- Define a root directory for the jail (e.g. /usr/jails/nginx);
mkdir -p /usr/jails/nginx
mount -t cd9660 /dev/cd0 /mnt/cdrom (adjust underlined if necessary)
In case the ISO file is used and it is located in the host, then:
mount -t cd9660 /dev/`mdconfig -f cdimage.iso` /mnt/cdrom (adjust underlined if necessary)
tar -xf /mnt/cdrom/usr/freebsd-dist/base.txz -C /usr/jails/nginx
Updated 27/03/2016
- Instead of mounting the ISO file, the tarballs with the binaries can be downloaded as below:
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.2-RELEASE/base.txz -o /tmp/base.txz
tar -xvf /tmp/base.txz -C /usr/jails/nginx
- Copy over the host's /etc/resolv.conf to the jail:
cp /etc/resolv.conf /usr/jails/nginx/etc/
- Start the jail for basic configuration (e.g. set root password). By exiting from the shell, the jail will be shut down:
jail -c path=/usr/jails/nginx command=bin/sh
- Edit /etc/freebsd-update.conf inside jail in order to avoid errors during FreeBSD update:
from
Components src world kernel
to
Components world kernel
Reason: there are no kernel or kernel sources inside the jail.
- Edit the host's /etc/rc.conf:
#Jails
jail_enable="YES"
jail_list="lighttpd nginx" #(LIST SEPARATED BY SPACE)
ifconfig_vmx3f0_alias0="inet 192.168.0.150/24"
ifconfig_vmx3f0_alias1="inet 192.168.0.151/24"
- Create an entry for the jail on the host's /etc/jail.conf:
nginx {
path = /usr/jails/nginx;
mount.devfs;
devfs_ruleset = 4;
host.hostname = nginx1.wb.lan;
ip4.addr = 192.168.0.151;
allow.chflags = 1;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
path = /usr/jails/nginx;
mount.devfs;
devfs_ruleset = 4;
host.hostname = nginx1.wb.lan;
ip4.addr = 192.168.0.151;
allow.chflags = 1;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
To list the active jails use:
jls
and to access the jail e.g. JID 2:
jexec 2 /bin/tcsh
References:
- https://www.freebsd.org/doc/handbook/jails-build.html
- https://www.freebsd.org/cgi/man.cgi?jail(8)
No comments:
Post a Comment