Cloned2Preserve
/
jailmaker
mirror of https://github.com/Jip-Hop/jailmaker.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Cloned2Preserve:6851ad2cd17260ca1d5686df37d99ce33b3ec1a9
Branches Tags
Cloned2Preserve:main
Cloned2Preserve:veth-extra
Cloned2Preserve:develop
Cloned2Preserve:v1.4.2
Cloned2Preserve:v1.4.1
Cloned2Preserve:v1.4.0
Cloned2Preserve:v1.3.0
Cloned2Preserve:v1.2.1
Cloned2Preserve:v1.2.0
Cloned2Preserve:v1.1.5
Cloned2Preserve:v1.1.4
Cloned2Preserve:v1.1.3
Cloned2Preserve:v1.1.2
Cloned2Preserve:v1.1.1
Cloned2Preserve:v1.1.0
Cloned2Preserve:v1.0.1
Cloned2Preserve:v1.0.0
...
compare: Cloned2Preserve:fa32995ff594928eac471fc4e41eaf104282e746
Branches Tags
Cloned2Preserve:veth-extra
Cloned2Preserve:develop
Cloned2Preserve:main
Cloned2Preserve:v1.4.2
Cloned2Preserve:v1.4.1
Cloned2Preserve:v1.4.0
Cloned2Preserve:v1.3.0
Cloned2Preserve:v1.2.1
Cloned2Preserve:v1.2.0
Cloned2Preserve:v1.1.5
Cloned2Preserve:v1.1.4
Cloned2Preserve:v1.1.3
Cloned2Preserve:v1.1.2
Cloned2Preserve:v1.1.1
Cloned2Preserve:v1.1.0
Cloned2Preserve:v1.0.1
Cloned2Preserve:v1.0.0

3 Commits
6851ad2cd1 ... fa32995ff5

Author SHA1 Message Date
Jip-Hop fa32995ff5 Update docs 2024-05-09 14:55:36 +02:00
Jip-Hop 380b1b7075 Add stux YouTube bridge tutorial 2024-05-09 11:57:59 +02:00
Jip-Hop d5ee177580 Update compatibility.md 2024-05-09 11:56:52 +02:00
10 changed files with 154 additions and 173 deletions
Show Stats Expand all files Collapse all files

