2005-09-05 02:49:33 +00:00
|
|
|
.TH ezjail\-admin 1
|
|
|
|
|
.SH NAME
|
|
|
|
|
ezjail-admin \- Administrate ezjail
|
|
|
|
|
.SH SYNOPSIS
|
|
|
|
|
.T
|
|
|
|
|
.B ezjail-admin create
|
2006-05-17 19:06:57 +00:00
|
|
|
[-f flavour] [-r jailroot] [-s imagesize] [-ibx] [-c bde|eli] [-C attachargs]
|
2005-09-05 02:49:33 +00:00
|
|
|
.I hostname jailip
|
|
|
|
|
|
|
|
|
|
.T
|
|
|
|
|
.B ezjail-admin delete
|
|
|
|
|
[-w]
|
|
|
|
|
.I hostname
|
|
|
|
|
|
|
|
|
|
.T
|
|
|
|
|
.B ezjail-admin list
|
|
|
|
|
|
2006-05-16 10:53:16 +00:00
|
|
|
.T
|
2006-05-22 00:20:47 +00:00
|
|
|
.B ezjail-admin config
|
|
|
|
|
[-r run|norun] [-i attach|detach]
|
|
|
|
|
.I jailname
|
|
|
|
|
|
|
|
|
|
.T
|
|
|
|
|
.B ezjail-admin install
|
|
|
|
|
[-mps] [-h host] [-r release]
|
2006-05-16 10:53:16 +00:00
|
|
|
|
2005-09-05 02:49:33 +00:00
|
|
|
.T
|
|
|
|
|
.B ezjail-admin update
|
2006-01-16 05:01:43 +00:00
|
|
|
[-s sourcetree] [-i] [-pP]
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH DESCRIPTION
|
|
|
|
|
The
|
|
|
|
|
.B ezjail-admin
|
|
|
|
|
tool is used to manage jails inside the ezjail scope. It is not used
|
|
|
|
|
to start or stop ezjails jails. Refer to ezjail(5) for more details.
|
|
|
|
|
.SH ezjail-admin create
|
2006-02-08 11:13:58 +00:00
|
|
|
copies the template jail to the root of a new jail, whose name and IP
|
|
|
|
|
address are provided as mandatory parameters.
|
|
|
|
|
|
|
|
|
|
If no jail root is specified via the -r option, it is derived from
|
|
|
|
|
the jails name. In this case or, if a jail root is given and does not
|
|
|
|
|
start with a '/', it is interpreted relative to ezjails root dir
|
|
|
|
|
(default:
|
|
|
|
|
.I /usr/jails
|
|
|
|
|
). If a specified jail root lies outside ezjail root dir, a soft link
|
|
|
|
|
is created inside this root dir pointing to the newly created jails
|
|
|
|
|
location.
|
|
|
|
|
|
2006-04-10 12:43:47 +00:00
|
|
|
The -i and the -c option both require a size passed via the -s option
|
2006-05-16 10:53:16 +00:00
|
|
|
and create a file based jail image, gbde or geli encrypted for the -c
|
|
|
|
|
case. The image file is named as the jail root suffixed with
|
2006-04-10 12:43:47 +00:00
|
|
|
.I .img
|
|
|
|
|
.
|
|
|
|
|
|
2006-02-08 11:13:58 +00:00
|
|
|
The -x (jail exists) option indicates, that an ezjail already exists
|
|
|
|
|
at the jail root.
|
|
|
|
|
.B In this case nothing is copied. ezjail only updates its config.
|
|
|
|
|
This is useful in situations where you just want to alter some of a
|
|
|
|
|
jail properties and called ezjail-admin delete without the -w option
|
|
|
|
|
before. However, sanity checks are being performed.
|
|
|
|
|
|
|
|
|
|
The script creates an entry in its config and a
|
2005-11-21 17:37:12 +00:00
|
|
|
.I /etc/fstab.hostname
|
2006-02-08 11:13:58 +00:00
|
|
|
file allowing the jail to be brought up after next reboot (or) via
|
|
|
|
|
the EZJAIL_PREFIX/etc/rc.d/ezjail.sh script.
