Support #348
Setting Up A Debian Jail on FreeNAS
Description
While setting up the VPS infrastructure, I learned that FreeBSD has to ability to run a Linux OS natively using its Linux Compatibility Layer, and so FreeNAS also supports this. To start, from the web interface go to Jails -> Configuration and make sure that the basic information for the Jails are configured. Next go to Jails and click Add Jails; then give the jail a name, select Debian-7.1.0 as the jail type, and give the jail an IP address. Then click OK at the bottom to download Debian.
NOTE: I was using the old UFS filesystem (instead of ZFS) to hold the jails. There was a problem with Linux jails starting on UFS filesystems, however this was fixed in FreeNAS version 9.2.1.2.
Bootstrap the Debian jail¶
- Once the Debian jail has been created and is running, click the Shell icon to open up a shell. A command prompt will appear in the web browser.
- Now change the root passwd:
passwd
- And create a new ssh key pair:
ssh-keygen -t ecdsa
- At this point the Debian jail can also be accessed via SSH as well.
ssh root@debianjail.example.com
- To start, edit the /etc/apt/sources.list and comment out the cdrom repositories, like so:
nano /etc/apt/sources.list
#!# deb-src cdrom:[Debian GNU/Linux 7.1.0 Wheezy - Official Multi-architecture i386/amd64/source DVD #1 20130615-23:45]/ wheezy main
#!# deb cdrom:[Debian GNU/Linux 7.1.0 Wheezy - Official Multi-architecture i386/amd64/source DVD #1 20130615-23:45]/ wheezy main
#!#
#!#deb-src cdrom:[Debian GNU/Linux 7.1.0 Wheezy - Official Multi-architecture i386/amd64/source DVD #1 20130615-23:45]/ wheezy main
#!#deb cdrom:[Debian GNU/Linux 7.1.0 Wheezy - Official Multi-architecture i386/amd64/source DVD #1 20130615-23:45]/ wheezy main
Then prevent the OS from updating the Linux kernel and GRUB bootloader. This is necessary since the actual kernel is the FreeBSD kernel; upgrading the kernel from the jail will break an upgrade and screw up the jail.
- To freeze kernel upgrades run:
echo linux-image-686-pae hold | dpkg --set-selections echo linux-image-3.2.0-4-686-pae hold | dpkg --set-selections echo initscripts hold | dpkg --set-selections echo grub-common hold | dpkg --set-selections echo grub-pc hold | dpkg --set-selections echo grub-pc-bin hold | dpkg --set-selections echo grub2-common hold | dpkg --set-selections echo dmsetup hold | dpkg --set-selections
You can then check this worked like so:dpkg -la | grep linux-image
hi linux-image-3.2.0-4-686-pae 3.2.46-1 i386 Linux 3.2 for modern PCs
hi linux-image-686-pae 3.2+46 i386 Linux for 64-bit PCs (meta-package)
NOTE: Notice the 'hi' at the bottom, h means held and i means currently installed. This package is installed but +will no+t be upgraded.
- Remove unneeded packages:
apt-get remove --purge virtualbox-* xserver-* linux-headers-*
- Clean up the package manager and remove orphaned packages:
apt-get autoremove apt-get clean
NOTE: This will reduce the size of a system upgrade, and free up space.
- Update the package repository information and upgrade the OS by running:
apt-get update apt-get upgrade
Now the Debian jail can upgrade its packages in a normal manner, without breaking the jail during an upgrade.