Custom base jails for ZFS replication

Miroslav Lachman 000.fbsd at
Wed Dec 21 13:55:46 UTC 2016

Randy Westlund wrote on 2016/12/21 06:59:
> Is there a jail management tool that lets you install packages in a base
> jail, and share that with multiple thin jails?
> I want to deploy many thin jails across multiple servers, and be able to
> update both the base system and ports in a base jail and then ZFS
> replicate that to the base jails on the production servers.  I'd like
> the thin jails to only contain my customer-specific application data, so
> I don't have to manually update all of them.
> I don't see any way to do this with ezjail or iocage.  Does anyone else
> have a deployment like this?

I don't think there is some tool to achieve your needs. But jails are so 
simple in reality that instead of trying to workaround limitations of 
existing tools I recommend to setup this by standard base utilities 
(jail.conf + fstab + ZFS replication)

But once you dig deep in to this you will realise that jail is the 
simpler part of this problem. Many ports are writing to /usr/local. So 
until you teach each of your port to not do it then you can have problem 
with updating by ZFS send.

If you are 100% sure that your ports don't write to /usr/local any 
valuable data, then you can just create one full jail with base system 
and needed packages, replicate this jail to whatever place you want 
(local or remote machines). Then make directory with /etc /usr/local/etc 
/dev /var and /tmp for each jail (jail's private data) plus dozen of 
symlinks to nullfs mounted dirs and start these jails by standard 
service jail start (configuration is in /etc/jail.conf on machines 
running specific jails)
Each jail will have own fstab file to mount your "application data" and 
nullfs mount of share base + packages.

It is not so hard as it can look. And it can easily be scripted and 
customised for your needs. (scripted updates with ZFS send & receive, 
cloning, snapshots etc.)

Miroslav Lachman

More information about the freebsd-ports mailing list