configuring jails

laktech · Jun 25, 2022

hello, i am accustomed to using puppet to configure systems and docker files to configure docker containers. both of these technologies are a source of truth as to how my system and containers should behave. what is the best practice technique for configuring jails for reproducibility and maintenance?

my current setup is very manual. i have various hard-coded pf rules to enable networking into the jails and a text document to help document some of operations that were performed on the jail. it's very manual and i'd like to move away from that. i'm not sure if i should just maintain a bash script per jail or if there is a more mature solution.

Ole · Jun 25, 2022

Why don't you want to keep using the puppet to manage jails? This is a very good tool.

laktech · Jun 26, 2022

of course, thanks! nice to have validation that this is a sane option!

hardworkingnewbie · Jun 26, 2022

I'm using ezjail-admin to administer my jails. Works like a charm.

laktech · Jul 10, 2022

ended up going with bastille. used it's templating capability to install and configure puppet. now i have configurable jails. thanks!

Lamia · Jul 11, 2022

Hardcore ezjail user here; slowly migrating to cbsd. But for granularity sake, I would keep ezjail, and preferably step into jail.conf, at reach on servers that need getting behind the hood - e.g. networking between jails and vms in bhyve.

laktech · Jul 12, 2022

I'm hitting limits of bastille already. rdr configurations are very limited.

wolffnx · Jul 15, 2022

hardworkingnewbie said:
I'm using ezjail-admin to administer my jails. Works like a charm.

same here,over the years works like a charm