FBSD jail versus VMWare? What services do YOU run in a jail?
Fbsd8
fbsd8 at a1poweruser.com
Fri Apr 25 16:46:27 UTC 2014
Victor Sudakov wrote:
> Fbsd8 wrote:
>
>> As the number of running jails increase the
>> difficultly of managing them also increases. ezjail has no provisions
>> to address this problem. qjail on the other hand is designed from the
>> ground floor to simplify the administration of large scale jail
>> environments [1 to 2000+ jails].
>
> Where can I read more about the unique and advanced features of qjail
> missing in ezjail?
I have never come across a feature comparison between the two. But qjail
is a fork of an old ezjail-3.1 version so much of the feel is the same.
http://svnweb.freebsd.org/ports/head/sysutils/qjail/pkg-descr?revision=HEAD
This link is a good place to start, then pkg install qjail & ezjail and
read their man pages for the details your looking for.
For a more general background on jails
http://svnweb.freebsd.org/ports/head/sysutils/jail-primer/pkg-descr?revision=HEAD
will bring you up to the current status as of release 9.2.
>
> I am especially interested in features which help update and upgrade
> multiple jails and software therein.
>
> I must admit it's a bit of PITA in ezjail when it comes to upgrading
> third party software. I have set up a pkg repository for that purpose,
> but still I have to visit each jail individually and run "pkg upgrade"
> from inside.
>
>
jail updates is really 2 different arenas. You have the update of the
host system binaries and the update of ports.
ezjail relies on the old "make buildworld" method. qjail has function to
refresh the sharedfs from the running host. You can use what ever method
you want to update your host running system and just copy the host
running system to qjail. For maximum security and reliability the host
and the jails MUST be running the same release level.
The second arena is updating your installed ports. Before 10.0 and pkgng
this was always a time consuming task. Ports running in jails are bound
by the same requirements as running ports on the host. FreeBSD only
guarantees ports to function across minor releases. such as moving from
9.0 to 9.1, but when moving across major releases such as moving from
8.2 to 9.0 your inventory of installed ports have to be updated by
re-compiling using a current ports filesystem. This is also true for
jails. Basing your ports major release update plans on pkgng instead of
compiling the port and all its dependents is a great time saver. The
only reason to visit each jail individually is if each jail has
different mix of installed ports. In large scale jail environments the
same port mix is often used in many jails and this is easy for qjail to
duplicate.
More information about the freebsd-questions
mailing list