migrate - DtxdF/AppJail GitHub Wiki
Migrating FreeBSD jails from other frameworks to AppJail
AppJail will not implement a feature to import a jail from other framework, but this howto shows how to migrate from one to AppJail. This is very easy, it only takes a moment.
Note: Although a framework can support a variety of jail types, many of these examples have the same pattern you will see, especially with thinjails.
bastille
export
# bastille export --txz yellow
Exporting 'yellow' to a compressed .txz archive...
100 % 795.1 KiB / 7380.0 KiB = 0.108 773 KiB/s 0:09
Exported '/usr/local/bastille/backups/yellow_2023-05-19-150041.txz' successfully.
# mkdir y
# tar -C y --strip-components 2 -xf /usr/local/bastille/backups/yellow_2023-05-19-150041.txz ./yellow/root
# cd y
# find . -ls | grep bastille
5512 1 drwxr-xr-x 2 root wheel 2 May 18 19:52 ./.bastille
5516 1 lrwxr-xr-x 1 root wheel 15 May 18 19:52 ./boot -> /.bastille/boot
5524 1 lrwxr-xr-x 1 root wheel 17 May 18 19:52 ./rescue -> /.bastille/rescue
5528 1 lrwxr-xr-x 1 root wheel 14 May 18 19:52 ./lib -> /.bastille/lib
5519 1 lrwxr-xr-x 1 root wheel 14 May 18 19:52 ./bin -> /.bastille/bin
6252 1 lrwxr-xr-x 1 root wheel 22 May 18 19:52 ./usr/libdata -> /.bastille/usr/libdata
6253 1 lrwxr-xr-x 1 root wheel 18 May 18 19:52 ./usr/lib -> /.bastille/usr/lib
6250 1 lrwxr-xr-x 1 root wheel 22 May 18 19:52 ./usr/libexec -> /.bastille/usr/libexec
6261 1 lrwxr-xr-x 1 root wheel 19 May 18 19:52 ./usr/sbin -> /.bastille/usr/sbin
6255 1 lrwxr-xr-x 1 root wheel 18 May 18 19:52 ./usr/bin -> /.bastille/usr/bin
6254 1 lrwxr-xr-x 1 root wheel 18 May 18 19:52 ./usr/src -> /.bastille/usr/src
6258 1 lrwxr-xr-x 1 root wheel 20 May 18 19:52 ./usr/share -> /.bastille/usr/share
6260 1 lrwxr-xr-x 1 root wheel 20 May 18 19:52 ./usr/lib32 -> /.bastille/usr/lib32
6262 1 lrwxr-xr-x 1 root wheel 22 May 18 19:52 ./usr/include -> /.bastille/usr/include
5521 1 lrwxr-xr-x 1 root wheel 18 May 18 19:52 ./libexec -> /.bastille/libexec
5517 1 lrwxr-xr-x 1 root wheel 15 May 18 19:52 ./sbin -> /.bastille/sbin
# mv .bastille .appjail
# ln -fs /.appjail/boot ./boot
# ln -fs /.appjail/rescue ./rescue
# ln -fs /.appjail/lib ./lib
# ln -fs /.appjail/bin ./bin
# ln -fs /.appjail/usr/libdata ./usr/libdata
# ln -fs /.appjail/usr/lib ./usr/lib
# ln -fs /.appjail/usr/libexec ./usr/libexec
# ln -fs /.appjail/usr/sbin ./usr/sbin
# ln -fs /.appjail/usr/bin ./usr/bin
# ln -fs /.appjail/usr/src ./usr/src
# ln -fs /.appjail/usr/share ./usr/share
# ln -fs /.appjail/usr/lib32 ./usr/lib32
# ln -fs /.appjail/usr/include ./usr/include
# ln -fs /.appjail/libexec ./libexec
# ln -fs /.appjail/sbin ./sbin
# cd ..
# tar -C y -cJf bastille-yellow.txz .
import
$ appjail-user quick yellow import+jail="input:bastille-yellow.txz" virtualnet="development:yellow default" nat start
[00:00:01] [ info ] [yellow] Importing yellow ...
[00:00:01] [ info ] [yellow] Creating an empty jail ...
[00:00:04] [ info ] [yellow] Done.
[00:00:09] [ info ] [yellow] Starting yellow...
