From owner-freebsd-ports@freebsd.org Wed Dec 21 13:55:46 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4585AC8ACAC for ; Wed, 21 Dec 2016 13:55:46 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 31C1C1A99 for ; Wed, 21 Dec 2016 13:55:46 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: by mailman.ysv.freebsd.org (Postfix) id 2E58DC8ACAB; Wed, 21 Dec 2016 13:55:46 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2C504C8ACAA for ; Wed, 21 Dec 2016 13:55:46 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DA5471A95 for ; Wed, 21 Dec 2016 13:55:45 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 62C0128436; Wed, 21 Dec 2016 14:55:43 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 8C48B28429; Wed, 21 Dec 2016 14:55:42 +0100 (CET) Subject: Re: Custom base jails for ZFS replication To: Randy Westlund , ports@freebsd.org References: <20161221055923.GA24599@gmail.com> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <585A89DE.6080706@quip.cz> Date: Wed, 21 Dec 2016 14:55:42 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39 MIME-Version: 1.0 In-Reply-To: <20161221055923.GA24599@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Dec 2016 13:55:46 -0000 Randy Westlund wrote on 2016/12/21 06:59: > Is there a jail management tool that lets you install packages in a base > jail, and share that with multiple thin jails? > > I want to deploy many thin jails across multiple servers, and be able to > update both the base system and ports in a base jail and then ZFS > replicate that to the base jails on the production servers. I'd like > the thin jails to only contain my customer-specific application data, so > I don't have to manually update all of them. > > I don't see any way to do this with ezjail or iocage. Does anyone else > have a deployment like this? I don't think there is some tool to achieve your needs. But jails are so simple in reality that instead of trying to workaround limitations of existing tools I recommend to setup this by standard base utilities (jail.conf + fstab + ZFS replication) But once you dig deep in to this you will realise that jail is the simpler part of this problem. Many ports are writing to /usr/local. So until you teach each of your port to not do it then you can have problem with updating by ZFS send. If you are 100% sure that your ports don't write to /usr/local any valuable data, then you can just create one full jail with base system and needed packages, replicate this jail to whatever place you want (local or remote machines). Then make directory with /etc /usr/local/etc /dev /var and /tmp for each jail (jail's private data) plus dozen of symlinks to nullfs mounted dirs and start these jails by standard service jail start (configuration is in /etc/jail.conf on machines running specific jails) Each jail will have own fstab file to mount your "application data" and nullfs mount of share base + packages. It is not so hard as it can look. And it can easily be scripted and customised for your needs. (scripted updates with ZFS send & receive, cloning, snapshots etc.) Miroslav Lachman