Working with FreeBSD 13. x JAILS

1. Introduction: Welcome at the FreeBSD mastering jails course. This course is all around running the jails. Jails are very smart way integrated deep into FreeBSD for running applications. And separate secular way. It's kind of container based environment which enables running different applications or the same applications, but different versions insecure way separated from each other. In this course, we are going to use VirtualBox as lap and very mount. We install FreeBSD from the scratch. We use FreeBSD version 13, but this is applicable for the older or new FreeBSD versions. There are several tools available for managing Free BSD jails environments. We are going to use a Bessel BSD in this course, vessel BSD as quiet complete two available for j also management on FreeBSD environment Bastille BSD actually covers all aspects of maintaining and managing jails and environments. It's available for running on the server, standard server platforms like Intel based platforms, but also there is a Raspberry PI support. And two, we are taking a look in special chapter for installing jails on Raspberry PI. We are going to see what the Raspberry PI free model is able to do running FreeBSD with the jails enabled. We can see all gels running. And in this 1 gb RAM device, we use this special version of FreeBSD devoted to Raspberry PI device, who we are using. That of course, at the end, we stick most of the time in the console running bass solo BSD command for managing jails in many different ways. So welcome again at the scores. And let's start with the setting up the environment and using vessel BSD for maintaining the jails inefficient way. 2. What are Jails anyway: What our jails, That's actually the question. And we start with the question at the very beginning of this course. Jails based on information from the different websites is actually the system for administrators to enhance security of freebies. This system, we, we think about gels as containers or way how to run application in the safe environment. And this is actually true. But in general is saying gels are a security feature using the jail so we can secure running a different kind of application in FreeBSD environment. And non FreeBSD world, we have a concept of parts or containers or other staff very similar to debt. In FreeBSD environment, we have something called jails that help us to run gels in or application in a very secure environment. There are actually many use cases. So for the gels to be used, we can use jails for testing environments. We can use a jails for a complex system to two and we can split dose system into separate jails and secure DOS system from each other. We can use jails simply to run the same application in, in separate environments like hosting websites or running two different versions of the same SQL Server just to test it or provide a SQL Server or two different versions for different applications. We can use jails to separate from security and practical reasons. 3. What are Jails good for?: So let's think again what our jails actually good for it. We can take a look into handbook. There is actually the entire section on jails, the details. And we have also information about why jails, what are NGOs involved in? And it's kind of a background and manner and to have some installation stuff here. And we will not actually use because who we will use the best style BSD for maintaining the jails. But from the jails purpose point of view, we can see they're all, we can take a look at our C jl, like a type of operating system level virtualization. So if we are using containers in e.g. a. Docker environment on some other operating systems. We can see the jails in very similar way. We can run different applications. So already we can run the same applications application in several instances in separate jail or virtual environments. On FreeBSD environment. Jails support complete separation on, on precise levels, on network level and running applications, sql server, web server, anything like das in jail. We separate those applications from each other. Those apps are running a separate jail and we also separate the application from the host, meaningful that host FreeBSD Operating System so we can avoid security issues or attacks. If application is running in a secure virtual environment. 4. Tools for maintaining Jails: Let's take it to tools we have available for managing THE else environments. We can use jail commands from the FreeBSD itself, just kind of low-level configurations and different places. Configuration files and using gear B is the install in jail and things like that. All the documentation is actually in the FreeBSD handbook. It's possible to use jails in this way. It's, as mentioned, a kind of a low level and usually not. What do we would like to use in a production environment, especially running as several jails are many GRC in one environment. Another tool for managing JLS ease is too cold. Either jail, It's actually highlight it by hand, we'll get sulfur. There is a separate website for easy jail, but this tool, chocolates working and nice to use, it's actually quite old. M2 not updated anymore. So we can see the latest update is from 2015, so it's quite old and might not reflect the latest changes in jails. So it's also available for managing jails and you can find many tutorials on using easy jail. But we are not supposed to use it in this, in this course. We have one of the latest achievements here we have a pot. It's a tool for managing GFS clusters or creating a container environment using a gel. So it's a bit different tool, but also a very nice and important to watch the future. So there is even a nomad driver for part, but it's an ongoing effort and to not sure if it's ready for production right now. But definitely the one to be watched for the future. And the latest tool or another one is the best trial. Bsd, it's approved jack two we are going to use in discourse and we use the best style BSD for managing jails, say in the FreeBSD environment, it's quiet up-to-date to the recent updates available and it will be it's been updating at least a quarterly as we could see, for the last couple of months and years. And there is extensive documentation available of that tool. In tool is tested in various environments like comments, server platform, Raspberry PI, and Cloud environments as well. So that's a very nice handy and tool. We have a lot of features. And this is actually the one we are going to use underscores, as we mentioned. We will go deep into that tool and we actually explore every possible, almost every possible feature are coming with this, with this tool. This tool can be installed as we could see on the fresh FreeBSD, it's rather a lightweight tool. There is a very active for good help improve jack. So if you have any issue or a question and you feel like that, you can ask here on the good help or even you can give it a star if you like. The project is quite active. So there are recent updates and this is actually the reason why we switch to latest from the quarterly on the FreeBSD. 5. FreeBSD download: Hello, Let's start with bolding up lab environment. We have to download for years FreeBSD first. So we have to anther freebsd.org website and we have to find a proper way to download the image that fits our, our local environment. So we have a version of 13 available as of recording this course. So we use production version. So clicking on Download FreeBSD, we just move to FreeBSD download. We have several versions and installation made media available for downloading and installing FreeBSD. We choose among architectures. In our case, we use AMD 64. It's very come on, a PC environment and data. We have also a lesson or lecture about Raspberry PI free. So we use ARM architecture for this purpose. So we started with the Intel-based processors or AMD based processors first, and then we use a Raspberry PI MH architecture. So we have many architectures and installers type available for installing FreeBSD. And we choose the right thing to go. For our purpose, we are going to use a MAD six to four image. We have several options here. Installation media available for the different format and size. It really depends on the situation you are in. For our purpose, we use ISO image as installation media we can attach to our virtual computer we are supposed to use and we have a size options here we use a disk one option that actually contains everything we need for our FreeBSD minimal installation. So this is a version for Intel-based processors. Of course, as we mentioned, we are supposed to use Raspberry PI as well in this course. And for that purpose, we don't use installation media as such. We use an image suited for SD cards. It actually, it's actually a full-featured installation of FreeBSD we just laid out on the SD card and its installation down and configure it already because Raspberry PI is actually fixed the hardware, so there is no need for a specific installation. Installed already. So we have several options here. We use this one, as we mentioned, AMD is six to four disk one dot ISO image. And it's actually what we need and what we're supposed to use in subsequent lectures. 6. LAB environment using VirtualBox: Okay, so let's continue with the installation of Brucella box. We use a version seven, which is the latest one. As of recording this course, VirtualBox will be just a base environment for our installation. There is a support for a different kind of operating system, BSD systems included. So it's not mentioned. Here. We have OpenBSD, but FreeBSD is fully supported as environment, running environment for a VirtualBox. Images. We use VirtualBox on the Windows machine, but we can install VirtualBox on some other platforms, including MacOS, Mac OS, or Linux. It means you can download the installation media based on your host operating system you are using and your experience will be the same as the scores. Virtualbox installation is quite a straightforward process. You should have VirtualBox installed on your computers. So again, we have a version seven, but there are just a slight differences usually between versions. We can create a new virtual machine for our FreeBSD jails environment. So you can name it as a free as FreeBSD. Third, one, jail. We select target folder for image file. So we select our installation media we just downloaded in the previous lecture. And of course it was detected that this is a FreeBSD. So we have a BSD operating system type pre-filled, even a version. It's a 64-bit version of FreeBSD being installed. So we can go next here. And we can just specify their other staff, which is related to our VirtualBox environment. We're not we're not doing installation right now, we're just creating environment virtual computer here we use for installing FreeBSD. So we assigned a memory size. It really depends. One gig is kind of a minimum we use here. And we increase a processor or core processor, core and numbers for our course to free. So we have one gig of RAM, and we also create virtual disk, virtual hard drive here, but it will be dynamically expanded so we can create even a higher size data we would use. And it will be we started with a minimum and it will be expanded as installation is proceeding. So we are quite safe here and we have an overview here of what we're going to create as a FreeBSD environment and it's down. So if you have to see it in VirtualBox environment on the left side. As virtual environment is created, we can just review it. We can adjust some settings if needed, and we actually do and networks setting, we created a breached adapter and we use wireless network as it is available on my course computers. So this is actually, I think the only one thing we do as after virtual environment is created, so we change the network settings for our installation. So FreeBSD is supposed to detect our Wi-Fi network and connect to that. And we can use in excess internet for our virtual environment. 7. Minimal FreeBSD installation: Okay, so let's continue if providing a minimal FreeBSD installation on our, in our new VirtualBox environment. So we just created environments suitable for FreeBSD VirtualBox nails and supports FreeBSD and we assign it installation image to debt environments. So when we start our machine in VirtualBox, FreeBSD installer actually store it correctly. So we can see this FreeBSD screen at the beginning. And we should see some iloc messages running curve food the screen. So this is just correct thing can't, we can just wait for the installer to start and provide us with kind of a step-by-step guide we use for installing FreeBSD in a minimal installment hardware being detected through the FreeBSD started. So we can just click on the start and end. As a first step, we select keyboard settings. So based on your environment, you can select your keyboard settings that fits your fingers. We choose a host name for our machine. Now so we can name it as, as a FreeBSD. Down. We can continue and we have several options here. We just leave it as those are, so we can just continue. And now we select or support for that file system. So we use this auto option for installation. So let's continue with it. Now, FreeBSD is checking our hardware chicken installation media, and proposing some default settings for file system set up so we can just leave it as the settings are. We have one disk drive, so we use a stripe, no redundancy installation, so we have to select hard drive. We now work with the virtual hard drive we creating, we created during a VirtualBox setup. So we select the hardwired hard drive. We confirm that we would like to erase or destroy the content of our virtual disk. And installation actually starts right now. So desk is being prepared and installation files or runtime files are actually moved or copied to our hard drive right now. This process is actually running based on your hardware, is p two and disk drive speed as well. So it really vary on situation you are in, but you can simply watch how the file so it'd be copied and everything from the installation media. And we use the ISO installation image. So all the files or file is related to our minimal kind of installation are being moved into our hard drives. So