61
NETWORKING.md
View File

@ -1,61 +0,0 @@
# Jailmaker
## Advanced Networking
These are notes on advanced networking setup you may want to try. Contributions are welcome!
### Bridge Networking
As an alternative to the default host networking mode, you may want to connect to a bridge interface instead and let the jail obtain its IP address via DHCP (although you may have to be patient for up to 20 seconds after the jail started for networking to work, [assigning the IP address is somehow slow](https://github.com/Jip-Hop/jailmaker/issues/7)).
[This YouTube video](https://www.youtube.com/watch?v=7clQw132w58) may be helpful when setting up the bridge interface. Note: You may lock yourself out... It may take several tries... TrueNAS is a bit picky when switching IP addresses and toggling DHCP. May be helpful to connect a monitor and keyboard to the NAS and use `/etc/netcli` to reset the networking interface. Kept bothering with "Register Default Gateway" warning... I just clicked Cancel.
Add the `--network-bridge=br1 --resolv-conf=bind-host` systemd-nspawn flag when asked for `Additional flags` during jail creation, or set it post-creation by [editing](./README.md#edit-jail-config) the `SYSTEMD_NSPAWN_USER_ARGS` variable inside the `config` file.
The TrueNAS host and the jail will be able to communicate with each other as if the jail was just another device on the LAN. It will use the same DNS servers as the TrueNAS host because the `--resolv-conf=bind-host` option bind mounts the `/etc/resolv.conf` file from the host inside the jail. If you want to use the DNS servers advertised via DHCP, then check [DNS via DHCP](#dns-via-dhcp).
To configure a **static IP** with our bridge interface, we need to edit the `80-container-host0.network` file located in `/etc/systemd/network`. Change the `[Network]` section to look like this:
```ini
[Network]
DHCP=false
Address=192.168.0.12/24
Gateway=192.168.0.1
LinkLocalAddressing=no
LLDP=yes
EmitLLDP=customer-bridge
```
Then restart the `systemd-networkd` service and check your network configuration.
```shell
systemctl restart systemd-networkd
systemctl status systemd-networkd
ifconfig
```
### Macvlan Networking
To setup Macvlan Networking you may follow the [Bridge Networking](#bridge-networking) section, but skip the setup of a bridge interface and use these flags instead: `--network-macvlan=eno1 --resolv-conf=bind-host`. By default the TrueNAS host and jail will not be able to communicate with each other via the network if Macvlan Networking mode is used. If that's required it would be better to use [Bridge Networking](#bridge-networking).
### DNS via DHCP
If you're not using host networking, and you're not using the `--resolv-conf=` in case of bridge/macvlan networking, then you have to configure the DNS servers to use.
To get DNS servers via DHCP install and enable `resolvconf`.
```shell
# Only run this inside the jail!
# Temporarily fix DNS resolution,
# otherwise we can't install packages
echo 'nameserver 8.8.8.8' > /etc/resolv.conf
# On debian based distro
apt update && apt -y install resolvconf
```
## References
- [systemd-nspawn](https://manpages.debian.org/bullseye/systemd-container/systemd-nspawn.1.en.html)- [Setting up Systemd-nspawn](https://www.cocode.se/linux/systemd_nspawn.html#orge360318)
- [Debian Reference - Chapter 5. Network setup](https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_hostname_resolution)
- [Disabling link-local addressing](https://jerrington.me/posts/2017-08-06-systemd-nspawn-disabling-link-local-addressing.html#disabling-link-local-addressing)

