A FreeBSD jail is an operating system-level virtualization that allows me to partition my FreeBSD-based server system into several independent mini-systems called “jails”. Each jail under FreeBSD virtual environment runs on the host machine with its own files, processes, user and superuser accounts. From within a jailed process, the environment is almost indistinguishable from a real system.
The easiest mechanism for administrating jails is to use a specialized framework called “ezjail”. Below, I've written a sort of “crash course” in getting your FreeBSD jails up and running
Installation
ezjail is located in the BSD ports collection, so installation should be a breeze:
# cd /usr/ports/sysutils/ezjail
# make install clean
Once installed, you should have the basic file layout for the ezjail framework.
/usr/jails/ : your base jail system templates are stored here
/usr/jails/flavours/ : Flavours allow for the customization of individual (or grouped) jails
/usr/jails/basejail/ : The base jail is the default set of files that will be mounted and shared across all jails on your system
/usr/local/etc/rc.d/ezjail.sh : This is the main ezjail service script
/usr/local/etc/ezjail.conf : Configurations for the ezjail framework and the ezjail-admin utility will be adjusted here.
/usr/local/etc/ezjail/ : Additional jail configuration files are stored here.
Create the Base Jail Template
To setup the base jail template's environment, you can use the update utility (just as if you were to update an existing environment).
# ezjail-admin update -p -i
The p switch will provide the ports collection for your jails, while the i switch will tell ezjail not simply perform an installworld and not a buildworld (this will use the hosts existing buildworld)
Running Your Jails
Next, you will need to add ezjail to the BSD startups:
# echo 'ezjail_enable="YES"' >> /etc/rc.conf
Starting, stopping, and restarting jails can be performed the same as any other service on FreeBSD. For example, to start your jails on a BSD 8.x system you can run the following:
# service ezjail.sh start
Once started, you can easily list the running jails with your standard jail utilities:
# jls
Upgrading the FreeBSD Jails:
To upgrade your jails, first you will upgrade your host OS using your preferred method. Next, you can simply stop your running jails, use the update utility, and then restart the jails:
# service ezjail.sh stop
# ezjail-admin update -p -i
# service ezjail.sh start
Create a New Jail
Creating new jails is also just as easy. Use the ezjail-admin utility to specify the jail, then edit the jail configs as necessary, and finally start your jail:
# ezjail-admin create -r /jails/new-jail.example.com new-jail.example.com 192.168.0.20
# vi /usr/local/etc/ezjail/new-jail.example.com
# service ezjail.sh start new-jail.example.com
Removing Jails
As before, the ezjail-admin utility will help you to delete jails inaddition to everything else. you can do so with the following command:
#ezjail-admin delete [-w ] new-jail.example.com
If you specify the w switch, the files associated with the jail will be completely removed. If not specified, you will still be able to reconfigure and recreate a new jail using the existing jails from the old jail.
Further Reading
That's the basic run-down. For more detailed information, you can always read the man pages for ezjail-admin, jail, and jls. In addition, the FreeBSD Handbook has an official chapter on jails that has some good information in it.