Building a Jail in FreeBSD or NetBSD for a hosting environment
Hey Members, I have done a little research on Jails and setting them up, and managed to get one going at one stage and managed to somehow destroy it. I'm new to Jails, and I would like to use a real jail then just using a chroot jail. Where I work, we use the Ensim software for hosting, and I find that very pricey and sluggish (and it runs on Fedora rather than Linux). They use a technique of chrooting sites and the sites users into an environment in /home/virtual/sitexxx/ I would like to be able to do the same (but with Jail), but not quite sure how to go about it. Last time I tried to `make world DESTDIR=/my/jail/path` it failed (cannot remember the details right now) but it this where I start? Also do I need an individual IP for each jail? because each physical server will have 1 IP unless the customer requests a dedicated IP. Any help would be appreciated, and I have tried to research it but end up going round in circles. -- Regards, Nick Larsen Wellington NEW ZEALAND ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Building a Jail in FreeBSD or NetBSD for a hosting environment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nick Larsen wrote: > [snip] > Also do I need an individual IP for each jail? because each physical server > will have 1 IP unless the customer requests a dedicated IP. > > Any help would be appreciated, and I have tried to research it but end up > going round in circles. I found sysutils/ezjail in the ports tree to be very helpful in setting up jails. Just needed an up to date buildworld and it did the rest. http://erdgeist.org/arts/software/ezjail/ On my 6.0 machine it's worked like a charm. Once you get the hang of it, you can use the Flavours feature to cut down on post-jail configuration. As far as I know, you do need 1 IP per jail, which is aliased off the interface the jail is running under (check out the ifconfig_iface_alias example in /etc/defaults/rc.conf if you've not done this before). Hope that helps. Cheers, - -Wes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRAPdcorq8W17hxGfAQgTfw/8C9VAXS45AeNJQC8R1wQyqKgrke7PybrG X9vWjqiZXFPY/LGgx0Nlpc5IkZRK+M7GM4LBmF75/A09hMwj6DS82s89gQMfsC/1 TFrPJqmoDK1rDoMe1YMiCR2UcyvD7MEdWOQ9WMmrBK1vgPIBEybbhB+mQWz3tt1f vZr/wGh113xDDIJqmop7VPPs6AW2py6cpEvrV2NB3vi6YmkX9xBRU+fYQoyN1NPU pq1HwkqcyG9zbgqnC4L7vyvrmw8d4CpS0VCw6vjx7NY5ZGAWDcPqL+LRpf4X0OpH KI38jXQBTFJF9SIwVz0pPl/yp85kj0Js3BEmr+OmD3rbuyRZTbXyaxO9LiHiirvl ZTgeDoDZTx28b4glyV+QRXrk4h4ak/aJ2Pgp7BYIfaYhRppDCKncdGcseDazSQX1 H40Gqnb6DRdVlW4bC9wYdv8ekvVrkPiVWfr3caipi4brzUrewjL7aoMEdt8M+PD7 Kml/gDLWX8tioUhM666q3kvJPPgk9rGfwSRuPtarJ6SYKQbyN/YXb89AeB0wU1P+ ILxl1tvjw15nd32Po9xpuySMIJoEuPoJMTOrRfDEEiM8tj9bJf5HG4mLBPGqKpUi Ucxbp506LRIvGe9zOHz5rMgXl4UAbAZr7IDYlzjbfR6/wvIT6aNm6BBl6V0uWtBf 9P+dTHFEvZo= =iRN+ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Building a Jail in FreeBSD or NetBSD for a hosting environment
Hey Nick, On 2/28/06, Nick Larsen <[EMAIL PROTECTED]> wrote: > Hey Members, > > I have done a little research on Jails and setting them up, and managed to > get one going at one stage and managed to somehow destroy it. > I'm new to Jails, and I would like to use a real jail then just using a > chroot jail. > > Where I work, we use the Ensim software for hosting, and I find that very > pricey and sluggish (and it runs on Fedora rather than Linux). > They use a technique of chrooting sites and the sites users into an > environment in /home/virtual/sitexxx/ I would like to be able to do the same > (but with Jail), but not quite sure how to go about it. Last time I tried to > `make world DESTDIR=/my/jail/path` it failed (cannot remember the details > right now) but it this where I start? Idealy, you will start with: man jail It gives some decent instruction on howto build a jail, different sysctl variables, and just some general info that is very useful. Also: man jexec jexec allows you to execute commands within a jail, without actually having to be inside the jail itself. So, you can run commands within a jail even if the jail is not running SSH (or telnet, rsh etc...) (you don't need to login to the jail). This is an excellent feature because it allows you to have a web server you can't exactly login to, reducing the total amount of exposure to the server. Anyway... Attached is a couple of little scripts I put together sometime ago to help in building jails and automating