From owner-freebsd-jail@FreeBSD.ORG Fri Jan 23 21:00:34 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5E88CA6B for ; Fri, 23 Jan 2015 21:00:34 +0000 (UTC) Received: from mail.michaelwlucas.com (mail.michaelwlucas.com [108.61.84.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 05795F6 for ; Fri, 23 Jan 2015 21:00:33 +0000 (UTC) Received: from mail.michaelwlucas.com (localhost [127.0.0.1]) by mail.michaelwlucas.com (8.14.7/8.14.7) with ESMTP id t0NL0UXQ045140 for ; Fri, 23 Jan 2015 16:00:30 -0500 (EST) (envelope-from mwlucas@mail.michaelwlucas.com) Received: (from mwlucas@localhost) by mail.michaelwlucas.com (8.14.7/8.14.7/Submit) id t0NL0Uvj045139 for jail@freebsd.org; Fri, 23 Jan 2015 16:00:30 -0500 (EST) (envelope-from mwlucas) Date: Fri, 23 Jan 2015 16:00:26 -0500 From: "Michael W. Lucas" To: jail@freebsd.org Subject: preferred jail management tool Message-ID: <20150123210026.GA45086@mail.michaelwlucas.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.michaelwlucas.com X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mail.michaelwlucas.com [127.0.0.1]); Fri, 23 Jan 2015 16:00:31 -0500 (EST) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2015 21:00:34 -0000 Hi, For those who haven't heard, I'm writing a book on jails. Some details are at http://blather.michaelwlucas.com/archives/2286. I want to cover at least one jail management tool. I've done some research into jail tools. You can see my results at http://blather.michaelwlucas.com/archives/2291. (No, I'm not trying to drag traffic to my blog. I just don't want to cut-and-paste it to a mailing list. ;-) I have several choices of jail management tools to write about. It seems that ezjail gets all the press. I'm wondering if this is because it's the first tool, or if it's the best of its kind. I also hear a lot of whinging about ezjail. I suspect that's because it's the most widely deployed tool of it's type, however. The one in front gets the most mud slung at it. Looking at the documentation, I'm highly intrigued by iocage. It seems to do everything that ezjail does and then some. CBSD also looks like a really good choice. Based on what I know now, I'm inclined to cover iocage and CBSD. I want to ask the experts, though. Which is you guys. Any recommendations on what I should cover, or not cover? Any big screaming red flags in these tools that I should be aware of? Thanks, ==ml -- Michael W. Lucas - mwlucas@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ From owner-freebsd-jail@FreeBSD.ORG Fri Jan 23 22:11:51 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1F812846 for ; Fri, 23 Jan 2015 22:11:51 +0000 (UTC) Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.31.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D4515B78 for ; Fri, 23 Jan 2015 22:11:50 +0000 (UTC) Received: from [178.2.132.131] (helo=max2.fritz.box) by smtprelay02.ispgateway.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.84) (envelope-from ) id 1YEmKI-0007ye-HY; Fri, 23 Jan 2015 23:03:38 +0100 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: preferred jail management tool From: Stephen Riehm In-Reply-To: <20150123210026.GA45086@mail.michaelwlucas.com> Date: Fri, 23 Jan 2015 23:03:38 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <687EBDEB-4410-4BBF-AB7E-330BABFEB103@opensauce.de> References: <20150123210026.GA45086@mail.michaelwlucas.com> To: "Michael W. Lucas" X-Mailer: Apple Mail (2.1878.6) X-Df-Sender: Mjg4MTc3 Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2015 22:11:51 -0000 Hi Michael, as someone who first encountered jails with FreeBSD 10.0, I got utterly frustrated trying to set them up for IPv6 for example. The thing that bugged me most was that whenever I went looking for help online, I kept = on getting posts relating to FreeBSD 8.0 or 9.1, only to find out later "that was deprecated in 10.0"... gggrrrrr Anyway, I'll be very interested to read what you come up with! Like I said, none of the tutorials or tools that I found covered what I = wanted to do, and now, I'm not even sure if it's possible... but that's what I get for not just blindly following the tutorials and being happy with = the incomplete results :-| Good luck! Cheers, Steve PS: I tried ezjail, qjail and manual setup... and failed with all three = (though, mostly with the networking stuff). I'm using ZFS, and want to set up multiple jail-networks (for = development/testing of a peer-to-peer app that chats locally and across sub-nets), separate = jails for various, un-related web-services, network daemons (dhcp, dns, smtp/imap) = etc. I was also quite interested in beadm(1) and the way it uses a jail to = set up a new OS allowing you to then switch from one installation to another by changing = the ZFS dataset mountpoint configuration. On 23 Jan 2015, at 22:00, Michael W. Lucas = wrote: > Hi, >=20 > For those who haven't heard, I'm writing a book on jails. Some details > are at http://blather.michaelwlucas.com/archives/2286. >=20 > I want to cover at least one jail management tool. I've done some > research