the process we can see here the performance or status of the installation. So we can just skip it and move on. So we are almost down here. And now we continue with the installation process. So we have to assign a password for root access so you can select the one based on your situation. Then network card or network adapter is being detected. And this is actually Virtual Network Adapter recreated in VirtualBox environment. So it has been detected in VR. Asked her whether we use, whether we would like to use DHCP. So my local environmental EY will actually assign the IP address and all related information like a DNS or or primary gateway for accessing the outside networks. So we can continue with this settings. We use some time zone relating settings. Also the setup relates to your local environment use so you can choose the right option for your situation. So let's continue wherever the time setting as well. And to we hear in this dialogue, we set the SSH being used and we can review several options here. We can just continue with those. And down, we are at the end of the installation actually. So we can just review where we can change several things if needed. Or we can simply exit and to restart our system so we can review everything we just created or do. We can continue and we can restart our just refresh installed FreeBSD Operating System. So we just have just done installation process in a very quick way. It's not part of our brand, really part of our course actually. So you can continue and you can reviews, maybe other courses or documentation on how to install FreeBSD. So Dan, we actually restart our virtual computer. So now FreeBSD, starting from our installed computers, our installation disk drive. So it's not installation image running, but it's actually to install FreeBSD we just completed a couple of minutes ago. So again, the hardware settings or hardware available in our virtual environment is detected by FreeBSD. So at least a network adapter is detected and we can see on the screen and it'll lock that Wi-Fi assign an IP address to our network adapter. And now we are here in the console. We can see as this H is running, SSH, server is running in our environment and we are at the end where the lock screen available. We created a root password during the installation process. So this is the right one we can use to lock in into our Fresh FreeBSD installation. So let's try it. And you can see this is a welcome screen for a latest version of the FreeBSD as of recording of this course. So it's FreeBSD one. And also things we are presented in the scores are related to this FreeBSD version. 8. Connecting to SSH from the outside: Just to continue building up our lab environment for FreeBSD Jails. Set up in different configurations we create or we allow SSH outside connection to our local FreeBSD environment for running. So we have the adapt through, we have this IP address being assigned from the Wi-Fi connection. So we just have to allow SSH running on this FreeBSD installation, allowed the external access from the outside. So let's connect to our local FreeBSD installation. We use the password we assign to during installation process and we have to add it SSH server configuration file. We have this on this path. We use a VI for editing as it is available as default. And we have to find out actually the line that permits root login to our FreeBSD environment from the outside, this is not production ready setting and it's not avoided to permitting root login in production environment, but for our lab environment, this is just correct and there is no issue with debt. And it will just make things a bit easier for our installations we are going to do in upcoming lectures. So let's start, let's restore it, it SSH server configuration is applied and we should be able to connect to our FreeBSD environment using SSH client so we can look out. So we're not locked in into VirtualBox UI directly and we are using smart TTI. It's a wonder of Windows-based SSH clients. We can use the IP address who we got assigned to our FreeBSD. We use a root password, username, and the password. So we can name that connection appropriately and we use the password for the root environmental, we are not required to enter your password every time we login into our FreeBSD using this client. So we have everything in place and we can try to see if connection is working for us. So let's try to connect to our FreeBSD computer. Connection was actually successful. So we can see this introduction are welcome. Message coming from FreeBSD installation is a default message. You should see something very similar on your side when installation is down correctly. And if you can lock in to FreeBSD, so we can just check the name we can see in FreeBSD with the version 13 is running here, we have that AMD has 64 version as we installed, and we can access that FreeBSD installation from the outside so we have a better client to being used in this course. And you can choose to your SSH client on your side who which you prefer and just doing data setup, we can access SSH server as a route from the outside. 9. Updating FreeBSD to latest version: Okay, so let's finish up with updating our FreeBSD installation to latest version means applying the latest updates available in the FreeBSD repos. So we can use standard FreeBSD update, fetch, and install command. So when networking is actually working correctly, so we did a setup during installation process. So we can access the Internet right now using this FreeBSD update commands. So we'd be as V is actually fetching latest updates detail from the Internet and applying chicken Cover System, comparing things and installing anything can you and necessary for new app, install, update or anything like this. So let's see if installation process or outdated processes can find anything from our fresh install system. It may vary on your install it FreeBSD version. We are working just to recall, FreeBSD version of 13 delta one. And yeah, we have some information on the screen. So this FreeBSD update fetch just finished up. So we can just review what's being updated to n. We have to just continue with that. So let's check it. And so let's continue. We are in kind of a VI, VII like editors who we have to just review changes and quit. And the installation process is proceeding or update process is proceeding. And it's installing updates, as you can see on the screen. So it's just self running process and we are actually done. So freebies the update finished up. All updates required for our system so we can restore it. Our FreeBSD installation, and to be sure that we are running the latest packages available after this update. So we were disconnected from our SSH or in our SSH client. So we have to wait when FreeBSD is install, update here to or restarted with the latest updates. So let's just wait for a couple of seconds. This Free BSD Operating System star is quiet. Fast, really depends on your hardware and you are running under VirtualBox environment, which slows down everything. I bet it's still fast enough to, to be usable for our test cases so we can reconnect. And we are here again. We have the version updated. We have this P2 at the end of the release information, so we have the latest updates available. We can use this username as well to get information about the latest. And we have that at P2 release naming as well. So we can just check again. We can see there are no updates available to install, so there is no need for anything. In this area. Now we can, we can install some useful packages. We use a package manager that it's working with, binary files. So you pee, pee, K, G command. We use Bootstrap that came out first. So PKA, PKA G command is actually installed on our local environment, FreeBSD, and we can now install some packages, ligand Nano text editor. So if Internet connection is working and actually everything is set up correctly, we can see the installation command is fetching nano from the Internet. Just inform us about packages are being installed and ask for confirmation. And if we just agree with that, we can install the nano and dependencies on our FreeBSD. So this way we are going to fetch, we can fetch anything we need into our FreeBSD environment is very easy to do so no need for a compilation on or any kind of a low level installation process. We are just installing binaries for our platform. We are on an AMD 64. And you can see it from this bootstrapping message, as you can see highlighted on the screen. And we can see that we are fetching data or we are fetching packages from Quarterly rapport. So FreeBSD is actually maintaining several reports for each architecture. And the default one after freebie on z installation is done is quarter repo. And to you for our purpose, to have a latest packages, especially those related to jails, we a switch from Quarterly to latest repo. So then we can update our system and get the latest packages available. Note that just deals that are put into quarterly repo to switch the repo to latest updates. It's quite straightforward process. We have to create some help or folders in the user local part of our installation disk space. So we have to create a the local EDC repos folder. It's not existing on the fresh installed FreeBSD. And Dan, we have to we can just take a look at the default configuration we have for this quarterly environment. And we have to take this freebsd.com file and we can review it first. We can see it contains repo inflammation or URL to repo and two-quarter quarterly version of this repo. So now we have to switch you to later. Okay, and now when full loose created, we have to copy this default configuration file or two to user local or under the user local sub folder we just created. So just make a copy of this FreeBSD dot conf configuration file in the folder we created. And now we have to add that debt copy of FreeBSD carve and change the quarterly report to latest one. So then when update commands or installation command is being used, the latest rapport is being used as well. Because this configuration and just override default one from slash, ETC. So it's very straightforward and safe when updating FreeBSD, e.g. so we are switched to latest, just, just switching the URL. And Diana, we can use the package command and do an update and see if there is anything coming from this latest wrapper so we can see the rapids actually updated first. So it's updating rep, repo or fetching repo, updating repo. And then we can call Package upgrade and see. Is there anything we have get we have everything up-to-date, so there are no updates available for things we installed and we actually only install Nano editor, so there is no update available yet, so we can now install some other helper packages like midnight commander bash and some other stuff if needed. So let's, let's do it. Now. We can see if Internet connection is fast enough for everything is detected, all dependencies are gathered and how we can install those packages we are going to use during working with jails on the FreeBSD. So this installation is actually part of the creating a lab environment using a virtual box. We just installed FreeBSD or download air to install FreeBSD. We are updating FreeBSD to latest version and we are fetching some helper packages we are going to use. So it's very easy to do so and very straightforward. And we are creating an environment for our lectures that are coming just in a minute. So having done done, we can see there is some status information off to a package installation. So we can just review that e.g. a. Free color utility for getting memory information is available, so it's been installed correctly and we can see memory information are coming for our fresh and free beings. The installation. Here we have a midnight commander also installed correctly so we can navigate through the file system using a midnight commander. And yeah, we are good to go. So we have everything in place and we can start working with jails are just starting building up gels environment as part of this course. 10. What is BastilleBSD ?: Let's continue with exploring Bessel BSD. Bsd is a project for managing jails. As we mentioned earlier, there are several tools for managing jails available on the market. There are some tools you can use directly from the base FreeBSD installation. So we can actually use existing FreeBSD commands for managing jails. Kind of use of those tools is a bit low level and it's not what we are supposed to use in this course. But there is a bunch of documentation that's worse, read at least to get the overall idea what the jails are and how to use them in general. But we are in the score is going to use the best or BSD, which is quite up-to-date project for maintaining or managing jails into FreeBSD environment. There is a very nice website to have documentation for each aspect of this of this tool. The features that these two offers or covers for maintaining or managing jails are using Automation templates. We can set a networking network ray directions we can create, remove jails, adjust the content, and to all the aspects of the jails are actually covered by Bastille BSD. Platforms supported by Bessel. Bsd includes her Come on Intel servers, but we also use this Bessel BSD for maintaining jails on Raspberry PI, e.g. Bessel be as this actually one command or one utility that can handle all the jails, IT-related stuff. So it's also worth to review a GitHub project page. You can actually see development process if you find any bark or issue have, you can report on the good hub issues already. And you can even review any changes coming or upcoming. In the next release, it's it's worse to to maintain that website and time-to-time to look at the progress Virginia is doing. There is also a bunch of recommendations included in the Bastille BSD. From the overall inflammation, installation process or setting governed network or using key commands. Bestseller BSD is actually providing for managing go jails. So this is actually the tool we are going to use in discourse in deep. So we are going to use the tool in every aspect the tool is providing to us. As being said, there are many other things you can find on the Internet for managing the jail, so it's still valid OK. sharon, but really depends on your situation, actual knowledge. We recommend vessel BSD at this time because this project is very alive and being updated frequently. 