the whole custom bootable ISO. The script make-rescue-iso.pl will need modification to match your FreeBSD version (was originally made for 5.3), so tuning the kernel config it builds and changing a couple version numbers so it can grab the bootable floppies should be no drama... make-jail.pl on the otherhand I used the other day without any problems. make-jail.pl -s /usr/src -d /destination/directory It'll then create a copy of /etc/make.conf called /etc/make.conf.jail and ask you to edit it with your editor, then it'll build away and need no further input. > Also do I need an individual IP for each jail? because each physical server > will have 1 IP unless the customer requests a dedicated IP. You can definately share IP addresses across jails, but each JAIL cannot bind the same ports, for obvious reasons. So you can't have two jails, with two webservers, both listening on port 80, but you can definately have two jails with two webservers, one listening on port 80, the other on any port that is unused that you specify. > Any help would be appreciated, and I have tried to research it but end up > going round in circles. > > -- > Regards, > > Nick Larsen > Wellington > NEW ZEALAND Daniel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Building a Jail in FreeBSD or NetBSD for a hosting environment
Nick Larsen wrote: Hey Members, I have done a little research on Jails and setting them up, and managed to get one going at one stage and managed to somehow destroy it. I'm new to Jails, and I would like to use a real jail then just using a chroot jail. Where I work, we use the Ensim software for hosting, and I find that very pricey and sluggish (and it runs on Fedora rather than Linux). They use a technique of chrooting sites and the sites users into an environment in /home/virtual/sitexxx/ I would like to be able to do the same (but with Jail), but not quite sure how to go about it. Last time I tried to `make world DESTDIR=/my/jail/path` it failed (cannot remember the details right now) but it this where I start? Also do I need an individual IP for each jail? because each physical server will have 1 IP unless the customer requests a dedicated IP. Any help would be appreciated, and I have tried to research it but end up going round in circles. -- Regards, Nick Larsen Wellington NEW ZEALAND ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" Hi, I've recently found great guide for creating jails - here is the link: http://www.section6.net/wiki/index.php/Creating_a_FreeBSD_Jail. It is really not so hard to get it up and runing. You can only get into troubles when trying to get to work some programs/daemons because of jail limitations. Pavel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Building a Jail in FreeBSD or NetBSD for a hosting environment
Cool, Thanks people for your help. That documentation that *Pavel Duda* sent me seems excellant, I had a quick read last night and it's making sense. I'll give it another go in FreeBSD (just don't wanna blitz my NetBSD machine just yet, but I have a bunch of old machines lol) Thanks again. On 3/1/06, Pavel Duda <[EMAIL PROTECTED]> wrote: > > Nick Larsen wrote: > > Hey Members, > > > > I have done a little research on Jails and setting them up, and managed > to > > get one going at one stage and managed to somehow destroy it. > > I'm new to Jails, and I would like to use a real jail then just using a > > chroot jail. > > > > Where I work, we use the Ensim software for hosting, and I find that > very > > pricey and sluggish (and it runs on Fedora rather than Linux). > > They use a technique of chrooting sites and the sites users into an > > environment in /home/virtual/sitexxx/ I would like to be able to do the > same > > (but with Jail), but not quite sure how to go about it. Last time I > tried to > > `make world DESTDIR=/my/jail/path` it failed (cannot remember the > details > > right now) but it this where I start? > > > > Also do I need an individual IP for each jail? because each physical > server > > will have 1 IP unless the customer requests a dedicated IP. > > > > Any help would be appreciated, and I have tried to research it but end > up > > going round in circles. > > > > -- > > Regards, > > > > Nick Larsen > > Wellington > > NEW ZEALAND > > ___ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > > > > > -- Regards, Nick Larsen Wellington NEW ZEALAND ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"