如何在FreeNAS Corral 10上安装和配置Jails
自2016年3月26日起,FreeNAS Corral(版本10)不支持FreeBSD Jail。
如何在FreeNAS Corral(版本10)上安装和配置传统的FreeBSD Jail?
FreeNAS Corral现在支持Docker容器进行所有应用程序托管,并且现有的jails/plugins数据将继续继续存在于ZFS卷的jails/dataset中,但将处于非活动状态,因为在Corral中不再使用jails。
本教程将向您展示如何从命令行在FreeNAS Corral 10上创建和配置FreeBSD Jail。
什么是FreeBSD Jail?
FreeBSD Jail不过是操作系统级虚拟化的一种实现,它使您可以将基于FreeBSD的服务器划分为几个独立的,安全的微型系统,称为" Jail"。
准备FreeNAS
首先,您需要创建ZFS数据集,运行:
# zfs create theitroad/.my_jails_cache # zfs list theitroad/.my_jails_cache
输出示例:
NAME USED AVAIL REFER MOUNTPOINT theitroad/.my_jails_cache 128K 10.2T 128K /mnt/theitroad/.my_jails_cache
现在为您的 Jail抓取FreeBSD 11文件:
# cd /mnt/theitroad/.my_jails_cache/ # wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/base.txz # wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/lib32.txz # wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/src.txz # wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/ports.txz
或使用lftp命令,如下所示:
# lftp
使用tar命令提取tar包:
### *** extract files *** ### # cd /mnt/theitroad/.my_jails_cache/ # tar -jxf base.txz # tar -jxf ib32.txz # tar -jxf src.txz # tar -jxf ports.txz
对基本 Jail进行一些基本配置,并使用freebsd-update命令将其更新为最新补丁:
`### *** Configure the dns, timezone and hosts *** ###` # cp /etc/resolv.conf /mnt/theitroad/.my_jails_cache/etc/ # cp /etc/localtime /mnt/theitroad/.my_jails_cache/etc/ # cp /etc/hosts /mnt/theitroad/.my_jails_cache/etc/ `### *** chroot into the filesystem *** ###` # chroot /mnt/theitroad/.my_jails_cache /bin/sh `### *** set the password for root in the jail *** ###` # passwd `### *** Create needed dirs *** ###` # mkdir /usr/home # ln -s /usr/home /home `### *** Basic config in the jail *** ###` # cd /etc/mail # make aliases # echo 'ENV=$HOME/.shrc ; export ENV' >> /root/.profile # echo 'sendmail_enable="NONE"' >> /etc/rc.conf # echo 'syslogd_flags="-ss"' >> /etc/rc.conf # echo 'rpcbind_enable="NO"' >> /etc/rc.conf # exit
在这一阶段,您应该运行freebsd-update:
`### *** Run freebsd-update *** ###` # env D=/mnt/theitroad/.my_jails_cache/ # $D/usr/sbin/freebsd-update -f $D/etc/freebsd-update.conf -b $D -d $D/var/db/freebsd-update/ --currently-running 11.0-RELEASE fetch install
不幸的是,以上命令在我的系统上无法下载文件。
所以我创建了一个/etc/jail.conf,如下所示:
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
# The jail definition for basejail
basejail {
host.hostname = "basejail.theitroad.com";
path = "/mnt/theitroad/.my_jails_cache";
interface = "igb0";
ip4.addr = 192.168.1.29;
allow.chflags;
allow.raw_sockets;
osrelease = "11.0-RELEASE";
}
启动:
# jail -c basejail # jls
现在,我可以运行freebsd-update了:
root@basejail:/ # freebsd-update fetch install
输出示例:
Looking up update.FreeBSD.org mirrors... 4 mirrors found. Fetching metadata signature for 11.0-RELEASE from update4.freebsd.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. Fetching 1338 patches.....10....20....30....40....50....60....70 .... .. .... .....1310....1320....1330.... done. Applying patches... done. Fetching 22 files... done. Installing updates...done.
安装 Jail环境所需的所有软件包
在此阶段,您可以运行pkg命令在 Jail中安装所需的软件包:
# pkg install bash
现在,我有了一个使用zfs创建的最新的basejail模板。
我现在可以创建快照,如下所示:
# zfs snapshot theitroad/.my_jails_cache@template
接下来,将快照克隆到名为backup的新 Jail中,执行:
# zfs clone theitroad/.my_jails_cache@template theitroad/backup
配置 Jail主机名,执行:
# echo 'hostname="backup"' >> /mnt/theitroad/backup/etc/rc.conf
更新/etc/jail.conf:
backup {
host.hostname = "backup.theitroad.com";
path = "/mnt/theitroad/backup";
interface = "igb0";
ip4.addr = 192.168.1.30;
allow.chflags;
allow.raw_sockets;
osrelease = "11.0-RELEASE";
}
确保FreeNAS重启时 Jail开始运行:
# echo 'jail_enable="YES"' >> /etc/rc.conf
您可以按如下方式启动所有 Jail:
# /etc/rc.d/jail start
输出示例:
Starting jails: basejail backup.
现在,您可以根据需要更新和安装所有 Jail。
要创建新 Jail,请始终使用theitroad/.my_jails_cache@template,如下所示:
# zfs clone theitroad/.my_jails_cache@template theitroad/apache # zfs clone theitroad/.my_jails_cache@template theitroad/pgsql
并更新/etc/jail.conf文件。
列出 Jail
# jls
输出示例:
JID IP Address Hostname Path
10 192.168.1.29 basejail.theitroad.com /mnt/theitroad/.my_jails_cache
11 192.168.1.30 backup /mnt/theitroad/backup
要以"名称=值"格式显示参数,其中每个参数都以其名称开头:
# jls -n # jls -j basejail -n
如何在现有 Jail中执行命令
语法为:
# jexec jail command # jexec basejail bash # jexex basejail /bin/tcsh # jexex -U Hyman basejail /home/Hyman/.bin/updatesite.py
如何停止jail?
# jail -r jail # jail -r basejail
阻止所有 Jail
# service jail stop
或者
# /etc/rc.d/jail stop
如何启动jail?
# jail -c jail # jail -c basejail
要启动所有 Jail:
# service jail start
或者
# /etc/rc.d/jail start
如何重启 Jail?
# jail -rc jail # jail -rc basejail
要启动所有 Jail:
# service jail restart
或者
# /etc/rc.d/jail restart
关于配置文件的注意事项
我注意到,当FreeNAS更新时,它删除了我的/etc/jail.conf文件。
因此,请将文件保存在其他安全的地方:
# cp /etc/jail.conf /root/ # cp /etc/jail.conf /mnt/theitroad/
FreeNAS更新或重启后,您需要手动运行以下命令:
# jail -c -f /mnt/theitroad/jail.conf
另一种选择是按以下方式创建文件(未经测试,但应该可以工作):
# cat /etc/rc.conf.d/jail
