Jails in zroot/jails or zroot/ROOT/default/jails?

oed

oed

I've always created a zfs filesystem for each jail under zroot/jails or zroot/usr/jails. I've used beadm for the host, and relied only on periodic snapshots for the jails.

But today it occurred to me that if I put them under zroot/ROOT/default/jails I can use beadm to create boot environments for both the host and jails at the same time. This way I could reboot to quickly recover from an upgrade gone wrong. But on the other hand, I wouldn't reboot to recover if the upgrade failed on just one jail. Like when I recently had to roll back one of the jails to 10.3 because it turned out a port was no longer available.

Please tell me if this is a stupid idea before I implement it on my servers :)
 
oed said:
Like when I recently had to roll back one of the jails to 10.3 because it turned out a port was no longer available.
Click to expand...

You had to roll back one of your jails to 10.3-RELEASE. Had your jail been in a boot environment, you'd have ended up rolling back all your jails, plus your host to 10.3-RELEASE, because the boot environment encompasses all datasets underneath zroot/ROOT.

sysutils/beadm is basically just a wrapper script that manages ZFS clones, and its primary purpose is so that you can always boot up a working system if the system is production-critical and downtime is at a premium. (It has other practical uses, but that's the primary one.) You could manually clone your jails before upgrades if need be: if an upgrade goes bad and the jail needs to come up ASAP, just unmount the broken jail and mount the clone. This is basically all beadm does: it creates a clone of a dataset tree, then "activates" it by setting the bootfs= property on the root of that tree so that the cloned datasets are mounted on the next boot.
 
  • Thanks
Reactions: oed
Yes, you're right. What appeared to be a good idea last night when I was tired, doesn't anymore. The only good use-case I came up with last night doesn't even make sense, since you'd never start upgrading the jails until the host had been successfully upgraded first. Thanks, and never mind.
 
You must log in or register to reply here.
Back
Top