How to compare bastille-bsd, ezjail, cbsd, pot, iocage,ezjail

Nice. Where is the party? :)
Well, finally, normal questions began! ;-))) Goran Mekić will open the party at FOSDEM 2023.
Meanwhile, a nice series on CBSD started by Kraileth recently.
Yes, there are more and more contributors. There are also similar articles from Karen Bruner who recently demonstrated a FreeBSD OS from a very unusual side - as a Kubernetes launcher (with helps of CBSD/bhyve). This means that the goals of the project are working - we will popularize FreeBSD OS.

By the way, most likely I will add flavors to the CBSD port ( WITH_BHYVE, WITH_JAILS, WITH_NVMM, WITH_QEMU, WITH_XEN ) so that users can install CBSD only for the virtualization engine they need (e.g. `pkg install cbsd-bhyve cbsd-jails` ). The project structure is completely ready for this. In addition, John Marino recently did a great job of switching CBSD to cmake (instead of bmake). This significantly increases the cross-platform of the CBSD (e.g. will be interesting to do CBSD + MacOS + xhyve / OpenBSD + vmm). Having different hosts (FreeBSD,NetBSD,DragonFlyBSD + XEN/NVMM/bhyve/jail) behind CBSD API, you can build hybrid clouds. It's going to be fun!
 
Ole Thank you, just a week away! Brussels is a bit expensive to travel to for me, but I will follow online. I know already this year it is going to be one of the best.

Many thanks to John Marino, RavenPorts is quite impressive.

Thank you for keeping CBSD alive and kicking for 10 years. Kudos!
 
I'm testing Bastille. All seems good including templates (well, it should just limit to CMD hook, the rest has no sense for me).

But when I'm trying to upgrade a RELEASE (default thin jail, for example 12.3 to 12.4), all looks good until I type freebsd-version in the corresponding jail. It answers it's 12.3-RELEASE, even after restart.
Something is wrong here?

Edit:
In fact, this function is somewhat broken for upgrading a RELEASE. It needs the -f flag to work properly or almost. Anyway, at the end, the name of the (bootstrapped) RELEASE doesn't change. The best way for upgrading is to bootstrap the new RELEASE and edit the fstab of the jail(s).

Also, I saw that sometimes, the destroy function fails to unmount one or more zfs datasets. It also needs the -f flag.

There is no integrated commands for zfs snapshot and restore (unlike sysutils/iocage).

There is no dependencies at all as it's only sh scripts (like sysutils/ezjail).

And, as already said in this thread, the documentation is spartiate in some ways.

This software is good but not yet achieved.
 
I found that using the native jail command and config is far more easier than learning/using any of the jail managers with many dependencies.
When the development stops on those managers for some reason the cycle starts all over again.
 
I've used ezjail, cbsd and iocage
I'm using vm_bhyve for vms and currently iocage for jails.
I stopped using cbsd a while back when it seemed there was limited zfs integration - but now I believe zfs support is good, and I'm starting to appreciate more their policy of no 'rigid binding' to zfs.
The feature-set of cbsd seems unrivalled, and with the option to use NFS/iSCSI it opens up the possibility of things such as hot migration as long as your underlying nodes are similar enough.
iocage has limitations such as only mounting one extra zfs dataset and the slowdown in development is becoming obvious.
My current plan is to migrate back to cbsd.
I already use vxlans to have jails on separate networks share subnets and do cold semi-manual migrations - so the biggest problem is figuring out the cbsd documentation as to whether it can sit side-by-side without disturbing an already complex setup, but I recall that even when my setup was simpler cbsd was always good. Regretting migrating away from it now!
 
What are the strong and weak points of each system ? Or how do they compare ? When to use one or when another.



This should be helpful:
Today your choices are:
  • plain jail.conf(5) and jail(8) command.
  • BastilleBSD
  • pot/nomad
  • CBSD
Very nice thing about BastilleBSD is the Templates they offer and maintain.

They also have Bastillefile (similar to Dockrefile) and Rocinante [1] automation.

[1] https://github.com/BastilleBSD/rocinante

... and yes its named like that because of Expanse series :)

Generally all other solutions (exjail/iocage/....) are dead/abandoned/not developed anymore.

Regards.
 
Very nice thing about BastilleBSD is the Templates they offer and maintain.
Have you tried to compare this with similar thing from CBSD: CBSDFile and `cbsd forms`? One of the incredible CBSD features is that you can reconfigure the service at any time (for example, re-configure Memcached/Redis, create additional databases/users in MySQL, PostgreSQL, etc.). As far as I understand, Bastille templates are used only when creating a container.
 
Interesting. That syntax feels quite similar to zadm.
As far as I see, the zadm uses the JSON, while the CBSDfile is standard shell functions:
Code:
jail_memcached()
{
  ip4_addr="DHCP"
  host_hostname="${jname}.my.domain"
 
  pkg_bootstrap=1
  pkglist="memcached mc"

  sysrc="memcached_enable=YES cron_enable=NO syslogd_enable=NO"
}

postcreate_memcached()
{
  expose mode=add in=11211

  # execute hostname in jail:
  jexec "hostname"

  # execute batch of command in jail:
  jexec /bin/sh <<EOF
    export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
    date
    ls -la
    pwd
    sockstat -4l
EOF

}
( in addition to the optional postcreate_XXX function, you can add/modify static files (analogous to bastille's 'COPY' ) in jail via the skel/ directory: for example )
Code:
cbsd up

Code:
cbsd destroy

I find it very convenient that CBSD did not try to repeat Dockerfile syntax ;-). Thanks to the shell, you can use the conditions ( if/else/case ) that adds flexibility. Using CBSDfile, you can easily create a catalog for various services based on virtual machines and containers.
 
Back
Top