[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] sharing selected ports across jails?

Le 02/10/2010 18:05, Royce Williams a écrit :
Is anyone sharing selected ports across jails?

For ports that multiple jails need (for me, ports like bash, sudo,
portupgrade, portaudit, etc.), it would be far more efficient to
upgrade one instance.  Some ports would necessarily be per-jail ports,
and others would be shared.

Potential issues:

* Specify jail-specific configs and data directories, if needed.
* Handling libraries.

What is The Right Way to do this?  Unionfs, other?

I see this as a significant potential force multiplier.



I share packages among my jails from the first time i used jails (and ezjails). I 've set up one "forge" jail , that is the only one which mount the port tree, and from this jail i create a directory /var/ports/`jails_name`.pkg that has the name of each jail running services (one directory per jail so), and one more directory /var/ports/common-pkgs for all common packages i install among all the jails.

Inside /var/ports/common-pkgs I build all the packages from the port tree that all other jails will need (zsh, tmux, sudo, vim) like this (e.g. zsh build for my 'www' jail) :

forge# export PACKAGES=/var/ports/common-pkgs
forge# cd /usr/ports/shells/zsh
forge# make config-recursive (optionnal)
forge# make package-recursive
forge# make deinstall-clean (as make package-recursive install the port while building the packages, I deinstall every ports after package building)

The zsh package (and its deps) is in '/var/ports/common-pkgs/All' directory.

In the 'www' jail I've created the directory /var/ports/common-pkgs (/var/ports/packages is created by default), so all the mount point directories are ready.

From the host running jails, I add the corresponding mount entries in the jail's fstab : /etc/fstab.www

/jails/forge/var/ports/common-pkgs /jails/www/var/ports/common-pkgs nullfs ro 0 0
/jails/forge/var/ports/www.pkg /jails/www/var/ports/packages nullfs ro 0 0

and mount these new mount points (from the host of course).

Then I enter the www jail and

www# pkg_add /var/ports/common-pkgs/All/zsh-X.Y.tbz

With this hierarchy :

-I can build common packages for all my jails using the PACKAGES environment variable.

(export PACKAGES=/var/ports/common-pkgs or setenv PACKAGES /var/ports/common-pkgs from the forge jail depending your shell type)

-When i need some special build option for a port (make config) only for one jail, or specific packages for specific jail, I use export PACKAGES=/var/ports/`myjailname` or setenv PACKAGES /var/ports/`myjailname`

-As every built packages has its version number in its name, I can update the port tree, build newer versions of packages and roll back to previous version if any package upgrade fails.

-All packages are centralized, that makes packages backups simpler.

This is a very basic a typical way to do this but I hope this can help you.


Michael "sidh" Henneton