11. BastilleBSD intallation: Okay, so let's take a look how Bastille BSD is supposed to be installed. We have a fresh install, FreeBSD on our VirtualBox lap, as we have done in previous sections. And two, what we're going to do, we're going to use a package command to install best hills. So it's command is quite easy to use. We, we installed Bastille from the official repo. W is the latest version as of recording this course. So the actual version on your site might differ a bit. We also switched to latest repo of our FreeBSD. So we are getting the latest, the Bastille being available for FreeBSD. So this is, I think, right thing to do. And two, when installation completed, we can see Bessel running a basketball lists, all commands available. So we can see the Bastille is actually installed correctly on our FreeBSD and available to use immediately. From the list on the screen you can see a bunch of commands are available from the Bastille came out and we are going to look at the dose usage scenarios or commands for the Bastille for the, each section of this lecture. So we are going to explore everything the Bessel actually providing for our jails environment, for using a Bastille on our fresh FreeBSD installation. It's quite useful to enable best fill for starting when FreeBSD actually store it. So we can use this says R C command for enabling Bastille in RC, don't dot com. It's actually quite standard procedures when enabled in our configuration file. Or we can start Bastille as a Service so we can write down the service best, it'll start. And we can see just conformation on the screen coming, starting Bastille jail. And we can see that there is no error, no issue reported. So Bastille is actually running on our system correctly. So there is, we can just review it. We can see the list of processes. If everything is just okay. The system we are supposed to run a gel so on is configured correctly. Using the simple installation Bruce has Bastille. It's actually available on our FreeBSD. So we can again review the list of commands available and we can see Bastille provides support for everything. Jails actually supported, supports on FreeBSD. So it's a one tool that can handle all situations and scenarios GL supports on FreeBSD. 12. Bastille Configuration: Okay, so let's continue with the best will be as the configuration for our fresh FreeBSD installation. So we have Bastille command or Environment installed already. And two, we can do some initial configuration. So for that we have pesto.com located in usual local, ETC, Bastille folder. And it will be the same on your site. And this is actually the file which holds the significant configuration for Bastille command or environmental running. So we can use a nano editor, you can use any other editor you are familiar with. And we can see this configuration file is actually full of kind of a default, default settings we can chest and we shoot at just if e.g. we use that as a file system. To make Bessel BSD work properly, we have to change default settings like enabling that f z OS support, setting that pool or FAS pool name. At least. So those things are data when configuration is changed available and the proper zip file system support is enabled for Vestal BSD. If needed, we can change anything else if there is any requirement. And if you find out that your configuration of Baskin-Robbins D is not correct in some situations. So actually this configuration file is the key place to review default settings and you can change those settings as needed. There are some, there is some documentation on Bastille BSD website. And even in this configuration file, we can see some sensitive, sensitive defaults available. So if you use that FAS, those changes we just did are required. Others are quite optional and there is no need to change anything else. So again, when we write out or call Bessel command, we can see the list of options. Now on the screen. There is actually the first one named a bootstrap. We are going to use after awhile. But very common command here for the best tail handling is bestseller list. And it actually lists of available jails running on our FreeBSD system. So every time we do some changes, creating a jail environment, we moving, changing IP address or anything else using a Bastille list command, just list all jails running on our system. Now, the first thing we're going to do, we are going to bootstrap configuration environment for our FreeBSD jail. So let's take a look at the FreeBSD version we're running. So we're running 13 dot one release P2 version. And we use this name for bootstrapping FreeBSD for the creating a jail environments. So we use the command Bastille bootstrap. We use this 13 dash, one dash, release, an update. And it actually downloads several files from the internet. What it's doing, it's actually bootstrapping, bootstrapping FreeBSD files. It's a onetime operation. If we use this 13 good one release version for every jail we are supposed to create. We need to bootstrap this release only once. So we do it at the very beginning of this Bastille command being used. So it's usually just the initial thing. So initially we have to download a bunch of the data from the Internet. It will be a cached by Bastille be as D and used every time we are going to create a jail using this FreeBSD release version. So when finished, we can see this validated check some information and all the green inflammation of the screen actually confirms that download is being done properly in installation files or those packages are extracting into cache folder of the Bastille command. So as mentioned, it will be used to every child. We are going to create a jails based on this particular release. We actually can use even other release which differs from the FreeBSD we are actually running. Of course, we can only run a prior version compared to the FreeBSD version we're running. So if we are running FreeBSD version 13 right now, we can't run a gel based on version 14, e.g. so now all the files have been extracted. So we can see a down at the bottom, All the command window. So everything has been done, has been done correctly, installation, updates and everything is down. So using debt, one command actually updates local cache. If this release files are not available, are downloaded. It's a onetime operation. So it takes some time and we bound through if it's just one time and it will reuse those files for any jails have been created. 13. Creating a first Jail: Okay, so let's start with greeting for his jail using your Bastille BSD command on our FreeBSD of 13 operating system. As we have seen already, we have a several commands every liberal for Bastille and one-off dose is best to create. It. Actually creates a thin container based on that option and we specify. So first thing, we have to review and just recall the network settings we have available in our FreeBSD system. This naming may vary based on your local installation. But we have here e m zero network adapter available with IP address assigned. And two, we use this information for creating our first jail. So let's write down the entire command we are going to use. So it's Bastille create. We name our jail, so we name it as jail one. Again. We specify FreeBSD release or FreeBSD version is the one we just bootstrapped as a part of initial process. Then we assign an IP address to our new jail and specify a network adapter name. So what do we need to specify is actually FreeBSD version. It's the one we would strapped. We specify our gel layer, we specify a new IP address. This J L is supposed to be available from the outside. And we specify all saw the network adapter. So having all these things in the place and when all these things are correct, we can create our first jail. There are other options for the Bastille create command we are not using right now. But that's just kind of a minimum for creating a new jail. So when we click Enter, we can see a process for creating the gel storage and even a finish. It's quite a quick process. And we can see there is some validation at the very beginning. The IP address and network adapter name is being validated and it's valid in our case. And Dan, the entire process for all the necessary steps is running. We can see some kind of output. We can see jail one is being created for all the file system like a settings and other staff related to the running jails. In FreeBSD environment. Things that are created are created as a general bales base, the jail, but we are using the best tool command which simplify things. We can also see where the Bastille or JS file system is actually keep the n inside our local file system. So we can see there is a directory structure. Bastille is keeping updated. And we can see there is a GLP-1 sub folder created with all the information for the jails to run. Just fine. We can use Bastille the list, as we mentioned earlier, we can see a list of all jail so running on our system. So there is a jail, is a jail ID. There is an IP address. We specified our best to create command. There was a jail, so host name and a path. It's a path we just mentioned on the file system. If we specify or enhance this best Bastille list command, we can list all. Now all jail. So running on our system, even if jail is up or down. So now we have a state column here with information that this jail, this new jail was created and started properly. So it's up and running at this time. We can see the release information as well. So we can get a quite complete overview of the All Js, js running on our system as being sad when jail or was created is, was, it was also started. So it's up, as we can see on the bestseller list. And it means we can connect to jail or jail should be responding to some commands Bastille actually provides. So let's also check list of processes. And we can see we have some processes with this j in the stat Column means those processes in the list are running inside the jail. So we can even enhance that process list command with that dash 0, J, L. And we have the jail column available in the output. And we can see there are some processes running inside the jail once or simply means the jail one is running. Sum of processes we can see in this complete list are running inside the jail. So it's quite handy enhancement for listing all processes running, especially when we have a several jails running in our FreeBSD. So we can actually see what, what's running in each jail, particularly jail environment. So it's quite handy and we can get a quick overview how the entire system look like. And of course, this report just list jails are up. So the processes insides are actually alive and running and we can see it in this list. We can also review our net force setting. We can see this adapter we specify during gel create command. And we can see we have this initial IP address, which is coming from our Wi-Fi. And the second one, the second IP address. This is actually the one we specified when creating the jail. So when we list all the jails, we can see the IP address, and this is actually the one we can see on the network information we just listed above. So this is just a quick overview that everything is actually quite transparent from the operating system or FreeBSD point of view. So there is no doubt know kind of a hidden settings or something not visible. For the administrator. Everything is using a standard FreeBSD features like alliances for network adapters. So this Bessel is just making things a bit easier to handle. So when we assign the IP address during basketball career process has been used and this network sad thing was set up for us so we don't need to do it manually in some separate steps. So also, it means when we destroy or delete the jail, all this networking information is deleted as well altogether with other staff related to the jail. So we can use just this simple commands for creating or destroying the anterior jail. 14. Making a VirtualBox snapshot: Okay, So let's add kind of a bonus lecture and discourse and we can take a look how we can do effects of our FreeBSD environment in virtual box. For that purpose, we can take a snapshot of our running and environmental. We have FreeBSD CPU installed, configured, updated. We installed a Bastille command, and we also bootstrapped fresh FreeBSD environment for being used in jails. And we can take a snapshot in VirtualBox means debt. When we add on that, when we install anything else, we do some kind of configuration and when we screw up things we don't need to and we are not able, e.g. to downgrade or uninstall something, we can simply go back and restore our previous status or stage of our environment so we can restore it. So when we then start FreeBSD, we create some jail or we change configuration in the way we would like, we would do, not like to do so. We can simply restore FreeBSD in VirtualBox to previous state. So we can actually use deaths option whenever we need. If we screw up something, it's very easy way how to get back to the fresh environment without any additional changes. So we are saved to do anything in our FreeBSD because we know we can go back in time and restore in the previous version, we can actually create a man is snapshots or take snapshots for any other changes. So we can actually the stack dose snapshots based on each other. And we can Dan, go back in time and restore the snapshot we actually need. So we are starting the FreeBSD now after we create the snapshot. So FreeBSD is going to start up. We can see the best tail is also starting and network settings are applied. And we can see here, because Bastille has been enabled as a service and it's starting when our FreeBSD environments started. So we can see Jill one has been started, created and started, and it's running when we create a jail. The same way. We know after the Free BSD is restarted, the jail is actually started again. And the environment we created is 1.2 because we restarted our jail. We have been disconnected from our SSH client so we can connect again and just to check if we BSD is running, it's running