Mark Shroyer wrote:
On 3/21/2010 1:10 AM, Aiza wrote:
I don't have sources installed on my system. Just use the binary
Freebsd-update function. At new releases I do a clean install.
I only have a single public IP address.
Now I would like to play with jails. One for postfix, apache, and ftp.
My reading of EZJAIL and the jails section of the handbook lead me to
believe I need a unique IP address for each jail. Is that correct?
Yes. But if you have only one public IP address, you can give the jail
a loopback interface with an address in 127.0.0/24 or one of the RFC
1918 private blocks (there's some debate as to which is the more
"correct" type of address to use, but either will work), then use NAT if
you need your jail to be able to access the Internet.
If it helps you to reason about this, keep in mind that your jail does
*not* have its own virtualized network stack, like with Solaris Zones
for instance. The best way to think about your jails is as a group of
processes running on the same operating system as the host, just with
the restriction that (among other things) they can only communicate with
the outside world using a limited subset of the IP addresses available
to non-jailed processes.
Does the ip address notation for the jail include the port number?
Like 10.0.20.2:80 Nat port forwarding is the long way around just to get
the correct port number to the jail ip address.
I have no need to build world or install world because it does this from
/usr/src which i don't install. Is there some EZJAIL option to just copy
over the running system binaries instead of the sources?
Until recently, the method for creating ezjail's "basejail" was to issue
the "ezjail-admin update" command, which compiles the basejail from
/usr/src. Just recently an "ezjail-admin install" command was added,
which downloads binaries from a FreeBSD FTP server instead. So you
shouldn't need sources to get started, however I'm not sure what the
update mechanism is if you use the install command.
I found the man ezjail-admin has this format
ezjail-admin install -h file:// Where -h file:// means get the
binaries from the host system the jails are running on. Am I correct?
The handbook "15.4 Creating and Controlling Jails" talks about
“complete” jails, which resemble a real FreeBSD system, and “service”
jails, dedicated to one application or service. Section 15.4 is the
procedure for building a "complete jail" using the jail command.
The 15.6 Application of Jails (service jails) talks about creating a
root skeleton containing the host running files which are shared with
all the guest jails in read only mode. This eliminates the massive
duplication of running system files in each jail as in the complete jail
system talked about in handbook section "15.4 Creating and Controlling
Jails".
Now reading the ezjail man pages I see that ezjail also creates a base
template that is shared between all jails. Is this the same method
talked about in the handbook section 15.6 Application of Jails (service
jail)?
It's essentially the same approach. (With ezjail you'll still be
duplicating binaries between the host system and the basejail, but I
wouldn't loose sleep over it.)
My understanding of handbook section 15.6 Application of Jails
(service jails)is a copy of the host binaries is populated into the
basejail and all the other jails have read only access to it. Each guest
jail also has a read/write space for installing ports/packages unique to
that jail including /var /usr /etc. Am I correct? Is this how ezjail is
configured now?
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
