The exec.prestart lines runs before the jail starts and mounts /usr/ports read-only so the jail can see it. To explain some of these lines: the jail commands replace $name in these settings with the name of a jail. You’ll add a few lines here later when you create your first jail, but this sets up defaults for all your jails.
SETUP OPENZFS ON FREEBSD FREE
Depending on how many free drives you have available, use one of these commands, substituting in the device names for your drives:Įxec.prestart = "/sbin/mount -t nullfs -o ro /usr/ports/ /usr/jail/$name /usr/ports" Įxec.poststop = "/sbin/umount -f /usr/jail/$name /usr/ports"
This sets up a ZFS pool named zf on one or more hard drives, in which you will then create your ZFS filesystems. If you already have a ZFS pool on your system and want to put your jails in it, you can skip this step. The “jailed” or “guest” system can only see what resources the host has assigned to it, and cannot see outside itself. In the terminology I’ll use here, the “host” system is the main OS, which can control and look inside its jails. Part 2 will cover creating a jail to run a network service. This article, Part 1, will walk you through setting up a host FreeBSD system to be ready for jails. Together, they make it a matter of moments to create a new virtual system for testing, walling off network services, or other projects. ZFS is an advanced filesystem that makes it very easy to create and destroy filesystems whenever they are needed. A FreeBSD jail is a virtual machine which can only access the resources assigned to it when it was created, so its processes have no access to the rest of the machine.
For FreeBSD administrators, ZFS and jails combine to make virtualization easy, fast, and secure.
0 kommentar(er)
