Translation

(itstool) path: para/buildtarget
installworld
12/120
Context English Chinese (Simplified) (zh_CN) State
The <varname>jail_<replaceable>name</replaceable>_rootdir</varname> variable is set to <filename>/usr/home</filename> instead of <filename>/home</filename> because the physical path of <filename>/home</filename> on a default FreeBSD installation is <filename>/usr/home</filename>. The <varname>jail_<replaceable>name</replaceable>_rootdir</varname> variable must <emphasis>not</emphasis> be set to a path which includes a symbolic link, otherwise the jails will refuse to start.
应把<varname>jail_<replaceable>name</replaceable>_rootdir</varname> 变量设置成 <filename>/usr/home</filename> 而不是 <filename>/home</filename> 的原因是 FreeBSD上的<filename>/home</filename>目录时指向<filename>/usr/home</filename> 的一个符号连接。而<varname>jail_<replaceable>name</replaceable>_rootdir</varname>变量必须是一个 <emphasis>不</emphasis> 包含符号连接的路径,否则 jail 将拒绝启动。
Create the required mount points for the read-only file system of each jail:
为每个 jail 创建所需的只读文件系统挂接点:
<prompt>#</prompt> <userinput>mkdir /home/j/ns /home/j/mail /home/j/www</userinput>
<prompt>#</prompt> <userinput>mkdir /home/j/ns /home/j/mail /home/j/www</userinput>
Install the read-write template into each jail using <package>sysutils/cpdup</package>:
在 jail 中安装可读写的模板。 注意您需要使用 <package>sysutils/cpdup</package>, 它能够帮助您确保每个目录都是正确地复制的:
<prompt>#</prompt> <userinput>mkdir /home/js</userinput>
<prompt>#</prompt> <userinput>cpdup /home/j/skel /home/js/ns</userinput>
<prompt>#</prompt> <userinput>cpdup /home/j/skel /home/js/mail</userinput>
<prompt>#</prompt> <userinput>cpdup /home/j/skel /home/js/www</userinput>
<prompt>#</prompt> <userinput>mkdir /home/js</userinput>
<prompt>#</prompt> <userinput>cpdup /home/j/skel /home/js/ns</userinput>
<prompt>#</prompt> <userinput>cpdup /home/j/skel /home/js/mail</userinput>
<prompt>#</prompt> <userinput>cpdup /home/j/skel /home/js/www</userinput>
In this phase, the jails are built and prepared to run. First, mount the required file systems for each jail, and then start them:
在这个阶段,已经创建好并准备运行。首先,为每个 Jail 挂载所需的文件系统,然后启动它们:
<prompt>#</prompt> <userinput>mount -a</userinput>
<prompt>#</prompt> <userinput>service jail start</userinput>
<prompt>#</prompt> <userinput>mount -a</userinput>
<prompt>#</prompt> <userinput>service jail start</userinput>
The jails should be running now. To check if they have started correctly, use <command>jls</command>. Its output should be similar to the following:
现在 jail 应该就启动起来了。 要检查它们是否运行正常,可以使用 <citerefentry><refentrytitle>jls</refentrytitle><manvolnum>8</manvolnum></citerefentry> 命令。 它的输出应该类似这样:
<prompt>#</prompt> <userinput>jls</userinput>
JID IP Address Hostname Path
3 192.168.3.17 ns.example.org /home/j/ns
2 192.168.3.18 mail.example.org /home/j/mail
1 62.123.43.14 www.example.org /home/j/www
<prompt>#</prompt> <userinput>jls</userinput>
JID IP Address Hostname Path
3 192.168.3.17 ns.example.org /home/j/ns
2 192.168.3.18 mail.example.org /home/j/mail
1 62.123.43.14 www.example.org /home/j/www
At this point, it should be possible to log onto each jail, add new users, or configure daemons. The <literal>JID</literal> column indicates the jail identification number of each running jail. Use the following command to perform administrative tasks in the jail whose <acronym>JID</acronym> is <literal>3</literal>:
这时, 就可以登入 jail 并增加用户和配置服务了。 <literal>JID</literal> 列给出了正在运行的 jail 的标识编号。 您可以使用下面的命令来在 <literal>JID</literal> 编号为 3 的 jail 中执行管理任务:
<prompt>#</prompt> <userinput>jexec 3 tcsh</userinput>
<prompt>#</prompt> <userinput>jexec 3 tcsh</userinput>
Upgrading
升级
