Date: Sat, 24 Jan 2015 08:53:50 -0500 From: Alejandro Imass <aimass@yabarana.com> To: Stephen Riehm <lists@opensauce.de> Cc: jail@freebsd.org, "Michael W. Lucas" <mwlucas@michaelwlucas.com> Subject: Re: preferred jail management tool Message-ID: <CAHieY7ShxzHsb%2B2QMWJFhaMkv2Y85GTywg__=V7PCLNBSBPM4w@mail.gmail.com> In-Reply-To: <687EBDEB-4410-4BBF-AB7E-330BABFEB103@opensauce.de> References: <20150123210026.GA45086@mail.michaelwlucas.com> <687EBDEB-4410-4BBF-AB7E-330BABFEB103@opensauce.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 23, 2015 at 5:03 PM, Stephen Riehm <lists@opensauce.de> wrote: > Hi Michael, > > as someone who first encountered jails with FreeBSD 10.0, I got utterly > frustrated trying to set them up for IPv6 for example. The thing that [...] > > PS: I tried ezjail, qjail and manual setup... and failed with all three (though, > mostly with the networking stuff). > I'm using ZFS, and want to set up multiple jail-networks (for development/testing > of a peer-to-peer app that chats locally and across sub-nets), separate jails for > various, un-related web-services, network daemons (dhcp, dns, smtp/imap) etc. > I was also quite interested in beadm(1) and the way it uses a jail to set up a new OS > allowing you to then switch from one installation to another by changing the ZFS dataset > mountpoint configuration. I have used EzJail for the past 8 years or so but mostly focused at separating/isolating software dependencies and keeping the main OS clean and upgradeable. As a startup company we needed to squeeze as much we could out of each server and FreeBSD/EzJail gave us most of the advantages of a full VM system w/o the overhead and cost. So my experience is completely different from yours although the networking IS a pain in the ass as you mention. In total I wound up single-handedly administering about a dozen servers with anywhere from three to a about dozen jails each. So I can vouch for EzJail being easy to use and reliable. I am not a sysadmin and yet I was able to do this without much trouble. I had a single inexplicable failure (probably related to a nullfs regression) and even then I was able to recover everything and re-start that server in a few minutes. I have never been cracked except for a hole in OSCommerce which affected a single jail and the the past ntpd bug. This is in 8 years without much sysadmin help as I rarely do any maintenance, and we never had specialized sysadmin resources in our company. We have relied heavily on features like archive and spawning new jails based on other ones (even across different servers!) and we have also used flavours. >From a _user_ perspective: +1 for EzJail -- Alejandro Imass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHieY7ShxzHsb%2B2QMWJFhaMkv2Y85GTywg__=V7PCLNBSBPM4w>