Date: Sun, 6 Feb 2022 17:33:45 +0000 (UTC) From: doug@safeport.com To: "Steve O'Hara-Smith" <steve@sohara.org> Cc: Norman Gray <gray@nxg.name>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Jail, and specifically iocage, best practices Message-ID: <7a79d682-5d73-858a-526c-c8c0d3956a9d@safeport.com> In-Reply-To: <20220206131729.d383fcb179754014704cb70f@sohara.org> References: <DFC3D35A-BDC4-4769-8DE3-54FEDD85042C@nxg.name> <20220206131729.d383fcb179754014704cb70f@sohara.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 6 Feb 2022, Steve O'Hara-Smith wrote: > On Sun, 06 Feb 2022 12:58:50 +0000 > Norman Gray <gray@nxg.name> wrote: > >> So: am I missing something? Is there anywhere an article or HOWTO which >> describes the 'what everyone knows' about how to look after jails >> _properly_? > > If you find it let us all know :) The handbook *should* be but it > doesn't go into iocage which currently seems to be the most popular jail > management tool - for good reason I think as I also use it and it has > failed to irritate me enough to make me seek a replacement for several years > now. > > As you've observed it doesn't spare you from needing to understand > what the choices mean it just makes it easy to do the actual work. I know > just enough about it to handle the work I need of it (a bunch of basejails > running applications and a linux jail running a print server because > Brother) running on my NAS box and have an appreciation of what else I > might get out of it should need arise. Even then I save myself skull sweat > and keep a new_jail script around that just takes a name and an IP address > so I don't have to look up the options or think about the basics on the rare > occasions I need to add a new jail to the pile. > I use three things: (1) iocage --help, works kinda like pkg; (2) the iocage documentation; (3) Lucas's book. I have downloaed the docs in PDF format as I find searching easier. Google can usually answer more specific questions. The handbook IMO really just deals with the FreeBSD core system. Back in the day I tried to figure out The symlink structure to avoid needless duplication of data, eventually finding out that the guy who wrote ezjail did it for me. There was eventually an ezjail chapter in the handbook but it was usually out of date as far as I could tell. I initially resisted iocage because it makes python essentially a part of the base system. However if you use zfs it does most of the setup you need seemlessly. I had to install a 7.2 jail and did that fairly easily with iocage. Hope this helps, Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7a79d682-5d73-858a-526c-c8c0d3956a9d>