correctly. And we are up again. And to S mentioned because best tail is enabled as a Service. So we can just list on jails and we can see there is the jail one running after BSD started, so we don't need to handle that manually in any way. All the configuration needed for a jail being started. So we can see that we have some kind of a short up-time right now in jail is running. There was no need for individual setting for the jail to restart when FreeBSD actually starts. So it's very easy and the best fella here gets real value for us. 15. Common bastille commands when working with jails: Let's take a look at the commands we have available for handling or maintaining good Jill running. We have, as we mentioned, we have a civil shells are bunch of, even a bunch of options. We have this best tail lest we can see a list of running jails and we can connect to the jail. We are not connected to two FreeBSD using SSH and we can connect to individual jail. So we use command Bastille, console, Gel one, Gel one is the name of the file we created. And we can see the initial shell was connected to FreeBSD host two means, this is the FreeBSD host environment. We install it on Virtual Box into now we connected to gel one consults. We have this inflammation on the screen. We are connected as root to jail one. So when we list of all processes running in this environment, we can see this is just a limited list because we don't see the outside processes running on FreeBSD hosts. So we are inside the jail right now and the view we have two anterior FreeBSD is quite limited here we are just looking and we can see only things in processes running in this jail. So and all things we are going to do, we are doing in this jail because we are connected to the gel. So just working with the jail or FreeBSD with jails, we have to be sure we are connected to the right environment. Especially we have to check whether we are connected to FreeBSD host or we are connected to the jail as we supposed to. So now, because we are in the jail is quite fresh environment, so we have to start to package command again, so it's not inside the jail. So We are asked whether we would like to install the package command and that we are using the latest repo on the FreeBSD host into jail and of our amount, desk inflammation is default one. So we are using quarterly over here, as you can see on the screen. And package command is actually installed in our jail so we can use it for installing other two that are related to jail as such. So we can use this package command for switching. E.g. for the Nano text editor, we have the nano install already on free, FreeBSD, but this command is not available inside the jail. And it's actually a good thing because the jail is protecting environment, is it secure installment? So the list of commands available in jail is quite limited, and jail cannot run commands installed in FreeBSD as such. So if we are supposed to use a nano as a text editor, we have, we have to install it. Again, even dead, we installed that on our FreeBSD OLS so we can do it, we can install the nano again. So it's quite quick task. So the Nano has been installed into jail one. So if we are running a single gel, so we have to install the same package in each particularly jail individually, so we can have a different environments, one GL running this package, and now the jail. Different wanna DOS commands or install packages are completely isolated from each other, running inside different jails. So we can use the exit command just to exit from our jails. So we exit, we are locked out from the jail. And again on the screen we can see we are now connected as a route to FreeBSD hosts, so we still can see where we are. So we have the jail one running in our environment and we can connect to the jail and we can work with inside the jail. Now we have the start and stop commands. Those are quite basic for running or starting and stopping the jail. When jellies critic, created, as we could see, jail is being started as default. So we create a gel and gel is started. But we can stop the jail individually and we can do some staff and we can start to jail again. So when we call the Bastille stop and GL name or jail ID, we can see the jail. Its name, it's removed but it's not physically removed. It's, it doesn't list in the Bastille list command because it's not, it's not running. When we add this dash a, we can see all jails in our system. You and those that are dead are actually down. So we have this gel one with the steady state down. It means jail is there. It's not deleted from the file system. E.g. or gel configuration is still available. The jail is actually just stopped. Take the jail running server. So we just stopped the server. Stub the container and Dan or we can just start it again. So Bastille, start in jail idea or general name. We can start the jail again. So we can list all gels and it's up and running. So you could see it's quite fast process. We can stop and start jail. We doubt we can even have restored. We need this. We can do it in just one command. We can handle the jail this way. And again, we just restarted the jail. We can see this conformation on the screen. First step was jail was removed and then jail was created. It mean to remove it and created. It means all the files inside the jail are still available there. Those files are not deleted. But the jail inflammation or jail configuration, runtime configuration is removed and then it's created. So simply we are starting to j means we just stopped and started to jail. Of course, we can also destroy jail means that we really delete all jail information. Means gel configuration means or Gela files or all in installation of files from the file system. To destroy jail, we have to stop the jail first so we can see it on the screen. Is just saying, we have to stop the jail first. Bro, destroying the jail and now we can destroy the jail using the best still destroy in jail named g LID. So we can see some status information. Shama Bastille is doing all necessary configuration needed for destroying the jail because jellies disjointed. There is some network related setting that has to be removed or updated as well. So the system is actually into good shape when the jail is removed and is not available in FreeBSD anymore. So this cleaning process is quiet, complete and we don't need to do anything manually. And this is again a huge advantage using the Bastille, we can use the single command providing many configuration options that we usually need to do manually one-by-one so we don't have to keep it on the mind. We just create a jail. Stop-start to jail. We destroyed the jail and we can see that Eddie and we have steel, the quiet, clean system without any orphans or anything. So Dan, because we destroyed the jail one, we can create a new one from scratch and start again. And it's quite handy when we are creating kind of a testing environment. So jails are coming and leaving and we're not polluting our FreeBSD system with some different installations. We just do it safely in the jails. And then ON jail is completed or we don't need jail anymore, we can destroy. 16. Installing MongoDB in Jails: Okay, so let's start to make some complete example and recreate jail for running the MongoDB database server. So we use the command we use already. So we create, we create a J MongoDB jail. We use this release and we assign the IP address and mention a host name. So we are doing just the same process as we did for the jail one. What we can see J MongoDB is created. We can, we can check it using the Bastille list or we can directly connect to the console to J MongoDB. So we're connecting to J MongoDB jail. You can see it we are connected as root two j MongoDB. So now we know that all commands we're running, we're running inside the jail. So we now update the package, means it needs to install the package tool from the scratch. We mentioned that already is. This is the jail is actually the separate environments, so we need to install almost all commands from the scratch. So that's a good thing. So the package is installed so we can take a look if the MongoDB is actually available. So we can use this package surge and MongoDB and we can take a look at diversion so we have available to install, so we can install the MongoDB version four, so we can take the latest one, version 44. So package install MongoDB for, for us. We use this and we install this version inside the jail. We can see this is FreeBSD standard auction. We can see the list of dependencies being installed together. And because we are installing binaries, so there is no compilation, just part of installing this. So we are just downloading binary packages and those packages installed, install dad Dan, the entire process is quite fast. It depends on the speed of your local environment. Just quick record, recall we are running FreeBSD inside the virtual box here, and we can see mongodb is actually installed. So we can just try to start it using a service commands. So we just issue surveys Mongo D start. And we can see we are just prompted that we have to enable MongoDB, Mongo D inside our c.com. So if enabled, we can start the service. So let's check it. We are still in the jail. We started Mongo D and it says Starting more go D and we can't see any inflammation. So it seems like MongoDB is running and we can check using process list. We can see the processes only inside the jail. And we can see we have the MongoDB MongoDB server running and it's using mongodb.com. So we can just update the configuration just to reflect our local environment. And we do so after a while because we would like to be able to connect to Mongo DB server directly from the outside. Environment means outside of the jail. So we have the jail running on specified IP address. We assign the IB during creating jail. And we would like to make the jail or MongoDB available from the outside world. We installed the nano as text editor so we can configure MongoDB with this editor using configuration file. And we can take a look at the line which specify the IP address MongoDB actually binds to. And it's, by default it's binding to local host. So we switch it to this. 0000 means it binds to all IP addresses, Gmail or And environment is actually running on. So this is what we are going to do. We would like to MongoDB running on all IP addresses. So we're started Mongo D with this updated configuration. So it says starting MongoDB. Mongodb should be running just fine and we can exit from the jail right now. And MongoDB should be running inside the jail we just created. So let's just test the jellies running. Again. We have to practice DOS commands again and again. So J MongoDB is running on this IP address and we use this address for connecting to the port. Mongodb is running or binding to by default. So we can also test directly in the FreeBSD host. We can see there is the IP address of j MongoDB jail, and we can see this 27 0 17 port is the default MongoDB server port. So actually this, this board is available. We can take a MongoDB client and we can try to connect this MongoDB instance so we can just check it and view host info. And we are exactly inside the FreeBSD jail running this MongoDB for dot for version we just installed a couple of minutes ago. So it seems like everything is working just fine. And we are able to connect to Mongo DB running inside the jail. I'm using a standard MongoDB client. So we just made this server available from the outside connection so we can create db. Everything is working and running inside the jail and justice, fire. We can create connection collection inside DB. We can add some data if we would like to do so. We have this MongoDB environment up and running. It's quite, it was quite easy to do so actually, if we realize we're not polluting our FreeBSD environment, we can create another jail with different MongoDB version e.g. it's very easy to do so we can just change your IP address. For connecting 2.2, we can have MongoDB version forum are going to be B version five running in different jail on the one FreeBSD hosts. So this is actually the reason, usually the reason why we are running Solver packages inside the jail, we would like to separate those installed packages, make it more secure. And especially if we ran the same thing in different instances. 