diff options
-rw-r--r-- | man7/ezjail.7 | 64 | ||||
-rw-r--r-- | man8/ezjail-admin.8 | 277 |
2 files changed, 168 insertions, 173 deletions
diff --git a/man7/ezjail.7 b/man7/ezjail.7 index 8b3b2fb..03f11c5 100644 --- a/man7/ezjail.7 +++ b/man7/ezjail.7 | |||
@@ -352,46 +352,50 @@ librairies, you may want to remove the old library versions. It is | |||
352 | often a good idea to update the jails when a new kernel is installed | 352 | often a good idea to update the jails when a new kernel is installed |
353 | in the host, using the same sources. | 353 | in the host, using the same sources. |
354 | .Ss Starting Jails | 354 | .Ss Starting Jails |
355 | The ezjail script | 355 | Like all |
356 | .Xr rc 8 | ||
357 | scripts, the ezjail script | ||
356 | .Pa EZJAIL_PREFIX/etc/rc.d/ezjail.sh | 358 | .Pa EZJAIL_PREFIX/etc/rc.d/ezjail.sh |
357 | takes parameters | 359 | accepts parameters |
358 | .Cm start , startcrypto , restart | 360 | .Cm start , restart No and Cm stop, No running, restarting and stopping |
359 | and | 361 | all (non-blocking) jails under ezjail's control by default. When passed an |
360 | .Cm stop . | 362 | additional list of jails, only these jails are acted upon. |
361 | It may be passed an additional list of jails. If no jail name is | ||
362 | specified (usually when the script is called by the rc system at boot | ||
363 | and shutdown time), all jails in ezjail's scope, except crypto image | ||
364 | jails (or jails marked as blocking), are started/stopped. To start all | ||
365 | crypto image jails (or those depending on them), use the | ||
366 | .Cm startcrypto | ||
367 | parameter. | ||
368 | .Pp | 363 | .Pp |
369 | The | 364 | The order in which jails are started is determined by the |
370 | .Nm Cm start | 365 | .Xr rcorder 8 |
371 | command provides the same functionnality. | 366 | tool, using cues from the jail configurations in ezjails |
367 | .Pa EZJAIL_PREFIX/etc/ezjail | ||
368 | control directory. | ||
372 | .Pp | 369 | .Pp |
373 | The script examines its config, attaches and mounts images, and sets | 370 | The script examines its config, attaches and mounts images, and sets |
374 | variables for each jail in the jail_list before passing its command on | 371 | variables for each jail in the list before passing its command on |
375 | to the | 372 | to the |
376 | .Pa /etc/rc.d/jail | 373 | .Pa /etc/rc.d/jail |
377 | script. | 374 | script. |
378 | .Pp | 375 | .Pp |
379 | .Cm ezjail.sh | 376 | To interactively start all crypto image jails (or those depending on |
380 | enforces the execution of \fB/etc/rc.d/jail\fR, by prepending | 377 | them), that were not automatically started during booting, use the |
381 | .Em one | 378 | .Cm startcrypto |
382 | to the start, restart, and stop commands so it is | 379 | parameter. |
383 | .Em NOT NECESSARY | 380 | .Pp |
384 | to set | 381 | Note that jails configured to be in the |
385 | .Dq Li $jail_enable | ||
386 | in the | ||
387 | .Xr /etc/rc.conf 5 | ||
388 | config file. | ||
389 | .Pp | ||
390 | It is possible to set jails as either | ||
391 | .Em norun | 382 | .Em norun |
392 | (using | 383 | state (using |
393 | .Nm Cm config Fl r Ar norun Ar jailname ) | 384 | .Nm Cm config Fl r Ar norun Ar jailname ) |
394 | or as blocking | 385 | are never started by the ezjail.sh script. |
386 | .Pp | ||
387 | As a convenient shortcut, the | ||
388 | .Nm Cm | ||
389 | command invokes the rc.d script and passes the corresponding parameters, | ||
390 | if they look like valid parameters. | ||
391 | .Pp | ||
392 | Even if ezjail is not enabled in the | ||
393 | .Xr rc.conf 5 , | ||
394 | ezjail.sh can be used to start and stop jails by prepending | ||