into jail tools. You can see my results at > http://blather.michaelwlucas.com/archives/2291. >=20 > (No, I'm not trying to drag traffic to my blog. I just don't want to > cut-and-paste it to a mailing list. ;-) >=20 > I have several choices of jail management tools to write about. It > seems that ezjail gets all the press. I'm wondering if this is because > it's the first tool, or if it's the best of its kind. >=20 > I also hear a lot of whinging about ezjail. I suspect that's because > it's the most widely deployed tool of it's type, however. The one in > front gets the most mud slung at it. >=20 > Looking at the documentation, I'm highly intrigued by iocage. It seems > to do everything that ezjail does and then some. >=20 > CBSD also looks like a really good choice. Based on what I know now, > I'm inclined to cover iocage and CBSD. >=20 > I want to ask the experts, though. Which is you guys. >=20 > Any recommendations on what I should cover, or not cover? Any big > screaming red flags in these tools that I should be aware of? >=20 > Thanks, > =3D=3Dml >=20 > --=20 > Michael W. Lucas - mwlucas@michaelwlucas.com, Twitter @mwlauthor=20 > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to = "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Sat Jan 24 03:05:11 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3C5EDED for ; Sat, 24 Jan 2015 03:05:11 +0000 (UTC) Received: from mail-pa0-x242.google.com (mail-pa0-x242.google.com [IPv6:2607:f8b0:400e:c03::242]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 08534CC0 for ; Sat, 24 Jan 2015 03:05:11 +0000 (UTC) Received: by mail-pa0-f66.google.com with SMTP id kq14so735651pab.1 for ; Fri, 23 Jan 2015 19:05:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=KCDVLbbqQourcNaXYwdzvyNeCUE55nHZeNRqiUCZUtE=; b=InZ93ju3DHnTKFSmuye20Dk1tAUuk+Za+hWxxsDdZFpqwLqOQh0TOLAiY824ChWPd/ JFaWJ5LJuzmAbCRSG29nchBiQlDSbI1YdysZ5CA8k/utKRtA0kZggYvDKTfd9tjR+lmP mlG4pgjP+MiN5gYI1CLcxD1KQkcLJmH/m18aBKeEu952btD5NaIt/+SNWu9+VJ4q8BB2 IS8IV/xSRQUs1xnYin7sPFlFKvGjfah6bfpjb0YGiukvXu4I919dYFMe/dSw2PhkiIu7 6oU7qv8PtRB5u3JGGSPntGCvADD35kJi3Ax/mCVZdeyPlFiayehCV2bUD1fNNM51kz6v a7qg== X-Received: by 10.66.162.41 with SMTP id xx9mr3350577pab.68.1422068710631; Fri, 23 Jan 2015 19:05:10 -0800 (PST) Received: from [192.168.111.118] ([120.29.76.131]) by mx.google.com with ESMTPSA id i9sm3249067pdj.27.2015.01.23.19.05.08 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 23 Jan 2015 19:05:09 -0800 (PST) Message-ID: <54C30BEC.3090102@gmail.com> Date: Sat, 24 Jan 2015 11:05:16 +0800 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "Michael W. Lucas" Subject: Re: preferred jail management tool References: <20150123210026.GA45086@mail.michaelwlucas.com> In-Reply-To: <20150123210026.GA45086@mail.michaelwlucas.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2015 03:05:11 -0000 Michael W. Lucas wrote: > Hi, > > For those who haven't heard, I'm writing a book on jails. Some details > are at http://blather.michaelwlucas.com/archives/2286. > > I want to cover at least one jail management tool. I've done some > research into jail tools. You can see my results at > http://blather.michaelwlucas.com/archives/2291. > > (No, I'm not trying to drag traffic to my blog. I just don't want to > cut-and-paste it to a mailing list. ;-) > > I have several choices of jail management tools to write about. It > seems that ezjail gets all the press. I'm wondering if this is because > it's the first tool, or if it's the best of its kind. > > I also hear a lot of whinging about ezjail. I suspect that's because > it's the most widely deployed tool of it's type, however. The one in > front gets the most mud slung at it. > > Looking at the documentation, I'm highly intrigued by iocage. It seems > to do everything that ezjail does and then some. > > CBSD also looks like a really good choice. Based on what I know now, > I'm inclined to cover iocage and CBSD. > > I want to ask the experts, though. Which is you guys. > > Any recommendations on what I should cover, or not cover? Any big > screaming red flags in these tools that I should be aware of? > > Thanks, > ==ml > > I started with ezjail and was so disappointed in it's lack of documentation in its [man pages] that I found it to be useless unless you can follow it's rats nest of script source code. Now with the change in jail(8) configuration file from rc.conf to jail.conf that has been slowly making its way into FreeBSD operating system since 9.1 , and scheduled to be totally removed in 11.0. ezjail has not been updated to use jail.conf yet so ezjail reaches it's [end of life] with FreeBSD 11.0 which is on schedule to be published by June. qjail is a fork of ezjail. qjail is fully documented and jail.conf compliant. qjail's real strength is it's user friendliness and it's ability to auto create large numbers of jails from a single command. Qjail can also setup vimage jails which ezjail does not do. There are many other major differences between ezjail and qjail that makes qjail far easier to admin jails. A