Jails - FreeNAS User Guide 9

22/01/2017
13.JailsFreeNASUserGuide9.3TableofContents
13. Jails
Theprevioussectiondescribedhowtofind,install,andconfiguresoftwareusingPlugins.
This section describes how to use Jails, which allows users who are comfortable using the
commandlinetohavemorecontroloversoftwareinstallationandmanagement.Anysoftware
installedusingJailsmustbemanagedfromthecommandlineofthejail.Ifyouprefertousea
GUItomanagesoftware,usePluginsinstead.
WhileFreeNASautomaticallycreatesajailwheneverapluginisinstalled,itdoesnotletthe
userinstallmultiplepluginsintothesamejail.Incontrast,usingJailsallowsuserstocreateas
manyjailsasneededandtocustomizetheoperatingsystemandinstalledsoftwarewithineach
jail.
BeginningwithFreeNAS9.3,twotypesofjailsaresupported:
1.Bydefault,aFreeBSDjailiscreated.Thisprovidesaverylightweight,operatingsystem
level virtualization. Consider it as another independent instance of FreeBSD running on
thesamehardware,withoutalloftheoverheadusuallyassociatedwithvirtualization.The
jail will install the FreeBSD software management utilities so that you can compile
FreeBSDportsandinstallFreeBSDpackagesfromthecommandlineofthejail.
2.A Virtualbox template is also provided. This template will install an instance of
phpVirtualBox,whichprovidesawebbasedfrontendtoVirtualBoxThiscanthenbeused
to install any operating system and to use the software management tools provided by
thatoperatingsystem.
It is important to understand that any users, groups, installed software, and configurations
withinajailareisolatedfromboththeFreeNASoperatingsystemandanyotherjailsrunning
on that system. During creation, the VIMAGE option can be selected which will also provide
that jail with its own, independent networking stack. This allows that jail to do its own IP
broadcasting,whichisrequiredbysomeapplications.
Advanceduserscanalsocreatecustomtemplatestoautomatethecreationofpreinstalledand
customizedoperatingsystems.
The ability to create multiple jails running different operating systems offers great flexibility
regarding software management. For example, the administrator can choose to provide
applicationseparationbyinstallingdifferentapplicationsineachjail,ortocreateonejailforall
installedapplications,ortomixandmatchhowsoftwareisinstalledintoeachjail.
Therestofthissectiondescribesthefollowing:
JailsConfiguration
AddingJails
UsingthephpVirtualBoxTemplate
ManagingJailTemplates
13.1. Jails Configuration

