch /jails/BASE_12.2-STABLE/etc/rc.conf +cp /etc/localtime /jails/BASE/etc/ 
-echo 'sendmail_enable="NO"' >> /jails/BASE_12.2-STABLE/etc/rc.conf +cp /etc/resolv.conf /jails/BASE/etc/ 
-echo 'ntpd_enable="NO"' >> /jails/BASE_12.2-STABLE/etc/rc.conf +echo 'sendmail_enable="NO"' >> /jails/BASE/etc/rc.conf 
-echo 'sshd_enable="YES"' >> /jails/BASE_12.2-STABLE/etc/rc.conf+echo 'ntpd_enable="NO"' >> /jails/BASE/etc/rc.conf 
 +echo 'sshd_enable="YES"' >> /jails/BASE/etc/rc.conf
 </code> </code>
-  * jails don't use fstab, but some programs need it <code bash>touch /jails/BASE_12.2-STABLE/etc/fstab</code> +  * jails don't use fstab, but some programs need it <code bash>touch /jails/BASE/etc/fstab</code> 
-  * jails will probably be in same timezone as host <code bash>cp /etc/localtime /jails/BASE_12.2-STABLE/etc/</code> +  * jails will probably be in same timezone as host <code bash>cp /etc/localtime /jails/BASE/etc/</code> 
-  * don't need to configure dns servers <code bash>cp /etc/resolv.conf /jails/BASE_12.2-STABLE/etc/</code> +  * don't need to configure dns servers <code bash>cp /etc/resolv.conf /jails/BASE/etc/</code> 
-  * don't need sendmail <code bash>echo "sendmail_enable="NO"" >> /jails/BASE_12.2-STABLE/etc/rc.conf</code> +  * don't need sendmail <code bash>echo "sendmail_enable="NO"" >> /jails/BASE/etc/rc.conf</code> 
-  * no need to run ntpd since jail cannot change time <code bash>echo "ntpd_enable="NO"" >> /jails/BASE_12.2-STABLE/etc/rc.conf</code> +  * no need to run ntpd since jail cannot change time <code bash>echo "ntpd_enable="NO"" >> /jails/BASE/etc/rc.conf</code> 
-  * enable sshd <code bash>echo "sshd_enable="YES"" >> /jails/BASE_12.2-STABLE/etc/rc.conf</code>+  * enable sshd <code bash>echo "sshd_enable="YES"" >> /jails/BASE/etc/rc.conf</code>
  
 ---- ----
Line 51: Line 64:
 ==== install typical packages, add user, install dotfiles, copy keys.==== ==== install typical packages, add user, install dotfiles, copy keys.====
 <cli green uppercase> <cli green uppercase>
-jexec -BASE pkg install nano zsh git-lite python37 py37-pip+pkg -BASE install nano zsh git-lite python37 py37-pip
 jexec -l BASE adduser jexec -l BASE adduser
 jexec -l -U sleepy BASE git clone https://gitlab.com/ikiryuta/dotfiles.git jexec -l -U sleepy BASE git clone https://gitlab.com/ikiryuta/dotfiles.git
Line 58: Line 71:
 jexec -l BASE chsh -s zsh jexec -l BASE chsh -s zsh
 jexec -l -u sleepy BASE mkdir /home/sleepy/.ssh jexec -l -u sleepy BASE mkdir /home/sleepy/.ssh
-cp ~sleepy/.ssh/authorized_keys_jails /jails/BASE_12.2-STABLE/home/sleepy/.ssh/authorized_keys+cp ~sleepy/.ssh/authorized_keys_jails /jails/BASE/home/sleepy/.ssh/authorized_keys
 jexec -l BASE chown -R sleepy:sleepy /home/sleepy/.ssh jexec -l BASE chown -R sleepy:sleepy /home/sleepy/.ssh
 jexec -l BASE chmod 700 /home/sleepy/.ssh jexec -l BASE chmod 700 /home/sleepy/.ssh
Line 66: Line 79:
  
 Snapshot the BASE jail Snapshot the BASE jail
-<code bash>zfs snapshot zroot/jails/BASE_12.2-STABLE@CLEAN_JAILS_BASE</code>+<code bash>zfs snapshot zroot/jails/BASE@CLEAN_JAILS_BASE</code>
  
 ---- ----
 ====== Create jail ====== ====== Create jail ======
-  * create new jail dataset <code bash>zfs clone zroot/jails/BASE_12.2-STABLE@2020-09-21_12.2-PRERELEASE_clean zroot/jails/python</code>+  * create new jail dataset <code bash>zfs clone zroot/jails/BASE@2020-09-21_12.2-PRERELEASE_clean zroot/jails/python</code>
   * add entry to **/etc/jail.conf** for new jail <code bash /etc/jail.conf>   * add entry to **/etc/jail.conf** for new jail <code bash /etc/jail.conf>
 python { python {
Line 76: Line 89:
 }</code> }</code>
   * add entry to **/etc/rc.conf** new jail ip alias <code bash /etc/rc.conf>ifconfig_igb0_alias2="inet 10.0.0.50 netmask 255.255.255.0"</code> or <code bash /etc/rc.conf>ifconfig_igb0_aliases="inet 10.0.0.49-69 netmask 255.255.255.0"</code>   * add entry to **/etc/rc.conf** new jail ip alias <code bash /etc/rc.conf>ifconfig_igb0_alias2="inet 10.0.0.50 netmask 255.255.255.0"</code> or <code bash /etc/rc.conf>ifconfig_igb0_aliases="inet 10.0.0.49-69 netmask 255.255.255.0"</code>
- 
  
 ---- ----
 +====== Updating jails ======
 +===== using source =====
 +assuming you have already built and installed world and kernel. Stop the running jail(s) first.
 +<code>cd /usr/make
 +make installworld DESTDIR=/jails/path
 +mergemaster -iFU -D /jails/path
 +</code>
 +==== jails_update.sh ====
 +Script to automate the updates, just make sure to update the jails paths.
 +<code bash jails_update.sh>
 +jails="/jails/postgres /jails/python /jails/nginx /jails/bitbot"
  
 +cd /usr/src
 +
 +for jail in $jails
 +do
 +    make installworld DESTDIR=$jail
 +    mergemaster -iFU -D $jail
 +done
 +</code>
 +
 +===== using freebsd-update binaries =====
 +<code bash>
 +freebsd-update -b /jails/path fetch
 +freebsd-update -b /jails/path install
 +</code>
 +----
 ====== To Do ====== ====== To Do ======
-  * create ZFS dataset with 20% reserve quota  +  * create ZFS dataset with 20% reserve quota <code bash>zfs create -o quota=300G -o mountpoint=/jails zroot/jails</code> 
-    * **zfs create -o quota=300G -o mountpoint=/jails zroot/jails**+  replace hardcoded jail paths with variable<code bash>export jail=/jails/BASE 
 +echo $jail</code> 
 +  add UTF8 configuration to BASE jail 
 +  * need to create alias for jail ip on hosts network interface during jail creation. 
 +    * using ''ifconfig'' for one-time use <code bash>ifconfig igb0 alias 10.0.0.92 netmask 255.255.255.0</code> 
 +    * permanent using ''rc.conf'' <code bash /etc/rc.conf>ifconfig_igb0_alias2="10.0.0.92 netmask 255.255.255.0"</code>
freebsd/jails.1601281415.txt.gz · Last modified: (external edit)