How to install and configure Jails on FreeNAS Corral 10

Posted on in Categories , , , last updated April 8, 2017

I recently installed or upgraded to FreeNAS Corral (version 10). However, I noticed that there is no support for FreeBSD jails as of 26/March/2017. How do I install and configure traditional FreeBSD jails on FreeNAS Corral (version 10)?

FreeNAS Corral now supports Docker containers for doing all of its “application hosting” and existing jails/plugins data will simply continue to live in the jails/dataset in the ZFS volume but will be inactive, since jails are no longer used in Corral. This tutorial shows you how to create and configure FreeBSD jail on FreeNAS Corral 10 from command line.
FreeBSD Jails on FreeNAS corral 10 using command line

What is FreeBSD jail?

The FreeBSD jail is nothing but an implementation of operating system-level virtualization that allows you to partition a FreeBSD-based server into several independent, secure mini-systems called jails.

Preparing FreeNAS

First you need to create the ZFS dataset, run:
# zfs create nixcraft/.my_jails_cache
# zfs list nixcraft/.my_jails_cache

Sample outputs:

NAME                       USED  AVAIL  REFER  MOUNTPOINT
nixcraft/.my_jails_cache   128K  10.2T   128K  /mnt/nixcraft/.my_jails_cache

Now grab FreeBSD 11 files for your jail:
# cd /mnt/nixcraft/.my_jails_cache/
# wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/base.txz
# wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/lib32.txz
# wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/src.txz
# wget http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/ports.txz

OR use the lftp command as follows:
# lftp
lftp :~> pget -n 10 http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/base.txz
lftp :~> pget -n 10 http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/lib32.txz
lftp :~> pget -n 10 http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/src.txz
lftp :~> pget -n 10 http://ftp1.us.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/ports.txz

Sample outputs:

Fig.01: Fetch and extract the FreeBSD 11.0-AMD64 dist files
Fig.01: Fetch and extract the FreeBSD 11.0-AMD64 dist files

Extract tar ball using the tar command:
### *** extract files *** ###
# cd /mnt/nixcraft/.my_jails_cache/
# tar -jxf base.txz
# tar -jxf ib32.txz
# tar -jxf src.txz
# tar -jxf ports.txz

Make some basic configuration of the base jail and update it to the latest patch using freebsd-update command:
### *** Configure the dns, timezone and hosts *** ###
# cp /etc/resolv.conf /mnt/nixcraft/.my_jails_cache/etc/
# cp /etc/localtime /mnt/nixcraft/.my_jails_cache/etc/
# cp /etc/hosts /mnt/nixcraft/.my_jails_cache/etc/
### *** chroot into the filesystem *** ###
# chroot /mnt/nixcraft/.my_jails_cache /bin/sh
### *** set the password for root in the jail *** ###
# passwd
### *** Create needed dirs *** ###
# mkdir /usr/home
# ln -s /usr/home /home
### *** Basic config in the jail *** ###
# cd /etc/mail
# make aliases
# echo 'ENV=$HOME/.shrc ; export ENV' >> /root/.profile
# echo 'sendmail_enable="NONE"' >> /etc/rc.conf
# echo 'syslogd_flags="-ss"' >> /etc/rc.conf
# echo 'rpcbind_enable="NO"' >> /etc/rc.conf
# exit

At this stage you should run freebsd-update:
### *** Run freebsd-update *** ###
# env D=/mnt/nixcraft/.my_jails_cache/
# $D/usr/sbin/freebsd-update -f $D/etc/freebsd-update.conf -b $D -d $D/var/db/freebsd-update/ --currently-running 11.0-RELEASE fetch install

Unfortuntaly above command failed on my system to download files. So I had created a /etc/jail.conf as follows:

exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
# The jail definition for basejail
basejail {
    host.hostname = "basejail.nixcraft.in";
    path = "/mnt/nixcraft/.my_jails_cache";
    interface = "igb0";
    ip4.addr = 192.168.2.29;
    allow.chflags;
    allow.raw_sockets;
    osrelease = "11.0-RELEASE";
}

Start it as follows:
# jail -c basejail
# jls
JID IP Address Hostname Path
1 192.168.2.30 basejail /mnt/nixcraft/.my_jails_cache

# jexec basejail

Now I can run freebsd-update:
[email protected]:/ # freebsd-update fetch install
Sample outputs:

Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 11.0-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 1338 patches.....10....20....30....40....50....60....70
....
..
....
.....1310....1320....1330.... done.
Applying patches... done.
Fetching 22 files... done.
Installing updates...done.