Beforeyoucancreateanyjails,youmustfirstconfigurewhichvolumeordatasetwillbeusedto
holdthejails.Todoso,clickJailsConfigurationtoaccessthescreenshowninFigure13.1a.It
isrecommendedtocreateadatasettousefortheJailRoot.Asjailsarecreated,theywill
http://doc.freenas.org/9.3/freenas_jails.html#addstorage
1/20
22/01/2017
automaticallybeinstalledintotheirowndatasetunderthespecifiedpath.Forexample,ifyou
configureaJailRootof /mnt/volume1/dataset1 andcreateajailnamedjail1,itwillbeinstalled
intoitsowndatasetnamed /mnt/volume1/dataset1/jail1 .
Figure13.1a:GlobalJailConfiguration
Warning: ifyouhavealreadyinstalledanyPlugins,theJailRoot,IPv4Network,IPv4
NetworkStartAddress,andIPv4NetworkEndAddresswillautomaticallybefilledin.You
shoulddoublecheckthatthepreconfiguredIPaddressingvaluesareappropriateforyour
jailsandwillnotconflictwithaddressesusedbyothersystemsonthenetwork.
Table13.1asummarizesthefieldsinthisconfigurationscreen.Refertothetextbelowthetable
for more details on how to properly configure the Jail Root and network settings. Some
settings are only available in Advanced Mode. To see these settings, either click the
AdvancedModebuttonorconfigurethesystemtoalwaysdisplaythesesettingsbychecking
theboxShowadvancedfieldsbydefaultinSystemAdvanced.
Table13.1a:JailConfigurationOptions
Setting
JailRoot
IPv4DHCP
IPv4Network
IPv4NetworkStart
Address
IPv4NetworkEnd
Address
IPv6Autoconfigure
IPv6Network
IPv6NetworkStart
Address
IPv6NetworkEnd
Address
CollectionURL
Value
browse
button
checkbox
string
Description
mandatoryasyoucannotaddajailuntilthisisset
checkthisboxifthenetworkhasaDHCPserver
onlyavailableinAdvancedModeformatisIPaddressof
network/CIDRmask
string
onlyavailableinAdvancedModeinputthefirstIPaddress
inthereservedrangeintheformathost/CIDRmask
string
onlyavailableinAdvancedModeinputthelastIPaddress
inthereservedrangeintheformathost/CIDRmask
checkbox checkthisboxifthenetworkhasaDHCPv6serverandyou
plantouseIPv6toaccessjails
string
onlyavailableinAdvancedModeinputthenetwork
addressforaproperlyconfiguredIPv6network
string
onlyavailableinAdvancedModeinputthefirstIPaddress
inthereservedrangeforaproperlyconfiguredIPv6network
string
onlyavailableinAdvancedModeinputthelastIPaddress
inthereservedrangeforaproperlyconfiguredIPv6network
string
onlyavailableinAdvancedModechangingthedefault
maybreaktheabilitytoinstalljails
2/20
22/01/2017
When selecting the Jail Root, ensure that the size of the selected volume or dataset is
sufficienttoholdthenumberofjailstobeinstalledaswellasanysoftware,logfiles,anddatato
bestoredwithineachjail.Atabareminimum,budgetatleast2GBperjailanddonotselecta
datasetthatislessthan2GBinsize.
Note: ifyouplantoaddstoragetoajail,beawarethatthepathsizeislimitedto88
characters.Makesurethatthelengthofyourvolumenameplusthedatasetnameplusthe
jailnamedoesnotexceedthislimit.
IfthenetworkcontainsaDHCPserver,itisrecommendedtochecktheboxIPv4DHCP(or
IPv6 Autoconfigure, for a properly configured IPv6 network). This will prevent IP address
conflictsonthenetworkastheDHCPserverwillautomaticallyassignthejailthenextavailable
leaseandrecordtheleaseasinuse.
IfastaticIPaddressisneededsothatusersalwaysknowtheIPaddressofthejail,inputthe
startandendaddressfortheIPv4and/orIPv6network.Therangethatyoudefinebythestart
andendaddresseswillbeautomaticallyassignedasyoucreatejails.Forexample,ifyouplan
tocreate5jailsonthe192.168.1.0network,youcouldinputaIPv4NetworkStartAddressof
192.168.1.100andaIPv4NetworkEndAddressof192.168.1.104.Ifyoucreateastartand
endrangeonanetworkthatcontainsaDHCPserver,itisveryimportantthatyoualso
reservethoseaddressesontheDHCPserver.Otherwise,theDHCPserverwillnotbeaware
that those addresses are being used by jails and there will be IP address conflicts and weird
networking errors on the network. When troubleshooting jails that do not install or which are
unavailable,doublecheckthattheIPaddressbeingusedbythejailisnotalsobeingusedby
anotherjailorsysteminthenetwork.
FreeNAS will automatically detect and display the IPv4 Network that the administrative
interfaceisconnectedto.ThissettingisimportantastheIPv4astheIPaddress(es)usedby
yourjailsmustbepingablefromtheFreeNASsysteminorderforyourjailsandanyinstalled
software to be accessible. If your network topology requires you to change the default value,
youwillalsoneedtoconfigureadefaultgateway,andpossiblyastaticroute,tothespecified
network.Ifyouchangethisvalue,ensurethatthesubnetmaskvalueiscorrectasanincorrect
maskcanmaketheIPnetworkunreachable.Whenindoubt,keepthedefaultsettingforIPv4
Network.IfyouareusingVMware,makesurethatthevswitchissettopromiscuousmode.
Once you click the Save button to save the configuration, you are now ready to create and
managejailsasdescribedintherestofthischapter.
13.2. Adding Jails

