summaryrefslogtreecommitdiff
path: root/man1/ezjail-admin.1
blob: a00494c41d6f33e21288ead20521429e20b3b732 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
.TH ezjail\-admin 1
.SH NAME
ezjail-admin \- Administrate ezjail
.SH SYNOPSIS
.T
.B ezjail-admin create
[-f flavour] [-r jailroot] [-s imagesize] [-cibx] [-C attachargs]
.I hostname jailip

.T
.B ezjail-admin delete
[-w]
.I hostname

.T
.B ezjail-admin list

.T
.B ezjail-admin install [-mps] [-h host] [-r release]

.T
.B ezjail-admin update
[-s sourcetree] [-i] [-pP]
.SH DESCRIPTION
The
.B ezjail-admin
tool is used to manage jails inside the ezjail scope. It is not used 
to start or stop ezjails jails. Refer to ezjail(5) for more details. 
.SH ezjail-admin create
copies the template jail to the root of a new jail, whose name and IP
address are provided as mandatory parameters.

If no jail root is specified via the -r option, it is derived from
the jails name. In this case or, if a jail root is given and does not
start with a '/', it is interpreted relative to ezjails root dir
(default:
.I /usr/jails
). If a specified jail root lies outside ezjail root dir, a soft link
is created inside this root dir pointing to the newly created jails
location.

The -i and the -c option both require a size passed via the -s option
and create a file based jail image, gbde or geli encrypted for the -c 
case. The image file is named as the jail root suffixed with
.I .img
.

The -x (jail exists) option indicates, that an ezjail already exists
at the jail root.
.B In this case nothing is copied. ezjail only updates its config.
This is useful in situations where you just want to alter some of a
jail properties and called ezjail-admin delete without the -w option
before. However, sanity checks are being performed.

The script creates an entry in its config and a
.I /etc/fstab.hostname
file allowing the jail to be brought up after next reboot (or) via
the EZJAIL_PREFIX/etc/rc.d/ezjail.sh script.

The newly created jail can perform some initializiation actions, if the
-f
.I flavour
option is given, where
.I flavour
is a directory tree under ezjails root dir (default:
.I /usr/jails/flavours
). See section
.B FLAVOURS
below for more details.

Options for newly created jails are read from
.B ezjail.conf,
refer to ezjail.conf(5) for more information.
.SH ezjail-admin delete
removes a jail from ezjails config and the corresponding
.I /etc/fstab.hostname
file, thus preventing the jail from being brought
up on next reboot.

If the -w (wipe) option is given, the directory pointed to by the jail
root entry is removed as well as the soft link in ezjails root dir.
.SH ezjail-admin list
lists all jails inside ezjails scope. They are sorted by the order they 
start up, as defined by rcorder. The list format is straight forward.

A status flag consisting of 2 or 3 letters, the first meaning
.B (D)irectory
based,
.B (I)mage
based,
.B (B)de
crypto image based,
.B (E)li
crypto image based. The second one meaning
.B (R)unning
,
.B (A)ttached
but not running,
.B (S)topped
. An optional
.B (N)orun
stands for disabled jails (see
.I ezjail-admin config
).

Rest of the row is follow by jails jid (if available), its IP, hostname 
and root directory.
.SH ezjail-admin install
fetches everything needed to setup a base jail from an FTP server and 
installs it.

Default location for ezjails base jail is
.I /usr/jails
, so be sure you have enough space there (a FreeBSD base without man 
pages, sources and ports is around 120MB).

The -m and -s option will fetch and install man pages (ca. 10MB) and
sources packages (ca. 450MB) respectively. The -p option invokes the
portsnap utility to fetch and extract a FreeBSD ports tree (ca. 475MB).

Default OS version is, whatever uname -r returns. If this does not match
"*-RELEASE", you will be prompted for a better guess. (Normally
ftp-servers do not provide release candidates or CURRENT builds). You can
use the -r option to specify a releas from command line.

Default host to fetch packages from is ftp.freebsd.org, you may want to
change this via the -h option. If the specified location begins with
file://, your local copy of the release is used. That way you can do some
modifications to install.sh scripts before executing them.

You can later update your world from CVS by
.U ezjail-admin update
or rerun this subcommand with another OS version.
.SH ezjail-admin update
creates or update ezjails basejail. Depending on the parameters
given it will install a FreeBSD system from a source tree whose location
is either provided in the
.B ezjail.conf
config file or via the -s option.

If the -p or -P options are given, the base jail also is given a copy of
FreeBSDs ports tree, which is in turn linked into all newly created
ezjails. The portsnap utility is invoked to do the actual work.

If the -P option is given,
.B only the ports tree will be updated,
this can be done, while jails are running.

If the -i (install only) option is given,
.B ezjail-admin update
only performes a
.I make installworld,
otherwise
.I make world
is invoked.

.SH NOTES
.B ezjail-admin update
uses a temporary directory to install its world to, thus leaving intact
all installed libraries, if a base jail already exists.

When using the
.B ezjail-admin update
option, be careful to use the same FreeBSD source tree used to build the 
host systems world, or at least its kernel. Combining a make world in the 
host system with
.B ezjail-admin update
is considered a good idea.

When a ports tree exists in base jail, a make.conf containing reasonable
values for having ports in jails is created in the template jail.
.SH FLAVOURS
.B ezjail-admin
provides an easy way to create many jails with similar or identical
properties.

A sample flavour config directory resides under
.I EZJAIL_PREFIX/share/examples/ezjail/default/.
Some typical Jail initialization actions are demonstrated and you are
encouraged to use it as a template for your flavours.

If a flavour is selected on jail creation, the flavour root is being
copied to the new Jails root, mostly containing an
.I /ezjail.flavour .
If the Jail starts up for the first time this script is run.

In its default form it will create some groups and users, change the
ownership of some files and installs all packages residing under /pkg.

It allows you to add some post install actions.
.SH EXAMPLES
ezjail-admin update -p
.br
ezjail-admin create -f httpd -r /jails/web12 web12.test.org 10.0.1.12
.br
EZJAIL_PREFIX/etc/rc.d/ezjail.sh start web12.test.org
.br
EZJAIL_PREFIX/etc/rc.d/ezjail.sh stop ns.test.org
.br
ezjail-admin delete ns.test.org
.br
ezjail-admin create -x -r /jails/ns ns.test.org 10.0.2.1
.SH BUGS
Due to the way ezjail handles jail config files it is not possible to
create multiple jails if their names are identical when piped through
.B tr -C [:alnum:] _

Sure to be others.
.SH FILES
.T4
EZJAIL_PREFIX/etc/ezjail.conf
.br
EZJAIL_PREFIX/etc/rc.d/ezjail.sh
.br
EZJAIL_PREFIX/share/examples/ezjail/
.SH "SEE ALSO"
ezjail(5), ezjail.conf(5), jail(8), devfs(5), fdescfs(5), procfs(5), pw(8)
.SH AUTHOR
Dirk Engling <erdgeist@erdgeist.org>