jails Thin jails with just one pkg

Hi all, I have a question about jails.
So I use ezjail to manage a few jails right now and it's working fine, this is more about a future project.

Suppose I had to have a 100 different jails. In 95 of those - Each jail would run the same program (e.g. Apache) but with minor variations in the program specific config files.

Ezjail makes a ro copy of the kernel in the base jail and has separate userland files for each jail. Can this idea be taken further? If I know in advance that everything except Apache (and a couple in /etc and presumably log) files are going to be identical in (95 out of 100 of) my jails there's no need to have separate copies of each userland file for those 95.

I'm sure someone has thought/done something about this. So if appreciate any tips on the feasibility of the concept as well as how to implement it.

This is the closest related blog that I could find on this about doing this manually. I don't think there are specific search terms to make it easier if there is more info on it. Is there a way to convince ezjail to do it somehow?
 
Would pkg work if you first chroot'd to your /usr/jails/basejail/ ?

If the base jail is a complete FreeBSD apart from kernel & boot files, I'm guessing that pkg would have everything it needs, and would update the binaries OK. You'd obviously have to manually check all the files in /usr/local/etc/ for changes that you need to reflect in your existing jails. What have I overlooked?
 
Put /usr/local/etc/ on it's own filesystem, one for each jail. Similar to how ezjail does this for /etc/. Then you could 'share' /usr/local/{bin,sbin,share,include,lib,libdata,libexec,man} from a base jail the same way /usr/bin/ etc. are shared for all the jails.
 
What SirDice said. It is absolutely feasible to do what you are suggesting. Only I'm not sure you can get that level of control using ezjail, you might have to roll your own management tools.

Have a look at the "Updating Multiple Jails" (formerly "Application of Jails") section in the handbook. The config file suggestions are a bit dated, but you can use the lists of commands as a starting point for a bespoke tool to build your bespoke jails.
 
Back
Top