# Jail management tools



## Deleted member 63539 (Aug 10, 2020)

I tried ezjail as the handbook recommended. But very soon later I realized it's not the thing I needed. I need an actual jail management tool. ezjail seems to try to simulate Solaris's sparse zone with nullfs.


----------



## kpedersen (Aug 10, 2020)

The `jail` command is a jail management tool. Have you tried that? Otherwise for an easier user experience there is iocage.

There is also a tool that one of our other members has made that gives the "Docker-like" experience that some Linux-users crave.

However I don't recall its name. I think it begins with an 'F'.


----------



## Zvoni (Aug 10, 2020)

kpedersen said:


> The `jail` command is a jail management tool. Have you tried that? Otherwise for an easier user experience there is iocage.
> 
> There is also a tool that one of our other members has made that gives the "Docker-like" experience that some Linux-users crave.
> 
> However I don't recall its name. I think it begins with an 'F'.


Focker?
sysutils/py-focker


----------



## rootbert (Aug 10, 2020)

my tipp: go with the native tools from the basesystem (jls, jail, jexec, mount_nullfs ...), avoid iocage etc.


----------



## SKull (Aug 10, 2020)

rootbert said:


> my tipp: go with the native tools from the basesystem (jls, jail, jexec, mount_nullfs ...), avoid iocage etc.


I've never encountered any problems with iocage. I decided to go with that mostly because of MWL's book on the matter,

But sure, the tools that come with the base system are perfectly fine.


----------



## Mjölnir (Aug 10, 2020)

Soon to come: wiki page about Container Orchestration in FreeBSD.  What's missing there is sysutils/cbsd, the foundation of ClonOS.


----------



## shkhln (Aug 10, 2020)

mjollnir said:


> What's missing there



Believe me, that's not the software you want to use if you know what you are doing.


----------



## Deleted member 63539 (Aug 11, 2020)

Zvoni said:


> Focker?
> sysutils/py-focker



I don't like the name focker at all. Why did they choose such a name? docker sound reasonable but focker isn't. I will not surprise if someday they will be attacked by the SJWs.


----------



## Deleted member 63539 (Aug 11, 2020)

SKull said:


> I've never encountered any problems with iocage. I decided to go with that mostly because of MWL's book on the matter,
> 
> But sure, the tools that come with the base system are perfectly fine.


Someone sent me a tutorial for iocage. It seemed to utilize VNET and newer FreeBSD version. I'm on 11.4-p1 so I think it's not for me.






						Create VNET Jails in FreeBSD 12 Using iocage • Chris Cammack's Mostly FreeBSD Notes
					

FreeBSD 12 enables VNET support by default, which gives each jail its own network stack and makes it easy to jail individual applications using iocage.




					www.ccammack.com


----------



## Deleted member 63539 (Aug 11, 2020)

rootbert said:


> my tipp: go with the native tools from the basesystem (jls, jail, jexec, mount_nullfs ...), avoid iocage etc.


I'm finding wrappers around these tools to make my life easier. But I'm fine with the native tools, though.


----------



## Deleted member 63539 (Aug 11, 2020)

After all of your answers, I think I would not back to use ezjail but stick with the native tools. A bit more laboring, but I don't have much jails, so it's not really a problem for me. I'm very bad at shell scripting so I can't create a tool myself to automate the job. This is the reason why I seek for someone's solution before I actually try. Perhaps if the number of jails of mine increase, I would learn shell script to create an automation tool myself. But not now.


----------



## Hakaba (Aug 11, 2020)

I use native jail on my servers and play with bastille.
Focker is a no go for me because of py.
I recommand to use native jail command as there is strong support and you learn something stable.
Ezjail, iocage and others tools become deprecated and if you do not experiment native jails, you can miss some concept to made a transition to an another tool.


----------



## SKull (Aug 11, 2020)

gh_origin said:


> Someone sent me a tutorial for iocage. It seemed to utilize VNET and newer FreeBSD version. I'm on 11.4-p1 so I think it's not for me.
> 
> 
> 
> ...


Just a basic tip to make your life easier: don't turn to random tutorials, always read the actual documentation first.
Because
A) those tutorials are mostly personal notes filled with half truths
And B) if the official documentation sucks, you probably don't want to use that software anyhow. 

I run iocage without vnet just fine.


----------



## ccammack (Aug 11, 2020)

rootbert said:


> my tipp: go with the native tools from the basesystem (jls, jail, jexec, mount_nullfs ...), avoid iocage etc.


I think it depends on what OP wants. If he's a _user_ who just wants to jail some applications and is willing to accept the prerequisites (ZFS, python), `iocage` is an excellent choice that hides the low-level details. If he needs to understand the low-level details, that's a different matter. The Jails book by Lucas was very helpful to me and I'm glad he included a section on `iocage`.


----------

