setup jails on freebsd
we'll be creating 4 jails + main host (5 machines in total)
First, lets create some folders where the jails will be stored.
mkdir /usr/jails && mkdir /usr/jails/mail1 && mkdir /usr/jails/mail2 && mkdir /usr/jails/mail3 && mkdir /usr/jails/mail4
then we add some settings to rc.conf
# vi /etc/rc.conf
Add these line right after (remember, every machine has a differnt network card reference (bge0)). Change it to your machines network card.
ifconfig_bge0="inet 192.168.1.157 netmask 255.255.255.0"
ifconfig_bge0_alias0="inet 192.168.1.211 netmask 0xfffffff8"
ifconfig_bge0_alias1="inet 192.168.1.212 netmask 0xfffffff8"
ifconfig_bge0_alias2="inet 192.168.1.213 netmask 0xfffffff8"
ifconfig_bge0_alias3="inet 192.168.1.214 netmask 0xfffffff8"
if you don't want to reboot, you'll also have to setup the alias now so you can ssh in later...
ifconfig bge0 inet alias 192.168.1.211 netmask 255.255.255.255
ifconfig bge0 inet alias 192.168.1.212 netmask 255.255.255.255
ifconfig bge0 inet alias 192.168.1.213 netmask 255.255.255.255
ifconfig bge0 inet alias 192.168.1.214 netmask 255.255.255.255
near the bottom of the file, add following and makre sure you change the IP's & paths if different than above.
#only have 5 IP's. 1 for the main server and 4 for the jails
#jail_list="mail1 mail2 mail3 mail4"
jail_enable="YES"
jail_list="mail1 mail2 mail3 mail4"
jail_set_hostname_allow="YES"
jail_mail1_rootdir="/usr/jails/mail1"
jail_mail1_hostname="mail1.example.com"
jail_mail1_ip="192.168.1.231"
jail_mail1_start="/bin/sh /etc/rc"
jail_mail1_devfs_enable="YES"
jail_mail1_devfs_ruleset="devfsrules_jail"
jail_mail2_rootdir="/usr/jails/mail2"
jail_mail2_hostname="mail2.example.com"
jail_mail2_ip="192.168.1.232"
jail_mail2_start="/bin/sh /etc/rc"
jail_mail2_devfs_enable="YES"
jail_mail2_devfs_ruleset="devfsrules_jail"
jail_mail3_rootdir="/usr/jails/mail3"
jail_mail3_hostname="mail3.example.com"
jail_mail3_ip="192.168.1.233"
jail_mail3_start="/bin/sh /etc/rc"
jail_mail3_devfs_enable="YES"
jail_mail3_devfs_ruleset="devfsrules_jail"
jail_mail4_rootdir="/usr/jails/mail4"
jail_mail4_hostname="mail4.example.com"
jail_mail4_ip="192.168.1.234"
jail_mail4_start="/bin/sh /etc/rc"
jail_mail4_devfs_enable="YES"
jail_mail4_devfs_ruleset="devfsrules_jail"
------------------------------------------
Make the virtual system
cd /usr/src
make world DESTDIR=/usr/jails/mail1
if you get this error "make: don't know how to make world. Stop"
it's because you don't have to source tree installed...
look at cvs-supfile blog post to know how to do it...
cd etc
make distribution DESTDIR=/usr/jails/mail1
cd /usr/jails/mail1
ln -sf /dev/null kernel
touch /usr/jails/mail1/etc/fstab
cat /etc/resolv.conf > /usr/jails/mail1/etc/resolv.conf
mount -t procfs proc /usr/jails/mail1/proc
mount -t devfs dev /usr/jails/mail1/dev
mkdir /usr/jails/mail1/usr/ports
mount_nullfs /usr/ports /usr/jails/mail1/usr/ports
Once the first jail is created, we can just copy jails and not have to redo "make world" which takes awhile.
----------------------------------------------
Configuration of the jail
Start the jail for the first time
# /etc/rc.d/jail start mail1
If you try to SSH into the jail, you will end up in the main machine and not in the jail.
To fix this add the following line to /etc/rc.conf
rpcbind_enable="NO"
vi /etc/ssh/sshd_config
Port 22
Protocol 2
ListenAddress 192.168.1.157
Now we jump into the jail for some 1st step configurations
# jail /usr/jails/mail1 mail1.example.com 192.168.1.231 /bin/sh
now you are inside the jail:
change the root password
# passwd
add a new user and invite the user to the wheel group (so you can su to root)
# adduser
So we can ssh into the jail
# echo 'sshd_enable="YES"' >> /etc/rc.conf
install bash, change the users shell to bash
if you are in a jail and ports doesn't exit you have to remount the ports Filesystem
# cd /usr/ports/shells/bash
# make clean; make install clean
# chsh
change the shell to: /usr/local/bin/bash
Host environment syslogd
This entry in /etc/rc.conf tells syslogd to not listen on any IP address.
syslogd_flags="-ss"
That allows syslogd to run in both the host and the jail environments.
Host environment inetd
This entry in /etc/rc.conf tells inetd to listen on a specific IP address. This address is that of the host environment:
inetd_flags="-wW -C 60 -a 192.168.0.100"
You should note that the first part of the above flags is from /etc/defaults/rc.conf:
inetd_flags="-wW -C 60" # Optional flags to inetd
jail_enable="YES"
jail_list="mail_1"
jail_set_hostname_allow="YES"
jail_mail_1_rootdir="/usr/jails/mail_1"
jail_mail_1_hostname="mail_1.example.com"
jail_mail_1_ip="192.168.1.202" jail_mail_1_start="/bin/sh /etc/rc"
jail_mail_1_devfs_enable="YES"
jail_mail_1_devfs_ruleset="devfsrules_jail"
if you forget root password
jail /dumpdrive500/jails/devbox2 devbox2 192.168.1.152 /usr/bin/passwd root
------------------------------------------------
Clone the Jails
mkdir /usr/jails/mail2
cd /usr/jails/mail1
tar -cpf - . | tar -C /usr/jails/mail2 -xpf -
Mount all the needed directories for the cloned jails
mount -t procfs proc /usr/jails/mail1/proc
mount -t devfs dev //usr/jails/mail1/dev
mount_nullfs /usr/ports /usr/jails/mail1/usr/ports
vi /etc/rc.conf
added in -------------
jail_devbox5_rootdir="/usr/jails/mail1"
jail_devbox5_hostname="devbox5.example.com"
jail_devbox5_ip="192.168.1.155"
jail_devbox5_start="/bin/sh /etc/rc"
jail_devbox5_devfs_enable="YES"
jail_devbox5_devfs_ruleset="devfsrules_jail"
/etc/rc.d/jail start devbox5
ref: http://www.freebsd.org/doc/en/books/handbook/jails-build.html [[BR]]
ref: http://www.freebsddiary.org/jail-6.php
October 29th, 2011 - 15:26
I much prefer informative articles like this to that high brow literature.