|
2005-09-05 02:49:33 +00:00
|
|
|
|
2006-02-08 11:13:58 +00:00
|
|
|
The newly created jail can perform some initializiation actions, if the
|
2006-01-30 19:02:44 +00:00
|
|
|
-f
|
|
|
|
|
.I flavour
|
|
|
|
|
option is given, where
|
|
|
|
|
.I flavour
|
2006-02-08 11:13:58 +00:00
|
|
|
is a directory tree under ezjails root dir (default:
|
|
|
|
|
.I /usr/jails/flavours
|
|
|
|
|
). See section
|
2005-11-21 17:37:12 +00:00
|
|
|
.B FLAVOURS
|
|
|
|
|
below for more details.
|
|
|
|
|
|
2005-10-14 16:22:05 +00:00
|
|
|
Options for newly created jails are read from
|
|
|
|
|
.B ezjail.conf,
|
|
|
|
|
refer to ezjail.conf(5) for more information.
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH ezjail-admin delete
|
2006-02-08 11:13:58 +00:00
|
|
|
removes a jail from ezjails config and the corresponding
|
2005-11-21 17:37:12 +00:00
|
|
|
.I /etc/fstab.hostname
|
2006-02-08 11:13:58 +00:00
|
|
|
file, thus preventing the jail from being brought
|
|
|
|
|
up on next reboot.
|
2005-09-05 02:49:33 +00:00
|
|
|
|
2006-02-08 11:13:58 +00:00
|
|
|
If the -w (wipe) option is given, the directory pointed to by the jail
|
2005-10-14 16:22:05 +00:00
|
|
|
root entry is removed as well as the soft link in ezjails root dir.
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH ezjail-admin list
|
2006-05-16 10:53:16 +00:00
|
|
|
lists all jails inside ezjails scope. They are sorted by the order they
|
|
|
|
|
start up, as defined by rcorder. The list format is straight forward.
|
|
|
|
|
|
|
|
|
|
A status flag consisting of 2 or 3 letters, the first meaning
|
|
|
|
|
.B (D)irectory
|
|
|
|
|
based,
|
|
|
|
|
.B (I)mage
|
|
|
|
|
based,
|
|
|
|
|
.B (B)de
|
|
|
|
|
crypto image based,
|
|
|
|
|
.B (E)li
|
|
|
|
|
crypto image based. The second one meaning
|
|
|
|
|
.B (R)unning
|
|
|
|
|
,
|
|
|
|
|
.B (A)ttached
|
|
|
|
|
but not running,
|
|
|
|
|
.B (S)topped
|
|
|
|
|
. An optional
|
|
|
|
|
.B (N)orun
|
|
|
|
|
stands for disabled jails (see
|
|
|
|
|
.I ezjail-admin config
|
|
|
|
|
).
|
|
|
|
|
|
|
|
|
|
Rest of the row is follow by jails jid (if available), its IP, hostname
|
|
|
|
|
and root directory.
|
2006-05-22 00:20:47 +00:00
|
|
|
.SH ezjail-admin config
|
|
|
|
|
manages existing specific ezjails.
|
|
|
|
|
|
|
|
|
|
You can prevent an ezjail from being run at system start by the -r norun
|
|
|
|
|
option and reenable it by -r run.
|
|
|
|
|
|
|
|
|
|
You can attach image jails for administrative purposes by the -i attach
|
|
|
|
|
option and detach them with -i detach. It is not possible to run or delete
|
|
|
|
|
an attached jail.
|
2006-05-16 10:53:16 +00:00
|
|
|
.SH ezjail-admin install
|
|
|
|
|
fetches everything needed to setup a base jail from an FTP server and
|
|
|
|
|
installs it.
|
|
|
|
|
|
|
|
|
|
Default location for ezjails base jail is
|
|
|
|
|
.I /usr/jails
|
|
|
|
|
, so be sure you have enough space there (a FreeBSD base without man
|
|
|
|
|
pages, sources and ports is around 120MB).
|
|
|
|
|
|
|
|
|
|
The -m and -s option will fetch and install man pages (ca. 10MB) and
|
|
|
|
|
sources packages (ca. 450MB) respectively. The -p option invokes the
|
|
|
|
|
portsnap utility to fetch and extract a FreeBSD ports tree (ca. 475MB).
|
|
|
|
|
|
|
|
|
|
Default OS version is, whatever uname -r returns. If this does not match
|
|
|
|
|
"*-RELEASE", you will be prompted for a better guess. (Normally
|
|
|
|
|
ftp-servers do not provide release candidates or CURRENT builds). You can
|
2006-05-22 00:20:47 +00:00
|
|
|
use the -r option to specify a release from command line.
|
2006-05-16 10:53:16 +00:00
|
|
|
|
|
|
|
|
Default host to fetch packages from is ftp.freebsd.org, you may want to
|
2006-05-22 00:20:47 +00:00
|
|
|
change this via the -h option or in ezjail.conf(5).
|
|
|
|
|
|
|
|
|
|
If the specified location begins with file://, your local copy of the
|
|
|
|
|
release is used. That way you can do some modifications to install.sh
|
|
|
|
|
scripts before executing them.
|
2006-05-16 10:53:16 +00:00
|
|
|
|
2006-05-22 00:20:47 +00:00
|
|
|
You can later update your world from CVS or update ports by
|
2006-05-16 10:53:16 +00:00
|
|
|
.U ezjail-admin update
|
|
|
|
|
or rerun this subcommand with another OS version.
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH ezjail-admin update
|
2006-02-08 11:13:58 +00:00
|
|
|
creates or update ezjails basejail. Depending on the parameters
|
2006-01-30 19:02:44 +00:00
|
|
|
given it will install a FreeBSD system from a source tree whose location
|
|
|
|
|
is either provided in the
|
2005-09-20 22:34:11 +00:00
|
|
|
.B ezjail.conf
|
2006-01-30 19:02:44 +00:00
|
|
|
config file or via the -s option.
|
|
|
|
|
|
2006-02-08 11:13:58 +00:00
|
|
|
If the -p or -P options are given, the base jail also is given a copy of
|
|
|
|
|
FreeBSDs ports tree, which is in turn linked into all newly created
|
2006-05-16 10:53:16 +00:00
|
|
|
ezjails. The portsnap utility is invoked to do the actual work.
|
2006-01-30 19:02:44 +00:00
|
|
|
|
|
|
|
|
If the -P option is given,
|
2006-05-16 10:53:16 +00:00
|
|
|
.B only the ports tree will be updated,
|
2006-01-30 19:02:44 +00:00
|
|
|
this can be done, while jails are running.
|
2005-09-20 22:34:11 +00:00
|
|
|
|
2006-01-30 19:02:44 +00:00
|
|
|
If the -i (install only) option is given,
|
2005-09-20 22:34:11 +00:00
|
|
|
.B ezjail-admin update
|
|
|
|
|
only performes a
|
|
|
|
|
.I make installworld,
|
|
|
|
|
otherwise
|
|
|
|
|
.I make world
|
|
|
|
|
is invoked.
|
2005-09-05 02:49:33 +00:00
|
|
|
|
2005-09-09 20:06:00 +00:00
|
|
|
.SH NOTES
|
2006-01-30 19:02:44 +00:00
|
|
|
.B ezjail-admin update
|
|
|
|
|
uses a temporary directory to install its world to, thus leaving intact
|
|
|
|
|
all installed libraries, if a base jail already exists.
|
|
|
|
|
|
2005-09-09 20:06:00 +00:00
|
|
|
When using the
|
|
|
|
|
.B ezjail-admin update
|
|
|
|
|
option, be careful to use the same FreeBSD source tree used to build the
|
|
|
|
|
host systems world, or at least its kernel. Combining a make world in the
|
|
|
|
|
host system with
|
|
|
|
|
.B ezjail-admin update
|
|
|
|
|
is considered a good idea.
|
2006-01-16 05:01:43 +00:00
|
|
|
|
|
|
|
|
When a ports tree exists in base jail, a make.conf containing reasonable
|
|
|
|
|
values for having ports in jails is created in the template jail.
|
2005-11-21 17:37:12 +00:00
|
|
|
.SH FLAVOURS
|
|
|
|
|
.B ezjail-admin
|
2006-02-08 11:13:58 +00:00
|
|
|
provides an easy way to create many jails with similar or identical
|
2006-02-09 01:21:56 +00:00
|
|
|
properties.
|
2005-11-21 17:37:12 +00:00
|
|
|
|
2005-12-31 02:41:10 +00:00
|
|
|
A sample flavour config directory resides under
|
2005-11-21 17:37:12 +00:00
|
|
|
.I EZJAIL_PREFIX/share/examples/ezjail/default/.
|
|
|
|
|
Some typical Jail initialization actions are demonstrated and you are
|
2005-12-31 02:41:10 +00:00
|
|
|
encouraged to use it as a template for your flavours.
|
|
|
|
|
|
2006-02-08 11:13:58 +00:00
|
|
|
If a flavour is selected on jail creation, the flavour root is being
|
2005-12-31 02:41:10 +00:00
|
|
|
copied to the new Jails root, mostly containing an
|
|
|
|
|
.I /ezjail.flavour .
|
2006-02-09 01:21:56 +00:00
|
|
|
If the Jail starts up for the first time this script is run.
|
|
|
|
|
|
|
|
|
|
In its default form it will create some groups and users, change the
|
|
|
|
|
ownership of some files and installs all packages residing under /pkg.
|
2006-02-08 17:12:04 +00:00
|
|
|
|
2006-02-09 01:21:56 +00:00
|
|
|
It allows you to add some post install actions.
|
2005-11-21 17:37:12 +00:00
|
|
|
.SH EXAMPLES
|
2006-01-18 20:19:01 +00:00
|
|
|
ezjail-admin update -p
|
2005-11-21 17:37:12 +00:00
|
|
|
.br
|
|
|
|
|
ezjail-admin create -f httpd -r /jails/web12 web12.test.org 10.0.1.12
|
|
|
|
|
.br
|
|
|
|
|
EZJAIL_PREFIX/etc/rc.d/ezjail.sh start web12.test.org
|
|
|
|
|
.br
|
|
|
|
|
EZJAIL_PREFIX/etc/rc.d/ezjail.sh stop ns.test.org
|
|
|
|
|
.br
|
|
|
|
|
ezjail-admin delete ns.test.org
|
|
|
|
|
.br
|
|
|
|
|
ezjail-admin create -x -r /jails/ns ns.test.org 10.0.2.1
|
|
|
|
|
.SH BUGS
|
2006-02-08 11:13:58 +00:00
|
|
|
Due to the way ezjail handles jail config files it is not possible to
|
|
|
|
|
create multiple jails if their names are identical when piped through
|
|
|
|
|
.B tr -C [:alnum:] _
|
|
|
|
|
|
|
|
|
|
Sure to be others.
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH FILES
|
|
|
|
|
.T4
|
2005-09-24 14:46:53 +00:00
|
|
|
EZJAIL_PREFIX/etc/ezjail.conf
|
2005-09-05 02:49:33 +00:00
|
|
|
.br
|
2005-09-26 01:30:00 +00:00
|
|
|
EZJAIL_PREFIX/etc/rc.d/ezjail.sh
|
2005-11-21 17:37:12 +00:00
|
|
|
.br
|
|
|
|
|
EZJAIL_PREFIX/share/examples/ezjail/
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH "SEE ALSO"
|
2006-02-08 17:12:04 +00:00
|
|
|
ezjail(5), ezjail.conf(5), jail(8), devfs(5), fdescfs(5), procfs(5), pw(8)
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH AUTHOR
|
|
|
|
|
Dirk Engling <erdgeist@erdgeist.org>
|
