FreeBSD Jails implementación

Un ejemplo de implementar Jails mediante el uso de ThinJails/NullFS.

Probablemente no sea la mejor ni la manera mas eficiente de hacerlo, pero puede servir para aprender como funcionan las jails en FreeBSD.

Recuerda que la comunidad dispone de otras maneras de hacer esto: Jail Managers.

##  Detalle

Las Jails se van a apoyar en ZFS para su creacion y mantenimiento. Se va a seguir esta estructura de archivos

Base de la distribucion

El directorio donde se descarga el release de FreeBSD correspondiente que actuara como base para las jails usara el zfs slice / directorio:

zroot/jails/releases    /usr/local/jails/releases

Ejemplo:

zroot/jails                                   1.14T   384G    88K  /usr/local/jails
zroot/jails/releases                          5.47G   384G    96K  /usr/local/jails/releases
zroot/jails/releases/13.1-RELEASE             2.32G   384G  1.40G  /usr/local/jails/releases/13.1-RELEASE
zroot/jails/releases/13.2-RELEASE             1.41G   384G  1.41G  /usr/local/jails/releases/13.2-RELEASE
zroot/jails/releases/14.0-RELEASE             1.30G   384G  1.30G  /usr/local/jails/releases/14.0-RELEASE
zroot/jails/releases/14.1-RELEASE              451M   384G   451M  /usr/local/jails/releases/14.1-RELEASE

Base jails

Una vez descarado el sistema base se separa en dos partes, por un lado el "userspace" de FreeBSD en solo ReadOnly y por otro los directorios escribibiles en modo RW clonando el release anterior y dividiendo en dos partes:

zroot/jails/templates       /usr/local/jails/templates

# Parte solo lectura
zroot/jails/templates/base-$FREEBSD_RELEASE-RELEASE     /usr/local/jails/templates/base-$FREEBSD_RELEASE-RELEASE

# Parte lectura/escritura
zroot/jails/templates/skeleton-$FREEBSD_RELEASE-RELEASE     /usr/local/jails/templates/skeleton-$FREEBSD_RELEASE-RELEASE

Por ejemplo:

zroot/jails/templates                         84.5M   384G   120K  /srv/jails/templates
zroot/jails/templates/base-13.1-RELEASE       50.1M   384G  1.36G  /srv/jails/templates/base-13.1-RELEASE
zroot/jails/templates/base-13.2-RELEASE        568K   384G  1.40G  /srv/jails/templates/base-13.2-RELEASE
zroot/jails/templates/base-14.0-RELEASE        552K   384G  1.29G  /srv/jails/templates/base-14.0-RELEASE
zroot/jails/templates/base-14.1-RELEASE        232K   384G   447M  /srv/jails/templates/base-14.1-RELEASE
zroot/jails/templates/skeleton-12.1-RELEASE   4.85M   384G  4.46M  /srv/jails/templates/skeleton-12.1-RELEASE
zroot/jails/templates/skeleton-12.2-RELEASE   4.92M   384G  4.49M  /srv/jails/templates/skeleton-12.2-RELEASE
zroot/jails/templates/skeleton-13.0-RELEASE   4.78M   384G  4.34M  /srv/jails/templates/skeleton-13.0-RELEASE
zroot/jails/templates/skeleton-13.1-RELEASE   4.82M   384G  4.38M  /srv/jails/templates/skeleton-13.1-RELEASE
zroot/jails/templates/skeleton-13.2-RELEASE   4.48M   384G  4.41M  /srv/jails/templates/skeleton-13.2-RELEASE
zroot/jails/templates/skeleton-14.0-RELEASE   4.52M   384G  4.43M  /srv/jails/templates/skeleton-14.0-RELEASE
zroot/jails/templates/skeleton-14.1-RELEASE   4.42M   384G  4.42M  /srv/jails/templates/skeleton-14.1-RELEASE

Mas detalle:

# ls -lah /usr/local/jails/templates/base-14.1-RELEASE/
total 88
drwxr-xr-x  15 root wheel   24B Jun 20  2024 .
drwxr-xr-x  13 root wheel   13B Jun 20  2024 ..
-rw-r--r--   1 root wheel  1.0K May 31  2024 .cshrc
-rw-r--r--   1 root wheel  495B May 31  2024 .profile
-r--r--r--   1 root wheel  6.0K May 31  2024 COPYRIGHT
drwxr-xr-x   2 root wheel   49B Jun 20  2024 bin
drwxr-xr-x  15 root wheel   69B Jun 20  2024 boot
dr-xr-xr-x   2 root wheel    2B May 31  2024 dev
lrwxr-xr-x   1 root wheel   12B Jun 20  2024 etc -> skeleton/etc
lrwxr-xr-x   1 root wheel   13B Jun 20  2024 home -> skeleton/home
drwxr-xr-x   4 root wheel   78B Jun 20  2024 lib
drwxr-xr-x   3 root wheel    5B May 31  2024 libexec
drwxr-xr-x   2 root wheel    2B May 31  2024 media
drwxr-xr-x   2 root wheel    2B May 31  2024 mnt
drwxr-xr-x   2 root wheel    2B May 31  2024 net
dr-xr-xr-x   2 root wheel    2B May 31  2024 proc
drwxr-xr-x   2 root wheel  150B Jun 20  2024 rescue
lrwxr-xr-x   1 root wheel   13B Jun 20  2024 root -> skeleton/root
drwxr-xr-x   2 root wheel  150B Jun 20  2024 sbin
drwxr-xr-x   2 root wheel    2B Jun 20  2024 skeleton
lrwxr-xr-x   1 root wheel   11B May 31  2024 sys -> usr/src/sys
lrwxr-xr-x   1 root wheel   12B Jun 20  2024 tmp -> skeleton/tmp
drwxr-xr-x  13 root wheel   14B Jun 20  2024 usr
lrwxr-xr-x   1 root wheel   12B Jun 20  2024 var -> skeleton/var

ls -lah /usr/local/jails/templates/skeleton-14.1-RELEASE/
total 37
drwxr-xr-x   9 root wheel    9B Jun 20  2024 .
drwxr-xr-x  13 root wheel   13B Jun 20  2024 ..
drwxr-xr-x  30 root wheel  106B Jun 20  2024 etc
drwxr-xr-x   2 root wheel    2B Jun 20  2024 home
drwxr-xr-x   2 root wheel    2B Jun 20  2024 portsbuild
drwxr-x---   2 root wheel    7B May 31  2024 root
drwxrwxrwt   2 root wheel    2B May 31  2024 tmp
drwxr-xr-x   4 root wheel    4B Jun 20  2024 usr
drwxr-xr-x  24 root wheel   24B May 31  2024 var

Jails

Cuando se crea una jail se clonan el base / skeleton del release correspondiente con el nombre de la jail y se establece su fstab y su configuracion.

## Configuración host

Archivo /etc/rc.conf

## Jails
jail_enable="YES"
jail_set_hostname_allow="NO"
jail_list=""
jailsffss_enable="YES"
jail_sysvipc_allow="YES"

Archivo /etc/jail.conf

# Networking
interface = "lagg0";
ip4.addr = 192.168.50.$ip;
# Config
host.hostname = "$name.local";
path = "/usr/local/jails/services/$name";
mount.devfs;
mount.fstab = "/usr/local/jails/jail.fstab.d/$name.fstab";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.poststop = "/sbin/umount /usr/local/jails/$name/skeleton; /sbin/umount /usr/local/jails/$name";
exec.clean;