Advice/guidance requested.

Nicolas de Bari Embriz Garcia Rojas nbari at inbox.im
Mon Jan 13 16:40:58 UTC 2014 

Hi, sorry for the confusion, I will go a little more in detail trying to explain more my use case.

To what it concerns to jails:

Basic setup:

FreeBSD Host with N jails.

For this I create a basic, light jail (custom src.conf) , the one later is cloned (ZFS), and configuration is in jails.conf.

To install packages in a jail I share the host ports tree on all jails.

That’s all it concerns to jails. 

Now,  “arena” is the name I give to a simple directory structure that I can use in any *nix system. My intention of it,  was to have always an "universal deployment schema"  compatible with any *nix.  basically my way of emulating jails in *nix that don’t have jails. 

When working with Freebsd, inside a jail I create an ‘arena’ following the schema I sent previously. (https://github.com/nbari/arena)

Unfortunately not all my working environments are always FreeBSD, therefore I had to found an  structure that could work in any *nix.   The name I chose was ‘arena’ , so basically is a directory ‘/arena’ that contents the applications, sites, sources, run scripts, basically everything required by my applications, so that I can just replicate that structure in any *nix and have everything working either is a linux a freebsd or either inside a jail.

Today you may be working in a jail and have all perfect running, but maybe one day you will need to move or replicate all your applications, to servers that could be running using linux, a freebsd host within virtualbox, or either maybe an instance of bhyve, because of this I created this “arena”, universal deployment that can help me move things fast.

Hope I didn’t confuse you more, but I just tried to explain and complement the use of jails, in my case, rather than been fat or thin, jails are perfect containers that allow to deploy very custom applications.

If you have more questions feel free to ask.

The src.conf I use for the jails is: 

8<—

CC=clang
CXX=clang++
CPP=clang-cpp

# src for jail
WITHOUT_ACCT="YES"
WITHOUT_ACPI="YES"
WITHOUT_AMD="YES"
WITHOUT_APM="YES"
WITHOUT_ASSERT_DEBUG="YES"
WITHOUT_AT="YES"
WITHOUT_ATM="YES"
WITHOUT_AUDIT="YES"
WITHOUT_AUTHPF="YES"
WITHOUT_BIND_DNSSEC="YES"
WITHOUT_BIND_ETC="YES"
WITHOUT_BIND_LIBS_LWRES="YES"
WITHOUT_BIND_MTREE="YES"
WITHOUT_BIND_NAMED="YES"
WITHOUT_BLUETOOTH="YES"
WITHOUT_BOOT="YES"
WITHOUT_BSNMP="YES"
WITHOUT_CALENDAR="YES"
WITHOUT_CDDL="YES"
WITHOUT_CTM="YES"
WITHOUT_CVS="YES"
WITHOUT_DICT="YES"
WITHOUT_EXAMPLES="YES"
WITHOUT_FLOPPY="YES"
WITHOUT_FORTH="YES"
WITHOUT_FREEBSD_UPDATE="YES"
WITHOUT_GAMES="YES"
WITHOUT_GDB="YES"
WITHOUT_GPIB="YES"
WITHOUT_GSSAPI="YES"
WITHOUT_HTML="YES"
WITHOUT_IPFILTER="YES"
WITHOUT_IPFW="YES"
WITHOUT_IPX="YES"
WITHOUT_JAIL="YES"
WITHOUT_KERBEROS="YES"
WITHOUT_LEGACY_CONSOLE="YES"
WITHOUT_LIB32="YES"
WITHOUT_LPR="YES"
WITHOUT_NCP="YES"
WITHOUT_NDIS="YES"
WITHOUT_NETGRAPH="YES"
WITHOUT_NIS="YES"
WITHOUT_NLS="YES"
WITHOUT_NLS_CATALOGS="YES"
WITHOUT_NS_CACHING="YES"
WITHOUT_NTP="YES"
WITHOUT_PF="YES"
WITHOUT_PMC="YES"
WITHOUT_PORTSNAP="YES"
WITHOUT_PPP="YES"
WITHOUT_PROFILE="YES"
WITHOUT_QUOTAS="YES"
WITHOUT_RCMDS="YES"
WITHOUT_RCS="YES"
WITHOUT_RESCUE="YES"
WITHOUT_ROUTED="YES"
WITHOUT_SENDMAIL="YES"
WITHOUT_SHAREDOCS="YES"
WITHOUT_SYSCONS="YES"
WITHOUT_SYSINSTALL="YES"
WITHOUT_USB="YES"
WITHOUT_WIRELESS="YES"
WITHOUT_WPA_SUPPLICANT_EAPOL="YES"
WITHOUT_ZFS=“YES”
8<---

