Jail management

[Aristedes Maniatis]

On 22/02/2016 12:57pm, erdgeist wrote:
> 
>> On 22 Feb 2016, at 14:13, Aristedes Maniatis <ari at ish.com.au> wrote:
>>
>> Thoughts? What seems like a more robust long term approach to jail management?
> 
> Take a look at bsdploy https://github.com/ployground/bsdploy or just come and ask ezjails author. ;)


Hello there! Thanks for ezjail: a very useful tool for avoiding the pain of setting up nullfs and friends.

However I think that bsdploy is orthogonal to my problem. I'm already embedded in saltstack, so moving to ansible doesn't solve any problems for me. And I can't see how it solves the pkg versioning problem any better.

That's why I was thinking to move to a snapshot clone/restore approach to jail management. But that idea butts up against ezjail's assumptions.


> Also unionfs does not work very stable.

OK, I'll cross that option off my list. That then leaves just ZFS clone as the way to create a reproducible and deployable jail environment with the correct (old) package versions.

I did have another idea: create a poudriere environment for each version of the app and switch /usr/local/etc/pkg/repos/my.conf each time. But that seems awkward and still very hard to go back in time and apply small fixes to an old deployed version.


Have I just now outgrown ezjail and should set off on my own? I'm afraid of how I'd go about upgrading the basejail for new FreeBSD host versions without your tool :-)

Thanks
Ari




-- 
-------------------------->
Aristedes Maniatis
ish
http://www.ish.com.au
Level 1, 30 Wilson Street Newtown 2042 Australia
phone +61 2 9550 5001   fax +61 2 9550 4001
GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20160222/4b6c562e/attachment.sig>