395 | .Cm force No or Cm one No to the Cm start, restart No or Cm stop No parameter. | ||
396 | Refer to | ||
397 | .Xr rc 8 | ||
398 | for details. | ||
395 | .Ss Remarks & Tips | 399 | .Ss Remarks & Tips |
396 | Jails can be either accessed from the network, for instance by using | 400 | Jails can be either accessed from the network, for instance by using |
397 | .Xr ssh 1 , | 401 | .Xr ssh 1 , |
diff --git a/man8/ezjail-admin.8 b/man8/ezjail-admin.8 index 78ae8df..be6fb33 100644 --- a/man8/ezjail-admin.8 +++ b/man8/ezjail-admin.8 | |||
@@ -72,8 +72,7 @@ The description of some options ends with | |||
72 | .Sq Variable: Dq Li $ezjail_abcd . | 72 | .Sq Variable: Dq Li $ezjail_abcd . |
73 | This means that the default value of the option may be overridden by setting | 73 | This means that the default value of the option may be overridden by setting |
74 | this variable in | 74 | this variable in |
75 | .Xr ezjail.conf 5 , | 75 | .Xr ezjail.conf 5 . |
76 | which see. | ||
77 | .Ss Nm Cm install | 76 | .Ss Nm Cm install |
78 | This function sub-command is normally run once in the life of the ezjail | 77 | This function sub-command is normally run once in the life of the ezjail |
79 | environment. It allocates the directory structure used by ezjail and populates | 78 | environment. It allocates the directory structure used by ezjail and populates |
@@ -98,7 +97,7 @@ The following options are available: | |||
98 | Fetch and install man pages (ca. 10MB). | 97 | Fetch and install man pages (ca. 10MB). |
99 | .It Fl M | 98 | .It Fl M |
100 | Fetch and install man pages, without (re)installing the base jail. May be used | 99 | Fetch and install man pages, without (re)installing the base jail. May be used |
101 | to add the man pages to the base jail after the intial installation. | 100 | to add the man pages to the base jail after the initial installation. |
102 | .It Fl s | 101 | .It Fl s |
103 | Fetch and install sources (ca. 450MB). | 102 | Fetch and install sources (ca. 450MB). |
104 | .It Fl S | 103 | .It Fl S |
@@ -147,9 +146,10 @@ sub-command for this. | |||
147 | .El | 146 | .El |
148 | .Ss Nm Cm create | 147 | .Ss Nm Cm create |
149 | Create a new jail inside ezjail's scope. It either copies the new jail | 148 | Create a new jail inside ezjail's scope. It either copies the new jail |
150 | directory tree template or an ezjail archive directory tree to | 149 | directory tree template or an ezjail archive directory tree to new jail root |
150 | directory, | ||
151 | .Pa /usr/jails/ Ns Ar jailname | 151 | .Pa /usr/jails/ Ns Ar jailname |
152 | directory tree. Jailname and IP address are mandatory parameters. | 152 | by default. Jailname and IP address are mandatory parameters. |
153 | .Pp | 153 | .Pp |
154 | When a new jail is created, a corresponding new | 154 | When a new jail is created, a corresponding new |
155 | .Pa /etc/fstab. Ns Ar jailname | 155 | .Pa /etc/fstab. Ns Ar jailname |
@@ -167,7 +167,16 @@ such as | |||
167 | .Dq Li jail1 ) , | 167 | .Dq Li jail1 ) , |
168 | but really any name may be used. | 168 | but really any name may be used. |
169 | .Pp | 169 | .Pp |
170 | It is an error to have several jails of the same name. | 170 | It is an error to have several jails of the same name, note that due to |
171 | ezjail's internal jailname sanitation, | ||
172 | .Dq Li sand-box.com | ||
173 | and | ||
174 | .Dq Li sand_box_com | ||
175 | are considered identical. Some names such as | ||
176 | .Dq Li basejail | ||
177 | and | ||
178 | .Dq Li flavours | ||
179 | are reserved for ezjails internal administrative purposes. | ||
171 | .It Ar ipaddress Ns Op Ar ,ipaddress2,... | 180 | .It Ar ipaddress Ns Op Ar ,ipaddress2,... |
