Re: /etc/jail.conf documentation?
Clint Armstrong wrote on 10/29/2015 12:53: A little while ago I wrote up an overview of how I build jails using jail.conf at http://clinta.github.io/freebsd-jails-the-hard-way/. I noticed your are using unionfs. Is it working without any problems? Every time (in the past) I read that somebody tried it, it always has some problems with stability etc. And what you are using to update / upgrade modified system files in thinjail1? (if nullfs ro shared base is updated / upgraded) Miroslav Lachman ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: /etc/jail.conf documentation?
On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: > Valeri Galtsev wrote: > > Dear All, > > > > Can someone recommend something similar to FreeBSD handbook that > > describes > > building jails for newer systems meaning /etc/jail.conf as opposed to > > /etc/rc.conf which handbook currently has in its jails chapter. I > > still > > have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is > > time > > to build 10.x production boxes, and do things modern way (implying > > /etc/jail.conf). I still intend to keep building jails "old fashion > > way" > > as described in handbook, as opposed to using tools "ezjail" or > > similar. > > > > Thanks for all your advises! > > > > Valeri > > > > Check out the jail-primer and qjail port. (adding freebsd-jail list) Ernie, I don't think that this is what Valeri was looking for. Those are both jail-management utilities not really documentation on using jail(8) via configuration using jail.conf(5). I would be indeed be interested in a modern best-practices guide for using the base system jail management tools. smime.p7s Description: S/MIME cryptographic signature
Re: /etc/jail.conf documentation?
On Wed, October 28, 2015 1:41 pm, Michael B. Eichorn wrote: > On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote: >> Valeri Galtsev wrote: >> > Dear All, >> > >> > Can someone recommend something similar to FreeBSD handbook that >> > describes >> > building jails for newer systems meaning /etc/jail.conf as opposed to >> > /etc/rc.conf which handbook currently has in its jails chapter. I >> > still >> > have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is >> > time >> > to build 10.x production boxes, and do things modern way (implying >> > /etc/jail.conf). I still intend to keep building jails "old fashion >> > way" >> > as described in handbook, as opposed to using tools "ezjail" or >> > similar. >> > >> > Thanks for all your advises! >> > >> > Valeri >> > >> >> Check out the jail-primer and qjail port. > > (adding freebsd-jail list) > > Ernie, I don't think that this is what Valeri was looking for. Those are > both jail-management utilities not really documentation on using jail(8) > via configuration using jail.conf(5). > > I would be indeed be interested in a modern best-practices guide for > using the base system jail management tools. Michael, thanks for your comment. You certainly are right. Ernie, thanks for your pointers. They are not exactly a chapter on how to do the whole jail manually new style - exactly as Michael says - similar to what is found in FreeBSD handbook (alas, for old style). However, thanks to your pointer, I've found http://jail-primer.sourceforge.net/ which at a first glance looks comprehensive and decent reading, and combined with my experience of setting up jails "by the book" in the past, is sufficient for me to do the same /etc/jail.conf way - I've got one running already; it will need some careful walkover sill, but I'm in business. Thanks again for your insights and help, Ernie and Michael! Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: /etc/jail.conf documentation?
> Am 28.10.2015 um 22:05 schrieb Miroslav Lachman <000.f...@quip.cz>:
>
> Valeri Galtsev wrote on 10/28/2015 21:25:
>>
>> On Wed, October 28, 2015 1:41 pm, Michael B. Eichorn wrote:
>>> On Wed, 2015-10-28 at 13:27 -0400, Ernie Luzar wrote:
Valeri Galtsev wrote:
> Dear All,
>
> Can someone recommend something similar to FreeBSD handbook that
> describes
> building jails for newer systems meaning /etc/jail.conf as opposed to
> /etc/rc.conf which handbook currently has in its jails chapter. I
> still
> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is
> time
> to build 10.x production boxes, and do things modern way (implying
> /etc/jail.conf). I still intend to keep building jails "old fashion
> way"
> as described in handbook, as opposed to using tools "ezjail" or
> similar.
>
> Thanks for all your advises!
>
> Valeri
>
Check out the jail-primer and qjail port.
>>>
>>> (adding freebsd-jail list)
>>>
>>> Ernie, I don't think that this is what Valeri was looking for. Those are
>>> both jail-management utilities not really documentation on using jail(8)
>>> via configuration using jail.conf(5).
>>>
>>> I would be indeed be interested in a modern best-practices guide for
>>> using the base system jail management tools.
>>
>> Michael, thanks for your comment. You certainly are right.
>>
>> Ernie, thanks for your pointers. They are not exactly a chapter on how to
>> do the whole jail manually new style - exactly as Michael says - similar
>> to what is found in FreeBSD handbook (alas, for old style). However,
>> thanks to your pointer, I've found http://jail-primer.sourceforge.net/
>> which at a first glance looks comprehensive and decent reading, and
>> combined with my experience of setting up jails "by the book" in the past,
>> is sufficient for me to do the same /etc/jail.conf way - I've got one
>> running already; it will need some careful walkover sill, but I'm in
>> business.
>
> You can do your work with jails the same way (creation, updating,
> upgrading...). You just need to convert your rc.conf configuration in to
> jail.conf, which is more flexible.
> Automatic conversion (by rc.d/jail from FreeBSD 10.x) didn't work for me.
> Manual creation of jail.conf was easy.
we currently use ezjail and on other boxes we roughly do it like this:
http://savagedlight.me/2014/03/14/freebsd-jail-server-with-zfs-clone-and-jail-conf/
at least, that’s pretty close to how we do it. On UFS based systems we use
cpdup instead of the ZFS cloning.
For upgrades, we use Matt Simerson’s very nice `jailmanage` script:
https://www.tnpi.net/computing/freebsd/jail_manage.txt
which is pretty straight forward and just helps you with things (running
freebsd-update etc) and doesn’t lock you in. Our jail.conf looks like this:
--
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
path = "/usr/jails/$name“;
jailname {
host.hostname = 'jailname';
ip4.addr = x.x.x.x;
}
--
and then we just repeat the jailname-blocks. `jailmanage` expects each block to
start like this.
HTH,
Philip
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
