BSDStore
management and repository for FreeBSD jails

Attention! I apologize, but it is automatic machine translation of the text. You can improve it if will send to me more correct version of the text or fix html pages via GITHUB repository.

Installing cbsd


Requirements

Since cbsd - it's only a number of simplifying the work with the jails scripts, fits any hardware on which the start FreeBSD. It is assumed that cbsd is installed on a clean, freshly installed FreeBSD, because the setting is a number of configuration files was changed. For full work is desirable:
  • FreeBSD version greater r equal of 9.1-RELEASE.
  • amd64 architecture, because the development is carried out under it.
  • ZFS file system, because the use of a number of possibilities offered by ZFS.
  • kernel with RACCT/RCTL and VIMAGE support (cbsd can fetch out a kernel from own repository with your consent)

cbsd versioning

The first two digits of the cbsd version related to FreeBSD versions for which it was developed and tested. Version 9.2.0 means that scripts were written for FreeBSD 9.2. The third number figure means the cbsd version.

Installation and preparation cbsd

1)

a) cbsd can be install via FreeBSD ports tree:


    % make -C /usr/ports/sysutils/cbsd install
or from repository: 

    % pkg install cbsd
or

b) after installing the required dependencies: libssh2, sudo, rsync, sqlite3


    % make -C /usr/ports/security/sudo install
    % make -C /usr/ports/security/libssh2 install
    % make -C /usr/ports/net/rsync install
    % make -C /usr/ports/databases/sqlite3 install
    % make -C /usr/ports/devel/git install
get the latest version of cbsd from github: 

% git clone https://github.com/olevole/cbsd.git /usr/local/cbsd
2)

In classical installation, cbsd contains in two copies. One of them (/usr/local/cbsd), contains a distribution kit, an initial code and configuration files by default. Also, this copy can be used for management of jails in case the main copy is damaged (for example was incorrectly updated). The index of with what catalog of scripts to work is the environment variable workdir.

For initialization of a working (main) copy of cbsd, use initenv command, with which start in the first call it is necessary to specify through an environment variable workdir the place of the working catalog and also to answer a number of questions.

3) Initialization with the working catalog into /usr/jails:

 

% env workdir="/usr/jails" /usr/local/cbsd/sudoexec/initenv
At the first start dialogue a question-answer on the main settings of a node will proceed. The expected user input system writes as an example (e.g.). By pressing Enter with not filled value system will be used value from example. After each updating cbsd, initenv it is necessary to cause again. The next times of initenv can be started through cbsd without env(settings of the working dir will be stored in /etc/rc.conf).

At the first initialization the following questions can meet:

  • Please fill nodename - Node name. If there will be a work with several nodes, this name should be unique. It is recommended to use a name, similar full hostname (including domain). This name is used at work with data of servers with remote hosts. Example: node1.my.domain.
  • Please fill nodeip - Working and static IP address of a node. It shouldn't be alias and it is desirable to register this IP on the separately interface (free from any other except a management-traffic). For example: 192.168.1.2
  • Please fill nodeloc - Information strings. It will be used in the future in the WEB interface. Here it is possible to leave information on a geographical place of this nodes. For example: USA, Dallas DC.
  • Please fill jnameserver - The DNS list the server, established in /etc/resolv.conf for created jails. If them a more than one - a comma separated. It is recommended to enable on master-node local named for a caching of requests. In order that jails could use it, it is necessary in /etc/namedb/named.conf replace string

listen-on       { 127.0.0.1; };
to 

listen-on       { any; };
and, if the IP address of a node 192.168.1.2 to specify in this field: 192.168.1.2,8.8.8.8 (having registered primary DNS - local, the second - public DNS from Google). For automatic start of named, in /etc/rc.conf you must have: 

named_enable="YES"
then execute: 
service named start


service named start
  • Please fill nodeippool - The list of subnets in which it is permitted to be started the jails. If networks more then one - use spacel as delimer. For example: 10.0.0.0/24 192.168.1.128/29
  • Please fill natip - Here it is necessary to enter the IP address which will represent itself as NAT for private addresses. Usually it is IP of your node. For example: 192.168.1.2
  • Please fill fbsdrepo - Whether to use an official repository of FreeBSD for base/templates. The answer 1 or 2 is expected. If on officidal FreeBSD servers base it is not revealed - cbsd repository is used. For example: 1.
  • Please fill zfsfeat - Whether to use possibilities of file system ZFS (clones, snapshots). The answer 1 or 2 is expected. The question won't be, if the system is started not on ZFS.
  • Please fill mdtmp - Whether to create memory-disk through which the system will perform temporary operations over files (lock-files, temporary copy of config files). By default, the disk equals 8MB.
  • Configure NAT for RFC1918 Network? - Whether to use network address translation (NAT) for private addresses? When jails are created in RFC1918 networks, it is necessary to enable for internet access. For example: 1.
  • Which one NAT framework should be use: [pf or ipfw]- What tool for NAT to prefer. Recommended - pf. For example: 1

    Warning: all settings stored in the file $workdir/nc.inventory also can be changed in any favorite editor. If you want to initiate a dialogue with the initial configuration again, simply delete this file.

Attention! During the first installation, the system create user named cbsd with access to the shell through which cbsd's remote nodes will communicate via ssh. Please take the choice of complex password with the maximum attention. After first cbsd initenv the password can be changed via the standard command passwd cbsd