FreeBSD 5.3 Install Jail
Thank: Huang Dong
According to Huang Dong's article, I installed Jail in FB5.3. He reminded me that JAIL, FB5.3 has changed, and successfully installed Jail under his help, and organized into information. First install the system, it is best to divide a separate partition to store your vhost if you don't want to change your partition settings. You can also install Vhost in your / usr or / home. If you have CVSUP, please modify your Stable-SuppbitFile file in / usr / share / example / cvsup, set * default host = cvsup.freebsd.org. Then you throw him to the background to start downloading the latest source code. Cvsup -g -l 2 Stable-Suppirl & Because FB5.3 is no longer able to Make World, after updating the code, press step by step to / usr / src. If you first dress the system, it is recommended that you compile and optimize the entire system. If you just want to install Jail, there is no need to compile the entire system completely.
Under / usr / src makes Make BuildWorld & in the background, this process may take 2 hours or 4 hours. You can do something else. After the end, let's install our Jail. I made a new Jail's script new_jail.sh, attached to here
#! / bin / sh
IF [-Z $ 4]; then
Echo "Specify Dir Such AS $ 0 / SOME / DIR Servernick ServerName ipaddr"
exit
Fi
IF [! -D $ 1]; then
Echo "DEST DIR $ 1 Does Not Exist, Mkdir ..."
MKDIR -P $ 1
Fi
Echo "Install A New Jail INTO $ 1"
D = $ 1
Echo $ D
CD / USR / SRC
Make InstallWorld Destdir = $ D
CD ETC
Make Distribution Destdir = $ D
CD $ D
ln -sf dev / null kernel
Echo "Add config to /etc/rc.conf.local"
Echo 'if you starting jail in system booting add jail_enable = "yes" to /etc/rc.conf.local "
Echo if you start $ 3 in Jail Add $ 3 to jail_list variable in /etc/rc.conf.local
Eval jailstring = jail _ / $ 2_HOSTNAME = / $ 3
Echo $ jailstring | sed -e -e s / = / = / "/ g --e s // $ //" / g >> /etc/rc.conf.local
Eval jailstring = jail _ / $ 2_IP = / $ 4
Echo $ jailstring | sed -e -e s / = / = / "/ g --e s // $ //" / g >> /etc/rc.conf.local
Eval jailstring = jail _ / $ 2_rootdir = $ d
Echo $ jailstring | sed -e -e s / = / = / "/ g --e s // $ //" / g >> /etc/rc.conf.local
Eval jailstring = jail _ / $ 2_exec = / "/ bin / sh / etc / rc /" echo $ jailstring | sed -e -es / = / = / "/ g --es // $ //" / g >> / ETC / rc.conf.local
Eval jailstring = jail _ / $ 2_DEVFS_ENABLE = YES
Echo $ jailstring | sed -e -e s / = / = / "/ g --e s // $ //" / g >> /etc/rc.conf.local
Eval jailstring = jail _ / $ 2_DEVFS_RULESET = devfsrules_jail
Echo $ jailstring | sed -e -e s / = / = / "/ g --e s // $ //" / g >> /etc/rc.conf.local
Echo "Add config to jail rc.conf"
CP /ETC/Resolv.conf $ D / ETC /
Echo sshd_enable = yes >> $ d / etc / rc.conf
Echo sendmail_enable = none >> $ d / etc / rc.conf
Echo syslogd_flags = -ss >> $ d / etc / rc.conf
Echo "Add Config To Jail Hosts"
Echo "127.0.0.1 localhost" >> $ D / ETC / HOSTS
Eval jailstring = / "/ $ 4 / $ 3 /"
Echo $ Jailstring >> $ D / ETC / HOSTS
First give it to execute permissions CHMOD X new_jail.sh
then
Mkdir -P / vhost / jail / 179
./new_jail.sh / vhost / jail / 179
To create your new vhost, here / vhost / jail / 179 replace the virtual machine path you want to install. It is best to be absolute address to prevent errors.
