FreeBSD
Child pages
  • Jailed template

Versions Compared

Old Version 48

changes.mady.by.user Auth Gábor

Saved on

compared with

New Version Current

changes.mady.by.user Auth Gábor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ZFS alapú jail

Minden jail alapja egy olyan FreeBSD alaprendszer, amelyhez a későbbiekben nem igazán nyúlunk hozzá, leszámítva a biztonsági frissítéseket, illetve bosszantó hibák kijavítását. Mivel a hasonlóság nagyfokú, azért jól ki tudjuk használni a ZFS fájlrendszer klónozó képességét:

Code Block
titleParancssor

[root@freebsd:~]$ zfs create dpool/jails
[root@freebsd:~]$ zfs create dpool/jails/v8.1.0
[root@freebsd:~]$ zfs create dpool/jails/v8.1.0/template
[root@freebsd:~]$ zfs set compression=on dpool/jails/v8.1.0/template
[root@freebsd:~]$ df -h
Filesystem                               Size    Used   Avail Capacity  Mounted on
[...]
dpool/jails                              3.5G      0B    3.5G     0%    /dpool/jails
dpool/jails/v8.1.0                       3.5G      0B    3.5G     0%    /dpool/jails/v8.1.0
dpool/jails/v8.1.0/template              3.5G      0B    3.5G     0%    /dpool/jails/v8.1.0/template

...

Code Block
titleParancssor

[root@freebsd:~]$ cd /usr/src
[root@freebsd:/usr/src]$ make world DESTDIR=/dpool/jails/v8.1.0/template
--------------------------------------------------------------
>>> make world started on Wed Jan 14 11:54:34 CET 2009
--------------------------------------------------------------
--------------------------------------------------------------
>>> World build started on Wed Jan 14 11:54:35 CET 2009
--------------------------------------------------------------
[...]
--------------------------------------------------------------
>>> make world completed on Wed Jan 14 13:16:22 CET 2009
                   (started Wed Jan 14 11:54:34 CET 2009)
--------------------------------------------------------------
[root@freebsd:/usr/src]$ make distribution DESTDIR=/dpool/jails/v8.1.0/template
[...]
[root@freebsd:/usr/src]$ df -h
Filesystem                               Size    Used   Avail Capacity  Mounted on
[...]
dpool/jails/v8.1.0                       3.5G      0B    3.5G     0%    /dpool/jails/v8.1.0
dpool/jails/v8.1.0/template              3.5G     94M    3.5G     3%    /dpool/jails/v8.1.0/template
[root@freebsd:/usr/src]$ cp /etc/localtime /dpool/jails/v8.1.0/template/etc/
[root@freebsd:/usr/src]$ cp /etc/login.conf /dpool/jails/v8.1.0/template/etc/
[root@freebsd:/usr/src]$ cp /etc/make.conf /dpool/jails/v8.1.0/template/etc/
[root@freebsd:/usr/src]$ cp /etc/profile /dpool/jails/v8.1.0/template/etc/
[root@freebsd:/usr/src]$ cp /etc/resolv.conf /dpool/jails/v8.1.0/template/etc/
[root@freebsd:/usr/src]$ touch /dpool/jails/v8.1.0/template/etc/fstab
[root@freebsd:/usr/src]$ mkdir /dpool/jails/v8.1.0/template/usr/ports
[root@freebsd:/usr/src]$ echo 'keymap="hu.iso2.101keys"' >/dpool/jails/v8.1.0/template/etc/rc.conf
[root@freebsd:/usr/src]$ echo 'network_interfaces=""' >>/dpool/jails/v8.1.0/template/etc/rc.conf
[root@freebsd:/usr/src]$ echo 'rpcbind_enable="NO"' >>/dpool/jails/v8.1.0/template/etc/rc.conf
[root@freebsd:/usr/src]$ echo '' >>/dpool/jails/v8.1.0/template/etc/rc.conf
[root@freebsd:/usr/src]$ echo 'syslogd_enable="NO"' >>/dpool/jails/v8.1.0/template/etc/rc.conf
[root@freebsd:/usr/src]$ echo 'syslog_ng_enable="YES"' >>/dpool/jails/v8.1.0/template/etc/rc.conf
[root@freebsd:/usr/src]$ echo 'sendmail_enable="NO"' >>/dpool/jails/v8.1.0/template/etc/rc.conf
[root@freebsd:/usr/src]$ echo 'munin_node_enable="YES"' >>/dpool/jails/v8.1.0/template/etc/rc.conf
[root@freebsd:/usr/src]$ echo 'sshd_enable="YES"' >>/dpool/jails/v8.1.0/template/etc/rc.conf
[root@freebsd:/usr/src]$ echo '' >>/dpool/jails/v8.1.0/template/etc/rc.conf

...

