FreeBSD 13.2 Jails: Difference between revisions

From CompleteNoobs
Jump to navigation Jump to search
VisualWikitext
AwesomO (talk | contribs)
189 edits
Created page with " ==FreeBSD Jail Setup Manually== Creating a FreeBSD jail manually involves downloading and extracting the base package for the desired FreeBSD release. Here's a step-by-step guide on how to do this: ===Using OpenZFS=== '''OpenZFS''' is a very powerful and helpful File-System that can allow us to very easily '''create''', '''clone''', '''snapshot''', '''restore''', '''destroy''', '''backup''' and '''transfer''' are jails. ====Create a directory for the jail==== In..."
 
(No difference)

Latest revision as of 14:51, 5 May 2023


FreeBSD Jail Setup Manually

Creating a FreeBSD jail manually involves downloading and extracting the base package for the desired FreeBSD release. Here's a step-by-step guide on how to do this:

Using OpenZFS

OpenZFS is a very powerful and helpful File-System that can allow us to very easily create, clone, snapshot, restore, destroy, backup and transfer are jails.

Create a directory for the jail

In this example my ZFS Pool is called nuc and my jails directory will be in a directory called pods which will contain my jails each in a separate sub directory like so /pods/{jail1,jail2,jail3}

  • Create a dataset for pods

sudo zfs create nuc/pods

  • You can check with zfs list to see your new dataset.

Set the mountpoint for the pods dataset

sudo zfs set mountpoint=/pods nuc/pods


Create a Template Jail Which you can clone

In this section, we will create an OpenZFS dataset called FreeBSD_13.2_Template to extract a base.txz Which we will snapshot , and then clone the template to create a new jail.

Create the 'FreeBSD_13.2_Template' dataset

sudo zfs create your_pool_name/path/FreeBSD_13.2_Template

Replace your_pool_name with the name of your ZFS pool.

  • Example:

sudo zfs create nuc/pods/FreeBSD_13.2_Template

Set the mountpoint for the template dataset

sudo zfs set mountpoint=/pods/FreeBSD_13.2_Template nuc/pods/FreeBSD_13.2_Template

Download the base.txz package for FreeBSD 13.2-RELEASE

fetch https://download.freebsd.org/ftp/releases/amd64/13.2-RELEASE/base.txz -o /tmp/base.txz

Extract the base.txz package to the 'FreeBSD_13.2_Template' dataset

tar -C /pods/FreeBSD_13.2_Template -xf /tmp/base.txz

Create a snapshot of the template dataset

sudo zfs snapshot nuc/pods/FreeBSD_13.2_Template@base_snapshot

Clone the template dataset to create a new jail dataset

sudo zfs clone nuc/pods/FreeBSD_13.2_Template@base_snapshot nuc/pods/mediawiki

Set the mountpoint for the jail dataset

sudo zfs set mountpoint=/pods/mediawiki nuc/pods/mediawiki

You now have a template dataset and a jail dataset based on that template.

How to snapshot and rollback your jails

Now, you have separate datasets for each jail, and you can create snapshots and rollbacks for each jail individually. For example, to create a snapshot for the mediawiki jail, you can run:

sudo zfs snapshot nuc/pods/mediawiki@snapshot_name

And to roll back to a snapshot for the mediawiki jail, you can run:

sudo zfs rollback nuc/pods/mediawiki@snapshot_name

Replace snapshot_name with a descriptive name for the snapshot. You can follow the same process for any other jails you create within the pods dataset.

Destroy/Delete Dataset/jail

If you need/want to delete the jail dataset, you can destroy it with the following command

First un-mount the mount point (if mounted)

  • Find if and where mounted with:

zfs list

Return out put:
nuc/pods/mediawiki                 0B   208G      503M  /pods/mediawiki

As we can see its mounted at /pods/mediawiki

  • ensure that no processes are currently using it.

You can use the fuser command followed by the path to the mount point to check for any processes that are using it.

  • For example: fuser /pods/mediawiki
  • Unmount /pods/mediawiki

sudo umount /pods/mediawiki

  • Now destroy the dataset

sudo zfs destroy nuc/pods/mediawiki

Replace nuc with the name of your ZFS pool.

  • If you want to also remove any snapshots of the dataset, you can add the -R option to the zfs destroy command.

For example, to delete the dataset and all its snapshots, run the following command:

zfs destroy -R nuc/pods/mediawiki

Using UFS

Create a directory

Create a directory that will serve as the root directory for your jail. Replace /var/pods with the desired path.

mkdir -pv /pods/mediawiki

  • We now have a directory called pods in which we will install are jailed FreeBSD instances
    • With sub-directory mediawiki in which we will install are jailed mediawiki server

Choose the desired FreeBSD release

  • Determine the FreeBSD release you want to use for your jail.

