FreeBSD Jails On ZFS

Posted on: July 16, 2010, 11:09 a.m.

This is how I setup my jails on ZFS. This guide isn't suitable for someone wanting to learn FreeBSD Jails or ZFS; you should already be familiar with both. Portions of my examples below borrow from the FreeBSD Handbook and the FreeBSD Wiki.

Make the template filesystem and install world to it.

zfs create zroot/jails/j
zfs create zroot/jails/j/mroot
cd /usr/src
make buildworld
make installworld DESTDIR=/jails/j/mroot
cd /jails/j/mroot
mkdir usr/ports
cpdup -v /usr/ports usr/ports
portsnap -p /jails/j/mroot/usr/ports fetch update
cpdup -v /usr/src /jails/j/mroot/usr/src

Move folders from read-only portion of the template to the skeleton that gets copied to the jails read-write filesystem.

mkdir -p /jails/j/skel /jails/j/skel/home /jails/j/skel/usr-local \
 /jails/j/skel/usr-X11R6 /jails/j/skel/distfiles /jails/j/skel/packages
mv etc /jails/j/skel/
mv usr/local /jails/j/skel/usr-local
mv tmp /jails/j/skel
mv var /jails/j/skel
chflags noschg var/empty/
rm -rf var
mv root /jails/j/skel/

Run mergemaster then delete the folders we don't want copied to the new jail.

mergemaster -t /jails/j/skel/var/tmp/temproot -D /jails/j/skel -i
cd /jails/j/skel
chflags -R noschg bin boot lib libexec mnt proc rescue sbin sys usr dev
rm -R bin boot lib libexec mnt proc rescue sbin sys usr dev

Create symlinks linking read-only filesystem to read-write filesystem.

cd /jails/j/mroot
mkdir s
ln -s s/etc etc
ln -s s/home home
ln -s s/root root
ln -s ../s/usr-local usr/local
ln -s ../s/usr-X11R6 usr/X11R6
ln -s ../../s/distfiles usr/ports/distfiles
ln -s ../../s/packages usr/ports/packages
ln -s s/tmp tmp
ln -s s/var var

Use read-write filesystem for the ports workdir and disable building X11-related dependencies.

echo "WRKDIRPREFIX?=  /s/portbuild" > /jails/j/skel/etc/make.conf
echo 'WITHOUT_X11="YES"' >> /jails/j/skel/etc/make.conf

With ZFS you don't want to add these mountpoints to host's fstab because ZFS will not have /jails mounted before the system attempts to mount_nullfs. To remedy this add the following entries to /jails/fstab.newjail on the host. We'll configure rc(8) jail to mount and unmount those mountpoints on start and stop.

/jails/j/mroot /jails/j/newjail nullfs ro 0 0
/jails/js/newjail /jails/j/newjail/s nullfs rw 0 0

Configure jails in /etc/rc.conf.

jail_enable="YES"
jail_set_hostname_allow="NO"
jail_list="newjail"
jail_newjail_hostname="newjail.vye.me"
jail_newjail_ip="192.168.0.2"
jail_newjail_rootdir="/jails/j/newjail"
jail_newjail_devfs_enable="YES"
jail_newjail_mount_enable="YES"
jail_newjail_fstab="/jails/fstab.newjail"

Create the required mount points for the read-only file system.

mkdir /jails/j/newjail
zfs create zroot/jails/js/newjail
zfs create -o compression=on -o exec=on -o setuid=off zroot/jails/js/newjail/tmp
zfs create zroot/jails/js/newjail/home
zfs create zroot/jails/js/newjail/var
zfs create -o compression=lzjb -o exec=off -o setuid=off zroot/jails/js/newjail/var/log
zfs create -o compression=lzjb -o exec=on -o setuid=off zroot/jails/js/newjail/var/tmp

Install the template into the jail.

cpdup /jails/j/skel /jails/js/newjail

Now we start the jail.

/etc/rc.d/jail start newjail

view startup errors in /var/log/jail_newjail_console.log

tags: FreeBSD, Jails, ZFS

Hide
/
Show
Comments

There are no comments for this entry.

Comments

Post a comment