regards. 



On Jan 13, 2014, at 2:41 PM, g8kbvdave at googlemail.com wrote:

> I know, top posting....
> 
> Hi.
> 
> Other than the directory structure illustrated there, you've confused me.  (Not 
> difficult!)
> 
> The problem I'm finding, is that everyone assumes everyone else knows what 
> everyone is talking about, in detail!   I freely admit I don't!  (But I'm slowly 
> learning.)
> 
> So....  Please excuse my ignorance, but what has "arena" got to do with Jails?
> 
> Bearing in mind, Ive yet to get any of this to work even in it's most basic form, 
> other than a base FBSD system that ticks allong nicely doing other things such 
> as NTP timekeeping duties.
> 
> The other thing is, I will be needing to document all this, so in x years time when 
> I might need to do it all again, I can.    Though from what I'm hearing, it'll have 
> all changed again by then anyway, so I'll be back to square one.
> 
> Is there a simple (graphical) illustration with basic description somewhere, that 
> explain's how the parts of a jail inter-relate with each other, and the base 
> system?   I'm a bear with a small brain BoBo!    I'm doing this to support an 
> aspect of a hobby of mine, not for any proffit or gain.
> 
> Sorry, but there is just too much conflicting information to try and absorb at 
> present, and though I've been meddling with computers and other tech stuff for 
> many years (decades!)  I'm a Unix noob in this respect.
> 
> Regards.
> 
> Dave B.
> 
> 
>> I like to use jails.conf and the sysutils/jail2/ port.
>> 
>> I create a very basic jail and later just clone it taking advantage of ZFS.
>> 
>> I share the /usr/ports from the host with the jails, but let each jail have their own files, so that later if needed, I can just dump the full jail and move it to another server with out need to worry about X o Y missing files.
>> 
>> Once I have the jail, I follow this schema: https://github.com/nbari/arena
>> 
>> Hope this can help or give more ideas.
>> 
>> regards.
>> 
>> 
>> 
>> On Jan 13, 2014, at 2:03 PM, g8kbvdave at googlemail.com wrote:
>> 
>>>> W dniu 2014-01-12 10:09, wishmaster pisze:
>>>> 
>>>>>> I would also recommend ezjails. Using fat jails is often completely
>>>>>> unnecessary.
>>>>> 
>>>>> Do you think using ezjail you will obtain "thin" jails? 
>>>>> You are wrong. Setup 5...10 jails for applications: one jail for
>>>>> web-applications on php, one for java and so on. And you will see how your
>>>>> jails will be FAT! And now imagine update system and software procedure.
>>>>> So, if you need a lot of "light" isolation containers, ezjail is not your way. 
>>>>> I use self written scripts which creates one base system with all needed 
>>>>> packages and a lot of "containers" with vnet supports and with "security in
>>>>> mind". Upgrading is very easy, just one jail.
>>>> 
>>>> Sounds nice, maybe write some blog post or even a more detailed mail to
>>>> this list with some how-to? I'm sure many people would find this very
>>>> interesting.
>>>> 
>>>> -- 
>>>> best regards,
>>>> Lukasz Wasikowski
>>> 
>>> Yes indeed, then we can all learn how and more importantly "why".
>>> 
>>> Best Regards.
>>> 
>>> Dave B.
>>> 
>>> _______________________________________________
>>> freebsd-jail at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
>>> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
>> 
> 
>

More information about the freebsd-jail mailing list