simple review of ezjail and qjail man pages will make this point very obvious to the reader. Qjail is a simple standalone script and the port has no dependents like the other tools you mention at your URL. Any jail tool requiring one of the other programing language as a dependent is a show stopper in my view. ezjail has incorporated zfs into its script and as zfs has changed it takes a very long time for those zfs changes to be added to ezjail. On the other hand qjail uses the jail.conf zfs parameters as the door way for zfs as the jail(8) developers have intended. ezjail is the old man on the block soon to be planted in the grave yard. So my recommendation is to cover qjail in detail and use it as the ruler to measure the other jail tools that you select to write about. I read your post at http://blather.michaelwlucas.com/archives/2291 and it reads like a review based on a reading of the ports comments. I recommend you install and use the jail tools you intend to write about before you start talking like an expert authority on a subject you really know little about. To get you started, here is a good URL for you to read http://jail-primer.sourceforge.net/ To the ezjail die hearts on this List. The above is my option based on my usage experience and not intended to start a flame war. From owner-freebsd-jail@FreeBSD.ORG Sat Jan 24 04:31:21 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 44D6ECA3 for ; Sat, 24 Jan 2015 04:31:21 +0000 (UTC) Received: from alogt.com (alogt.com [69.36.191.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1EF4997C for ; Sat, 24 Jan 2015 04:31:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=SFNkjc2quhBN5Bzo7cpHfjs6xgeKVw8D8vDBhhmbs9c=; b=x67uqvIVxxvC20o/QS3bTLv0iGd8dZuHWhsnRoyyoxyoL8SU7PDNMo5ENrfByfjXcxHIoDZpsmhRuBsZ7fAXJsz66sZL4KB5rOLXTQ3efTJ8c4LrtlFK/13inYGIsK6uv3z6IRjpPte87+mCm8bcJ9u3kzdCV351opEaNYL0toA=; Received: from [114.121.130.53] (port=58795 helo=B85M-HD3-0.alogt.com) by sl-508-2.slc.westdc.net with esmtpsa (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.84) (envelope-from ) id 1YEsNL-0047gK-0j; Fri, 23 Jan 2015 21:31:12 -0700 Date: Sat, 24 Jan 2015 12:31:04 +0800 From: Erich Dollansky To: "Michael W. Lucas" Subject: Re: preferred jail management tool Message-ID: <20150124123104.1b7fc1be@B85M-HD3-0.alogt.com> In-Reply-To: <20150123210026.GA45086@mail.michaelwlucas.com> References: <20150123210026.GA45086@mail.michaelwlucas.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - alogt.com X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id: erichsfreebsdlist@alogt.com X-Source: X-Source-Args: X-Source-Dir: Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2015 04:31:21 -0000 Hi, my preferred jail management tools are my own scripts. I think that it is a matter on the number of jails someone needs and how different they are. Learning first a tool to manage jails means that you also have to learn jails or you will only use the features supported by the management tool you have taken. Erich On Fri, 23 Jan 2015 16:00:26 -0500 "Michael W. Lucas" wrote: > Hi, > > For those who haven't heard, I'm writing a book on jails. Some details > are at http://blather.michaelwlucas.com/archives/2286. > > I want to cover at least one jail management tool. I've done some > research into jail tools. You can see my results at > http://blather.michaelwlucas.com/archives/2291. > > (No, I'm not trying to drag traffic to my blog. I just don't want to > cut-and-paste it to a mailing list. ;-) > > I have several choices of jail management tools to write about. It > seems that ezjail gets all the press. I'm wondering if this is because > it's the first tool, or if it's the best of its kind. > > I also hear a lot of whinging about ezjail. I suspect that's because > it's the most widely deployed tool of it's type, however. The one in > front gets the most mud slung at it. > > Looking at the documentation, I'm highly intrigued by iocage. It seems > to do everything that ezjail does and then some. > > CBSD also looks like a really good choice. Based on what I know now, > I'm inclined to cover iocage and CBSD. > > I want to ask the experts, though. Which is you guys. > > Any recommendations on what I should cover, or not cover? Any big > screaming red flags in these tools that I should be aware of? > > Thanks, > ==ml > From owner-freebsd-jail@FreeBSD.ORG Sat Jan 24 04:53:58 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6CC1A35A for ; Sat, 24 Jan 2015 04:53:58 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 467CFB9A for ; Sat, 24 Jan 2015 04:53:57 +0000 (UTC) Received: from [192.168.1.2] (Seawolf.HML3.ScaleEngine.net [209.51.186.28]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 872A28F382 for ; Sat, 24 Jan 2015 04:53:55 +0000 (UTC) Message-ID: <54C3257B.6010603@freebsd.org> Date: Fri, 23 Jan 2015 23:54:19 -0500 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: preferred jail management tool References: <20150123210026.GA45086@mail.michaelwlucas.com> In-Reply-To: <20150123210026.GA45086@mail.michaelwlucas.