• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

ezjail replacement?

spork

Member

Thanks: 8
Messages: 86

#1
Been using it for years, but finding that the friction between whoever maintains jails on the FreeBSD side and the ezjail author has resulted in the project essentially fizzling out. Mail archives for ezjail seem to be gone or stopped in 2015 depending on where you look.

What's the simplest replacement out there for ezjail? It did so many things right, and I particularly liked the rather sane per-jail config files and the per-jail fstab setup.
 

Remington

Well-Known Member

Thanks: 134
Messages: 463

#4
I have used ezjail for years and I agree that its kinda of fizzling out since there are no further updates on it. I'm seriously looking into iocage or cbsd as a replacement but iocage is being rewritten so I wouldn't use it on a production server.
 

abishai

Well-Known Member

Thanks: 110
Messages: 470

#6
Simple replacement for sysutils/ezjail is FreeBSD itself. When I discovered jail.conf(5)() I immediately migrated to it and removed all jail managment utilities I used before.

Here is how my jails organized:
Code:
abishai@vhost:~ % cat /etc/jail.conf
# Defaults
exec.prestart = "/sbin/mount -t nullfs -o ro /usr/ports/ /usr/local/jails/$name/usr/ports";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.poststop = "/sbin/umount -f /usr/local/jails/$name/usr/ports";
exec.clean;
mount.devfs;
#mount.fstab = "/etc/fstab.$name";
host.hostname = "$name.<your hostname here>";
allow.nomount;

# Dynamic wildcard parameter:
# Base the path off the jail name.
path = "/usr/local/jails/$name";

#example {
# interface = "em0";
# ip4.addr = 10.0.1.4;
#}

proxy {
 interface = "em0";
 ip4.addr = "10.0.1.5";
}

mts {
 interface = "em0";
 ip4.addr = "10.0.1.11";
 mount.fdescfs;
 depend = database;
}

servlet {
 interface = "em0";
 ip4.addr = "10.0.1.14";
 mount.fdescfs;
 depend = database;
}

database {
 interface = "em0";
 ip4.addr = "10.0.1.6";
 allow.sysvipc;
}
and so on. You've got the idea. :)
Updates are done with freebsd-update from the host with -b flag, backups with zfs snapshots/zfs sends.
Physically jails are placed on zfs
Code:
zdata/jails                                   3.19T  6.70T   151K  /usr/local/jails
Great that now I'm not depending on obsolete frameworks, cbsd bloatware or other stuff wanted python on my system.
 

Remington

Well-Known Member

Thanks: 134
Messages: 463

#7
Updates are done with freebsd-update from the host with -b flag, backups with zfs snapshots/zfs sends.
This is not realistic if you have 30 to 50 jails running off a single server as it'll consume so much disk space. That's one reasons why I liked ezjail's basejail with a single upgrade for all jails.
 

abishai

Well-Known Member

Thanks: 110
Messages: 470

#8
This is not realistic if you have 30 to 50 jails running off a single server as it'll consume so much disk space. That's one reasons why I liked ezjail's basejail with a single upgrade for all jails.
Are you serious? Here is empty jail.
Code:
zdata/jails/.base  written               288M
I don't mind to spend 300Mb per jail. If not, I'd mount base with nullfs as I did with ports, but as I didn't use thin jails when I used iohyve, I left thick one here. And, OP asked for "simplest replacement". ;)
 

fnoyanisi

Active Member

Thanks: 87
Messages: 203

#9
I am also looking for a replacement of sysutils/ezjail. Although, it is minimalistic and do things nice, it is out of date and I am a bit reluctant to install 100+ MB for sysutils/py36-iocage.

I don't mind to spend 300Mb per jail.
Unfortunately, I do....I have limited space on my amazon EC2 instance and using a separate base for each jail does not seem to be efficient.

On the other hand, I have to admit that I am no system admin, so I may need to get my head around the trick used by ezjail to create a basejail and then mount separate directories accordingly.

