ezjail provides a template system called "flavours." A flavour can be specified when creating an ezjail jail (-f flag), making it extremely easy to create similar jails over and over.
Flavours live in BASE_EZJAIL_DIR/flavours - the rest of this post will assume BASE_EZJAIL_DIR is /usr/jails and ezjail-admin version is 3.0.
Create A Flavour
$ cd /usr/jails/flavours $ sudo cp -r example theusual $ cd theusual/etc $ sudo vi resolv.conf $ cd ..
The above block copied the example directory to theusual and then created resolv.conf so the new jail knows the local nameserver.
Now to use it.
$ sudo ezjail-admin create -f theusual jail1 10.10.10.101 $ sudo ezjail-admin start jail1 $ sudo ezjail-admin console jail1 # telnet www.google.com 80
The above assumes network settings are correct and a firewall does not block out going port 80 traffic.
On the first start-up, the new jail will run ezjail.flavour, which is a shell script. This can be modified to add users, packages, start services, and so on. With a working network, hopefully setup with the above resolv.conf, packages can even be installed remotely.
The example ezjail.flavour, which was copied, looks for a pkg directory and tries to load packages from there.
$ cd /usr/jails/flavours/theusual $ sudo mkdir pkg $ sudo cp /some/dir/with/some_package.tbz pkg/
Upon initial start-up, the next jail created with this flavour will install the local package some_package. The example script also has examples for adding users, groups, and starting services.
A Full Example
The example flavour, provided by ezjail, has a few lines for adding groups, users, and packages. Below is a full example, with the few modifications clearly labeled. This is used to create an environment for Hadoop by installing java (in pkg directory), creating a hadoop user, and setting up and starting sshd.
#!/bin/sh # # Groups ######### # # You will probably start with some groups your users should be in pw groupadd -q -n hadoop # -g 1004 # Users ######## # # You might want to add some users. The password is to be provided in the # encrypted form as found in /etc/master.passwd. # The example password here is "admin" # Refer to crypt(3) and pw(8) for more information # add our hadoop user here # user: hadoop, group: hadoop, uid: 110 pw useradd -n hadoop -u 110 -g hadoop -s /bin/sh -m -d /home/hadoop -c 'hadoop account' mkdir -p /home/hadoop/.ssh chmod 700 /home/hadoop/.ssh echo -n 'NOTE: THIS WOULD BE SSH KEY' >> /home/hadoop/.ssh/authorized_keys2 chown -R hadoop:hadoop /home/hadoop # Files ######## # # You can now give files to users just created # /usr/hadoop is where hadoop will live tar -zxf /usr/hadoop/hadoop*tar.gz -C /usr/hadoop/ rm /usr/hadoop/hadoop-*.tar.gz chown -R hadoop:hadoop /usr/hadoop # Packages ########### # # Install all packages previously put to /pkg # Remove package files afterwards # load the staged packages [ -d /pkg ] && PACKAGESITE=file:// pkg_add -r /pkg/* rm -rf /pkg # Postinstall ############## # # Your own stuff here, for example set login shells that were only # installed just before. hname=`uname -n` # sshd echo "ListenAddress $hname" >> /etc/ssh/sshd_config echo 'sshd_enable="YES"' >> /etc/rc.conf /etc/rc.d/sshd start
No comments:
Post a Comment