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="p6j8A2t3VSLmn0xolI4oPkXi8asifesDS" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2015 04:53:58 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --p6j8A2t3VSLmn0xolI4oPkXi8asifesDS Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015-01-23 16:00, Michael W. Lucas wrote: > Hi, >=20 > For those who haven't heard, I'm writing a book on jails. Some details > are at http://blather.michaelwlucas.com/archives/2286. >=20 > I want to cover at least one jail management tool. I've done some > research into jail tools. You can see my results at > http://blather.michaelwlucas.com/archives/2291. >=20 > (No, I'm not trying to drag traffic to my blog. I just don't want to > cut-and-paste it to a mailing list. ;-) >=20 > I have several choices of jail management tools to write about. It > seems that ezjail gets all the press. I'm wondering if this is because > it's the first tool, or if it's the best of its kind. >=20 > I also hear a lot of whinging about ezjail. I suspect that's because > it's the most widely deployed tool of it's type, however. The one in > front gets the most mud slung at it. >=20 > Looking at the documentation, I'm highly intrigued by iocage. It seems > to do everything that ezjail does and then some. >=20 > CBSD also looks like a really good choice. Based on what I know now, > I'm inclined to cover iocage and CBSD. >=20 > I want to ask the experts, though. Which is you guys. >=20 > Any recommendations on what I should cover, or not cover? Any big > screaming red flags in these tools that I should be aware of? >=20 > Thanks, > =3D=3Dml >=20 I use ezjail. Rarely, I manually fiddle with the ezjail.conf files to do things ezjail doesn't really support out of the box, like multiple basejails. --=20 Allan Jude --p6j8A2t3VSLmn0xolI4oPkXi8asifesDS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUwyV+AAoJEJrBFpNRJZKfif8P/jsALfuW7w45mNoRXbIA0z6j DnGxqz4H8KH380w87Xoj2XBMbKV8PCZ6aLSL0CBbuu5LCQYHqDpZ9JJyMWgpiu/c Bhe0MBeTigKsnzaknnrp5OFxZg+Xnt/2z7FSL4i3ZktXiLYBuz4tjbDWAzeYw8Fq Ea9oyxko3SMOwu2CZtSHBmbUv3vtsSijoudoBtjsxK99NocsTbj+OdRa7fGr6xQn RKWFI+3ZNKFvZ+f2T5dei5Y/fi5yMi/29kii8B55qXVMyYbXtg1HiNk0G0mOiJuJ laYmdtUKqXPN1g7E84yj8awtvp6wN4KFlph1e6ATDafm5y6UqVvCjtguPC0Jp/r5 UHGnrVhTiYjBPUkmDmpWdwFtebgZ1GTG5oHK0n3vuJrIYCgOpxwstsf1ntpP/KNu HuROT0G9fmD9cCeWIMkwbwU4fF/xK22tsKaUfVqoVYpvwnylWpEY8+ENuZGzIFU2 sDpMZKt63g05AAg8jsKi+JH7SQtgON4K5VTrx1/qqrfbKKou32EUyo6nJo0Fd4xf DlOUFZFaxGTuiQ8oQSc0t3tSM87/dgdAsJTgMPuWQDnQ4IxtLT6ic5IgVR4F+IEd 1bkrdx8GUKfhES0RbF3TGfEU80NHcCfVFbNUuRMeMtMjTA7yVymJErXB6IAC1F+0 Tm5eaI4x2dGaqRO/pw/D =jjkn -----END PGP SIGNATURE----- --p6j8A2t3VSLmn0xolI4oPkXi8asifesDS-- From owner-freebsd-jail@FreeBSD.ORG Sat Jan 24 05:21:22 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E941D488 for ; Sat, 24 Jan 2015 05:21:22 +0000 (UTC) Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ACC18D52 for ; Sat, 24 Jan 2015 05:21:22 +0000 (UTC) Received: from pi by home.opsec.eu with local (Exim 4.82 (FreeBSD)) (envelope-from ) id 1YEt9r-000HkM-7R; Sat, 24 Jan 2015 06:21:19 +0100 Date: Sat, 24 Jan 2015 06:21:19 +0100 From: Kurt Jaeger To: "Michael W. Lucas" Subject: Re: preferred jail management tool Message-ID: <20150124052119.GC44537@home.opsec.eu> References: <20150123210026.GA45086@mail.michaelwlucas.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150123210026.GA45086@mail.michaelwlucas.com> Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2015 05:21:23 -0000 Hi! I'm using my own jail mgmt tools, written in perl, first round was for fbsd 6.x, still using it with 8.x, 9.x, 10.x. There are many rough edges in all of those tools (ezjail etc) from what I understand. Having a blessed and jointly improved set of tools would be a big boost! -- pi@opsec.eu +49 171 3101372 5 years to go ! From owner-freebsd-jail@FreeBSD.ORG Sat Jan 24 09:26:58 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8363A593 for ; Sat, 24 Jan 2015 09:26:58 +0000 (UTC) Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 03B8A8C8 for ; Sat, 24 Jan 2015 09:26:58 +0000 (UTC) Received: by mail-la0-f46.google.com with SMTP id s18so1300495lam.5 for ; Sat, 24 Jan 2015 01:26:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=1KWxSnSmACs9a6NSRdgyIaLv9AE2eYR0qVeIE47CCUw=; b=g3ywbUekpNLzYXExpl1G+sTBTa1DsCuM2rQoDUlZfTT21BdRpnTG0ONqgSNBhJ/WV0 7Bn8QZhmdzFjioTbg3vXt0bIyReu8tkWjXZ3H8W3kQZJsCcj5oqJgX8JPU6xanvgCloi LO8um2p3LCBvRlB4L6Az4qPY65K5wgI8o1PEgpm3BeVx3b5uZA2fFz+U+CnWBaHCMS9t +/Tq6pVhI/HK9mnBWsmmGlsS75177ZEKmAgvY9QPaRSNqVHpgA35mpjH1rSx6a06YGVP KStP4tnQK3G6wcgD84b5GrIVQ4W+DwVXx/bPd0CCq9n5Qt83BA7w0YBDVcPTF8TGv+Fp EQrg== MIME-Version: 1.0 X-Received: by 10.152.182.235 with SMTP id eh11mr11790446lac.9.1422091615837; Sat, 24 Jan 2015 01:26:55 -0800 (PST) Received: by 10.25.16.220 with HTTP; Sat, 24 Jan 2015 01:26:55 -0800 (PST) In-Reply-To: <20150123210026.GA45086@mail.michaelwlucas.com> References: <20150123210026.GA45086@mail.michaelwlucas.com> Date: Sat, 24 Jan 2015 22:26:55 +1300 Message-ID: Subject: Re: preferred jail management