Tocreateajail,clickJailsAddJailtoaccessthescreenshowninFigure13.2a.
Note: theAddJailmenuitemwillnotappearuntilafteryouconfigureJailsConfiguration.
Figure13.2a:CreatingaJail
3/20
22/01/2017
Bydefault,theonlyrequiredvaluetocreateajailistogiveitaname.Thedefaultistocreatea
FreeBSDjail.
Table 13.2a summarizes the available options. Most settings are only available in Advanced
ModeandarenotneedediftheintentistocreateaFreeBSDjail.Toseethesesettings,either
clicktheAdvancedModebuttonorconfigurethesystemtoalwaysdisplaythesesettingsby
checkingtheboxShowadvancedfieldsbydefaultinSystemAdvanced.
Table13.2a:JailConfigurationOptions
Setting
JailName
Template
IPv4DHCP
IPv4address
IPv4netmask
IPv4bridge
address
IPv4bridge
netmask
IPv4default
gateway
Value
string
drop
down
menu
Description
mandatorycanonlycontainlettersandnumbers
onlyavailableinAdvancedModecontainstheVirtualBox
templateforcreatinganinstanceofphpVirtualBoxadvanced
userscancreateandinstallcustomtemplatesasdescribedin
ManagingJailTemplates
checkbox onlyavailableinAdvancedModeifunchecked,makesurethat
thedefinedaddressdoesnotconflictwiththeDHCPservers
poolofavailableaddresses
integer
onlyavailableinAdvancedModethisandtheotherIPv4
settingswillbegreyedoutifIPv4DHCPischeckedinputIP
addressthatisreachablewithinthelocalnetworkandisnotin
usebyanyotherhostinthenetwork
drop
onlyavailableinAdvancedModeselectthesubnetmask
down
associatedwithIPv4address
menu
integer
onlyavailableinAdvancedModeandwillbegreyedoutif
VIMAGEisuncheckedseeNOTEbelow
drop
onlyavailableinAdvancedModeselectthesubnetmask
down
associatedwithIPv4bridgeaddresswillbegreyedif
menu
VIMAGEisunchecked
string
onlyavailableinAdvancedModewillbegreyedoutif
VIMAGEisunchecked
4/20
22/01/2017
Setting
IPv6
Autoconfigure
IPv6address
IPv6prefix
length
IPv6bridge
address
IPv6bridge
prefixlength
IPv6default
gateway
MAC
NIC
Sysctls
Autostart
VIMAGE
NAT
Value
Description
checkbox onlyavailableinAdvancedModeifunchecked,makesurethat
thedefinedaddressdoesnotconflictwiththeDHCPservers
poolofavailableaddresses
integer
onlyavailableinAdvancedModethisandtheotherIPv6
settingswillbegreyedoutifIPv6Autoconfigureischecked
inputIPv6addressthatisreachablewithinthelocalnetworkand
isnotinusebyanyotherhostinthenetwork
drop
onlyavailableinAdvancedModeselecttheprefixlength
down
associatedwithIPv6address
menu
integer
onlyavailableinAdvancedModeandwillbegreyedif
VIMAGEisuncheckedseeNOTEbelow
drop
down
VIMAGEisuncheckedselecttheprefixlengthassociatedwith
menu
IPv6address
string
onlyavailableinAdvancedModeandwillbegreyedif
VIMAGEisuncheckedusedtosetthejailsdefaultgateway
IPv6address
string
VIMAGEisuncheckedifastaticMACaddressisneeded,input
ithere
drop
down
VIMAGEischeckedcanbeusedtospecifytheinterfacetouse
menu
forjailconnections
string
onlyavailableinAdvancedModecommadelimitedlistof
sysctlstosetinsidejail(e.g.
allow.sysvipc=1,allow.raw_sockets=1)
checkbox onlyavailableinAdvancedModeuncheckifyouwanttostart
thejailmanually
checkbox onlyavailableinAdvancedModegivesajailitsownvirtualized
networkstackrequirespromiscuousmodetobeenabledonthe
interface
checkbox onlyavailableinAdvancedModeandwillbegreyedoutfor
LinuxjailsorifVIMAGEisuncheckedenablesNetwork
AddressTranslationforthejail
Note: theIPv4andIPv6bridgeinterfaceisusedtobridgetheepair(4)device,whichis
automaticallycreatedforeachstartedjail,toaphysicalnetworkdevice.Thedefaultnetwork
deviceistheonethatisconfiguredwithadefaultgateway.So,ifem0istheFreeBSDname
ofthephysicalinterfaceandthreejailsarerunning,thefollowingvirtualinterfaceswillbe
automaticallycreated:bridge0,epair0a,epair1a,andepair2a.Thephysicalinterfaceem0will
beaddedtothebridge,aswellaseachepairdevice.Theotherhalfoftheepairwillbe
placedinsidethejailandwillbeassignedtheIPaddressspecifiedforthatjail.Thebridge
interfacewillbeassignedanaliasofthedefaultgatewayforthatjail,ifconfigured,orthe
bridgeIP,ifconfiguredeitheriscorrect.
Theonlytimeyouneedtospecifyanaddressandmaskforthebridgeiswhenyouneedto
configurethejailtobeonadifferentnetworkthantheFreeNASsystem.Forexample,ifthe
FreeNASsystemisonthe10.0.0.0/24networkandthejailneedstobeconfiguredforthe
192.168.0.0/24 network, set the IPv4 bridge address and IPv4 bridge netmask fields for
thejail.
5/20
22/01/2017
If you uncheck both the VIMAGE and NAT boxes, the jail must be configured with an IP
address within the same network as the interface it is bound to, and that address will be
assigned as an alias on that interface. To use a VIMAGE jail on the same subnet, uncheck
NATandconfigureanIPaddresswithinthesamenetwork.Inbothofthesecases,youonly
configureanIPaddressanddonotconfigureabridgeoragatewayaddress.
Aftermakingyourselections,clicktheOKbutton.Thejailwillbecreatedandwillbeaddedto
the Jails tab as well as in the tree menu under Jails. By default, the jail will automatically
start,unlessyouspecifyotherwisebyuncheckingtheAutostartbox.
The first time you add a jail or use a template, the GUI will automatically download the
necessary components from the Internet. If it is unable to connect to the Internet, the jail
creationwillfail.Otherwise,aprogressbarwillindicatethestatusofthedownloadandprovide
anestimatedtimefortheprocesstocomplete.Oncethefirstjailiscreated,oratemplateused,
subsequentjailswillbeaddedinstantaneouslyasthedownloadedbaseforcreatingthejailis
savedtotheJailRoot.
13.2.1. Managing Jails

Toviewandconfiguretheaddedjails,clickJails.IntheexampleshowninFigure13.2b,the
listentryforthejailnamedxdm_1hasbeenclickedinordertoenablethatjailsconfiguration
options. The entry indicates the name of the jail, its IP address, whether or not it will start
automatically at system boot, whether or not it is currently running, and the type of jail (e.g.
standardindicatesthatitisaFreeBSDjailwhereaspluginjailwouldindicatethatitwasinstalled
usingPlugins).
Figure13.2b:ViewingAddedJails
6/20
22/01/2017
Inorder,fromlefttoright,thefollowingconfigurationiconsareavailable:
EditJail:usedtoeditthejailssettingswhichweredescribedinTable13.2a.Notethatoncea
jailiscreated,thejailsnameandtypecannotbechangedsothesefieldswillbegreyedout.
Note: ifyouneedtomodifytheIPaddressinformationforajail,useitsEditJailbutton
insteadoftheassociatednetworkingcommandsfromthecommandlineofthejail.
Add Storage: used to configure the jail to access an area of storage as described in Add
Storage.
Upload Plugin: used to manually upload a plugin previously downloaded from the plugins
repository.
Start/Stop: this icon will vary, depending upon the current Status of the jail. If the jail is
currentlystopped,theiconwillbegreenandcanbeusedtostartthejail.Ifthejailiscurrently
running,theiconwillberedandcanbeusedtostopthejail.Astoppedjailanditsapplications
areinaccessibleuntilitisrestarted.
Restart:usedtorestartthejail.
Shell:usedtoaccessarootcommandpromptinordertoconfiguretheselectedjailfromthe
commandline.Whenfinished,typeexittoclosetheshell.
7/20
22/01/2017
13.2.1.1. Accessing a Jail Using SSH

If youprefertousesshto accessajailinstead of the jails Shell icon, you will need to first
startthesshserviceandcreateauseraccountforsshaccess.Todothis,clicktheShellicon
forthejailyouwishtoconfiguresshaccessto.
TostarttheSSHservice,lookforthefollowinglineinthatjails /etc/rc.conf :
sshd_enable="NO"
ChangetheNOtoYESandsavethefile.Then,starttheSSHdaemon:
servicesshdstart
The jails RSA key pair should be generated and the keys fingerprint and random art image
displayed.
Next,addauseraccount.Ifyouwanttheusertohavesuperuserprivileges,makesuretheuser
isplacedinthewheelgroupwhenitiscreated.Typeadduserandfollowtheprompts. When
yougettothisprompt,donotpress Enter butinsteadtypewheel:
Logingroupisuser1.Inviteuser1intoothergroups?[]:wheel
Oncetheuseriscreated,settherootpasswordsothatthenewuserwillbeabletousethesu
command to gain superuser privilege. To set the password, type passwd then input and
confirmthedesiredpassword.
Finally, test from another system that the user can successfully ssh in and become the
superuser.Inthisexample,ausernameduser1usessshtoaccessthejailat192.168.2.3.The
firsttimetheuserlogsin,theywillbeaskedtoverifythefingerprintofthehost:
sshuser1@192.168.2.3
Theauthenticityofhost'192.168.2.3(192.168.2.3)'can'tbeestablished.
RSAkeyfingerprintis6f:93:e5:36:4f:54:ed:4b:9c:c8:c2:71:89:c1:58:f0.
Areyousureyouwanttocontinueconnecting(yes/no)?yes
Warning:Permanentlyadded'192.168.2.3'(RSA)tothelistofknownhosts.
Password:type_password_here
Note: eachjailhasitsownuseraccountsandserviceconfiguration.Thismeansthatyou
willneedtorepeatthesestepsforeachjailthatrequiresSSHaccess.
13.2.1.2. Add Storage

