FBSD jail versus VMWare? What services do YOU run in a jail?
Michael Ross
gmx at ross.cx
Fri Apr 25 17:47:21 UTC 2014
On Fri, 25 Apr 2014 18:46:12 +0200, Fbsd8 <fbsd8 at a1poweruser.com> wrote:
> Victor Sudakov wrote:
>> Fbsd8 wrote:
>>
>>> As the number of running jails increase the difficultly of managing
>>> them also increases. ezjail has no provisions
>>> to address this problem. qjail on the other hand is designed from the
>>> ground floor to simplify the administration of large scale jail
>>> environments [1 to 2000+ jails].
>> Where can I read more about the unique and advanced features of qjail
>> missing in ezjail?
>
> I have never come across a feature comparison between the two. But qjail
> is a fork of an old ezjail-3.1 version so much of the feel is the same.
>
> http://svnweb.freebsd.org/ports/head/sysutils/qjail/pkg-descr?revision=HEAD
> This link is a good place to start, then pkg install qjail & ezjail and
> read their man pages for the details your looking for.
>
> For a more general background on jails
> http://svnweb.freebsd.org/ports/head/sysutils/jail-primer/pkg-descr?revision=HEAD
> will bring you up to the current status as of release 9.2.
>
>> I am especially interested in features which help update and upgrade
>> multiple jails and software therein.
>> I must admit it's a bit of PITA in ezjail when it comes to upgrading
>> third party software. I have set up a pkg repository for that purpose,
>> but still I have to visit each jail individually and run "pkg upgrade"
>> from inside.
>>
(ezjail user here)
Couldn't you create one "master" jail,
and nullfs-mount /usr/local/(s)bin from there to the other jails?
Or, two master jails, and a nullfs mount chain
master1-local-sbin mounted to <mountpoint> and mount /usr/local/sbin
inside the jails there
update software in master2-local-sbin
change <mountpoint> mount from master1 to master2
restart ezjail
Also,
ls /usr/jails/myjail* | xargs -I% ezjail-admin console % -e pkg upgrade
(?, never tried)
>
> jail updates is really 2 different arenas. You have the update of the
> host system binaries and the update of ports.
>
> ezjail relies on the old "make buildworld" method.
Not necessarily:
ezjail-admin update -u
ezjail-admin update -U
Also note that qjail has a restrictive license - not allowed to fork
without author's permission.
Michael
> qjail has function to refresh the sharedfs from the running host.
> You can use what ever method you want to update your host running system
> and just copy the host running system to qjail. For maximum security and
> reliability the host and the jails MUST be running the same release
> level.
>
> The second arena is updating your installed ports. Before 10.0 and pkgng
> this was always a time consuming task. Ports running in jails are bound
> by the same requirements as running ports on the host. FreeBSD only
> guarantees ports to function across minor releases. such as moving from
> 9.0 to 9.1, but when moving across major releases such as moving from
> 8.2 to 9.0 your inventory of installed ports have to be updated by
> re-compiling using a current ports filesystem. This is also true for
> jails. Basing your ports major release update plans on pkgng instead of
> compiling the port and all its dependents is a great time saver. The
> only reason to visit each jail individually is if each jail has
> different mix of installed ports. In large scale jail environments the
> same port mix is often used in many jails and this is easy for qjail to
> duplicate.
>
>
>
>
>
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list