17. Installing NATs messaging system: Okay, So let's create or install another jail environment. We have MongoDB installed with separate jail. And now we are going to install the jail for hosting and gnats messaging system. So we use, we are going to use a command we already used to. I think that several times we use Bastille create J gnats, G naught. So this is the name or jails jail id. We assigned a new IP address and network interface the same way jail is actually created. The process is very fast and we can see using the Bastille list that we have to jails actually running. We can connect to console of J gnats. And again, and we have to update or install the package command. So we issue a package update on the console. Internet connection is working, networking is working just fine. So we are doing all necessary updates to be able to install anything inside the jail. Just a quick recall, jail is separate environments secure out from the outside world, from the FreeBSD host or other jails running on the same host. So if you would like to install some new features, new programs, new applications, we have to do it for each gel separately and do going back to gnats messaging server, we use a package surge nets, dashes server. And we can see we have a current version available from the FreeBSD repo so we can install it. It's quite fast process. And we have that in our jail already. So installation was just fine. And we have that's installed in our J gnats jail. Now, we have to try to run the service for the nuts. So let's just check IT. Service nasa Stuart, and we are notified that we need to enable this service in rc.com. So we just enabled the nuts messaging server. We can start it again at, and it started. And we can see when we check processes running, we can see Nazis running where the configuration file, which we actually need to update to make a gnats messaging server available from the outside world. So when we check their configuration, we can see that nats is listening on the local host on this. So it's not available from the outside of the jail. To make it available from the outside, we have to edit that file. So we install the Nano text editor again. And we added this gnats dot conf file. And we change this local host and make the nuts server listen on all network addresses means a local host and external IP address. We assign it to this jail When Jail was created. So let's try to restart the net server and to review that it's actually running. We can take a look from the inside of the cell and also we can exit the jail and check the processes or jails running our whole system and checking in the browser. Nats is running on the board 82 22. So we can see it's running and we can access the jail where the nuts messaging server from the outside world. So the connection or networking connection is working just fine. This is the version we just installed in our J nets jail. And we have this jail available. And we have actually two jails. So right now, each running on separate IP address, we have a MongoDB, we have That's messaging server. And there is no Actually interaction, interaction between those two jail. So those two services each is running in separate environment, having separate IP address running. So we can check again all the processes running on our FreeBSD host with that extension or for listing up jail name information. So we can see we have a jail for MongoDB and we have a jail for an ads running on this, our FreeBSD system altogether. So it's working just fine. We can see all processes for each j l running. We can see NAT server, we can see a Mongo DB running separately. We can steal, managed both jails. We can stop the jail or restarted the jail. We can destroy the jail. Or even we can install a different version of MongoDB or in nuts messaging surveys into separate jail. So it's quite handy and very fast to set up something and test or anything. 18. Monitoring Jail from outside: Okay, so let's take a look how we can actually monitor jails running. We have two jails running installed and running on our FreeBSD host. And two, we have a several commands which are available for working with jails running. We can get information from EGL separately one by one, or we can apply many commands across all jails running. So it's huge time-saver. We can e.g. use a sock stat command to see how networking and port binding is working and what ports are available. And we can use this command, of course, locally when connected to the jail. But of course we can use this command also across all jails running. So for this purpose we can use Bastille command, CMD, we have this best or CMD like a command. And it says it's actually execute command across jails specified. So we can specify one particular jail. So we don't need to connect to jail. Inside means we don't need to go to jail console, but we can call the command from the outside. And as the jail to report some statistics or information from the jails inside. So running this sucks that on the J gnats we just created a couple of minutes ago, we can see there is a server running and serving on several ports. But as we mentioned, we, we can use this command also for running across all j l. So we have installed on our FreeBSD host, so we can use the best Bastille Cmd for one individual jail, or we can use this keyword and we just specify, run this command across all jails and to view results. So we can see, we can, we are running and socket stat across all jails and we have this green text saying this is the first one is J MongoDB, second 1 s, one j nats. So we have a report for EEG gel running. So it's a huge time-saver. We can run any command actually which is available inside the jail. So we don't need to run each jail or command for each ear separately. So, so if we need to list processes running in each EGL, we can issue basil CMD all and lists processes in jail. Again, it's quite intuitive. It's easy to understand on the screen where the information actually come from. So we have those like start and end tags for each jail in the green color, and we see the output from the command in the middle. Just imagine we have a ten jails running, so we don't need to issue this command ten times. We can run it as a one liner and see the output for EGL running. Again, we have a list of commands Bastille actually supports. And in this we can use a package command. We use the back edge or top. We use package already connected to jail, so console, but we can call the package from the outside. So we have the package, we have the service chop command to all those services are actually available from the inside of the jail, but we can call it from the whole system and without connecting to console of particularly jail. So we can e.g. display jail, status of running surveys. So we can specify, we can issue command Bastille surveys. Specifically we are specifying the jail J MongoDB. We specify a service name and commence status. So it's very easy to do so and handle some kind of information from the outside world of the jail. And again, just a quick recall, we don't need to issue the command to one jail only, but we can issue the command across all jails we have running. The same way, but still dap actually displays information about processes running in memory, usage and other staff. Actually the same way as we do when we run chop inside the jail or from the whole system, host system as such. But using the best TO top, we can monitor information from the jail or without connecting to jails console. So again, it's a bit of a time-saver and two very easy to manage the gel from the Bastille command from the outside. So again, we can, of course, do the same thing using a basketball command, Vestal CMD. Because command L0 surrounding any, any binary or any command from the inside of the jail. The huge invent, advantages around to command across all jail. So we have running, so e.g. we can install midnight commander MC across all jails. So we can Around Vestal, CMD, all Package Install and see if everything goes just fine. We can see it's starts with the first jail in our case is J MongoDB and it's trying to install due midnight commander. So we have to wait a bit here, here. But after a while we can just see everything is installed in the fruit of jail. But just quick recall, we are running this command across the old jails, and this is just the first one being processed. But advantage here is that we just have to sit and watch and we don't need to do the same thing for EGL separately. Again, just think we have a town jails running. We would, we would like to do the same thing in all jails. So it's very easy to do so. And of course, this way we can save time and keep all j is updated, updated altogether. When J MongoDB jail processing is done, Jane ads is the another one in the lines. So the same command processing is running inside of the GI, that's jail. So we are still running the initial command for installing me Knight Commander across all jails. And we are in now in the second year and the installation process is very the same. So we can just skip it. So when installation process is finished, we can connect to one of those jails and tried to run at midnight commander and see if it's running. So we can see it has been its store installed correctly and it's running as we would expect. This all option is available for almost all Bastille commands. So we can run individual commands against one particular jail or we can use that all keyword to run the command against all gels we have running on our host. There are many options we can use those comments, e.g. this Bessel package, all we can use to install something on all jail. So we can use the command to update all jails, e.g. so again, we are able to install bearish for all jails. We have. This is quite fast process so we can just wait for when it is finished. So again, we are donald J MongoDB and now we are doing so for j nets. So both jails and has been installed or Bash has been installed for all jails. And the same way we can use this package command to update all the jail. So we can round this package or update against all jails running. And we are updating each separately. Again, it's a huge time saver. We have a one command running using this Bastille BSD project and best still command available on the FreeBSD host. 19. Bastille templates: Let's take a look at very nice option vessel. Bsd actually provides. It's the way of creating new jail using a template. We can use a template for running container. And this template can contain individual commands needed for running and setting up GL correctly. There is a website running on the good luck with the URL. You can see on the screen, we have a bunch of predefined, best deal BSD templates. We have a templates for many famous servers or applications like Jenkins, Elastic Search, Apache server. And we can take a look into one individual or template. We can see individual rapport, Bastille template to bootstrap Apache web server. Each template contains some helpful information like usage information, what is the template about and what actually solves. And we are inside the Apache web server template and we can see, we can apply the template by bootstrapping template from the good lab and then using a basketball template command for using this template for running or creating a new jail. Looking at the configuration file. So each template package contains configuration file with a command. So similar to Docker syntax, we use package command for installing Apache. We use says RC for setting up system variables. We call some process and we start the service at the end. So this is actually the blue player blueprint for setting up our jail content. And we have to do actually two things. We have to bootstrap jail and we have to apply the template to existing jail. So we have to create empty jail first. And then we use the jail for installing a system defined by the template. So let's create a new jail and name it J Apache. We assign unused IP address the same way as we have done several times. So it's very easy to do. So the jail is created just in a few seconds and we have we can just check it. We have the jail up and running already. So we have a free jails wide now running. And the J, J Apache jail is actually empty as of fresh created a jail. We have just a few system processes running inside the jail. And now we have to apply the template from the, from the GitHub repo. So we have to, we have to bootstrap this Apache temperate forest. So we copied the URL into clipboard paste and we can see something is missing here, and it says get not filed. So this command requires a good being installed in our host and it has not been installed. So we can do it using a package, command, package installed get and we are installing get on our FreeBSD host package. Our best TO template is using this gateway for fetching the ripple from the good lab and storing it into the local cache. So it was, again, quite fast process depends on the bandwidth, but we have Git installed, so we can try to issue the previous command again. And now we can see we are bootstrapping template for Apache web server. It also, again, quite fast. Just a few configuration files are coming from the Internet into our BSD system. And we can see also the output from the configuration file so we can review what commands are going to be issued when template is applied for our new jail. So we have a quick overview what is coming. It's easy to understand what the template actually deaths. And we can use the information to template is being cached locally so there is no need. For template bootstrap, again, if any other journalists needed for this template as well. So again, we are applying this Bastille template command and we replace the target where the Apache name. So Apache was installed the same way as we have done for any other jail because we need to assign IP address network information and so on. So we have right now J Apache jail running without any packages inside. And now we are applying this template to this running jail. So it's using Bootstrapping, kind of inflammation. It's, it's due installing into J Apache, so it needs a package command. We have done this manually, but now it's all running from the template. So it's installing all the dependencies needed. There is no need for using a keyboard here and do any approval to continue. Everything is kind of a silent installation. We just see what's going on on the screen so we can review and see what's the best style template command is actually doing. And we can see it's fetching Apache and all dependencies required. So everything is on our local system. It's extracting things, installing in proper places in the jail. Just quick recall, we are running this for the jail J Apache we just created. And we can see we are ADL and everything looks just fine at it. It seems to be that the Apache web server is installed and running on our J Apache jail. So we can again review all log messages from the screen. If we would like to check what was actually done by the template, we can just do it. Template is not doing anything. Hidden, is just applying a list of commands in an automatic way. And when we list all processes from the inside of Apache gel, we can see there is a HTTPD process running on the system, so installation was just fine and HTTP was able to start and run. Of course, we can just check how things are running. So we can use a sock stat to take a look. The IP address and port the web server is running on so we can see the IP address we assign it to. The jail is being used by Apache web server and it's running on port 80. So we can just check that things are working just fine. And we can check it using a browser. So we are switching to browser, connecting to your IP address assigned to the j Apache jail. And we can see it says it works. It's a standard HTML coming from fresh install Apache server, so it's working just fine. It's running inside the jail and the anti process for setting up J Apache and all the required things is just a part of the template. So we can use our own templates for installing, configuring IT staff the same way. So if we need