Skip to content

Instantly share code, notes, and snippets.

@will118

will118/jails.md

Last active October 27, 2019 08:42
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save will118/ecfeea608074f12cd89668cf1dac4d44 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save will118/ecfeea608074f12cd89668cf1dac4d44 to your computer and use it in GitHub Desktop.
Download ZIP
freebsd zfs jails
Raw
jails.md

#Jails

Setup network

# /etc/rc.conf

pf_enable="YES"

cloned_interfaces="lo1"
ifconfig_lo1="inet 172.16.1.1 netmask 255.255.255.0"

# ifconfig_lo1_alias0="inet 172.16.1.2 netmask 255.255.255.255"

# /etc/pf.conf

ext_if = "em0"
media_int_if = "lo1"
mediajail_net = $media_int_if:network

MEDIAJAIL = "172.16.1.1"
MEDIAJAIL_TCP_PORTS = "{ 80, 443 }"

nat on $ext_if from $mediajail_net to any -> ($ext_if)
rdr pass on $ext_if inet proto tcp to port $MEDIAJAIL_TCP_PORTS -> $MEDIAJAIL

Actual jails

# /etc/jail.conf

# Global settings applied to all jails.

exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;

create all the jail directories and mount em

zfs create -p zpuddle/jails/releases/10.3-RELEASE
zfs set mountpoint=/usr/local/jails zpuddle/jails

get freebsd and shove it in that folder

fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.3-RELEASE/base.txz -o /tmp/base.txz
tar -xvf /tmp/base.txz -C /usr/local/jails/releases/10.3-RELEASE
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.3-RELEASE/lib32.txz -o /tmp/lib32.txz
tar -xvf /tmp/lib32.txz -C /usr/local/jails/releases/10.3-RELEASE
cp /etc/resolv.conf /usr/local/jails/releases/10.3-RELEASE/etc/resolv.conf

update

env UNAME_r=10.3-RELEASE freebsd-update -b /usr/local/jails/releases/10.3-RELEASE fetch install
env UNAME_r=10.3-RELEASE freebsd-update -b /usr/local/jails/releases/10.3-RELEASE IDS

make this our master zfs snapshot zpuddle/jails/releases/10.3-RELEASE@master

create the skeleton we will copy for each jail

zfs create zpuddle/jails/templates
zfs clone zpuddle/jails/releases/10.3-RELEASE@master zpuddle/jails/templates/base-10.3-RELEASE
zfs create -p zpuddle/jails/templates/skeleton-10.3-RELEASE
mkdir -p /usr/local/jails/templates/skeleton-10.3-RELEASE/usr /usr/local/jails/templates/skeleton-10.3-RELEASE/home
mv /usr/local/jails/templates/base-10.3-RELEASE/etc /usr/local/jails/templates/skeleton-10.3-RELEASE/etc
mv /usr/local/jails/templates/base-10.3-RELEASE/usr/local /usr/local/jails/templates/skeleton-10.3-RELEASE/usr/local
mv /usr/local/jails/templates/base-10.3-RELEASE/tmp /usr/local/jails/templates/skeleton-10.3-RELEASE/tmp
mv /usr/local/jails/templates/base-10.3-RELEASE/var /usr/local/jails/templates/skeleton-10.3-RELEASE/var
mv /usr/local/jails/templates/base-10.3-RELEASE/root /usr/local/jails/templates/skeleton-10.3-RELEASE/root

create the symlinks for the writeable stuff

cd /usr/local/jails/templates/base-10.3-RELEASE
mkdir skeleton
ln -s skeleton/etc etc
ln -s skeleton/home home
ln -s skeleton/root root
ln -s skeleton/tmp tmp
ln -s skeleton/var var
cd usr
ln -s ../skeleton/usr/local local

skeleton snapshot

zfs snapshot zpuddle/jails/templates/skeleton-10.3-RELEASE@skeleton
zfs clone zpuddle/jails/templates/skeleton-10.3-RELEASE@skeleton zpuddle/jails/mediajail

obvious echo hostname=\"mediajail\" > /usr/local/jails/mediajail/etc/rc.conf

add jail to jail.conf

mediajail {
    host.hostname = "mediajail.domain.local";
    path = "/usr/local/jails/mediajail";
    interface = "em0";
    ip4.addr = 172.16.1.1;
    mount.fstab = "/usr/local/jails/mediajail.fstab";
}

# /usr/local/jails/mediajail.fstab

/usr/local/jails/templates/base-10.3-RELEASE  /usr/local/jails/mediajail/ nullfs   ro          0 0
/usr/local/jails/mediajail     /usr/local/jails/mediajail/skeleton nullfs  rw  0 0
@will118

will118 commented May 28, 2016

Copy link
Copy Markdown
Author

this is a bit incomplete atm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment