Management and Repository for FreeBSD Jails

Attention! Current pages describe CBSD version 10.1.4. If you are using an older version, please update first.

Attention! I apologize for the automatic translation of this text. You can improve it by sending me a more correct version of the text or fix html pages via GITHUB repository.

Profiles for jail creation

Command: jcreate

                        % cbsd jcreate

Description

Suppose you need to stamp the same type of jails which must be installed and configured a certain list of software, for example, a environment with nginx WEB server with custom index.html. You can create a jail (eg jail1), perform any necessary adjustments and make jexport. After that, when you will need a new instance, run the command:

   % cbsd jimport jname=jail1 newjname=jail2

Creating an image on the basis of jail1 copy of the new environment named jail2. Also, for these purposes can use the jclone. However, it is not always convenient (especially in terms of maintaining the software up to date in the original box), so take the opportunity to apply profiles and apply alternative skel-directories for the application we need changes on the fly when creating jails.

Example:

1) Write jconf:

If you want to create a non-interactive scripts (without you), create a template on which to create new jail by CBSD scripts. To do this, run cbsd jconstruct-tui and on the question "Do you want to create jail immediately?" answer is negative. In this case, the command to be withdrawn for jcreate and the path to jconf - this is the configuration for which you are creating the jail. Alternatively, it is possible to write manually, for example:

% mkdir /root/share
% cat > /root/share/nginx.jconf << EOF
jname="jail1";
path="/usr/jails/jails/jail1";
host_hostname="jail1.my.domain";
ip4_addr="DHCP";
mount_devfs="1";
allow_mount="1";
allow_devfs="1";
allow_nullfs="1";
mount_fstab="/usr/jails/jails-fstab/fstab.jail1";
arch="amd64";
mkhostsfile="1";
devfs_ruleset="4";
ver="10.1";
basename="";
baserw="0";
mount_src="0";
mount_obj="0";
mount_kernel="0";
mount_ports="1";
astart="1";
data="/usr/jails/jails-data/jail1-data";
vnet="0";
applytpl="1";
mdsize="0";
rcconf="/usr/jails/jails-rcconf/rc.conf_jail1";
floatresolv="1";

exec_poststart="0";
exec_poststop="";
exec_prestart="0";
exec_prestop="0";

exec_master_poststart="0";
exec_master_poststop="0";
exec_master_prestart="0";
exec_master_prestop="0";
pkg_bootstrap="1";
user_pw_root='rootpw'
interface="auto"
jailskeldir="/root/share/nginx-jail"
pkglist="/root/share/pkglist.txt";
exec_start="/bin/sh /etc/rc"
exec_stop="/bin/sh /etc/rc.shutdown"
EOF

Where the most important for us:

  • jail1 - jail name
  • user_pw_root - parameter sets the appropriate root password (you can generate password file instead in skel-dir)
  • ip4_addr="DHCP" - causes CBSD take the first free IP range of nodepool
  • jailskeldir="/root/share/nginx-jail" - alternative path to skel-dir, applied after the jail creation
  • pkglist="/root/share/pkglist.txt" - path to a file that defines a set of software in the cell when it is created

2) Write pkglist.txt

Just listed origin or packagename of software that want to get in the jail:

% cat > /root/share/pkglist.txt << EOF
www/nginx
shells/bash
EOF

3) skel-directories

Custimize directories of additional files that are copied to the jail. Namely - prescribe nginx in rc.conf inside the jail and push into /usr/local/www/nginx/index.html some text to output:

% cp -a /usr/local/cbsd/share/jail-skel /root/share/nginx-jail
% mkdir -p /root/share/nginx-jail/usr/local/www/nginx
% cat > /root/share/nginx-jail/usr/local/www/nginx/index.html << EOF
<html>
   <body>
      <pre>
      It's been a hard day's night
      And I've been working like a dog
      It's been a hard day's night
      I should be sleeping like a log
      </pre>
   </body>
</html>
EOF
% sysrc -f /root/share/nginx-jail/etc/rc.conf nginx_enable="YES"

4) the creation and launch

Create a environment, run and check:

% cbsd jcreate jconf=/root/share/nginx.jconf
% cbsd jstart jail1
% curl http://X.Y.N.M
      It's been a hard day's night
      And I've been working like a dog
      It's been a hard day's night
      I should be sleeping like a log

Profiles for jconstruct-tui

If you want to manually create these jails, choosing when it should be necessary skel-directories or the default settings, create the directory $workdir/etc file named jail-freebsd-XXXX.conf with minimum content:

jail_profile="XXX"

where XXX - name of the profile. Profile vnet in CBSD is created as an example, you see it in $workdir/etc/defaults/jail-freebsd-vnet.conf

In turn, it overwrites the default values from the profile defaults: jail-freebsd-default.conf

If you rarely use the default profile and want to CBSD default offered at your profile, change the value default_profile putting it in the name of your profile:

echo 'default_profile="XXX"' > ~cbsd/etc/jail-freebsd-default.conf

Please note that the files in the $workdir/etc/defaults can not be edited - as well as in the /etc/defaults. If you want to override the default values, copy the directory $workdir/etc/defaults file with the same name in the directory $workdir/etc and change

Copyright © 2013—2015 CBSD Team.