Date: Mon, 22 Feb 2016 21:00:00 +1100 From: Aristedes Maniatis <ari@ish.com.au> To: Tom Lazar <lists@tomster.org> Cc: markham breitbach <markham@ssimicro.com>, freebsd-jail <freebsd-jail@freebsd.org> Subject: Re: Jail management Message-ID: <20af917f-78c1-5a38-df36-6d8749377cc3@ish.com.au> In-Reply-To: <13A9C47A-86FE-4E44-83D6-4736488FB9CC@tomster.org> References: <ff8307f6-1264-30ec-1ef8-ed3b0a18dd84@ish.com.au> <DFFE2BFC-1D53-457D-A4C3-633418D3690D@erdgeist.org> <7b947a1c-824b-193d-3dc3-49d876b21be9@ish.com.au> <13A9C47A-86FE-4E44-83D6-4736488FB9CC@tomster.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --gDmNOn2ARHscJKVkrEGxjiqlhu3fa2w3D Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 22/02/2016 8:28pm, Tom Lazar wrote: >=20 >> On 22 Feb 2016, at 09:17, Aristedes Maniatis <ari@ish.com.au <mailto:a= ri@ish.com.au>> wrote: >> >> Markham wrote: >> >> I also discovered iocage which looks quite different and interesting. = I'm still reading about it, but it seems to: >=20 > another thing you might want to take a look at - given your requirement= s and current setup - is jetpack[1] >=20 > it basically implements the docker approach using zfs and jails as unde= rlying technology and pretty much replaces (the unstable) solution of uni= onfs with its layers based on zfs snapshots. >=20 > while it seems to be the least mature option discussed in this thread s= o far, i think its container approach fills a niche that might fit your u= se case very well. Very interesting indeed. Thanks for that pointer. However, I think I'm st= ill on the fence about docker (and friends). It looks like a complex solu= tion to independent problems (bundling, jails, snapshots, configuration m= anagement). > having said that, i=92d like to point out, that florian and myself (the= authors of bsdploy) are very open to using saltstack - bsdploy is design= ed to be modular and we already have experimental support for it [2] and = the GPL licence of ansible is turning into a bigger annoyance than expect= ed[3] so we are motivated to continue along that path. Great, I think you'll like salt although it has a very steep initial lear= ning curve. I'm happy with my choice of saltstack and it appears to have = a couple of people contributing FreeBSD improvements reasonably regularly= =2E pkg support is pretty good now and it has limited jail support. The b= iggest issue I've found with salt is that there is no recommended best-pr= actices way of using it. Its like being given a shed full of wonderful to= ols and being told to build a house. But at this point I think my problem looks like a thin layer on top of ja= ils rather than something bigger. I still need to try more things and I j= ust found this which looks like a nice way to easily control iocage: https://github.com/bougie/salt-iocage-formula Maybe my workflow is: * destroy jail * create new jail from new template (with new version of app) * use salt to inject the little config files * start jail That means I lose all logs and other things at each upgrade, but with log= stash that's less of a problem than it was. On top of that I need a mechanism to create the jail templates, but somet= hing manual with FreeBSD pkg might be enough there. If I avoid the iocage 'packaging' thing then it looks like I avoid the un= ionfs which several people have warned about not being stable. Ari > just my two cents, >=20 > cheers, >=20 > tom > =20 > [1] https://github.com/3ofcoins/jetpack > [2] https://github.com/ployground/ploy_salt > [3] https://github.com/ployground/bsdploy/issues/75 --=20 --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A --gDmNOn2ARHscJKVkrEGxjiqlhu3fa2w3D Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEUEARECAAYFAlbK3CEACgkQ72p9Lj5JECrhGgCY6mS3YBbwzezquw8ea5UO0sOV UQCfdwvC4CRcMbNG9fO/3hE8uJphbZ8= =Dn4N -----END PGP SIGNATURE----- --gDmNOn2ARHscJKVkrEGxjiqlhu3fa2w3D--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20af917f-78c1-5a38-df36-6d8749377cc3>