Skip to content. | Skip to navigation

Sections
Personal tools
What is this?
Hi, my name is Tom Lazar and I'm a Plone and Zope developer based in Berlin, Germany and this is my personal and professional (no big difference, really...) website.
Quills
Atom
RDF
RSS 2.0
Powered by Quills
 

using ezjail

Filed Under:

Taking ezjail by its word…

Tonight I decided to take Erdgeists ezjail for a spin, because I was setting up a development-, web- and file server for a new client and thought it would make a nice test case keeping stuff like samba and netatalk separate from apache, wordpress and mediawiki etc.

What follows are the (brief!) notes I took during following the “official documentation” – much of which has already been incorporated into those very pages by the time you’re reading this, because Erdgeist is sitting next to me on the couch as I’m writing ;-)

One a geek-sidenote: the hardware in question is located in fuxdata shop where it had been assembled and tested earlier today and where I had installed the base FreeBSD system this afternoon. I’m now accessing it via VPN from the comfort of Erdgeist’s sofa at 1 a.m. to finalize the setup – tomorrow morning when fuxdata opens, they can ship the machine to the client while I sleep… Modern technology does have it’s advantages at times ;-)

Anyway, to get started I recommend you first update your ports collection, because ezjail is under active development (current as of this writing is version 1.1) and the ports collection is the easiest way to install it. Then do cd /usr/ports/sysutils/ezjail ; make install

Make sure you have the FreeBSD source tree installed in /usr/src before you continue (if not, you can install it using sysinstall or cvsup, for example cvsup -g -L2 /usr/share/examples/cvsup/stable-supfile -h cvsupN.xx.freebsd.org where N is usually between 1 and 5 and xx your country code.

The first step is to install the basejail – this is done – somewhat surprisingly – using ezjail-admin’s update command (which you’ll later also use to keep that base jail up-to-date).

If you have recently already built a world you can pass the -i parameter to ezjail-admin – it will then execute make installworld without calling make buildworld first.

  • set ezjail_enable="YES" in /etc/rc.conf (you won’t have to set jail_enable as ezjail employs its own mechanisms – it won’t hurt, though, if you do.)

Now you are ready to install your first “real” jail:

ezjail-admin create JAILNAME JAILIP

Voila! Having previously only dabbled in jails manually I must say, that this really is a lot easier and will hopefully help increase the usage of jails in particular (and virtualization in general).
Weblog Authors

admin

admin

Tom Lazar

Location: Berlin, Germany
Tom Lazar