On 5/9/06, Chad Leigh -- Shire.Net LLC <[EMAIL PROTECTED]> wrote:

On May 9, 2006, at 5:53 AM, Michael Grant wrote:

> When it comes time to upgrade, how does one upgrade 100 different
> jails?  This will be a nightmare!

Actually, not.  You only need 1 master jail and a bunch of nullfs
read only mounts plus some exclusive space for each jail.    I run 44
jails at the moment this way.  Upgrading is relatively easy as I only
have to upgrade one master jail (and unfortunately lots of jail etc
if such happens but a few scripts can automate much of that).

I basically set up

/local/jails/master  and install according to man jail into this
place.  I never start this jail.

I happen to use disk backed md devices as the root for each jail.  I
mount each on on /local/jail/<jailname>

Then I do

/sbin/mount_nullfs -o ro /local/jails/master/bin /local/jails/adcmw/bin
/sbin/mount_nullfs -o ro /local/jails/master/lib /local/jails/adcmw/lib
/sbin/mount_nullfs -o ro /local/jails/master/libexec /local/jails/
/sbin/mount_nullfs -o ro /local/jails/master/sbin /local/jails/adcmw/
/sbin/mount_nullfs -o ro /local/jails/master/usr /local/jails/adcmw/usr
/sbin/mount -t procfs proc /local/jails/adcmw/proc
devfs_domount /local/jails/adcmw/dev devfsrules_jail
devfs_set_ruleset devfsrules_jail /local/jails/adcmw/dev
/sbin/devfs -m /local/jails/adcmw/dev rule -s 4 applyset

In my master jail I have some symlinks so that each jail has its own /
usr/local/ that is writable.

All the jails run out of one installed jail and they also have the
side benefit of the main system directories being read only so
exploits in one jail cannot affect all the running jails.

I really like the setup you have make..

One question.How do you update the system(and the jail) ?
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to