Install any packages the jail environment requires

At this stage you can run pkg command to install needed packages inside the jail:
# pkg install bash
Sample outputs:

Fig.02: Install bash shell
Fig.02: Install bash shell

Now I have a fully up to date basejail template created using zfs. I can now create a snapshot as follows:
# zfs snapshot [email protected]
Next, clone the snapshot to a new jail named backup, enter:
# zfs clone [email protected] nixcraft/backup
Configure the jail hostname, enter:
# echo 'hostname="backup"' >> /mnt/nixcraft/backup/etc/rc.conf
Update /etc/jail.conf:

backup {
    host.hostname = "backup.nixcraft.in";
    path = "/mnt/nixcraft/backup";
    interface = "igb0";
    ip4.addr = 192.168.2.30;
    allow.chflags;
    allow.raw_sockets;
    osrelease = "11.0-RELEASE";
}

Make sure jails start when FreeNAS reboots:
# echo 'jail_enable="YES"' >> /etc/rc.conf
You can start all jails as follows:
# /etc/rc.d/jail start
Sample outputs:

Starting jails: basejail backup.

You can now update and install all jails as per your needs. To create a new jail always use [email protected] as follows:
# zfs clone [email protected] nixcraft/apache
# zfs clone [email protected] nixcraft/pgsql

And update /etc/jail.conf file.

List jails

# jls
Sample outputs:

   JID  IP Address      Hostname                      Path
    10  192.168.2.29    basejail.nixcraft.in          /mnt/nixcraft/.my_jails_cache
    11  192.168.2.30    backup                        /mnt/nixcraft/backup

To show parameters in “name=value” format, where each parameter is preceded by its name:
# jls -n
# jls -j basejail -n

devfs_ruleset=0 nodying enforce_statfs=2 host=new ip4=disable ip6=disable jid=10 name=basejail osreldate=1100509 osrelease=11.0-RELEASE parent=0 path=/mnt/nixcraft/.my_jails_cache nopersist securelevel=-1 sysvmsg=disable sysvsem=disable sysvshm=disable allow.chflags allow.nomount allow.mount.nodevfs allow.mount.nofdescfs allow.mount.nolinprocfs allow.mount.nolinsysfs allow.mount.nonullfs allow.mount.noprocfs allow.mount.notmpfs allow.mount.nozfs allow.noquotas allow.raw_sockets allow.set_hostname allow.nosocket_af allow.nosysvipc children.cur=0 children.max=0 cpuset.id=10 host.domainname="" host.hostid=0 host.hostname=basejail.nixcraft.in host.hostuuid=00000000-0000-0000-0000-000000000000 ip4.addr=192.168.2.29 ip4.saddrsel ip6.addr= ip6.saddrsel

How to execute a command inside an existing jail

The syntax is:
# jexec jail command
# jexec basejail bash
# jexex basejail /bin/tcsh
# jexex -U vivek basejail /home/vivek/.bin/updatesite.py

How do I stop the jail?

# jail -r jail
# jail -r basejail

To stop all jails
# service jail stop
OR
# /etc/rc.d/jail stop

How do I start the jail?

# jail -c jail
# jail -c basejail

To start all jails:
# service jail start
OR
# /etc/rc.d/jail start

How do I restart the jail?

# jail -rc jail
# jail -rc basejail

To start all jails:
# service jail restart
OR
# /etc/rc.d/jail restart

A note about config file

I noticed that when FreeNAS get updated it erased my /etc/jail.conf file. So keep file somewhere else safe:
# cp /etc/jail.conf /root/
# cp /etc/jail.conf /mnt/nixcraft/

After FreeNAS update or reboot you need to run the following command manually:
# jail -c -f /mnt/nixcraft/jail.conf
Another option is to create file as follows (not tested but should work):
# cat /etc/rc.conf.d/jail
jail_enable="YES"
jail_conf="/mnt/nixcraft/jail.conf"
jail_parallel_start="YES"

For more info see jail(8), jail.conf(5), and rc.conf(5) man pages.

3 comment

  1. Why they removed it in upgrade? Thanks I got my jails back and now copying data. Stupid developers. I with they fix it next GUI upgrade. I don’t wanna use Docker.

  2. Did it excactly as you told. Everything except one is fine. File /etc/jail.conf and “jail_enable=”YES”” in /etc/rc.conf didn’t surviving reboot, so jails won’t starting automaticly. I can’t really find a way to override this.

    1. One option is to setup a cron job at @reboot level. Keep your jail.conf in your jail dir, say /mnt/nixcraft/jail.conf and start it as follows from the cli/ssh after reboot:
      # jail -c -f /mnt/nixcraft/jail.conf

      I have not pocked around cron/calendar option yet.

Leave a Comment