summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xman1/ezjail-admin.1153
-rwxr-xr-xman5/ezjail.546
2 files changed, 63 insertions, 136 deletions
diff --git a/man1/ezjail-admin.1 b/man1/ezjail-admin.1
index 3ab3b33..e004d28 100755
--- a/man1/ezjail-admin.1
+++ b/man1/ezjail-admin.1
@@ -4,34 +4,26 @@ ezjail-admin \- Administrate ezjail
4.SH SYNOPSIS 4.SH SYNOPSIS
5.T 5.T
6.B ezjail-admin create 6.B ezjail-admin create
7[-f flavour] [-r jailroot] [-s imagesize] [-ibx] [-c bde|eli] [-C attachargs] 7[-f flavour] [-r jailroot] [-s imagesize] [-ibx] [-c bde|eli] [-C attachargs]\fI hostname jailip
8.I hostname jailip
9 8
10.T 9.T
11.B ezjail-admin delete 10.B ezjail-admin delete \fR[-w] \fI hostname
12[-w]
13.I hostname
14 11
15.T 12.T
16.B ezjail-admin list 13.B ezjail-admin list
17 14
18.T 15.T
19.B ezjail-admin config 16.B ezjail-admin config\fR [-r run|norun] [-n newname] [-i attach|detach]\fI jailname
20[-r run|norun] [-n newname] [-i attach|detach]
21.I jailname
22 17
23.T 18.T
24.B ezjail-admin install 19.B ezjail-admin install\fR [-mps] [-h host] [-r release]
25[-mps] [-h host] [-r release]
26 20
27.T 21.T
28.B ezjail-admin update 22.B ezjail-admin update\fR [-s sourcetree] [-i] [-pP]
29[-s sourcetree] [-i] [-pP]
30.SH DESCRIPTION 23.SH DESCRIPTION
31The 24The \fB ezjail-admin\fR tool is used to manage jails inside the ezjail
32.B ezjail-admin 25scope. It is not used to start or stop ezjails jails. Refer to \fIezjail(5)\fR
33tool is used to manage jails inside the ezjail scope. It is not used 26for more details.
34to start or stop ezjails jails. Refer to ezjail(5) for more details.
35.SH ezjail-admin create 27.SH ezjail-admin create
36copies the template jail to the root of a new jail, whose name and IP 28copies the template jail to the root of a new jail, whose name and IP
37address are provided as mandatory parameters. 29address are provided as mandatory parameters.
@@ -39,17 +31,13 @@ address are provided as mandatory parameters.
39If no jail root is specified via the -r option, it is derived from 31If no jail root is specified via the -r option, it is derived from
40the jails name. In this case or, if a jail root is given and does not 32the jails name. In this case or, if a jail root is given and does not
41start with a '/', it is interpreted relative to ezjails root dir 33start with a '/', it is interpreted relative to ezjails root dir
42(default: 34(default: \fI/usr/jails\fR). If a specified jail root lies outside
43.I /usr/jails 35ezjail root dir, a soft link is created inside this root dir pointing
44). If a specified jail root lies outside ezjail root dir, a soft link 36to the newly created jails location.
45is created inside this root dir pointing to the newly created jails
46location.
47 37
48The -i and the -c option both require a size passed via the -s option 38The -i and the -c option both require a size passed via the -s option
49and create a file based jail image, gbde or geli encrypted for the -c 39and create a file based jail image, gbde or geli encrypted for the -c
50case. The image file is named as the jail root suffixed with 40case. The image file is named as the jail root suffixed with \fI.img\fR.
51.I .img
52.
53 41
54The -x (jail exists) option indicates, that an ezjail already exists 42The -x (jail exists) option indicates, that an ezjail already exists
55at the jail root. 43at the jail root.
@@ -58,30 +46,20 @@ This is useful in situations where you just want to alter some of a
58jail properties and called ezjail-admin delete without the -w option 46jail properties and called ezjail-admin delete without the -w option
59before. However, sanity checks are being performed. 47before. However, sanity checks are being performed.
60 48
61The script creates an entry in its config and a 49The script creates an entry in its config and a \Fi/etc/fstab.hostname\fR
62.I /etc/fstab.hostname
63file allowing the jail to be brought up after next reboot (or) via 50file allowing the jail to be brought up after next reboot (or) via
64the EZJAIL_PREFIX/etc/rc.d/ezjail.sh script. 51the EZJAIL_PREFIX/etc/rc.d/ezjail.sh script.
65 52
66The newly created jail can perform some initializiation actions, if the 53The newly created jail can perform some initializiation actions, if the
67-f 54-f \fIflavour\fR option is given, where \fIflavour\fR is a directory tree
68.I flavour 55under ezjails root dir (default: \fI/usr/jails/flavours\fR). See section
69option is given, where 56\fBFLAVOURS\fR below for more details.
70.I flavour 57
71is a directory tree under ezjails root dir (default: 58Options for newly created jails are read from \fBezjail.conf\fR, refer to
72.I /usr/jails/flavours 59ezjail.conf(5) for more information.
73). See section
74.B FLAVOURS
75below for more details.