172 | The IP address or addresses of the jail. Since FreeBSD 7.2, it is possible to | 181 | The IP address or addresses of the jail. Since FreeBSD 7.2, it is possible to |
173 | assign several several IPv4 or IPv6 addresses to a jail, by separating them | 182 | assign several several IPv4 or IPv6 addresses to a jail, by separating them |
@@ -179,33 +188,8 @@ The addresses of the jail are not configured on the host. | |||
179 | will display a warning if the requested address is not found on any interface, | 188 | will display a warning if the requested address is not found on any interface, |
180 | and the jail will probably not start. | 189 | and the jail will probably not start. |
181 | .Pp | 190 | .Pp |
182 | XXX: is the following relevant, except maybe the warning about dynamic | 191 | It is common to bind jails to loopback addresses, so they provide services |
183 | addresses? | 192 | visible to other jails only. |
184 | .Pp | ||
185 | This is the static (premanent, never changes) public internet | ||
186 | routable ip address assigned to you by your ISP. If you purchased a | ||
187 | continous block of static public internet routable ip address, then each | ||
188 | jail could be assigned one of those individual ip address from the block. | ||
189 | .Pp | ||
190 | Normally phone dialup PPP access and cable providers assign | ||
191 | dynamic ip address. The assigned ip address may change every time you | ||
192 | dialup and with cable providers when the lease time expires or you | ||
193 | reboot your system. \fBUse dynamic ip address at your own risk.\fR | ||
194 | .Pp | ||
195 | On the host issue 'ifconfig -a' command to see your assigned ip address. | ||
196 | Your host /etc/rc.conf should have ifconfig_XXX="DHCP" where XXX is | ||
197 | the 'unit name' of the NIC card facing the public internet. You will | ||
198 | also need this same ifconfig_XXX="DHCP" statement in the rc.conf of | ||
199 | each jail to enable the public network for that jail. | ||
200 | .Pp | ||
201 | If your host is acting as a 'gateway' (IE. has a LAN behind it), you | ||
202 | can provide jails for LAN access only. In this configuration your host | ||
203 | /etc/rc.conf should have ifconfig_XXX="inet x.x.x.x" where XXX is | ||
204 | the 'unit name' of the NIC card facing the private LAN | ||
205 | (local-area-network), where x.x.x.x is a private ip address from the | ||
206 | list of reserved non-public routable ip address. You will also need | ||
207 | this same ifconfig_XXX="inet x.x.x.x" statement in the rc.conf of each | ||
208 | jail to enable the lan network for that jail. | ||
209 | .El | 193 | .El |
210 | .Pp | 194 | .Pp |
211 | The following options are available: | 195 | The following options are available: |
@@ -238,37 +222,38 @@ See also | |||
238 | if you only want to revert to an old jail's state from an archive on the same | 222 | if you only want to revert to an old jail's state from an archive on the same |
239 | release version. | 223 | release version. |
240 | .It Fl x | 224 | .It Fl x |
241 | This flag indicates that an jail of that name already exists. In this case, | 225 | This flag indicates that a jail root directory for that jail already exists. |
242 | ezjail will only update the configuration of the jail. Sanity checks are | 226 | In this case, ezjail will only import the jail to its control directory. Sanity |
243 | performed. | 227 | checks are performed. |
244 | .It Fl f Ar flavour | 228 | .It Fl f Ar flavour |
245 | Install the requested | 229 | Install the requested |
246 | .Ar flavour | 230 | .Ar flavour |
247 | in the new jail. | 231 | in the new jail. Refer to |
232 | .Xr ezjail 7 | ||
233 | for more details on flavours. | ||
248 | .Pp | 234 | .Pp |
