Difference between revisions of "Warden®/9.2"

From PC-BSD Wiki
Jump to: navigation, search
(Info Tab)
(Managing Software Not Available in Packages Tab)
(35 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
<noinclude>{{NavHeader|back=Life Preserver|forward=Using PC-BSD®|custompagename=Warden{{r}}|custompagecategory={{PAGENAME}}}}</noinclude>
 
<noinclude>{{NavHeader|back=Life Preserver|forward=Using PC-BSD®|custompagename=Warden{{r}}|custompagecategory={{PAGENAME}}}}</noinclude>
  
''' WARDEN CHANGED IN 9.1. UNLESS YOU ARE BETA TESTING 9.1, YOU SHOULD INSTEAD REFER TO THE [[PC-BSD® Users Handbook|PUBLISHED VERSION OF THE USERS HANDBOOK]] THAT MATCHES YOUR PC-BSD® VERSION'''
+
Warden® is an easy to use, graphical {{citelink|wp|url=FreeBSD_jail|txt=jail}} management program. [[File:Warden1e.png|thumb|393px|'''Figure 8.19b: Initial Warden® Screen''']] Using Warden®, it is possible to create multiple, isolated virtual instances of FreeBSD which can be used to run services such as Apache, PHP, or MySQL in a secure manner. Each jail is considered to be a unique FreeBSD operating system and whatever happens in that jail will not affect your operating system or other jails running on the PC-BSD® system.
  
Warden® is an easy to use, graphical {{citelink|wp|url=FreeBSD_jail|txt=jail}} management program. Using Warden®, it is possible to create multiple, isolated virtual instances of FreeBSD which can be used to run services such as Apache, PHP, or MySQL in a secure manner. Each jail is considered to be a unique FreeBSD operating system and whatever happens in that jail will not affect your operating system or other jails running on the PC-BSD® system.
+
Warden® has been redesigned for PC-BSD®&nbsp;9.1, and is now part of Control Panel. A command line version is also available for those who prefer to work from the command line or script their jail management.
 
+
Warden® has been redesigned for PC-BSD® 9.1, and is now part of Control Panel. A command line version is also available for those who prefer to work from the command line or script their jail management.
+
  
 
Some of the new features in Warden® include the ability to:
 
Some of the new features in Warden® include the ability to:
Line 25: Line 23:
 
== Creating a Jail using Warden{{r}} ==
 
== Creating a Jail using Warden{{r}} ==
  
Warden® can be started by clicking on its icon in Control Panel or by typing '''pc-su warden gui''' from the command line. You will be prompted for the adminstrative password as only the superuser can create and manage jails.
+
Warden® can be started by clicking on its icon in Control Panel or by typing '''pc-su warden gui''' from the command line. You will be prompted for the administrative password as only the superuser can create and manage jails.
  
 
The first time you start Warden®, you will be prompted to set the network interface as ''' ''your jails will not work if the wrong interface is configured.'' ''' Click Yes to set the interface using the screen shown in Figure 8.19a. You can access this screen at a later time from ''Jails'' ➜ ''Configuration''.
 
The first time you start Warden®, you will be prompted to set the network interface as ''' ''your jails will not work if the wrong interface is configured.'' ''' Click Yes to set the interface using the screen shown in Figure 8.19a. You can access this screen at a later time from ''Jails'' ➜ ''Configuration''.
  
'''Figure 8.19a: Warden® Configuration'''
+
[[File:Warden9a.png|thumb|393px|'''Figure 8.19a: Warden® Configuration''']]
 
+
[[File:Warden9a.png]]
+
  
 
This screen allows you to configure the following:
 
This screen allows you to configure the following:
Line 42: Line 38:
  
 
Once you click the "Save" button to save your interface configuration, you will be presented with the main Warden® configuration screen, shown in Figure 8.19b.
 
Once you click the "Save" button to save your interface configuration, you will be presented with the main Warden® configuration screen, shown in Figure 8.19b.
 
'''Figure 8.19b: Initial Warden® Screen'''
 
 
[[Image:Warden1e.png]]
 
  
 
To create your first jail, click the "+" button or go to ''File'' ➜ ''New Jail''. A jail creation wizard, seen in Figure 8.19c, will launch.
 
To create your first jail, click the "+" button or go to ''File'' ➜ ''New Jail''. A jail creation wizard, seen in Figure 8.19c, will launch.
  
'''Figure 8.19c: Creating the New Jail'''
+
[[File:Warden1f.png|thumb|393px|'''Figure 8.19c: Creating the New Jail''']]
 
+
[[Image:Warden1f.png]]
+
  
 
The first screen in the jail creation wizard will prompt you for the following information:
 
The first screen in the jail creation wizard will prompt you for the following information:
  
'''IP Address:''' input the IPv4 or IPv6 address to be used by the jail and access its contents. Choose an address on your network that is not already in use by another computer or jail.
+
'''IP Address:''' input the IPv4 or IPv6 address to be used by the jail and access its contents. Choose an address on your network that is not already in use by another computer or jail and which will not conflict with the address range assigned by a DHCP server.
  
 
'''Hostname:''' you can change the default of "Jailbird" to another value. The hostname must be unique on your network. Use a hostname that reminds you of the type of jail and your reason for creating it.
 
'''Hostname:''' you can change the default of "Jailbird" to another value. The hostname must be unique on your network. Use a hostname that reminds you of the type of jail and your reason for creating it.
Line 61: Line 51:
 
When finished, click "Next" to select the type of jail, as shown in Figure 8.19d:
 
When finished, click "Next" to select the type of jail, as shown in Figure 8.19d:
  
'''Figure 8.19d: Select the Type of Jail'''
+
[[File:Warden2c.png|thumb|393px|'''Figure 8.19d: Select the Type of Jail''']]
 
+
[[Image:Warden2c.png]]
+
  
 
There are three types of jails supported by Warden®:
 
There are three types of jails supported by Warden®:
Line 79: Line 67:
 
If you select "Traditional Jail", you will be prompted to set the root password as seen in Figure 8.19e.
 
If you select "Traditional Jail", you will be prompted to set the root password as seen in Figure 8.19e.
  
'''Figure 8.19e: Setting the Traditional Jail's Root Password'''
+
[[File:Warden3b.png|thumb|393px|'''Figure 8.19e: Setting the Traditional Jail's Root Password''']]
 
+
[[Image:Warden3b.png]]
+
  
 
Input and confirm the password then press "Next" to see the screen shown in Figure 8.19f. If you instead select to create a "Ports Jail", you will go directly to Figure 8.19f.
 
Input and confirm the password then press "Next" to see the screen shown in Figure 8.19f. If you instead select to create a "Ports Jail", you will go directly to Figure 8.19f.
  
'''Figure 8.19f: Select the Jail Options'''
 
  
[[Image:Warden4b.png]]
+
[[File:Warden4b.png|thumb|393px|'''Figure 8.19f: Select the Jail Options''']]
  
 
This screen allows you to install the following options:
 
This screen allows you to install the following options:
Line 105: Line 90:
 
If you select the "Linux Jail" and click "Next", you will be prompted to set the root password as seen in Figure 8.19e. After inputting the password, the wizard will prompt you to select a Linux install script, as seen in Figure 8.19g.
 
If you select the "Linux Jail" and click "Next", you will be prompted to set the root password as seen in Figure 8.19e. After inputting the password, the wizard will prompt you to select a Linux install script, as seen in Figure 8.19g.
  
'''Figure 8.19g: Select the Linux Distribution to Install'''
+
[[File:Linux1a.png|thumb|393px|'''Figure 8.19g: Select the Linux Distribution to Install''']]
 
+
[[File:Linux1a.png]]
+
  
 
The installation script is used to install the specified Linux distribution. At this time, installation scripts for Debian Squeeze and for Gentoo are provided. Scripts for other distros will be added over time.
 
The installation script is used to install the specified Linux distribution. At this time, installation scripts for Debian Squeeze and for Gentoo are provided. Scripts for other distros will be added over time.
  
'''NOTE:''' a Linux installation script is simply a shell script which invokes a Linux network installation. In the case of Debian Squeeze, it invokes the '''debootstrap''' command.
+
{{note|width=48.5%|a Linux installation script is simply a shell script which invokes a Linux network installation. In the case of Debian Squeeze, it invokes the '''debootstrap''' command.}}
  
 
Once you select the install script, the wizard will ask if you would like to start the jail at boot time as seen in Figure 8.19h.
 
Once you select the install script, the wizard will ask if you would like to start the jail at boot time as seen in Figure 8.19h.
  
'''Figure 8.19h: Linux Jail Options'''
+
[[File:Linux11.png|thumb|393px|'''Figure 8.19h: Linux Jail Options''']]
 
+
[[File:Linux11.png]]
+
  
 
Click the "Finish" button to begin the Linux installation.
 
Click the "Finish" button to begin the Linux installation.
Line 131: Line 112:
 
The "Info" tab, as seen in the example in Figure 8.19i, provides an overview of a jail's configuration. If you have created multiple jails, the "Info" tab displays the configuration of the currently highlighted jail.
 
The "Info" tab, as seen in the example in Figure 8.19i, provides an overview of a jail's configuration. If you have created multiple jails, the "Info" tab displays the configuration of the currently highlighted jail.
  
'''Figure 8.19i: Info Tab of Warden®'''
+
[[File:Warden5b.png|thumb|393px|'''Figure 8.19i: Info Tab of Warden®''']]
 
+
[[File:Warden5b.png]]
+
  
 
In the example shown in Figure 8.19i, three jails have been created. The first jail is a traditional jail, the second is a ports jail, and Debian Squeeze has been installed into the third jail.
 
In the example shown in Figure 8.19i, three jails have been created. The first jail is a traditional jail, the second is a ports jail, and Debian Squeeze has been installed into the third jail.
Line 157: Line 136:
 
The "Tools" tab, shown in Figure 8.19j, allows you to manage common configuration tasks within a jail.
 
The "Tools" tab, shown in Figure 8.19j, allows you to manage common configuration tasks within a jail.
  
