Changeset View
Changeset View
Standalone View
Standalone View
en_US.ISO8859-1/books/handbook/jails/chapter.xml
| Show First 20 Lines • Show All 199 Lines • ▼ Show 20 Lines | <para>Some administrators divide jails into the following two | ||||
| is not affected by it. When creating a <quote>complete</quote> | is not affected by it. When creating a <quote>complete</quote> | ||||
| jail there are two options for the source of the userland: use | jail there are two options for the source of the userland: use | ||||
| prebuilt binaries (such as those supplied on an install media) | prebuilt binaries (such as those supplied on an install media) | ||||
| or build from source.</para> | or build from source.</para> | ||||
| <para>To install the userland from installation media, first | <para>To install the userland from installation media, first | ||||
| create the root directory for the jail. This can be done by | create the root directory for the jail. This can be done by | ||||
| setting the <varname>DESTDIR</varname> variable to the proper | setting the <varname>DESTDIR</varname> variable to the proper | ||||
| location. The command to use depends on which shell is being | location.</para> | ||||
| used.</para> | |||||
| <para>When using &man.sh.1;:</para> | <para>Start an &man.sh.1; shell and define | ||||
| <varname>DESTDIR</varname>:</para> | |||||
bcr: Is it really a**n** sh shell or rather //a// sh shell? I'd connect the two words like this: sh… | |||||
Not Done Inline Actionsthat is actually kind of a tough question. It depends of you pronounce is as 'ess ehch' or 'shh' A quick googling suggests no one else uses the form 'sh-shell' allanjude: that is actually kind of a tough question. It depends of you pronounce is as 'ess ehch' or… | |||||
Not Done Inline ActionsWe can avoid the issue with just "start a shell". sh is shown in the example anyway. wblock: We can avoid the issue with just "start a shell". sh is shown in the example anyway. | |||||
Not Done Inline ActionsIt was explicit because the page used to contain a bunch of examples in other shells, and the code doesn't work in other shells. But I suppose since we are specific in the instructions, we can just say: start a shell. allanjude: It was explicit because the page used to contain a bunch of examples in other shells, and the… | |||||
Not Done Inline ActionsYes, that's a good solution. bcr: Yes, that's a good solution. | |||||
| <screen>&prompt.root; <userinput>export DESTDIR=<replaceable>/here/is/the/jail</replaceable></userinput></screen> | <screen>&prompt.root; <userinput>sh</userinput> | ||||
| &prompt.root; <userinput>export DESTDIR=<replaceable>/here/is/the/jail</replaceable></userinput></screen> | |||||
| <para>If <command>csh</command>/<command>tcsh</command> is used, | |||||
| execute this instead:</para> | |||||
| <screen>&prompt.root; <userinput>setenv DESTDIR <replaceable>/here/is/the/jail</replaceable></userinput></screen> | |||||
| <para>Mount the install media as covered in &man.mdconfig.8; | <para>Mount the install media as covered in &man.mdconfig.8; | ||||
| when using the install ISO:</para> | when using the install ISO:</para> | ||||
| <screen>&prompt.root; <userinput>mount -t cd9660 /dev/`mdconfig -f cdimage.iso` /mnt</userinput></screen> | <screen>&prompt.root; <userinput>mount -t cd9660 /dev/`mdconfig -f cdimage.iso` /mnt</userinput></screen> | ||||
| <para>Extract the binaries from the tarballs on the install media | <para>Extract the binaries from the tarballs on the install media | ||||
| into the declared destination. Minimally, only the base set | into the declared destination. Minimally, only the base set | ||||
| needs to be extracted, but a complete install can be performed | needs to be extracted, but a complete install can be performed | ||||
