Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Sep 10th, 2011  |  syntax: None  |  size: 3.87 KB  |  views: 1,247  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. [HowTo] Setup A Jail Ontop of FreeNAS 8.x  
  2. (c) FreeNAS Documentation & Support Team
  3.       by Christian Degen <bubulein@freenas.org>
  4.  
  5. This is a Quick 'n Dirty HowTo for more information checkout
  6.   - http://en.wikipedia.org/wiki/FreeBSD_jail
  7.   - http://www.freebsd.org/doc/handbook/jails.html
  8.  
  9. Note about my Setup:
  10.   Host
  11.   - teufelchen.fantaranch.tld
  12.   - 192.168.1.10
  13.   - teufelchen#
  14.   Jail
  15.   - alcatraz.fantaranch.tld
  16.   - 192.168.1.30
  17.   - alcatraz#
  18.  
  19.   Filesystem Layout
  20.     - tank              my zpool, /mnt/tank
  21.     - tank/freebsd      FreeBSD related files
  22.     - tank/alcatraz     dataset for the jail
  23.  
  24. Here We Go
  25.  
  26. SSH into yuo FreeNAS and become root. The datasets can be created on the WebUI, for demonstration i will use commanline only.
  27.  
  28. teufelchen# zfs create tank/freebsd
  29. teufelchen# zfs create tank/alcatraz
  30.  
  31. Download the FreeBSD Base-Files
  32.  
  33. In this case via rsync from a german server. The strange commandsysntax makes sure that the correct files for your Version and Architecture are downloaded.
  34.  
  35. teufelchen# cd /mnt/tank/freebsd/
  36. teufelchen# rsync -av ftp.de.freebsd.org::FreeBSD/releases/`uname -m`/`uname -r | cut -d- -f1-2`/base/ `uname -r | cut -d- -f1-2`_`uname -m`_base
  37. receiving incremental file list
  38. created directory 8.2-RELEASE_amd64_base
  39. ./
  40. CHECKSUM.MD5
  41. CHECKSUM.SHA256
  42. base.aa
  43. base.ab
  44. [...]
  45. base.mtree
  46. install.sh
  47.  
  48. sent 925 bytes  received 60508876 bytes  661309.30 bytes/sec
  49. total size is 60498897  speedup is 1.00
  50.  
  51.  
  52. Extract the files into your new jails root directory.
  53.  
  54. teufelchen# cd 8.2-RELEASE_amd64_base/
  55. teufelchen# cat base.?? | tar --unlink -xpzf - -C /mnt/tank/alcatraz/
  56.  
  57.  
  58. Now we need todo some changes to /etc/rc.conf. You can reboot at any point and the original FreeNAS freenas file will be restored.
  59.  
  60.  
  61. Mount / read write to allow changes
  62.  
  63. teufelchen# mount -urw /
  64.  
  65. Append the necessary settings to your rc.conf
  66.  
  67. teufelchen# cat << ! >> /etc/rc.conf
  68. ? ### jail related settings ###
  69. ? jail_enable="YES"
  70. ? jail_list="alcatraz"
  71. ? jail_alcatraz_rootdir="/mnt/tank/alcatraz"
  72. ? jail_alcatraz_hostname="alcatraz.fantaranch.tld"
  73. ? jail_alcatraz_ip="192.168.1.30"
  74. ? jail_alcatraz_interface="alc0"
  75. ? jail_alcatraz_devfs_enable="YES"
  76. ? jail_alcatraz_mount_enable="YES"
  77. ? jail_alcatraz_fstab="/mnt/tank/freebsd/fstab.alcatraz"
  78. ? !
  79.  
  80.  
  81. Create a fstab file for your jail, here you can place any filesystem to munt the fstab style.
  82.  
  83. teufelchen# touch /mnt/tank/freebsd/fstab.alcatraz
  84.  
  85. Set a DNS, here OpenDNS
  86.  
  87. teufelchen# echo "nameserver 208.67.222.222" >> /mnt/tank/alcatraz/etc/resolv.conf
  88.  
  89. And set the timezone
  90.  
  91. teufelchen# cp /etc/localtime /mnt/tank/alcatraz/etc/
  92.  
  93.  
  94. Now you can start your jail.
  95.  
  96. teufelchen# /etc/rc.d/jail start
  97. Configuring jails:.
  98. Starting jails: alcatraz.fantaranch.tld.
  99.  
  100. List running jails, the JID (JailID) is necessary to enter the jail.
  101.  
  102. teufelchen# jls
  103.    JID  IP Address      Hostname                      Path
  104.     14  192.168.1.30    alcatraz.fantaranch.tld       /mnt/tank/alcatraz
  105. teufelchen# jexec 14
  106.  
  107. Now you can follow any FreeBSD/Jail related docs.
  108.  
  109. alcatraz#
  110.  
  111. Tip:
  112. checkout
  113. teufelchen# sysctl -a | grep jail
  114. security.jail.param.cpuset.id: 0
  115. security.jail.param.host.hostid: 0
  116. security.jail.param.host.hostuuid: 64
  117. security.jail.param.host.domainname: 256
  118. security.jail.param.host.hostname: 256
  119. security.jail.param.children.max: 0
  120. security.jail.param.children.cur: 0
  121. security.jail.param.enforce_statfs: 0
  122. security.jail.param.securelevel: 0
  123. security.jail.param.path: 1024
  124. security.jail.param.name: 256
  125. security.jail.param.parent: 0
  126. security.jail.param.jid: 0
  127. security.jail.enforce_statfs: 2
  128. security.jail.mount_allowed: 1
  129. security.jail.chflags_allowed: 1
  130. security.jail.allow_raw_sockets: 0
  131. security.jail.sysvipc_allowed: 0
  132. security.jail.socket_unixiproute_only: 1
  133. security.jail.set_hostname_allowed: 1
  134. security.jail.jail_max_af_ips: 255
  135. security.jail.jailed: 0
  136.  
  137. Have Fun <necromancer>