.TH ezjail\-admin 1 .SH NAME ezjail-admin \- Administrate ezjail .SH SYNOPSIS .T .B ezjail-admin create [-f flavour] [-r jailroot] [-x] .I hostname jailip .T .B ezjail-admin delete [-w] .I hostname .T .B ezjail-admin list .T .B ezjail-admin update [-s sourcetree] [-i] [-pP] .SH DESCRIPTION The .B ezjail-admin tool is used to manage jails inside the ezjail scope. It is not used to start or stop ezjails jails. Refer to ezjail(5) for more details. .SH ezjail-admin create copies the template jail to the root of a new jail, whose name and IP address are provided as mandatory parameters. If no jail root is specified via the -r option, it is derived from the jails name. In this case or, if a jail root is given and does not start with a '/', it is interpreted relative to ezjails root dir (default: .I /usr/jails ). If a specified jail root lies outside ezjail root dir, a soft link is created inside this root dir pointing to the newly created jails location. The -x (jail exists) option indicates, that an ezjail already exists at the jail root. .B In this case nothing is copied. ezjail only updates its config. This is useful in situations where you just want to alter some of a jail properties and called ezjail-admin delete without the -w option before. However, sanity checks are being performed. The script creates an entry in its config and a .I /etc/fstab.hostname file allowing the jail to be brought up after next reboot (or) via the EZJAIL_PREFIX/etc/rc.d/ezjail.sh script. The newly created jail can perform some initializiation actions, if the -f .I flavour option is given, where .I flavour is a directory tree under ezjails root dir (default: .I /usr/jails/flavours ). See section .B FLAVOURS below for more details. Options for newly created jails are read from .B ezjail.conf, refer to ezjail.conf(5) for more information. .SH ezjail-admin delete removes a jail from ezjails config and the corresponding .I /etc/fstab.hostname file, thus preventing the jail from being brought up on next reboot. If the -w (wipe) option is given, the directory pointed to by the jail root entry is removed as well as the soft link in ezjails root dir. .SH ezjail-admin list lists all jails inside ezjails scope, together with some information on them. .SH ezjail-admin update creates or update ezjails basejail. Depending on the parameters given it will install a FreeBSD system from a source tree whose location is either provided in the .B ezjail.conf config file or via the -s option. If the -p or -P options are given, the base jail also is given a copy of FreeBSDs ports tree, which is in turn linked into all newly created ezjails. If the -P option is given, .B only the ports tree will be checked out/updated, this can be done, while jails are running. If the -i (install only) option is given, .B ezjail-admin update only performes a .I make installworld, otherwise .I make world is invoked. .SH NOTES .B ezjail-admin update uses a temporary directory to install its world to, thus leaving intact all installed libraries, if a base jail already exists. When using the .B ezjail-admin update option, be careful to use the same FreeBSD source tree used to build the host systems world, or at least its kernel. Combining a make world in the host system with .B ezjail-admin update is considered a good idea. When a ports tree exists in base jail, a make.conf containing reasonable values for having ports in jails is created in the template jail. .SH FLAVOURS .B ezjail-admin provides an easy way to create many jails with similar or identical properties. Currently it supports creating users, installing files and installing packages. A sample flavour config directory resides under .I EZJAIL_PREFIX/share/examples/ezjail/default/. Some typical Jail initialization actions are demonstrated and you are encouraged to use it as a template for your flavours. If a flavour is selected on jail creation, the flavour root is being copied to the new Jails root, mostly containing an .I /ezjail.flavour . If the Jail starts up for the first time it runs a setup script found at .I /etc/rc.d/ezjail-config.sh. This script will create some users specified in the flavour config. It will then chown files specified in the flavour config. (This allows chown-ing files to users only created by the config script.) All packages residing under .I /pkg will be pkg_install-ed. Finally the script .I /ezjail.postinstall is being sourced, if it exists. .I ezjail-config.sh then removes all traces, including itself. .SH EZJAIL.FLAVOUR The ezjail.flavour file found in a flavour directory usually provides two variables: .B ezjail_flavour_users .br a white space separated list of colon separated entries passed to the pw command after some processing. Refer to the pw(8) man page for more information. Format of an entry in the list is: username:uid:group[,group2,..]:gid[,gid2,..]:comment:pw:[-]home:shell where each group specified in the group list is being created (with the given gid for each group) if possible and necessary, before the user is added to that group. The character '=' in the comment field is being substituted by ' ' (space) to simplify escaping. The pw is being written verbatim to the passwd db, see pw(8). If the home directory begins with a '-' (dash), it is meant not to be created by the pw command. The dash will of course be removed. It is not possible to specify a shell here that will be installed by a package in /pkg. .B ezjail_flavour_files .br a white space separated list of colon separated entries passed to the chown -R command after some processing. Refer to the chown(8) man page for more information. Format of an entry in the list is: user:group:file[:file2...] .SH EXAMPLES ezjail-admin update -p .br ezjail-admin create -f httpd -r /jails/web12 web12.test.org 10.0.1.12 .br EZJAIL_PREFIX/etc/rc.d/ezjail.sh start web12.test.org .br EZJAIL_PREFIX/etc/rc.d/ezjail.sh stop ns.test.org .br ezjail-admin delete ns.test.org .br ezjail-admin create -x -r /jails/ns ns.test.org 10.0.2.1 .SH BUGS Due to the way ezjail handles jail config files it is not possible to create multiple jails if their names are identical when piped through .B tr -C [:alnum:] _ Sure to be others. .SH FILES .T4 EZJAIL_PREFIX/etc/ezjail.conf .br EZJAIL_PREFIX/etc/rc.d/ezjail.sh .br EZJAIL_PREFIX/share/examples/ezjail/ .SH "SEE ALSO" ezjail(5), ezjail.conf(5), jail(8), devfs(5), fdescfs(5), procfs(5), pw(8) .SH AUTHOR Dirk Engling