32
README.md
View File

@ -90,13 +90,15 @@ jlmkr start myjail
### List Jails
See list of jails (including running, startup state, GPU passthrough, distro, and IP).
```shell
jlmkr list
```
### Execute Command in Jail
You may want to execute a command inside a jail, for example from a shell script or a CRON job. The example below executes the `env` command inside the jail.
You may want to execute a command inside a jail, for example manually from the TrueNAS shell, a shell script or a CRON job. The example below executes the `env` command inside the jail.
```shell
jlmkr exec myjail env
@ -118,6 +120,8 @@ Once you've created a jail, it will exist in a directory inside the `jails` dir
### Remove Jail
Delete a jail and remove it's files (requires confirmation).
```shell
jlmkr remove myjail
```
@ -136,6 +140,8 @@ jlmkr restart myjail
### Jail Shell
Switch into the jail's shell.
```shell
jlmkr shell myjail
```
@ -148,6 +154,8 @@ jlmkr status myjail
### Jail Logs
View a jail's logs.
```shell
jlmkr log myjail
```
@ -158,17 +166,21 @@ Expert users may use the following additional commands to manage jails directly:
## Networking
By default the jail will have full access to the host network. No further setup is required. You may download and install additional packages inside the jail. Note that some ports are already occupied by TrueNAS SCALE (e.g. 443 for the web interface), so your jail can't listen on these ports. This is inconvenient if you want to host some services (e.g. traefik) inside the jail. To workaround this issue when using host networking, you may disable DHCP and add several static IP addresses (Aliases) through the TrueNAS web interface. If you setup the TrueNAS web interface to only listen on one of these IP addresses, the ports on the remaining IP addresses remain available for the jail to listen on.
By default a jails will use the same networking namespace, with access to all (physical) interfaces the TrueNAS host has access to. No further setup is required. You may download and install additional packages inside the jail. Note that some ports are already occupied by TrueNAS SCALE (e.g. 443 for the web interface), so your jail can't listen on these ports.
See [Advanced Networking](./NETWORKING.md) for more.
Depending on the service this may be o.k. For example Home Assistant will bind to port 8123, leaving the 80 and 443 ports free from clashes for the TrueNAS web interface. You can then either connect to the service on 8123, or use a reverse proxy such as traefik.
But clashes may happen if you want some services (e.g. traefik) inside the jail to listen on port 443. To workaround this issue when using host networking, you may disable DHCP and add several static IP addresses (Aliases) through the TrueNAS web interface. If you setup the TrueNAS web interface to only listen on one of these IP addresses, the ports on the remaining IP addresses remain available for the jail to listen on.
See [the networking docs](./docs/network.md) for more advanced options (bridge and macvlan networking).
## Docker
Using the [docker config template](./templates/docker/README.md) is recommended if you want to run docker inside the jail. You may of course manually install docker inside a jail. But keep in mind that you need to add `--system-call-filter='add_key keyctl bpf'` (or disable seccomp filtering). It is [not recommended to use host networking for a jail in which you run docker](https://github.com/Jip-Hop/jailmaker/issues/119). Docker needs to manage iptables rules, which it can safely do in its own networking namespace (when using [bridge or macvlan networking](./NETWORKING.md) for the jail).
Using the [docker config template](./templates/docker/README.md) is recommended if you want to run docker inside the jail. You may of course manually install docker inside a jail. But keep in mind that you need to add `--system-call-filter='add_key keyctl bpf'` (or disable seccomp filtering). It is [not recommended to use host networking for a jail in which you run docker](https://github.com/Jip-Hop/jailmaker/issues/119). Docker needs to manage iptables rules, which it can safely do in its own networking namespace (when using [bridge or macvlan networking](./docs/network.md) for the jail).
## Documentation
Additional documentation contributed by the community can be found in [the docs directory](./docs/).
Additional documentation can be found in [the docs directory](./docs/) (contributions are welcome!).
## Comparison
@ -178,16 +190,6 @@ TODO: write comparison between systemd-nspawn (without `jailmaker`), LXC, VMs, D
The rootfs image `jlmkr.py` downloads comes from the [Linux Containers Image server](https://images.linuxcontainers.org). These images are made for LXC. We can use them with systemd-nspawn too, although not all of them work properly. For example, the `alpine` image doesn't work well. If you stick with common systemd based distros (Debian, Ubuntu, Arch Linux...) you should be fine.
## Tips & Tricks
### Colorized bash prompt
To visually distinguish between a root shell inside the jail and a root shell outside the jail, it's possible to colorize the shell prompt. When using a debian jail with the bash shell, you may run the following command to get a yellow prompt inside the jail (will be activated the next time you run `jlmkr shell myjail`):
```bash
echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;33m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> ~/.bashrc
```
## Filing Issues and Community Support
When in need of help or when you think you've found a bug in jailmaker, [please start with reading this](https://github.com/Jip-Hop/jailmaker/discussions/135).

4
docs/README.md
View File

@ -1,3 +1,5 @@
Welcome to the jailmaker wiki!
# Jailmaker Docs
Welcome to the Jailmaker Docs!
Use the sidebar to navigate the topics.

50
docs/basicconfig.md
View File

@ -1,4 +1,8 @@
# User Management
# Jailmaker Docs
Anything described on this page is completely optional. You do NOT need to do anything of this in order to start using jailmaker.
## User Management
The root user (also known as the superuser or su) can access any file, make system changes, and lots of room for security vulnerabilities.
For this reason you should aspire to run services as a non-root user.
@ -10,28 +14,54 @@ Where username can be anything, but should reflect the service/jail's name for d
Then a password should be created as some commands require a non-blank password to be inserted:
`passwd USERNAME`
If you want the ability to run commands as root, add the user to the sudo group
`usermod -aG sudo USERNAME`
If you want the ability to run commands as root, add the user to the sudo group:
```sh
usermod -aG sudo USERNAME
```
This WILL require a non-blank password, and any command run with sudo will be run as root not as the user. But it saves time compared to switching users to root to install/change things then switching back.
### Switch to user
`su -l USERNAME`
```sh
su -l USERNAME
```
### Put a password on Root
While logged in as root run `passwd`
# Common tweaks
While logged in as root run `passwd`.
## Common Tweaks
### Update repository list
`sudo apt update`
```sh
sudo apt update
```
### Install common services
`sudo apt install nano wget curl git`
```sh
sudo apt install nano wget curl git
```
### Set Static IP
See `Networking`
See [Networking](./network.md)
### Colorized bash prompt
To visually distinguish between a root shell inside the jail and a root shell outside the jail, it's possible to colorize the shell prompt. When using a debian jail with the bash shell, you may run the following command **inside the jail** to get a yellow prompt inside the jail (will be activated the next time you run `jlmkr shell myjail`):
```bash
echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;33m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> ~/.bashrc
```
### Install Docker
```
It's advised to use the [docker config template](../templates/docker/README.md). But you can install it manually like this as well:
```sh
apt install curl && cd /tmp && curl -fsSL https://get.docker.com -o get-docker.sh && sudo sh get-docker.sh && cd ~ && docker
```

