0

There are multiple ways and tools to create jails, and now that disk spaces is becoming cheaper the creation of a full jail (having already compiled a world) is just a matter of seconds:

zfs create tank/jails/sandbox
zfs create tank/jails/sandbox/home
zfs create tank/jails/sandbox/tmp
make installworld DESTDIR=/jails/sandbox SRCCONF=/etc/src-jail.conf

For updating existing jails currently I am using something like:

for jail in /jails/*; do
   make installworld delete-old delete-old-libs DESTDIR=$jail  
done

It works but it implies a "downtime" besides being a destructive procedure since there is no way to rollback if required.

There are some methods describing how to create a base image and then using nullfs to just mount a read-only skeleton or others using symlinks but among all the possible options I am wondering how you deal with rolling upgrades?

Despite the tool used for example if the host was using FreeBSD 11.2 and now has been updated to FreeBSD 12, I would like for example just need to run once:

make installworld DESTDIR=/jails/new-base12 SRCCONF=/etc/src-jail.conf

And then per jail either promote (zfs) or modify a custom /etc/fstab.jailname (nullfs) so that once finished I could just do a /etc/rc.d/jails restart and minimize the downtime.

Any best practice or method to follow, keeping in mind that the goal is to minimize the downtime and if possible simplify as much as possible the upgrade or multiple jails?

Vladimir Botka
  • 5,138
  • 8
  • 20
nbari
  • 558
  • 1
  • 9
  • 28

1 Answers1

1

ezjail covers the use-case you described. To answer your question:

How you deal with rolling upgrades?

Let me quote from FreeBSD Handbook 14.6.2. Initial Setup:

To Populate the Jail with installworld The basejail can be installed from binaries created by buildworld on the host with ezjail-admin update ... installworld is executed, installing the host's /usr/obj into the basejail.

# ezjail-admin update -i -p

FWIW, to automate the installation and configuration I maintain Ansible role freebsd_jail, tested with FreeBSD 12.0.

To answer your question:

Does ezjail use zfs to create the jails basejail and others and also use nullfs to for the read-only shared components?

Yes, it does. See the typical 1) list of zfs filesystems 2) fstab and 3) directories and links of the the template newjail.

$ zfs list
NAME                   USED  AVAIL  REFER  MOUNTPOINT
zroot                 3.04G   104G    23K  /zroot
zroot/jails           3.03G   104G    63K  /local/jails
zroot/jails/basejail  1.54G   104G  1001M  /local/jails/basejail
zroot/jails/build      281M   104G   281M  /local/jails/build
zroot/jails/newjail   2.29M   104G  2.29M  /local/jails/newjail
zroot/jails/test_01    977M   104G   977M  /local/jails/test_01
zroot/jails/test_02    134M   104G   134M  /local/jails/test_02
zroot/jails/test_03    134M   104G   134M  /local/jails/test_03

$ cat /etc/fstab.test_01 
/local/jails/basejail /local/jails/test_01/basejail nullfs ro 0 0

$ ll /local/jails/newjail/
total 25
drwxr-xr-x  13 root  wheel    23 Jan 21 17:19 ./
drwx------   9 root  wheel     9 Jan 21 17:19 ../
-rw-r--r--   2 root  wheel   951 Dec  7 05:13 .cshrc
-rw-r--r--   2 root  wheel   470 Dec  7 05:13 .profile
drwxr-xr-x   2 root  wheel     2 Jan 21 17:19 basejail/
lrwxr-xr-x   1 root  wheel    13 Jan 21 17:18 bin@ -> /basejail/bin
lrwxr-xr-x   1 root  wheel    14 Jan 21 17:18 boot@ -> /basejail/boot
-r--r--r--   1 root  wheel  6177 Dec  7 05:17 COPYRIGHT
dr-xr-xr-x   2 root  wheel     2 Dec  7 05:11 dev/
drwxr-xr-x  25 root  wheel   103 Jan 21 17:19 etc/
lrwxr-xr-x   1 root  wheel    13 Jan 21 17:18 lib@ -> /basejail/lib
lrwxr-xr-x   1 root  wheel    17 Jan 21 17:18 libexec@ -> /basejail/libexec
drwxr-xr-x   2 root  wheel     2 Dec  7 05:11 media/
drwxr-xr-x   2 root  wheel     2 Dec  7 05:11 mnt/
drwxr-xr-x   2 root  wheel     2 Dec  7 05:11 net/
dr-xr-xr-x   2 root  wheel     2 Dec  7 05:11 proc/
lrwxr-xr-x   1 root  wheel    16 Jan 21 17:18 rescue@ -> /basejail/rescue
drwxr-xr-x   2 root  wheel     6 Dec  7 05:17 root/
lrwxr-xr-x   1 root  wheel    14 Jan 21 17:18 sbin@ -> /basejail/sbin
lrwxr-xr-x   1 root  wheel    11 Dec  7 05:11 sys@ -> usr/src/sys
drwxrwxrwt   2 root  wheel     2 Dec  7 05:11 tmp/
drwxr-xr-x   6 root  wheel    15 Jan 21 17:19 usr/
drwxr-xr-x  25 root  wheel    25 Jan 21 17:19 var/
Vladimir Botka
  • 5,138
  • 8
  • 20