# Help upgrading by use of jails?



## Chris_H (Mar 20, 2015)

OK I track RELENG_9, and -CURRENT (11).
My procedure for updating my local servers has been using bare metal; I built a box out of spares, and simply preform fresh installs, followed by a build/install world/kernel. When/If all is well, I simply drop to single-user, and perform a dump(8). Which I can simply restore(8) on the other boxes. This has worked pretty well for me, for a couple years, now. But it still requires me to do the ports-mgmt/portmaster dance, or build ports fresh, from a ports list.

As it is now, I'm now maintaining greater than 50 ports. So I think I'd do well to revise my strategy, and I think jail(8)s might be the best solution. Not only for world/kernel, but for ports, as well.

Which brings me to my question;
I've looked at, and tried ports-mgmt/poudriere, but it's just not my cup of tea. It doesn't work the way I do, nor bend to my needs (easily). I see sysutils/ezjail is quite popular, and I can imagine why. But given I'm not _real_ familiar with utilizing jail(8)s on FreeBSD. I'd like to start from start. So I can get a keen understanding on doing it the FreeBSD way. That said;

What would be the best setup to accomplish creating a jail, or jails to simply be a world/kernel builder, and maybe also, a port/package maker?

This is what I imagine so far:

I have a 1 TB drive dedicated for all this, mount(8)ed as
/1tb

build/install world/kernel on the host box
followed by:

```
mkdir -p /1tb/jails/`uname -rK | sed s/\ /\-/g`
cd /usr/src
make installworld -DESTDIR=/1tb/jails/`uname -rK | sed s/\ /\-/g`
make installkernel -DESTDIR=/1tb/jails/`uname -rK | sed s/\ /\-/g`
cd /
cp -Rp /usr/src /1tb/jails/`uname -rK | sed s/\ /\-/g`/usr/src
cp -Rp /usr/ports /1tb/jails/`uname -rK | sed s/\ /\-/g`/usr/ports
mount -t devfs devfs /1tb/jails/`uname -rK | sed s/\ /\-/g`/dev
```

I'll need to disable most of the services listed in the jails /etc/rc.conf. But I'm not sure the _ideal_ setup. They won't need much, except the ability to svn(1) up src, and ports.

Speaking of /etc/rc.conf, I'll need to enable jails on the host. Will the following get it?


```
jail_enable="YES"  # Set to NO to disable starting of any jails
jail_list="The Output of `uname -rK | sed s/\ /\-/g`"
```

According to jail.conf(5), /etc/jail.conf should look like:

```
`uname -rK | sed s/\ /\-/g` { # something like: 9.3-STABLE-903504
  path = /1tb/jails/`uname -rK | sed s/\ /\-/g`;
  mount.devfs;
  host.hostname = localhost;
  ip4.addr = xxx.xxx.xxx.xxx;
  interface = nfe0;
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";
}
```
As to the host.hostname, and ip4.address;
will simply _inventing_ a hostname, and listing it in hosts(5) (/etc/hosts), assigning 127.0.0.2 as ip4.address, be adequate?

Will all this work? Any critique, or advice would be *greatly* appreciated.

Thank you!

--Chris


----------



## getopt (Mar 27, 2015)

I do use both Poudriere and Ezjail, but I don't really get your point.
Managing 50 ports is almost nothing. But on how many boxes do you need to deploy? 

Poudriere is great for building and deploying ports, I did never regret having set it up. It's fun doing this and setting up a local webserver (i.E Nginx) for the repository. So I came to a local wiki running on that too. 

A jail for doing buildworld and kernels is needed only if you want to crossbuild for different archs. The clients nfs-mount the builds and install it. If you do not need to build for other archs you do not need a jail (jails need maintenance too).


----------



## kpa (Mar 28, 2015)

Poudriere is not even designed to do what you want which is building world and kernel in a jail for installing them on a real host or in another jail. All it can do is to create a jails for just ports building and it's limited to doing just that.


----------



## Chris_H (Mar 29, 2015)

Thanks for the replies, getopt, kpa.
As to ports-mgmt/poudriere, and sysutils/ezjail; I don't want the abstraction, nor the need to follow the rules that they impose _beyond_ that of a jail(8).
@ getopt:
I maintain the the _entire_ ports(7) tree. I am _Maintainer_ for 50 ports(7) (and counting). The jail(8)(s) will be built for deployment, as well as for the testing, and the maintaining of the ports(7) I Maintain.
@ All;
In short; I want to _learn_ to build a jail(7) from scratch, for these purposes. When attempting to do so. I was still left with a couple of questions. Which I attempted to articulate, above.
More specifically; with setting up the _network_. The box I use has a front-facing network (inet) address (routable internet address), and the jail(7)s will still need to access the internet _soley_ for the purposes of obtaining src, && ports trees.

Thanks again getopt, and kpa, for taking the time to reply.

--Chris


----------



## sidetone (Mar 29, 2015)

Plain jail(7) was complicated and difficult to get the same configuration consistently to me. Perhaps scripts will help you maintain repeatability (getting the same configuration and results consistently) there.

There is a small chapter in the book 'Network Administration with FreeBSD 7' about jails(7). It doesn't have anything on sysutils/ezjail, but I used if for that purpose. There aren't many newer FreeBSD books out there.

Jail uses `setenv D`, `chroot`, mounting the jail's devfs. `sockstat -4l` can help find which ip addresses to link to the jail.

If your rc.conf "jail_list" description is equal to: 
	
	



```
jail_list="<jail1> <jail2>"
```
 then that looks right. This book is older so what else it has in rc.conf, relates to what you have in jail.conf:
Here are two configurations related from that book that are different from your configuration, 
	
	



```
jail_<jail1>_rootdir="" #your setup example used "path"
jail_<jail1>_devfs_enable="YES"
```
; it also has other filesystems mounted. There are a few other details about jails in that book, mostly about jail access to services, devices, and the network.



Chris_H said:


> As to the host.hostname, and ip4.address; will simply _inventing_ a hostname, and listing it in hosts(5) (/etc/hosts), assigning 127.0.0.2 as ip4.address, be adequate?


 The jail's host along with other internet settings are set up through the jail's hosts file. Jail ips need an alias set up through the basesystem's rc.conf, or there is possibly some configuration through jail.conf.

I wonder how good ports-mgmt/pkg_jail, sysutils/bsdploy, sysutils/jail-primer, or sysutils/warden (on FreeBSD rather than DesktopBSD) are.


----------

