Date: Mon, 22 Feb 2016 12:13:32 +1100 From: Aristedes Maniatis <ari@ish.com.au> To: freebsd-jail <freebsd-jail@freebsd.org> Subject: Jail management Message-ID: <ff8307f6-1264-30ec-1ef8-ed3b0a18dd84@ish.com.au>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --JEC4XxAf0MKIGgeSV80L2lcWQUnLTbIwr Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I've been using FreeBSD jails (with ezjail) for many years and they work = very well. However I'm now reaching a critical mass (30+ jails) where I w= ant to be able to manage them in bulk more easily. In this environment, each jail runs just a single application, installed = from a package built using poudriere from a custom port. That package dep= ends on Java, so lots of other packages also get pulled in. That applicat= ion gets new versions roughly once every 4 weeks. The problems I have rig= ht now are: * FreeBSD's packaging system doesn't understand the concept of installing= a particular package version, so all my scripts will by default upgrade = the application to the current version even if I don't want to. I can't e= asily install a new jail at an old version. * It is hard to reproduce the environment exactly, matching the applicati= on to the same version of Java that was available at the time of deployme= nt. Again I'm fighting against the pkg system which always wants the late= st version. * For failover I want each jail reproduced exactly on another host, or at= least a snapshot which could be sent to another host within a few second= s. The jails are quite small (< 500Mb). Most of that is just the openjdk = pkg. As I understand, ezjail doesn't support multiple base jails. If it did, t= hen I could simply install the application (and packages) to the base jai= l and have versions of the base. Then by shutting down a jail, switching = the base to the new version and starting up, everything would upgrade eas= ily. Even better would be some concept of hierarchy with customer_jail si= tting on top of base_version_1.0 which in turn sits on top of base_jail. Would I need to abandon ezjail and be able to build all the above myself = with a combination of nullfs (basejail) and unionfs (intermediate version= ed jail)? Does unionfs now work with ZFS? Alternatively I could simply use zfs clones to deploy a new version of th= e application by destroying the whole jail and replacing it with a new on= e. I'd need to then script (I use saltstack) deploying the 2-3 config fil= es which are different in each jail. Thoughts? What seems like a more robust long term approach to jail manage= ment? Thanks Ari --=20 --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A --JEC4XxAf0MKIGgeSV80L2lcWQUnLTbIwr Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlbKYL0ACgkQ72p9Lj5JECrLswCcCTh6KOLwP+1fRPFqUizxLbQ/ mcwAnjeEmBO+PgjgthrpLqRSf5KfFZS/ =+mJd -----END PGP SIGNATURE----- --JEC4XxAf0MKIGgeSV80L2lcWQUnLTbIwr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ff8307f6-1264-30ec-1ef8-ed3b0a18dd84>