jails AppJail: Simple and easy-to-use tool for creating portable jails.

[DtxdF]

AppJail is an open source framework entirely written in sh(1) and C to create isolated, portable and easy to deploy environments using FreeBSD jails that behaves like an application.

Features:

• Easy to use.
• Parallel startup (Jails & NAT).
• UFS and ZFS support.
• RACCT/RCTL support.
• NAT support.
• Port expose - network port forwarding into jail.
• IPv4 and IPv6 support.
• DHCP and SLAAC support.
• Virtual networks - A jail can be on several virtual networks at the same time.
• Bridge support.
• VNET support
• Deploy your applications much easier using Makejail!
• Netgraph support.
• LinuxJails support.
• Supports thin and thick jails.
• TinyJails - Experimental feature to create a very stripped down jail that is very useful to distribute.
• Startup order control - Using priorities and the boot flag makes management much easier.
• Jail dependency support.
• Initscripts - Make your jails interactive!
• Backup your jails using tarballs or raw images (ZFS only) with a single command.
• Modular structure - each command is a unique file that has its own responsability in AppJail. This makes AppJail maintenance much easier.
• Table interface - many commands have a table-like interface, which is very familiar to many sysadmin tools.
• No databases - each configuration is separated in each entity (networks, jails, etc.) which makes maintenance much easier.
• Supervisor - Coming soon ...
• ...

Project: https://github.com/DtxdF/AppJail

Notes:

Hi!

I want to share a tool I created to test my ports, to learn more about jails and just as a hobby.

My main motivation is a tool for system administrators and developers.
AppJail has a useful feature called Makejail, which is somewhat similar to Dockerfile. The idea is to use a file that contains the steps to create a jail with its configured packages.
I have created a PR 269631 to port it to the ports collection.

 

[getopt]

Can those using sysutils/appjail give us some feedback/experience on this, please?

 

[adriel-tech]

Can those using sysutils/appjail give us some feedback/experience on this, please?

I am a big fan of BastilleBSD and used it for many years, here is my opinion about Appjail compared to Bastille

I think BastilleBSD is easier to setup and use for local testing. Appjail is more robust and better for production usage.

Appjail has continually improved adding features like the supervisor system, also using the lastest FreeBSD tech such
as OCI container support. Setting up Appjail and jumping into using templates is more effort than Bastille but I think it allows
for more complicated networking setups in a more structured way compared to Bastille. Built in Netgraph support is a nice example
of this. Appjail can be used like Bastille (using templates) but it also has image support which is more like docker/podman?

I have found Appjail updates to be more proffesional with less issues than Bastille. Although BastilleBSD is being maintained again,
I have had enough issues with it recently that I am considering porting fully to Appjail. Nobody likes changing their jail
systems without reason, but I think these days Appjail has quietly become the most actively developed, well maintained and feature
rich jail manager.

props to DtxdF!

 

[AngryCurmudgeon]

The comparison matrix on the appjail docs for bastille is very outdated. Many of the features marked as not supported actually are supported today.

 

[DtxdF]

The comparison matrix on the appjail docs for bastille is very outdated. Many of the features marked as not supported actually are supported today.

The good part is that the docs are open source, so you can make a PR.

 

[AngryCurmudgeon]

The good part is that the docs are open source, so you can make a PR.

if I could find the compare file in github I would do just that. Maybe I am missing the file. What file is the comparison in?

 

[DtxdF]

if I could find the compare file in github I would do just that. Maybe I am missing the file. What file is the comparison in?

AppJail.docs/docs/compare.md at main · DtxdF/AppJail.docs

Official AppJail documentation. Contribute to DtxdF/AppJail.docs development by creating an account on GitHub.

github.com

 

[Whattteva]

I'm a Bastille user myself for quite some time and pretty happy with it for now. Looking at that document though, something intrigues me. What does the `X11 Support` row mean?

I run X11 in the jail just fine in combination with VNC, but I suspect this is referring to something else.

 

[DtxdF]

I'm a Bastille user myself for quite some time and pretty happy with it for now. Looking at that document though, something intrigues me. What does the `X11 Support` row mean?

I run X11 in the jail just fine in combination with VNC, but I suspect this is referring to something else.

Nullfs mount /tmp/.X11-unix inside the jail.