It is possible to give a FreeBSD jail access to an area of storage on the FreeNAS system.
This is useful if you install an application that stores a large amount of data or if an installed
applicationneedsaccesstothedatastoredontheFreeNASsystem.Anexamplewouldbe
transmission,whichstorestorrents.Thestorageisaddedusingthemount_nullfs(8)mechanism
whichlinksdatathatresidesoutsideofthejailasastorageareawithinthejail.
Toaddstorage,clicktheAddStoragebuttonforahighlightedjailsentrytoopenthescreen
showninFigure13.2c.Thisscreencanalsobeaccessedbyexpandingthejailsnameinthe
treeviewandclickingStorageAddStorage.
8/20
22/01/2017
Figure13.2c:AddingStoragetoaJail
BrowsetotheSourceandDestination,where:
Source: is the directory or dataset on the FreeNAS system you would like to gain
accesstofromthejail.Thisdirectorymustresideoutsideofthevolumeordatasetbeing
usedbythejail.Thisiswhyitisrecommendedtocreateaseparatedatasettostorejails,
so that the dataset holding the jails will always be separate from any datasets used for
storageontheFreeNASsystem.
Destination: select an existing, empty directory within the jail to link to the Source
storagearea.Ifthatdirectorydoesnotexistyet,typeinthedesireddirectorynameand
checktheCreatedirectorybox.
When you are adding storage, it is typically because the user and group account associated
with an application installed inside of a jail needs to access data stored on the FreeNAS
system.BeforeselectingtheSource,itisimportanttofirstensurethatthepermissionsofthe
selecteddirectoryordatasetgrantpermissiontotheuser/groupaccountinsideofthejail.This
istypicallynotthedefault,astheusersandgroupscreatedinsideofajailaretotallyseparate
fromtheusersandgroupsoftheFreeNASsystem.
Thismeansthattheworkflowforaddingstorageisusuallyasfollows:
1.Determinethenameoftheuserandgroupaccountusedbytheapplication.Forexample,
the installation of the transmission application automatically creates a user account
namedtransmissionandagroupaccountnamedtransmission.Whenindoubt,checkthe
files /etc/passwd (tofindtheuseraccount)and /etc/group (tofindthegroupaccount)inside
9/20
22/01/2017
ofthejail.Typically,theuserandgroupnamesaresimilartotheapplicationname.Also,
theUIDandGIDareusuallythesameastheportnumberusedbytheservice.
2.OntheFreeNASsystem,createauseraccountandgroupaccounttomatchthename
oftheuserandgroupusedbytheapplicationinthejail.
3.OntheFreeNASsystem,determineifyouwantthejailtohaveaccesstoexistingdata
orifyouwanttosetasideanareaofstorageforthejailtouse.
4.If the jail should access existing data, edit the permissions of the volume or dataset so
that the user and group account has the desired read and write access. If multiple
applications or jails are to have access to the same data, you will need to create a
separategroupandaddeachneededuseraccounttothatgroup.
5.Ifyouareinsteadsettingasideanareaofstorageforthatjail(orindividualapplication),
create a dataset. Then, edit the permissions of that dataset so that the user and group
accounthasthedesiredreadandwriteaccess.
6.UsetheAddStoragebuttonofthejailandselecttheconfiguredvolume/datasetasthe
Source.
Ifyouwishtopreventwritestothestorage,checktheboxReadOnly.
By default, the Create directory box is checked. This means that the directory will
automaticallybecreatedforyouunderthespecifiedDestinationpathifthedirectorydoesnot
alreadyexist.
Once a storage has been added, it will be added to the tree under the specified jail. In the
example shown in Figure 13.2d, a dataset named volume1/data has been chosen as the
Source as it contains the files stored on the FreeNAS system. When the storage was
created, the user browsed to volume1/jails/freebsd1/usr/local in the Destination field, then
typedintest as the directory. Since this directory did not already exist, it was created as the
Create directory box was left as checked. The resulting storage was added to the freenas1
entryinthetreeas /usr/local/test . The user has clicked this /usr/local/test entry in order to
accessitsEditscreen.
Figure13.2d:ExampleStorage
10/20
22/01/2017
By default, the storage is mounted as it is created. To unmount the storage, uncheck its
Mounted?box.
Note: amounteddatasetwillnotautomaticallymountanyofitschilddatasets.Whilethe
childdatasetsmayappearbrowsableinsidethejail,anychangeswillnotbevisible.Since
eachdatasetisconsideredtobeitsownfilesystem,eachchilddatasetmusthaveitsown
mountpoint,meaningthatyouneedtocreateaseparatestorageforanychilddatasetswhich
needtobemounted.
Todeletethestorage,clickitsDeletebutton.
Warning: itisimportanttorealizethatanaddedstorageisreallyjustapointertothe
selectedstoragedirectoryontheFreeNASsystem.Itdoesnotcreateacopyofthatdata
withinthejail.ThismeansthatifyoudeleteanyfilesfromtheDestinationdirectory
locatedinthejail,youarereallydeletingthosefilesfromtheSourcedirectory
locatedontheFreeNASsystem.However,ifyoudeletethestorage,youareonlydeleting
thepointer,notthedataitself.
13.2.2. Installing FreeBSD Packages