to run your Apache for several clients, we can simply, we can simply create a new jail and apply the same template to the new J L. We can also apply the template to all JL, see if it makes any sense. But e.g. we can create a ten separate jails for Apache for hosting services. And we can do install the same apache configuration into EGL using just one command. So again, looking back into good lab templates, ripple, we have my sequel, we have Postgres and too many, many other staff which is available already with some kind of configuration required for debt service to run on our FreeBSD. So it's quite handy. We can find something or we can take some service as an example and we can create our own template being used for our specific purpose. If you need more information about the templates and commands available, there is a section in Vestal documentation where all commands available are listed with a help information, an example of how to use those. So you can use it on the screen when template is being applied. We can see with Bootstrap, we can see all the commands coming from the inside of the template so we can see what commands are supposed to be used in some way. We can, in documentation, we can see examples for each of the commands and we can see even an entire example for setting up our own template. But again, there is a high chance that there is a template already available on GitHub repo. So you can take a look again and check and use it for your own purpose. And again, we can install the template into individual jail or we can install the same template across all jails we are running on our FreeBSD whole store command. We can, I mean, just to avoid errors by doing individual steps individually. Because we do and we use something we already created. We know it's just proofs solution so we can apply it every time we need the same thing for different clients or different environments and so on. 20. Updating Jails: Okay, so let's take a look how to use Bastille command for updating jails in some kind of a smart way. We have, we know already that we have the best tool package command. And we know that we can use that command to run across or against all gels available. So we can use this keyword all. We can use this package all update against all jails. Jails are also using kind of a ribose. Freebsd is based on the default rapper in the FreeBSD is the quarterly one. We have switched to latest on our FreeBSD host. And we can use that configuration for our jails and environment. Default. The jail is based on quarterly reports, so we have now an environment when FreeBSD host is running the latest, all gels are running a quarterly repos so we can do update all jails who have the latest version or latest repo setting. And we can see we have some kind of a hint how to do it. So we can copy the command for making directory for the holding the configuration file. We can use bass tail command. And we can run this command against all, against all jails we have running on our FreeBSD whole. So you can see it just went through all three gels. We have a running and this directory is created in, inside of each jail. And now to make a setup complete, we have to copy this configuration file with the latest linked to repo, to EGI jail. We can use the Bastille copy command. We haven't used the command yet, but it's just copy the file from the FreeBSD host, two-party killer or all jail. So we can use the command to copy our local configuration pointing to latest repo, to all jails, to party killer specific directory FreeBSD is using when we are trying to, we are overriding the default configuration. So we just in one command, we create a copy of that file into each jail. So again, it's quite fast, easy to do so and we can just switched each jail to latest repo. So we can lock in into e.g. J. Nats. And we can just review that the file is in place and contains configuration we need for fetching the latest packages from the FreeBSD repos. So we can see we are in J gnats jail and configuration points to latest repo from the FreeBSD websites. So it just went fine. So we can assume that this configuration is available in all jails because we get a copy and we specify a target all so all gels contain the configuration file copied from our FreeBSD host. So now when the repo is switched from the quarterly to latest, we can actually issued a basketball package command to update or a fetch the updated in Package Index from the latest package repo. So we use this best tell the package command and it says command not found. So there is some issue here, and yet we are still connected into the J gnats jail and a Bastille is not available in jails. It's available in the Freebase, the host, so we have to exit and go back to FreeBSD. And Dan again, we can issue this Bastille package. We use the keyword all because we need to apply the update command to all all jails, so running on our system. So we have a free jails running. And for each jail, Bastille is fetching or this command is fetching the fresh Package Index from the latest report. So it's actually the same thing being done in each jail. Just a quick recall. Each each jail is separate environments, so it's not sharing e.g. a, U, even this package index. And you can have one jail running from the latest repo and you can have another one running from the quarterly, so we can even use a different versions for each jail. And Dan, we can issue the upgrade command, so it will just go through E jail again and try to make an upgrade of existing packages based on this repo switch. So we are in J MongoDB and we can see there are some libraries or apps being upgraded, so Bash is upgrading. Now J nets, It's very the same. Again, two packages are going to be updated. So it's fetching information from the Internet and there is no update for j Apache jail. So the one liner we can do update, as you can see on the screen, we can do update and upgrade of all jail cell altogether. So it's quite fast, quick. We can manage the jails in one command and keep updated quite easily without connecting to individually jails. There was no need for data. We can use the Bastille command from the FreeBSD host from the outside environment and applied to all jails. Of course again, we can do it also individually for one particular jail, or we can even connect to console to individual jail and do the package update and upgrade individuality this way. So it's quite handy. It's very easy to keep jails and environments of data to get. We can even run this using a crown command, e.g. if it makes any sense. 21. Cloning the Jail: Let's continue again and let's take a look at the auction for cloning existing jail and create another jail based on existing one, might be that we have very nice jello with all configuration needed. And we would like to create a clone for testing purposes. We would like to make some a change inside the jail, but we want to be able to lie to avoid changing existing jail because we're not sure how those things are going. So would it be a nice option to be able to clone the jail, not to install the new jail with all commands, updates or everything you need it. But that's a little BSD offers a command for cloning exist in G, L. So each command from the Bastille contains kind of help so we can take a look each time what programs are needed for running the command. And we can see the cloning the jails. Jail means we have to specify the name of the existing jail and create and to specify the new jail name. And of course we have to assign a new IP address, so we do so as well. So the entire command actually is best or cloner. We have existing jail name, new jail name, and new API address to be assigned to this glommed jail. So just issue, issuing this command means that the new jail is created. So it's just, we can see it. There's some check for IP address. And it says attempting to clone J Apache two, j Apache two and the Cologne was created successfully. So we can now check using a bestseller list. There is jail available and we can't see it in the list for some reason. And we know that Bastille list shows up only gels that are actually running. This new one. Clone jail is down right now, so it's not in the bestseller list available, but we can see the jail is available and we can start to jail. We can use this best. We'll start J Apache to command. And it says J apache do is created. So we can check again best to list, and this jail is up and running and we can see you in the IP address that we assigned to the jail when clone was down. So we now have four jails running to. Jails are actually the same, Apache and J Apache two. And we can check in the browser, we have this initial Apache server and we have the new one on, running on the new IP address. And it's responding the same way. So it's working just fine. It's working as we would expect. And you can see it was quite easy and fast process because there was no need for installing everything in inside the new jail, but we just cloned everything installed and it's it's running as the initial one. So when we stop the jail, we can see it's not responding. So we are really talking here into the jail. We cloned. It's just kind of a proof. So the jail is not running right now, so it's not responding in the browser. Now, we already, we already checked the template OK, share and for making a jail created based on kind of a list of commands. But this way when we have the jail already created with all set up installations, configurations, it's very easy to create a new one the very same way. So we can even create a jail just like a template and not use for real situation. And we can just make a colognes when needed. So again, there is a default command here that's still clone. Git Apache, existing jail name, new journal name and IP address. I think it's quite straightforward and easy to understand what we are actually doing. It also even quite fast process based on on the size of the of the jail. 22. Jails backup and restore: Bastille BSD contains quite a useful feature for backing up and restoring existing jails. We say even a really nice option for FreeBSD running on their file system because we can export jails without stopping, needed to stop the jail. There are actually two commands. There is a command for export and command for the import of the jail. So we can take a jail running or installed and running. We can export the jail to the archive, and then we can use that archive to import the jail a gala. So we can take a look here what the options are available. We can see there are few options related to zeta s. And we can just take this command, specify a jail name and a path where to store the package or the archive with the backup. And it's actually down. So we can use the Bastille export command. We have this last option. So let's take a look at the jail running on our system. We have that Apache two rallying. It's the one that we just clone to in the previous section or lecture. And we can take the jail and Megan backup. The backup can be done on really running jail. So we can use the command Bastille export. We specify the auction for the chart of the archive that is supposed to be used here. And we can use this command to export the jail that's running. To export j means we are exporting the content of the GL with configuration even networks selling related to the jail. So we can see we have that J Apache two, so we referenced that name. We can just check all information we have. We can see the jail is up, so the jail is actually running. So we are exporting a running system running jail. And this option is available for a z OS file systems that supports snapshots of the running environment. So we, again, we have this Bastille export. The option for exporting is that f has jail into compressed image. So we run the command, we can see it's kind of, it's named a hot exporting JPEG two compress the image and it actually sensors that data into the, into the archive or a compressed image that is created. So we can see that speed depends on the size of the image. It can take several seconds or minutes. Really depends here. But it's quite straight forward process. We can do this export on scheduling basis, e.g. as a kind of backup. Daily, weekly, monthly, and really the parents, so we can see file was exported. It's a single file or compressed file of the jail J Apache two. And we can see the folder where this package is saved. And this is a default folder related to Bastille installation. So we have this, we can migrate this compressed image into some backup media, e.g. if needed, we can see even the size. There is a check hash, checksum, there is a size and we have a timestamp as well for that backup files. So we can review if we have multiple copies based on date and time the backup was created. And again, we can see using a set of S, we can backup a live running jail without any interruption of the inside core content. We don't need to stop the jail or anything like this. So this Z F has a file system is quite vital auction and very handful for running the jails. And just the opposite command, we have the best it'll import available. And it's quite easy to use because the only thing we have to specify is the file where the jail image. So we know the filename already. So we use this pastel import and we specify this J Apache two. And it says running jail matches the name. So we have the jailer, we'll do with this name, Jay Apache two already running. And of course it is running because we haven't stopped or destroyed the jail. And we stop the jail and it says JPEG to already exists, so we really need to destroy the gel. It means the jail is deleted right now. And it says Deleting jail. And now we can we can see the jail is not running here. We don't have Jail J PHQ-2 right now. And what we can do, we can import the jail so we can check. It's not running, so it's not responding to our browser, to our UI. And because we have the empty space for the J Apache two, so we can do import it again and let's see if it's working. Finally, Bastille import J Apache to run this command. And we can see we are validating the file followed. Validation is successful, and JPEG two is being imported from the NFS data stream. So it takes time again, but the backup is restored right now. It says container j Apache two. Most important successfully. We can again check using the Bastille list and we can see J Apache two is here up, it's still down, but it's using the former IP addresses you can see. So we have the full backup, recovery, we have network setting, and we can just start J Apache two. And it will be up and running again. Just like before we did back up and we remove this from browning gels. So it's a very easy way how to make backup and restore it if something goes wrong. So if we are doing some Gilles upgrade, some significant changes, we can we can make a backup and if anything goes wrong, we can remove the gel and we can just important again. So David is just approval for the jail is running. It's responding to the browser UI. So we just restored the jail. The jail and it's running immediately. And again, the backup is stored in the vessel backups folder. So we can do migration or we can pick up this backup file into some different media for a long time. Storage. 