35
docs/commands.md
View File

@ -1,35 +0,0 @@
Create a jail
`jlmkr create JAILNAME`
Start a jail
`jlmkr start JAILNAME`
Stop a jail
`jlmkr stop JAILNAME`
Check jail status
`jlmkr status JAILNAME`
Delete a jail and remove it's files (requires confirmation)
`jlmkr remove JAILNAME`
See list of jails (including running, non running, distro, startup state, and IP)
`jlmkr list`
See list of running jails
`machinectl list`
Execute a command inside a jail from the TrueNAS shell
`jlmkr exec JAILNAME COMMAND`
Execute a bash command inside a jail from the TrueNAS shell
`jlmkr exec JAILNAME bash -c 'BASHCOMMAND'`
Switch into the jail's shell
`machinectl shell JAILNAME`
View a jail's logs
`jlmkr log JAILNAME`
Edit a jail's config
`jlmkr edit JAILNAME`

8
docs/compatibility.md
View File

@ -1,12 +1,14 @@
# TrueNAS Compatibility
# Jailmaker Docs
## TrueNAS Compatibility
| | |
|---|---|
|TrueNAS Core|❌|
|TrueNAS 22.12|✅|
|TrueNAS 23.10|✅|
|TrueNAS 24.04 nightly|✅|
|TrueNAS 24.04|✅|
# Distro Compatibility
## Distro Compatibility
| | |
|---|---|
|Debian 11 Bullseye|✅|