Search https://download.freebsd.org/ftp/releases/ For a 'base.txz of the version and appropriate architecture of FreeBSD you wish to install in a jail.

In this example, we'll use FreeBSD 13.2-RELEASE. Adjust the release version according to your needs.

Download the base package for the desired FreeBSD release. Use the fetch command to download the package directly from the FreeBSD website:

fetch https://download.freebsd.org/ftp/releases/amd64/13.2-RELEASE/base.txz -o /tmp/base.txz

  • Replace amd64 with the appropriate architecture if needed.

Extract the base package

Extract the downloaded base package into the jail's root directory:

tar -C /pods/mediawiki -xf /tmp/base.txz

jail configuration /etc/jail.conf

Create a configuration file for your jail. The following example assumes you're using the jail utility provided by FreeBSD:

Edit /etc/jail.conf and add the following jail configuration:

  • If /etc/jail.conf does not exist, create it with touch /etc/jail.conf

$EDITOR /etc/jail.conf 

localwiki {
  host.hostname = "local.wiki";
  ip4.addr = 192.168.0.33;
  path = "/pods/mediawiki";
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";
  exec.clean;
  mount.devfs;
}
  • Replace
    • localwiki to what you would like your jail called
    • host.hostname = "<the_host_name_for_jail>";
    • ip4.addr = <ip_address_for_jail_to_use>;
    • path = "</path/to/jail>";

Copy over your /etc/resolv.conf to jail

It is generally a good idea to copy the /etc/resolv.conf file from the host system to the jail's /etc/resolv.conf before starting the jail. This ensures that the jail has the same DNS resolver configuration as the host, allowing it to resolve domain names correctly.

/etc/resolv.conf is a configuration file used by the DNS resolver library on Unix-based systems, including FreeBSD. It contains information about the DNS nameservers and search domains to use when resolving domain names.

To copy the resolv.conf file from the host system to the jail, you can use the cp command:

cp /etc/resolv.conf /pods/mediawiki/etc/resolv.conf

Make sure to execute this command before starting the jail to ensure proper DNS resolution within the jail environment.

Start the jail

Start the jail using the jail utility:

jail -c localwiki

Replace localwiki with the name you chose in the jail configuration.

If you have firewall up - allow jail through firewall

IPFW Example: 

# Allow incoming traffic for jail's IP (192.168.0.33)
ipfw -q add 00200 allow all from any to 192.168.0.33 in

# Allow outgoing traffic for jail's IP (192.168.0.33)
ipfw -q add 00210 allow all from 192.168.0.33 to any out

Access the jail

Enter the jail's environment with the jexec command:

jexec localwiki /bin/sh

  • Replace localwiki with your jail name

You'll now be inside your jail, and you can manage it like any other FreeBSD system.

Restart the jail

To restart the jail you turn it off and on again :)

sudo jail -r your_jail_name

sudo jail -c your_jail_name

  • or one line

sudo jail -r your_jail_name && sudo jail -c your_jail_name

Stop and remove the jail (optional)

If you want to stop and remove the jail, first exit the jail environment (if you're still inside) by typing exit. Then, stop the jail:

jail -r myjail

You can now remove the jail directory and its contents:

rm -rf /path/to/jail

Don't forget to remove the corresponding jail configuration from /etc/jail.conf.

By following these steps, you've manually created a FreeBSD jail by downloading and extracting the base package. You can now configure and manage the jail as needed.

Start Jails at reboot

  • To have all the jails start at reboot add the line jail_enable="YES" into rc.conf

sysrc jail_enable="YES"


Run commands in jail from Host

Start your jail, if it's not already running:

sudo service jail start your_jail_name

  • Or use jail

jail -c your_jail_name

Obtain the jail ID by listing the running jails

jls

Note the JID (Jail ID) for your specific jail from the output.

Update the pkg package manager inside the jail

sudo jexec JID pkg update

Replace JID with the jail ID you noted in Obtain the jail ID by listing the running jails.

  • Example (If JID = 1):

sudo jexec 1 pkg update

Install packages using the pkg command with jexec

sudo jexec JID pkg install package_name

Replace package_name with the desired package.

For example, to initialize pkg and install the nano text editor in a jail with a Jail ID of 1, you would run:

sudo jexec 1 pkg update

sudo jexec 1 pkg install nano

To run other commands inside the jail from the host, you can use the same jexec JID command pattern, replacing command with the desired command you want to run inside the jail.

Retrieved from "https://www.completenoobs.com/noobs/index.php?title=FreeBSD_13.2_Jails&oldid=398"