(408) 943-4100               V   Commercial Support Toggle between Light and Dark mode

Manage

  5 minute read.

Last Modified 2021-04-05 14:19 EDT

Going to the Jails screen shows a list of installed jails.

Jails

Operations can be applied to multiple jails by selecting those jails with the checkboxes on the left. After selecting one or more jails, icons appear which can be used to , , , or those jails.

More information such as IPV4, IPV6, jail TYPE, and whether it is a TEMPLATE or BASEJAIL is seen by clicking > (Expand) for a jail. Additional options for that jail are also displayed.

Jails Options

Modify the IP address information for a jail by clicking > EDIT instead of issuing the networking commands directly from the command line of the jail. This ensures changes are saved and survive a jail or TrueNAS reboot.
NameDescription
EDITUsed to modify the settings described in Advanced Jail Creation. A jail cannot be edited while it is running. The settings can be viewed, but are read only.
MOUNT POINTSSelect an existing mount point to EDIT or click ACTIONS > Add Mount Point to create a mount point for the jail. A mount point gives a jail access to storage located elsewhere on the system. A jail must be stopped before adding, editing, or deleting a mount point. See Additional Storage for more details.
RESTARTStop and immediately start an up jail.
STARTStart a jail that has a current STATE of down.
STOPStop a jail that has a current STATE of up.
UPDATERuns freebsd-update to update the jail to the latest patch level of the installed FreeBSD release.
SHELLAccess a root command prompt to interact with a jail directly from the command line. Type exit to leave the command prompt.
DELETECaution: deleting the jail also deletes all of the jail contents and all associated snapshots. Back up the jail data, configuration, and programs first. There is no way to recover the contents of a jail after deletion!
Menu entries change depending on the jail state. For example, a stopped jail does not have a STOP or SHELL option.

Jail status messages and command output are stored in /var/log/iocage.log.

Updates and Upgrades

Click > (Expand) > Update to update a jail to the most current patch level of the installed FreeBSD release. This does not change the release. For example, a jail installed with FreeBSD 11.2-RELEASE can update to p15 or the latest patch of 11.2, but not an 11.3-RELEASE-p# version of FreeBSD.

A jail upgrade replaces the jail FreeBSD operating system with a new release of FreeBSD, such as taking a jail from FreeBSD 11.2-RELEASE to 11.3-RELEASE. Upgrade a jail by stopping it, opening the TrueNAS Shell and entering iocage upgrade name -r release, where name is the plugin jail name and release is the desired FreeBSD release.

It is possible to manually remove unused releases from the /iocage/releases/ dataset after upgrading a jail. The release must not be in use by any jail on the system!

Accessing a Jail Using SSH

The ssh daemon sshd(8) must be enabled in a jail to allow SSH access to that jail from another system.

The jail STATE must be up before the SHELL option is available. When the jail is not up, start it by clicking Jails > > START for the desired jail. Click , then SHELL to open a shell inside the jail:

FreeBSD 11.1-STABLE (FreeNAS.amd64) #0 0ale9f753(freenas/11-stable): FriApr 6 04:46:31 UTC 2018

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with: pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed: freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages: man man
FreeBSD directory layout:     man hier

Edit /etc/motd to change this login announcement.
root@jailexamp:~ #

The Shell can also open a jail root shell. Open the Shell and enter iocage console jailname.

Enable sshd:

sysrc sshd_enable="YES"
sshd_enable: NO -> YES

Start the SSH daemon: service sshd start. The first time the service runs, the jail RSA key pair is generated and the key fingerprint is displayed. Add a user account with adduser and follow the prompts. Enter accepts the default value. Users that require root access must also be a member of the wheel group. Enter wheel when prompted to invite user into other groups?

root@jailexamp:~ # adduser
Username: jailuser
Full name: Jail User
Uid (Leave empty for default):
Login group [jailuser]:
Login group is jailuser. Invite jailuser into other groups? []: wheel
Login class [default]:
Shell (sh csh tcsh git-shell zsh rzsh nologin) [sh]: csh
Home directory [/home/jailuser]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username   : jailuser
Password   : *****
Full Name  : Jail User
Uid        : 1002
Class      :
Groups     : jailuser wheel
Home       : /home/jailuser
Home Mode  :
Shell      : /bin/csh
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (jailuser) to the user database.
Add another user? (yes/no): no
Goodbye!
root@jailexamp:~

After creating the user, set the jail root password to allow users to use su to gain superuser privileges. To set the jail root password, use passwd. Nothing is echoed back when using passwd:

root@jailexamp:~ # passwd
Changing local password for root
New Password:
Retype New Password:
root@jailexamp:~ #

Finally, test that the user can successfully ssh into the jail from another system and gain superuser privileges. In this example, a user named jailuser uses ssh to access the jail at 192.168.2.3. The host RSA key fingerprint must be verified the first time a user logs in.

ssh jailuser@192.168.2.3
The authenticity of host '192.168.2.3 (192.168.2.3)' can't be established.
RSA key fingerprint is 6f:93:e5:36:4f:54:ed:4b:9c:c8:c2:71:89:c1:58:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.2.3' (RSA) to the list of known hosts.
Password:

Every jail has its own user accounts and service configuration. These steps must be repeated for each jail that requires SSH access.