From owner-freebsd-questions@FreeBSD.ORG Fri Apr 25 17:47:20 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CD3D02D2 for ; Fri, 25 Apr 2014 17:47:20 +0000 (UTC) Received: from www81.your-server.de (www81.your-server.de [213.133.104.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8728411D6 for ; Fri, 25 Apr 2014 17:47:20 +0000 (UTC) Received: from [92.76.90.49] (helo=michael-think) by www81.your-server.de with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1Wdjx4-0000k6-12; Fri, 25 Apr 2014 19:30:18 +0200 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: "Victor Sudakov" , Fbsd8 Subject: Re: FBSD jail versus VMWare? What services do YOU run in a jail? References: <53580129.5010909@ssimicro.com> <033901cf603f$55a1ffc0$00e5ff40$@FreeBSD.org> <535A468D.7080006@a1poweruser.com> <20140425120532.GB89790@admin.sibptus.tomsk.ru> <535A9154.4010205@a1poweruser.com> Date: Fri, 25 Apr 2014 19:30:10 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Michael Ross" Message-ID: In-Reply-To: <535A9154.4010205@a1poweruser.com> User-Agent: Opera Mail/1.0 (Win32) X-Authenticated-Sender: gmx@ross.cx X-Virus-Scanned: Clear (ClamAV 0.97.8/18858/Fri Apr 25 14:33:34 2014) Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Apr 2014 17:47:21 -0000 On Fri, 25 Apr 2014 18:46:12 +0200, Fbsd8 wrote: > Victor Sudakov wrote: >> Fbsd8 wrote: >> >>> As the number of running jails increase the difficultly of managing >>> them also increases. ezjail has no provisions >>> to address this problem. qjail on the other hand is designed from the >>> ground floor to simplify the administration of large scale jail >>> environments [1 to 2000+ jails]. >> Where can I read more about the unique and advanced features of qjail >> missing in ezjail? > > I have never come across a feature comparison between the two. But qjail > is a fork of an old ezjail-3.1 version so much of the feel is the same. > > http://svnweb.freebsd.org/ports/head/sysutils/qjail/pkg-descr?revision=HEAD > This link is a good place to start, then pkg install qjail & ezjail and > read their man pages for the details your looking for. > > For a more general background on jails > http://svnweb.freebsd.org/ports/head/sysutils/jail-primer/pkg-descr?revision=HEAD > will bring you up to the current status as of release 9.2. > >> I am especially interested in features which help update and upgrade >> multiple jails and software therein. >> I must admit it's a bit of PITA in ezjail when it comes to upgrading >> third party software. I have set up a pkg repository for that purpose, >> but still I have to visit each jail individually and run "pkg upgrade" >> from inside. >> (ezjail user here) Couldn't you create one "master" jail, and nullfs-mount /usr/local/(s)bin from there to the other jails? Or, two master jails, and a nullfs mount chain master1-local-sbin mounted to and mount /usr/local/sbin inside the jails there update software in master2-local-sbin change mount from master1 to master2 restart ezjail Also, ls /usr/jails/myjail* | xargs -I% ezjail-admin console % -e pkg upgrade (?, never tried) > > jail updates is really 2 different arenas. You have the update of the > host system binaries and the update of ports. > > ezjail relies on the old "make buildworld" method. Not necessarily: ezjail-admin update -u ezjail-admin update -U Also note that qjail has a restrictive license - not allowed to fork without author's permission. Michael > qjail has function to refresh the sharedfs from the running host. > You can use what ever method you want to update your host running system > and just copy the host running system to qjail. For maximum security and > reliability the host and the jails MUST be running the same release > level. > > The second arena is updating your installed ports. Before 10.0 and pkgng > this was always a time consuming task. Ports running in jails are bound > by the same requirements as running ports on the host. FreeBSD only > guarantees ports to function across minor releases. such as moving from > 9.0 to 9.1, but when moving across major releases such as moving from > 8.2 to 9.0 your inventory of installed ports have to be updated by > re-compiling using a current ports filesystem. This is also true for > jails. Basing your ports major release update plans on pkgng instead of > compiling the port and all its dependents is a great time saver. The > only reason to visit each jail individually is if each jail has > different mix of installed ports. In large scale jail environments the > same port mix is often used in many jails and this is easy for qjail to > duplicate. > > > > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"