105
docs/network.md
View File

@ -1,24 +1,60 @@
# Host Passthrough (Default network configuration)
By default jails will use the same physical interface as the TrueNAS host. If a service attempts to bind to port 80 or 443, it will either fail or render both the service and TrueNAS unavailable.
### Flaws
Depending on the service this may be ok, for example Home Assistant will bind to port 8123, leaving the 80 and 443 ports free from clashes for the TrueNAS web interface. You can then either connect to the service with the port, or use a reverse proxy such as [nginx](https://www.nginx.com/#).
### Setup
No configuration is necessary
# Jailmaker Docs
# MAC VLAN Virtual Interface
Some services require the use of port 80 or 443, or would benefit from a separate IP. For these situations the easiest network configuration is the MAC VLAN configuration. This creates a virtual interface with its own separate randomly generated MAC address and IP.
The default config uses DHCP by default, but can easily be set to a Static IP.
### Flaws
Any services in the jail cannot communicate with the direct host (TrueNAS). The jail can communicate with any other jail or device on the network, besides TrueNAS. This may or not be a benefit (security) or disadvantage (no communication) depending on your service.
### Setup
Add the following argument to the "additional flags" prompt of jail creation or the "systemd_nspawn_user_arguments" line of the jail config file:
## Host Networking
[Notes on the default host networking are in the main README.md file](../README.md#networking).
## Bridge Networking
As an alternative to the default host networking mode, you may want to connect to a bridge interface instead and let the jail obtain its IP address via DHCP.
[![TrueNAS Scale: Setting up a Static IP and Network Bridge // Access NAS host from VM - YouTube Video](https://img.youtube.com/vi/uPkoeWUfiHU/0.jpg)<br>Watch on YouTube](https://www.youtube.com/watch?v=uPkoeWUfiHU "TrueNAS Scale: Setting up a Static IP and Network Bridge // Access NAS host from VM - YouTube Video")
The above YouTube video may be helpful when setting up the bridge interface.
### Bridge Flaws
This type of interface takes much longer to set up both in complexity and wait time (you may have to be patient for up to 60 seconds after the jail started for networking to work, [assigning the IP address via DHCP is somehow slow](https://github.com/Jip-Hop/jailmaker/issues/7)). Furthermore, if the configuration is not correct it can render your TrueNAS inaccessible via ssh or the web interface, necessitating a reset using a keyboard and monitor plugged into the TrueNAS server and use `/etc/netcli` to reset the networking interface.
### Bridge Setup
Add the `--network-bridge=br1 --resolv-conf=bind-host` systemd-nspawn flag when asked for `Additional flags` during jail creation, or set it post-creation by [editing](./README.md#edit-jail-config) the `SYSTEMD_NSPAWN_USER_ARGS` variable inside the `config` file.
The TrueNAS host and the jail will be able to communicate with each other as if the jail was just another device on the LAN. It will use the same DNS servers as the TrueNAS host because the `--resolv-conf=bind-host` option bind mounts the `/etc/resolv.conf` file from the host inside the jail. If you want to use the DNS servers advertised via DHCP, then check [DNS via DHCP](#dns-via-dhcp).
### Bridge Static IP
To configure a static IP with our bridge interface, we need to edit the `/etc/systemd/network/80-container-host0.network` file. Change the [Network] section to look like this:
```ini
[Network]
DHCP=false
Address=192.168.0.12/24
Gateway=192.168.0.1
LinkLocalAddressing=no
LLDP=yes
EmitLLDP=customer-bridge
```
--network-macvlan=eno1 --resolv-conf=bind-host
Then restart the `systemd-networkd` service and check your network configuration.
```shell
systemctl restart systemd-networkd
systemctl status systemd-networkd
ifconfig
```
### Setting a Static IP
To set a Static IP you need to disable DHCP in the macvlan config file `/etc/systemd/network/mv-dhcp.network`
You can do this with a network client like WinSCP by navigating into the jail's filesystem then the path above, or by using a text editing program like nano by running `nano /etc/systemd/network/mv-dhcp.network` in the jail's shell.
## Macvlan Networking
Some services require the use of port 80 or 443, or would benefit from a separate IP. For these situations the easiest network configuration is the MAC VLAN configuration. This creates a virtual interface with its own separate randomly generated MAC address and IP. The default config uses DHCP by default, but can easily be set to a Static IP.