When everything is over, use a single user to start our vhost.
ifconfig_eth0_alias0 = "INet 10.0.0.179 Netmask 255.255.255.255"
Replace EH0 for your actual network card device name, if you don't know if you can use the ifconfig command to view
Jail / vhost / jail / 179 DNS 10.0.0.79 / bin / sh
Set your root password now PASSWD Enter the new password
Vhost has no TTY for you to operate, you need to run sysinstall, create a user who belongs to the WHEEL group in user management, used to go to the SSH. Then set up a time zone is very necessary.
Then we also need to prepare a key for SSH
/etc/rc.d/sshd start
Then use it to enter, or enter something.
We also need to set up this vhost.
/ etc / hosts set host name
Add in /etc/rc.conf
SSHD_ENABLE = "YES"
Sendmail_enable = "none"
/ etc / crontab Remove and AdJkerntz related content.
Set your DNS server address in /etc/resolv.conf
Format is: Nameserver IP address
Ok, enter EXIT exit single user mode. After returning to the primary system, modify the rc.conf of the main system, plus the following information.
Ifconfig_eth0_alias0 = "inet 10.0.0.179 Netmask 255.255.255.255" Jail_enable = "YES"
Jail_list = "DNS"
Jail_dns_hostname = "dns.test.com"
JAIL_DNS_IP = "10.0.0.179"
Jail_DNS_Rootdir = "/ vhost / jail / 179"
JAIL_DNS_EXEC = "/ bin / sh / etc / rc"
Jail_DNS_DEVFS_ENABLE = "YES"
JAIL_DNS_DEVFS_RULESET = "devfsrules_jail"
Restart your machine, of course, if you want to continue your uPtime time, you can enter the init 1 before prompting the exit to return to multi-user mode.
DMESG -A | more to see your startup information, if your Jail is similar to the following information, congratulations. You can use the SSH connection 10.0.0.179 to log in to your Jail.
Starting jails:
DNS.Test.com
.
Local package initialization:
There is still a little skill
1, /etc/rc.d/jail This command can be used to start, end, restart your jail, enter this command to see help.
JLS This command can look at the list of Jail that is running now. try it?
Vhost1 # jls
Jid IP Address Hostname Path
3 10.0.0.179 DNS.test.com / vhost / jail / 179
2. Delete Jail
/etc/rc.d/jail stop DNS
CHFLAGS -R Noschg 179
RM -R 179 can be deleted
3, use ports in Jail
Build a ports directory in Jail, such as MKDIR / USR / Ports
Perform mount_nullfs / usr / ports / vhost / jail / 179 / usr / ports in re-system
4. If you need to run multiple jails at the same time, your rc.conf should configure this.
ifconfig_eth0_alias0 = "INet 10.0.0.179 Netmask 255.255.255.255"
ifconfig_eth0_alias0 = "INet 10.0.0.180 Netmask 255.255.255.255"
Jail_enable = "yes"
Jail_List = "DNS Mail"
Jail_dns_hostname = "dns.test.com"
JAIL_DNS_IP = "10.0.0.179"
Jail_DNS_Rootdir = "/ vhost / jail / 179"
JAIL_DNS_EXEC = "/ bin / sh / etc / rc"
Jail_DNS_DEVFS_ENABLE = "YES"
JAIL_DNS_DEVFS_RULESET = "devfsrules_jail"
Jail_mail_hostname = "mail.test.com"
JAIL_MAIL_IP = "10.0.0.180"
JAIL_MAIL_ROOTDIR = "/ vhost / jail / 180"
JAIL_MAIL_EXEC = "/ bin / sh / etc / rc" jail_mail_devfs_enable = "yes"
JAIL_MAIL_DEVFS_RULESet = "devfsrules_jail"
Start or stop one of the Jail can /etc/rc.d/jail start mail or /etc/rc.d/jail stop DNS to operate.
