FBSD jail versus VMWare? What services do YOU run in a jail?

Fbsd8 fbsd8 at a1poweruser.com
Fri Apr 25 16:46:27 UTC 2014

Victor Sudakov wrote:
> Fbsd8 wrote:
>> As the number of running jails increase the 
>> difficultly of managing them also increases. ezjail has no provisions
>> to address this problem. qjail on the other hand is designed from the 
>> ground floor to simplify the administration of large scale jail 
>> environments [1 to 2000+ jails]. 
> Where can I read more about the unique and advanced features of qjail
> missing in ezjail?

I have never come across a feature comparison between the two. But qjail 
is a fork of an old ezjail-3.1 version so much of the feel is the same.

This link is a good place to start, then pkg install qjail & ezjail and 
read their man pages for the details your looking for.

For a more general background on jails 
will bring you up to the current status as of release 9.2.

> I am especially interested in features which help update and upgrade
> multiple jails and software therein.
> I must admit it's a bit of PITA in ezjail when it comes to upgrading
> third party software. I have set up a pkg repository for that purpose,
> but still I have to visit each jail individually and run "pkg upgrade"
> from inside.

jail updates is really 2 different arenas. You have the update of the 
host system binaries and the update of ports.

ezjail relies on the old "make buildworld" method. qjail has function to 
refresh the sharedfs from the running host. You can use what ever method 
you want to update your host running system and just copy the host 
running system to qjail. For maximum security and reliability the host 
and the jails MUST be running the same release level.

The second arena is updating your installed ports. Before 10.0 and pkgng 
this was always a time consuming task. Ports running in jails are bound 
by the same requirements as running ports on the host. FreeBSD only 
guarantees ports to function across minor releases. such as moving from 
9.0 to 9.1, but when moving across major releases such as moving from 
8.2 to 9.0 your inventory of installed ports have to be updated by 
re-compiling using a current ports filesystem. This is also true for 
jails. Basing your ports major release update plans on pkgng instead of 
compiling the port and all its dependents is a great time saver. The 
only reason to visit each jail individually is if each jail has 
different mix of installed ports. In large scale jail environments the 
same port mix is often used in many jails and this is easy for qjail to 

More information about the freebsd-questions mailing list