So i’ve got my two servers configured, up-to-date, with cowsay installed, so we’re ready to start building some jails.
The first thing I need is a ZFS zpool, for me a single disk will be fine (since we’re going to automate archiving and backups of our jails between the two servers)
Find your disks, everyone has there own way, I like to grep dmesg:
# dmesg | grep -o "ada[0-9]*.*MB "| sort -u ada0: 476940MB ada1: 476940MB
ada0 is my boot disk, and it’s where my base jail will run, ada1 is my ‘data’ disk where i’m going to store all my jails and VM’s. Seeing as i’m only going to have a small zpool i’m calling mine puddle:
# zpool create puddle /dev/ada1
I’m going to create a ZFS for jails in my zpool:
# zfs create puddle/jails
Now ZFS is done we need to install ezjail, it’s going to make jails.. easy:
# cd /usr/ports/*/ezjail # make install
Next up we need to edit the ezjail config to leverage ZFS, which is going to make our jails even easier to manage, and opens up options like disk space quotas, compression, deduplication and lots more. Open up the file /usr/local/etc/ezjail.conf in vim and navigate to ZFS options. There’s three lines i’m going to change:
ezjail_use_zfs="YES" ezjail_use_zfs_for_jails="YES" ezjail_jailzfs="puddle/jails"
This tells ezjail to create each new jail in a seperate ZFS volume in my pool under puddle/jails. We’re going to want to edit our /etc/rc.conf file now, to enable ZFS and ezjail at system boot.
The Base Jail
Now we can get our first jail installed, the first one is going to be what’s called a base jail, it’s going to contain a full FreeBSD userland that all our other jails can use, this means that new jails after this one will only cost us a few mb and will be created in a matter of seconds. Here we go then, install your base jail with the sources and the ports tree:
# ezjail-admin install -sp
Moving forward you can update all your jails in one go (by updating the base) using:
# ezjail-admin update -u
You should also try to keep your base jail ports tree up to date using:
ezjail-admin update -P
The proper Jail
That’s all the base components sorted, let’s create our first proper jail! For my first jail i’m going to build a DNS and DHCP server. First we need to create a alias from one of our network interfaces for the jail to use. I have a gigabit ethernet, a thunderbolt -> gigabit ethernet and a USB -> gigabit ethernet adapter in each of my mac mini’s, for this jail i’m going to use the interface bge1, the IP address 192.168.0.100, the netmask 255.255.255.0 and the detault gateway already set in my rc.conf, you should replace these values with your own:
# ifconfig bge1 alias 192.168.0.100 netmask 255.255.255.0
You should add it to your rc.conf file as well, so it get’s created at boot:
# echo 'ifconfig_bge1_alias0="inet 192.168.0.100 netmask 255.255.255.0"' >> /etc/rc.conf
Now i’m going to create my jail using the IP address I set earlier and i’m giving it the name Iris.core.net (I’m using Greek gods for FreeBSD systems and jails and Norse gods for others :), core.net is my internal domain):
# ezjail-admin create Iris.core.net 192.168.0.100
I haven’t got a DNS server set up yet so best copy my resolv.conf into the jail:
cp /etc/resolv.conf /puddle/jails/Iris.core.net/etc
Start up the ezjail service:
# service ezjail start
Confirm your jail is running with the jls command:
Done! Your first FreeBSD jail is up and running, with the exeption of applying updates it is as far as we are concerned a full and ‘proper’ FreeBSD server. For now it’s got frea roam of the hosts resources, but as we progress we’ll start locking things down to limit CPU memory and disk space, building jails that we can failover between hosts and all that other good stuff.
Open up a root console to your first jail and enjoy:
# ezjail-admin console Iris.core.net
Control your jail with:
# ezjail-admin stop|start|restart Iris.core.net
In the next post we’ll turn this jail into the networks primary DNS and DHCP server.