From owner-freebsd-questions@freebsd.org Fri Apr 3 21:38:22 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CAE8527285B for ; Fri, 3 Apr 2020 21:38:22 +0000 (UTC) (envelope-from ihor@antonovs.family) Received: from mail.antonovs.family (mail.antonovs.family [100.25.240.195]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.antonovs.family", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vCw63x4Pz4CpF for ; Fri, 3 Apr 2020 21:37:57 +0000 (UTC) (envelope-from ihor@antonovs.family) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=antonovs.family; s=20200215; t=1585949865; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=CKTWVOP7Rhg7de/90+ayonoIRaQ/1M//8CrjWrdBLoY=; b=BBFOcqFEYfwULWcy5qnVikaW4jzHilLsp1vn89WOqO71Z84v2P7/8itpEmTQO/bzZrpS+Q 4ofptho1jlTBjXQza6B9yu5Bpiux28qGCtnK8VngWUqMYGW4fjA6i3+RUZHIWq+Bl0QVw2 GDsaYqfe2L9Qmph8kaPaGMlf5NYVXKI= Received: by mail.antonovs.family (OpenSMTPD) with ESMTPSA id c8f0e3b2 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 3 Apr 2020 21:37:45 +0000 (UTC) Date: Fri, 3 Apr 2020 14:37:42 -0700 From: Ihor Antonov To: Alejandro Imass Cc: FreeBSD Questions Subject: Re: Bastille vs. iocage vs.CBSD opinions? Message-ID: <20200403213742.pdyuuoqudro3qvx4@sea-ll-10936> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 48vCw63x4Pz4CpF X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=antonovs.family header.s=20200215 header.b=BBFOcqFE; dmarc=pass (policy=none) header.from=antonovs.family; spf=pass (mx1.freebsd.org: domain of ihor@antonovs.family designates 100.25.240.195 as permitted sender) smtp.mailfrom=ihor@antonovs.family X-Spamd-Result: default: False [-4.91 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[antonovs.family:s=20200215]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-3.41)[ip: (-9.38), ipnet: 100.24.0.0/13(-4.58), asn: 14618(-3.03), country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[antonovs.family:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[antonovs.family,none]; RCVD_IN_DNSWL_FAIL(0.00)[195.240.25.100.list.dnswl.org:query timed out]; SUBJECT_ENDS_QUESTION(1.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:14618, ipnet:100.24.0.0/13, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 21:38:23 -0000 On 2020-04-03 16:48, Alejandro Imass wrote: > I'm having a hard time picking between these three. > Just want to get a general pulse on the long-time experts here. > No intention to create any flame wars, just objective comments pls. Hey Alejandro, I can't give any advice on CBSD, but here is my 2 cents on iocage vs bastille Iocage: - Written in python, so has bigger dependencies footprint - ZFS only (does not work with UFS) - Uses its own settings files and format, disconnected from jails.conf (this is good and bad, bad if iocage breaks you cant start the jail manually) - Supported by IXSystems ( not 100% sure on this one) - Has a concept of "plugins". "plugins" is a misnomer, in fact this is a way to allow user to provide some input to a deployed image to customize it. My experience with plugins was not very successful. Plugins are expressed in awkward json format without proper documentation (I haven't found any, so if someone knows where to find it - please share) - Core set of features is mature enough to use it in the wild - M.Lucas in his Jails book advocates iocage as one of the recommended tools - supports resouce control with rctl BastilleBSD - Written in shell, zero dependencies if you have shell interpreter :) - Works with UFS and ZFS - AFAIK uses jail.conf to store configuration (not 100% sure) - Has concept of templates, which I find to be much better than iocage's plugins - Less mature, I often encounter bugs or unexpected behaviour. To it's defence the tools is very young, and is being actively developed, new features and fixes are being added every day. It did not exists at the time M.Lucas was writing Jails book. - The author is very responsive and replies to comments and issues on github (same thing can probably be said about iocage, but I personally did not test this) - last time I checked did not support rctl Both tools support VNET jails. Overall you should pick a tool for your task. But if both tools fit I'd recommend trying BastilleBSD as I personally like it's approach better. It might not be a super smooth ride, but you can help improve the tool and give the author first hand feedback ---- Ihor