### Macvlan Flaws
Any services in the jail cannot communicate with the direct host (TrueNAS). The jail can communicate with any other jail or device on the network, besides TrueNAS or VMs hosted on TrueNAS. This may be a benefit (security) or disadvantage (no communication) depending on your service. If that's required it would be better to use [Bridge Networking](#bridge-networking).
### Macvlan Setup
Add the following argument to the "additional flags" prompt of jail creation or the "systemd_nspawn_user_arguments" line of the jail config file: `--network-macvlan=eno1 --resolv-conf=bind-host`. Where eno1 is the name of your physical network interface.
### Macvlan Static IP
To set a Static IP you need to disable DHCP in the macvlan config file `/etc/systemd/network/mv-dhcp.network`. You can do this with a network client like WinSCP by navigating into the jail's filesystem then the path above, or by using a text editing program like nano by running `nano /etc/systemd/network/mv-dhcp.network` in the jail's shell.
The DHCP in [Network] needs to be set to false, an Address (static IP) needs to be added, a Gateway needs to be defined (e.g your router such as 192.168.0.1) and the entire DHCP section needs to be removed.
@ -35,23 +71,24 @@ Gateway=192.168.X.X
```
Then restart the network interface inside the jail `systemctl restart systemd-networkd` or restart the jail by running `jlmkr stop JAILNAME && jlmkr start JAILNAME` from the TrueNAS shell. Use `ifconfig` to verify the interface is up and has the correct IP.
# Passthrough a TrueNAS Bridge Interface
By creating a network bridge in the TrueNAS Network page you can bridge the incoming physical network interface to a virtual interface that can be passed to the jail. This type of interface has the benefits of a MAC VLAN interface without the flaws (host to jail networking). Once working the virtual interface can either be assigned a static IP or obtain one automatically via DHCP.
### Flaws
This type of interface takes much longer to set up both in complexity and wait time as there is a current flaw in which HDCP can take between 10 seconds and a minute.
Furthermore, if the configuration is not correct it can render your TrueNAS inaccessible via ssh, necessitating a reset using a keyboard and monitor plugged into the TrueNAS server.
### Setup
[TrueNAS Bridge interface guide](https://www.youtube.com/watch?v=7clQw132w58)
May be helpful to connect a monitor and keyboard to the NAS and use /etc/netcli to reset the networking interface. Kept bothering with "Register Default Gateway" warning... I just clicked Cancel.
## DNS via DHCP
Add the `--network-bridge=br1 --resolv-conf=bind-host` flag when asked for additional flags during jail creation, or set it post-creation by editing the `SYSTEMD_NSPAWN_USER_ARGS` variable inside the config file.
If you're not using host networking, and you're not using the `--resolv-conf=` in case of bridge/macvlan networking, then you have to configure the DNS servers to use.
### Static IP
To configure a static IP with our bridge interface, we need to edit the `/etc/systemd/network/80-container-host0.network` file. Change the [Network] section to look like this:
To get DNS servers via DHCP install and enable `resolvconf`.
```shell
# Only run this inside the jail!
# Temporarily fix DNS resolution,
# otherwise we can't install packages
echo 'nameserver 8.8.8.8' > /etc/resolv.conf
# On debian based distro
apt update && apt -y install resolvconf
```
[Network]
DHCP=false
Address=192.168.X.XXX/24
Gateway=192.168.X.X
```
Then restart the network interface inside the jail `systemctl restart systemd-networkd` or restart the jail by running `jlmkr stop JAILNAME && jlmkr start JAILNAME` from the TrueNAS shell. Use `ifconfig` to verify the interface is up and has the correct IP.
## References
- [systemd-nspawn](https://manpages.debian.org/bullseye/systemd-container/systemd-nspawn.1.en.html)- [Setting up Systemd-nspawn](https://www.cocode.se/linux/systemd_nspawn.html#orge360318)
- [Debian Reference - Chapter 5. Network setup](https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_hostname_resolution)
- [Disabling link-local addressing](https://jerrington.me/posts/2017-08-06-systemd-nspawn-disabling-link-local-addressing.html#disabling-link-local-addressing)

