ezjail: easily manage jail on FreeBSD

The jails to create VPS on a FreeBSD system. Processes are trapped in a runlevel and a separate environment. The equivalent on Linux is OpenVZ / VServer / LXC but jails under FreeBSD system is integrated into the system and rather mature.

The FreeBSD documentation describes the manual process of creation of jails. I recommend reading and monitoring of the exercise proposed to acquire bases. It is also mentioned the possibility of using a “skeleton” common to all jails, the latter having as the likely to be changed directories. This avoids having 10 times the same tree while many elements are common. ezjail is a tool to automate all this, and we will see that it is rather well done.
Installation of FreeBSD

Since version 9, the installer has been simplified to the point that it is more necessary to detail it. The choice of the sets is irrelevant on the final result, but personally I add sources because I believe that this is part of the OS.

The rest of the installation requires no special Setup.
Configuration

You can start by updating the system:

# freebsd – update fetch

# freebsd – update install

# reboot

We now install ezjail. There are two solutions: compile it from ports, or download in binary form with pkg_add(1).
Method 1: ports

First download the ports tree:

# portsnap fetch extract

Then compile and install sysutils/ezjail:

# cd/usr/ports/sysutils/ezjail

# make install clean

Then to allow ezjail to launch:

echo ezjail_enable = “YES” > /etc/rc.conf

Method 2: pkg_add

Use the following command:

# pkg_add r ezjail

Then to allow ezjail to launch:

echo ezjail_enable = “YES” > /etc/rc.conf

Creation of basic jail

The following command will prepare the jail of base:

# ezjail – admin install

Note: If you want to add sources in the jail’s base, you must add the s parameter. To have (recovered from portsnap) ports in the jail of base add the p parameter. If you have already installed the base jail and want to add ports or sources, reuse the ezjail-admin install command, but specify the parameter in uppercase, for example ezjail-admin install p
Creation of a jail

Use the following command:

# ezjail – admin create dns ’em0|192.168.0.2′

Note: “dns” is the name given to our jail, adapt it if necessary! Hussein is the name of the network card, adapt it to your system. The IP address will be automatically added as an alias by ezjail, not setup to do, except to specify that you want to give to your jail!
Start a jail

Here is the command:

# ezjail – admin start dns

Note: The jails launched automatically at startup of the host through the ezjail_enable parameter added to the rc.conf.
Stop a jail

ezjail-admin stop dns

Update the jails

The jail’s base will be updated, which will spread changes on all jails.

# ezjail – admin update u

Note: The u (lowercase) applies minor updates. U (upper case) applies the major updates. You decide. The P (uppercase) option updates ports (using portsnap).
Deletion of a jail

The command is as follows:

# ezjail – admin delete – wf dns

Note: The w parameter specifies the removal of the tree of the jail on the disk. The f parameter request discontinuation of the jail before deletion.
Change the ‘model’ of the jail

Concrete case: you want to enable SSH on all created jails. It’s doable! The jail “model” is located here: / usr/jails/newjail. Therefore we must edit/create the /usr/jails/newjail/etc/rc.conf file:

# echo sshd_enable = “YES” > /usr/jails/newjail/etc/rc.conf

And voila!