Code Block
titleParancssor

[root@freebsd:/usr/src]$ zfs create dpool/jails/ports
[root@freebsd:/usr/src]$ zfs set compression=on dpool/jails/ports
[root@freebsd:/usr/src]$ portsnap fetch extract -p /dpool/jails/ports/
Looking up portsnap.FreeBSD.org mirrors... 2 mirrors found.
Fetching snapshot tag from portsnap1.FreeBSD.org... done.
Fetching snapshot metadata... done.
Updating from Wed Jan 14 14:59:46 CET 2009 to Wed Jan 14 16:09:42 CET 2009.
[...]
Building new INDEX files... done.
[root@freebsd:/usr/src]$ zfs set mountpoint=/dpool/jails/v8.1.0/template/usr/ports/ dpool/jails/ports
[root@freebsd:/usr/src]$ ln -s /tmp /dpool/jails/v8.1.0/template/usr/ports/distfiles
[root@freebsd:/usr/src]$ ls -l /dpool/jails/v8.1.0/template/usr/ports/distfiles
lrwxr-xr-x  1 root  wheel  4 Jan 14 17:31 /dpool/jails/v8.1.0/template/usr/ports/distfiles -> /tmp

...

Code Block
titleParancssor

[root@freebsd:/usr/src]$ cd ~
[root@freebsd:~]$ mount -t devfs devfs /dpool/jails/v8.1.0/template/dev
[root@freebsd:~]$ ifconfig bge1 alias 192.168.2.1 netmask 255.255.255.0
[root@freebsd:~]$ jail /dpool/jails/v8.1.0/template template 192.168.2.1 /bin/csh
template# df -h
Filesystem                     Size    Used   Avail Capacity  Mounted on
dpool/jails/v8.1.0/template    3.7G     94M    3.6G     3%    /
template# ps aux
USER   PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
root 22015  0.0  0.0  7056  1820  p0  SJ    7:04PM   0:00.02 /bin/csh
root 22508  0.0  0.0  6788   820  p0  R+J   7:05PM   0:00.00 ps aux
template# exit

...

Code Block
title/etc/ipnat.rules

map bge1 192.168.2.0/24 -> 91.83.48.130/32

...

Code Block
titleParancssor

[root@freebsd:~]$ echo 'ipnat_enable="YES"' >>/etc/rc.conf
[root@freebsd:~]$ /etc/rc.d/ipnat start
Installing NAT rules.
0 entries flushed from NAT table
0 entries flushed from NAT list

...

Code Block
titleParancssor

template# cd /usr/ports/ports-mgmt/portupgrade
template# make && make install && make clean
[...]
===>   Registering installation for portupgrade-2.4.6,2
===>  Cleaning for ruby-1.8.6.287,1
===>  Cleaning for ruby18-bdb-0.6.4
===>  Cleaning for db41-4.1.25_4
===>  Cleaning for portupgrade-2.4.6,2
template# df -h
Filesystem                     Size    Used   Avail Capacity  Mounted on
dpool/jails/v8.1.0/template    3.7G    110M    3.6G     3%    /

...

Code Block
titleParancssor

template# df -h
Filesystem                     Size    Used   Avail Capacity  Mounted on
dpool/jails/v8.1.0/template    3.7G    584M    3.1G    16%    /
template# exit

...

Code Block
titleParancssor

[root@freebsd:~]$ rm -Rf /dpool/jails/v8.1.0/template/tmp/*
[root@freebsd:~]$ rm /dpool/jails/v8.1.0/template/root/.history
[root@freebsd:~]$ rm /dpool/jails/v8.1.0/template/root/.cshrc
[root@freebsd:~]$ rm /dpool/jails/v8.1.0/template/root/.profile
[root@freebsd:~]$ zfs list
NAME                                      USED  AVAIL  REFER  MOUNTPOINT
[...]
dpool/jails/ports                         156M  3.41G   156M  /dpool/jails/v8.1.0/template/usr/ports/
dpool/jails/v8.1.0                        254M  3.41G    19K  /dpool/jails/v8.1.0
dpool/jails/v8.1.0/template               254M  3.41G   254M  /dpool/jails/v8.1.0/template

Elkészítettünk egy közel 250MBájt helyet foglaló jail mintát, amelyet klónozva kevés helyet foglaló - különféle szolgáltatásokat futtató - jail rendszereket fogunk készíteni.

Előző fejezet Tartalomjegyzék Következő fejezet

Auth Gábor auth.gabor@javaforum.hu