From owner-freebsd-jail@freebsd.org Wed Oct 28 22:29:15 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ECBA5A200CE for ; Wed, 28 Oct 2015 22:29:14 +0000 (UTC) (envelope-from pjlists@netzkommune.com) Received: from mx2.nkhosting.net (mx2.nkhosting.net [109.75.177.32]) by mx1.freebsd.org (Postfix) with ESMTP id 72D1E1F1D for ; Wed, 28 Oct 2015 22:29:13 +0000 (UTC) (envelope-from pjlists@netzkommune.com) Received: from mx2filter1.nkhosting.net (unknown [109.75.177.32]) by mx2.nkhosting.net (Postfix) with ESMTP id 0ADAC2D6CBA8; Wed, 28 Oct 2015 23:19:23 +0100 (CET) X-Virus-Scanned: amavisd-new at mx2.nkhosting.net X-Spam-Flag: NO X-Spam-Score: -2.9 X-Spam-Level: X-Spam-Status: No, score=-2.9 tagged_above=-999 required=6.2 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mx2.nkhosting.net ([109.75.177.32]) by mx2filter1.nkhosting.net (mx2filter1.nkhosting.net [109.75.177.32]) (amavisd-new, port 10024) with ESMTP id gCdfW05r5FfX; Wed, 28 Oct 2015 23:19:19 +0100 (CET) Received: from [192.168.19.11] (b2b-130-180-30-42.unitymedia.biz [130.180.30.42]) by mx2.nkhosting.net (Postfix) with ESMTPSA id 1A1E12D6CBA6; Wed, 28 Oct 2015 23:19:18 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Subject: Re: /etc/jail.conf documentation? From: Philip Jocks In-Reply-To: <56313886.8060109@quip.cz> Date: Wed, 28 Oct 2015 23:19:18 +0100 Cc: galtsev@kicp.uchicago.edu, "Michael B. Eichorn" , freebsd-jail@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <1790D059-5FB1-4CBB-BC4E-FFFC4CFD32FE@netzkommune.com> References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <56310570.4080900@gmail.com> <1446057716.1158.27.camel@michaeleichorn.com> <61253.128.135.52.6.1446063930.squirrel@cosmo.uchicago.edu> <56313886.8060109@quip.cz> To: Miroslav Lachman <000.fbsd@quip.cz> X-Mailer: Apple Mail (2.2104) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 22:29:15 -0000 > Am 28.10.2015 um 22:05 schrieb Miroslav Lachman <000.fbsd@quip.cz>: >=20 > Valeri Galtsev wrote on 10/28/2015 21:25: >>=20 >> On Wed, October 28, 2015 1:41 pm, Michael B. Eichorn wrote: >>> On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: >>>> Valeri Galtsev wrote: >>>>> Dear All, >>>>>=20 >>>>> Can someone recommend something similar to FreeBSD handbook that >>>>> describes >>>>> building jails for newer systems meaning /etc/jail.conf as opposed = to >>>>> /etc/rc.conf which handbook currently has in its jails chapter. I >>>>> still >>>>> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it = is >>>>> time >>>>> to build 10.x production boxes, and do things modern way (implying >>>>> /etc/jail.conf). I still intend to keep building jails "old = fashion >>>>> way" >>>>> as described in handbook, as opposed to using tools "ezjail" or >>>>> similar. >>>>>=20 >>>>> Thanks for all your advises! >>>>>=20 >>>>> Valeri >>>>>=20 >>>>=20 >>>> Check out the jail-primer and qjail port. >>>=20 >>> (adding freebsd-jail list) >>>=20 >>> Ernie, I don't think that this is what Valeri was looking for. Those = are >>> both jail-management utilities not really documentation on using = jail(8) >>> via configuration using jail.conf(5). >>>=20 >>> I would be indeed be interested in a modern best-practices guide for >>> using the base system jail management tools. >>=20 >> Michael, thanks for your comment. You certainly are right. >>=20 >> Ernie, thanks for your pointers. They are not exactly a chapter on = how to >> do the whole jail manually new style - exactly as Michael says - = similar >> to what is found in FreeBSD handbook (alas, for old style). However, >> thanks to your pointer, I've found = http://jail-primer.sourceforge.net/ >> which at a first glance looks comprehensive and decent reading, and >> combined with my experience of setting up jails "by the book" in the = past, >> is sufficient for me to do the same /etc/jail.conf way - I've got one >> running already; it will need some careful walkover sill, but I'm in >> business. >=20 > You can do your work with jails the same way (creation, updating, = upgrading...). You just need to convert your rc.conf configuration in to = jail.conf, which is more flexible. > Automatic conversion (by rc.d/jail from FreeBSD 10.x) didn't work for = me. Manual creation of jail.conf was easy. we currently use ezjail and on other boxes we roughly do it like this: = http://savagedlight.me/2014/03/14/freebsd-jail-server-with-zfs-clone-and-j= ail-conf/ at least, that=E2=80=99s pretty close to how we do it. On UFS based = systems we use cpdup instead of the ZFS cloning. For upgrades, we use Matt Simerson=E2=80=99s very nice `jailmanage` = script: https://www.tnpi.net/computing/freebsd/jail_manage.txt which is pretty straight forward and just helps you with things (running = freebsd-update etc) and doesn=E2=80=99t lock you in. Our jail.conf looks = like this: -- exec.start =3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; exec.clean; mount.devfs; path =3D "/usr/jails/$name=E2=80=9C; jailname { host.hostname =3D 'jailname'; ip4.addr =3D x.x.x.x; } -- and then we just repeat the jailname-blocks. `jailmanage` expects each = block to start like this. HTH, Philip=