migrate
AppJail will not implement a feature to import a jail from other framework, but this howto shows how to migrate from one to AppJail. This is very easy, it only takes a moment.
Note: Although a framework can support a variety of jail types, many of these examples have the same pattern you will see, especially with thinjails.
# bastille export --txz yellow
Exporting 'yellow' to a compressed .txz archive...
100 % 795.1 KiB / 7380.0 KiB = 0.108 773 KiB/s 0:09
Exported '/usr/local/bastille/backups/yellow_2023-05-19-150041.txz' successfully.
# mkdir y
# tar -C y --strip-components 2 -xf /usr/local/bastille/backups/yellow_2023-05-19-150041.txz ./yellow/root
# cd y
# find . -ls | grep bastille
5512 1 drwxr-xr-x 2 root wheel 2 May 18 19:52 ./.bastille
5516 1 lrwxr-xr-x 1 root wheel 15 May 18 19:52 ./boot -> /.bastille/boot
5524 1 lrwxr-xr-x 1 root wheel 17 May 18 19:52 ./rescue -> /.bastille/rescue
5528 1 lrwxr-xr-x 1 root wheel 14 May 18 19:52 ./lib -> /.bastille/lib
5519 1 lrwxr-xr-x 1 root wheel 14 May 18 19:52 ./bin -> /.bastille/bin
6252 1 lrwxr-xr-x 1 root wheel 22 May 18 19:52 ./usr/libdata -> /.bastille/usr/libdata
6253 1 lrwxr-xr-x 1 root wheel 18 May 18 19:52 ./usr/lib -> /.bastille/usr/lib
6250 1 lrwxr-xr-x 1 root wheel 22 May 18 19:52 ./usr/libexec -> /.bastille/usr/libexec
6261 1 lrwxr-xr-x 1 root wheel 19 May 18 19:52 ./usr/sbin -> /.bastille/usr/sbin
6255 1 lrwxr-xr-x 1 root wheel 18 May 18 19:52 ./usr/bin -> /.bastille/usr/bin
6254 1 lrwxr-xr-x 1 root wheel 18 May 18 19:52 ./usr/src -> /.bastille/usr/src
6258 1 lrwxr-xr-x 1 root wheel 20 May 18 19:52 ./usr/share -> /.bastille/usr/share
6260 1 lrwxr-xr-x 1 root wheel 20 May 18 19:52 ./usr/lib32 -> /.bastille/usr/lib32
6262 1 lrwxr-xr-x 1 root wheel 22 May 18 19:52 ./usr/include -> /.bastille/usr/include
5521 1 lrwxr-xr-x 1 root wheel 18 May 18 19:52 ./libexec -> /.bastille/libexec
5517 1 lrwxr-xr-x 1 root wheel 15 May 18 19:52 ./sbin -> /.bastille/sbin
# mv .bastille .appjail
# ln -fs /.appjail/boot ./boot
# ln -fs /.appjail/rescue ./rescue
# ln -fs /.appjail/lib ./lib
# ln -fs /.appjail/bin ./bin
# ln -fs /.appjail/usr/libdata ./usr/libdata
# ln -fs /.appjail/usr/lib ./usr/lib
# ln -fs /.appjail/usr/libexec ./usr/libexec
# ln -fs /.appjail/usr/sbin ./usr/sbin
# ln -fs /.appjail/usr/bin ./usr/bin
# ln -fs /.appjail/usr/src ./usr/src
# ln -fs /.appjail/usr/share ./usr/share
# ln -fs /.appjail/usr/lib32 ./usr/lib32
# ln -fs /.appjail/usr/include ./usr/include
# ln -fs /.appjail/libexec ./libexec
# ln -fs /.appjail/sbin ./sbin
# cd ..
# tar -C y -cJf bastille-yellow.txz .
$ appjail-user quick yellow import+jail="input:bastille-yellow.txz" virtualnet="development:yellow default" nat start
[00:00:01] [ info ] [yellow] Importing yellow ...
[00:00:01] [ info ] [yellow] Creating an empty jail ...
[00:00:04] [ info ] [yellow] Done.
[00:00:09] [ info ] [yellow] Starting yellow...