'''NOTE:''' make sure that the desired jail is highlighted when using the "Tools" tab.
+
{{note|width=48.5%|make sure that the desired jail is highlighted when using the "Tools" tab.}}
  
'''Figure 8.19j: Tools Tab for the Highlighted Jail'''
+
[[File:Warden6b.png|thumb|393px|'''Figure 8.19j: Tools Tab for the Highlighted Jail''']]
 
+
[[File:Warden6b.png]]
+
  
 
This tab provides the following buttons:
 
This tab provides the following buttons:
  
* '''User Administrator:''' opens [[User Manager]] so that you can manage the highlighted jail's user accounts and groups. The title bar will indicate that you are "Editing Users for Jail: IP_of_Jail". Note that any users and groups that you have created on your PC-BSD® system will not be added to jails as each jail has its own users and groups. This button is not available if a Linux jail is highlighted.
+
* '''User Administrator:''' opens [[User Manager]] so that you can manage the highlighted jail's user accounts and groups. The title bar will indicate that you are "Editing Users for Jail: IP_of_Jail". Note that any users and groups that you have created on your PC-BSD® system will not be added to a traditional jail as each traditional jail has its own users and groups. However, a ports jail has access to the users and groups that exist on the PC-BSD® system, yet the users you create on a ports jail will only be available within the ports jail. This button is not available if a Linux jail is highlighted.
  
 
* '''Service Manager:''' opens [[Service Manager]] so that you can view which services are running in the jail and configure which services should start when the jail is started. Note that this button is not available if a Linux jail is highlighted.
 
* '''Service Manager:''' opens [[Service Manager]] so that you can view which services are running in the jail and configure which services should start when the jail is started. Note that this button is not available if a Linux jail is highlighted.
Line 171: Line 148:
 
* '''Launch Terminal:''' opens a terminal with the root user logged into the jail. This allows you to administer the jail from the command line. This button will be greyed out if the highlighted jail is not running. You can start a jail by right-clicking its entry and selecting "Start Jail" from the menu or by clicking the start jail icon (a blue arrow icon below the list of jails).
 
* '''Launch Terminal:''' opens a terminal with the root user logged into the jail. This allows you to administer the jail from the command line. This button will be greyed out if the highlighted jail is not running. You can start a jail by right-clicking its entry and selecting "Start Jail" from the menu or by clicking the start jail icon (a blue arrow icon below the list of jails).
  
* '''Check for Updates:''' launches [[Update Manager]] to determine if any of the jail's meta-packages have newer versions available. Update Manager will also indicate if system updates are available to be installed into the jail. Note that this button is not available if a Linux jail is highlighted.
+
* '''Check for Updates:''' launches [[Update Manager]] to determine if any of the jail's meta-packages have newer versions available. Update Manager will also indicate if system updates are available to be installed into the jail. Note that this button is not available if a Linux jail is highlighted. By default, Update Manager automatically checks for updates every 12 hours to see if there are any system updates or if any of the applications installed using the "Packages" tab within a ports or traditional jail have newer versions. If an update is found, the text "Updates available!" will appear in the "Updates" column for that jail.
  
 
* '''Export Jail:''' launches a pop-up window prompting you to choose the directory in which to save a backup of the jail (and all of its software, configuration, and files) as a ''.wdn'' file. Creating the ''.wdn'' file may take some time, especially if you have installed src, ports, or software.
 
* '''Export Jail:''' launches a pop-up window prompting you to choose the directory in which to save a backup of the jail (and all of its software, configuration, and files) as a ''.wdn'' file. Creating the ''.wdn'' file may take some time, especially if you have installed src, ports, or software.
Line 183: Line 160:
 
The "Snapshots" tab, shown in Figure 8.19k, is used to create and manage snapshots within the currently highlighted jail.
 
The "Snapshots" tab, shown in Figure 8.19k, is used to create and manage snapshots within the currently highlighted jail.
  
'''NOTE:''' this tab will be greyed out if you are not using the ZFS filesystem.
+
{{note|width=48.5%|this tab will be greyed out if you are not using the ZFS filesystem.}}
  
'''Figure 8.19k: Snapshots Tab for the Highlighted Jail'''
+
[[File:Warden7b.png|thumb|393px|'''Figure 8.19k: Snapshots Tab for the Highlighted Jail''']]
 
+
[[File:Warden7b.png]]
+
  
 
To create a snapshot of the jail, click the "+Add" button. A snapshot indicating the date and time will be added to the slider bar. If you create multiple snapshots at different times, use the slider bar to select a snapshot.
 
To create a snapshot of the jail, click the "+Add" button. A snapshot indicating the date and time will be added to the slider bar. If you create multiple snapshots at different times, use the slider bar to select a snapshot.
Line 209: Line 184:
 
The "Packages" tab, shown in Figure 8.19l, allows you to install [[Meta Package Manager | meta-packages]] within the specified traditional or ports jail. Software installed using this method will be tracked by [[Update Manager]], meaning that Warden® will be notified when updates are available for the installed software.
 
The "Packages" tab, shown in Figure 8.19l, allows you to install [[Meta Package Manager | meta-packages]] within the specified traditional or ports jail. Software installed using this method will be tracked by [[Update Manager]], meaning that Warden® will be notified when updates are available for the installed software.
  
'''Figure 8.19l: Packages Tab for the Highlighted Jail'''
+
[[File:Warden8a.png|thumb|393px|'''Figure 8.19l: Packages Tab for the Highlighted Jail''']]
 
+
[[File:Warden8a.png]]
+
  
'''NOTE:''' by default, jails use the ''warden'' metapkgset which provides packages suited to a server, command line installation. At this time, meta-packages are not available for Linux jails meaning that this tab will be greyed out if a Linux jail is highlighted.
+
{{note|width=48.5%|by default, jails use the ''warden'' metapkgset which provides packages suited to a server, command line installation. At this time, meta-packages are not available for Linux jails meaning that this tab will be greyed out if a Linux jail is highlighted.}}
  
 
The following meta-packages are available:
 
The following meta-packages are available:
  
* '''Database-Servers:''' MySQL and PostgreSQL
+
* '''Database-Servers:''' {{citelink|url=http://dev.mysql.com/downloads/mysql/|txt=MySQL}} and {{citelink|url=http://www.postgresql.org/|txt=PostgreSQL}}
  
* '''Development:''' ccache and distcc
+
* '''Development:''' {{citelink|url=http://ccache.samba.org/|txt=ccache}} and {{citelink|url=https://code.google.com/p/distcc/|txt=distcc}}
  
* '''File-Servers:''' Samba
+
* '''File-Servers:''' {{citelink|url=http://www.samba.org/|txt=Samba}}
  
* '''Languages:''' PHP
+
* '''Languages:''' {{citelink|url=http://www.php.net/|txt=PHP}}
  
* '''Virtualization:''' VirtualBox
+
* '''Virtualization:''' {{citelink|url=https://www.virtualbox.org/|txt=VirtualBox}}
  
* '''Web-Servers:''' Apache, Lighttp, NGINX, and Squid
+
* '''Web-Servers:''' {{citelink|url=http://httpd.apache.org/|txt=Apache}}, {{citelink|url=http://www.lighttpd.net/|txt=Lighttp}}, {{citelink|url=http://nginx.org/en/|txt=NGINX}}, and {{citelink|url=http://www.squid-cache.org/|txt=Squid}}
  
 
Hover over a package to receive a short description. If you right-click a package, it will indicate which packages and versions will be installed.
 
Hover over a package to receive a short description. If you right-click a package, it will indicate which packages and versions will be installed.
Line 241: Line 214:
 
* '''Export jail to .wdn file:''' allows you to save the jail (and all of its software, configuration, and files) as a ''.wdn'' file. This allows you to quickly clone a pre-configured jail to a new jail on either the same or another PC-BSD® system. The exported jail will end with a ''.wdn'' extension and the filename will be the IP address of the jail. When exporting a jail, a pop-up window will prompt you to choose the directory in which to store the backup. A progress bar will indicate that the export is in progress. Creating the ''.wdn'' file may take some time, especially if you have installed src, ports, or software.
 
* '''Export jail to .wdn file:''' allows you to save the jail (and all of its software, configuration, and files) as a ''.wdn'' file. This allows you to quickly clone a pre-configured jail to a new jail on either the same or another PC-BSD® system. The exported jail will end with a ''.wdn'' extension and the filename will be the IP address of the jail. When exporting a jail, a pop-up window will prompt you to choose the directory in which to store the backup. A progress bar will indicate that the export is in progress. Creating the ''.wdn'' file may take some time, especially if you have installed src, ports, or software.
  
'''NOTE:''' you should close all network connections to the jail before exporting it as Warden® will need to stop the jail in order to back it up. If your jail is running services (e.g. a webserver), export the jail at a time that will least impact network connections to the jail.
+
{{note|width=48.5%|you should close all network connections to the jail before exporting it as Warden® will need to stop the jail in order to back it up. If your jail is running services (e.g. a webserver), export the jail at a time that will least impact network connections to the jail.}}
  
 
* '''Delete Jail:''' removes the jail and all of its contents from the PC-BSD® system. You will be prompted to confirm this action.
 
* '''Delete Jail:''' removes the jail and all of its contents from the PC-BSD® system. You will be prompted to confirm this action.
Line 257: Line 230:
 
If you type '''warden''' at the command line, you will receive a summary of its usage:
 
If you type '''warden''' at the command line, you will receive a summary of its usage:
  
'''warden'''
+
{{txtbox|box=>'''warden'''
Warden version 1.2                                                                                                                
+
Warden version 1.2
---------------------------------                                                                                                
+
 
Available commands                                                                                                                
+
<nowiki>-</nowiki>--------------------------------
Type in help <command> for information and usage about that command                                                                                                                                                              
+
 
help          - This help file                                                                                                          
+
Available commands
gui          - Launch the GUI menu                                                                                                                                                    
+
Type in help <command> for information and usage about that command
auto          - Toggles the autostart flag for a jail
+
                           
checkup      - Check for updates to a jail
+
help          - This help file
chroot        - Launches chroot into a jail  
+
gui          - Launch the GUI menu
create        - Creates a new jail  
+
auto          - Toggles the autostart flag for a jail
details      - Display usage details about a jail
+
checkup      - Check for updates to a jail
delete        - Deletes a jail
+
chroot        - Launches chroot into a jail  
export        - Exports a jail to a .wdn file
+
create        - Creates a new jail  
get          - Gets options list for a jail
+
details      - Display usage details about a jail
import        - Imports a jail from a .wdn file
+
delete        - Deletes a jail
list          - Lists the installed jails
+
export        - Exports a jail to a .wdn file
pkgs          - Lists the installed packages in a jail
+
get          - Gets options list for a jail
set          - Sets options for a jail
+
import        - Imports a jail from a .wdn file
start        - Start a jail
+
list          - Lists the installed jails
stop          - Stops a jail
+
pkgs          - Lists the installed packages in a jail
type          - Set the jail type (portjail/normal)
+
set          - Sets options for a jail
zfsmksnap    - Create a ZFS snapshot of a jail  
+
start        - Start a jail
zfslistclone  - List clones of jail snapshots
+
stop          - Stops a jail
zfslistsnap  - List snapshots of a jail
+
type          - Set the jail type (portjail/normal)
zfsclonesnap  - Clone a jail snapshot
+
zfsmksnap    - Create a ZFS snapshot of a jail  
zfscronsnap  - Schedule snapshot creation via cron
+
zfslistclone  - List clones of jail snapshots
zfsrevertsnap - Revert jail to a snapshot
+
zfslistsnap  - List snapshots of a jail
zfsrmclone    - Remove a clone directory
+
zfsclonesnap  - Clone a jail snapshot
zfsrmsnap    - Remove snapshot of a jail
+
zfscronsnap  - Schedule snapshot creation via cron
 +
zfsrevertsnap - Revert jail to a snapshot
 +
zfsrmclone    - Remove a clone directory
 +
zfsrmsnap    - Remove snapshot of a jail}}
  
 
Each command has its own help text that describes its parameters and provides a usage example. For example, to receive help on how to use the '''warden create''' command, type:
 
Each command has its own help text that describes its parameters and provides a usage example. For example, to receive help on how to use the '''warden create''' command, type:
  
'''warden help create'''
+
{{txtbox|box='''warden help create'''
Warden version 1.2
+
Warden version 1.2
---------------------------------
+
<nowiki>-</nowiki>--------------------------------
Help create
+
Help create
Creates a new jail, with options for system source, ports and autostarting.
+
Creates a new jail, with options for system source, ports and autostarting.
Available Flags:
+
Available Flags:
  -32                          (Create 32bit jail on 64bit system)
+
&nbsp; -32                          (Create 32bit jail on 64bit system)
  --src                        (Includes /usr/src system source)
+
&nbsp; --src                        (Includes /usr/src system source)
  --ports                      (Includes the ports tree)
+
&nbsp; --ports                      (Includes the ports tree)
  --startauto                  (Start this jail at system boot)
+
&nbsp; --startauto                  (Start this jail at system boot)
  --portjail                  (Make this a portjail)
+
&nbsp; --portjail                  (Make this a portjail)
  --linuxjail <script>        (Make this a linux jail and use supplied script for installation)
+
&nbsp; --linuxjail <script>        (Make this a linux jail and use supplied script f
  --archive <tar>              (Use specified tar file for BSD jail creation)
+
or installation)
  --linuxarchive <tar>        (Use specified tar file for Linux jail creation)
+
&nbsp; --archive <tar>              (Use specified tar file for BSD jail creation)
Usage:
+
&nbsp; --linuxarchive <tar>        (Use specified tar file for Linux jail creation)
  warden create <IP> <HOSTNAME> <flags>
+
Usage:
Example:
+
&nbsp; warden create <IP> <HOSTNAME> <flags>
  warden create 192.168.0.5 jailbird --src --ports --startauto
+
Example:
 +
&nbsp; warden create 192.168.0.5 jailbird --src --ports --startauto}}
  
 
You do not need superuser access to use the view commands but will for any commands that create or manage a jail. The '''warden''' command will display an error message if a command requires superuser access and you currently are not the superuser. On PC-BSD®, you can put '''pc-su''' at the beginning of the '''warden''' command to be prompted for the administrative password. On a FreeBSD server, you can type '''su''' to become superuser, then repeat the '''warden''' command.
 
You do not need superuser access to use the view commands but will for any commands that create or manage a jail. The '''warden''' command will display an error message if a command requires superuser access and you currently are not the superuser. On PC-BSD®, you can put '''pc-su''' at the beginning of the '''warden''' command to be prompted for the administrative password. On a FreeBSD server, you can type '''su''' to become superuser, then repeat the '''warden''' command.
  
If you have an existing FreeBSD jail that you would like to import or if you want to create a new jail with a specific world environment, create a tar archive of that jail or environment. Then, when using the '''warden create''' command, include the '''--archive name_of_tarball.tgz''' option.
+
=== Creating and Accessing a Warden Jail ===
 +
 
 +
Before creating a jail, make sure that the correct interface is specified in ''/usr/local/etc/warden.conf''. In this file, the default interface is set to:
 +
 
 +
{{txtbox|box=# Network Interface for the jails to use
 +
NIC: em0}}
 +
 
 +
To create a jail, specify a unique IP address and hostname for the jail:
 +
 
 +
{{txtbox|box='''warden create 10.0.0.1 jail1'''
 +
Using mirror: {{ftp}}mirrors.isc.org/pub/pcbsd
 +
Fetching jail environment. This may take a while...
 +
Downloading {{ftp}}mirrors.isc.org/pub/pcbsd/9.1-RC3/amd64/netinstall/fbsd-releas
 +
e.txz ...
 +
fbsd-release.txz.md5                          100% of  33  B 1999  Bps
 +
Creating ZFS /usr/jails/.warden-chroot-amd64 dataset...
 +
Building new Jail... Please wait...
 +
Success!
 +
Jail created at /usr/jails/10.0.0.1}}
 +
 
 +
The first time you create a jail, it will take a few minutes in order to download the freebsd environment. Subsequent jails will use the downloaded environment and will create almost instantaneously.
 +
 
 +
Before you can access the jail, you will need to start it:
 +
 
 +
{{txtbox|box='''warden start 10.0.0.1'''}}
 +
 
 +
As the jail starts, the SSH host keys will be generated and '''sshd''' will start. However, you will need to create a user before you can '''ssh''' into the jail. To access the jail in order to create the user:
 +
 
 +
{{txtbox|box='''warden chroot 10.0.0.1'''
 +
&nbsp;Started shell session on 10.0.0.1 . Type exit when finished.
 +
&nbsp;'''adduser'''}}
 +
 
 +
Follow the prompts of the '''adduser''' script in order to create a user. When you get to this prompt, don't press enter. Instead type in ''wheel'' so that the user can use the '''su''' command to become the superuser within the jail.
 +
 
 +
{{txtbox|box=Login group is username. Invite username into other groups? [] '''wheel'''}}
 +
 
 +
When you are finished creating the user, you can type '''exit''' to exit the jail. Test that '''ssh''' works by specifying the username that you created:
 +
 
 +
{{txtbox|box='''ssh username@10.0.0.1'''}}
 +
 
 +
=== Additional Settings ===
 +
 
 +
If you have an existing FreeBSD or Linux jail that you would like to import or if you want to create a new jail with a specific world environment, create a tar archive of that jail or environment. Then, when using the '''warden create''' command, include the '''--archive name_of_tarball.tgz''' option if it is a FreeBSD jail or the '''--linuxarchive name_of_tarball.tgz''' option if it is a Linux jail.
 +
 
 +
The '''warden set''' command can be used to set additional flags to pass to the jail at jail startup time and the '''warden get''' command can be used to determine if any flags have been set. For example, this command will enable raw sockets (which allows '''ping''') and chflags on the specified jail. Note that the flags are separated by a comma with no space. Available flags are listed in the "allow.*" section of {{citelink|url=http://www.freebsd.org/cgi/man.cgi?query=jail|txt=jail(8)}}.
 +
 
 +
{{txtbox|box='''warden set flags 192.168.1.1 allow.raw_sockets=true,allow.chflags=true'''
 +
'''warden get flags 192.168.1.1'''
 +
allow.raw_sockets=true,allow.chflags=true}}
 +
 
 +
The Warden® configuration file is located in ''/usr/local/etc/warden.conf.'' It can be manually edited to change the default interface, the directory used for compressing/decompressing files, and the location of the created jails.
 +
 
 +
{{txtbox|box='''more /usr/local/etc/warden.conf'''
 +
{{pound}}!/bin/sh
 +
{{pound}} Configuration options for the Warden
 +
<nowiki>######################################################################</nowiki>
 +
{{pound}} Network Interface for the jails to use
 +
NIC: em0
 +
{{pound}} Directory to use for compressing / decompressing files
 +
WTMP: /usr/jails
 +
{{pound}} Location of the jails
 +
JDIR: /usr/jails}}
  
 
== Managing Software Not Available in Packages Tab ==
 
== Managing Software Not Available in Packages Tab ==
Line 318: Line 356:
  
 
Note that the software you install into a traditional jail ''' ''will not'' ''' be available to your PC-BSD® system. In other words, software installed into a traditional jail is meant to be used within the jail, or, in the case of network applications such as a web server, to be configured to be available over the network.
 
Note that the software you install into a traditional jail ''' ''will not'' ''' be available to your PC-BSD® system. In other words, software installed into a traditional jail is meant to be used within the jail, or, in the case of network applications such as a web server, to be configured to be available over the network.
 +
 +
=== Traditional or Ports Jail===
  
 
The commands demonstrated in this section can also be used to install software inside a ports jail. The software you install into a ports jail will be available to your PC-BSD® system.  ''' ''If you are interested in installing software on your PC-BSD® system that is not available as a PBI or you wish to learn how to use FreeBSD packages and ports without affecting the software that came with your PC-BSD® system, install the software within a ports jail.'' '''
 
The commands demonstrated in this section can also be used to install software inside a ports jail. The software you install into a ports jail will be available to your PC-BSD® system.  ''' ''If you are interested in installing software on your PC-BSD® system that is not available as a PBI or you wish to learn how to use FreeBSD packages and ports without affecting the software that came with your PC-BSD® system, install the software within a ports jail.'' '''
  
'''NOTE:''' to manage software in a Linux jail, use the package management system provided by that Linux distro. For example, in Debian Squeeze, use {{citelink|wp|url=Aptitude_(software)|aptitude}}.
+
{{note|to manage software in a Linux jail, use the package management system provided by that Linux distro. For example, in Debian Squeeze, use {{citelink|wp|url=Aptitude_(software)|aptitude}}.}}
  
 
''' ''All of the commands in this section assume that you have highlighted the jail that you wish to install software into and clicked ''Tools'' ➜ ''Launch Terminal''.'' '''
 
''' ''All of the commands in this section assume that you have highlighted the jail that you wish to install software into and clicked ''Tools'' ➜ ''Launch Terminal''.'' '''
  
=== Installing FreeBSD Packages Within a Traditional or Ports Jail ===
+
==== Installing FreeBSD Packages ====
  
 
The quickest and easiest way to install software inside the jail is to install a FreeBSD package. A FreeBSD package is pre-compiled, meaning that it contains all the binaries and dependencies required for the software to run on a FreeBSD system.
 
The quickest and easiest way to install software inside the jail is to install a FreeBSD package. A FreeBSD package is pre-compiled, meaning that it contains all the binaries and dependencies required for the software to run on a FreeBSD system.
 
+
[[File:Electric.png|thumb|393px|'''Figure 8.19m: FreshPorts Search Result''']]
 
When dealing with FreeBSD packages, the following command line utilities are used:
 
When dealing with FreeBSD packages, the following command line utilities are used:
  
Line 340: Line 380:
  
 
Figure 8.19m shows the search results for electric; the search was performed using the firefox plugin.
 
Figure 8.19m shows the search results for electric; the search was performed using the firefox plugin.
 
'''Figure 8.19m: FreshPorts Search Result'''
 
 
[[File:Electric.png]]
 
  
 
Each listing in the search results includes the name of the software, the version, a description, the category (e.g. security), the email address of the port's maintainer, a CVSWeb link containing the details of the port, and a link to the software's main website. Each entry includes the command used to compile the port (as described in the next section) and the '''pkg_add -r''' command used to install the package.
 
Each listing in the search results includes the name of the software, the version, a description, the category (e.g. security), the email address of the port's maintainer, a CVSWeb link containing the details of the port, and a link to the software's main website. Each entry includes the command used to compile the port (as described in the next section) and the '''pkg_add -r''' command used to install the package.
Line 349: Line 385:
 
To install a package, use the '''pkg_add''' command using the remote ('''-r''') switch to install the specified package from the FreeBSD packages repository. For example, this command will install the electric package:
 
To install a package, use the '''pkg_add''' command using the remote ('''-r''') switch to install the specified package from the FreeBSD packages repository. For example, this command will install the electric package:
  
'''pkg_add -r electric'''
+
{{txtbox|box='''pkg_add -r electric'''
Fetching <nowiki>ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-stable/Latest/electric.tbz</nowiki>... Done.
+
Fetching {{ftp}}ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-stable/Latest/
 +
electric.tbz... Done.}}
  
 
You should receive a message indicating that the package was successfully fetched, then your prompt back. Depending upon what is already installed within the jail, your messages may indicate that dependent packages were also fetched. Some packages include post-installation instructions that will be displayed in the message. Occasionally you will see a warning about a version mismatch; you can ignore these as they do not affect the installation of the package. Unless the message includes an error indicating that the system was unable to fetch or install the package, the installation was successful.
 
You should receive a message indicating that the package was successfully fetched, then your prompt back. Depending upon what is already installed within the jail, your messages may indicate that dependent packages were also fetched. Some packages include post-installation instructions that will be displayed in the message. Occasionally you will see a warning about a version mismatch; you can ignore these as they do not affect the installation of the package. Unless the message includes an error indicating that the system was unable to fetch or install the package, the installation was successful.
Line 356: Line 393:
 
You can confirm that the installation was successful by querying the package database:
 
You can confirm that the installation was successful by querying the package database:
  
'''pkg_info -ox electric'''
+
{{txtbox|box='''pkg_info -ox electric'''
Information for electric-7.0.0_4:
+
Information for electric-7.0.0_4:
Origin:
+
Origin:
cad/electric
+
cad/electric}}
  
 
Most packages install their binary (executable) in ''/usr/local/bin'' and configuration files in ''/usr/local/etc/''. You can find out exactly what was installed using the '''-L''' (list) switch. If you include '''-x''', you will not have to type in the entire name and version of the package as '''pkg_info''' will match any installed packages containing your query string.
 
Most packages install their binary (executable) in ''/usr/local/bin'' and configuration files in ''/usr/local/etc/''. You can find out exactly what was installed using the '''-L''' (list) switch. If you include '''-x''', you will not have to type in the entire name and version of the package as '''pkg_info''' will match any installed packages containing your query string.
  
'''pkg_info -Lx electric | more'''
+
{{txtbox|box='''pkg_info -Lx electric | more'''
Information for electric-7.0.0_4:
+
Information for electric-7.0.0_4:
Files:
+
Files:
/usr/local/bin/electric
+
/usr/local/bin/electric
/usr/local/share/electric/lib/.cadrc
+
/usr/local/share/electric/lib/.cadrc
/usr/local/share/electric/lib/ALS.help
+
/usr/local/share/electric/lib/ALS.help
/usr/local/share/electric/lib/AllDialogs.c
+
/usr/local/share/electric/lib/AllDialogs.c
<snip rest of output>
+
<snip rest of output>}}
  
 
The '''pkg_delete''' command can be used to uninstall either a package or a port. If you include the '''-x''' switch, you do not have to give the full name and version of the software. Be sure to give enough of a name so that you do not inadvertently uninstall other software matching the name:
 
The '''pkg_delete''' command can be used to uninstall either a package or a port. If you include the '''-x''' switch, you do not have to give the full name and version of the software. Be sure to give enough of a name so that you do not inadvertently uninstall other software matching the name:
  
'''pkg_delete -x electric'''
+
{{txtbox|box='''pkg_delete -x electric'''}}
  
 
If you just get the command prompt back, the delete was successful. You can verify this by checking that the package no longer exists in the package database:
 
If you just get the command prompt back, the delete was successful. You can verify this by checking that the package no longer exists in the package database:
  
'''pkg_info | grep electric'''
+
{{txtbox|box='''pkg_info | grep electric'''}}
  
 
You will just get your prompt back if no installed software matches that name.
 
You will just get your prompt back if no installed software matches that name.
Line 384: Line 421:
 
If the software has other applications that depend upon it, '''pkg_delete''' will refuse to uninstall it. If you wish to override this setting, you can use the '''-xf''' switch to force the delete. However, use the force switch with caution as forcibly removing software can adversely affect the applications that required it as a dependency.
 
If the software has other applications that depend upon it, '''pkg_delete''' will refuse to uninstall it. If you wish to override this setting, you can use the '''-xf''' switch to force the delete. However, use the force switch with caution as forcibly removing software can adversely affect the applications that required it as a dependency.
  
=== Compiling FreeBSD Ports Within a Traditional or Ports Jail===
+
==== Compiling FreeBSD Ports ====
  
 
Typically, software is installed using the '''pkg_add''' command. Occasionally you may prefer to compile the port yourself. Compiling the port offers the following advantages:
 
Typically, software is installed using the '''pkg_add''' command. Occasionally you may prefer to compile the port yourself. Compiling the port offers the following advantages:
Line 398: Line 435:
 
* it takes time. Depending upon the size of the application, the amount of dependencies, the amount of CPU and RAM on the system, and the current load on the PC-BSD® system, the amount of time can range from a few minutes to a few hours or even to a few days.
 
* it takes time. Depending upon the size of the application, the amount of dependencies, the amount of CPU and RAM on the system, and the current load on the PC-BSD® system, the amount of time can range from a few minutes to a few hours or even to a few days.
  
'''NOTE:''' if the port does not provide any compile options, save your time and the PC-BSD system's resources by using the '''pkg_add''' command instead.
+
{{note|if the port does not provide any compile options, save your time and the PC-BSD system's resources by using the '''pkg_add''' command instead.}}
  
You can determine if the port has any configurable compile options by clicking on its CVSWeb link in FreshPorts. To continue the example shown in Figure 8.19m, Figure 8.19n shows the results when the CVSWeb link is clicked for electric.
+
FreshPorts will indicate if a port has any configurable compile options. To continue the example shown in Figure 8.18m, Figure 8.18n shows the configurable options for electric.  
  
'''Figure 8.19n Viewing a Port's Information at FreshPorts'''
+
[[File:Freshports1.png|thumb|393px|'''Figure 8.19n Viewing a Port's Information at FreshPorts''']]
 
+
[[Image:Freshports.jpeg|border]]
+
 
+
If you click the link for ''Makefile'', you can read the commit messages for every version of the ''Makefile''; this can give you a good idea of how long the port has been available, how often it is updated, and any major changes that have occurred. Alternately, to view the current ''Makefile'', click on the Rev. number--in this case, 1.24. The ''distinfo'' contains the checksums for the source files; again, you can either read the current revision or scroll through the list of commits. The ''pkg-descr'' contains a description of the software; if you read the revision, it will begin with the commit message. The ''pkg-plist'' contains a list of what is installed (i.e. it is the equivalent of running '''pkg_info -Lx''' as described in the FreeBSD packages section). When reading this list, mentally replace anything between %% markers with ''/usr/local/''.
+
  
 
Before you can compile a port, you must first install the ports collection into the jail. If you did not choose to do so when the jail was created, you can install the ports collection using the following command. You will know that you have the ports collection when ''/usr/ports/'' is populated with many subdirectories, each representing a category of software.
 
Before you can compile a port, you must first install the ports collection into the jail. If you did not choose to do so when the jail was created, you can install the ports collection using the following command. You will know that you have the ports collection when ''/usr/ports/'' is populated with many subdirectories, each representing a category of software.
  
'''portsnap fetch extract'''
+
{{txtbox|box='''portsnap fetch extract'''}}
  
 
If you compile additional software at a later date, you should make sure that the ports collection is up-to-date using this command:
 
If you compile additional software at a later date, you should make sure that the ports collection is up-to-date using this command:
  
'''portsnap update'''
+
{{txtbox|box='''portsnap fetch update'''
Ports tree is already up to date.   
+
Ports tree is already up to date.}}  
  
 
Once you have the ports collection installed into your ports jail, change to the subdirectory of the application you wish to install, for instance ''/usr/ports/cad/electric'', and issue the command to make and install the application. FreshPorts provides the location to '''cd''' into and the '''make''' command to run.
 
Once you have the ports collection installed into your ports jail, change to the subdirectory of the application you wish to install, for instance ''/usr/ports/cad/electric'', and issue the command to make and install the application. FreshPorts provides the location to '''cd''' into and the '''make''' command to run.
  
'''cd /usr/ports/cad/electric'''
+
{{txtbox|box='''cd /usr/ports/cad/electric'''
'''make install clean'''
+
'''make install clean'''}}
  
 
If the port's ''Makefile'' includes OPTIONS, a configure screen will be displayed. The example in Figure 8.19o shows the options for the openvpn port.
 
If the port's ''Makefile'' includes OPTIONS, a configure screen will be displayed. The example in Figure 8.19o shows the options for the openvpn port.
  
'''Figure 8.19o: Configuration Options from a Port's Makefile'''
+
[[File:Openvpn.png|thumb|393px|'''Figure 8.19o: Configuration Options from a Port's Makefile''']]
 
+
[[File:Openvpn.png]]
+
  
 
To change an option's setting, use the arrow keys to highlight the option, then press the ''' ''spacebar'' ''' to toggle the selection. Once you are finished, press enter. The port will begin to compile and install.
 
To change an option's setting, use the arrow keys to highlight the option, then press the ''' ''spacebar'' ''' to toggle the selection. Once you are finished, press enter. The port will begin to compile and install.
  
'''NOTE:''' if you change your mind, the configuration screen will not be displayed again should you stop and restart the build. Type '''make config && make install clean''' if you need to change your selected options.
+
{{note|width=48.5%|if you change your mind, the configuration screen will not be displayed again should you stop and restart the build. Type '''make config && make install clean''' if you need to change your selected options.}}
  
 
If the port has any dependencies with options, their configuration screens will be displayed and the compile will pause until it receives your input. It is a good idea to keep an eye on the compile until it finishes and you are returned to the command prompt.  
 
If the port has any dependencies with options, their configuration screens will be displayed and the compile will pause until it receives your input. It is a good idea to keep an eye on the compile until it finishes and you are returned to the command prompt.  
Line 436: Line 467:
 
How long the compile will take can range from a few minutes to many hours, depending upon the size of the application and the speed of your system. The '''make''' command will spit out many messages, most of which you can ignore as they are simply an indication of which source is currently being compiled.  Occasionally, '''make''' will encounter an error and will stop with an error message. If the solution for the error is not obvious to you, try a web search for the keywords in the error message.  
 
How long the compile will take can range from a few minutes to many hours, depending upon the size of the application and the speed of your system. The '''make''' command will spit out many messages, most of which you can ignore as they are simply an indication of which source is currently being compiled.  Occasionally, '''make''' will encounter an error and will stop with an error message. If the solution for the error is not obvious to you, try a web search for the keywords in the error message.  
  
'''NOTE:''' sometimes due to licensing reasons a port will require that a file be downloaded manually and placed into the ''/usr/ports/distfiles/'' directory. After downloading and copying this file to that directory, repeat the '''make''' command to finish the compile.
+
{{note|sometimes due to licensing reasons a port will require that a file be downloaded manually and placed into the ''/usr/ports/distfiles/'' directory. After downloading and copying this file to that directory, repeat the '''make''' command to finish the compile.}}
  
 
Once the port is installed, it is registered in the same package database that manages packages. This means that you can use the '''pkg_info''' command to determine what was installed, as described in the previous section.
 
Once the port is installed, it is registered in the same package database that manages packages. This means that you can use the '''pkg_info''' command to determine what was installed, as described in the previous section.
Line 456: Line 487:
 
If you used '''pkg_add''' to install the software, you may not have the ports collection installed within the jail. This is the case if ''/usr/ports'' does not exist or is empty. To install the latest version of the ports collection, use this command:
 
If you used '''pkg_add''' to install the software, you may not have the ports collection installed within the jail. This is the case if ''/usr/ports'' does not exist or is empty. To install the latest version of the ports collection, use this command:
  
'''portsnap fetch extract'''
+
{{txtbox|box='''portsnap fetch extract'''}}
  
 
If the ports collection is already installed, use this command to make sure that it is up-to-date:
 
If the ports collection is already installed, use this command to make sure that it is up-to-date:
  
'''portsnap update'''
+
{{txtbox|box='''portsnap fetch update'''}}
  
 
==== Install an Upgrading Utility ====
 
==== Install an Upgrading Utility ====
Line 466: Line 497:
 
At this time, the '''portmaster''' command is the recommended utility for upgrading software installed using packages or ports. To install this program within the jail, use this command:
 
At this time, the '''portmaster''' command is the recommended utility for upgrading software installed using packages or ports. To install this program within the jail, use this command:
  
'''pkg_add -r portmaster'''
+
{{txtbox|box='''pkg_add -r portmaster'''
'''rehash'''
+
'''rehash'''}}
  
 
==== Read ''/usr/ports/UPDATING'' ====
 
==== Read ''/usr/ports/UPDATING'' ====
Line 473: Line 504:
 
Before upgrading installed software, ''' ''always read through ''/usr/ports/UPDATING'' first.'' ''' This file contains any gotchas or special instructions that are needed to upgrade certain ports. Ports maintainers add to this file as new gotchas are discovered. However, you will want to start reading the file at the entry that is closest to the date that your version of PC-BSD® was released (if you have not upgraded anything yet) or the date you last upgraded, and read your way up to the top of the file. For example, this entry indicates that FreeBSD 9.0 was released on January 12:
 
Before upgrading installed software, ''' ''always read through ''/usr/ports/UPDATING'' first.'' ''' This file contains any gotchas or special instructions that are needed to upgrade certain ports. Ports maintainers add to this file as new gotchas are discovered. However, you will want to start reading the file at the entry that is closest to the date that your version of PC-BSD® was released (if you have not upgraded anything yet) or the date you last upgraded, and read your way up to the top of the file. For example, this entry indicates that FreeBSD 9.0 was released on January 12:
 
   
 
   
20120112:
+
{{txtbox|box=20120112:
  AFFECTS: Nobody
+
&nbsp;AFFECTS: Nobody
  AUTHOR: wxs@FreeBSD.org
+
&nbsp;AUTHOR: wxs@FreeBSD.org
  FreeBSD 9.0 released.
+
&nbsp;FreeBSD 9.0 released.}}
 
   
 
   
 
As you read through the entries from that date up to the last entry at the beginning of the file, make note of any entries that match the software that you have installed. If you are unsure of what software is installed, this command will tell you:
 
As you read through the entries from that date up to the last entry at the beginning of the file, make note of any entries that match the software that you have installed. If you are unsure of what software is installed, this command will tell you:
  
'''pkg_info | more'''
+
{{txtbox|box='''pkg_info {{pipe}} more'''}}
  
 
Occasionally, a software upgrade (e.g. perl) may affect many applications. If you come across such entries that affect your installed software, be sure to follow the instructions carefully.
 
Occasionally, a software upgrade (e.g. perl) may affect many applications. If you come across such entries that affect your installed software, be sure to follow the instructions carefully.
Line 492: Line 523:
 
The following command will look for out-dated ports and offer to upgrade them for you. If any of the software has configuration options, you will be presented with their configuration menus to make your selections.
 
The following command will look for out-dated ports and offer to upgrade them for you. If any of the software has configuration options, you will be presented with their configuration menus to make your selections.
  
'''portmaster -a'''
+
{{txtbox|box='''portmaster -a'''
===>>> Gathering distinfo list for installed ports
+
<nowiki>===>>></nowiki> Gathering distinfo list for installed ports
===>>> Starting check of installed ports for available updates
+
<nowiki>===>>></nowiki> Starting check of installed ports for available updates
<snip some output>
+
<snip some output>
===>>> The following actions will be taken if you choose to proceed:
+
<nowiki>===>>></nowiki> The following actions will be taken if you choose to proceed:
        Upgrade mpg123-1.12.3 to mpg123-1.12.5
+
&nbsp;      Upgrade mpg123-1.12.3 to mpg123-1.12.5
        Upgrade p5-Object-InsideOut-3.69 to p5-Object-InsideOut-3.72
+
&nbsp;      Upgrade p5-Object-InsideOut-3.69 to p5-Object-InsideOut-3.72
        Upgrade linkchecker-5.3 to linkchecker-5.4
+
&nbsp;      Upgrade linkchecker-5.3 to linkchecker-5.4
        Upgrade tomcat-6.0.29 to tomcat-6.0.29_1
+
&nbsp;      Upgrade tomcat-6.0.29 to tomcat-6.0.29_1
===>>> Proceed? y/n [y]  
+
<nowiki>===>>></nowiki> Proceed? y/n [y]}}
 
   
 
   
 
If you press enter to accept the default of yes, the upgrade will begin. As each upgrade completes, you will be asked if you want to delete the source for the old version of the software (which can save disk space). If you do not want to be prompted, include '''-D''' or '''-d''' with the '''portmaster''' command. There are many switches available for '''portmaster''' so it is a good idea to '''man portmaster''' to see which ones interest you.
 
If you press enter to accept the default of yes, the upgrade will begin. As each upgrade completes, you will be asked if you want to delete the source for the old version of the software (which can save disk space). If you do not want to be prompted, include '''-D''' or '''-d''' with the '''portmaster''' command. There are many switches available for '''portmaster''' so it is a good idea to '''man portmaster''' to see which ones interest you.
  
<noinclude>{{refheading}}</noinclude>
 
 
<noinclude>
 
<noinclude>
 +
{{refheading}}
 
[[category:handbook]]
 
[[category:handbook]]
 
[[category:Control Panel]]
 
[[category:Control Panel]]

Revision as of 09:50, 7 March 2013

(Sorry for the inconvenience)

Contents

Warden® is an easy to use, graphical jail[1] management program.
Figure 8.19b: Initial Warden® Screen
Using Warden®, it is possible to create multiple, isolated virtual instances of FreeBSD which can be used to run services such as Apache, PHP, or MySQL in a secure manner. Each jail is considered to be a unique FreeBSD operating system and whatever happens in that jail will not affect your operating system or other jails running on the PC-BSD® system.

Warden® has been redesigned for PC-BSD® 9.1, and is now part of Control Panel. A command line version is also available for those who prefer to work from the command line or script their jail management.

Some of the new features in Warden® include the ability to:

  • create three types of jails: a traditional FreeBSD jail for running network services, a (less secure) ports jail for safely installing and running FreeBSD ports/packages from your PC-BSD® system, and a Linux jail for installing Linux
  • set multiple IPv4 and IPv6 addresses per jail
  • quickly install meta-packages of common network server applications on a per-jail basis
  • use Update Manager for installed meta-packages on a per-jail basis
  • use User Manager to manage user accounts on a per-jail basis
  • manage ZFS snapshots on a per-jail basis if the PC-BSD® system is formatted with the ZFS filesystem
  • export a jail which can be then be imported into the same or a different jail

Creating a Jail using Warden®

Warden® can be started by clicking on its icon in Control Panel or by typing pc-su warden gui from the command line. You will be prompted for the administrative password as only the superuser can create and manage jails.

The first time you start Warden®, you will be prompted to set the network interface as your jails will not work if the wrong interface is configured. Click Yes to set the interface using the screen shown in Figure 8.19a. You can access this screen at a later time from JailsConfiguration.

Figure 8.19a: Warden® Configuration

This screen allows you to configure the following:

  • Jail Network Interface: all jails created within Warden® share the same physical interface. Use the drop-down menu to select the network interface to be used by the jails.
  • Jail Directory: contains all of the created jails where each jail has its own sub-directory named after its IP address. By default, it is /usr/jails. If you change this directory, make sure the location has sufficient space to hold the jails.
  • Temp Directory: used when exporting and importing jails. Make sure that the directory has sufficient space to create a tar file of the jail and its contents.

Once you click the "Save" button to save your interface configuration, you will be presented with the main Warden® configuration screen, shown in Figure 8.19b.

To create your first jail, click the "+" button or go to FileNew Jail. A jail creation wizard, seen in Figure 8.19c, will launch.

Figure 8.19c: Creating the New Jail

The first screen in the jail creation wizard will prompt you for the following information:

IP Address: input the IPv4 or IPv6 address to be used by the jail and access its contents. Choose an address on your network that is not already in use by another computer or jail and which will not conflict with the address range assigned by a DHCP server.

Hostname: you can change the default of "Jailbird" to another value. The hostname must be unique on your network. Use a hostname that reminds you of the type of jail and your reason for creating it.

When finished, click "Next" to select the type of jail, as shown in Figure 8.19d:

Figure 8.19d: Select the Type of Jail

There are three types of jails supported by Warden®:

Traditional Jail: select this type if you are creating the jail in order to install and run network services. For example, this type of jail is appropriate if you wish to run a web server or a database which is accessible to other systems on a network or over the Internet. This is the most secure type of jail as it is separate from the PC-BSD® host and any other jails that you create using Warden®.

Ports Jail: select this type of jail if your intention is to install software using FreeBSD packages and ports and you wish to have access to that software from your PC-BSD® system. This type of jail is less secure then a traditional jail as applications are shared between the jail and the PC-BSD® system. This means that you should not use this type of jail to install services that will be available to other machines over a network.

Linux Jail: select this type of jail if you would like to install a Linux operating system within a jail.

The remaining screens will differ depending upon the type of jail that you select.

Traditional or Ports Jail

If you select "Traditional Jail", you will be prompted to set the root password as seen in Figure 8.19e.

Figure 8.19e: Setting the Traditional Jail's Root Password

Input and confirm the password then press "Next" to see the screen shown in Figure 8.19f. If you instead select to create a "Ports Jail", you will go directly to Figure 8.19f.


Figure 8.19f: Select the Jail Options

This screen allows you to install the following options:

Include system source: if you check this box, make sure that /usr/src/ exists on the PC-BSD system as the source is copied to the jail from this location. If it is not installed, use Control PanelSystem ManagerTasks ➜ Fetch System Source to install it.

Include ports tree: if you check this box, the latest version of the ports tree will be downloaded into /usr/ports/ of the jail. This will allow you to compile FreeBSD ports within this jail.

Start jail at system bootup: if this box is checked, the jail will be started (become available) whenever you boot your main system. If the box is not checked, you can manually start the jail whenever you wish to access it using Warden®.

Once you have made your selections, click the "Finish" button to create the jail. Warden® will display a pop-up window containing status messages as it downloads the files it needs and creates and configures the new jail.

Once Warden® is finished creating the jail, a message should appear at the bottom of the pop-up window indicating that the jail has been successfully created. Click the "Close" button to return to the main screen.

Linux Jail

If you select the "Linux Jail" and click "Next", you will be prompted to set the root password as seen in Figure 8.19e. After inputting the password, the wizard will prompt you to select a Linux install script, as seen in Figure 8.19g.

Figure 8.19g: Select the Linux Distribution to Install

The installation script is used to install the specified Linux distribution. At this time, installation scripts for Debian Squeeze and for Gentoo are provided. Scripts for other distros will be added over time.

Template:Word-note a Linux installation script is simply a shell script which invokes a Linux network installation. In the case of Debian Squeeze, it invokes the debootstrap command.

Once you select the install script, the wizard will ask if you would like to start the jail at boot time as seen in Figure 8.19h.

Figure 8.19h: Linux Jail Options

Click the "Finish" button to begin the Linux installation.

Managing Jails

Once a jail is created, an entry for the jail will be added to the "Installed Jails" box and the tabs within Warden® will become available. Each entry indicates the jail's IP address, hostname, whether or not it is currently running, and whether or not any updates are available for the meta-packages installed within the jail. The buttons beneath the "Installed Jails" box can be used to start or stop the highlighted jail, add a new jail, or delete the highlighted jail.

This section provides an overview of how to manage jails using the tabs within the Warden® interface.

Info Tab

The "Info" tab, as seen in the example in Figure 8.19i, provides an overview of a jail's configuration. If you have created multiple jails, the "Info" tab displays the configuration of the currently highlighted jail.

Figure 8.19i: Info Tab of Warden®

In the example shown in Figure 8.19i, three jails have been created. The first jail is a traditional jail, the second is a ports jail, and Debian Squeeze has been installed into the third jail.

The "Info" tab contains the following information:

  • Jail Type: will indicate if the jail is a Traditional, Ports, or Linux jail.
  • Size on Disk: indicates the amount of space being used by the jail. The jail itself takes up about 300MB of space, source is about 300MB, and ports are about 850MB.
  • Start at boot: a status of "Enabled" indicates that the jail will automatically start when the system reboots. "Disabled" means that you will manually start the jail as needed.
  • Active Connections: will list the number of active connections to the jail (e.g. through ssh or one of the running services).
  • Additional IPs: click the "edit" link if you would like to bind additional IP addresses to the jail.
  • Listening on Ports: indicates which ports are currently listening for connections.

You can sort the jail listing by clicking on the "Jail", "Hostname", "Status", or "Updates" header name. The "Updates" column will indicate if a software or system update is available for a jail.

Tools Tab

The "Tools" tab, shown in Figure 8.19j, allows you to manage common configuration tasks within a jail.

Template:Word-note make sure that the desired jail is highlighted when using the "Tools" tab.
Figure 8.19j: Tools Tab for the Highlighted Jail

This tab provides the following buttons:

  • User Administrator: opens User Manager so that you can manage the highlighted jail's user accounts and groups. The title bar will indicate that you are "Editing Users for Jail: IP_of_Jail". Note that any users and groups that you have created on your PC-BSD® system will not be added to a traditional jail as each traditional jail has its own users and groups. However, a ports jail has access to the users and groups that exist on the PC-BSD® system, yet the users you create on a ports jail will only be available within the ports jail. This button is not available if a Linux jail is highlighted.
  • Service Manager: opens Service Manager so that you can view which services are running in the jail and configure which services should start when the jail is started. Note that this button is not available if a Linux jail is highlighted.
  • Launch Terminal: opens a terminal with the root user logged into the jail. This allows you to administer the jail from the command line. This button will be greyed out if the highlighted jail is not running. You can start a jail by right-clicking its entry and selecting "Start Jail" from the menu or by clicking the start jail icon (a blue arrow icon below the list of jails).
  • Check for Updates: launches Update Manager to determine if any of the jail's meta-packages have newer versions available. Update Manager will also indicate if system updates are available to be installed into the jail. Note that this button is not available if a Linux jail is highlighted. By default, Update Manager automatically checks for updates every 12 hours to see if there are any system updates or if any of the applications installed using the "Packages" tab within a ports or traditional jail have newer versions. If an update is found, the text "Updates available!" will appear in the "Updates" column for that jail.
  • Export Jail: launches a pop-up window prompting you to choose the directory in which to save a backup of the jail (and all of its software, configuration, and files) as a .wdn file. Creating the .wdn file may take some time, especially if you have installed src, ports, or software.

Snapshots Tab

If you chose to use the ZFS filesystem when you installed PC-BSD®, you can use its snapshot feature to make point in time filesystem backups of jails. A snapshot is essentially a picture of what the filesystem looked like at that point in time. Snapshots are space efficient in that they take up zero space when created and the snapshot only grows in size as files contained within the snapshot are modified after the snapshot was taken. In other words, ZFS manages the changes between snapshots, providing a way to return to what a file looked like at the time a snapshot was taken.

Since jails share the filesystem used by PC-BSD®, any type of jail, including a Linux jail, can take advantage of this ZFS feature if the ZFS filesystem was selected during the installation of PC-BSD®.

The "Snapshots" tab, shown in Figure 8.19k, is used to create and manage snapshots within the currently highlighted jail.

Template:Word-note this tab will be greyed out if you are not using the ZFS filesystem.
Figure 8.19k: Snapshots Tab for the Highlighted Jail

To create a snapshot of the jail, click the "+Add" button. A snapshot indicating the date and time will be added to the slider bar. If you create multiple snapshots at different times, use the slider bar to select a snapshot.

Once you have created a snapshot, the following actions can be used to manage the snapshot. Make sure that the desired snapshot is highlighted in the slider bar before clicking these buttons:

  • Restore: returns the system to what it looked like at the time the snapshot was taken. Think about what you wish to accomplish before using this option as any changes to files that occurred after the snapshot was taken will be lost. Unless you really want to go back to this point in time, this is probably not what you want to do.
  • Mount: if you wish to retrieve some files or directories from a snapshot, use this button. Once mounted, a message will indicate where on the PC-BSD® system the jail's contents have been mounted.
  • Unmount: when you are finished accessing the contents of the mounted snapshot, click this button to unmount the snapshot.
  • Add: use this button to create additional snapshots.
  • Remove: use this button to remove the highlighted snapshot.

This screen also allows you to schedule automatic snapshots. To enable this feature, check the box "Scheduled Snapshots". Use the drop-down menu to set the frequency to daily or hourly. You can also type in or use the arrows to configure the number of days to keep each snapshot.

Packages Tab

The "Packages" tab, shown in Figure 8.19l, allows you to install meta-packages within the specified traditional or ports jail. Software installed using this method will be tracked by Update Manager, meaning that Warden® will be notified when updates are available for the installed software.

Figure 8.19l: Packages Tab for the Highlighted Jail
Template:Word-note by default, jails use the warden metapkgset which provides packages suited to a server, command line installation. At this time, meta-packages are not available for Linux jails meaning that this tab will be greyed out if a Linux jail is highlighted.

The following meta-packages are available:

Hover over a package to receive a short description. If you right-click a package, it will indicate which packages and versions will be installed.

Right-Click Menu

A jail's right-click menu contains the following options:

  • Start or Stop this Jail: allows you to start a jail (if it is currently not running) or to stop a jail (if it is currently running). You will not be able to access a jail that has not been started. The icon next to the jail will change to indicate the current status: a red X for a stopped jail and a blue arrow for a started jail.
  • Toggle Autostart: toggles a jail's Autostart between "Disabled" (does not automatically start when the PC-BSD® system is booted) and "Enabled" (will start the jail when the PC-BSD® system is booted). The "Info" tab will be updated to indicate the new "Start at boot" status. Note that toggling autostart will not affect the current running status of the jail (i.e. it does not start or stop the jail right now) as autostart is only used when the system boots.
  • Export jail to .wdn file: allows you to save the jail (and all of its software, configuration, and files) as a .wdn file. This allows you to quickly clone a pre-configured jail to a new jail on either the same or another PC-BSD® system. The exported jail will end with a .wdn extension and the filename will be the IP address of the jail. When exporting a jail, a pop-up window will prompt you to choose the directory in which to store the backup. A progress bar will indicate that the export is in progress. Creating the .wdn file may take some time, especially if you have installed src, ports, or software.
Template:Word-note you should close all network connections to the jail before exporting it as Warden® will need to stop the jail in order to back it up. If your jail is running services (e.g. a webserver), export the jail at a time that will least impact network connections to the jail.
  • Delete Jail: removes the jail and all of its contents from the PC-BSD® system. You will be prompted to confirm this action.

Importing a Jail

The "File" menu can be used to create a new jail, import a jail, or exit Warden®.

If you click FileImport Jail you will be prompted to browse to the location of a previously created .wdn file. Once selected, you will be prompted whether or not to use the same IP address for the new jail. If you are creating a new jail on the same system that still has the original jail installed, select "No" and input the IP address for the new jail. However, if you have deleted the original jail or need to restore that same jail on another computer (for example, there was a hardware failure on the system containing the original jail), you can choose to use the same IP address. You will then be prompted whether or not to use the same hostname. Only select "Yes" if that hostname is no longer in use; otherwise, select "No" and input a unique hostname for the jail. Warden® will then recreate the jail with all of the original settings. Whether or not those settings include the original IP address and hostname depends upon your selections.

Using the Command Line Version of Warden®

The Warden® GUI is based on a Bourne shell script. This script can be manually run from the command line on a PC-BSD® server or by users who prefer using the command line. Advanced users can also refer to the command line version in their own scripts.

If you type warden at the command line, you will receive a summary of its usage:

>warden

Warden version 1.2

---------------------------------

Available commands Type in help <command> for information and usage about that command

help - This help file gui - Launch the GUI menu auto - Toggles the autostart flag for a jail checkup - Check for updates to a jail chroot - Launches chroot into a jail create - Creates a new jail details - Display usage details about a jail delete - Deletes a jail export - Exports a jail to a .wdn file get - Gets options list for a jail import - Imports a jail from a .wdn file list - Lists the installed jails pkgs - Lists the installed packages in a jail set - Sets options for a jail start - Start a jail stop - Stops a jail type - Set the jail type (portjail/normal) zfsmksnap - Create a ZFS snapshot of a jail zfslistclone - List clones of jail snapshots zfslistsnap - List snapshots of a jail zfsclonesnap - Clone a jail snapshot zfscronsnap - Schedule snapshot creation via cron zfsrevertsnap - Revert jail to a snapshot zfsrmclone - Remove a clone directory

zfsrmsnap - Remove snapshot of a jail

Each command has its own help text that describes its parameters and provides a usage example. For example, to receive help on how to use the warden create command, type:

warden help create

Warden version 1.2 --------------------------------- Help create Creates a new jail, with options for system source, ports and autostarting. Available Flags:   -32 (Create 32bit jail on 64bit system)   --src (Includes /usr/src system source)   --ports (Includes the ports tree)   --startauto (Start this jail at system boot)   --portjail (Make this a portjail)   --linuxjail <script> (Make this a linux jail and use supplied script f or installation)   --archive <tar> (Use specified tar file for BSD jail creation)   --linuxarchive <tar> (Use specified tar file for Linux jail creation) Usage:   warden create <IP> <HOSTNAME> <flags> Example:

  warden create 192.168.0.5 jailbird --src --ports --startauto

You do not need superuser access to use the view commands but will for any commands that create or manage a jail. The warden command will display an error message if a command requires superuser access and you currently are not the superuser. On PC-BSD®, you can put pc-su at the beginning of the warden command to be prompted for the administrative password. On a FreeBSD server, you can type su to become superuser, then repeat the warden command.

Creating and Accessing a Warden Jail

Before creating a jail, make sure that the correct interface is specified in /usr/local/etc/warden.conf. In this file, the default interface is set to:

# Network Interface for the jails to use NIC: em0

To create a jail, specify a unique IP address and hostname for the jail:

warden create 10.0.0.1 jail1

Using mirror: ftp://mirrors.isc.org/pub/pcbsd Fetching jail environment. This may take a while... Downloading ftp://mirrors.isc.org/pub/pcbsd/9.1-RC3/amd64/netinstall/fbsd-releas e.txz ... fbsd-release.txz.md5 100% of 33 B 1999 Bps Creating ZFS /usr/jails/.warden-chroot-amd64 dataset... Building new Jail... Please wait... Success!

Jail created at /usr/jails/10.0.0.1

The first time you create a jail, it will take a few minutes in order to download the freebsd environment. Subsequent jails will use the downloaded environment and will create almost instantaneously.

Before you can access the jail, you will need to start it:

warden start 10.0.0.1

As the jail starts, the SSH host keys will be generated and sshd will start. However, you will need to create a user before you can ssh into the jail. To access the jail in order to create the user:

warden chroot 10.0.0.1

 Started shell session on 10.0.0.1 . Type exit when finished.

 adduser

Follow the prompts of the adduser script in order to create a user. When you get to this prompt, don't press enter. Instead type in wheel so that the user can use the su command to become the superuser within the jail.

Login group is username. Invite username into other groups? [] wheel

When you are finished creating the user, you can type exit to exit the jail. Test that ssh works by specifying the username that you created:

ssh username@10.0.0.1

Additional Settings

If you have an existing FreeBSD or Linux jail that you would like to import or if you want to create a new jail with a specific world environment, create a tar archive of that jail or environment. Then, when using the warden create command, include the --archive name_of_tarball.tgz option if it is a FreeBSD jail or the --linuxarchive name_of_tarball.tgz option if it is a Linux jail.

The warden set command can be used to set additional flags to pass to the jail at jail startup time and the warden get command can be used to determine if any flags have been set. For example, this command will enable raw sockets (which allows ping) and chflags on the specified jail. Note that the flags are separated by a comma with no space. Available flags are listed in the "allow.*" section of jail(8)[13].

warden set flags 192.168.1.1 allow.raw_sockets=true,allow.chflags=true

warden get flags 192.168.1.1

allow.raw_sockets=true,allow.chflags=true

The Warden® configuration file is located in /usr/local/etc/warden.conf. It can be manually edited to change the default interface, the directory used for compressing/decompressing files, and the location of the created jails.

more /usr/local/etc/warden.conf

#!/bin/sh # Configuration options for the Warden ###################################################################### # Network Interface for the jails to use NIC: em0 # Directory to use for compressing / decompressing files WTMP: /usr/jails # Location of the jails

JDIR: /usr/jails

Managing Software Not Available in Packages Tab

The rest of this section demonstrates how to install and upgrade software that is not available in a jail's "Packages" tab.

Note that the software you install into a traditional jail will not be available to your PC-BSD® system. In other words, software installed into a traditional jail is meant to be used within the jail, or, in the case of network applications such as a web server, to be configured to be available over the network.

Traditional or Ports Jail

The commands demonstrated in this section can also be used to install software inside a ports jail. The software you install into a ports jail will be available to your PC-BSD® system. If you are interested in installing software on your PC-BSD® system that is not available as a PBI or you wish to learn how to use FreeBSD packages and ports without affecting the software that came with your PC-BSD® system, install the software within a ports jail.

Template:Word-note to manage software in a Linux jail, use the package management system provided by that Linux distro. For example, in Debian Squeeze, use [1][14].

