From owner-freebsd-jail@freebsd.org Thu Oct 29 11:53:44 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 43557A20188 for ; Thu, 29 Oct 2015 11:53:44 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0F10B180E for ; Thu, 29 Oct 2015 11:53:43 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: by iody8 with SMTP id y8so42415359iod.1 for ; Thu, 29 Oct 2015 04:53:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=clintarmstrong.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=836dNAnU7iO0TYTH1clLqjivSTAXqenppfaZjUDnGsM=; b=sKZE09FRNgkOTwpAsBjF5Hv89rM7aSArauByO0hMbyzcedFompndGcs/7KPyHmL1Ak Czf8sEp8K+h6/f6A5UPEtjfJqwhUuAgA20UlDyRR7YEhvoiKINWGb5WMe7dgb6QJptwR ZL11xkrgqZkzaDSu69sCCZKHkrBSBwhFZW+fI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=836dNAnU7iO0TYTH1clLqjivSTAXqenppfaZjUDnGsM=; b=HR8S9e4eVAlbef2knsLR499yOjpDZRXIdGIILYh1Sqpk24nXEVZk1zPCxUoRNOXHNX O7wcqs5DY6VBfNUBboACqW+ww3CkJICQKuwMt/DzQNIScLRt6Sua4Ubqpo1bbLHlchqX EzYL71k1B3KF2MycDBacFsmSsNR2QUf8ixXfS3dHh/4f1GuEa03GQIe0BNBv/KM0U9B4 jYEcwnPtVbvbXukm1HRTd+J7l3OuYZy0r3NjzYp2hxxKti9CrhkLfpc5FRDTSKjPTxwz SxsA3dEn3/WIOXUvTGli0kgefU9+fDPd1c4xtc8pZw9BrpvGdrSYTLzVQTbdtvSpNAuk UdTA== X-Gm-Message-State: ALoCoQmyQ4lxCpdImopm4kslOboIWeYKQ1p+gIqhPDdG0b4GV2M6sJUQsSHICLm68O3NMkffZ9I3 X-Received: by 10.107.132.138 with SMTP id o10mr2848075ioi.176.1446119622796; Thu, 29 Oct 2015 04:53:42 -0700 (PDT) MIME-Version: 1.0 References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <56310570.4080900@gmail.com> <1446057716.1158.27.camel@michaeleichorn.com> <61253.128.135.52.6.1446063930.squirrel@cosmo.uchicago.edu> <56313886.8060109@quip.cz> <1790D059-5FB1-4CBB-BC4E-FFFC4CFD32FE@netzkommune.com> In-Reply-To: <1790D059-5FB1-4CBB-BC4E-FFFC4CFD32FE@netzkommune.com> From: Clint Armstrong Date: Thu, 29 Oct 2015 11:53:33 +0000 Message-ID: Subject: Re: /etc/jail.conf documentation? To: Philip Jocks , Miroslav Lachman <000.fbsd@quip.cz> Cc: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Oct 2015 11:53:44 -0000 A little while ago I wrote up an overview of how I build jails using jail.conf at http://clinta.github.io/freebsd-jails-the-hard-way/. On Wed, Oct 28, 2015 at 6:29 PM Philip Jocks wrote: > > > Am 28.10.2015 um 22:05 schrieb Miroslav Lachman <000.fbsd@quip.cz>: > > > > Valeri Galtsev wrote on 10/28/2015 21:25: > >> > >> On Wed, October 28, 2015 1:41 pm, Michael B. Eichorn wrote: > >>> On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: > >>>> Valeri Galtsev wrote: > >>>>> Dear All, > >>>>> > >>>>> Can someone recommend something similar to FreeBSD handbook that > >>>>> describes > >>>>> building jails for newer systems meaning /etc/jail.conf as opposed = to > >>>>> /etc/rc.conf which handbook currently has in its jails chapter. I > >>>>> still > >>>>> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it i= s > >>>>> time > >>>>> to build 10.x production boxes, and do things modern way (implying > >>>>> /etc/jail.conf). I still intend to keep building jails "old fashion > >>>>> way" > >>>>> as described in handbook, as opposed to using tools "ezjail" or > >>>>> similar. > >>>>> > >>>>> Thanks for all your advises! > >>>>> > >>>>> Valeri > >>>>> > >>>> > >>>> Check out the jail-primer and qjail port. > >>> > >>> (adding freebsd-jail list) > >>> > >>> Ernie, I don't think that this is what Valeri was looking for. Those > are > >>> both jail-management utilities not really documentation on using > jail(8) > >>> via configuration using jail.conf(5). > >>> > >>> I would be indeed be interested in a modern best-practices guide for > >>> using the base system jail management tools. > >> > >> Michael, thanks for your comment. You certainly are right. > >> > >> Ernie, thanks for your pointers. They are not exactly a chapter on how > to > >> do the whole jail manually new style - exactly as Michael says - simil= ar > >> to what is found in FreeBSD handbook (alas, for old style). However, > >> thanks to your pointer, I've found http://jail-primer.sourceforge.net/ > >> which at a first glance looks comprehensive and decent reading, and > >> combined with my experience of setting up jails "by the book" in the > past, > >> is sufficient for me to do the same /etc/jail.conf way - I've got one > >> running already; it will need some careful walkover sill, but I'm in > >> business. > > > > You can do your work with jails the same way (creation, updating, > upgrading...). You just need to convert your rc.conf configuration in to > jail.conf, which is more flexible. > > Automatic conversion (by rc.d/jail from FreeBSD 10.x) didn't work for > me. Manual creation of jail.conf was easy. > > we currently use ezjail and on other boxes we roughly do it like this: > > > http://savagedlight.me/2014/03/14/freebsd-jail-server-with-zfs-clone-and-= jail-conf/ > > at least, that=E2=80=99s pretty close to how we do it. On UFS based syste= ms we use > cpdup instead of the ZFS cloning. > > For upgrades, we use Matt Simerson=E2=80=99s very nice `jailmanage` scrip= t: > > https://www.tnpi.net/computing/freebsd/jail_manage.txt > > which is pretty straight forward and just helps you with things (running > freebsd-update etc) and doesn=E2=80=99t lock you in. Our jail.conf looks = like this: > > -- > exec.start =3D "/bin/sh /etc/rc"; > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > exec.clean; > mount.devfs; > path =3D "/usr/jails/$name=E2=80=9C; > > jailname { > host.hostname =3D 'jailname'; > ip4.addr =3D x.x.x.x; > } > -- > > and then we just repeat the jailname-blocks. `jailmanage` expects each > block to start like this. > > HTH, > > Philip > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"