From 1baf94c686767eea75c551e1ae12c9acfb4fb98c Mon Sep 17 00:00:00 2001 From: Ben Burwell Date: Mon, 5 Aug 2019 23:39:28 -0400 Subject: Move FreeBSD posts to blog --- _posts/2018-09-20-freebsd-jails.md | 79 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 _posts/2018-09-20-freebsd-jails.md (limited to '_posts/2018-09-20-freebsd-jails.md') diff --git a/_posts/2018-09-20-freebsd-jails.md b/_posts/2018-09-20-freebsd-jails.md new file mode 100644 index 0000000..ad860de --- /dev/null +++ b/_posts/2018-09-20-freebsd-jails.md @@ -0,0 +1,79 @@ +--- +title: "FreeBSD Experiment 1: Jails" +--- + +In my preparations for removing ESXi, I tried creating a simple jail on my test +box `helios`. As part of my purpose is to learn as much as possible, I decided +against using a tool like `ezjail` in favor of doing it "by hand." While the +FreeBSD Handbook has some information on creating jails without using additional +tools, pretty much every other document I found suggested using ezjail. There's +a chance I'll revisit ezjail in the future, as it seems to have some helpful +features like having a "base jail" so you only need one copy of the FreeBSD base +system, but for now I'd like to do as much as possible without additional tools. + + + +My goal for this experiment was to set up a simple web server (nginx) inside a +jail. To start, I edited `/etc/jail.conf` to contain the following: + +``` +www { + host.hostname = www.local; + ip4.addr = 10.0.2.202; + path = "/usr/jail/www"; + exec.start = "/bin/sh /etc/rc"; + exec.stop = "/bin/sh /etc/rc.shutdown"; +} +``` + +Next, I used `bsdinstall(8)` to install the base system instead of compiling +from source: + +``` +root@helios:~ # bsdinstall jail /usr/jail/www +``` + +I then added `jail_enable="YES"` to `/etc/rc.conf` and started the jail: + +``` +root@helios:~ # service jail start www +``` + +This took a few seconds to complete, and then the jail showed up when I ran +`jls`: + +``` +root@helios:~ # jls + JID IP Address Hostname Path + 1 10.0.2.202 www.local /usr/jail/www +``` + +I was able to enter the jail: + +``` +root@helios:~ # jexec www /bin/sh +# +``` + +But I seem not to have Internet connectivity, as attempting to use `pkg-ng` +fails: + +``` +# pkg install nginx +The package management tool is not yet installed on your system. +Do you want to fetch and install it now? [y/N]: y +Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait... +pkg: Error fetching http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/Latest/pkg.txz: Non-recoverable resolver failure +A pre-built version of pkg could not be found for your system. +Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'. +``` + +Running `ifconfig` inside the jail shows that I do not seem to have an IP +address, nor can I seem to communicate with any hosts. Interestingly when I +attempt to ping my gateway, I get the message: + +``` +ping: ssend socket: Operation not permitted +``` + +Clearly there's something I've not yet figured out. -- cgit v1.2.3