249 | This option may not be used with the | 235 | This option may not be used with the |
250 | .Fl a | 236 | .Fl a |
251 | option. | 237 | option. |
252 | .It Fl c Cm simple | bde | eli | zfs | 238 | .It Fl c Cm simple | bde | eli | zfs |
253 | Create a jail of the given type. | 239 | Create an image jail of the given type. |
254 | .Pp | 240 | .Pp |
255 | A | 241 | .Cm simple, No Cm bde No and Cm eli |
256 | .Cm simple | 242 | image jails are file backed memory discs attached as |
257 | jail is backed with a single file. The jail will not be allowed to grow beyond | 243 | .Xr md 4 |
258 | its allocated size. The base jail is included in the image, making it portable | 244 | devices, so the jail can never grow beyond its allocated size and can |
259 | between hosts running the same (or sufficiently close) version of FreeBSD. The | 245 | even be mounted read only. The jail will be stored in a file named |
260 | jail will be stored in a file named | ||
261 | .Ar jailname Ns Pa .img , | 246 | .Ar jailname Ns Pa .img , |
262 | unless | 247 | unless |
263 | .Fl r Ar jailroot | 248 | .Fl r Ar jailroot |
264 | is given, in which case the jail is stored in | 249 | is given, in which case the jail is stored in |
265 | .Ar jailroot Ns Pa .img . | 250 | .Ar jailroot Ns Pa .img . |
266 | .Pp | 251 | .Pp |
267 | A | 252 | Both |
268 | .Cm bde No or Cm eli | 253 | .Cm bde No and Cm eli |
269 | jail is a | 254 | jails use the |
270 | .Cm simple | 255 | .Xr geom 4 |
271 | jail whose file has been encrypted using | 256 | framework to encrypt all data written to the image file using |
272 | .Xr gbde 4 | 257 | .Xr gbde 4 |
273 | (for | 258 | (for |
274 | .Cm bde ) | 259 | .Cm bde ) |
@@ -276,24 +261,27 @@ or | |||
276 | .Xr geli 8 | 261 | .Xr geli 8 |
277 | (for | 262 | (for |
278 | .Cm eli ) . | 263 | .Cm eli ) . |
279 | See also the | 264 | .Pp |
265 | Unless you pass some options to the encryption geom commands using the | ||
280 | .Fl C | 266 | .Fl C |
281 | flag when creating this kind of jail. | 267 | parameter, you will be prompted for a passphrase to protect the crypto |
268 | image. Note that, since starting normal encrypted image jails requires user | ||
269 | interaction to enter the passphrase, they will | ||
270 | .Cm NOT automatically be started at boot time. No Use | ||
271 | .Cm ezjail-admin startcrypto No to manually start all crypto image jails. | ||
282 | .Pp | 272 | .Pp |
283 | A | 273 | A |
284 | .Cm zfs | 274 | .Cm zfs |
285 | jail is backed with a | 275 | jail is backed with a |
286 | .Xr zfs 8 | 276 | .Xr zfs 8 |
287 | volume, whose initial quota is given with the | 277 | filesystem, whose initial quota is given with the |
288 | .Fl s | 278 | .Fl s |
289 | option. The volume is compressed using the lzjb method. The volume is created | 279 | option. The filesystem is created in the |
290 | in the | 280 | .Dq Li $ezjail_jailzfs |
291 | .Cm ezjail_jailzfs | 281 | zpool and by default compressed using the lzjb method, as set in the |
292 | data set, if set in | 282 | .Dq Li ezjail_zfs_jail_properies |
293 | .Xr ezjail.conf 5 . | 283 | variable, both values configured in |
294 | .Pp | 284 | .Xr ezjail.conf 5 |
295 | XXX: from the code, it looks like the user needs to have done | ||
296 | ezjail-admin install with ezjail_use_zfs. Is that correct? | ||
297 | .Pp | 285 | .Pp |
298 | In each case, the | 286 | In each case, the |
299 | .Fl s | 287 | .Fl s |
@@ -303,34 +291,38 @@ suffix in the case of file-based jails) will be created and used as a mount | |||
303 | point when running the jail. | 291 | point when running the jail. |
304 | .It Fl s Ar imagesize | 292 | .It Fl s Ar imagesize |
