2005-09-05 02:49:33 +00:00
|
|
|
.TH ezjail\-admin 1
|
|
|
|
|
.SH NAME
|
|
|
|
|
ezjail-admin \- Administrate ezjail
|
|
|
|
|
.SH SYNOPSIS
|
|
|
|
|
.T
|
|
|
|
|
.B ezjail-admin create
|
2005-11-21 17:37:12 +00:00
|
|
|
[-f flavour] [-r jailroot] [-x]
|
2005-09-05 02:49:33 +00:00
|
|
|
.I hostname jailip
|
|
|
|
|
|
|
|
|
|
.T
|
|
|
|
|
.B ezjail-admin delete
|
|
|
|
|
[-w]
|
|
|
|
|
.I hostname
|
|
|
|
|
|
|
|
|
|
.T
|
|
|
|
|
.B ezjail-admin list
|
|
|
|
|
|
|
|
|
|
.T
|
|
|
|
|
.B ezjail-admin update
|
2006-01-16 05:01:43 +00:00
|
|
|
[-s sourcetree] [-i] [-pP]
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH DESCRIPTION
|
|
|
|
|
The
|
|
|
|
|
.B ezjail-admin
|
|
|
|
|
tool is used to manage jails inside the ezjail scope. It is not used
|
|
|
|
|
to start or stop ezjails jails. Refer to ezjail(5) for more details.
|
|
|
|
|
.SH ezjail-admin create
|
|
|
|
|
makes a copy of the ezjail template jail to the standard jail directory,
|
|
|
|
|
using either the name specified with the -r option or a name derived from
|
|
|
|
|
the given hostname.
|
|
|
|
|
|
|
|
|
|
If the jailroot does not start with a /, it is
|
|
|
|
|
interpreted relative to ezjails root dir. If the given jailroot lies
|
|
|
|
|
outside ezjails root dir, a soft link is created inside ezjails root dir
|
|
|
|
|
pointing to the newly created jails location.
|
|
|
|
|
|
|
|
|
|
The first step is skipped, if the -x (jail exists) option is given, useful
|
|
|
|
|
in situations where you just want to alter some of a jail properties and
|
|
|
|
|
called ezjail-admin delete without the -w option before. However, sanity
|
|
|
|
|
checks are being performed.
|
|
|
|
|
|
2005-11-21 17:37:12 +00:00
|
|
|
It then creates an entry in its
|
|
|
|
|
.I EZJAIL_PREFIX/etc/ezjail/
|
|
|
|
|
resource directory allowing the jail to be brought up after next reboot.
|
2005-09-05 02:49:33 +00:00
|
|
|
|
2005-11-21 17:37:12 +00:00
|
|
|
If the ezjail_mount_enable option is set, a
|
|
|
|
|
.I /etc/fstab.hostname
|
|
|
|
|
is generated, allowing the basejail to be auto-mounted when the jail starts
|
2005-09-05 02:49:33 +00:00
|
|
|
up.
|
|
|
|
|
|
2005-11-21 17:37:12 +00:00
|
|
|
The newly created Jail can perform some initializiation actions, if the
|
|
|
|
|
-f <flavour> option is given, where flavour is a path to a flavour configuration
|
|
|
|
|
file or a short name expanding to
|
|
|
|
|
.I EZJAIL_PREFIX/etc/ezjail.flavour.<flavour> .
|
|
|
|
|
|
|
|
|
|
See section
|
|
|
|
|
.B FLAVOURS
|
|
|
|
|
below for more details.
|
|
|
|
|
|
2005-10-14 16:22:05 +00:00
|
|
|
Options for newly created jails are read from
|
|
|
|
|
.B ezjail.conf,
|
|
|
|
|
refer to ezjail.conf(5) for more information.
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH ezjail-admin delete
|
2005-11-21 17:37:12 +00:00
|
|
|
removes a jail from ezjails
|
|
|
|
|
.I EZJAIL_PREFIX/etc/ezjail/
|
|
|
|
|
resource directory thus preventing
|
2005-09-05 02:49:33 +00:00
|
|
|
it from being brought up on next reboot.
|
|
|
|
|
|
2005-11-21 17:37:12 +00:00
|
|
|
It then removes the
|
|
|
|
|
.I /etc/fstab.hostname
|
|
|
|
|
entry, if it exists.
|
2005-09-05 02:49:33 +00:00
|
|
|
|
|
|
|
|
If the -w (wipe) option is given, the directory pointed to by the jail
|
2005-10-14 16:22:05 +00:00
|
|
|
root entry is removed as well as the soft link in ezjails root dir.
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH ezjail-admin list
|
|
|
|
|
lists all jails inside ezjails scope, together with some information on
|
|
|
|
|
them.
|
|
|
|
|
.SH ezjail-admin update
|
2005-10-01 14:50:22 +00:00
|
|
|
installs a FreeBSD system from the source tree whose location is either
|
2005-09-20 22:34:11 +00:00
|
|
|
provided in the
|
|
|
|
|
.B ezjail.conf
|
2006-01-16 05:01:43 +00:00
|
|
|
config file or via the -s option. It will check out or update a fresh ports
|
|
|
|
|
tree to the base jail, if the -p or -P option is given. In fact, if the -P
|
|
|
|
|
option is given,
|
|
|
|
|
.B only the ports tree will be updated.
