Re: Jail, and specifically iocage, best practices

Reply: Peter Boosten : "Re: Jail, and specifically iocage, best practices"
In reply to: doug_a_safeport.com: "Re: Jail, and specifically iocage, best practices"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Ernie Luzar <luzar722_at_gmail.com>
Date: Sun, 06 Feb 2022 19:23:12 UTC

doug@safeport.com wrote:
> On Sun, 6 Feb 2022, Steve O'Hara-Smith wrote:
> 
>> On Sun, 06 Feb 2022 12:58:50 +0000
>> Norman Gray <gray@nxg.name> wrote:
>>
>>> So: am I missing something?  Is there anywhere an article or HOWTO which
>>> describes the 'what everyone knows' about how to look after jails
>>> _properly_?
>>
>>     If you find it let us all know :) The handbook *should* be but it
>> doesn't go into iocage which currently seems to be the most popular jail
>> management tool - for good reason I think as I also use it and it has
>> failed to irritate me enough to make me seek a replacement for several 
>> years
>> now.
>>
>>     As you've observed it doesn't spare you from needing to understand
>> what the choices mean it just makes it easy to do the actual work. I know
>> just enough about it to handle the work I need of it (a bunch of 
>> basejails
>> running applications and a linux jail running a print server because
>> Brother) running on my NAS box and have an appreciation of what else I
>> might get out of it should need arise. Even then I save myself skull 
>> sweat
>> and keep a new_jail script around that just takes a name and an IP 
>> address
>> so I don't have to look up the options or think about the basics on 
>> the rare
>> occasions I need to add a new jail to the pile.
>>
> 
> I use three things: (1) iocage --help, works kinda like pkg; (2) the 
> iocage documentation; (3) Lucas's book. I have downloaed the docs in PDF 
> format as I find searching easier. Google can usually answer more 
> specific questions.
> 
> The handbook IMO really just deals with the FreeBSD core system. Back in 
> the day I tried to figure out The symlink structure to avoid needless 
> duplication of data, eventually finding out that the guy who wrote 
> ezjail did it for me. There was eventually an ezjail chapter in the 
> handbook but it was usually out of date as far as I could tell.
> 
> I initially resisted iocage because it makes python essentially a part 
> of the base system. However if you use zfs it does most of the setup you 
> need seemlessly. I had to install a 7.2 jail and did that fairly easily 
> with iocage.
> 
> Hope this helps,
> Doug
> 
> 

ezjail is obsolete because it uses the original jail options in the 
rc.conf and not the jail.conf as now.

iocage has limited user base because its based on zfs and python. People 
do not like the fact you are forced to use stuff of no value in your system.

qjail is a .sh script program using no pre-recs at all. Has the best 
help documentation I have ever seem in Freebsd.

For jail documentation you should try the port jail-primer