Jail question: packages with relative symlinks

James B. Byrne byrnejb at harte-lyne.ca
Mon Aug 31 17:18:10 UTC 2020 


On Fri, August 28, 2020 00:19, David Christensen wrote:
> On 2020-08-27 19:59, Valeri Galtsev wrote:
>> When I said in my OP "I set up jails by the book" I meant FreeBSD Handbook,
>> not any of printed books.
>
> Yes, I saw that.  Unfortunately, I have found the FreeBSD Handbook to be
> a mixed blessing -- some subjects are current and others are out of
> date.  Same comment for man pages.  af3e and fmjail are both recent.  If
> and when FreeBSD revises jails, I may have to find a new resource.
>

If you are using ZFS on FreeBSD then IOCage is about as straight forward a
means of setting up jails that you are going to find.  If you are not using ZFS
then IOCage is not an option.

The man page for IOcage is as complete as any I have encountered.  For that
matter, so is the man page for jails.  The advantage of IOCage is that is
simplifies the user command line and infers the necessary options when
maintaining a jail. This makes jails a more accessible option for sys admins
with limited knowledge on the subject.

IOCage setup of a jail on FreeBSD goes something like this:

pkg search iocage
pkg install py3?-iocage  # py prefix will vary over time
iocage activate zroot    # zroot is the zfs pool name used - may be different

iocage create --thickjail --release latest \
 --name jailname \
   ip4_addr="em0|192.168.216.88" \               # em0 replace with hosrt i/f
   host_hostname="jailname.example.com" \
   assign_localhost="YES" \                      # provide lo0 address if YES
   localhost_ip="127.0.88.1" \                   # not needed if localhost = NO
   allow_raw_sockets="YES" \                     # needed for ping
   allow_sysvipc="YES" \
   boot="NO"                                     # for start on boot set to YES

Jails will use the settings in the host's resolv.conf unless explicitly set as
follows.  Changes made to resolv.conf in the jail will not survive a restart.

   resolver="search hamilton.harte-lyne.ca harte-lyne.ca;nameserver
216.185.71.33;nameserver 216.185.71.34;options edns0 timeout:3 attempts:3"

You need to review the contents of the jails's  /etc/hosts and make sure that
the localhost setting are exactly as you expect.

You start the jail with iocage start jailname
You obtain access using iocage console jailname
The root filesystem is located at /zroot/iocage/jails/jailname/root/
The jail's root user directory is: /zroot/iocage/jails/jailname/root/root/
The jail's console log is /zroot/iocage/log/jailname-console.log
An iocage jail has two zfs datasets: zroot/iocage/jails/jailname and
zroot/iocage/jails/jailname/root

And that should be it.

Updating iocage jails is covered more than adequately in the man pages.






-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the freebsd-questions mailing list