23. Networking - options available: Let's take a look at the networking of options for our jails and environment. We are considering just several options we have based on situation we are in. In our demos we created in our lap using a virtual box. We used IP LES, we used a shared interface. But in the real environment, we have a, several more, even more secure options. And we're going to take a look at each of those. So we are considering the way how we are running our jail environment. Are we running our jails in the local network or in the public network? And based on that, we can consider some approaches for running or setting up a network in jail. So first one is shared interface. We are running on IP address. The second one is the VNet. It's a virtual network that we are using. We just to use a VNet. It's a freebie as the option for a jails set up. And Dan, for the public network who we can consider running gels on the local adapter or local Loopback Adapter, and use a packet filter for shaping incoming network traffic directly to our GL running inside. 24. Shared Interface (IP alias): Let's take a look at the first network option we have and it's named sure, the interface or IP Elias. This is the option we have actually used in our examples we have used so far for creating Bastille. Jails isn't good. Bastille. This option is just based on assigning IP address using it actual network adapter name. So let's take a look at the Bastille create command we have used already. Now we in fresh FreeBSD jail environment, we are creating J Apache. Again, we are creating this 13.1 release. We are using adapter and we are assigning IP address based on our network situation. And when we use this, we can simply assign or create another IP address for our network adapter. So we can view our network configuration. We can see network adapter has some initial IP address assigned. We can review our C dot count for the network configuration. And we can see we have that initial configuration is actually coming from a DHCP server. So we have this zero to 100 0 H IP address. Assign it to adapt her coming from our Wi-Fi network outside network environment. And Dan, we can create a new jail and assign another free network IP address to this network adapter. So let's try to create new jail. And we can see here from the log JOS created successfully. And now we can review how the situation looks like. So using Bastille list command and we can see we have a, we have a jail G Apache up and running and this IP address is assigned. So we can try to pink at this IP address. So just let's type it. And we can see a ping command is working. And we can see responses coming from our jail. Network interface or network IP address actually because we are using a shared networking and we are using HLA. It is our basic adapters. So we can go inside our app, Apache jail. So now we are inside, we can see it from the console. We are inside locked as rude in J Apache jail. And we can take a look at the configuration, network configuration. And we can see, we see ourselves S E M adapter, network adapter. And we can see only the one IP address. This is the one we were assigned to when we created the jail. So this is just a view or how the situation networks situation look like from the inside of the jail. And we can try to install something just as approve that we can access the outer network. I mean, we can access the Internet installation procedure. We can install a package command so it's running. We are connecting to update side from FreeBSD. So the networking is working correctly from the inside of the jail as well. So we just connected both sides. We can review it here using we are on the host and we can see the network adapter. And now we can see two IP addresses being assigned. The first one is the one coming from the Wi-Fi directly, and the second one is the one we assign to jail we just created. So we have one network adapter on the host it and having IPA Elias's assigned to. So this is actually how this kind of networking work like. So just listening JLS again, we can see this Apaches up and running. And to listening on the IP we assigned. And this is the very day same API. The API is from the the same network environment. So we just, we're just creating a new host, new jail computer. And we can assign that computer did jail using the IP address from the outer space, from our local network. So this is the sheriff interface. So basic, very basic stuff, how to create that and it's very easy to use and to access from the alternate network. 25. Loopback (bastille0): Let's take a look at the another option of using networking and jails environment. We can take, we can take a look at the Lubeck using a loop back foot increase in networking. This kind of option is quite useful for running gels or FreeBSD and public networks and cloud services and so on. In this environment, you usually don't have some kind of additional IP addresses, or it might be unsecured to Rangel directly connected to internet or to public network. It's much safer option to create a local network inside the host and to use a packet filter or kind of role for making connection from the outside world into the jail service. So your single Lubeck auction for networking is quite often it's a very safe oh, Sharon. And you can create a safe environment for running servers, sequels. Web servers inside the jail. Setting up this environment requires several things to be done and we have to create the gel this way. We have to setting up kind of additional Loopback Adapter. We have to set up packet filtering for forwarding requests from the outside to the jail. And we, let's do it step-by-step and try to create things or jail for using Loopback Adapter. So first thing we have to clone Lubeck interface. We just follow. As a side note, we just follow the, the Bastille cookbook. So we are following the documentation page and you just get lost here. You can just take a look at the documentation and just set up everything it needs. So we created or clone to interface of Lubac, we the name of that interface. So we have this rc.com for, we have the information that recreate a clone interface and we assigned a name or best still zero. And we have to activate that actually. So we create a colonial interface. And just looking at the networking setting or setup we have, we can see at the bottom we have this bestial zero network adapter created. So let's continue. We're setting up the environment we need to for using Loopback Adapter. So the second thing we have to do, you have to enable firewall. We have the command here in the documentation to do where to. We expect to packet filter being used to in FreeBSD environment for that. So we enable this in RC dot confusing this says RC command. So we just enabled the packet filter. So when Frisbee FreeBSD starts, the packet filter is being bucket filled. A service is being stored data and used for filtering all the network traffic. And also when doing a kind of a weird directs from the outside world to the jail. So we have this pf.com configuration here available in documentation. So we have to actually create this file if there is a non available. And we have to put Bush, we have to copy paste this firewall, firewall settings into that file. So we have to make sure that we replace this variable at the first line of configuration. We have the real network adapter, we have our setup. So let's edit this packet filter configuration file. We just copy pasted configuration from the documentation of Bastille on the vessel website. And what do we have to do? We have to change the external interface or network adapter named to the one we are using actually in our system. So we have this name, we just replace the default one or from the documentation. Otherwise, it will not work for us and we can even Stack. So we saved that. We have everything in place. So we save it out. And let's try if the rule is working in some way. For the quick check, again, we create two packet filtering configuration file. The packet filter configuration file name is pf.com slash ETC folder. So we can just take a look at this folder. We should see the file created. So it's the one at the very top of this listing. So the file is actually in the play in place. It's non-empty, so it contains our configuration based on the network adapter we are using here in our VirtualBox setup. And then we can restart bucket, fill the service. So let's let's call it. Yeah, we were locked off. So we can try to login again. Let's try at, we are again inside our host running gels and with the Lubeck pocket Lubeck configuration. And we have bucket filter enabled with proper rules being set based on documentation. So we are not locked. We can still login inside it. This is good. New packet filter is enabled and running with configuration the best Stella actually requires to work properly. With our Lubeck setup Would we are just quick reminder what we are doing. We are trying to shape and protect the traffic from the outside to the inside world of our FreeBSD host. So we need the way how the Bastille can be accessed from the outside. So we use the packet filter and we can then use some rules for shaping external access to particular jail. So looking back at the best TO create all g r-squared command to we have the option when we use this Loopback Adapter name or we just created and we're assigning a local IP address to this jail. So we are not assigning a public address, but it is a very local, not visible from the outside of the FreeBSD host. So we just created a new jail with this setup. And when we just review, if the jellies up and running, we can just use the command we already know. So we named the jail EPA Ci j Apache free. So we can list all jails. And yet it's the one that is up and running. And we can see when the IP address began being assigned, as we just mentioned in the in the Bastille create command. The command for creating new jail is actually the same. We are just specifying a different network adapter, Lubeck base for our specific setup. And we specify a specific IP address should be a local, local one, not used from the outside of the FreeBSD. So we can try to pink to this IP address from the host. And FreeBSD can just pink and it seems to be working. So let's review a gala and we're pinging to jail for Apache free IP address. And it's responding, so it's running just fine. And the networking part of that jail is working as expected. So we can try to login or go inside JPEG free console. So we are in right now and we can take a look at the configuration from the inside of that jail. And we can see there is a Bastille zero and network adapter with the IP address assigned. We can now take a look whether we can access the outside world from within a jail so we can try to update their package manager database. So we initiated the correct command and we can see the package manager is connecting free BSD website. And so it means it can access the Internet from the inside of the jail running on the Loopback Adapter. So networking is actually working for us from the both sides. We can access or pink to jail for, from our host. And we can connect to jail and look at the. Internet or the outside world, and we can connect the outside world as well. So networking seems to be working exactly as being specified in documentation. So this is the very basic setup for the Loopback Adapter use H. And then of course, when we decide to run some kind of a service in the jail, we have to shape the Out Out of traffic going to our host. I shape it to the proper port and IP address of the jail. So for this purpose we just introducing the command for Bastille, command, command for redirection. So that's why we have this short name here. And we simply specify radar reaction for a specific jail. And we specified redirection. Let's do it for J Apache. We have this Apache free jail running list of redirections related to the jail and we haven't done yet. So that's just fine because we haven't defined anything yet. So let's define TCP IP connection for the SSH port. So we have that 10,010 to two coming from the outside should be shaped into port 22 in the jail. So when we're list this set up, we can see this board redirection to the specific IP address of our jail and two specific board tool for running SSH inside the jail. So the SSH is actually not running inside the jail. We have just a rule created it as an example how this should be specified and created to shaping the traffic. So that way we can just set up a different rules for different services across different jail. So from the outer world to view, we still have only one outer or public IP address. And we do redirections from different ports, from the host to the inside of our jails, environments where the private IP addresses are used for security reasons. So for the very same way, we can redirect e.g. this apache web support if someone is going to HAT on the host IP address. So from the outside, this should go to this port 80 into the jail, Apache free, or vice versa. We can just shave that way when we list the rules. So we can see we have actually two rules right now, one for SSH and the second one for web service. So it's very easy to get idea how, how the bucket filter redirection is being used for particular jail. We can we can clear it, we can change it, we can add some other rules as we need, and it's very easy to maintain. This kind, offer protection from the outside. 