Nethence Documentation Lab Webmail Your IP BBDock  


Those documents are obsolete, please use the Nethence Documentation instead.

HomeUnixWindowsOracleObsoleteHardwareDIYMechanicsScriptsConfigsPrivate

DragonflyBSD jail host configuration
 
http://pbraun.nethence.com/doc/sysutils_bsd/dragonflybsd.html
http://pbraun.nethence.com/doc/sysutils_bsd/freebsd.html
http://pbraun.nethence.com/doc/sysutils_bsd/jail.html
 
 
Host configuration
On the real system which is going to host the jail guests.
 
Disable some daemons,
cd /etc/
vi rc.conf
add/change,
inetd_enable=no
rpcbind_enable=no
sendmail_enable=no
sendmail_submit_enable=no
sendmail_outbound_enable=no
sendmail_msp_queue_enable=no
 
General jail settings,
jail_enable=yes
jail_list="jailname"
Note. jail_list lists jails to be started with a simple space separator.
Note. jail_set_hostname_allow is set to yes by default (/etc/defaults/rc.conf)
 
Jail guest settings,
jail_jailname_devfs_enable=yes
jail_jailname_rootdir=/data/guests/jailname
jail_jailname_hostname=jailname.example.local
jail_jailname_interface=alc0
jail_jailname_ip=192.168.0.3
ifconfig_lnc0_alias0="inet 192.168.0.3 netmask 255.255.255.255"
Note. change the ip accordingly
Note. for ip aliases, the netmask should be /32
Note. change the network interface name/driver accordinly
Note. apply those patches to mount devfs for the jail guest (at least it's needed for dfly 2.8.2),
http://pbraun.nethence.com/code/sysutils_dragonflybsd/jail.patch
http://pbraun.nethence.com/code/sysutils_dragonflybsd/rc.conf.patch
otherwise, without devfs, you wouldn't be able to ping,
ping: socket: Operation not permitted
nor to ps,
ps: bad namelist - no kernbase
 
No services other than ssh, syslog and cron should be running on the host system. Prevent sshd from listening on ip aliases,
cd /etc/ssh/
vi sshd_config
change,
ListenAddress 192.168.0.2
apply,
/etc/rc.d/sshd restart
 
At last, it's also recommended to file-resolve the jail guests from the host,
cd /etc/
vi hosts
Note. besides, we're copying that one to guests' config later on.
 
 
Making a jail guest
Upload and extract the memstick image,
bunzip2 dfly-x86_64-2.8.2_REL.img.bz2
mkdir -p /mnt/memstick/
vnconfig vn0 dfly-x86_64-2.8.2_REL.img
mount /dev/vn0s1a /mnt/memstick/
cd /mnt/memstick/
 
Install a jail guest from the host,
mkdir -p /data/guests/jailname/
cd /data/guests/jailname/
for dir in \
bin dev etc.hdd root sbin sys tmp usr var; do
cpdup /mnt/memstick/$dir $dir
done
mv etc.hdd/ etc
ls -ld tmp/
  mkdir -p mnt/ proc/
Note. no need to copy boot/, also, it's therefore easy to recognize a jail guest without that dir.
Note. it's etc.hdd we want for the harddisk. etc itself is for the cdrom/memstick
Note. no need to MAKEDEV anymore. devfs does it for you.
Refs.
less /mnt/memstick/README
less /mnt/memstick/README.USB
 
 
Ready to go
Enable jail on the host and start the jail guest,
/etc/rc.d/jail restart
 
Get into the jail guest,
jls
jexec 1 csh
and proceed with your usual post-installation procedure (http://pbraun.nethence.com/doc/sysutils_bsd/jail_guest.html) but eventually skip those steps;-)
cd /data/guests/jailname/etc/
cp /etc/hosts .
cp /etc/resolv.conf .
 
 
Usage
To start/stop a jail guest,
/etc/rc.d/jail stop jailname
/etc/rc.d/jail start jailname
 
 
References
http://www.dragonflybsd.org/docs/handbook/handbook-jails-build/
 

Last update: Jan 03, 2011