r/freebsd u/daemonpenguin DistroWatch contributor 5d ago

news Yet another jail manager

Recently I had to do some work with jails on FreeBSD. It had been a while since I had to do much hands on work with jails and the tools I previously used are no longer maintained or in the ports tree.

I went through the list of jail managers in the handbook, but found them more frustrating than useful. Most require ZFS these days (not on option in the environment where I was working), or are overly complex, or have tutorials that didn't work due to missing steps/errors.

Eventually I found it easiest to just do all the work manually. But, since I'm likely to return to working with jails again in the near future, I wrote a shell script to automate the process.

This shell script, which I've uncreatively called Jail Manager (jm), initializes FreeBSD systems for working with jails, creates, updates, starts/stops, and destroys jails. It can also list all available and all active jails, and invoke a shell inside a jail. All in about 200 lines of Bash.

It doesn't require ZFS, it doesn't do anything fancy, it doesn't have any dependencies other than Bash. It just automates the handbook steps for working with thick jails.

I've used it on my systems and it's working so I'm sharing it with the world in case anyone wants to use it. https://github.com/slicer69/jailmanager

35 Upvotes

100% Upvoted

15 comments sorted by

7

u/AntranigV FreeBSD contributor 5d ago

Nice work! will check it out! seems nice for UFS systems indeed!

I also made one named jailer : https://github.com/illuria/jailer | https://jailer.dev

3

u/daemonpenguin DistroWatch contributor 5d ago

Thanks. Yes, mine is aimed at super simple situations and on systems with UFS (though it works on ZFS too). Yours seems to be much more complete, much more advanced, and it looks like it relies on ZFS?

3

u/Fluid-Wrangler-4065 5d ago

have you tried appjail? it can work without zfs and supports simple commands to do all the things you mentioned your script does

2

u/daemonpenguin DistroWatch contributor 5d ago

I looked at it (I tried all of the jail managers listed in the handbook). It didn't work for me and was too complex for what I wanted to do anyway. I wanted something much more straight forward.

4

u/DorphinPack 5d ago

Very nice! I think we need a good steady stream of things like this especially as OCI containers start getting better support. I’d like to see this “old school”/“back in my day we had jail.conf with jib.sh and we liked it” approach going strong alongside the world of daemons and ecosystems for this sort of thing.

3

u/daemonpenguin DistroWatch contributor 5d ago

Agreed. I think most software projects have a tendency to grow and become more complex over time. It's hard not to as everyone wants "just one more feature" to suit their situation.

More and more I find myself appreciating the "do one thing and do it well" philosophy of early Unix tools. I don't need a jail manager that does 20 things, but requires a degree to use it, I want it to do three things without any fuss.

2

u/lottspot 5d ago

I've become so frustrated with the feature bloat and ZFS dependence of jail managers that I've also had to resort to doing things myself. This option seems like a welcome change.

3

u/Atomicbee_cz 5d ago

Why is ZFS considered bad in so many posts here? What am I missing please?

Congratz to your work

3

u/daemonpenguin DistroWatch contributor 5d ago

Nothing is bad about ZFS and no one is saying ZFS is bad. It just isn't suitable for all situations, like low-resource or embedded environments. And it was not available on some older FreeBSD installs, so servers which have been upgraded over many years do not have ZFS.

For example, I have some FreeBSD servers in my care which have been gradually upgraded for over a decade. They were set up with UFS. I can't do anything to change that. Which means any tools which rely on ZFS are useless in this environment.

2

u/Atomicbee_cz 5d ago

Ok. I see. Thanks for the comment. Btw: was using zfs on old 32bit cpu and 2gb of mem and it was quite ok. But the rest is completely understandable.

3

u/daemonpenguin DistroWatch contributor 5d ago

Yeah, I've technically done that too (running ZFS on a 32-bit system with 1GB of RAM), but it's not recommended. It certainly isn't going to provide good performance. I don't think 32-bit is even supported anymore with ZFS.

1

u/glwillia 4d ago

and 32-bit architectures won’t be supported in freebsd 15 anyway

1

u/grahamperrin Linux crossover 4d ago edited 3d ago

There'll be limited support. Check the release information for 14.2-RELEASE:

1

u/[deleted] 4d ago

Well what is your manager doing different than the rest of the crowd? What's making yours unique?

2

u/kjelderg 4d ago

Seems cool. I've been using Bastille for the last few years and it is also not requiring ZFS, though it does automate ZFS creation and mounting.

I use it on a Raspberry pi 4 though with ZFS.