Jails vs Podman vs VM

martinrame

martinrame

At our company, we’ve been building and deploying our products inside 13.4 jails. However, since new customer installations are now running on FreeBSD 15, we no longer have access to 13.4 jails. As a result, the 13.4 builds we create on our own servers do not run on our customers’ newer systems.

Given this situation, we’re evaluating alternatives such as containers (Podman) or virtual machines.

That said, I still prefer jails because their overhead is minimal. For example, a VM typically requires a large zvol, compared to a simple ZFS dataset for a jail.

Has anyone run into a similar situation? How did you solve it?

Leonardo
 
I take it you're referring to thin jails there as thick jails, from what I can work out, aren't that much different in terms of size and resources from podman or docker containers. I'm still working out how to do it, but from what I've read you can even export those to OCI compliant containers these days. I wouldn't personally bother with VMs unless you need the extra level of isolation and/or ability to easily move the VM to a different computer.
 
Thank you all. We are evaluating OCI containers and they look neat from the user point of view, you just pull the container and start on a new server, the same for updates.
But before jumping in, is there a case in favor of jails against containers?.
 
Thanks for the question. I'm struggling to understand the whole Linux containers on FreeBSD myself. I was going to start a thread--and I probably still should--but I'll sit and watch this one.
 
drhowarddrfine said:
Thanks for the question. I'm struggling to understand the whole Linux containers on FreeBSD myself. I was going to start a thread--and I probably still should--but I'll sit and watch this one.
Click to expand...
Yes, the great news since Podman and OCI containers is now we can release FreeBSD based containers, not Linux anymore.
 
I'm sort of in the process of "skipping a release" (-i.e. I'm still on 14.<something> on my servers) so I'm not all that caught up on the OCI stuff, but I really like to create and use scripts to do my setups. Sharing of scripts was always an option too.
 
I'm still wrapping my head around OCI containers in FreeBSD, but afaik it's yet another jail manager - the main difference being that it adheres to a standard, and provides additional functionality like layer caching. In other words, podman provides the interface and jails provide the implementation.

martinrame said:
However, since new customer installations are now running on FreeBSD 15, we no longer have access to 13.4 jails
Click to expand...
This is incorrect, as others have said. FreeBSD kernel can run jails with older userlands. You can test this quite simply by taking a 13.4 host with 13.4 jails, and upgrading the host to a 15.0 kernel and userland. Or take a new 15.0 host and install a 13.4 userland jail onto it.

That said, you probably want to upgrade the jails to a supported userland version anyway.

Point being: you can make the move to podman when you're ready.

martinrame said:
As a result, the 13.4 builds we create on our own servers do not run on our customers’ newer systems.
Click to expand...
This is also strange, as FreeBSD is ABI backwards-compatible. The only way this would be true is if the new kernels were built without compat, or you are building kernel modules (which are dependent on the kernel version). Are you shipping kernel modules?
 
You must log in or register to reply here.
Back
Top