Custom base jails for ZFS replication
000.fbsd at quip.cz
Wed Dec 21 13:55:46 UTC 2016
Randy Westlund wrote on 2016/12/21 06:59:
> Is there a jail management tool that lets you install packages in a base
> jail, and share that with multiple thin jails?
> I want to deploy many thin jails across multiple servers, and be able to
> update both the base system and ports in a base jail and then ZFS
> replicate that to the base jails on the production servers. I'd like
> the thin jails to only contain my customer-specific application data, so
> I don't have to manually update all of them.
> I don't see any way to do this with ezjail or iocage. Does anyone else
> have a deployment like this?
I don't think there is some tool to achieve your needs. But jails are so
simple in reality that instead of trying to workaround limitations of
existing tools I recommend to setup this by standard base utilities
(jail.conf + fstab + ZFS replication)
But once you dig deep in to this you will realise that jail is the
simpler part of this problem. Many ports are writing to /usr/local. So
until you teach each of your port to not do it then you can have problem
with updating by ZFS send.
If you are 100% sure that your ports don't write to /usr/local any
valuable data, then you can just create one full jail with base system
and needed packages, replicate this jail to whatever place you want
(local or remote machines). Then make directory with /etc /usr/local/etc
/dev /var and /tmp for each jail (jail's private data) plus dozen of
symlinks to nullfs mounted dirs and start these jails by standard
service jail start (configuration is in /etc/jail.conf on machines
running specific jails)
Each jail will have own fstab file to mount your "application data" and
nullfs mount of share base + packages.
It is not so hard as it can look. And it can easily be scripted and
customised for your needs. (scripted updates with ZFS send & receive,
cloning, snapshots etc.)
More information about the freebsd-ports