305 | Allocate this size to the jail. Without an unit, the size is in bytes. The | 293 | Allocate this size to the jail. Without an unit, the size is in bytes. The |
306 | valid suffix values are b/B for bytes, k/K for kilobytes, m/M for megabytes, | 294 | valid suffix values are b/B for blocks (i. e. 512 bytes), k/K for kilobytes, |
307 | and g/G for gigabytes. As a reference point, a newly created jail requires | 295 | m/M for megabytes, and g/G for gigabytes. As a reference point, a newly |
308 | 2MB. | 296 | created jail requires 2 MB. |
309 | .Pp | 297 | .Pp |
310 | It is not possible to increase the size of file-based jails after their | 298 | It is not possible to increase the size of file-based jails after their |
311 | creation, short of creating a new image jail with a larger size. | 299 | creation, short of creating a new image jail with a larger size. |
312 | .It Fl C Ar imageopt | 300 | .It Fl C Ar imageopt |
313 | Pass this argument to | 301 | Pass this argument to |
314 | .Li gbde No or Li geli init . | 302 | .Xr gbde 8 |
303 | or | ||
304 | .Xr geli 8 | ||
305 | when initialising crypto image jails. The | ||
315 | .Fl P No and Fl K | 306 | .Fl P No and Fl K |
316 | (and | 307 | (and |
317 | .Fl L | 308 | .Fl L |
318 | for | 309 | for |
319 | .Xr gbde 4 ) | 310 | .Xr gbde 4 ) |
320 | will be translated and passed to | 311 | options will be translated and passed to the respective attach command when |
321 | .Li gbde No or Li geli attach | 312 | starting the jail. You will have to escape parameters with single ticks to |
322 | when starting the jail. | 313 | protect them from shell expansion. |
323 | .It Fl i | 314 | .It Fl i |
324 | Synonym of | 315 | Synonym of |
325 | .Fl c Cm simple . | 316 | .Fl c Cm simple . |
326 | .It Fl b | 317 | .It Fl b |
327 | Don't start the jail at boot time. | 318 | Tell ezjail that starting this jail would block unattended reboots. This may |
319 | happen when certain services need private SSL keys that require the user to | ||
320 | interactively enter a passphrase. The jail is then not automatically started | ||
321 | at boot time. | ||
328 | .El | 322 | .El |
329 | .Ss Nm Cm console | 323 | .Ss Nm Cm console |
330 | Attach your console to the selected jail. You are logged in as root by | 324 | Attach your console to the selected jail. You are logged in as root by |
331 | default. The command line prompt shows the name of the jail. You have to | 325 | default. |
332 | use the pwd command to see where in the directory tree you are. Entering | ||
333 | \fBexit\fR will terminate the jail console. | ||
334 | .Pp | 326 | .Pp |
335 | The following options are available: | 327 | The following options are available: |
336 | .Bl -tag -width indent | 328 | .Bl -tag -width indent |
@@ -339,9 +331,10 @@ Start the jail if it is not running yet. | |||
339 | .It Fl e Ar command | 331 | .It Fl e Ar command |
340 | Use | 332 | Use |
341 | .Ar command | 333 | .Ar command |
342 | instead of | 334 | instead of the default |
343 | .Dq /usr/bin/login -f root . | 335 | .Dq /usr/bin/login -f root . |
344 | A one time change to use a different user can be accomplished by using | 336 | loogin command. A one time change to use a different user can be |
337 | accomplished by using | ||
345 | .Fl e Qq Li /usr/bin/login -f user . | 338 | .Fl e Qq Li /usr/bin/login -f user . |
346 | Variable: | 339 | Variable: |
347 | .Dq Li $ezjail_default_execute . | 340 | .Dq Li $ezjail_default_execute . |
@@ -381,32 +374,26 @@ If present, the third letter, | |||
381 | means that the jail is not automatically started. | 374 | means that the jail is not automatically started. |
382 | .Pp | 375 | .Pp |
