From owner-freebsd-jail@freebsd.org Mon Feb 22 08:17:57 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E6A8DAAFC9D for ; Mon, 22 Feb 2016 08:17:56 +0000 (UTC) (envelope-from ari@ish.com.au) Received: from mail13.tpgi.com.au (mail13.tpgi.com.au [203.12.160.181]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "*.tpg.com.au", Issuer "RapidSSL SHA256 CA - G3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 889941CCA for ; Mon, 22 Feb 2016 08:17:55 +0000 (UTC) (envelope-from ari@ish.com.au) X-TPG-Junk-Status: Message not scanned X-TPG-Abuse: host=[202.161.115.54]; ip=202.161.115.54; date=Mon, 22 Feb 2016 19:17:52 +1100 Received: from fish.ish.com.au (202-161-115-54.static.tpgi.com.au [202.161.115.54] (may be forged)) by mail13.tpgi.com.au (envelope-from ari@ish.com.au) (8.14.3/8.14.3) with ESMTP id u1M8HohV025080 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 22 Feb 2016 19:17:52 +1100 Received: from ip-136.ish.com.au ([203.29.62.136]:61597) by fish.ish.com.au with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1aXlgb-000566-1f; Mon, 22 Feb 2016 19:17:42 +1100 X-CTCH-RefID: str=0001.0A150202.56CAC425.02E7:SCFSTAT29393324, ss=1, re=-4.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 Subject: Re: Jail management To: markham breitbach References: Cc: freebsd-jail From: Aristedes Maniatis X-Enigmail-Draft-Status: N1110 Message-ID: <7b947a1c-824b-193d-3dc3-49d876b21be9@ish.com.au> Date: Mon, 22 Feb 2016 19:17:40 +1100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="kejBCIdMMi0t6KHUxxURT5nll3bLgg39w" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Feb 2016 08:17:57 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --kejBCIdMMi0t6KHUxxURT5nll3bLgg39w Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Markham wrote: > One of the solutions I have found to the version issue is to build my o= wn package repo. I build the packages the way I want, and then upload the= m to my own package repo (which is just another jail running thttpd). I a= lso keep a jail running with the ports tree frozen at the versions I am u= sing for production. Thanks for that idea. However I'm already doing all that with poudriere a= nd it works well. However creating a new poudriere repo every 4 weeks wou= ld be a little cumbersome. Steve Hartland wrote: > Checkout qjail from your description I think it will do what you want. I took a look at the documentation I could find (just some stuff on Sourc= eforge really) but nothing in qjail seemed to solve the issues of multipl= e basejails or anything else that was causing me issues with ezjail. I also discovered iocage which looks quite different and interesting. I'm= still reading about it, but it seems to: * have multiple basejails * use unionfs to create a "jail package" which looks like an overlay on a= jail. However there doesn't appear to be a feature to "undeploy" a packa= ge, so not sure if it is the best way to deploy a certain version of an a= pplication. * have also a template feature which looks like the ezjail 'flavour'. You= can't change the template after you make a jail. Again, it looks like "d= estroy jail" and make a new one. I can't really understand the different practical use cases of 'package' = and 'template' since they seem both very similar to ezjail flavours excep= t in how you create them in the first place. But the multiple basejail idea might just be what I need. I create a new = basejail once a month with each new release of the software. I can't swit= ch existing jails to a new basejail (I think), but I'd need to destroy an= d recreate it from a new base and add my jail specific config bits. Each jail could be upgraded as needed and not necessarily at the same tim= e. Nice. Ari --=20 --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A --kejBCIdMMi0t6KHUxxURT5nll3bLgg39w Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlbKxCQACgkQ72p9Lj5JECo7EQCfT46hq9aA62pBAbWVvjHQPe7j XAIAn3sxocIRXj0E42stY6JJgp80DvCh =9+Cj -----END PGP SIGNATURE----- --kejBCIdMMi0t6KHUxxURT5nll3bLgg39w--