什么是FreeBSD Jail?
FreeBSD Jail是操作系统级虚拟化的一种实现,它可以将基于FreeBSD的服务器划分为几个独立的,安全的微型系统,称为" Jail"。
查看系统中的Jail
# jls
输出示例:
JID IP Address Hostname Path
10 192.168.2.29 basejail.onitroad.in /mnt/onitroad/.my_jails_cache
11 192.168.2.30 backup /mnt/onitroad/backup
查看Jail的配置参数
# jls -n # jls -j basejail -n
devfs_ruleset=0 nodying enforce_statfs=2 host=new ip4=disable ip6=disable jid=10 name=basejail osreldate=1100509 osrelease=11.0-RELEASE parent=0 path=/mnt/onitroad/.my_jails_cache nopersist securelevel=-1 sysvmsg=disable sysvsem=disable sysvshm=disable allow.chflags allow.nomount allow.mount.nodevfs allow.mount.nofdescfs allow.mount.nolinprocfs allow.mount.nolinsysfs allow.mount.nonullfs allow.mount.noprocfs allow.mount.notmpfs allow.mount.nozfs allow.noquotas allow.raw_sockets allow.set_hostname allow.nosocket_af allow.nosysvipc children.cur=0 children.max=0 cpuset.id=10 host.domainname="" host.hostid=0 host.hostname=basejail.onitroad.in host.hostuuid=00000000-0000-0000-0000-000000000000 ip4.addr=192.168.2.29 ip4.saddrsel ip6.addr= ip6.saddrsel
如何重启 Jail?
# jail -rc jail # jail -rc basejail
如何重启所有 Jail:
# service jail restart
或者
# /etc/rc.d/jail restart
如何在FreeNAS Corral(版本10)上安装和配置传统的FreeBSD Jail?
如何在FreeNAS Corral 10上创建和配置FreeBSD Jail?
如何停止Jail?
# jail -r jail # jail -r basejail
停止所有 Jail
# service jail stop
或者
# /etc/rc.d/jail stop
如何在Jail中执行命令
语法为:
# jexec jail command # jexec basejail bash # jexex basejail /bin/tcsh # jexex -U jack basejail /home/jack/.bin/updatesite.py
关于配置文件的注意事项
当FreeNAS更新时,可能会删掉/etc/jail.conf文件。
所以我们可以将其放到其他位置:
# cp /etc/jail.conf /root/onitroad/
然后使用下面方法启动jail
# jail -c -f /root/onitroad/jail.conf
准备FreeNAS
首先,创建ZFS数据集:
# zfs create onitroad/.my_jails_cache # zfs list onitroad/.my_jails_cache
输出示例:
NAME USED AVAIL REFER MOUNTPOINT onitroad/.my_jails_cache 128K 10.2T 128K /mnt/onitroad/.my_jails_cache
为 Jail下载FreeBSD 11文件:
# cd /mnt/onitroad/.my_jails_cache/ # wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/base.txz # wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/lib32.txz # wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/src.txz # wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/ports.txz
或使用lftp命令,如下所示:
# lftp lftp :~> pget -n 10 http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/base.txz lftp :~> pget -n 10 http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/lib32.txz lftp :~> pget -n 10 http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/src.txz lftp :~> pget -n 10 http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/ports.txz
从下载的压缩包中提取系统文件:
### *** extract files *** ### # cd /mnt/onitroad/.my_jails_cache/ # tar -jxf base.txz # tar -jxf ib32.txz # tar -jxf src.txz # tar -jxf ports.txz
对基本 Jail进行一些基本配置,
并使用freebsd-update命令更新最新补丁:
### 配置dns、时区和主机 # cp /etc/resolv.conf /mnt/onitroad/.my_jails_cache/etc/ # cp /etc/localtime /mnt/onitroad/.my_jails_cache/etc/ # cp /etc/hosts /mnt/onitroad/.my_jails_cache/etc/ ### chroot到文件系统 # chroot /mnt/onitroad/.my_jails_cache /bin/sh ### 在Jail中设置root的密码 # passwd ### 创建需要的一些目录 # mkdir /usr/home # ln -s /usr/home /home ### 在Jail进行一些基本设置 # cd /etc/mail # make aliases # echo 'ENV=$HOME/.shrc ; export ENV' >> /root/.profile # echo 'sendmail_enable="NONE"' >> /etc/rc.conf # echo 'syslogd_flags="-ss"' >> /etc/rc.conf # echo 'rpcbind_enable="NO"' >> /etc/rc.conf # exit
运行freebsd-update,将jail 系统更新到最新:
# /mnt/onitroad/.my_jails_cache/usr/sbin/freebsd-update -f /mnt/onitroad/.my_jails_cache/etc/freebsd-update.conf -b /mnt/onitroad/.my_jails_cache -d /mnt/onitroad/.my_jails_cache/var/db/freebsd-update/ --currently-running 11.0-RELEASE fetch install
如果因为网络问题无法下载更新,
我们直接进入Jail中进行更新
创建一个文件/etc/jail.conf,如下所示:
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
# The jail definition for basejail
basejail {
host.hostname = "basejail.onitroad.com";
path = "/mnt/onitroad/.my_jails_cache";
interface = "igb0";
ip4.addr = 192.168.2.29;
allow.chflags;
allow.raw_sockets;
osrelease = "11.0-RELEASE";
}
然后启动Jail系统
# jail -c basejail # jls # jexec basejail
再次运行freebsd-update:
root@basejail:/ # freebsd-update fetch install
如何启动Jail?
# jail -c jail # jail -c basejail
如何启动所有 Jail?
# service jail start
或者
# /etc/rc.d/jail start
安装 Jail环境所需的所有软件包
使用pkg命令在 Jail中安装所需的软件包:
# pkg install bash
现在,我们有了一个使用zfs创建的最新的basejail模板。
现在可以创建一个快照,如下所示:
# zfs snapshot onitroad/.my_jails_cache@template
只有就可以使用快照来创建新的Jail
例如,克隆一个新的Jail: backup
# zfs clone onitroad/.my_jails_cache@template onitroad/backup
配置 Jail主机名:
# echo 'hostname="backup"' >> /mnt/onitroad/backup/etc/rc.conf
更新/etc/jail.conf:
backup {
host.hostname = "backup.onitroad.com";
path = "/mnt/onitroad/backup";
interface = "igb0";
ip4.addr = 192.168.2.30;
allow.chflags;
allow.raw_sockets;
osrelease = "11.0-RELEASE";
}
设置在FreeNAS重启时 Jail自动运行:
# echo 'jail_enable="YES"' >> /etc/rc.conf
启动所有 Jail:
# /etc/rc.d/jail start
使用快照可以创建其他Jail:
# zfs clone onitroad/.my_jails_cache@template onitroad/nginx # zfs clone onitroad/.my_jails_cache@template onitroad/mysql
日期:2020-03-23 08:03:53 来源:oir作者:oir