USC2025+SE2 — Backups for the people!

We have started deploying a new backup server, levering the zfs filesystem together with FreeBSD jails 🤓

FreeBSD jails: ZFS inside

So, we’ve seen how to create a native jail using FreeBSD’s toolset, and we’ve fine-tuned a few of its settings, including mounting select directories from the host into the jail.

Is that really enough though? 🙃

ZFS inside

We want zfs inside our jail, period!

But why?

Since we use a dedicated zfs dataset per jail, isn’t that enough? Well, dataset management (and anything disk-related) is handled on the host.

Practically speaking, this means that the root user inside the jail cannot alter dataset properties, nor create new ones.

FreeBSD jails: system tuning

So, we’ve seen how to create a native jail using FreeBSD’s toolset. Meaning we have a brand-new system to configure!

Jail characteristics

Some jail-related specificities:

• each jail runs with the host’s FreeBSD kernel;
• as a result, a jail cannot run a newer OS version than the host system;
• network is shared with the host by default, though the creation of vnet jails allows for virtualizing the entire network stack;
• a number of actions are performed from the host and are either impossible or redundant within each jail; this is obviously the case for anything hardware-related, such as physical disks’ management;
• one may want to share & centralize a number of operations such as logs;
• one may want to access some parts of the host’s filesystem from within a jail;

Jail configuration

Basic Setup

Let’s copy /etc/resolv.conf & /etc/localtime from the host into the jail, so that it can issue DNS requests, and most importantly be on time ;)