Custom base jails for ZFS replication

Ernie Luzar luzar722 at
Wed Dec 21 13:06:04 UTC 2016

Randy Westlund wrote:
> Is there a jail management tool that lets you install packages in a base
> jail, and share that with multiple thin jails?
> I want to deploy many thin jails across multiple servers, and be able to
> update both the base system and ports in a base jail and then ZFS
> replicate that to the base jails on the production servers.  I'd like
> the thin jails to only contain my customer-specific application data, so
> I don't have to manually update all of them.
> I don't see any way to do this with ezjail or iocage.  Does anyone else
> have a deployment like this?

Your meaning of basejail and thin jail is not clear. If by basejail you 
mean the running binaries directories of the OS which are unllfs'ed and 
shared with many thinjails being the /local directory tree + /etc, them 
yes. Using qjail you create a single basejail and a templetejail using 
command "qjail install". Them create a thin jail called seedjail. To 
this seedjail you pkg install all the common ports you want available to 
all your other jails. Them create each new thinjail using the seedjail 
as input. After you have created all your thinjails you can move them to 
what ever other machines as long as the target machines are running the 
same base version of OS as the machine you created your thinjails on. 
This also goes for the basejail. Take note, The packages you install 
into the seedjail have no user application data. If the production 
thinjails have unique application user data you will have to copy this 
user data to the corresponding new thinjails.

Lets say you only run apache servers. That each machine runs 5 different 
jailed apache servers the only difference being the zfs userdata 
directory tree accessed by each of those jailed apache servers. With 
qjail you create the basejail them a single standard seedjail. Create 5 
apache thinjails using the seedjail as input. Then use qjail config 
function to add a mount zfs filesystem jail(8) parameter for each unique 
apache thinjail. To move this qjail environment to different machines 
you would have to copy qjail's internal control files in 
/usr/local/etc/qjail/* to the target machine overriding what ever is 
there already. The existing zfs user data would move forward being 
untouched by the jail update you created on the update machine. The 
above is based on all the different machines all assign the thinjails 
the same ip address. If this is not so then use the qjail config 
function to change the thinjails unique ip address for each machine.

The qjail man page has great documentation on usage and seed jails are 
covered in the documentation.


Now as I re-read yourr post I see that your usage of basejail/thinjail 
is misleading. What you may really want is a fulljail; ie; complete copy 
of the os system with selected ports installed that at jail start time 
mounts your unique separate userdate zfs filesystems. This can be 
achieved using jail(8). There are no canned utilities that I know of 
that work this way. The jail-primer port gives great info on jail(8) 
usage and includes scripts that you can use as a base to grow your own 
automated jail environment from.

More information about the freebsd-ports mailing list