Date: Wed, 21 Dec 2016 21:06:08 +0800 From: Ernie Luzar <luzar722@gmail.com> To: Randy Westlund <rwestlun@gmail.com> Cc: ports@freebsd.org Subject: Re: Custom base jails for ZFS replication Message-ID: <585A7E40.40602@gmail.com> In-Reply-To: <20161221055923.GA24599@gmail.com> References: <20161221055923.GA24599@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Randy Westlund wrote: > Is there a jail management tool that lets you install packages in a base > jail, and share that with multiple thin jails? > > I want to deploy many thin jails across multiple servers, and be able to > update both the base system and ports in a base jail and then ZFS > replicate that to the base jails on the production servers. I'd like > the thin jails to only contain my customer-specific application data, so > I don't have to manually update all of them. > > I don't see any way to do this with ezjail or iocage. Does anyone else > have a deployment like this? Your meaning of basejail and thin jail is not clear. If by basejail you mean the running binaries directories of the OS which are unllfs'ed and shared with many thinjails being the /local directory tree + /etc, them yes. Using qjail you create a single basejail and a templetejail using command "qjail install". Them create a thin jail called seedjail. To this seedjail you pkg install all the common ports you want available to all your other jails. Them create each new thinjail using the seedjail as input. After you have created all your thinjails you can move them to what ever other machines as long as the target machines are running the same base version of OS as the machine you created your thinjails on. This also goes for the basejail. Take note, The packages you install into the seedjail have no user application data. If the production thinjails have unique application user data you will have to copy this user data to the corresponding new thinjails. Lets say you only run apache servers. That each machine runs 5 different jailed apache servers the only difference being the zfs userdata directory tree accessed by each of those jailed apache servers. With qjail you create the basejail them a single standard seedjail. Create 5 apache thinjails using the seedjail as input. Then use qjail config function to add a mount zfs filesystem jail(8) parameter for each unique apache thinjail. To move this qjail environment to different machines you would have to copy qjail's internal control files in /usr/local/etc/qjail/* to the target machine overriding what ever is there already. The existing zfs user data would move forward being untouched by the jail update you created on the update machine. The above is based on all the different machines all assign the thinjails the same ip address. If this is not so then use the qjail config function to change the thinjails unique ip address for each machine. The qjail man page has great documentation on usage and seed jails are covered in the documentation. *************************** Now as I re-read yourr post I see that your usage of basejail/thinjail is misleading. What you may really want is a fulljail; ie; complete copy of the os system with selected ports installed that at jail start time mounts your unique separate userdate zfs filesystems. This can be achieved using jail(8). There are no canned utilities that I know of that work this way. The jail-primer port gives great info on jail(8) usage and includes scripts that you can use as a base to grow your own automated jail environment from.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?585A7E40.40602>