And how to proceed correctly in the construction of to standard jail or of jails numbers? The description in Handbook is quite confusing.
From 0 to 10 jails, in ~90 seconds: by Chris Hutchinson (
Chris_H )
Prerequisites:
A previous build/install world/kernel has already been performed on the host box
(the box the jails will be used, and run on).
The host box already has a copy of
src, and
ports.
What's missing:
The necessary bits to provide access to the internet. I have
intentionally
left this part out. As it adds another layer of complexity to this process, and
does not lend itself to the task of basic
jail(8) creation. Those even
somewhat familiar with
jail
will have no difficulty adding the
few necessary bits to permit internet access from within the
jail(8)s.
File system layout:
Code:
/var/jails/one
/var/jails/two
/var/jails/three
/var/jails/four
/var/jails/five
/var/jails/six
/var/jails/seven
/var/jails/eight
/var/jails/nine
/var/jails/ten
rc.conf(5) (
jail(8)) additions:
Code:
jail_enable="YES"
# redundant, but placed here for clarity
jail_list="one two three four five six seven eight nine ten"
jail.conf(5):
Code:
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
path = "/var/jails/$name";
The following could easily be condensed into one small(er) script.
But I've broken the steps out in hopes of making things (hopefully) clearer.
Create ten jail dirs:
Code:
jails="one two three four five six seven eight nine ten" \
for name in $jails do \
mkdir -p /var/jails/$name \
done
Assuming you've already built "world", and a custom kernel:
cd /usr/src/
make installworld DESTDIR=/tmp/jailprimer
make distribution DESTDIR=/tmp/jailprimer
Code:
jail="one two three four five six seven eight nine ten" \
for name in $jail do \
cd $jail && rsync -a /tmp/jailprimer . \
done
Code:
jails="one two three four five six seven eight nine ten" \
for name in $jails do \
mount -t devfs devfs /jails/$name/dev \
done
copy jail section from /etc/defaults/devfs.rules to /etc/devfs.rules
Code:
jails="one two three four five six seven eight nine ten" \
for name in $jails do \
devfs -m /jails/$name/dev rule -s 4 applyset \
done
The following two steps are a
complete waste of time, and space.
As they would be much better implimented with
nullfs(5), or
symlink(2) to
read only copies of the file trees, within
each of the jails. But is used here for illustrative purposes.
Place copy of
src in each of the jails:
Code:
jails="one two three four five six seven eight nine ten" \
for name in $jails do \
cd /var/jails/$name/usr && rsync -a </path/to/virgin/src/tree> . \
done
Place a copy of the
ports tree within each of the jails:
Code:
jails="one two three four five six seven eight nine ten" \
for name in $jails do \
cd $name/usr && rsync -a </path/to/virgin/ports/tree> . \
done
Finally
inspect, then copy /etc/resolv.conf /jails/<jail-name>/etc/
login to perform tasks -- root password,
adduser(8),
newaliases(1),
tzsetup(8)
Do so for each of the jails (<jail-name>) thusly:
jail -c path=/jails/<jail-name> command=/bin/sh
done!
and hope this helped.
--Chris