| when preferred.</para> | when preferred.</para> | ||||
| <para>To install just the base system, run the next command when | <para>To install just the base system, run the next command when | ||||
| using &os; 9.x or newer:</para> | using &os; 9.x or newer:</para> | ||||
| <screen>&prompt.root; <userinput>tar -xf /mnt/usr/freebsd_dist/base.txz -C $DESTDIR</userinput></screen> | <screen>&prompt.root; <userinput>tar -xf /mnt/usr/freebsd_dist/base.txz -C $DESTDIR</userinput></screen> | ||||
| <para>On &os; 8.x systems, use this command instead:</para> | <para>On &os; 8.x systems, use this command instead:</para> | ||||
| <screen>&prompt.root; <userinput>/mnt/8.<replaceable>4</replaceable>-RELEASE/base/install.sh</userinput></screen> | <screen>&prompt.root; <userinput>/mnt/8.<replaceable>4</replaceable>-RELEASE/base/install.sh</userinput></screen> | ||||
| <para>To install everything but the kernel, issue this | <para>To install everything except the kernel, issue one of these | ||||
| command:</para> | commands:</para> | ||||
| <para>When using &man.sh.1; on &os; 9.x and newer, issue this | <para>When using &os; 9.x and newer:</para> | ||||
| command:</para> | |||||
| <screen>&prompt.root; <userinput>for <replaceable>sets</replaceable> in BASE DOC GAMES PORTS; do (tar -xf /mnt/FREEBSD_INSTALL/USR/FREEBSD_DIST/$<replaceable>sets</replaceable>.TXZ -C $DESTDIR) ; done</userinput></screen> | <screen>&prompt.root; <userinput>for <replaceable>sets</replaceable> in BASE PORTS; do tar -xf /mnt/FREEBSD_INSTALL/USR/FREEBSD_DIST/$<replaceable>sets</replaceable>.TXZ -C $DESTDIR ; done</userinput></screen> | ||||
| <para>When using &os; 8.x, run this:</para> | <para>When using &os; 8.x:</para> | ||||
| <screen>&prompt.root; <userinput>cd /mnt/8.<replaceable>4</replaceable>-RELEASE; for <replaceable>dir</replaceable> in base catpages dict doc games info manpages ports; do (cd $<replaceable>dir</replaceable>; ./install.sh) ; done</userinput></screen> | <screen>&prompt.root; <userinput>cd /mnt/8.<replaceable>4</replaceable>-RELEASE; for <replaceable>dir</replaceable> in base catpages dict doc games info manpages ports; do (cd $<replaceable>dir</replaceable>; ./install.sh) ; done</userinput></screen> | ||||
| <para>If <command>csh</command>/<command>tcsh</command> is used on | |||||
| &os; 9.x and newer, execute this command:</para> | |||||
| <screen>&prompt.root; <userinput>foreach <replaceable>sets</replaceable> ( BASE DOC GAMES PORTS ) | |||||
| tar -xf /mnt/FREEBSD_INSTALL/USR/FREEBSD_DIST/$sets.TXZ -C $DESTDIR | |||||
| done</userinput></screen> | |||||
| <para>On &os; 8.x, run this command:</para> | |||||
| <screen>&prompt.root; <userinput>foreach <replaceable>dir</replaceable> ( base catpages dict doc games info manpages ports ) | |||||
| cd /mnt/8.<replaceable>4</replaceable>-RELEASE/$dir; ./install.sh | |||||
| done</userinput></screen> | |||||
| <para>The &man.jail.8; manual page explains the procedure for | <para>The &man.jail.8; manual page explains the procedure for | ||||
| building a jail:</para> | building a jail:</para> | ||||
Not Done Inline ActionsWhy are we even showing csh versions? Too many examples are needed for the different versions of FreeBSD, and showing csh versions doubles that. Given that they did not (could not) work, and nobody complained, I suggest they can be safely removed. wblock: Why are we even showing csh versions? Too many examples are needed for the different versions… | |||||
| <screen>&prompt.root; <userinput>setenv D <replaceable>/here/is/the/jail</replaceable></userinput> | <screen>&prompt.root; <userinput>setenv D <replaceable>/here/is/the/jail</replaceable></userinput> | ||||
| &prompt.root; <userinput>mkdir -p $D</userinput> <co xml:id="jailpath"/> | &prompt.root; <userinput>mkdir -p $D</userinput> <co xml:id="jailpath"/> | ||||
