Source string Read only

(itstool) path: sect2/para
169/1690
Context English State
Installing <application>ezjail</application>
Installing <application>ezjail</application> consists of adding a loopback interface for use in jails, installing the port or package, and enabling the service.
To keep jail loopback traffic off the host's loopback network interface <literal>lo0</literal>, a second loopback interface is created by adding an entry to <filename>/etc/rc.conf</filename>:
cloned_interfaces="lo1"
The second loopback interface <literal>lo1</literal> will be created when the system starts. It can also be created manually without a restart:
<prompt>#</prompt> <userinput>service netif cloneup</userinput>
Created clone interfaces: lo1.
Jails can be allowed to use aliases of this secondary loopback interface without interfering with the host.
Inside a jail, access to the loopback address <systemitem class="ipaddress">127.0.0.1</systemitem> is redirected to the first <acronym>IP</acronym> address assigned to the jail. To make the jail loopback correspond with the new <literal>lo1</literal> interface, that interface must be specified first in the list of interfaces and <acronym>IP</acronym> addresses given when creating a new jail.
Give each jail a unique loopback address in the <systemitem class="ipaddress">127.0.0.0</systemitem><systemitem class="netmask">/8</systemitem> netblock.
Install <package role="port">sysutils/ezjail</package>:
<prompt>#</prompt> <userinput>cd /usr/ports/sysutils/ezjail</userinput>
<prompt>#</prompt> <userinput>make install clean</userinput>
Enable <application>ezjail</application> by adding this line to <filename>/etc/rc.conf</filename>:
ezjail_enable="YES"
The service will automatically start on system boot. It can be started immediately for the current session:
<prompt>#</prompt> <userinput>service ezjail start</userinput>
With <application>ezjail</application> installed, the basejail directory structure can be created and populated. This step is only needed once on the jail host computer.
In both of these examples, <option>-p</option> causes the ports tree to be retrieved with <citerefentry><refentrytitle>portsnap</refentrytitle><manvolnum>8</manvolnum></citerefentry> into the basejail. That single copy of the ports directory will be shared by all the jails. Using a separate copy of the ports directory for jails isolates them from the host. The <application>ezjail</application> <acronym>FAQ</acronym> explains in more detail: <link xlink:href="http://erdgeist.org/arts/software/ezjail/#FAQ"/>.
To Populate the Jail with FreeBSD-RELEASE
For a basejail based on the FreeBSD RELEASE matching that of the host computer, use <command>install</command>. For example, on a host computer running FreeBSD 10-STABLE, the latest RELEASE version of FreeBSD -10 will be installed in the jail):
<prompt>#</prompt> <userinput>ezjail-admin install -p</userinput>
To Populate the Jail with <command>installworld</command>
buildworld
The basejail can be installed from binaries created by <_:buildtarget-1/> on the host with <command>ezjail-admin update</command>.
In this example, FreeBSD 10-STABLE has been built from source. The jail directories are created. Then <_:buildtarget-1/> is executed, installing the host's <filename>/usr/obj</filename> into the basejail.
<prompt>#</prompt> <userinput>ezjail-admin update -i -p</userinput>
The host's <filename>/usr/src</filename> is used by default. A different source directory on the host can be specified with <option>-s</option> and a path, or set with <varname>ezjail_sourcetree</varname> in <filename>/usr/local/etc/ezjail.conf</filename>.
The basejail's ports tree is shared by other jails. However, downloaded distfiles are stored in the jail that downloaded them. By default, these files are stored in <filename>/var/ports/distfiles</filename> within each jail. <filename>/var/ports</filename> inside each jail is also used as a work directory when building ports.
The <acronym>FTP</acronym> protocol is used by default to download packages for the installation of the basejail. Firewall or proxy configurations can prevent or interfere with <acronym>FTP</acronym> transfers. The <acronym>HTTP</acronym> protocol works differently and avoids these problems. It can be chosen by specifying a full <acronym>URL</acronym> for a particular download mirror in <filename>/usr/local/etc/ezjail.conf</filename>:
ezjail_ftphost=http://<replaceable>ftp.FreeBSD.org</replaceable>
See <xref linkend="mirrors-ftp"/> for a list of sites.
Creating and Starting a New Jail

Loading…

No matching activity found.

Browse all component changes

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: sect2/para
Flags
read-only
Source string location
book.translate.xml:30905
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 5011