The design of this setup provides an easy way to upgrade existing jails while minimizing their downtime. Also, it provides a way to roll back to the older version should a problem occur.
有时, 由于安全问题, 或新增功能有用, 会希望将系统升级到一个新版本的 FreeBSD。 这种安装方式的设计使得升级现有 jail 变得很容易。 另外, 它也能最大限度地减小停机时间, 因为 jail 只在最后时刻才需要关闭。 另外, 它也提供了简单的回退到先前版本的方法。
The first step is to upgrade the host system. Then, create a new temporary read-only template in <filename>/home/j/mroot2</filename>.
第一步是按通常的方法升级主机的系统。 接着, 在 <filename>/home/j/mroot2</filename> 中建立一个新的临时模板。
<prompt>#</prompt> <userinput>mkdir /home/j/mroot2</userinput>
<prompt>#</prompt> <userinput>cd /usr/src</userinput>
<prompt>#</prompt> <userinput>make installworld DESTDIR=/home/j/mroot2</userinput>
<prompt>#</prompt> <userinput>cd /home/j/mroot2</userinput>
<prompt>#</prompt> <userinput>cpdup /usr/src usr/src</userinput>
<prompt>#</prompt> <userinput>mkdir s</userinput>
<prompt>#</prompt> <userinput>mkdir /home/j/mroot2</userinput>
<prompt>#</prompt> <userinput>cd /usr/src</userinput>
<prompt>#</prompt> <userinput>make installworld DESTDIR=/home/j/mroot2</userinput>
<prompt>#</prompt> <userinput>cd /home/j/mroot2</userinput>
<prompt>#</prompt> <userinput>cpdup /usr/src usr/src</userinput>
<prompt>#</prompt> <userinput>mkdir s</userinput>
installworld
installworld
The <_:buildtarget-1/> creates a few unnecessary directories, which should be removed:
在运行 <_:buildtarget-1/> 时会创建一些不需要的目录, 应将它们删除:
<prompt>#</prompt> <userinput>chflags -R 0 var</userinput>
<prompt>#</prompt> <userinput>rm -R etc var root usr/local tmp</userinput>
<prompt>#</prompt> <userinput>chflags -R 0 var</userinput>
<prompt>#</prompt> <userinput>rm -R etc var root usr/local tmp</userinput>
Recreate the read-write symlinks for the master file system:
重建到主系统中的可读写符号连接:
<prompt>#</prompt> <userinput>ln -s s/etc etc</userinput>
<prompt>#</prompt> <userinput>ln -s s/root root</userinput>
<prompt>#</prompt> <userinput>ln -s s/home home</userinput>
<prompt>#</prompt> <userinput>ln -s ../s/usr-local usr/local</userinput>
<prompt>#</prompt> <userinput>ln -s ../s/usr-X11R6 usr/X11R6</userinput>
<prompt>#</prompt> <userinput>ln -s s/tmp tmp</userinput>
<prompt>#</prompt> <userinput>ln -s s/var var</userinput>
<prompt>#</prompt> <userinput>ln -s s/etc etc</userinput>
<prompt>#</prompt> <userinput>ln -s s/root root</userinput>
<prompt>#</prompt> <userinput>ln -s s/home home</userinput>
<prompt>#</prompt> <userinput>ln -s ../s/usr-local usr/local</userinput>
<prompt>#</prompt> <userinput>ln -s ../s/usr-X11R6 usr/X11R6</userinput>
<prompt>#</prompt> <userinput>ln -s s/tmp tmp</userinput>
<prompt>#</prompt> <userinput>ln -s s/var var</userinput>
Next, stop the jails:
现在是时候关闭 jail 了:
<prompt>#</prompt> <userinput>service jail stop</userinput>
<prompt>#</prompt> <userinput>service jail stop</userinput>
Unmount the original file systems as the read-write systems are attached to the read-only system (<filename>/s</filename>):
将文件系统从读写状模式换为只读模式(<filename>/s</filename>):
<prompt>#</prompt> <userinput>umount /home/j/ns/s</userinput>
<prompt>#</prompt> <userinput>umount /home/j/ns</userinput>
<prompt>#</prompt> <userinput>umount /home/j/mail/s</userinput>
<prompt>#</prompt> <userinput>umount /home/j/mail</userinput>
<prompt>#</prompt> <userinput>umount /home/j/www/s</userinput>
<prompt>#</prompt> <userinput>umount /home/j/www</userinput>
<prompt>#</prompt> <userinput>umount /home/j/ns/s</userinput>
<prompt>#</prompt> <userinput>umount /home/j/ns</userinput>
<prompt>#</prompt> <userinput>umount /home/j/mail/s</userinput>
<prompt>#</prompt> <userinput>umount /home/j/mail</userinput>