| &prompt.root; <userinput>cd /usr/src</userinput> | &prompt.root; <userinput>cd /usr/src</userinput> | ||||
| &prompt.root; <userinput>make buildworld</userinput> <co xml:id="jailbuildworld"/> | &prompt.root; <userinput>make buildworld</userinput> <co xml:id="jailbuildworld"/> | ||||
| &prompt.root; <userinput>make installworld DESTDIR=$D</userinput> <co xml:id="jailinstallworld"/> | &prompt.root; <userinput>make installworld DESTDIR=$D</userinput> <co xml:id="jailinstallworld"/> | ||||
| &prompt.root; <userinput>make distribution DESTDIR=$D</userinput> <co xml:id="jaildistrib"/> | &prompt.root; <userinput>make distribution DESTDIR=$D</userinput> <co xml:id="jaildistrib"/> | ||||
| &prompt.root; <userinput>mount -t devfs devfs $D/dev</userinput> <co xml:id="jaildevfs"/></screen> | &prompt.root; <userinput>mount -t devfs devfs $D/dev</userinput> <co xml:id="jaildevfs"/></screen> | ||||
| ▲ Show 20 Lines • Show All 111 Lines • ▼ Show 20 Lines | </note> | ||||
| <para>&man.service.8; can be used to start or stop a jail by hand, | <para>&man.service.8; can be used to start or stop a jail by hand, | ||||
| if an entry for it exists in | if an entry for it exists in | ||||
| <filename>rc.conf</filename>:</para> | <filename>rc.conf</filename>:</para> | ||||
| <screen>&prompt.root; <userinput>service jail start <replaceable>www</replaceable></userinput> | <screen>&prompt.root; <userinput>service jail start <replaceable>www</replaceable></userinput> | ||||
| &prompt.root; <userinput>service jail stop <replaceable>www</replaceable></userinput></screen> | &prompt.root; <userinput>service jail stop <replaceable>www</replaceable></userinput></screen> | ||||
| <para>A clean way to shut down a &man.jail.8; is not available at | <para>To shut down a &man.jail.8; run the following command | ||||
| the moment. This is because commands normally used to | from outside of jail using the &man.jexec.8; utility. To get the | ||||
wblockUnsubmitted Not Done Inline ActionsNeeds a "the" before "jail". It would be better to rearrange this sentence to avoid the pause in the middle, and it does not really explain why the jail ID is needed. <replaceable> is supposed to be replaced by the user, so it does not seem like the right usage in the text (correct in the command, though). Maybe <varname> as shown in the output? Jails can be shut down with &man.jexec.8;. Use &man.jls.8; to identify the jail's <varname>JID</varname>s, then use &man.jexec.8; to run the shutdown script in that jail. wblock: Needs a "the" before "jail". It would be better to rearrange this sentence to avoid the pause… | |||||
| accomplish a clean system shutdown cannot be used inside a jail. | <replaceable>jailid</replaceable> use &man.jls.8;:</para> | ||||
| The best way to shut down a jail is to run the following command | |||||
| from within the jail itself or using the &man.jexec.8; utility | |||||
| from outside the jail:</para> | |||||
| <screen>&prompt.root; <userinput>sh /etc/rc.shutdown</userinput></screen> | <screen>&prompt.root; <userinput>jls</userinput> | ||||
| JID IP Address Hostname Path | |||||
| 3 192.168.0.10 www /usr/jail/www | |||||
| &prompt.root; <userinput>jexec <replaceable>3</replaceable> /etc/rc.shutdown</userinput></screen> | |||||
| <para>More information about this can be found in the &man.jail.8; | <para>More information about this can be found in the &man.jail.8; | ||||
| manual page.</para> | manual page.</para> | ||||
| </sect1> | </sect1> | ||||
| <sect1 xml:id="jails-tuning"> | <sect1 xml:id="jails-tuning"> | ||||
| <title>Fine Tuning and Administration</title> | <title>Fine Tuning and Administration</title> | ||||
| ▲ Show 20 Lines • Show All 1,216 Lines • Show Last 20 Lines | |||||
Is it really an sh shell or rather a sh shell? I'd connect the two words like this: sh-shell