iocage is a jail or container manager tool for FreeBSD. It is also available on FreeNAS based NAS system. It comes with some of best features and technologies the FreeBSD operating system has to offer. The iocage tool provides ease of use with a simple and easy to understand command syntax for managing jails. This page shows how to manage FreeNAS Jails with iocage command line option.
Step 1 – Login to FreeNAS server
Use the ssh command:
ssh user@freenas-box-name
ssh vivek@nas04
Become a root user using sudo command:
$ sudo -i
Find our your FreeNAS server IP address and interface name, enter:
# ifconfig
Please note down your real network interface. You must activate i.e. set a zpool active for iocage usage. My zpool name is nixcraft (use zpool list to get a list of zpool), so I run:
# iocage activate nixcraft
Step 2 – Fetch a version of FreeBSD for jail usage
Type the following command (this need to be done once only):
# iocage fetch
Use the following zpool/zfs command to verify:
# zpool list
# zfs list
Step 3 – Create FreeNAS Jails with iocage command
Create a jail named backup with 192.168.2.30/24 IP address for jail interface named igb1:
# iocage create -n backupjail ip4_addr="igb1|192.168.2.30/24" -r 11.1-RELEASE
Sample outputs:
backup successfully created!
List the jails
To list newly created jail run:
# iocage list
Sample outputs:
+-----+------------+-------+--------------+--------------+ | JID | NAME | STATE | RELEASE | IP4 | +=====+============+=======+==============+==============+ | - | backupjail | down | 11.1-RELEASE | 192.168.2.30 | +-----+------------+-------+--------------+--------------+
Start the jail named backup
# iocage start {jailNameHere}
# iocage start backupjail
Sample outputs:
* Starting backupjail + Started OK + Starting services OK
How to automatically start jail when FreeNAS reboots
# iocage set boot=on backupjail
Sample outputs:
Property: boot has been updated to on
Verify it:
# iocage get all backupjail | less
# iocage get all backupjail | grep boot
# iocage get boot backupjail
How to login to my jails
The syntax is:
# iocage console {yourJailNameHere}
# iocage console backupjail
Once logged in install the pkg command on backupjail:
# pkg
Step 4 – Useful jail management commands
Let us see some useful iocage commands.
Show resource usage of all jails
# iocage df
Run a command inside a specified jail
# iocage exec {jailNameHere} {FreeBSDCOmmandHERE}
# iocage exec backupjail ifconfig
How to stop the specified jails or ALL
# iocage stop ALL
# iocage stop backupjail
Restart the specified jails or ALL
# iocage restart ALL
# iocage restart backupjail
Destroy/delete/remove specified jail(s)
This will destroyte all data, so be careful:
# iocage destroy backupjail
Run freebsd-update to update a specified jail to the latest patch level
# iocage update backupjail
Here is my sample jail:
Summary of commands to create a new jail on FreeNAS
Create a jail named rsyncjail:
# iocage create --release 11.1-RELEASE --name rsyncjail \
boot="on" \
allow_raw_sockets="1" \
ip4_addr="igb1|192.168.2.31/24" \
resolver="nameserver 192.168.2.254;nameserver 8.8.8.8"
In the jail, update all packages, enable SSHD, add a new user and install rsnapshot package:
# iocage console rsyncjail
# pkg update && pkg upgrade
# echo 'sshd_enable="YES"' >> /etc/rc.conf
# service sshd start
# pw useradd -n vivek -G wheel -s /bin/tcsh -m -d /home/vivek
# passwd vivek
# pkg install rsnapshot
Creating jail that can run OpenVPN server or client
In this following example, I am going to enable vnet, allow ping via raw sockets, for openvpn client jail to connect to my Ubuntu OpenVPN server:
# iocage create --release 11.1-RELEASE --name openvpnjail \
vnet="on" boot="on" allow_raw_sockets="1" \
ip4_addr="vnet0|192.168.2.30/24" \
defaultrouter="192.168.2.254" \
resolver="nameserver 192.168.2.254;nameserver 8.8.8.8"
Run the following command to allow creation of tap device for the FreeBSD/FreeNAS jail:
/sbin/devfs rule -s 4 add path 'tun*' unhide
Please note that you must add the following pre init tasks in FreeNAS UI so that OpenVPN can create tap device
I usually install jail per service. For example, I create a jail for each FreeBSD service such as Nginx/PHP/Perl/Python web service, MariaDB database server, Deluge, Duplicity/Rsnapshot backup service and more.
Conclusion
And there you have it. You just created a jail that automatically starts for the FreeNAS system. For more info see the official FreeNAS docs here and iocage command docs here.