76
77Options for newly created jails are read from
78.B ezjail.conf,
79refer to ezjail.conf(5) for more information.
80.SH ezjail-admin delete 60.SH ezjail-admin delete
81removes a jail from ezjails config and the corresponding 61removes a jail from ezjails config and the corresponding \fI/etc/fstab.hostname\fR
82.I /etc/fstab.hostname 62file, thus preventing the jail from being brought up on next reboot.
83file, thus preventing the jail from being brought
84up on next reboot.
85 63
86If the -w (wipe) option is given, the directory pointed to by the jail 64If the -w (wipe) option is given, the directory pointed to by the jail
87root entry is removed as well as the soft link in ezjails root dir. 65root entry is removed as well as the soft link in ezjails root dir.
@@ -89,28 +67,13 @@ root entry is removed as well as the soft link in ezjails root dir.
89lists all jails inside ezjails scope. They are sorted by the order they 67lists all jails inside ezjails scope. They are sorted by the order they
90start up, as defined by rcorder. The list format is straight forward. 68start up, as defined by rcorder. The list format is straight forward.
91 69
92A status flag consisting of 2 or 3 letters, the first meaning 70A status flag consisting of 2 or 3 letters, the first meaning \fB(D)irectory\fR
93.B (D)irectory 71based, \fB(I)mage\fR based, \fB(B)de\fR crypto image based, \fB(E)li\fR crypto
94based, 72image based. The second one meaning \fB(R)unning\fR, \fB(A)ttached\fR but not
95.B (I)mage 73running, \fB(S)topped\fR. An optional \fB(N)orun\fR stands for disabled jails (see
96based, 74\fIezjail-admin config\fR).
97.B (B)de 75
98crypto image based, 76Rest of the row is jails jid (if available), its IP, hostname and root directory.
99.B (E)li
100crypto image based. The second one meaning
101.B (R)unning
102,
103.B (A)ttached
104but not running,
105.B (S)topped
106. An optional
107.B (N)orun
108stands for disabled jails (see
109.I ezjail-admin config
110).
111
112Rest of the row is follow by jails jid (if available), its IP, hostname
113and root directory.
114.SH ezjail-admin config 77.SH ezjail-admin config
115manages existing specific ezjails. 78manages existing specific ezjails.
116 79
@@ -128,10 +91,9 @@ an attached jail.
128fetches everything needed to setup a base jail from an FTP server and 91fetches everything needed to setup a base jail from an FTP server and
129installs it. 92installs it.
130 93
131Default location for ezjails base jail is 94Default location for ezjails base jail is \fI/usr/jails\fR, so be sure you
132.I /usr/jails 95have enough space there (a FreeBSD base without man pages, sources and ports
133, so be sure you have enough space there (a FreeBSD base without man 96is around 120MB).
134pages, sources and ports is around 120MB).
135 97
136The -m and -s option will fetch and install man pages (ca. 10MB) and 98The -m and -s option will fetch and install man pages (ca. 10MB) and
137sources packages (ca. 450MB) respectively. The -p option invokes the 99sources packages (ca. 450MB) respectively. The -p option invokes the
@@ -149,60 +111,45 @@ If the specified location begins with file://, your local copy of the
149release is used. That way you can do some modifications to install.sh 111release is used. That way you can do some modifications to install.sh
150scripts before executing them. 112scripts before executing them.
151 113
152You can later update your world from CVS or update ports by 114You can later update your world from CVS or update ports by \fIezjail-admin
153.U ezjail-admin update 115update\fR or rerun this subcommand with another OS version.
154or rerun this subcommand with another OS version.
155.SH ezjail-admin update 116.SH ezjail-admin update
156creates or update ezjails basejail. Depending on the parameters 117creates or update ezjails basejail. Depending on the parameters
157given it will install a FreeBSD system from a source tree whose location 118given it will install a FreeBSD system from a source tree whose location
158is either provided in the 119is either provided in the \fBezjail.conf\fR config file or via the -s option.
159.B ezjail.conf
160config file or via the -s option.
161 120
162If the -p or -P options are given, the base jail also is given a copy of 121If the -p or -P options are given, the base jail also is given a copy of
163FreeBSDs ports tree, which is in turn linked into all newly created 122FreeBSDs ports tree, which is in turn linked into all newly created
164ezjails. The portsnap utility is invoked to do the actual work. 123ezjails. The portsnap utility is invoked to do the actual work.
165 124
166If the -P option is given, 125If the -P option is given, \fBonly the ports tree will be updated,\fR this can
167.B only the ports tree will be updated, 126be done, while jails are running.
168this can be done, while jails are running.
169 127
170If the -i (install only) option is given, 128If the -i (install only) option is given, \fBezjail-admin update\fR only
171.B ezjail-admin update 129performes a \fImake installworld,\fR otherwise \fImake world\fR is invoked.
172only performes a
173.I make installworld,
174otherwise
175.I make world
176is invoked.
177 130
178.SH NOTES 131.SH NOTES
179.B ezjail-admin update 132.B ezjail-admin update\fR uses a temporary directory to install its world to,
180uses a temporary directory to install its world to, thus leaving intact 133thus leaving intact all installed libraries, if a base jail already exists.
