Date: Fri, 25 Apr 2014 19:30:10 +0200 From: "Michael Ross" <gmx@ross.cx> To: "Victor Sudakov" <vas@mpeks.tomsk.su>, Fbsd8 <fbsd8@a1poweruser.com> Cc: freebsd-questions@freebsd.org Subject: Re: FBSD jail versus VMWare? What services do YOU run in a jail? Message-ID: <op.xevuwk0ag7njmm@michael-think> In-Reply-To: <535A9154.4010205@a1poweruser.com> References: <CAFS4T6apJ30_WPrV3-azuwr5LHFE8htEk5a_xqe7DRZ7Wy5XqQ@mail.gmail.com> <53580129.5010909@ssimicro.com> <CAHieY7SViGaVXXK2CxQEuiTUZMA4EfrUVn_BdB-PHvoJiUjzaA@mail.gmail.com> <CAJYdwgUq=2s1sL=1EdEQYs=3Gv2ikrSP34kpvtQH%2BfNSedPkHA@mail.gmail.com> <033901cf603f$55a1ffc0$00e5ff40$@FreeBSD.org> <535A468D.7080006@a1poweruser.com> <20140425120532.GB89790@admin.sibptus.tomsk.ru> <535A9154.4010205@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 25 Apr 2014 18:46:12 +0200, Fbsd8 <fbsd8@a1poweruser.com> wrote: > Victor Sudakov wrote: >> Fbsd8 wrote: >> >>> As the number of running jails increase the difficultly of managing >>> them also increases. ezjail has no provisions >>> to address this problem. qjail on the other hand is designed from the >>> ground floor to simplify the administration of large scale jail >>> environments [1 to 2000+ jails]. >> Where can I read more about the unique and advanced features of qjail >> missing in ezjail? > > I have never come across a feature comparison between the two. But qjail > is a fork of an old ezjail-3.1 version so much of the feel is the same. > > http://svnweb.freebsd.org/ports/head/sysutils/qjail/pkg-descr?revision=HEAD > This link is a good place to start, then pkg install qjail & ezjail and > read their man pages for the details your looking for. > > For a more general background on jails > http://svnweb.freebsd.org/ports/head/sysutils/jail-primer/pkg-descr?revision=HEAD > will bring you up to the current status as of release 9.2. > >> I am especially interested in features which help update and upgrade >> multiple jails and software therein. >> I must admit it's a bit of PITA in ezjail when it comes to upgrading >> third party software. I have set up a pkg repository for that purpose, >> but still I have to visit each jail individually and run "pkg upgrade" >> from inside. >> (ezjail user here) Couldn't you create one "master" jail, and nullfs-mount /usr/local/(s)bin from there to the other jails? Or, two master jails, and a nullfs mount chain master1-local-sbin mounted to <mountpoint> and mount /usr/local/sbin inside the jails there update software in master2-local-sbin change <mountpoint> mount from master1 to master2 restart ezjail Also, ls /usr/jails/myjail* | xargs -I% ezjail-admin console % -e pkg upgrade (?, never tried) > > jail updates is really 2 different arenas. You have the update of the > host system binaries and the update of ports. > > ezjail relies on the old "make buildworld" method. Not necessarily: ezjail-admin update -u ezjail-admin update -U Also note that qjail has a restrictive license - not allowed to fork without author's permission. Michael > qjail has function to refresh the sharedfs from the running host. > You can use what ever method you want to update your host running system > and just copy the host running system to qjail. For maximum security and > reliability the host and the jails MUST be running the same release > level. > > The second arena is updating your installed ports. Before 10.0 and pkgng > this was always a time consuming task. Ports running in jails are bound > by the same requirements as running ports on the host. FreeBSD only > guarantees ports to function across minor releases. such as moving from > 9.0 to 9.1, but when moving across major releases such as moving from > 8.2 to 9.0 your inventory of installed ports have to be updated by > re-compiling using a current ports filesystem. This is also true for > jails. Basing your ports major release update plans on pkgng instead of > compiling the port and all its dependents is a great time saver. The > only reason to visit each jail individually is if each jail has > different mix of installed ports. In large scale jail environments the > same port mix is often used in many jails and this is easy for qjail to > duplicate. > > > > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.xevuwk0ag7njmm>