OS

Dragonfly BSD 4.0.x

Date

10.04.2015

Jails in Dragonfly BSD

In this example we install a Jail called "mail" in /usr/jails/mail.

Create a Jail

# setenv D /usr/jails/mail
# mkdir -p $D                                     
# cd /usr/src
# make installworld DESTDIR=$D                    
# cd etc 
# make distribution DESTDIR=$D -DNO_MAKEDEV_RUN   
# cd $D
# ln -sf dev/null kernel
# mount_devfs -o jail $D/dev

/etc/rc.conf

To enable Jails you have to add the following lines in /etc/rc.conf

#Jails
jail_enable="YES"               # Set to NO to disable starting of any jails
jail_sysvipc_allow="YES"        # needed for Apache - see documentation
jail_list="mail"                # Space separated list of names of jails

Important: If your jail isn't listed in jails_list it won't auto start on reboot.

Each Jails needs its separate config in /etc/rc.conf. The following example is an IPv6-only Jail.

# Jail mail
jail_mail_rootdir="/usr/jails/mail"     # jail's root directory
jail_mail_hostname="mail.example.com"   # jail's hostname
jail_mail_ip="2910:16d8:2234::affe:3"   # jail's IP address
jail_mail_devfs_enable="YES"            # mount devfs 

Networking

Each Jail can have

You can use IPv4-localhost Addresses for Inter-Jail Communication.

Don't forget to add an Nameserver-Entry inside the jail. (/etc/resolv.conf)

The IP-Addresses themselves are just aliases of a physical NIC and have to be defined in /etc.rc.conf

Here's an example:

#IPv4 localhost Alias 
ifconfig_lo0_alias0="inet 127.0.0.10 netmask 255.255.255.255"
ifconfig_lo0_alias1="inet 127.0.0.11 netmask 255.255.255.255"

# IP v4
ifconfig_em0_alias0="inet 235.220.221.9 netmask 255.255.255.255"
ifconfig_em0_alias1="inet 234.234.221.9 netmask 255.255.255.255"

# IP v6 
ipv6_ifconfig_em0_alias0="2910:16d8:2234::affe:3 prefixlen 64"
ipv6_ifconfig_em0_alias1="2910:16d8:2234::affe:4 prefixlen 64"  

On IPv4 the Netmask of an Alias has to be 255.255.255.255.

Here is an exampe of an Jail, using multiple IP-Adresses. (/etc/rc.conf)

# Jail mail
.....
jail_mail_ip="127.0.0.10,235.220.221.9,2910:16d8:2234::affe:3"   
...

Package Managing

Install pkg via dports. We need to copy our local dports-Tree to the Jails.

# cpdup  /usr/dports /usr/jails/mail/usr/dports 

Now we start the jail and build pkg from source.

# /etc/rc.d/jail start mail
# jexec 1 tcsh  # check the jail nummer with jls
mail# cd /usr/dports/ports-mgmt/pkg/
mail# make && make install && make clean 
mail# rehash 

Now edit /usr/local/etc/pkg/repos/df-latest.conf and activate your nearest mirror. For Germany choose ?SchlundundTech. Deactivate Avalon.

Avalon: {
       .....
       enabled         : no
}
...
SchlundTech: {
        url             : http://dfly.schlundtech.de/dports/${ABI}/LATEST,
        enabled         : yes
}

Now update the Repository and start installing stuff.

mail# pkg update 

Software you need inside a Jail

tmux

When you enter a Jail via jexec you have no tty. When you try to build a port and execute make config, it tries to open a tty and fails. To enable tty inside a jail, you have to install tmux, and execute it right after entering the jail.

Install it using pkg.

mail# pkg install tmux 

If you access the Jail via ssh the tty exist and everything is fine.

See here: http://lists.freebsd.org/pipermail/freebsd-jail/2011-August/001609.html

Destroy a Jail

Shut down the Jail from the Host-System.

# /etc/rc.d/jail stop mail

After shutting down remove all entries in /etc/rc.conf (including jails_list) and delete the Jail-directory.

# chflags -R noschg /usr/jails/mail
# rm -fr /usr/jails/mail

Dragonfly BSD/Jails (last edited 2015-04-10 15:54:47 by jackhammer)