A FreeBSD jail manager written in Python 3
iocage is a jail/container manager amalgamating some of the best features and technologies the FreeBSD operating system has to offer. It is geared for ease of use with a simple and easy to understand command syntax.
iocage is in the FreeBSD ports tree as sysutils/py-iocage.
To install using binary packages, simply run: pkg install py38-iocage
The FreeBSD source tree must be located at $SRC_BASE
(/usr/src
by default) to build from git.
pkg install python38 git-lite py38-cython py38-libzfs py38-pip
git clone https://github.com/iocage/iocage
make install
as rootTo install subsequent updates: run make install
as root.
cd /usr/ports/sysutils/iocage/ ; make install clean
pkg install py38-iocage
iocage_legacy
:This repository replaces iocage_legacy
. To upgrade to the current version:
service iocage stop; iocage stop ALL
)iocage
package if it is installed (pkg delete iocage
)iocage
using one of the methods aboveiocage list
as rootservice iocage onestart
)We like issues! If you are having trouble with iocage
please open a GitHub issue and we will run around with our hair on fire look into it. Before doing so, please give us some information about the situation:
uname -ro
iocage --version
Please be detailed on the exact use case of your change and a short demo of it. Make sure it conforms with PEP-8 and that you supply a test with it if relevant. Lines may not be longer then 80 characters.
Activate a zpool:
iocage activate ZPOOL
NOTE: ZPOOL is a placeholder. Use zpool list
and substitute it for the
zpool you wish to use.
Fetch a release:
iocage fetch
Create a jail:
iocage create -n myjail ip4_addr="em0|192.168.1.10/24" -r 11.0-RELEASE
NOTE: em0 and 11.0-RELEASE are placeholders. Please replace them with your
real interface (ifconfig
) and RELEASE chosen during iocage fetch
.
Start the jail:
iocage start myjail
Congratulations, you have created your first jail with iocage!
You can now use it like you would a real system.
Since SSH won't be available by default, iocage console myjail
is a useful
spot to begin configuration of your jail.
To see a list of commands available to you now, type iocage
outside the jail.
me:\
:charset=UTF-8:\
:lang=en_US.UTF-8:\
:setenv=LC_COLLATE=C:
Kernel compiled with:
# This is optional and only needed if you need VNET
options VIMAGE # VNET/Vimage support
For the explanations on jail properties read jail(8)
Create bridge0 and bridge1 interfaces for VNET jails to attach to.
Use iocage set
to modify properties and iocage get
to retrieve property
values
Type iocage COMMAND --help
to see any flags the command supports and their help, for example:
iocage create --help
iocage fetch --help
iocage list --help
If using VNET consider adding the following to /etc/sysctl.conf
on the host:
net.inet.ip.forwarding=1 # Enable IP forwarding between interfaces
net.link.bridge.pfil_onlyip=0 # Only pass IP packets when pfil is enabled
net.link.bridge.pfil_bridge=0 # Packet filter on the bridge interface
net.link.bridge.pfil_member=0 # Packet filter on the member interface
Lots of jails or a big server? Mount fdescfs
:
mount -t fdescfs null /dev/fd