3
docs/performance.md
View File

@ -1,3 +1,5 @@
# Jailmaker Docs
(Anecdotal from observations, actual measurements with resource monitor captures and wall power meter coming soon.)
Kubernetes Server (TrueNAS Apps) with no apps installed:
@ -16,6 +18,5 @@ Systemd-nspawn container (jailmaker) with 10 apps installed:
* Idle on 7100T: ~4% / 8W
* Idle on 10600K: ~0%
Systemd-nspawn container (jailmaker) with 20 apps installed:
* Idle on 10600K: ~1%

10
docs/storage.md
View File

@ -1,12 +1,14 @@
# Default storage system
When creating a jail, an entire Linux filesystem is created in the 'rootfs' folder within the jail's folder of the jailmaker directory E.g `/mnt/tank/vault/jailmaker/jails/jailname/rootfs`. No files from the TrueNAS host will be available.
# Jailmaker Docs
## Default storage system
When creating a jail, an entire Linux filesystem is created in the 'rootfs' folder within the jail's folder of the jailmaker directory. E.g. `/mnt/tank/vault/jailmaker/jails/jailname/rootfs`. No files from the TrueNAS host will be available.
Common locations for services are:
`/home` for user accessible files
`/var/www/` for webpages
`/tmp` for temporary application data such as build files
# Linking folders to TrueNAS folders
## Linking folders to TrueNAS folders
To allow file access by either the jail, another jail, or TrueNAS a bind can be made. A bind creates a link between two locations. Think of this as a portal, anything that goes in one side is visible from the other side and vice versa.
Note that creating a file in the jail or TrueNAS will reflect in both binded locations, so be careful of overwrites and corruption.
@ -21,7 +23,7 @@ And where `/jail/path/to/` is the folder you want those shared files accessible
### Example
A use of this is making files available in a jail for it to use or serve, such as media files in Plex/Jellyfin:
Example: `--bind='/mnt/tank/content/:/media'` will make any files inside the content dataset of the tank pool available inside the jail's /media folder. To visualise or test this you can copy some files to `/mnt/tank/content/` such as `media1.mp4`, `media2.mkv` and `photo.jpg`. Then change directory to that folder inside the jail `cd /media` and list files in that directory `ls -l` where those files should appear.
Example: `--bind='/mnt/tank/content/:/media'` will make any files inside the content dataset of the tank pool available inside the jail's /media folder. To visualize or test this you can copy some files to `/mnt/tank/content/` such as `media1.mp4`, `media2.mkv` and `photo.jpg`. Then change directory to that folder inside the jail `cd /media` and list files in that directory `ls -l` where those files should appear.
### Warning
Do not bind your TrueNAS system directories (`/root` `/mnt` `/dev` `/bin` `/etc` `/home` `/var` `/usr` or anything else in the root directory) to your jail as this can cause TrueNAS to lose permissions and render your TrueNAS system unusable.

19
docs/zfsmigration.md
View File

@ -1,24 +1,26 @@
# ZFS Datasets Migration
# Jailmaker Docs
## ZFS Datasets Migration
From version 1.1.4 ZFS Datasets support was added to jailmaker.
By default starting in v1.1.4, jailmaker will create a separate dataset for each jail if possible. This allows the user to configure snapshots, rollbacks, replications etc.
Jailmaker operates in dual-mode: it supports using both directories and datasets. If the 'jailmaker' directory is a dataset, it will use datasets, if it is a directory, it will use directories.
___
## Procedure to migrate from directories to ZFS Datasets
### Stop all jails
### Procedure to migrate from directories to ZFS Datasets
#### Stop all jails
`jlmkr stop jail1`
`jlmkr stop jail2`
etc..
### Move/rename the 'jailmaker' directory
#### Move/rename the 'jailmaker' directory
`mv jailmaker orig_jailmaker`
### Create the ZFS datasets for jailmaker
#### Create the ZFS datasets for jailmaker
Create all the required datasets via GUI or CLI.
@ -44,8 +46,7 @@ zfs create mypool/jailmaker/jails/jail1
zfs create mypool/jailmaker/jails/jail2
```
### Move the existing jail data into the newly created datasets
#### Move the existing jail data into the newly created datasets
Now move all the jail data:
@ -53,7 +54,7 @@ Now move all the jail data:
Warning! It's important that both directories have the `/` at the end to make sure contents are copied correctly. Otherwise you may end up with `jailmaker/jailmaker`
### Test everything works
#### Test everything works
If everything works, you should be able to use the `jlmkr` command directly. Try doing a `jlmkr list` to check if the jails are correctly recognized