Re: Jail, and specifically iocage, best practices -- summary

In reply to: Norman Gray : "Re: Jail, and specifically iocage, best practices -- summary"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: doug <doug_at_safeport.com>
Date: Thu, 10 Feb 2022 19:07:29 UTC

On Thu, 10 Feb 2022, Norman Gray wrote:

>
> Hello, all.
>
> On 6 Feb 2022, at 12:58, Norman Gray wrote:
>
>> Greetings.
>>
>> On the freebsd-questions list recently, there was a useful thread about freebsd-update and jails.  This prompts a related question of mine.
>>
>> Is there anywhere a collection of recommended practices with respect to jails?
>
> Thanks, everyone, for very useful comments on this.
>
> I don't want to repeat everyone's suggestions, though I encourage people to look at the thread [1].  But the things that particularly stood out for me are:
>
>  * Several people mentioned that Lucas's Jails book [2] does cover iocage!  We have a copy of this book on the shelf, and now I can get my hands on it again, physically, I see 'iocage' all over the ToC, whereas I'd previously convinced myself it was jail(8)-only.  I feel rather foolish about that...
>
>  * Peter Boosten said 'use a mix', suggesting that it's reasonable to use a script to set up a jail, and then unscripted tools to manage it thereafter.  That is, a script isn't (necessarily) locking you into a particular way of managing these, and it's reassuring to be reminded, in particular, that ezjail/iocage/... aren't adding any particular secret sauce to the jail.
>
> There was also a mention of iocell [3], as a fork of iocage.  I'm always a bit nervous of forks, and note that the iocell documentation doesn't mention the circumstances of the fork (and I remember the ezjail/qjail unpleasantness of a few years ago).  Is there a story here?
>
> It sounds as if a one line summary of the thread (acknowledging that there isn't a universal consensus here) is:
>
>    You won't go far wrong with iocage; buy Lucas's Jails book.
>
> Thanks again, everyone.  Best wishes,
>
> Norman
>
>
> [1] https://lists.freebsd.org/archives/freebsd-questions/2022-February/000622.html
> [2] [FreeBSD Mastery: Jails](https://mwl.io/nonfiction/os#fmjail)
> [3] https://iocell.readthedocs.io/en/latest/
>
This is a pretty good summary. My 2 cents is factor zfs into your decision.

Doug