ThequickestandeasiestwaytoinstallsoftwareinsidethejailistoinstallaFreeBSDpackage.
A FreeBSD package is precompiled, meaning that it contains all the binaries and
dependenciesrequiredforthesoftwaretorunonaFreeBSDsystem.
11/20
22/01/2017
AlotofsoftwarehasbeenportedtoFreeBSD(currentlyover24,000applications)andmostof
that software is available as a package. One way to find FreeBSD software is to use the
searchbaratFreshPorts.org.
Onceyouhavelocatedthenameofthepackageyouwouldliketoinstall,usethepkginstall
commandtoinstallit.Forexample,toinstalltheaudiotagpackage,usethiscommand:
pkginstallaudiotag
When prompted, type y to complete the installation. The installation messages will indicate if
thepackageanditsdependenciessuccessfullydownloadandinstall.
Warning: donotusethepkg_addcommandinaFreeNASjailasitwillcause
inconsistenciesinyourpackagemanagementdatabase.
Youcanconfirmthattheinstallationwassuccessfulbyqueryingthepackagedatabase:
pkginfofaudiotag
audiotag0.19_1
Name:audiotag
Version:0.19_1
Installedon:FriNov2110:10:34PST2014
Origin:audio/audiotag
Architecture:freebsd:9:x86:64
Prefix:/usr/local
Categories:multimediaaudio
Licenses:GPLv2
Maintainer:ports@FreeBSD.org
WWW:http://github.com/Daenyth/audiotag
Comment:Commandlinetoolformasstagging/renamingofaudiofiles
Options:
DOCS:on
FLAC:on
ID3:on
MP4:on
VORBIS:on
Annotations:
repo_type:binary
repository:FreeBSD
Flatsize:62.8KiB
Description:Audiotagisacommandlinetoolformasstagging/renamingofaudiofiles
itsupportsthevorbiscomment,id3tags,andMP4tags.
WWW:http://github.com/Daenyth/audiotag
Toseewhatwasinstalledwiththepackage:
pkginfolaudiotag
audiotag0.19_1:
/usr/local/bin/audiotag
/usr/local/share/doc/audiotag/COPYING
/usr/local/share/doc/audiotag/ChangeLog
/usr/local/share/doc/audiotag/README
/usr/local/share/licenses/audiotag0.19_1/GPLv2
/usr/local/share/licenses/audiotag0.19_1/LICENSE
/usr/local/share/licenses/audiotag0.19_1/catalog.mk
In FreeBSD, thirdparty software is always stored in /usr/local to differentiate it from the

software that came with the operating system. Binaries are almost always located in a
subdirectorycalled bin or sbin andconfigurationfilesinasubdirectorycalled etc .
12/20
22/01/2017
13.2.3. Compiling FreeBSD Ports

Typically,softwareisinstalledintoaFreeBSDjailusingpackages.Occasionallyyoumayprefer
tocompiletheportyourself.Compilingtheportoffersthefollowingadvantages:
Not every port has an available package. This is usually due to licensing restrictions or
known,unaddressedsecurityvulnerabilities.
Sometimes the package is outofdate and you need a feature that became available in
thenewerversion.
Someportsprovidecompileoptionsthatarenotavailableintheprecompiledpackage.
Theseoptionsareusedtoaddadditionalfeaturesortostripoutthefeaturesyoudonot
need.
Compilingtheportyourselfhasthefollowingdisadvantages:
It takes time. Depending upon the size of the application, the amount of dependencies,
the amount of CPU and RAM on the system, and the current load on the FreeNAS
system,theamountoftimecanrangefromafewminutestoafewhoursoreventoafew
days.
Note: iftheportdoesntprovideanycompileoptions,youarebetteroffsavingyourtime
andtheFreeNASsystemsresourcesbyusingthepkginstallcommandinstead.
You can determine if the port has any configurable compile options by clicking its FreshPorts
listing.Figure13.2eshowstheConfigurationOptionsforaudiotag.
Figure13.2e:ConfigurationOptionsforAudiotag
13/20
22/01/2017
In FreeBSD, a Makefile is used to provide the compiling instructions to the make command.
The Makefile isinasciitext,fairlyeasytounderstand,anddocumentedinbsd.port.mk.
Iftheporthasanyconfigurablecompileoptions,theywillbelistedatFreshPortsintheports
ConfigurationOptions.Thisportcontainsfiveconfigurableoptions(DOCS,FLAC,ID3,MP4,
andVORBIS)andeachoptionisenabled(on)bydefault.
FreeBSD packages are always built using the default options. When you compile the port
yourself,thoseoptionswillbepresentedtoyouinamenu,allowingyoutochangetheirdefault
settings.
Beforeyoucancompileaport,theportscollectionmustbeinstalledwithinthejail.Fromwithin
thejail,usetheportsnaputility.Thiscommandwilldownloadtheportscollectionandextractit
tothejails /usr/ports/ directory:
portsnapfetchextract
Note: ifyouinstalladditionalsoftwareatalaterdate,youshouldmakesurethattheports
collectionisuptodateusingbytypingportsnapfetchupdate.
To compile a port, you will cd into a subdirectory of /usr/ports/ . The entry for the port at
FreshPortsprovidesthelocationtocdintoandthemakecommandtorun.Thisexamplewill
14/20
22/01/2017
compiletheaudiotagport:
cd/usr/ports/audio/audiotag
makeinstallclean
Sincethisporthasconfigurableoptions,thefirsttimethiscommandisruntheconfigurescreen
showninFigure13.2fwillbedisplayed:
Figure13.2f:ConfigurationOptionsforAudiotagPort
To change an options setting, use the arrow keys to highlight the option, then press the
spacebar totoggletheselection.Onceyouarefinished,tabovertoOKandpress Enter .Theport
willbegintocompileandinstall.
Note: ifyouchangeyourmind,theconfigurationscreenwillnotbedisplayedagainshould
youstopandrestartthebuild.Typemakeconfig&&makeinstallcleanifyouneedto
changeyourselectedoptions.
Iftheporthasanydependencieswithoptions,theirconfigurationscreenswillbedisplayedand
the compile will pause until it receives your input. It is a good idea to keep an eye on the
compileuntilitfinishesandyouarereturnedtothecommandprompt.
Once the port is installed, it is registered in the same package database that manages
packages.Thismeansthatyoucanusepkginfotodeterminewhatwasinstalled,asdescribed
intheprevioussection.
13.2.4. Starting Installed Software