181all installed libraries, if a base jail already exists. 134
182 135When using the \fBezjail-admin update\fR option, be careful to use the same
183When using the 136FreeBSD source tree used to build the host systems world, or at least its
184.B ezjail-admin update 137kernel. Combining a make world in the host system with \fBezjail-admin update\fR
185option, be careful to use the same FreeBSD source tree used to build the
186host systems world, or at least its kernel. Combining a make world in the
187host system with
188.B ezjail-admin update
189is considered a good idea. 138is considered a good idea.
190 139
191When a ports tree exists in base jail, a make.conf containing reasonable 140When a ports tree exists in base jail, a make.conf containing reasonable
192values for having ports in jails is created in the template jail. 141values for having ports in jails is created in the template jail.
193.SH FLAVOURS 142.SH FLAVOURS
194.B ezjail-admin 143.B ezjail-admin\fR provides an easy way to create many jails with similar or
195provides an easy way to create many jails with similar or identical 144identical properties.
196properties.
197 145
198A sample flavour config directory resides under 146A sample flavour config directory resides under
199.I EZJAIL_PREFIX/share/examples/ezjail/default/. 147.I EZJAIL_PREFIX/share/examples/ezjail/default/.\fR Some typical Jail
200Some typical Jail initialization actions are demonstrated and you are 148initialization actions are demonstrated and you are encouraged to use it as a
201encouraged to use it as a template for your flavours. 149template for your flavours.
202 150
203If a flavour is selected on jail creation, the flavour root is being 151If a flavour is selected on jail creation, the flavour root is being
204copied to the new Jails root, mostly containing an 152copied to the new Jails root, mostly containing an \fI/ezjail.flavour\fR.
205.I /ezjail.flavour .
206If the Jail starts up for the first time this script is run. 153If the Jail starts up for the first time this script is run.
207 154
208In its default form it will create some groups and users, change the 155In its default form it will create some groups and users, change the
diff --git a/man5/ezjail.5 b/man5/ezjail.5
index 49fd0c6..f147ea9 100755
--- a/man5/ezjail.5
+++ b/man5/ezjail.5
@@ -11,44 +11,24 @@ effort and aims for minimum system resource usage.
11If you are not familiar with the FreeBSD jail concept, please refer to 11If you are not familiar with the FreeBSD jail concept, please refer to
12jail(8) before continuing. 12jail(8) before continuing.
13.SH OVERVIEW 13.SH OVERVIEW
14One 14One \fIbase jail\fR is filled with most userland binaries and libraries and
15.I base jail 15then mounted read only into a number of stripped down jails via
16is filled with most userland binaries and libraries and then mounted 16.B mount_nullfs(8)\fR - thus saving lots of inodes and memory resources.
17read only into a number of stripped down jails via
18.B mount_nullfs(8)
19- thus saving lots of inodes and memory resources.
20.SH INVOCATION 17.SH INVOCATION
21The ezjail script 18The ezjail script \fBEZJAIL_PREFIX/etc/rc.d/ezjail.sh\fR takes parameters \fIstart,
22.B EZJAIL_PREFIX/etc/rc.d/ezjail.sh 19startcrypto, restart\fR and \fIstop\fR. It may be passed an additional list of
23takes parameters 20jails. If no jail name is specified (usually when the script is being called by
24.I start, startcrypto, restart 21rc.local at boot and shutdown time), all jails in ezjails scope, except crypto
25and 22image jails (or jails marked as blocking), are being started/stopped. To start
26.I stop. 23all crytpo image jails (or those depending on them), use the \fIstartcrypto\fR parameter.
27It may be passed an additional list of jails. If no jail name is
28specified (usually when the script is being called by rc.local at boot
29and shutdown time), all jails in ezjails scope, except crypto image
30jails (or jails marked as blocking), are being started/stopped. To
31start all crytpo image jails (or those depending on them), use the
32.I startcrypto
33parameter.
34 24
35The script examines its config, attaches and mounts images, sets 25The script examines its config, attaches and mounts images, sets
36variables for each jail in the jail_list before passing its command on 26variables for each jail in the jail_list before passing its command on
37to the 27to the \fB/etc/rc.d/jail\fR script.
38.B /etc/rc.d/jail
39script.
40.SH NOTES 28.SH NOTES
41.B ezjail.sh 29.B ezjail.sh\fR enforces the execution of \fB/etc/rc.d/jail\fR, by
42enforces the execution of 30prepending \fI"one"\fR to the start, restart and stop commands so it is
43.B /etc/rc.d/jail, 31.B NOT NECESSARY\fR to set \fIjail_enable\fR in the \fB/etc/rc.conf\fR
44by prepending
45.I "one"
46to the start, restart and stop commands so it is
47.B NOT NECESSARY
48to set
49.I jail_enable
50in the
51.B /etc/rc.conf
52config file. 32config file.
53.SH FILES 33.SH FILES
54EZJAIL_PREFIX/etc/ezjail.conf 34EZJAIL_PREFIX/etc/ezjail.conf