383 | The following columns are the JID (when it is running), the IP addresses, the name and the full path directory name of the jail. | 376 | The following columns are the JID (when it is running), the IP addresses, the name and the full path directory name of the jail. |
384 | .Ss Nm Cm start | stop | restart | cryptostart Op Ar jailname ... | 377 | .Ss Nm Cm start | restart | stop | startcrypto Op Ar jailname ... |
385 | Execute the given action on | ||
386 | .Ar jailname , | ||
387 | or on all jails if the operand is omitted. Several jails may be specified. | ||
388 | .Pp | 378 | .Pp |
389 | As this is just a shortcut to the | 379 | This is a shortcut to the |
390 | .Xr rc 8 | 380 | .Xr rc 8 |
391 | .Cm ezjail | 381 | .Cm ezjail.sh |
392 | script, if ezjail is not enabled in | 382 | script. Refer to |
383 | .Xr ezjail 7 | ||
384 | section | ||
385 | .Pa Starting jails | ||
386 | for details. | ||
387 | .Pp | ||
388 | Note that, if ezjail is not enabled in | ||
393 | .Xr rc.conf 5 | 389 | .Xr rc.conf 5 |
394 | with | 390 | with |
395 | .Dq Li ezjail_enable= Ns Qq Li YES , | 391 | .Dq Li ezjail_enable= Ns Qq Li YES , |
396 | nothing will be done. Prefix the action with | 392 | nothing happens. |
397 | .Cm one | 393 | .Pp |
398 | (as in | 394 | Since starting crypto image jails requires interaction with the administrator, they are not run at |
399 | .Cm onestart , | 395 | boot time. Use |
400 | etc.) to force the action regardless of the value of | 396 | .Cm startcrypto No to run them all at once. |
401 | .Dq Li $ezjail_enable . | ||
402 | .Pp | ||
403 | .Cm cryptostart | ||
404 | is used to start jails that use | ||
405 | .Xr gbde 4 | ||
406 | or | ||
407 | .Xr geli 8 | ||
408 | encryption. Those jails require interaction with the administrator | ||
409 | when starting. | ||
410 | .Ss Nm Cm config Ar jailname | 397 | .Ss Nm Cm config Ar jailname |
411 | Manage parameters of specific ezjails. For running jails, most of the | 398 | Manage parameters of specific ezjails. For running jails, most of the |
412 | configuration changes described below will not be applied until the next time | 399 | configuration changes described below will not be applied until the next time |
@@ -416,7 +403,7 @@ The following options are available: | |||
416 | .Bl -tag -width indent | 403 | .Bl -tag -width indent |
417 | .It Fl r Cm run | norun | 404 | .It Fl r Cm run | norun |
418 | Set the jail to be automatically started or not on boot. | 405 | Set the jail to be automatically started or not on boot. |
419 | .It Fl n An newname | 406 | .It Fl n Ar newname |
420 | Rename the jail. Unless a custom root directory was given with the | 407 | Rename the jail. Unless a custom root directory was given with the |
421 | .Fl r | 408 | .Fl r |
422 | flag when creating the jail, the root directory will be renamed as well. A | 409 | flag when creating the jail, the root directory will be renamed as well. A |
@@ -453,26 +440,21 @@ Stop the jail before deleting it. | |||
453 | .It Fl w | 440 | .It Fl w |
454 | Delete the directory or the file backing the jail. | 441 | Delete the directory or the file backing the jail. |
455 | .El | 442 | .El |
456 | .Ss Nm Cm archive | 443 | .Ss Nm Cm archive Op jailname |
457 | Create a backup of one, multiple or all ezjails. The specified service | 444 | Create a backup of one or all jails. The jail's root directory tree is backed |
458 | jail's root directory tree is backed up as a | 445 | up as a |
459 | .Xr pax 1 | 446 | .Xr pax 1 |
460 | file. The jail needs to be stopped. | 447 | archive. By default, the jail needs to be stopped. |
461 | .Pp | ||
462 | See | ||
463 | .Nm Cm restore | ||
464 | or | ||
465 | .Nm Cm create Fl a Ar archive | ||
466 | to restore an archive. | ||
467 | .Pp | ||