Oncethepackageorportisinstalled,youwillneedtoconfigureandstartit.Ifyouarefamiliar
with how to configure the software, look for its configuration file in /usr/local/etc or a
subdirectory thereof. Many FreeBSD packages contain a sample configuration file to get you
started. If you are unfamiliar with the software, you will need to spend some time at the
softwares website to learn which configuration options are available and which configuration
file(s)needtobeedited.
15/20
22/01/2017
Most FreeBSD packages that contain a startable service include a startup script which is
automaticallyinstalledto /usr/local/etc/rc.d/ .Onceyourconfigurationiscomplete,youcantest
thattheservicestartsbyrunningthescriptwiththeonestartoption.Asanexample,ifopenvpn
is installed into the jail, these commands will run its startup script and verify that the service
started:
/usr/local/etc/rc.d/openvpnonestart
Startingopenvpn.
/usr/local/etc/rc.d/openvpnonestatus
openvpnisrunningaspid45560.
sockstat4
USERCOMMANDPIDFDPROTOLOCALADDRESSFOREIGNADDRESS
rootopenvpn483864udp4*:54789*:*
Ifyouinsteadreceiveanerror:
/usr/local/etc/rc.d/openvpnonestart
Startingopenvpn.
/usr/local/etc/rc.d/openvpn:WARNING:failedtostartopenvpn
Run tail /var/log/messages to see if any error messages hint at the problem. Most startup
failures are related to a misconfiguration: either a typo or a missing option in a configuration
file.
Once you have verified that the service starts and is working as intended, add a line to
/etc/rc.conf toensurethattheserviceautomaticallystartswheneverthejailisstarted.Theline
to start a service always ends in enable=YES and typically starts with the name of the
software.Forexample,thisistheentryfortheopenvpnservice:
openvpn_enable="YES"
When in doubt, the startup script will tell you which line to put in /etc/rc.conf . This is the
descriptionin /usr/local/etc/rc.d/openvpn :
#Thisscriptsupportsrunningmultipleinstancesofopenvpn.
#Torunadditionalinstanceslinkthisscripttosomethinglike
#%lnsopenvpnopenvpn_foo
#anddefineadditionalopenvpn_foo_*variablesinoneof
#/etc/rc.conf,/etc/rc.conf.localor/etc/rc.conf.d/openvpn_foo
#
#BelowNAMEshouldbesubstitutedwiththenameofthisscript.Bydefault
#itisopenvpn,soreadasopenvpn_enable.Ifyoulinkedthescriptto
#openvpn_foo,thenreadasopenvpn_foo_enableetc.
#
#Thefollowingvariablesaresupported(defaultsareshown).
#Youcanplacetheminanyof
#/etc/rc.conf,/etc/rc.conf.localor/etc/rc.conf.d/NAME
#
#NAME_enable="NO"
#settoYEStoenableopenvpn
Thestartupscriptwillalsoindicateifanyadditionalparametersareavailable:
#NAME_if=
#driver(s)toload,setto"tun","tap"or"tuntap"
16/20
22/01/2017
#
#itisOKtospecifytheif_prefix.
#
##optional:
#NAME_flags=
#additionalcommandlinearguments
#NAME_configfile="/usr/local/etc/openvpn/NAME.conf"
#configfile
#NAME_dir="/usr/local/etc/openvpn"
#cddirectory
13.3. Using the phpVirtualBox Template

