jails How to best automate creation and management of Jails?

subnetspider

subnetspider

I'm learning ansible(1) and bastille(8) to introduce some level of automation to my homelab and to use jails instead of FreeBSD VMs for my services.
At the moment I manually create thick VNET jails with bastille(8) and then set up my services with ansible(1) where each jail is treated as a separate host.
This is not very ideal as each jail runs sshd, needs a user for ansible and needs the ssh keys, sudo/doas and python package installed.

Do you know better workflows and tools to achieve more automation with jails?
I'm open to suggestions. :)
 
bastille has a bunch of commands to run things in specific containers. So, you might be able to call those from a script.

Additionally, many config commands take a `-f` flag to specify the file, or `-r` flag to specify the root to operate on. So you can write a script that does things like:

Code: 
sysrc -f /jails/jail1/etc/rc.conf hostname="jail1"
pkg -r /jails/jail1 install -y emacs-nox

I've gotten a lot of mileage out of scripting with those sorts of flags, and so far have not needed to use ansible for defining jails.

Some of it depends on whether you think of a jail as long-running (like a host), or destroyable (like a docker container). I am leaning towards the destroyable side, but with persistent /var/db/ folders as necessary. That way I don't have to run ansible to upgrade, install packages, etc. I just rebuild the jail from scratch.
 
Have you already tried creating and managing jails “the hard way”, i.e. only using that which the FreeBSD base system provides? It might be less complex than you might think!

I have been managing my jails that way (following Michael Lucas Book “Absolute FreeBSD”) for some time now and I have to say: While some automation in some minor aspects (e.g. installing basic stuff inside the jail, etc.) would be handy, there is actually very little that needs to be automized for my non-industrial use-case.

Someone else here in the forum once said: The steps of creating a jail are so trivial that there is no framework needed.

So, basically, my answer is just some more elaboration on what W.hâ/t said: Create your own scripts!
 
just try with CBSD where maybe is more confortable to manage jails and if you want ,bhyve VMs in the same way , can containerize a VMs inside a jail and manage theme easely look at this project.You can build the management tool by following the tutorial or simply using the package offered by FreeBSD.
CBSD
 
patmaddox said:
I've gotten a lot of mileage out of scripting with those sorts of flags, and so far have not needed to use ansible for defining jails.
Click to expand...
I also dont "need" to use Ansible to create and manage Jails, but it is a way for me to learn Ansible.
Holger said:
Have you already tried creating and managing jails “the hard way”, i.e. only using that which the FreeBSD base system provides? It might be less complex than you might think!
Click to expand...
Creating jails with /etc/jail.conf and bsdinstall was the first thing I have tried, and it works very easily.
Holger said:
I have been managing my jails that way (following Michael Lucas Book “Absolute FreeBSD”) for some time now and I have to say: While some automation in some minor aspects (e.g. installing basic stuff inside the jail, etc.) would be handy, there is actually very little that needs to be automized for my non-industrial use-case.
Click to expand...
I am also reading "Absolute FreeBSD 3rd edition" and "FreeBSD Mastery: Jails" which are the reason why I want to use Jails instead of FreeBSD VMs.

And again, I know how easy it is to manage Jails by Hand, but learning Ansible is a lot easier if I can actually use it and I dont have a hard time when it comes the time when Jails need to be recreated from scratch.

From what I have gathered, it seems that creation and management of Jails would be best done utualizing the onboard tools FreeBSD provides with my Ansible "scripts" (playbooks).
 
You must log in or register to reply here.
Back
Top