I'm trying to get to know jail technology. This is the oldest containerization technology according history page (than LXC, OpenVZ for exampel) and is positioned as much more stable than Linux-solution. Nevertheless, I found in the first hours of using jail that it can not be used in production for example, for isolation and hosting customers and despite the fact that this is the old technology - it is still not ready for use.
First: i can't run in jail two Postgres instance. Postgres or PHP APC and other stuff require shared memory. But jail do not isolate shared memory between jails - how it can be ready-to-production and mature containerization system when I can read and write from one jail to other?! How can I influence the second client will not use the same user id (recomendation from official documentation), if the customers is different users ?
second: Unable to shutdown or reboot jail inside the jail.
third: A single process id namepace.
fourth: a poor cpu limits. For example, when i limit cpu usage on OpenVZ or LXC (via cgroups) - i've really to get slow machine. But when i use RCTL - I got a working jail quickly during the X system ticks, and which sleeps for Y system ticks - if i login to jail from network and press and hold any key - i get some output then sleep, get some output and sleep Zzzz.
No loopback in jail. I setup services to bind on 127.0.0.1 only for security reason, but instead i got services which is available from external network.
And as i see in maillist - jail and vnet is still not ready to use (memory leak and panics with pf). But how it possible? VIMAGE first introduction in FreeBSD 4x ?! And still not ready?
In addition, it lacked a good tool for the jail management and no live migration support.
I have written these problems under the influence of one of the performances on youtube.com about jails where the speaker talked about the pros jail and how this system is more mature than Linux analogue and less prone to bugs. I had the impression - if it is so mature system, why am I in the first hours of use jail learned information which puts an end to the use of jail for me?
Do I understand correctly that jail development is stopped for many years and all the forces focused on bhyve ?
First: i can't run in jail two Postgres instance. Postgres or PHP APC and other stuff require shared memory. But jail do not isolate shared memory between jails - how it can be ready-to-production and mature containerization system when I can read and write from one jail to other?! How can I influence the second client will not use the same user id (recomendation from official documentation), if the customers is different users ?
second: Unable to shutdown or reboot jail inside the jail.
third: A single process id namepace.
fourth: a poor cpu limits. For example, when i limit cpu usage on OpenVZ or LXC (via cgroups) - i've really to get slow machine. But when i use RCTL - I got a working jail quickly during the X system ticks, and which sleeps for Y system ticks - if i login to jail from network and press and hold any key - i get some output then sleep, get some output and sleep Zzzz.
No loopback in jail. I setup services to bind on 127.0.0.1 only for security reason, but instead i got services which is available from external network.
And as i see in maillist - jail and vnet is still not ready to use (memory leak and panics with pf). But how it possible? VIMAGE first introduction in FreeBSD 4x ?! And still not ready?
In addition, it lacked a good tool for the jail management and no live migration support.
I have written these problems under the influence of one of the performances on youtube.com about jails where the speaker talked about the pros jail and how this system is more mature than Linux analogue and less prone to bugs. I had the impression - if it is so mature system, why am I in the first hours of use jail learned information which puts an end to the use of jail for me?
Do I understand correctly that jail development is stopped for many years and all the forces focused on bhyve ?