By the way, I think it would be better off to have more examples on the usage of jail(8) in the handbook than having a section on sysutils/ezjail , which is getting obsolete now.
 

Oko

Daemon

Thanks: 594
Messages: 1,518

#10
getopt For people who know how to edit jail.conf and are managing few jails no tool is needed. In particular if you are not going to take advantage of ZFS for Jail

https://clinta.github.io/freebsd-jails-the-hard-way/

masteroman Michael was contemplating to write a book about FreeBSD jails which was semi-logical thing after four books about file systems he wrote:

  1. FreeBSD mastery: Storage Essentials
  2. FreeBSD mastery: Specialty Filesystems
  3. FreeBSD mastery: ZFS
  4. FreeBSD mastery: AdvancedZFS
I used word semi-logical because VNET -- network subsystem virtualization infrastructure (semi-functional) is equally important for large complex deployments. I am sure Mike Lukas is perfectly capable of describing ins and outs of VNET. The only problem is that thing is not finished (see vermaden rant) He changed his mind and wrote a very nice book about native httpd and relayd daemons on OpenBSD. I am not sure how many of such books he needs to write to make leaving but my understanding is that he is now reworking Absolute FreeBSD where he can get some sales going. The blog post you refer to is obsolete. I was heavy user of iocage before IXsystem hired of the developer for their own needs (result is py-iocage) and rack the havoc among people who were not their paid customers.

Eventually a Polish web developer robak (he is lurking here as well) adopted orphaned iocage and now we have sysutils/iocell. The tool is scaled down (supports only base jail which means that the "OS is mounted" as nullfs which is very complicated) version of original iocage. In terms of file system is ZFS specific (frequently that is the main reason people use FreeBSD) and very primitive networking. I have never tried to use to deploy hundreds of jails at the same time so I am not sure how scriptable is but for my jail hosts 10-15 jails per modest spec machine (simple network topology with all jail on the single route which is the same as the host machine) works like a charm.

The Russian developer Ole the author of CBSD (jail/Bhyve management tool) and the person behind ClonOS is probably the most qualified person on this forum to evaluate various Jail and Bhyve utilities (personally I gave up on Bhyve and I am sticking with Xen on Alpine Linux Dom0).

So going back to OP. ezjail is not obsolete unless you need ZFS (maybe that support is added as well).

The lack of good jail management tool in the base of FreeBSD IMHO is one of those things that make people think twice before using FreeBSD for any kind virtualization. Infamous now dead PC-BSD was a pioneer of GUI/CLI jail management utility Warden. Warden never worked as advertised as Ken never had stamina to get it to production quality but it was a good idea (used to be available from ports as pcbsd-utils)
 

Ole

Member

Thanks: 58
Messages: 94

#11
Obsolete? Not here. I created a jail.conf(5) for my ezjails and I'm happy with that.
I prefer building from source and for this reason and other I stay with Ezjail.
I do not remember that Dirk Engling (ezjail author) officially announced the end of the ezjail.
However I have the impression that he lost interest for some reason in the development of the ezjail. Perhaps this is somehow related to qjail: http://erdgeist.org/posts/2017/dont-piss-in-my-beer.html
 

Ole

Member

Thanks: 58
Messages: 94

#12
I am also looking for a replacement of sysutils/ezjail. Although, it is minimalistic and do things nice, it is out of date and I am a bit reluctant to install 100+ MB for sysutils/py36-iocage.
Wow! Switching project from sh to python makes itself felt.
Code:
% pkg install sysutils/py3-iocage
..
Number of packages to be installed: 33
20 MiB to be downloaded.
The process will require 133 MiB more space.
vs
Code:
% pkg install sysutils/iocell
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        iocell: 2.1.1
        uclcmd: 0.1_2
        libucl: 0.8.0

Number of packages to be installed: 3
183 KiB to be downloaded.
Looks like iocage became the most fatty management tools ;-)