If the software you need requires a different operating system or you wish to use a non
FreeBSD operating system to manage software, use the VirtualBox template to create an
instanceofphpVirtualBox.IntheAddJailscreen,clicktheAdvancedModebutton.Asseen
intheexampleinFigure13.3a,inputaJailName,verifythattheIPv4addressisvalidand
notinusebyanotherhostorjail,andselectVirtualBoxfromtheTemplatedropdownmenu.
PresstheOKbuttontobegintheinstallation.
Figure13.3a:CreatingaphpVirtualBoxInstance
Once installed, input the IP address of the VirtualBox jail into a web browser and enter the
usernameandpasswordofadminintotheloginscreen.Onceauthenticated,thescreenshown
inFigure13.3bwillappearinthewebbrowser.
Figure13.3b:ThephpVirtualBoxInterface
17/20
22/01/2017
Click the New button to create virtual machines. You can then install the desired operating
systemsandsoftwareintothecreatedvirtualmachines.
Note: iftheFreeNASsystemreboots,theinstalledvirtualmachineswillnotautomatically
restart.Toconfigureautostart,refertothisforumpost.
13.4. Managing Jail Templates

FreeNAS supports the ability to add custom templates to the Templates dropdown menu
describedinTable13.2a.
By default, FreeNAS provides the VirtualBox template. To view the default and any
customizedtemplates,clickJailsTemplates.Alistingshowingthedefaulttemplateisseenin
Figure13.4a.
Figure13.4a:ListingofDefaultJailTemplates
Thelistingcontainsthefollowingcolumns:
Name:willappearintheTemplatedropdownmenuwhenaddinganewjail.
URL:whenaddinganewjailusingthistemplate,thetemplatewillbedownloadedfrom
thislocation.
18/20
22/01/2017
Instances:indicatesifthetemplate has been used to create a jail. In this example,the

templatehasnotyetbeenusedsoitsInstancesshowsas0.
Tocreateacustomtemplate,firstinstallthedesiredoperatingsystemandconfigureittheway
youwant.Theinstallationcanbeeithertoanexistingjailoronanothersystem.
Next,createanmtreespecificationusingthiscommand:
mtreecp</path/to/jail>ksha256digest>file.mtree
Once your configuration is complete, create a tarball of the entire operating system that you
wish to use as a template. This tarball needs to be compressed with gzip and end in a .tgz
extension.Becarefulwhencreatingthetarballasyoudontwanttoendupinarecursiveloop.
In other words, the resulting tarball needs to be saved outside of the operating system being
tarballed, such as to an external USB drive or network share. Alternately, you can create a
temporarydirectorywithintheoperatingsystemandusetheexcludeswitchtotartoexclude
this directory from the tarball. The exact tar command to use will vary, depending upon the
operatingsystembeingusedtocreatethetarball.
Once you have generated the .mtree and .tgz files, save them to either an FTP share or an
HTTPserver.YouwillneedtheassociatedFTPorHTTPURLinordertoaddthetemplateto
thelistofavailabletemplates.
To add the template, click Jails Templates Add Jail Templates which will open the screen
seeninFigure13.4b.
Figure13.4b:AddingACustomJailTemplate
Table13.4asummarizesthefieldsinthisscreen.
Table13.4a:JailTemplateOptions
Setting
Name
OS
Value
string
drop
down
menu
Description
valuewillappearintheNamecolumnofViewJailTemplates
choicesareFreeBSDorLinux
19/20
22/01/2017
Setting
Value
Architecture drop
down
menu
URL
string
Mtree
Readonly
string
checkbox
Description
choicesarex86(32bit)orx64(64bit)
inputthefullURLtothe .tgz file,includingtheprotocol(ftp://oror
http://)
pastethemtreespecificationforthetemplate
ifthisboxischecked,theNameandURLofthetemplatecannot
bechangedaftercreation
Onceatemplatehasbeenadded,youcanclicktheentryforthetemplatetoaccessitsEdit
andDeletebuttons.IfyouclickatemplatesEditbutton,itwillopentheconfigurationscreen
shownintheFigure13.4c.
Note: theDeletebuttonisnotavailableforthebuiltinVirtualBoxtemplateanditsEdit
buttonopensasreadonly.
Figure13.4c:EditingaTemplatesOptions
If you click a templates Delete button, a warning message will prompt you to confirm the
deletion. Note that once a template is deleted, it will be removed from the Templates drop
downmenuandwillbenolongeravailableforcreatingnewjails.
20/20

Jails - FreeNAS User Guide 9

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Jails - FreeNAS User Guide 9

Uploaded by

Copyright:

Available Formats

22/01/2017

13.1. Jails Configuration

13.2. Adding Jails

13.2.1. Managing Jails

13.2.1.1. Accessing a Jail Using SSH

13.2.1.2. Add Storage

13.2.2. Installing FreeBSD Packages

In FreeBSD, thirdparty software is always stored in /usr/local to differentiate it from the

13.2.3. Compiling FreeBSD Ports

13.2.4. Starting Installed Software

13.3. Using the phpVirtualBox Template

13.4. Managing Jail Templates

Instances:indicatesifthetemplate has been used to create a jail. In this example,the

You might also like