[HowTo] Setup A Jail Ontop of FreeNAS 8.x
(c) FreeNAS Documentation & Support Team
by Christian Degen <bubulein@freenas.org>
This is a Quick 'n Dirty HowTo for more information checkout
- http://en.wikipedia.org/wiki/FreeBSD_jail
- http://www.freebsd.org/doc/handbook/jails.html
Note about my Setup:
Host
- teufelchen.fantaranch.tld
- 192.168.1.10
- teufelchen#
Jail
- alcatraz.fantaranch.tld
- 192.168.1.30
- alcatraz#
Filesystem Layout
- tank my zpool, /mnt/tank
- tank/freebsd FreeBSD related files
- tank/alcatraz dataset for the jail
Here We Go
SSH into yuo FreeNAS and become root. The datasets can be created on the WebUI, for demonstration i will use commanline only.
teufelchen# zfs create tank/freebsd
teufelchen# zfs create tank/alcatraz
Download the FreeBSD Base-Files
In this case via rsync from a german server. The strange commandsysntax makes sure that the correct files for your Version and Architecture are downloaded.
teufelchen# cd /mnt/tank/freebsd/
teufelchen# rsync -av ftp.de.freebsd.org::FreeBSD/releases/`uname -m`/`uname -r | cut -d- -f1-2`/base/ `uname -r | cut -d- -f1-2`_`uname -m`_base
receiving incremental file list
created directory 8.2-RELEASE_amd64_base
./
CHECKSUM.MD5
CHECKSUM.SHA256
base.aa
base.ab
[...]
base.mtree
install.sh
sent 925 bytes received 60508876 bytes 661309.30 bytes/sec
total size is 60498897 speedup is 1.00
Extract the files into your new jails root directory.
teufelchen# cd 8.2-RELEASE_amd64_base/
teufelchen# cat base.?? | tar --unlink -xpzf - -C /mnt/tank/alcatraz/
Now we need todo some changes to /etc/rc.conf. You can reboot at any point and the original FreeNAS freenas file will be restored.
Mount / read write to allow changes
teufelchen# mount -urw /
Append the necessary settings to your rc.conf
teufelchen# cat << ! >> /etc/rc.conf
? ### jail related settings ###
? jail_enable="YES"
? jail_list="alcatraz"
? jail_alcatraz_rootdir="/mnt/tank/alcatraz"
? jail_alcatraz_hostname="alcatraz.fantaranch.tld"
? jail_alcatraz_ip="192.168.1.30"
? jail_alcatraz_interface="alc0"
? jail_alcatraz_devfs_enable="YES"
? jail_alcatraz_mount_enable="YES"
? jail_alcatraz_fstab="/mnt/tank/freebsd/fstab.alcatraz"
? !
Create a fstab file for your jail, here you can place any filesystem to munt the fstab style.
teufelchen# touch /mnt/tank/freebsd/fstab.alcatraz
Set a DNS, here OpenDNS
teufelchen# echo "nameserver 208.67.222.222" >> /mnt/tank/alcatraz/etc/resolv.conf
And set the timezone
teufelchen# cp /etc/localtime /mnt/tank/alcatraz/etc/
Now you can start your jail.
teufelchen# /etc/rc.d/jail start
Configuring jails:.
Starting jails: alcatraz.fantaranch.tld.
List running jails, the JID (JailID) is necessary to enter the jail.
teufelchen# jls
JID IP Address Hostname Path
14 192.168.1.30 alcatraz.fantaranch.tld /mnt/tank/alcatraz
teufelchen# jexec 14
Now you can follow any FreeBSD/Jail related docs.
alcatraz#
Tip:
checkout
teufelchen# sysctl -a | grep jail
security.jail.param.cpuset.id: 0
security.jail.param.host.hostid: 0
security.jail.param.host.hostuuid: 64
security.jail.param.host.domainname: 256
security.jail.param.host.hostname: 256
security.jail.param.children.max: 0
security.jail.param.children.cur: 0
security.jail.param.enforce_statfs: 0
security.jail.param.securelevel: 0
security.jail.param.path: 1024
security.jail.param.name: 256
security.jail.param.parent: 0
security.jail.param.jid: 0
security.jail.enforce_statfs: 2
security.jail.mount_allowed: 1
security.jail.chflags_allowed: 1
security.jail.allow_raw_sockets: 0
security.jail.sysvipc_allowed: 0
security.jail.socket_unixiproute_only: 1
security.jail.set_hostname_allowed: 1
security.jail.jail_max_af_ips: 255
security.jail.jailed: 0
Have Fun <necromancer>