ea_yellow
eb_yellow
yellow: created
add net default: gateway 10.42.0.1
defaultrouter: NO -> 10.42.0.1
$ appjail-user jail list
STATUS NAME TYPE VERSION PORTS NETWORK_IP4
UP yellow thin 13.1-RELEASE - 10.42.0.2
$ appjail-user login yellow
root@yellow:~ #
ezjail
export
# ezjail-admin list
STA JID IP Hostname Root Directory
--- ---- --------------- ------------------------------ ------------------------
DS N/A 127.0.1.1 blue /usr/jails/blue
N/A em0|192.168.1.127
# mkdir b
# tar -C /usr/jails/blue -cf - . | tar -C b -xf -
# cd b
# find . -ls | grep basejail
7723 1 drwxr-xr-x 2 root wheel 2 May 18 20:21 ./basejail
7721 1 lrwxr-xr-x 1 root wheel 14 May 18 20:21 ./boot -> /basejail/boot
7711 1 lrwxr-xr-x 1 root wheel 16 May 18 20:21 ./rescue -> /basejail/rescue
7707 1 lrwxr-xr-x 1 root wheel 14 May 18 20:21 ./sbin -> /basejail/sbin
8285 1 lrwxr-xr-x 1 root wheel 19 May 18 20:21 ./usr/lib32 -> /basejail/usr/lib32
8283 1 lrwxr-xr-x 1 root wheel 19 May 18 20:21 ./usr/share -> /basejail/usr/share
8284 1 lrwxr-xr-x 1 root wheel 21 May 18 20:21 ./usr/libexec -> /basejail/usr/libexec
8287 1 lrwxr-xr-x 1 root wheel 21 May 18 20:21 ./usr/libdata -> /basejail/usr/libdata
8281 1 lrwxr-xr-x 1 root wheel 17 May 18 20:21 ./usr/src -> /basejail/usr/src
8275 1 lrwxr-xr-x 1 root wheel 21 May 18 20:21 ./usr/include -> /basejail/usr/include
8279 1 lrwxr-xr-x 1 root wheel 17 May 18 20:21 ./usr/bin -> /basejail/usr/bin
8280 1 lrwxr-xr-x 1 root wheel 18 May 18 20:21 ./usr/sbin -> /basejail/usr/sbin
8276 1 lrwxr-xr-x 1 root wheel 17 May 18 20:21 ./usr/lib -> /basejail/usr/lib
8278 1 lrwxr-xr-x 1 root wheel 19 May 18 20:21 ./usr/ports -> /basejail/usr/ports
7714 1 lrwxr-xr-x 1 root wheel 13 May 18 20:21 ./bin -> /basejail/bin
7719 1 lrwxr-xr-x 1 root wheel 17 May 18 20:21 ./libexec -> /basejail/libexec
7722 1 lrwxr-xr-x 1 root wheel 13 May 18 20:21 ./lib -> /basejail/lib
# mv basejail .appjail
# ln -fs /.appjail/boot ./boot
# ln -fs /.appjail/rescue ./rescue
# ln -fs /.appjail/lib ./lib
# ln -fs /.appjail/bin ./bin
# ln -fs /.appjail/usr/libdata ./usr/libdata
# ln -fs /.appjail/usr/lib ./usr/lib
# ln -fs /.appjail/usr/libexec ./usr/libexec
# ln -fs /.appjail/usr/sbin ./usr/sbin
# ln -fs /.appjail/usr/bin ./usr/bin
# ln -fs /.appjail/usr/src ./usr/src
# ln -fs /.appjail/usr/share ./usr/share
# ln -fs /.appjail/usr/lib32 ./usr/lib32
# ln -fs /.appjail/usr/include ./usr/include
# ln -fs /.appjail/libexec ./libexec
# ln -fs /.appjail/sbin ./sbin
# unlink usr/ports
# cd ..
# tar -C b -cJf ezjail-blue.txz .
import
appjail-user quick blue \
import+jail="input:ezjail-blue.txz" \
virtualnet="development:blue default" \
nat \
start
iocage
export
# zfs list -r zroot/iocage/jails/red
NAME USED AVAIL REFER MOUNTPOINT
zroot/iocage/jails/red 22.0M 555G 25.5K /iocage/jails/red
zroot/iocage/jails/red/root 22.0M 555G 1.14G /iocage/jails/red/root
# tar -C /iocage/jails/red/root --zstd -cf iocage-red.tzst .
import
appjail-user quick red \
import+jail="input:iocage-red.tzst" \
type=thick \
virtualnet="development:red default" \
nat \
start
pot
export
# zfs list -r zroot/pot/jails/white
NAME USED AVAIL REFER MOUNTPOINT
zroot/pot/jails/white 443M 555G 26.5K /usr/local/pot/jails/white
zroot/pot/jails/white/m 443M 555G 443M /usr/local/pot/jails/white/m
# tar -C /usr/local/jails/white/m --zstd -cf /tmp/pot-white.tzst .
import
appjail-user quick white \
import+jail="input:pot-white.tzst" \
type=thick \
virtualnet="development:white default" \
osversion=13.1-RELEASE \
nat \
start
vanilla jail
export
# cat jail.conf
eight {
path = "/var/jail/${name}/root";
exec.prestart = "jng bridge ${name} em0";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";
exec.poststop = "jng shutdown ${name}";
vnet;
vnet.interface = ng0_${name};
mount.devfs;
devfs_ruleset = 10;
}
# tar -C /var/jail/eight/root --gzip -cf jail-eight.tgz .
import
appjail-user quick eight \
import+jail="input:jail-eight.tgz" \
type=thick \
virtualnet="development:eight default" \
osversion=13.2-RELEASE \
nat \
start
Recommendations
image-dependent options
If you forget to pass the osversion parameter or any image-dependent option, don't worry, you can easily modify these values. AppJail stores the jail parameters that are used by some operations in a single file, the path is {JAILDIR}/{JAIL}/conf/config.conf (usually /usr/local/appjail/jails/{JAIL}/conf/config.conf). If we read this file we can obtain the parameters to be modified:
# appjail-user jail list -j red name version
NAME VERSION
red 13.1-RELEASE
# cat /usr/local/appjail/jails/red/conf/config.conf
appjail_version: 2.4.0
birth: 1684532645
osarch: amd64
osversion: 13.1-RELEASE
jail_type: thick
release_name: default
# appjail-user cmd jexec red freebsd-version
13.2-RELEASE
Now, just modify the value you want to match.
# appjail-config-user set -Vt /usr/local/appjail/jails/red/conf/config.conf osversion=13.2-RELEASE
AppJail does not try to guess what the correct version is because it is an image-dependent option. For thickjails this does not hurt them, but for thinjails it does since they are version-dependent and AppJail tries a default value so that the imported jail simply works.
fstab
If you have a fstab(5) file, you have two options: use that file with the mount.fstab parameter in a template since AppJail respects that value or use appjail fstab and configure each entry. I recommend using appjail fstab as it is much easier to maintain and modify, but if your fstab(5) file is very large, probably the first option is better.
files touched by other frameworks
If you or a framework touches a file like /etc/rc.conf that might affect the jail, modify it so that it does not affect anything.