<prompt>#</prompt> <userinput>umount /home/j/www/s</userinput>
<prompt>#</prompt> <userinput>umount /home/j/www</userinput>
Move the old read-only file system and replace it with the new one. This will serve as a backup and archive of the old read-only file system should something go wrong. The naming convention used here corresponds to when a new read-only file system has been created. Move the original FreeBSD Ports Collection over to the new file system to save some space and inodes:
将先前的只读文件系统挪走, 换成新的系统。 这样做也同时保留了先前系统的备份, 从而可以在出现问题时从中恢复。 这里我们根据新系统的创建时间来命名。 此外我们把先前的 FreeBSD Ports 套件直接移动到新的文件系统中, 以节省磁盘空间和 inode:
<prompt>#</prompt> <userinput>cd /home/j</userinput>
<prompt>#</prompt> <userinput>mv mroot mroot.20060601</userinput>
<prompt>#</prompt> <userinput>mv mroot2 mroot</userinput>
<prompt>#</prompt> <userinput>mv mroot.20060601/usr/ports mroot/usr</userinput>
<prompt>#</prompt> <userinput>cd /home/j</userinput>
<prompt>#</prompt> <userinput>mv mroot mroot.20060601</userinput>
<prompt>#</prompt> <userinput>mv mroot2 mroot</userinput>
<prompt>#</prompt> <userinput>mv mroot.20060601/usr/ports mroot/usr</userinput>
At this point the new read-only template is ready, so the only remaining task is to remount the file systems and start the jails:
现在新的只读模板就可以用了, 剩下的事情是重新挂接文件系统并启动 jails:
Use <command>jls</command> to check if the jails started correctly. Run <command>mergemaster</command> in each jail to update the configuration files.
最后用 <citerefentry><refentrytitle>jls</refentrytitle><manvolnum>8</manvolnum></citerefentry> 检查 jail 启动是否正常。 不要忘记在 jail 中运行 mergemaster。 配置文件和 rc.d 脚本在升级时应进行更新。
Managing Jails with <application>ezjail</application>
使用 <application>ezjail</application> 管理 Jail
Creating and managing multiple jails can quickly become tedious and error-prone. Dirk Engling's <application>ezjail</application> automates and greatly simplifies many jail tasks. A <emphasis>basejail</emphasis> is created as a template. Additional jails use <citerefentry><refentrytitle>mount_nullfs</refentrytitle><manvolnum>8</manvolnum></citerefentry> to share many of the basejail directories without using additional disk space. Each additional jail takes only a few megabytes of disk space before applications are installed. Upgrading the copy of the userland in the basejail automatically upgrades all of the other jails.
创建和管理多个 Jail 可能很快就会变得繁琐和容易出错。Dirk Engling的<application>ezjail</application>简化了 Jail 管理。创建<emphasis>basejail</emphasis>模板。其他 Jail 使用 <citerefentry><refentrytitle>mount_nullfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>共享 basejail 目录,不使用额外的磁盘空间。在安装应用程序之前,每个 jail 只占用几兆字节的磁盘空间。升级 basejail 中的用户态的副本,会自动升级所有 Jail。
Additional benefits and features are described in detail on the <application>ezjail</application> web site, <link xlink:href="https://erdgeist.org/arts/software/ezjail/"/>.
关于 ezjail 的更多信息可以在<application>ezjail</application> 的网站<link xlink:href="https://erdgeist.org/arts/software/ezjail/"/> 上找到。
ComponentTranslation
This translation Translated FreeBSD Doc/books_handbook
installworld
Following string has same context and same source.
Translated FreeBSD Doc/articles_nanobsd
installworld

Loading…

No matching activity found.

Browse all component changes

Things to check

Unchanged translation

Source and translation are identical

Reset

Glossary

English Chinese (Simplified) (zh_CN)
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: para/buildtarget
Labels
No labels currently set.
Source string location
book.translate.xml:28881 book.translate.xml:29092
Source string age
11 months ago
Translation file
books/zh_CN/handbook.po, string 4663