Date: Tue, 9 Sep 2014 22:03:27 +0200 From: Roland Smith <rsmith@xs4all.nl> To: Niklaas Baudet von Gersdorff <niklaas@kulturflatrate.net> Cc: freebsd-questions@freebsd.org Subject: Re: ZFS, Jails, network, routing, domains and IP addresses Message-ID: <20140909200327.GD36353@slackbox.erewhon.home> In-Reply-To: <540EFEF8.8020405@kulturflatrate.net> References: <540EFEF8.8020405@kulturflatrate.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--GpGaEY17fSl8rd50
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Sep 09, 2014 at 03:22:00PM +0200, Niklaas Baudet von Gersdorff wrot=
e:
<snip>
> It would be cool if I could simplify the process of updating the=20
> software that is running in every jail. I searched in the web for some=20
> information and also had a look at the FreeBSD mailing lists. It looks=20
> like it's quite a popular set-up to create a "base" FreeBSD Jail that is=
=20
> cloned with the help of ZFS if there is a new jail needed. The ports=20
> tree is mounted with a nullfs in every jail so updating the "main" ports=
=20
> tree would lead to the software in every jail getting updated. Or am I=20
> understanding something totally wrongly here?
If you mount the ports tree with nullfs, you only get the "recipes" for
installing software.
One way to "automatically" update every jail is to mount /usr/local with a
nullfs in every jail. And then use a unionfs in every jail for the
configuration files in /usr/local/etc.
This does have limitations;
* Every jail then has access to *everything* in /usr/local. That might not
be what you want.
* Every jail needs its own /usr/local/etc, hence the need for unionfs.
* You could run into a situation where /usr/local is updated but not a
jail's configuration files in /usr/local/etc. That might mean that you
e.g. cannot restart a service until a config file is updated as well.
You could also use the host to built packages, and make a repository availa=
ble
to the jails. In the jails you can then use pkg(8) to keep the packages
updated. This is a good combination of only building a piece of software on=
ce
yet being able to keep different packages in different jails.
Roland
--=20
R.F.Smith http://rsmith.home.xs4all.nl/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 5753 3324 1661 B0FE 8D93 FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0)
--GpGaEY17fSl8rd50
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJUD10PAAoJEED21dyjijPgQHcP/1hNsYx9+ylVaXH5St+A9YTv
AUOr/cDIKw6YL3QYkBIu/Jv60ICZqdWb0GImbvjox+P966xiS+bOhGjmFx06fF66
+udf86oQT87gL+2VT+OeVW6kToh8XnrjaY8mRnAwIVL1WmEXqConpEeIVxHY/Drt
VeKx2deysj8wS52iPEamRY0zz3enp6Sb6YGYn+pELPBwYyU9HzA4nk+QLNuV1JDn
dj3O0PDcRdeGlHzVUQunI11ACN4HHtOIZgjs5l6axnLw1HhzZrLNxjzGJyBww1m0
QfgTcZKh1ZMER4QOpx1Cs6wB5tM1Ot3XkQF+AwynmHG2WKA9cP0zf3lcvo86HHy0
hQe/kvurUIMJVu61yGv4yonourHGrKhG/6nNTJLahqkBYJR1zYLS/rR8wNYER6rP
EjN0A8q01b3C+G4Pp+4XDOzRjOqq9WRGYY0jN4TWUgMowe15yOiD0C2tEfJGJZIW
yYMJNNeMmj+3xY1X4C4CH0EySb8fNvTCyiAivGzKc+PavuBUYrcVNeMrMi59OUKm
ZVs0xPq9RWZI+CcoeTHaDMKN73oHMxyvBMPKdJr4yuh10caydxeMMfSo0TXb1EPB
SzyUlhFZiJzn4n/A0Xh1tTE4VrjrF8Ek/xtyB2JGmNxfuE5OeOoRiwDu6M67rNH1
/JFFw77cS/LbjL/47jIW
=z/sJ
-----END PGP SIGNATURE-----
--GpGaEY17fSl8rd50--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140909200327.GD36353>