tool From: Peter Toth To: "Michael W. Lucas" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2015 09:26:58 -0000 I need to update the docs for iocage, it runs on 9,10 and 11. In the latest version (1.4.6) the tag name can be used to identify the jail when executing any of the sub-commands in addition to UUIDs - basically tags and UUIDs are interchangeable (skarekrow's great idea). I would love to add/see docker support in the future - if time will allow and 64bit linuxulator catches up. Jails and VIMAGE should be a top priority for FreeBSD, there is a lot of emerging technologies and hype around containerization lately and unfortunately Linux crowd gets all the attention even if their implementations are very much behind what FreeBSD can offer today. Cheers P On Sat, Jan 24, 2015 at 10:00 AM, Michael W. Lucas < mwlucas@michaelwlucas.com> wrote: > Hi, > > For those who haven't heard, I'm writing a book on jails. Some details > are at http://blather.michaelwlucas.com/archives/2286. > > I want to cover at least one jail management tool. I've done some > research into jail tools. You can see my results at > http://blather.michaelwlucas.com/archives/2291. > > (No, I'm not trying to drag traffic to my blog. I just don't want to > cut-and-paste it to a mailing list. ;-) > > I have several choices of jail management tools to write about. It > seems that ezjail gets all the press. I'm wondering if this is because > it's the first tool, or if it's the best of its kind. > > I also hear a lot of whinging about ezjail. I suspect that's because > it's the most widely deployed tool of it's type, however. The one in > front gets the most mud slung at it. > > Looking at the documentation, I'm highly intrigued by iocage. It seems > to do everything that ezjail does and then some. > > CBSD also looks like a really good choice. Based on what I know now, > I'm inclined to cover iocage and CBSD. > > I want to ask the experts, though. Which is you guys. > > Any recommendations on what I should cover, or not cover? Any big > screaming red flags in these tools that I should be aware of? > > Thanks, > ==ml > > -- > Michael W. Lucas - mwlucas@michaelwlucas.com, Twitter @mwlauthor > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > From owner-freebsd-jail@FreeBSD.ORG Sat Jan 24 14:00:10 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 937A6224 for ; Sat, 24 Jan 2015 14:00:10 +0000 (UTC) Received: from mail-qg0-f47.google.com (mail-qg0-f47.google.com [209.85.192.47]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 564792E0 for ; Sat, 24 Jan 2015 14:00:09 +0000 (UTC) Received: by mail-qg0-f47.google.com with SMTP id z60so1651457qgd.6 for ; Sat, 24 Jan 2015 06:00:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=j59XPlUtxhVVDdx5hziW7/xVLfopoA3meYxBLkbYnKs=; b=QCzXA1/GuZEy1H8gKqT+qCqbqa3I4pX/buGAsN5UydQFmByTXlrzadVdhPKIn5tQ6H Ib8w21Qk+fFykESD2D/GwRN2EVWP3JeRf3jJhF5rvgfvJGeCFg6VRV7ZC+uTsXtlKpXQ HbGpFcBBq2+i4xpygS6VpOW5/lJe5OgtUw9OAnMqdhxM2uwX/aSb3HKJ83S/23wP68MK yWksbj4ZgQIW0qOyti1CUOo6x8QJKRtEW1uZDulPwlAsb0sWyaDMd7sgZlcBLcN7pYzs jsH2dae872eD7l3mSFfQG1wO3ntP6iWpCZfkY75fxOMlZelNd5WazCuCnVTMohXNCGQk LXvQ== X-Gm-Message-State: ALoCoQkzfm/kWn+BmIyHmEuu6DjTuOgdOiCXjEyL60O0kqhs42ePDyrXi2miN3GPUOicpZSzjp7w MIME-Version: 1.0 X-Received: by 10.229.37.136 with SMTP id x8mr24761654qcd.30.1422107630531; Sat, 24 Jan 2015 05:53:50 -0800 (PST) Received: by 10.140.21.163 with HTTP; Sat, 24 Jan 2015 05:53:50 -0800 (PST) In-Reply-To: <687EBDEB-4410-4BBF-AB7E-330BABFEB103@opensauce.de> References: <20150123210026.GA45086@mail.michaelwlucas.com> <687EBDEB-4410-4BBF-AB7E-330BABFEB103@opensauce.de> Date: Sat, 24 Jan 2015 08:53:50 -0500 Message-ID: Subject: Re: preferred jail management tool From: Alejandro Imass To: Stephen Riehm Content-Type: text/plain; charset=UTF-8 Cc: jail@freebsd.org, "Michael W. Lucas" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2015 14:00:10 -0000 On Fri, Jan 23, 2015 at 5:03 PM, Stephen Riehm wrote: > Hi Michael, > > as someone who first encountered jails with FreeBSD 10.0, I got utterly > frustrated trying to set them up for IPv6 for example. The thing that [...] > > PS: I tried ezjail, qjail and manual setup... and failed with all three (though, > mostly with the networking stuff). > I'm using ZFS, and want to set up multiple jail-networks (for development/testing > of a peer-to-peer app that chats locally and across sub-nets), separate jails for > various, un-related web-services, network daemons (dhcp, dns, smtp/imap) etc. > I was also quite interested in beadm(1) and the way it uses a jail to set up a new OS > allowing you to then switch from one installation to another by changing the ZFS dataset > mountpoint configuration. I have used EzJail for the past 8 years or so but mostly focused at separating/isolating software dependencies and keeping the main OS clean and upgradeable. As a startup company we needed to squeeze as much we could out of each server and FreeBSD/EzJail gave us most of the advantages of a full VM system w/o the overhead and