From owner-freebsd-jail@FreeBSD.ORG Tue May 13 12:12:10 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6CE73EB4 for ; Tue, 13 May 2014 12:12:10 +0000 (UTC) Received: from relay.mailchannels.net (si-002-i86.relay.mailchannels.net [173.236.122.36]) by mx1.freebsd.org (Postfix) with ESMTP id AE28C2FD2 for ; Tue, 13 May 2014 12:12:08 +0000 (UTC) X-Sender-Id: _forwarded-from|107.201.34.133 Received: from mail-24.name-services.com (unknown [10.237.3.9]) by relay.mailchannels.net (Postfix) with ESMTPA id 9BCBD60242; Tue, 13 May 2014 12:12:06 +0000 (UTC) X-Sender-Id: _forwarded-from|107.201.34.133 Received: from mail-24.name-services.com (mail-24.name-services.com [10.235.16.137]) (using TLSv1 with cipher AES128-SHA) by 0.0.0.0:2500 (trex/5.1.2); Tue, 13 May 2014 12:12:07 GMT X-MC-Relay: Forwarding X-MailChannels-SenderId: _forwarded-from%7C107.201.34.133 X-MailChannels-Auth-Id: demandmedia Received: from [10.0.10.1] (107-201-34-133.lightspeed.bcvloh.sbcglobal.net [107.201.34.133]) by mail-24.name-services.com with SMTP; Tue, 13 May 2014 05:12:00 -0700 Message-ID: <53720C0F.9010707@a1poweruser.com> Date: Tue, 13 May 2014 08:11:59 -0400 From: Fbsd8 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: freebsd_jail@dachev.info Subject: Re: new jail framework with vnet, zfs and jail.conf support References: <640993be45d72e4dac19181ae6644d27@dachev.info> In-Reply-To: <640993be45d72e4dac19181ae6644d27@dachev.info> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 May 2014 12:12:10 -0000 freebsd_jail@dachev.info wrote: > Hi, > > I'm currently in process of development of new tool for easy jail > administration with zfs and vimage/vnet(bridge epair interface) support > The idea is to have a single application (python script) without any > other confg files and customization > This tool is written on Python, also work only with vnet, zfs and > FreeBSD 10 (probably will work on FreeBSD 9.1 but i never test it) > JADM work only with native /etc/jail.conf > When is started for first time jadm generate new /etc/jail.conf in > special format developed by me. > jail.conf file can be used and without JADM. > > for more information please contact me or visit: > https://github.com/NikolayDachev/jadm > > JADM is in development status more of functions work normal (with bugs > but work :)). > > Unfortunately i don't have a lot of time for it so i need test users. > At the moment last function for JADM is to support skeleton jail model > (similar to ezjail with base jail and etc.) > This function is still in progress meanwhile, if someone have a time to > test all other functions and to report any issue, bug or ideas > > > I think you have made some poor basic design choices. 1. Requiring python as a dependent. Thats a lot of overhead just for a script. Not a show stopper, but a csh script would have been better. 2. Using the highly experimental "vimage" as the cornerstone of the over all design. Vimage has many long standing PRs, does not work with any of the firewalls, has NO maintainer, requires a custom kernel to enable. This is a major show stopper. Can not risk a production jail environment on highly experimental software. Even if vimage gets a maintainer, all the firewalls need to be updated to play nice in an vimage environment, and there are existing PRs to that effect which the firewall maintainers are reluctant to address because of vimage's status as highly experimental. What your trying to do may never bare fruit due to things totally out of your control. 3. Should use the allow_zfs option of jail(8) instead of embedded native zfs commands. With surgery JADM could become a ZFS admin script, there is a need for that and one does not exist that I know of.