jail manager for single IP

Hi everyone,

I am not new to FreeBSD and have installed jails so far always as per jail(8) and started them for laziness with "jail -c ..." per my own scripts.
In a nutshell, each jail has its own copy of everything. And that is my primary motivation to look for some "jail management with thin jails" as with FreeBSD 11.2 a full world & distribution goes up to 1GB per jail today.

Now the server I am pondering on is a dedicated H/W with a single IPv4 (and IPv6) address. I am fine with sharing the host IP with jail IP (consequence is, that whatever is bound in the jail and may overlap with the host will take precedence, I am aware of that and thats not a big deal for me).

So question to the community is, is there any "useful" jail manager out there that can work with shared IP's with host and nested jails ?

I tried ezjail:

Code:
ezjail-admin create -f example example.com 'em0|x.x.x.x'

# ezjail-admin console -f example.com
Starting jails:packet_write_wait: Connection to x.x.x.x port 22: Broken pipe

it seems to reconfigure em0 and that makes the system going with the fishes...

iocage:

(just tried the sample from their homepage)

Code:
# iocage fetch --plugins --name Plex ip4_addr="em0|x.x.x.x"
Plugin: Plex
  Using RELEASE: 11.2-RELEASE
  Post-install Artifact: https://github.com/freenas/iocage-plugin-plexmediaserver.git
  These pkgs will be installed:
    - multimedia/plexmediaserver
packet_write_wait: Connection to x.x.x.x port 22: Broken pipe


However, using the "good old" way I can simply start my jail (and inherit jails) with:

Code:
jail -c path=/jails/web name=web jid=1 host.hostname=web ip4=inherit ip6=inherit children.max=5 command=/bin/sh /etc/rc

So I assume I am looking for something that mainly uses /etc/jail.conf but allows "thin" provisioning. Anything out there ?

Cheers,
Yze
 
Ok found the issue. From a git commit I found out that iocage allows to specify the IP without interface:

Code:
'em0|x.x.x.x/24' => 'x.x.x.x'

that works for both, ezjail as well as iocage. Now ezjail seems to use nullfs to mount its "basejail" into each jail to have thin provisioning - looks reasonable. Need to check now if it is possible to have a 11.2-RELEASE basejail as well as a separate 12.0-BETA2 base (as example).

for iocage, it seems very heavy bound on ZFS. I do not see this could be used in a nested fashion.
 
Back
Top