Date: Wed, 28 Oct 2015 23:19:18 +0100 From: Philip Jocks <pjlists@netzkommune.com> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: galtsev@kicp.uchicago.edu, "Michael B. Eichorn" <ike@michaeleichorn.com>, freebsd-jail@freebsd.org Subject: Re: /etc/jail.conf documentation? Message-ID: <1790D059-5FB1-4CBB-BC4E-FFFC4CFD32FE@netzkommune.com> In-Reply-To: <56313886.8060109@quip.cz> References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <56310570.4080900@gmail.com> <1446057716.1158.27.camel@michaeleichorn.com> <61253.128.135.52.6.1446063930.squirrel@cosmo.uchicago.edu> <56313886.8060109@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
> Am 28.10.2015 um 22:05 schrieb Miroslav Lachman <000.fbsd@quip.cz>: >=20 > Valeri Galtsev wrote on 10/28/2015 21:25: >>=20 >> On Wed, October 28, 2015 1:41 pm, Michael B. Eichorn wrote: >>> On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: >>>> Valeri Galtsev wrote: >>>>> Dear All, >>>>>=20 >>>>> Can someone recommend something similar to FreeBSD handbook that >>>>> describes >>>>> building jails for newer systems meaning /etc/jail.conf as opposed = to >>>>> /etc/rc.conf which handbook currently has in its jails chapter. I >>>>> still >>>>> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it = is >>>>> time >>>>> to build 10.x production boxes, and do things modern way (implying >>>>> /etc/jail.conf). I still intend to keep building jails "old = fashion >>>>> way" >>>>> as described in handbook, as opposed to using tools "ezjail" or >>>>> similar. >>>>>=20 >>>>> Thanks for all your advises! >>>>>=20 >>>>> Valeri >>>>>=20 >>>>=20 >>>> Check out the jail-primer and qjail port. >>>=20 >>> (adding freebsd-jail list) >>>=20 >>> Ernie, I don't think that this is what Valeri was looking for. Those = are >>> both jail-management utilities not really documentation on using = jail(8) >>> via configuration using jail.conf(5). >>>=20 >>> I would be indeed be interested in a modern best-practices guide for >>> using the base system jail management tools. >>=20 >> Michael, thanks for your comment. You certainly are right. >>=20 >> Ernie, thanks for your pointers. They are not exactly a chapter on = how to >> do the whole jail manually new style - exactly as Michael says - = similar >> to what is found in FreeBSD handbook (alas, for old style). However, >> thanks to your pointer, I've found = http://jail-primer.sourceforge.net/ >> which at a first glance looks comprehensive and decent reading, and >> combined with my experience of setting up jails "by the book" in the = past, >> is sufficient for me to do the same /etc/jail.conf way - I've got one >> running already; it will need some careful walkover sill, but I'm in >> business. >=20 > You can do your work with jails the same way (creation, updating, = upgrading...). You just need to convert your rc.conf configuration in to = jail.conf, which is more flexible. > Automatic conversion (by rc.d/jail from FreeBSD 10.x) didn't work for = me. Manual creation of jail.conf was easy. we currently use ezjail and on other boxes we roughly do it like this: = http://savagedlight.me/2014/03/14/freebsd-jail-server-with-zfs-clone-and-j= ail-conf/ at least, that=E2=80=99s pretty close to how we do it. On UFS based = systems we use cpdup instead of the ZFS cloning. For upgrades, we use Matt Simerson=E2=80=99s very nice `jailmanage` = script: https://www.tnpi.net/computing/freebsd/jail_manage.txt which is pretty straight forward and just helps you with things (running = freebsd-update etc) and doesn=E2=80=99t lock you in. Our jail.conf looks = like this: -- exec.start =3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; exec.clean; mount.devfs; path =3D "/usr/jails/$name=E2=80=9C; jailname { host.hostname =3D 'jailname'; ip4.addr =3D x.x.x.x; } -- and then we just repeat the jailname-blocks. `jailmanage` expects each = block to start like this. HTH, Philip=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1790D059-5FB1-4CBB-BC4E-FFFC4CFD32FE>