From owner-freebsd-questions@freebsd.org Fri Mar 26 20:45:55 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0A2B95AC094 for ; Fri, 26 Mar 2021 20:45:55 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from mail.foucry.net (mail.foucry.net [IPv6:2a01:4f9:4a:1fd8::17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4F6YsG2K54z3jSw for ; Fri, 26 Mar 2021 20:45:54 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from mail.foucry.net (unknown [192.168.12.17]) by mail.foucry.net (Postfix) with ESMTP id BEA698D29 for ; Fri, 26 Mar 2021 20:45:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at foucry.net Received: from mail.foucry.net ([192.168.12.17]) by mail.foucry.net (mail.foucry.net [192.168.12.17]) (amavisd-new, port 10024) with ESMTP id L0nBgJmIOqoK for ; Fri, 26 Mar 2021 20:45:51 +0000 (UTC) Received: by mail.foucry.net (Postfix, from userid 58) id A56DA8F83; Fri, 26 Mar 2021 20:45:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=foucry.net; s=dkim; t=1616791551; bh=9ThK1fBE8YI+Tr5kPu/I/fbctVC5H6uDwVnHrkUN+Tw=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=TnXNYy9yNrTdgGaUeVXhXkgiQMfQveQTLrbzUYU+AkImZDXPQLnSoow1E/SnPrxVZ bbcZhcwE8NmNmauC16q5Ny5u06KKo+EMuYZjdmgPN7cImZqUV6hpFdKexPlqWTVlHl PfJbooSkOwvQl1NGNx6VNxmAtyMFrUXMKI8rcKlQ= Received: from mithril.foucry.net (lfbn-dij-1-1138-109.w90-125.abo.wanadoo.fr [90.125.86.109]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.foucry.net (Postfix) with ESMTPSA id 181B38F04; Fri, 26 Mar 2021 20:45:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=foucry.net; s=dkim; t=1616791549; bh=9ThK1fBE8YI+Tr5kPu/I/fbctVC5H6uDwVnHrkUN+Tw=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=vsj3MfTgXNzqHhapaMXEAARKBQgP7FdY4MlOSs56fOmKSyZSCgiDK/A8bGhwD+oiK gZalZm8JgP7mPTACbSab9WO8jcIFcjOzAxj+A0P3bKOV27j/+jbCnEmZYBZEEj/GTI 6UI1hmUvhPJuFZ5h5XBZeIdHtzLRDZL0w94lOREc= Received: from mithril.foucry.net (localhost [IPv6:::1]) by mithril.foucry.net (Postfix) with ESMTPS id 27B496840F; Fri, 26 Mar 2021 21:45:48 +0100 (CET) Date: Fri, 26 Mar 2021 21:45:47 +0100 From: Jacques Foucry To: Dan Langille Cc: freebsd-questions@freebsd.org Subject: Re: Move jails hard way to iocage Message-ID: Mail-Followup-To: Dan Langille , freebsd-questions@freebsd.org References: <5ce88d31-5372-4d26-8d35-d13b73ec7b71@www.fastmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5ce88d31-5372-4d26-8d35-d13b73ec7b71@www.fastmail.com> X-Operating-System: FreeBSD X-Rspamd-Queue-Id: 4F6YsG2K54z3jSw X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=foucry.net header.s=dkim header.b=TnXNYy9y; dkim=pass header.d=foucry.net header.s=dkim header.b=vsj3MfTg; dmarc=pass (policy=none) header.from=foucry.net; spf=pass (mx1.freebsd.org: domain of jacques@foucry.net designates 2a01:4f9:4a:1fd8::17 as permitted sender) smtp.mailfrom=jacques@foucry.net X-Spamd-Result: default: False [-4.00 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[foucry.net:s=dkim]; RCVD_COUNT_FIVE(0.00)[6]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RBL_DBL_DONT_QUERY_IPS(0.00)[2a01:4f9:4a:1fd8::17:from]; SPAMHAUS_ZRD(0.00)[2a01:4f9:4a:1fd8::17:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[foucry.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[foucry.net,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f9::/32, country:DE]; TAGGED_FROM(0.00)[freebsd]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2021 20:45:55 -0000 Le vendredi 26 mars 2021 à 09:00:24 (-0400), Dan Langille à écrit: > On Fri, Mar 26, 2021, at 5:34 AM, Dan Langille wrote: > > On Fri, Mar 26, 2021, at 5:28 AM, Jacques Foucry wrote: > > > Hello Friends, > > > > > > I run many jails, configured in the "hard way" (ie `/etc/jail.conf` file) and > > > I would like to move them into iocage. > > > > > > I can't find any help on the Internet (may be I did search corretly). > > > > > > Did some own have a pointer or a how-to? > > > > > > Thanks in advance for your time and advises, > > > > https://dan.langille.org/2021/02/28/converting-an-iocage-jail-to-a-vanilla-jail/ > > > Sorry, I misread, and though you were moving to jails. No problem :-) > > This is from ezjail to iocage. Might help. > > https://dan.langille.org/2019/04/08/converting-thin-jails-to-thick-jails/ Sure it's help. > Yes, I have been moving from iocage to vanilla jails. I find it better suits my use > cases, specifically my FreshPorts jails which contain zfs file systems which it > must occasionally issue a 'zfs rollback'. I also like that my jails start or stop > faster. The additional work I need to do relates to jail creation (creating the > file systems etc). For that, I'm using https://github.com/mkjail/mkjail - in fact, > this morning I am using that to update several jails. > > e.g. [dvl@r720-02:~/src/mkjail/src] $ sudo bin/mkjail upgrade -v 12.2-RELEASE -j nginx01 Interesting, may be I will reconsider switching… > > After reading FreeBSD Mastery: Jails I saw how straight forward a jail.conf entry can > be. https://mwl.io/nonfiction/os#fmjail I read it, but there's no words about VNET and vanilla jails. Seems a little bit more difficult and all the jails must be switch at the same time (as I saw from my small experience). But I read to that you are not very happy with VNET jails :-) Btw, it's very hard to make my own opion with all the different experiences I read. :-) That said, and off topic, thanks for your blog, your shared experiences, FreshPorts and all you do for the community. -- Jacques Foucry