468 | The basejail can not be archived. There is no ezjail function to | ||
469 | delete archive files; they may be removed from the host using | ||
470 | .Xr rm 1 . | ||
471 | .Bl -tag -width indent | 448 | .Bl -tag -width indent |
449 | .It Fl A | ||
450 | Archive all jails. You must neither specify an archivename nor a jailname in | ||
451 | this case. | ||
472 | .It Fl a Ar archivename | 452 | .It Fl a Ar archivename |
473 | Use this name for the archive file. If absent, the archive file name | 453 | Use this name for the archive file. If absent, the archive file name is |
474 | is derived from the jail name, with the date and time of the archive | 454 | derived from the jail name, with the current date and time appended to the |
475 | appended to the file name. | 455 | archive's file name. Use |
456 | .Pa - | ||
457 | to write to stdout. | ||
476 | .It Fl d Ar directory | 458 | .It Fl d Ar directory |
477 | Save the archive in this directory. If this option is not given and | 459 | Save the archive in this directory. If this option is not given and |
478 | .Dq Li $ezjail_archivedir | 460 | .Dq Li $ezjail_archivedir |
@@ -481,13 +463,13 @@ Variable: | |||
481 | .Dq Li $ezjail_archivedir . | 463 | .Dq Li $ezjail_archivedir . |
482 | .It Fl f | 464 | .It Fl f |
483 | Archive the jail even when it is running. | 465 | Archive the jail even when it is running. |
484 | .It Fl A | ||
485 | Archive all jails. | ||
486 | .It Ar jailname | ||
487 | Archive only this jail. This argument is mandatory if | ||
488 | .Fl a | ||
489 | is not given. | ||
490 | .El | 466 | .El |
467 | .Pp | ||
468 | Use | ||
469 | .Nm Cm restore | ||
470 | or | ||
471 | .Nm Cm create Fl a Ar archive | ||
472 | to restore an archive. | ||
491 | .Ss Nm Cm restore | 473 | .Ss Nm Cm restore |
492 | Create new ezjails from archived versions. It tries to collect all | 474 | Create new ezjails from archived versions. It tries to collect all |
493 | information necessary to do that without user interaction from the | 475 | information necessary to do that without user interaction from the |
@@ -502,43 +484,46 @@ will use the most recent archive file matching the name you specified. | |||
502 | To restore an older version, specify the complete archive file name | 484 | To restore an older version, specify the complete archive file name |
503 | (file name with the date and time of the archive appended to it). | 485 | (file name with the date and time of the archive appended to it). |
504 | .El | 486 | .El |
487 | .Pp | ||
505 | The following options are available: | 488 | The following options are available: |
506 | .Bl -tag -width indent | 489 | .Bl -tag -width indent |
507 | .It Fl d Ar archivedir | 490 | .It Fl d Ar archivedir |
508 | Search the archive file in this directory. If this option is not given and | 491 | Search the archive file in this directory. If this option is not given, the |
509 | .Dq Li $ezjail_archivedir | 492 | archive is searched in |
510 | is not set, the archive is searched in the current directory. Variable: | ||
511 | .Dq Li $ezjail_archivedir . | 493 | .Dq Li $ezjail_archivedir . |
512 | .It Fl f | 494 | .It Fl f |
513 | Restore the archive even if running on a host different from | 495 | Restore the archive even if running on a host different from |
514 | where it was archived. Be default, | 496 | where it was archived. Be default, |
515 | .Nm | 497 | .Nm |
516 | will refuse to restore an archive if the hostname, the FreeBSD version | 498 | will refuse to restore an archive if the archived host system's hostname, |
517 | or the CPU architecture is modified. | 499 | its FreeBSD version or CPU architecture do not match the current host. |