26. Virtual Network (VNET): The last option we are going to review here is using a virtual network, usually named a VNet. Vnet is the option available in FreeBSD since version 12th. And there are specific documentation related to Vienna to answer. The specifics of this kind of networking is beyond the discourse. So if you need information on that and you don't have already, you just try to use some documentation on that feature. And this V naught is fully supported by Bastille command or jail environment. So we can create a new jail specifying this parameter v. And this way we can create a new jail bound to VNet networking. So we are creating GIFs h02 here. Yeah, assigning RUs unused IP address, and we are creating data or using parameters dash v. So the VNet should be used when this jellies created. So let's take a look at the log file. And we can see kind of some of the bridge is created for our jail. So we're down. We can see in the end log information some VNet zero is mentioned in the lock. So networking part is bound to virtual network and VNet configuration. So when jellies created in this way or using this VNets setup, we can review it and we can review how the networking information look like. In our FreeBSD can be error. So we have this common network adapter. And just scrolling down our eyes, bet we can, we can see there is a breach created and some other Lubeck or another network adapter is created. We can see this a description that this is a VNet host interface for bestial jail J Apache two. So we have this information here and then network information so we know how this network adapter is being used to in jails environment. And we can see it relates to J Apache two we just created. So let's take a look at the list of jails running. And the J Apache two is actually up and running. We can now try to ping the IP address of the jail we just created. So let's type it in the console and issued a command and we can see the IP address. It means that the jail, jail, but she too is responding to us correctly. So connection from the, from the host to the jail through the VNet. Networking is working just right. So we can see that we are so far as to get the setup has been done as it should be. V naught virtual networking is being used by the jail. As the configuration suggest, we can review our documentation. There are some must-have commands or settings that we have to do to make it running in full scale. So we need to adjust some configuration files. We can just follow the documentation and do what documentation actually requires. So we have to specify rules. In this def f S Don't rules configuration file, this file actually it doesn't exist, so we have to create a new one. And we can copy paste the rules coming from the documentation. So it's the first part of those must have settings for our network environment of FreeBSD host. So let's save the file. Now let's continue with configuration of several system variables. So we use this says control command and we sat. I think a free variables that are required by documentation. So we can just copy, paste those things from the commendation inside our jail for FreeBSD environment just one by one. So we change the existing settings as we can see on the screen from usually 1-0. No details for this. Just if you'd need detail. So you can just follow documentation and look into general FreeBSD recommendation on those options. So this setup is actually required by documentation to omega VNet configuration work correctly. And now we can just review what remains to be down. Uh, we have probably everything. And this ritual network is or should be set up correctly. This option is available and you can just use it in your local environment. It usually really relates to other setups you have on your FreeBSD and define the final decision is actually up on you. Which type of networking configuration is actually the right one for your situation. But my opinion is using this Loopback Adapter Settings or making API share it using a shared adapter using IP address assigned is just good for almost all situations. 27. Running FreeBSD on RPI 3b+: At the very beginning of this course, we mentioned Raspberry PI, one of those FreeBSD supported platforms. And there are actually many platforms, FreeBSD support. And it also means that the jails are available there. So because jails are tightly integrated with FreeBSD and raspberry is actually very nice platform for running gels. So we, in our demo, we use a Raspberry PI frame, model B plus. This is 1 gb RAM size, or Raspberry PI is running one quad-core processor. It's an ARM-based processor. And you can see how the Raspberry PI see on this picture. And tough, It's not the biggest server on the planet. Freebsd is actually a quite lightweight operating system and run quite well even on the Raspberry PI free. So getting back to FreeBSD website, when we were talking about the download FreeBSD, we mentioned there are versions available for different platforms and to all different architectures. And Raspberry PI is one of the dose support indirectly. So Raspberry PI is ARM-based architecture and there are binaries relate to, to, to Raspberry PI for installation process. Or we can get an image for for installing FreeBSD for raspberry indirectly to SD card and run it. So we have direct support for Raspberry PI 3.4 and some other versions. And we have this ARM architecture available for FreeBSD binaries. So we can use it, we can just apply it, install it on SD card and running inside of Raspberry PI. So this downloaded FreeBSD page, we have this SD card section. And actually a Raspberry PI is not using a hard drive. It's using it as d car. It's for booting operating system. So we can install this SD card image directly on even as small as the card because it's images, not a big one. And we can just put the image inside the Raspberry PI and two and switch the raspberry and the image or FreeBSD running on this image actually started. Looking in details of the FreeBSD download options. We have this Raspberry PI image, RPI, Raspberry PI image directly for our raspberry free version. We can download it, we can install it to two SD card and run it. So it's very easy like this one. 28. Are there any Jails Raspberry specifics?: Are there any Raspberry PI GL specifics? And we have to answer that. No. Raspberry PI FreeBSD version or our amaze FreeBSD version. In general. It's FreeBSD with all the features available for Intel-based or this AMD based platform. We have for all features available on this small device, gels include it and we can use jails as they are. So we can see, just seeing this login screen, we are locked into FreeBSD running on Raspberry PI. We can see that we are running 64 platform or architecture. So we're running on Raspberry PI and it's actually running smoothly. We have four cores, as we mentioned. And it's running on one gig of RAM, which is quite enough for running FreeBSD. And we have also the latest version of FreeBSD 13. So we are running the same version, very the same version as we were running in virtual box. And we can install a server applications like MongoDB, e.g. the latest up-to-date version for MongoDB, and it is very the same for SQL Servers or web service. So we can take a look at Apache web server. And again, we have a bunch of stuff a year at the binary is our main change by repos for ARM architecture. So we have that, those versions without any compilation requirements. So FreeBSD is actually running quite smooth on the Raspberry PI is quite performant. And we can take a look how the RAM status looks like. We have a one gig of RAM available and it leaves a half is still available for us to install something. And we can take a look in, in, in a minute what all application we can run on such a small device. And S we could see we can run a database servers, we can run a web service. We can download and round almost anything available on various standard, several platforms. So back to download or freebies the page. We can run FreeBSD on any, even a small devices. There are just some unusual staff or support that as well directly from FreeBSD. So we can install for years FreeBSD. And we, we can know then jails are available on that platform as well. So jails are included in FreeBSD Operating System directly natively and are available on or architecture and platforms available and support that directly from FreeBSD environment. 29. What all we can run on 1GB RAM Raspberry 3b+: Okay, so let's take a look what we can run on one small Raspberry PI and FreeBSD and so on, this device. So we have a one gig to Tala round. This is just give them and we have Bastille command available because the tails are available. And we can take a look. We have a half of the ROM steal available. And we can see that it's just a running system. And we can find a six or seven jails running on this small Raspberry Pi device. So we can see that each device has, or each jailhouse a separate IP address assigned. So we have a separate servers running. It's, it's all gels are actually up, so they are running, eating around. And we can still see we have at least a half available. We can see running Caddy, It's kind of SSL proxy server. We have a menial as free like storage. We have a MongoDB running on the Raspberry PI on separate IP address, we have a gnats kind of messaging server running on Raspberry PI as well. We haven't no dread running. It's different beast here. We have a SQL Server running here. We have a separate jail, we have a MongoDB as a document database. We have a Sequel Postgres server running, and we have a radius running on a small machine as well. We have a bunch of gels running, bunch of servers running on this small device. And everything is actually running quite smooth without any significant performance peaks or a memory peaks or anything like that. So we can take a look at on processes running inside the FreeBSD, the Raspberry PI. And we can see there is a carry running. So we can see the radius running a SQL Server running no drought and nats and MongoDB. So all jails are really running with those processes or service inside, inside FreeBSD. So it's a view from the FreeBSD host actually. So we can see it's running and we can, we can use Raspberry PI for running DOS service, even in some kind of a devil opera as some kind of a devil opera environmental, because the device is quite small and we can run a bunch of servers creating a production like environment, e.g. because it's very the same environment as we are running on the, let's call it a big service. We can use the package manager here as well. We can install what we would like to use and we can we can install a best deal here as well, and then we can manage jails debt way. So Bastille, It's actually platform independent and it's available on the, on the Raspberry PI as well. So we can use this tool the same way as we have used on an AMD 64 platform. We can use Bastille on the environment to and to running the socks dot command against all gels running. We can see that it's quite performance running through all jail. So 2p6 just a second to get information from each jail. And we can really see the servers are running inside the EGL bound to separate IP addresses. And we have really a separate environment, quite a huge environment considering that we are running such a small device. And we have a full feature at a weapons servers. Or just looking again how the Raspberry PI actually looks like or specs looks like. We are running quad-core one dot 4 ghz processor here, ARM-based processor, and it's quiet enough to handle the staff. So we, again, we, we have a Raspberry PI supported by FreeBSD directly. So means jails are available natively for Raspberry PI as well. We have the best tail available for Raspberry PI, so we can use, we can install Bastille using a package command the same way as we have down for AMD 64. Architecture. And we can take advantage of running all Bastille commands against our jails. We can just update all jails, stop all jails who ran all jails? And we can take a look. Now, we stopped all jails running on our Raspberry PI. We can see increase of available RAM on our system. So free RAM increased because we killed or stopped all jails running. And two, we can just start all jails again. So one way, one way, one-by-one jail, or starting slowly. We have MongoDB starting here. Menial, a caddy, Bastille is actually waiting or jails are waiting until the gel is created and started. So we are waiting here for a little while. And Dan Baskerville, we'll actually continue through the other jails and start all jails available. So we have the gnats, no dread starting. We have a Postgres server starting radius, and that's all. So we have all jail, so running right now. And we can take a look. Yeah, we have all juiced up and running, so there was no issue if running all jails this way on our Raspberry PI and we can check the free RAM numbers, change a bit. But we still have actually a lot of rum considering we have just one gig and running or six or seven jails inside. So we can still add something to Raspberry, this gel environment, and run something else or another copy of of MongoDB, e.g. for other application. And just thinking and talking practically, this environment is actually quite performance. We can use the MongoDB. And if we don't use some are millions of items, e.g. for many, many users, we can round it smoothly and definitely we can use it for for deaf environment because we can just create a jail and remove and create another one with different MongoDB version. If we are talking about the MongoDB, e.g. so it's very easy to handle whether it's quite cheap device and easy to maintain because there is no running a hard drive, e.g. we just need it as the card. We can replace the SD card easily with different FreeBSD version, e.g. so we can have a FreeBSD 13 running and then switch to another SD card and running version 14 when available. So we can just conclude the jail cell running quite smooth on this small Raspberry Pi device.