Page MenuHomeDevCentral
Create Task
Maniphest T181

Configure ezjail for a base jail environment
Closed, ResolvedPublic
Actions

Description

ezjail-admin install
ezjail-admin create tonderon.nasqueron.drake 'em0|172.27.26.34'
ezjail-admin start tonderon.nasqueron.drake

Related Objects
Search...

Event Timeline

dereckson created this task.Dec 2 2014, 09:54
dereckson claimed this task.
dereckson raised the priority of this task from to High.
dereckson updated the task description. (Show Details)
dereckson added a project: Servers.
dereckson added a subscriber: dereckson.
dereckson closed subtask T182: Enable ZFS in /etc/rc.conf on Ysul as Resolved.Dec 2 2014, 10:19
dereckson added a comment.Dec 2 2014, 10:51

Configuration files

  • /etc/rc.conf: added ezjail_enable="YES"
  • /usr/local/etc/ezjail.conf: P29

ZFS pool history
Base:
2014-12-02.10:14:28 zfs create -o mountpoint=/usr/local/jails arcology/jails
2014-12-02.10:14:34 zfs create arcology/jails/fulljail
2014-12-02.10:18:04 zfs create arcology/jails/basejail
2014-12-02.10:18:04 zfs snapshot arcology/jails/basejail@20141125_10:18:04
2014-12-02.10:20:58 zfs rename arcology/jails/fulljail arcology/jails/newjail

Tonderon:
2014-12-02.10:33:47 zfs create -o mountpoint=/usr/local/jails/tonderon.nasqueron.drake arcology/jails/tonderon.nasqueron.drake
2014-12-02.10:33:47 zfs snapshot arcology/jails/newjail@_createnewjailtmp
2014-12-02.10:33:49 zfs receive -F arcology/jails/tonderon.nasqueron.drake
2014-12-02.10:33:49 zfs destroy arcology/jails/tonderon.nasqueron.drake@_createnewjailtmp
2014-12-02.10:33:54 zfs destroy arcology/jails/newjail@_createnewjailtmp

Test jail

$ jls
   JID  IP Address      Hostname                      Path
    19  172.27.26.34    tonderon.nasqueron.drake      /usr/local/jails/tonderon.nasqueron.drake

$ jexec 19 tcsh

$ ps auxw
USER    PID %CPU %MEM   VSZ  RSS TT  STAT STARTED    TIME COMMAND
root  72693  0.0  0.1 14424 1916  -  IsJ  10:36AM 0:00.01 /usr/sbin/syslogd -s
root  72773  0.0  0.1 23976 5292  -  SsJ  10:36AM 0:00.01 sendmail: accepting connections (sendmail)
smmsp 72776  0.0  0.1 23976 5096  -  IsJ  10:36AM 0:00.00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail)
root  72780  0.0  0.1 16520 2048  -  IsJ  10:36AM 0:00.00 /usr/sbin/cron -s
root  72825  0.0  0.1 23488 3336 17  RJ   10:37AM 0:00.02 tcsh
root  72827  0.0  0.1 16588 2224 17  R+J  10:37AM 0:00.00 ps auxw

$ df -h
Filesystem                                 Size    Used   Avail Capacity  Mounted on
arcology/jails/tonderon.nasqueron.drake     96G    1.9M     96G     0%    /

Note: ZFS snapshots to be able to rollback

The offered retention settings by ezjail sample configuration file seems interesting:

ezjail_default_retention_policy="4x15m 3x1h 2x2h 4h 12h 6x1d 7x1w 11x4w 1000x1y"

It means we can rollback easily in the recent time: right now, yesterday, last week, four months ago, two years ago.

I like that idea. It notes a risk of load created by snapshot pruning.

Note: ZFS scrub

A scrub operation has been tested after jail creation with zpool scrub arcology to help to prepare future maintenance operation, the speed is 20 M/s, so 50 seconds per Go seem to be needed.

dereckson closed this task as Resolved.Dec 2 2014, 10:52
dereckson added a project: Restricted Project.Apr 3 2015, 20:56

Added task to Drake project.

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator