How to Create and Configure an iocage Jail on FreeNAS 11.1

بسم الله الرحمن الرحيم

Abstract

Tutorial on how to create and configure an iocage jail on FreeNAS 11.1.

Assumptions and Prerequisites

• OS: FreeNAS 11.1-U6
• FreeNAS Host: fn
• FreeNAS Network Interface: igb0
• FreeNAS IP: 10.0.0.2
• FreeNAS Subnet Mask: 24
• Jail Container: iocage
• iocage Version: 1.0 Alpha
• Jail Release: 11.1-RELEASE
• Jail Name: test
• Jail Network Interface: vnet0
• Jail Network Config: DHCP | STATIC
• Jail IP: 10.0.0.3
• Jail Default Route: 10.0.0.1
• IP Version: IPv4
• Bridge Network Interface: bridge0
• DNS 1: 10.0.0.1 
• Domain: example.com
• ZPool Volume: tank
• Dataset: /mnt/tank/share

Instructions

List iocage Commands

root@fn:~ # iocage

Activate iocage zpool volume

Set iocage to use the default volume, use the following command.
root@fn:~ # iocage activate
    or
Set iocage to use a zpool volume if more than one exist on the FreeNAS
iocage activate [zpool]
root@fn:~ # iocage activate tank

Fetch/Download a Release Image

Fetch a release which will be used to create a jail.

Fetch a release from a list
root@fn:~ # iocage fetch

Fetch a release by name
iocage fetch -r [RELEASE IMAGE NAME]
root@fn:~ # iocage fetch -r 11.1-RELEASE

Create a Jail with VNET/VIMAGE (Virtual Network Interface Stack) and DHCP

Command Example:  iocage create -n "[Name]" -r [Release] vnet="on" bpf="yes" dhcp="on" allow_raw_sockets="1" boot="on" interfaces="vnet[N]:bridge[N]" resolver="search [DOMAIN];domain [DOMAIN];nameserver [DNS1 IP]

The following command creates a jail "test" from the "11.1-RELEASE" image with the following jail properties enabled, vnet/vimage network stack, Start on boot, and dhcp.

root@fn:~ # iocage create -n "test" -r 11.1-RELEASE vnet="on" bpf="yes" dhcp="on" allow_raw_sockets="1" boot="on" interfaces="vnet0:bridge0" resolver="search example.com;domain example.com;nameserver 10.0.0.1"

Create a Jail with VNET/VIMAGE (Virtual Network Interface Stack) and Static IP Configuration

Command Example: iocage create -n "[Name]" -r [Release] ip4_addr="vnet[N]|[IP]/[Mask]" defaultrouter="[IP]" vnet="on" allow_raw_sockets="1" boot="on" interfaces="vnet[N]:bridge[N]" resolver="search [DOMAIN];domain [DOMAIN];nameserver [DNS1 IP]"


root@fn:~ # iocage create -n "test" -r 11.1-RELEASE vnet="on" ip4_addr="vnet0|10.0.0.3/24" defaultrouter="10.0.0.1" vnet="on" allow_raw_sockets="1" boot="on" interfaces="vnet0:bridge0" resolver="search example.com;domain example.com;nameserver 10.0.0.1"

Create a Jail with a Shared IP

Command Example: iocage create -n "[Name]" -r [Release] ip4_addr="[IF]|[IP]/[MASK]" defaultrouter="[IP]" vnet="off" allow_raw_sockets="1" boot="on" resolver="search [DOMAIN];domain [DOMAIN];nameserver [DNS1 IP]"

root@fn:~ # iocage create -n "test" -r 11.1-RELEASE ip4_addr="igb0|10.0.0.100/24" defaultrouter="10.0.0.1" vnet="off" allow_raw_sockets="1" boot="on" resolver="search example.com;domain example.com;nameserver 10.0.0.1"

List Jails, Releases, and Plugins

List all Jails
root@fn:~ # iocage list

List all downloaded Releases
root@fn:~ # iocage list -r

List all available Templates
root@fn:~ # iocage list -t

List Remote Plugins
iocage list -PR
or
iocage list --plugins --remote

List Installed Plugins
iocage list -P
or
iocage list --plugins

Start, Stop, or Restart a Jail

Start a Jail

iocage start [JAIL NAME]

root@fn:~ # iocage start test

Stop a Jail

iocage stop [JAIL NAME]

root@fn:~ # iocage stop test

Restart a Jail

iocage restart [JAIL NAME]

root@fn:~ # iocage restart test

Configure a Jail

Set Jail Property

iocage set [PROPERTY]="[ARG]" [JAIL NAME]

root@fn:~ # iocage set notes="This is a test jail." test

Get Jail Property

iocage get [PROPERTY] [JAIL NAME]

root@fn:~ # iocage get notes test

Get All Properties of a Jail

iocage get all [JAIL NAME]

root@fn:~ # iocage get all test

Delete/Destroy a Jail

iocage destroy [JAIL NAME]

root@fn:~ # iocage destroy test

Rename a Jail

iocage rename [OLD JAIL NAME] [NEW JAIL NAME]

root@fn:~ # iocage rename test test2

Log in to a Jail

iocage console [JAIL NAME]

root@fn:~ # iocage console test

Run a command inside a Jail

iocage exec [JAIL NAME] "[COMMAND]"

root@fn:~ # iocage exec test "ls -lfa /etc"

Mount Dataset inside a Jail as Read Only

iocage fstab -a [JAIL NAME] /source/folder  /destination/folder/in/jail  nullfs  ro  0  0

root@fn:~ # iocage fstab -a test /mnt/tank/share /mnt/share nullfs ro  0  0

Mount Dataset inside a Jail as Read and Write

iocage fstab -a [JAIL NAME] /source/folder  /destination/folder/in/jail  nullfs  rw  0  0

root@fn:~ # iocage fstab -a test /mnt/tank/share /mnt/share nullfs rw  0  0

List Jail Mount Entries

iocage fstab -l [JAIL NAME]

root@fn:~ # iocage fstab -l test

Edit Jail Mount Entries

iocage fstab -e [JAIL NAME]

root@fn:~ # iocage fstab -e test

Remove a Jail Mount Entry

iocage fstab -r [JAIL NAME] [INDEX]

root@fn:~ # iocage fstab -r test 0

Create Jail Snapshot

iocage snapshot -n "[SNAPSHOT NAME]" [JAIL]
root@fn:~ # iocage snapshot -n "Recent Upgrade" test

List Jail Snapshots

iocage snaplist [JAIL]
root@fn:~ # iocage snaplist test

Remove/Delete Jail Snapshot

iocage snapremove -n "[SNAPSHOT NAME]" [JAIL]
root@fn:~ # iocage snapremove -n "Recent Upgrade" test

Rollback Jail to a Snapshot

iocage rollback -n "[SNAPSHOT NAME]" [JAIL]
root@fn:~ # iocage rollback -n "Recent Upgrade" test

Observations

DNS Resolver

When you create a Jail in iocage and skip to define the 'resolver' property, the iocage uses the host system's (in this case the FreeNAS host) default DNS settings defined in the '/etc/resolv.conf'.

If your FreeNAS has been configured as a Domain Controller, it resets the DNS setting in the '/etc/resolv.conf' to point to itself. Example: "nameserver 127.0.0.1". Incidentally, the iocage jail DNS is also set to 127.0.0.1. As a result, all the DNS queries within the jail fail because the jail points to itself as a nameserver where a name service does not exits. So, in order for the jail's DNS to work, we will need to manually define the resolver property for the jail.

And if you have a complicated network setup, like a switch with multiple VLANs. You will also need to define the 'defaultrouter' and 'interfaces' property so that the vnet interface is linked to the correct bridge interface and the bridge interface is link to the correct VLAN interface.

Helpful Commands

Check iocage version
root@fn:~ # iocage -v

iocage Help command
root@fn:~ # iocage --help

List all zpools on the FreeNAS
root@fn:~ # zpool list

Delete Release
iocage destroy -r [RELEASE NAME]
root@fn:~ # iocage destroy -r 11.0-RELEASE

Links and Resources

• http://iocage.readthedocs.io/en/latest/index.html
• https://forums.freenas.org/index.php?threads/iocage-helper-thread.59988/

How To Configure Network Setting on CentOS 6.3

بسم الله الرحمن الرحيم

In the Name of Allah. The Most gracious, The Most Merciful

Synopsis:

A short tutorial on how to configure network settings on CentOS 6.3 machine.

Assumptions and Prerequisites:

• OS: CentOS 6.3 x64
• Server Name: mujahid
• Subnet: 192.168.1.0/24
• Server IP: 192.168.1.20
• Subnet Mask: 255.255.255.0
• DNS IP: 192.168.1.15
• Gateway IP: 192.168.1.1
• Domain: houseofjaleel.com.au
• Network Device/Interface: eth0 
• Text Editor: vi
• Firewall (IPTables) is disabled.
• SELinux is disabled.
• '#' - Script Comment.
• This machine is a Server; therefore has a fixed IP settings. It is not assigned any network settings from any DHCP or BOOTP service.

Step-by-Step Instructions:

1. Create the network configuration file /etc/sysconfig/network-scripts/ifcfg-eth0 with the following configurations and save it.

DEVICE="eth0"       # Device name
HWADDR="00:0C:29:7D:A0:62"    # eth0's MAC address. This may be different on your machine.  
NM_CONTROLLED="no"   # Settings are not controlled by the Network Manager service. 
BOOTPROTO="none"   # This device does not receive network settings from any dhcp service on the network.
ONBOOT="yes"            # Service starts at boot time.
TYPE="Ethernet"    # Device type is of Ethernet.
IPADDR="192.168.1.20"               # IP Address of this Network device.
NETMASK="255.255.255.0"     # Subnet Mask
GATEWAY="192.168.1.1"         # IP Address to access the Internet (usually it's a Router).
DNS1="192.168.1.15"       # IP Address of the machine hosting the DNS on the LAN.
DOMAIN="houseofjaleel.com.au"     # Name of the Domain this server belongs to. Omit if no domain configured on Network.
IPV6INIT="no"    # ipv6 is not enabled on this server machine.
USERCTL="no"   # Except for root user, users can't alter network setting for this device.


Clean (without comments) version of the file /etc/sysconfig/network-scripts/ifcfg-eth0


DEVICE="eth0"
HWADDR="00:0C:29:7D:A0:62"  
NM_CONTROLLED="no"  
BOOTPROTO="none"  
ONBOOT="yes" 
TYPE="Ethernet"
IPADDR="192.168.1.20" 
NETMASK="255.255.255.0" 
GATEWAY="192.168.1.1" 
DNS1="192.168.1.15" 
DOMAIN="houseofjaleel.com.au" 
IPV6INIT="no" 
USERCTL="no"


2. Restart Network service.
# /etc/rc.d/init.d/network restart

3. Enable Network Service to start at boot time.
# chkconfig network on

4. Check to see if network settings have been loaded from the configuration file for 'eth0'.
# ifconfig

5. Disable ipv6 device driver on this server machine from loading at boot time.
# echo "install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6.conf 

6. Restart server.
# reboot

 7. Login as root and check network settings. It should show that there is no "inet6" setting anymore.
# ifconfig

Conclusion:

Change the "DNS1" configuration to "127.0.0.1" or "192.168.1.20", if DNS is configured on the local machine.

Use 'DNS2' to add a secondary DNS host (eg. DNS2="192.168.1.16").

IPV6 is outside of the scope of this tutorial.

How To Install and Configure DHCP Server on CentOS 6.3

Synopsis:

A short tutorial on how to Install and Configure a DHCP Server on CentOS 6.3 x64, listening on the "eth0" Interface only.

Assumptions and Prerequisites:

• OS: CentOS 6.3 x64.
• Server Name: mujahid
• DNS IP: 192.168.1.10
• IPv6 is disabled.
• SELinux is disabled.
• Firewall (IPTables) is disabled.
• Subnet: 192.168.1.0/24
• Domain: houseofjaleel.com.au
• Gateway (Router IP Address): 192.168.1.1
• Text Editor: Nano
• Dynamic DNS (DDNS) is not enabled.

Step-by-Step Instructions:

1. Install the DHCP Package via a terminal.
# yum -y install dhcp

2. Edit file /etc/dhcp/dhcpd.conf with "nano" editor and write the following configuration:


# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#   see 'man 5 dhcpd.conf'
#


# This DHCP server to be declared valid
authoritative;

# Subnet 192.168.1.0/24
subnet 192.168.1.0 netmask 255.255.255.0 {

# default gateway
option routers 192.168.1.1;

# domain name
option domain-name "houseofjaleel.com.au";

# DNS's hostname or IP address
option domain-name-servers 192.168.1.10;

# range of lease IP address
range dynamic-bootp 192.168.1.2 192.168.1.254;

# default lease time
default-lease-time 600;

# max lease time
max-lease-time 7200;

# broadcast address
option broadcast-address 192.168.1.255;

##### Reserved Hosts #####

# Router
host router {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.1;
}

# Farooq
host farooq {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.10;
}

# Tariq
host tariq {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.11
}

# Humaira
host humaira {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.12;
}

# Khalid
host khalid {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.13;
}

# Asim
host asim{
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.14;
}

# Mujahid
host mujahid{
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.15;
}

# Amir
host amir{
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.16;
}

# Muneera
host muneera{
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.17;
}

# Atif
host atif{
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.18;
}

} # end of Subnet 192.168.1.0/24

3. edit file /etc/sysconfig/dhcp to make sure the DHCP service is listening on the relevant Interface (eth0).

# nano /etc/sysconfig/dhcp

eg.

DHCPDARGS="eth0"  

4. Start DHCP at boot.

# chkconfig dhcpd on

5. Start the DHCP service.

# /etc/rc.d/init.d/dhcpd start

Successfully Configured a DNS Server On Linux (Fedora 12)

Recently, I successfully configured a DNS server on my Fedora 12 Linux box. It took me weeks of reading and watching DNS related materials and tutorials. I had to watch Webmin videos on youtube and read up on Bind-9 manuals. During the course of the task, at times it got pretty frustrating because to my surprise, there isn't a one-stop tutorial on the Internet on how to setup a DNS Server. I had to read several sources scattered around all over the Internet. Every tutorial that I read seemed to be either incomplete or had a very limited scope. Anyway, in the end I got it to work and it felt really good after all was done. Even though I got it to work, it still needs a bit of tweaks here and there. I'll finish with those tweaks by next week.

After setting up DNS, I managed to configure the DHCP server as well. Configuring a DHCP server is a cake walk compared to configuring a DNS server on Fedora Core 12.

All the effort and time that went into researching DNS servers gave me an idea. Since there isn't a good tutorial available on the Internet to setup a DNS server, I thought I might write one up and publish it on my blog for personal references. It might also help out others who want to setup a DNS server on their own personal network just as I have. Just thinking about the scope of this task I know will require quite a significant amount of time.