|
2005-09-20 22:34:11 +00:00
|
|
|
|
|
|
|
|
Install destination is a temporary directory inside ezjails jail root. If
|
|
|
|
|
the -i (install only) option is given,
|
|
|
|
|
.B ezjail-admin update
|
|
|
|
|
only performes a
|
|
|
|
|
.I make installworld,
|
|
|
|
|
otherwise
|
|
|
|
|
.I make world
|
|
|
|
|
is invoked.
|
2005-09-05 02:49:33 +00:00
|
|
|
|
2005-09-20 21:58:25 +00:00
|
|
|
It then fills the basejail from that temporary directory (leaving intact
|
2005-10-01 14:50:22 +00:00
|
|
|
all installed libraries, if the base jail already exists). All
|
|
|
|
|
copied directories are then removed and replaced by soft links into the
|
2005-09-20 22:34:11 +00:00
|
|
|
base jail tree that later will be mounted into the jail.
|
2005-09-05 02:49:33 +00:00
|
|
|
|
|
|
|
|
Finally it removes the old template jail and renames the
|
|
|
|
|
temporary directory as the new template jail.
|
2005-09-09 20:06:00 +00:00
|
|
|
.SH NOTES
|
|
|
|
|
When using the
|
|
|
|
|
.B ezjail-admin update
|
|
|
|
|
option, be careful to use the same FreeBSD source tree used to build the
|
|
|
|
|
host systems world, or at least its kernel. Combining a make world in the
|
|
|
|
|
host system with
|
|
|
|
|
.B ezjail-admin update
|
|
|
|
|
is considered a good idea.
|
2006-01-16 05:01:43 +00:00
|
|
|
|
|
|
|
|
When a ports tree exists in base jail, a make.conf containing reasonable
|
|
|
|
|
values for having ports in jails is created in the template jail.
|
2005-11-21 17:37:12 +00:00
|
|
|
.SH FLAVOURS
|
|
|
|
|
.B ezjail-admin
|
|
|
|
|
provides an easy way to create many Jails with similar or identical
|
|
|
|
|
properties. Currently it supports creating users, installing files and
|
|
|
|
|
installing packages.
|
|
|
|
|
|
2005-12-31 02:41:10 +00:00
|
|
|
A sample flavour config directory resides under
|
2005-11-21 17:37:12 +00:00
|
|
|
.I EZJAIL_PREFIX/share/examples/ezjail/default/.
|
|
|
|
|
Some typical Jail initialization actions are demonstrated and you are
|
2005-12-31 02:41:10 +00:00
|
|
|
encouraged to use it as a template for your flavours.
|
|
|
|
|
|
|
|
|
|
If a flavour is selected on Jail creation, the flavour root is being
|
|
|
|
|
copied to the new Jails root, mostly containing an
|
|
|
|
|
.I /ezjail.flavour .
|
|
|
|
|
If the Jail starts up for the first time it runs a setup script found
|
|
|
|
|
at
|
|
|
|
|
.I /etc/rc.d/ezjail-config.sh.
|
|
|
|
|
|
|
|
|
|
This script will create some users specified in the flavour config.
|
|
|
|
|
It will then chown files specified in the flavour config. (This is to allow
|
|
|
|
|
giving file to users that didn't exist on Jail creation time.) All
|
|
|
|
|
packages residing under
|
|
|
|
|
.I /pkg
|
|
|
|
|
will be installed. Finally the script
|
|
|
|
|
.I /ezjail.postinstall
|
|
|
|
|
is being sourced, if it exists.
|
|
|
|
|
|
|
|
|
|
.I ezjail-config.sh
|
|
|
|
|
then removes all traces, including itself.
|
2005-11-21 17:37:12 +00:00
|
|
|
.SH EXAMPLES
|
2006-01-18 20:19:01 +00:00
|
|
|
ezjail-admin update -p
|
2005-11-21 17:37:12 +00:00
|
|
|
.br
|
|
|
|
|
ezjail-admin create -f httpd -r /jails/web12 web12.test.org 10.0.1.12
|
|
|
|
|
.br
|
|
|
|
|
EZJAIL_PREFIX/etc/rc.d/ezjail.sh start web12.test.org
|
|
|
|
|
.br
|
|
|
|
|
EZJAIL_PREFIX/etc/rc.d/ezjail.sh stop ns.test.org
|
|
|
|
|
.br
|
|
|
|
|
ezjail-admin delete ns.test.org
|
|
|
|
|
.br
|
|
|
|
|
ezjail-admin create -x -r /jails/ns ns.test.org 10.0.2.1
|
|
|
|
|
.SH BUGS
|
|
|
|
|
.B ezjail-admin
|
|
|
|
|
does not perform paranoid checks on its variables.
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH FILES
|
|
|
|
|
.T4
|
2005-09-24 14:46:53 +00:00
|
|
|
EZJAIL_PREFIX/etc/ezjail.conf
|
2005-09-05 02:49:33 +00:00
|
|
|
.br
|
2005-09-26 01:30:00 +00:00
|
|
|
EZJAIL_PREFIX/etc/rc.d/ezjail.sh
|
2005-11-21 17:37:12 +00:00
|
|
|
.br
|
|
|
|
|
EZJAIL_PREFIX/share/examples/ezjail/
|
2005-09-05 02:49:33 +00:00
|
|
|
.SH "SEE ALSO"
|
|
|
|
|
ezjail(5), ezjail.conf(5), jail(8), devfs(5), fdescfs(5), procfs(5)
|
|
|
|
|
.SH AUTHOR
|
|
|
|
|
Dirk Engling <erdgeist@erdgeist.org>
|