cost. So my experience is completely different from yours although the networking IS a pain in the ass as you mention. In total I wound up single-handedly administering about a dozen servers with anywhere from three to a about dozen jails each. So I can vouch for EzJail being easy to use and reliable. I am not a sysadmin and yet I was able to do this without much trouble. I had a single inexplicable failure (probably related to a nullfs regression) and even then I was able to recover everything and re-start that server in a few minutes. I have never been cracked except for a hole in OSCommerce which affected a single jail and the the past ntpd bug. This is in 8 years without much sysadmin help as I rarely do any maintenance, and we never had specialized sysadmin resources in our company. We have relied heavily on features like archive and spawning new jails based on other ones (even across different servers!) and we have also used flavours. >From a _user_ perspective: +1 for EzJail -- Alejandro Imass From owner-freebsd-jail@FreeBSD.ORG Sat Jan 24 15:16:54 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 70EA5F13 for ; Sat, 24 Jan 2015 15:16:54 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B2D10BB0 for ; Sat, 24 Jan 2015 15:16:52 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id t0OFGgnS090942; Sun, 25 Jan 2015 02:16:42 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sun, 25 Jan 2015 02:16:42 +1100 (EST) From: Ian Smith To: Ernie Luzar Subject: Re: preferred jail management tool In-Reply-To: <54C30BEC.3090102@gmail.com> Message-ID: <20150125013753.X33605@sola.nimnet.asn.au> References: <20150123210026.GA45086@mail.michaelwlucas.com> <54C30BEC.3090102@gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: jail@freebsd.org, "Michael W. Lucas" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2015 15:16:54 -0000 Excuse top-post, but the gmail header on this message was (surprisingly) insufficiently anonymised to disguise its origin: ======= Received: from [192.168.111.118] ([120.29.76.131]) by mx.google.com with ESMTPSA id i9sm3249067pdj.27.2015.01.23.19.05.08 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 23 Jan 2015 19:05:09 -0800 (PST) Message-ID: <54C30BEC.3090102@gmail.com> Date: Sat, 24 Jan 2015 11:05:16 +0800 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) ======= Where 120.29.76.131 is in: ======= inetnum: 120.29.76.0 - 120.29.79.255 netname: Comclark descr: Comclark Cable Internet country: PH [..] source: APNIC irt: IRT-COMCLARK-PH address: Comclark Bldg. Pres. M.A. Roxas Hi-way, CSEZ Clarkfield, Pampanga ======= Which is in Angeles City, Philippines. So, hello there Joe Barbish, we haven't had one of your selfpromotions of qjail at the expense of ezjail, the belately acknowledged source of your code, for ages now. Good to be reminded where you're still coming from, how you acknowledge your sources, and how you continue to collaborate with your peers. Michael Lucas, who you may not have been around long enough to know of, is clearly seeking to research information, ideas and comments from his peers and acknowledged betters in this field before rushing into print, as we've come to expect. I wouldn't worry too much about him getting it all wrong. Thanks again Joe, cheers, Ian On Sat, 24 Jan 2015 11:05:16 +0800, Ernie Luzar wrote: > Michael W. Lucas wrote: > > Hi, > > > > For those who haven't heard, I'm writing a book on jails. Some details > > are at http://blather.michaelwlucas.com/archives/2286. > > > > I want to cover at least one jail management tool. I've done some > > research into jail tools. You can see my results at > > http://blather.michaelwlucas.com/archives/2291. > > > > (No, I'm not trying to drag traffic to my blog. I just don't want to > > cut-and-paste it to a mailing list. ;-) > > > > I have several choices of jail management tools to write about. It > > seems that ezjail gets all the press. I'm wondering if this is because > > it's the first tool, or if it's the best of its kind. > > > > I also hear a lot of whinging about ezjail. I suspect that's because > > it's the most widely deployed tool of it's type, however. The one in > > front gets the most mud slung at it. > > > > Looking at the documentation, I'm highly intrigued by iocage. It seems > > to do everything that ezjail does and then some. > > > > CBSD also looks like a really good choice. Based on what I know now, > > I'm inclined to cover iocage and CBSD. > > > > I want to ask the experts, though. Which is you guys. > > > > Any recommendations on what I should cover, or not cover? Any big > > screaming red flags in these tools that I should be aware of? > > > > Thanks, > > ==ml > > > > > I started with ezjail and was so disappointed in it's lack of documentation > in its [man pages] that I found it to be useless unless you can > follow it's rats nest of script source code. Now with the change in jail(8) > configuration file from rc.conf to jail.conf that has been > slowly making its way into FreeBSD operating system since 9.1 , and scheduled > to be totally removed in 11.0. > ezjail has not been updated to use jail.conf yet so ezjail reaches it's [end > of life] with FreeBSD 11.0 which is on schedule to be > published by June. > > qjail is a fork of ezjail. qjail is fully documented and jail.conf compliant. > qjail's real strength is it's user friendliness and it's ability > to auto create large numbers of jails from a single command. Qjail can also > setup vimage jails which ezjail does not do. > There are many other major differences between ezjail and qjail that makes > qjail far easier to admin jails. A simple review of > ezjail and qjail man pages will make this point very obvious to the reader. > > Qjail is a simple standalone script and the port has no dependents like the > other tools you mention at your URL. Any jail tool requiring > one of the other programing language as a dependent is a show stopper in my > view. > ezjail has incorporated zfs into its script and as zfs has changed it takes a > very long time for those zfs changes to be added to ezjail. > On the other hand qjail uses the jail.conf zfs parameters as the door way for > zfs as the jail(8) developers have intended. > ezjail is the old man on the block soon to be planted in the grave yard. > > So my recommendation is to cover qjail in detail and use it as the ruler to > measure the other jail tools that you select to write about. > > I read your post at http://blather.michaelwlucas.com/archives/2291 and it > reads like a review based on a reading of the ports comments. > I recommend you install and use the jail tools you intend to write about > before you start talking like an expert authority on a subject > you really know little about. > To get you started, here is a good URL for you to read > http://jail-primer.sourceforge.net/ > > To the ezjail die hearts on this List. The above is my option based on my > usage experience and not intended to start a flame war. From owner-freebsd-jail@FreeBSD.ORG Sat Jan 24 18:44:32 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0D7EDEEF for ; Sat, 24 Jan 2015 18:44:32 +0000 (UTC) Received: from frv189.fwdcdn.com (frv189.fwdcdn.com [212.42.77.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BF525BF for ; Sat, 24 Jan 2015 18:44:31 +0000 (UTC) Received: from [10.10.2.23] (helo=frv198.fwdcdn.com) by frv189.fwdcdn.com with esmtp ID 1YF5Rd-0001S9-Ud for jail@freebsd.org; Sat, 24 Jan 2015 20:28:29 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-Id:Cc:To:Subject:From:Date; bh=IYpVftqjSlMxxANzNluxOr17Pm+b1LNT2Zt8YOLOyG0=; b=FxLkMkUEs5TSRqH58iEFS6ZGnzSxhkiIeCDF9SdDt1fb3JQT4/YOjU6jjH7zj3mPR+JjldFWFYpraYvNgJaaMbx40t8tgExQqZCAgSJ8Wqu00Qfp9HObwtUdRdRWzENv3GEscM1R8Ea7cI2XeLjGRoYbFdllA/icG014KGRsY24=; Received: from [10.10.10.34] (helo=frv34.fwdcdn.com) by frv198.fwdcdn.com with smtp ID 1YF5RR-0005gu-Lu for jail@freebsd.org; Sat, 24 Jan 2015 20:28:17 +0200 Date: Sat, 24 Jan 2015 20:28:17 +0200 From: wishmaster Subject: Re: preferred jail management tool To: "Michael W. Lucas" X-Mailer: mail.ukr.net 5.0 Message-Id: <1422123130.290640886.ni0fjl9u@frv34.fwdcdn.com> In-Reply-To: <20150123210026.GA45086@mail.michaelwlucas.com> References: <20150123210026.GA45086@mail.michaelwlucas.com> MIME-Version: 1.0 Received: from artemrts@ukr.net by frv34.fwdcdn.com; Sat, 24 Jan 2015 20:28:17 +0200 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: binary Content-Disposition: inline Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2015 18:44:32 -0000 Hi, Michael. Just my opinion. I think you should mention (and write practical examples) in your book about jail and benefit of using own management tools, especially in focus of using "light" jails. I use my own wrapper for creating, management, update, resource controlling and so on. This is like "light" application containers. P.S.: Just create universal management tool which will be included all available jail's related feature (VIMAGE, RACTL and so on), import it into base system and we will forget about Doker in near future :-) P.P.S.: Michael, thanks for your books, you have opened me FreeBSD. -- Vitaly --- Original message --- From: "Michael W. Lucasl W. Lucas" Date: 23 January 2015, 23:00:39 > Hi, > > For those who haven't heard, I'm writing a book on jails. Some details > are at http://blather.michaelwlucas.com/archives/2286. > > I want to cover at least one jail management tool. I've done some > research into jail tools. You can see my results at > http://blather.michaelwlucas.com/archives/2291. > > (No, I'm not trying to drag traffic to my blog. I just don't want to > cut-and-paste it to a mailing list. ;-) > > I have several choices of jail management tools to write about. It > seems that ezjail gets all the press. I'm wondering if this is because > it's the first tool, or if it's the best of its kind. > > I also hear a lot of whinging about ezjail. I suspect that's because > it's the most widely deployed tool of it's type, however. The one in > front gets the most mud slung at it. > > Looking at the documentation, I'm highly intrigued