518 | .El | 500 | .El |
519 | .Ss Nm Cm update | 501 | .Ss Nm Cm update |
520 | Creates or updates ezjail's basejail from source. This performs a | 502 | Updates ezjail's basejail, or in the |
521 | .Dq make world ; make installworld | 503 | .Fl b |
522 | using the basejail's RELEASE source located at | 504 | or |
523 | .Pa /usr/src | 505 | .Fl i |
524 | (but see the | 506 | case, install a FreeBSD world from source to be used as basejail. |
525 | .Fl s | ||
526 | option). Exactly one of | ||
527 | .Fl b , i , u , P | ||
528 | is mandatory. | ||
529 | .Pp | ||
530 | See the | ||
531 | .Cm install | ||
532 | command to install the basejail from binary packages. | ||
533 | .Pp | 507 | .Pp |
534 | Exactly one of the following operand must be specified: | 508 | Exactly one of the following operand must be specified: |
535 | .Bl -tag -width indent | 509 | .Bl -tag -width indent |
536 | .It Fl b | 510 | .It Fl b |
537 | Build and install a world from source located in the basejail. | 511 | Build a world from source and install it as the (updated) basejail. |
512 | .Dq make buildworld ; make installworld | ||
513 | by default using the sources located at | ||
514 | .Pa /usr/src | ||
515 | (but see the | ||
516 | .Fl s | ||
517 | option). | ||
518 | .Pp | ||
519 | As the old basejail is not deleted, but merely overwritten, this usually | ||
520 | leaves all jails in a state where they still find older versions of libraries | ||
521 | they were linked against. | ||
538 | .It Fl i | 522 | .It Fl i |
539 | Perform a | 523 | As above but only perform a |
540 | .Qq make installworld , | 524 | .Dq make installworld , |
541 | assuming the world has already been built. | 525 | assuming the world has already been built. That is highly likely since it is |
526 | recommended to update the basejail along with the host system. | ||
542 | .It Fl u | 527 | .It Fl u |
543 | Use | 528 | Use |
544 | .Xr freebsd-update 8 | 529 | .Xr freebsd-update 8 |
@@ -549,14 +534,13 @@ uses | |||
549 | to determine the currently running system, the base jail and the host | 534 | to determine the currently running system, the base jail and the host |
550 | need to be updated at the same time, without rebooting on the new | 535 | need to be updated at the same time, without rebooting on the new |
551 | kernel in the meantime. | 536 | kernel in the meantime. |
552 | .Pp | ||
553 | Jails that are stored in a ZFS volume are snapshot first. | ||
554 | .It Fl P | 537 | .It Fl P |
555 | Install only the ports tree, assuming the basejail has already been | 538 | Install only the ports tree, assuming the basejail has already been |
556 | created.This can be done while jails are running. The | 539 | created. This can be done while jails are running. The |
557 | .Xr portsnap 8 | 540 | .Xr portsnap 8 |
558 | utility is invoked to do the actual work. | 541 | utility is invoked to do the actual work. |
559 | .El | 542 | .El |
543 | .Pp | ||
560 | The following options are available: | 544 | The following options are available: |
561 | .Bl -tag -width indent | 545 | .Bl -tag -width indent |
562 | .It Fl p | 546 | .It Fl p |
@@ -571,6 +555,13 @@ instead of | |||
571 | Variable: | 555 | Variable: |
572 | .Dq Li $ezjail_sourcetree . | 556 | .Dq Li $ezjail_sourcetree . |
573 | .El | 557 | .El |
558 | .Pp | ||
559 | See the | ||
560 | .Cm install | ||
561 | sub command to install the basejail from binary packages. | ||
562 | .Pp | ||
563 | If the basejail is managed in its own ZFS filesystem, a snapshot of that | ||
564 | filesystem is taken first. | ||
574 | .Sh FILES | 565 | .Sh FILES |
575 | .Pa EZJAIL_PREFIX/bin/ezjail-admin | 566 | .Pa EZJAIL_PREFIX/bin/ezjail-admin |
576 | .br | 567 | .br |