ea_yellow
eb_yellow
yellow: created
add net default: gateway 10.42.0.1
defaultrouter: NO -> 10.42.0.1
$ appjail-user jail list
STATUS NAME TYPE VERSION PORTS NETWORK_IP4
UP yellow thin 13.1-RELEASE - 10.42.0.2
$ appjail-user login yellow
root@yellow:~ #
# ezjail-admin list
STA JID IP Hostname Root Directory
--- ---- --------------- ------------------------------ ------------------------
DS N/A 127.0.1.1 blue /usr/jails/blue
N/A em0|192.168.1.127
# mkdir b
# tar -C /usr/jails/blue -cf - . | tar -C b -xf -
# cd b
# find . -ls | grep basejail
7723 1 drwxr-xr-x 2 root wheel 2 May 18 20:21 ./basejail
7721 1 lrwxr-xr-x 1 root wheel 14 May 18 20:21 ./boot -> /basejail/boot
7711 1 lrwxr-xr-x 1 root wheel 16 May 18 20:21 ./rescue -> /basejail/rescue
7707 1 lrwxr-xr-x 1 root wheel 14 May 18 20:21 ./sbin -> /basejail/sbin
8285 1 lrwxr-xr-x 1 root wheel 19 May 18 20:21 ./usr/lib32 -> /basejail/usr/lib32
8283 1 lrwxr-xr-x 1 root wheel 19 May 18 20:21 ./usr/share -> /basejail/usr/share
8284 1 lrwxr-xr-x 1 root wheel 21 May 18 20:21 ./usr/libexec -> /basejail/usr/libexec
8287 1 lrwxr-xr-x 1 root wheel 21 May 18 20:21 ./usr/libdata -> /basejail/usr/libdata
8281 1 lrwxr-xr-x 1 root wheel 17 May 18 20:21 ./usr/src -> /basejail/usr/src
8275 1 lrwxr-xr-x 1 root wheel 21 May 18 20:21 ./usr/include -> /basejail/usr/include
8279 1 lrwxr-xr-x 1 root wheel 17 May 18 20:21 ./usr/bin -> /basejail/usr/bin
8280 1 lrwxr-xr-x 1 root wheel 18 May 18 20:21 ./usr/sbin -> /basejail/usr/sbin
8276 1 lrwxr-xr-x 1 root wheel 17 May 18 20:21 ./usr/lib -> /basejail/usr/lib
8278 1 lrwxr-xr-x 1 root wheel 19 May 18 20:21 ./usr/ports -> /basejail/usr/ports
7714 1 lrwxr-xr-x 1 root wheel 13 May 18 20:21 ./bin -> /basejail/bin
7719 1 lrwxr-xr-x 1 root wheel 17 May 18 20:21 ./libexec -> /basejail/libexec
7722 1 lrwxr-xr-x 1 root wheel 13 May 18 20:21 ./lib -> /basejail/lib
# mv basejail .appjail
# ln -fs /.appjail/boot ./boot
# ln -fs /.appjail/rescue ./rescue
# ln -fs /.appjail/lib ./lib
# ln -fs /.appjail/bin ./bin
# ln -fs /.appjail/usr/libdata ./usr/libdata
# ln -fs /.appjail/usr/lib ./usr/lib
# ln -fs /.appjail/usr/libexec ./usr/libexec
# ln -fs /.appjail/usr/sbin ./usr/sbin
# ln -fs /.appjail/usr/bin ./usr/bin
# ln -fs /.appjail/usr/src ./usr/src
# ln -fs /.appjail/usr/share ./usr/share
# ln -fs /.appjail/usr/lib32 ./usr/lib32
# ln -fs /.appjail/usr/include ./usr/include
# ln -fs /.appjail/libexec ./libexec
# ln -fs /.appjail/sbin ./sbin
# unlink usr/ports
# cd ..
# tar -C b -cJf ezjail-blue.txz .
appjail-user quick blue \
import+jail="input:ezjail-blue.txz" \
virtualnet="development:blue default" \
nat \
start
# zfs list -r zroot/iocage/jails/red
NAME USED AVAIL REFER MOUNTPOINT
zroot/iocage/jails/red 22.0M 555G 25.5K /iocage/jails/red
zroot/iocage/jails/red/root 22.0M 555G 1.14G /iocage/jails/red/root
# tar -C /iocage/jails/red/root --zstd -cf iocage-red.tzst .
appjail-user quick red \
import+jail="input:iocage-red.tzst" \
type=thick \
virtualnet="development:red default" \
nat \
start
# zfs list -r zroot/pot/jails/white
NAME USED AVAIL REFER MOUNTPOINT
zroot/pot/jails/white 443M 555G 26.5K /usr/local/pot/jails/white
zroot/pot/jails/white/m 443M 555G 443M /usr/local/pot/jails/white/m
# tar -C /usr/local/jails/white/m --zstd -cf /tmp/pot-white.tzst .
appjail-user quick white \
import+jail="input:pot-white.tzst" \
type=thick \
virtualnet="development:white default" \
osversion=13.1-RELEASE \
nat \
start
# cat jail.conf
eight {
path = "/var/jail/${name}/root";
exec.prestart = "jng bridge ${name} em0";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";
exec.poststop = "jng shutdown ${name}";
vnet;
vnet.interface = ng0_${name};
mount.devfs;
devfs_ruleset = 10;
}
# tar -C /var/jail/eight/root --gzip -cf jail-eight.tgz .
appjail-user quick eight \
import+jail="input:jail-eight.tgz" \
type=thick \
virtualnet="development:eight default" \
osversion=13.2-RELEASE \
nat \
start
If you forget to pass the osversion
parameter or any image-dependent option, don't worry, you can easily modify these values. AppJail stores the jail parameters that are used by some operations in a single file, the path is {JAILDIR}/{JAIL}/conf/config.conf
(usually /usr/local/appjail/jails/{JAIL}/conf/config.conf
). If we read this file we can obtain the parameters to be modified:
# appjail-user jail list -j red name version
NAME VERSION
red 13.1-RELEASE
# cat /usr/local/appjail/jails/red/conf/config.conf
appjail_version: 2.4.0
birth: 1684532645
osarch: amd64
osversion: 13.1-RELEASE
jail_type: thick
release_name: default
# appjail-user cmd jexec red freebsd-version
13.2-RELEASE
Now, just modify the value you want to match.
# appjail-config-user set -Vt /usr/local/appjail/jails/red/conf/config.conf osversion=13.2-RELEASE
AppJail does not try to guess what the correct version is because it is an image-dependent option. For thickjails this does not hurt them, but for thinjails it does since they are version-dependent and AppJail tries a default value so that the imported jail simply works.
If you have a fstab(5)
file, you have two options: use that file with the mount.fstab
parameter in a template since AppJail respects that value or use appjail fstab
and configure each entry. I recommend using appjail fstab
as it is much easier to maintain and modify, but if your fstab(5)
file is very large, probably the first option is better.
If you or a framework touches a file like /etc/rc.conf
that might affect the jail, modify it so that it does not affect anything.