by iocage. It seems > to do everything that ezjail does and then some. > > CBSD also looks like a really good choice. Based on what I know now, > I'm inclined to cover iocage and CBSD. > > I want to ask the experts, though. Which is you guys. > > Any recommendations on what I should cover, or not cover? Any big > screaming red flags in these tools that I should be aware of? > > Thanks, > ==ml > > -- > Michael W. Lucas - mwlucas@michaelwlucas.com, Twitter @mwlauthor > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > From owner-freebsd-jail@FreeBSD.ORG Sat Jan 24 19:32:56 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BE29ACEB for ; Sat, 24 Jan 2015 19:32:56 +0000 (UTC) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1D3E87A4 for ; Sat, 24 Jan 2015 19:32:55 +0000 (UTC) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 9496828427; Sat, 24 Jan 2015 20:27:38 +0100 (CET) Received: from illbsd.quip.test (ip-89-177-50-74.net.upcbroadband.cz [89.177.50.74]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 1958628423; Sat, 24 Jan 2015 20:27:36 +0100 (CET) Message-ID: <54C3F227.2080100@quip.cz> Date: Sat, 24 Jan 2015 20:27:35 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:33.0) Gecko/20100101 Firefox/33.0 SeaMonkey/2.30 MIME-Version: 1.0 To: "Michael W. Lucas" , jail@freebsd.org Subject: Re: preferred jail management tool References: <20150123210026.GA45086@mail.michaelwlucas.com> In-Reply-To: <20150123210026.GA45086@mail.michaelwlucas.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2015 19:32:56 -0000 Michael W. Lucas wrote on 01/23/2015 22:00: > Hi, > > For those who haven't heard, I'm writing a book on jails. Some details > are at http://blather.michaelwlucas.com/archives/2286. I am glad to read that somebody is working on this topic. (after all!) :) I was maintaining https://wiki.freebsd.org/Jails for some time in the past. It was not easy task, because almost all development work (new features and changes) was made behind close doors. I am no longer able to keep this page up to date. > I want to cover at least one jail management tool. I've done some > research into jail tools. You can see my results at > http://blather.michaelwlucas.com/archives/2291. I don't know your concept of the book but from my point of view, it is more important to explain "all behind" rather than a one tool (and I am almost sure you know it). Too many users have feelings that jails are some king of black magic. And reality is as simple as directory tree full of normal system files. If it should have real value to wide range of users (not only for beginners), the book should cover all corner usecases. For example: cpuset, resource limits, quotas, setfib, VIMAGE (routing and firewalling inside jails), IPv6, ZFS (cloning, snapshoting) nullfs, unionfs, hierarchical jails, using jails.conf instead of rc.conf running 32bit jails on 64bit system running Linux inside of jail monitoring jail resource usage Installing jails by extracting base.txz, by installworld, by rsync from host system Upgrading jails by installworld, by freebsd-update, by rsync from host system Converting physical server in to the jail and vice versa. etc. > I have several choices of jail management tools to write about. It > seems that ezjail gets all the press. I'm wondering if this is because > it's the first tool, or if it's the best of its kind. > > I also hear a lot of whinging about ezjail. I suspect that's because > it's the most widely deployed tool of it's type, however. The one in > front gets the most mud slung at it. > > Looking at the documentation, I'm highly intrigued by iocage. It seems > to do everything that ezjail does and then some. > > CBSD also looks like a really good choice. Based on what I know now, > I'm inclined to cover iocage and CBSD. I created my first jail long time before I discovered existence of ezjail. Then I tried ezjail and ended up with some crashes after update / upgrade of jails by ezjail so I decided not to use it anymore (I still have one old server with ezjail installed). I wrote my one simple tool (shell script) focused on my tasks and my workflow. Instalation or update never failed anymore. So I am one of those folks whinging about ezjail. > I want to ask the experts, though. Which is you guys. > > Any recommendations on what I should cover, or not cover? Any big > screaming red flags in these tools that I should be aware of? From my point of view, ezjail is the most widespreaded and outdated at the same time. New features are glued in it in not so good way and some are missing. Newer tools, like iocage or CBSD, are designed with all new features from the beginning. As I wrote above, I am using my own tool and I don't have practical experience with iocage or CBSD, but I really would like to read about one of them from your book. After some documentation and mailinglist reading I prefer CBSD for bigger projects and iocage for some smaller (single host server, for example) I am looking forward to read your books about Jails and ZFS. Miroslav Lachman