All of the commands in this section assume that you have highlighted the jail that you wish to install software into and clicked ToolsLaunch Terminal.

Installing FreeBSD Packages

The quickest and easiest way to install software inside the jail is to install a FreeBSD package. A FreeBSD package is pre-compiled, meaning that it contains all the binaries and dependencies required for the software to run on a FreeBSD system.

Figure 8.19m: FreshPorts Search Result

When dealing with FreeBSD packages, the following command line utilities are used:

  • pkg_add: used to install packages. If you have never used this command before, take the time to read man pkg_add to get an overview of how this command works.
  • pkg_delete: used to uninstall packages. If you have never used this command before, take the time to read man pkg_delete to get an overview of how this command works.
  • pkg_info: used to get more information about the packages that have been installed. This command provides many useful switches so it is well worth your time to read through man pkg_info and to experiment with various switches.

A lot of software has been ported to FreeBSD (currently nearly 24,000 applications) and most of that software is available as a package. The best way to find FreeBSD software is to use [2][15]. If you are using the firefox PBI, it provides a FreshPorts search plugin for quickly finding software.

Figure 8.19m shows the search results for electric; the search was performed using the firefox plugin.

Each listing in the search results includes the name of the software, the version, a description, the category (e.g. security), the email address of the port's maintainer, a CVSWeb link containing the details of the port, and a link to the software's main website. Each entry includes the command used to compile the port (as described in the next section) and the pkg_add -r command used to install the package.

To install a package, use the pkg_add command using the remote (-r) switch to install the specified package from the FreeBSD packages repository. For example, this command will install the electric package:

pkg_add -r electric

Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-stable/Latest/

electric.tbz... Done.

You should receive a message indicating that the package was successfully fetched, then your prompt back. Depending upon what is already installed within the jail, your messages may indicate that dependent packages were also fetched. Some packages include post-installation instructions that will be displayed in the message. Occasionally you will see a warning about a version mismatch; you can ignore these as they do not affect the installation of the package. Unless the message includes an error indicating that the system was unable to fetch or install the package, the installation was successful.

You can confirm that the installation was successful by querying the package database:

pkg_info -ox electric

Information for electric-7.0.0_4: Origin:

cad/electric

Most packages install their binary (executable) in /usr/local/bin and configuration files in /usr/local/etc/. You can find out exactly what was installed using the -L (list) switch. If you include -x, you will not have to type in the entire name and version of the package as pkg_info will match any installed packages containing your query string.

pkg_info -Lx electric

The pkg_delete command can be used to uninstall either a package or a port. If you include the -x switch, you do not have to give the full name and version of the software. Be sure to give enough of a name so that you do not inadvertently uninstall other software matching the name:

pkg_delete -x electric

If you just get the command prompt back, the delete was successful. You can verify this by checking that the package no longer exists in the package database:

pkg_info

You will just get your prompt back if no installed software matches that name.

If the software has other applications that depend upon it, pkg_delete will refuse to uninstall it. If you wish to override this setting, you can use the -xf switch to force the delete. However, use the force switch with caution as forcibly removing software can adversely affect the applications that required it as a dependency.

Compiling FreeBSD Ports

Typically, software is installed using the pkg_add command. Occasionally you may prefer to compile the port yourself. Compiling the port offers the following advantages:

  • not every port has an available package. This is usually due to licensing restrictions or known, unaddressed security vulnerabilities.
  • sometimes the package is out-of-date and you need a feature that became available in the newer version.
  • some ports provide compile options that are not available in the pre-compiled package. These options are used to add additional features or to strip out the features you do not need.

Compiling the port yourself has the following dis-advantages:

  • it takes time. Depending upon the size of the application, the amount of dependencies, the amount of CPU and RAM on the system, and the current load on the PC-BSD® system, the amount of time can range from a few minutes to a few hours or even to a few days.
Template:Word-note if the port does not provide any compile options, save your time and the PC-BSD system's resources by using the pkg_add command instead.

FreshPorts will indicate if a port has any configurable compile options. To continue the example shown in Figure 8.18m, Figure 8.18n shows the configurable options for electric.

Figure 8.19n Viewing a Port's Information at FreshPorts

Before you can compile a port, you must first install the ports collection into the jail. If you did not choose to do so when the jail was created, you can install the ports collection using the following command. You will know that you have the ports collection when /usr/ports/ is populated with many subdirectories, each representing a category of software.

portsnap fetch extract

If you compile additional software at a later date, you should make sure that the ports collection is up-to-date using this command:

portsnap fetch update Ports tree is already up to date.

Once you have the ports collection installed into your ports jail, change to the subdirectory of the application you wish to install, for instance /usr/ports/cad/electric, and issue the command to make and install the application. FreshPorts provides the location to cd into and the make command to run.

cd /usr/ports/cad/electric make install clean

If the port's Makefile includes OPTIONS, a configure screen will be displayed. The example in Figure 8.19o shows the options for the openvpn port.

Figure 8.19o: Configuration Options from a Port's Makefile

To change an option's setting, use the arrow keys to highlight the option, then press the spacebar to toggle the selection. Once you are finished, press enter. The port will begin to compile and install.

Template:Word-note if you change your mind, the configuration screen will not be displayed again should you stop and restart the build. Type make config && make install clean if you need to change your selected options.

If the port has any dependencies with options, their configuration screens will be displayed and the compile will pause until it receives your input. It is a good idea to keep an eye on the compile until it finishes and you are returned to the command prompt.

How long the compile will take can range from a few minutes to many hours, depending upon the size of the application and the speed of your system. The make command will spit out many messages, most of which you can ignore as they are simply an indication of which source is currently being compiled. Occasionally, make will encounter an error and will stop with an error message. If the solution for the error is not obvious to you, try a web search for the keywords in the error message.

Template:Word-note sometimes due to licensing reasons a port will require that a file be downloaded manually and placed into the /usr/ports/distfiles/ directory. After downloading and copying this file to that directory, repeat the make command to finish the compile.

Once the port is installed, it is registered in the same package database that manages packages. This means that you can use the pkg_info command to determine what was installed, as described in the previous section.

Keeping Software Up-to-Date

Any software that you install using the "Packages" tab within Warden® can be kept up-to-date using Update Manager. Simply highlight the jail and go to ToolsCheck for Updates. Update Manager will also indicate when security patches and newer versions of the operating system are available and should be used to keep the jail's operating system patched and up-to-date.

However, you will need to manually upgrade any software that you installed using pkg_add or any ports that you compiled yourself within a traditional or ports jail. In order to do this, you will need to:

  1. Update the ports collection so that it is in sync with the latest version.
  2. Install the portmaster utility which is used to upgrade FreeBSD packages and ports.
  3. Read /usr/ports/UPDATING so that you are aware of any gotchas before you attempt to upgrade the software.
  4. Perform the upgrade.

These steps are demonstrated in more detail in this section.

Update the Ports Collection

If you used pkg_add to install the software, you may not have the ports collection installed within the jail. This is the case if /usr/ports does not exist or is empty. To install the latest version of the ports collection, use this command:

portsnap fetch extract

If the ports collection is already installed, use this command to make sure that it is up-to-date:

portsnap fetch update

Install an Upgrading Utility

At this time, the portmaster command is the recommended utility for upgrading software installed using packages or ports. To install this program within the jail, use this command:

pkg_add -r portmaster rehash

Read /usr/ports/UPDATING

Before upgrading installed software, always read through /usr/ports/UPDATING first. This file contains any gotchas or special instructions that are needed to upgrade certain ports. Ports maintainers add to this file as new gotchas are discovered. However, you will want to start reading the file at the entry that is closest to the date that your version of PC-BSD® was released (if you have not upgraded anything yet) or the date you last upgraded, and read your way up to the top of the file. For example, this entry indicates that FreeBSD 9.0 was released on January 12:

20120112:

 AFFECTS: Nobody  AUTHOR: wxs@FreeBSD.org

 FreeBSD 9.0 released.

As you read through the entries from that date up to the last entry at the beginning of the file, make note of any entries that match the software that you have installed. If you are unsure of what software is installed, this command will tell you:

pkg_info | more

Occasionally, a software upgrade (e.g. perl) may affect many applications. If you come across such entries that affect your installed software, be sure to follow the instructions carefully.

If your software is up-to-date and you prefer to be notified as new entries are added to /usr/ports/UPDATING, consider subscribing to its RSS feed[16].

Perform the Upgrade

After using the portsnap command to update your ports collection and reading /usr/ports/UPDATING, you are ready to upgrade your installed software using the portmaster command.

The following command will look for out-dated ports and offer to upgrade them for you. If any of the software has configuration options, you will be presented with their configuration menus to make your selections.

portmaster -a

===>>> Gathering distinfo list for installed ports ===>>> Starting check of installed ports for available updates <snip some output> ===>>> The following actions will be taken if you choose to proceed:   Upgrade mpg123-1.12.3 to mpg123-1.12.5   Upgrade p5-Object-InsideOut-3.69 to p5-Object-InsideOut-3.72   Upgrade linkchecker-5.3 to linkchecker-5.4   Upgrade tomcat-6.0.29 to tomcat-6.0.29_1

===>>> Proceed? y/n [y]

If you press enter to accept the default of yes, the upgrade will begin. As each upgrade completes, you will be asked if you want to delete the source for the old version of the software (which can save disk space). If you do not want to be prompted, include -D or -d with the portmaster command. There are many switches available for portmaster so it is a good idea to man portmaster to see which ones interest you.


References


  1. http://en.wikipedia.org/wiki/FreeBSD_jail
  2. http://dev.mysql.com/downloads/mysql/
  3. http://www.postgresql.org/
  4. http://ccache.samba.org/
  5. https://code.google.com/p/distcc/
  6. http://www.samba.org/
  7. http://www.php.net/
  8. https://www.virtualbox.org/
  9. http://httpd.apache.org/
  10. http://www.lighttpd.net/
  11. http://nginx.org/en/
  12. http://www.squid-cache.org/
  13. http://www.freebsd.org/cgi/man.cgi?query=jail
  14. http://en.wikipedia.org/wiki/Aptitude_(software)
  15. http://freshports.org
  16. http://updating.versia.com/atom/ports
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox