This is for FreeBSD 8.2-STABLE and assumes a system already installed and running.
Install Sources
Using the sysinstall tool, install all sources: Configure > Distributions > Src > All
This will place the sources needed to compile a custom kernel into the /usr/src/ directory.
Custom Kernel
Now to customize, build, and install a new kernel. For the purposes below, the hostname "COEUS" will be used - replace this with whatever hostname is correct for your machine. The FreeBSD Handbook provides a great page on how to compile a custom kernel.
# cd /usr/src/sys/`uname -p`/conf # cp GENERIC COEUS # vi COEUS
The Configuration File is explained in detail in the FreeBSD Handbook. The ident GENERIC line should be changed to ident COEUS and superfluous devices should be commented out. It is also advisable to remove all options NFS* unless required.
Build And Install The Kernel
Building the kernel is pretty straight forward. Remember the name of your file (COEUS in this example).
# cd /usr/src # make -j`sysctl -n hw.ncpu` buildkernel KERNCONF=COEUS
If no errors were displayed, then it should be safe to install the kernel and then reboot:
# make installkernel KERNCONF=COEUS # shutdown -r now
Upon reboot, check whether things were successful.
$ uname -a FreeBSD coeus.local 8.2-RELEASE FreeBSD 8.2-RELEASE #4: Tue Nov 15 00:11:11 PST 2011 root@coeus.local:/usr/obj/usr/src/sys/COEUS amd64
Install Packages
The next step is to install some packages. This portion assumes you have a working connection.
# pkg_add -r sudo # pkg_add -r ezjail
It is recommended to configure and use sudo over always-on root. The remaining steps assume this has been setup correctly and a normal user has been logged in.
Jail Considerations
There is some prepwork to be done in order to get jails setup correctly. First, each jail will need an IP address. Will they be in order? Is a block of address already set aside? How are jails expected to be named? A general strategy now will help out later.
Once the answer to jail names, IP address, and how many have been answered, continue on.
Configuring /etc/rc.conf
Below is a working /etc/rc.conf and some comments. Your file may include a lot more than the example below. Use your best judgement.
# Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. # hostname="coeus.local" # set hostname # # syslogd should not list on any IP address # this allows syslogd in jails syslogd_flags="-ss" # additional flags for syslogd # # some services: sshd_enable="YES" # enable sshd sendmail_enable="NO" # disable sendmail # # ifconfig ifconfig_em0="inet 192.168.1.180 netmask 255.255.255.0" defaultrouter="192.168.1.1" # # jail aliases ifconfig_em0_alias0="192.168.1.181 netmask 255.255.255.255" ifconfig_em0_alias1="192.168.1.190 netmask 255.255.255.255" ifconfig_em0_alias2="192.168.1.191 netmask 255.255.255.255" ifconfig_em0_alias3="192.168.1.192 netmask 255.255.255.255" ifconfig_em0_alias4="192.168.1.193 netmask 255.255.255.255" ifconfig_em0_alias5="192.168.1.194 netmask 255.255.255.255" # # jails jail_enable="YES" # enable jails jail_set_hostname_allow="NO" # disable hostname changes in jails jail_sysvipc_allow="YES" # needed for postgresql # # ezjail GO! ezjail_enable="YES" # enable ezjails
Quick breakdown:
- syslogd_flags will stop syslogd from listening on all IPs.
- sshd_enable and sendmail_enable control those services and how I want them on startup.
- ifconfig_em0 and defaultrouter set network settings for the host
- ifconfig_em0_alias1 .. 5 are the IP address for the jails. Note the netmask of all 255's.
- jail_enable enables jails
- ezjail_enable allows ezjail to be used
Reboot.
No comments:
Post a Comment