jails Upgrade thin jail with ZFS snapshot

T

Tchupy

hi All,

I think I miss something but I cannot find a proper way to upgrade my jails.
I created a few thin jails following this doc https://docs.freebsd.org/en/books/handbook/jails/index.html#creating-thin-jail-openzfs-snapshots
So I got : 1 base dataset with 1 base snapshot, and this snapshot has been cloned for every jail I created.
Now I want to upgrade my jails, I thought there was a way to upgrade all jails in one time (with zfs promote or something like that) but I could find a way. It seems I just can update each jail with freebsd-update one by one.

What I miss ? How could I do that easily ?

Thanks
 
I think you need nullfs jails for that. To be honest, I never understood the interest of these so-calling thin jails based on zfs snapshots. Nor I understand the construction of nullfs jails in the FreeBSD handbook.

ezjail(7) is a good example of a tool management for nullfs thin jails, but it's obsolete.
I wrote a set of sh scripts to serve my own thin jails purpose. The main objective was a simple, efficient way to upgrade these jails. https://github.com/Emrion/kjail

That said, maybe someone will help you with the jails system you have right now.
 
Some time ago I have investigated the space requirements when updating a basejail from FreeBSD-14.1-RELEASE to FreeBSD-14.1-RELEASE-p3. The purpose has been to find out if there are significant space savings when I clone a basejail and update the clones which corresponds to a thin jail approach. With the thick jail approach one would not clone a basejail but handle each jail independently. Below are some notes. I hope the notes are not too confusing. Since the test case has been just one upgrade situation it cannot be representive.

Space required for a Basejail and the Impact of Updates
Summary:FreeBSD-14.1-RELEASE requires 451M in ZFS with compression.
Without compression it would be 819M.
Updates to p3 modify 228M with compression included.
But FreeBSD-14.1-RELEASE-p3 only also requires451M in ZFS with compression, similar to the initial Release.
==> after updates there is only little benefit in used clones of an initial basejail, assumed that the amout of space for the updates is comparable to the space required for a basejail.
==> clones make sense if the applications are tiny. Then one candelete the clones, update the basejail, make new clones andre-install the applications in the new clones.

Setup:
Extract a basejail and clone it.For updates each clone is updated using freebsd-update.The updates accumulate to a few 100MB per jail.Compared to jails with applications as below the 100MB perjail are no issue of the applications need more space than the blank jail.

Two example jails with applications
Code: 
zfs list -o name,used,usedsnap -r troot/jailsNAME                       
USED  USEDSNAP
troot/jails               6.84G        0B
troot/jails/14.1-RELEASE   451M        0B
troot/jails/fox           4.30G     2.65G
troot/jails/office        2.09G        0B
Snapshot with 14.1-RELEASE extracted from base.txz
Code: 
zfs snapshottroot/jails/14.1-RELEASE@init                0B      -   451M  -
Output of zfs list   troot/jails/14.1-RELEASE    451M  84.6G   451M  /jails/14.1-RELEASE
Output of du -h                                  455M ./14.1-RELEASE
After Update to p3
Code: 
zfs snapshot
troot/jails/14.1-RELEASE@init              228M      -   451M  -
troot/jails/14.1-RELEASE@p3                  0B      -   451M  -
Output of zfs list troot/jails/14.1-RELEASE   679M  84.4G   451M  /jails/14.1-RELEASE
Output of du -h                               455M ./14.1-RELEASE
zfs list -o used,usedsnap troot/jails/14.1-RELEASE
USED  USEDSNAP
679M      228M
Snapshot 14.1-RELEASE@init deleted
Code: 
zfs snapshot
troot/jails/14.1-RELEASE@p3           0B      -   451M  -
Output of zfs list troot/jails/14.1-RELEASE     451M  84.6G   451M  /jails/14.1-RELEASE
Output of du -h                                 455M ./14.1-RELEASE
zfs list -o used,usedsnap troot/jails/14.1-RELEASE
USED  USEDSNAP
451M        0B
 
actually, I'd like to play with ZFS and nullfs jails seemed a bit tricky for my needs :/
So it seem I have to rethink my jail system..
chrbr actually, I use tiny applications so cloned jails seemed a good solution as I don't have much space on my VPS. The only "large" application I use is in a thick jail.

thanks
 
I played a bit with jails based on ZFS snapshot, I like them.
May be I am wrong on that, but I don't understand why they are labeled as "thin jail" (that's how they are described in the handbook).
They are independent, except the snapshot parent they share nothing with it, they take space almost as much as thick jails.
One thing I like about them, they are quick to deploy, way faster than thick jails, thanks ZFS :) , and they are easy to manage.
But like you I did not find a way to upgrade them other than one by one.
Possibly I missed something though.
 
Tchupy said:
actually, I'd like to play with ZFS and nullfs jails seemed a bit tricky for my needs :/
So it seem I have to rethink my jail system..
chrbr actually, I use tiny applications so cloned jails seemed a good solution as I don't have much space on my VPS. The only "large" application I use is in a thick jail.

thanks
Click to expand...
Agreed with gotnull.
If you want to save disk space, nullfs jails is the way to go, as you have only one base for all jails.

Note that I didn't choose this type of jail because of space saving, but for the gain in speed and simplicity for update / upgrade. I just did right now the update of 4 jails (14.1-RELEASE-p6), it took less than one minute. I just typed service kjail update and done.
 
Well, I think if the goal of using thinjails+nullfs is to save disk space, this should be a temporary solution until the lack of space is solved.

I agreed to Emrion. I also use this type of jail for speed and simplicity, and mostly for development purpose.
For example, I can build in a poudriere jail same package using different flavors and versions, like package@mysql80, package@mysql84, package@mysql105m, etc... and create many jails of this type to test each of them.

But for normal jails to run my services (webserver, database, ...) I use the thick jails.

Both types of jails are useful for different purposes.
 
You must log in or register to reply here.
Back
Top