Custom base jails for ZFS replication
luzar722 at gmail.com
Wed Dec 21 13:06:04 UTC 2016
Randy Westlund wrote:
> Is there a jail management tool that lets you install packages in a base
> jail, and share that with multiple thin jails?
> I want to deploy many thin jails across multiple servers, and be able to
> update both the base system and ports in a base jail and then ZFS
> replicate that to the base jails on the production servers. I'd like
> the thin jails to only contain my customer-specific application data, so
> I don't have to manually update all of them.
> I don't see any way to do this with ezjail or iocage. Does anyone else
> have a deployment like this?
Your meaning of basejail and thin jail is not clear. If by basejail you
mean the running binaries directories of the OS which are unllfs'ed and
shared with many thinjails being the /local directory tree + /etc, them
yes. Using qjail you create a single basejail and a templetejail using
command "qjail install". Them create a thin jail called seedjail. To
this seedjail you pkg install all the common ports you want available to
all your other jails. Them create each new thinjail using the seedjail
as input. After you have created all your thinjails you can move them to
what ever other machines as long as the target machines are running the
same base version of OS as the machine you created your thinjails on.
This also goes for the basejail. Take note, The packages you install
into the seedjail have no user application data. If the production
thinjails have unique application user data you will have to copy this
user data to the corresponding new thinjails.
Lets say you only run apache servers. That each machine runs 5 different
jailed apache servers the only difference being the zfs userdata
directory tree accessed by each of those jailed apache servers. With
qjail you create the basejail them a single standard seedjail. Create 5
apache thinjails using the seedjail as input. Then use qjail config
function to add a mount zfs filesystem jail(8) parameter for each unique
apache thinjail. To move this qjail environment to different machines
you would have to copy qjail's internal control files in
/usr/local/etc/qjail/* to the target machine overriding what ever is
there already. The existing zfs user data would move forward being
untouched by the jail update you created on the update machine. The
above is based on all the different machines all assign the thinjails
the same ip address. If this is not so then use the qjail config
function to change the thinjails unique ip address for each machine.
The qjail man page has great documentation on usage and seed jails are
covered in the documentation.
Now as I re-read yourr post I see that your usage of basejail/thinjail
is misleading. What you may really want is a fulljail; ie; complete copy
of the os system with selected ports installed that at jail start time
mounts your unique separate userdate zfs filesystems. This can be
achieved using jail(8). There are no canned utilities that I know of
that work this way. The jail-primer port gives great info on jail(8)
usage and includes scripts that you can use as a base to grow your own
automated jail environment from.
More information about the freebsd-ports