Comments (14)
Another approach would be to use unionfs to create a diff between a release and modifications a user makes on a template. I think this was support on iocage-legacy. This would enable to ability to apply security updates to templates by just updating the release. @skarekrow could you comment on why the unionfs approach was ditched?
from libioc.
@skarekrow is the patch unstable, or unionfs?
from libioc.
@igalic unionfs. The warnings are legit. It really will eat your cat.
from libioc.
They're not a hard concept really. You set up a jail how you would like it, and mark it as a template. Then you create from that template instead of a RELEASE.
That I believe is already intuitive, performant and convenient.
I believe that simply setting a jail to readonly
and changing it's type should be enough to distinguish these from jails. Alternatively since it's slightly redundant to clone jails, we can just drop templates and have users clone.
from libioc.
yeah, i was thinking of implementing the concept of templates in puppet-jail even if there was no hard distinguished feature.
HOWEVER, it's much much easier — for management purposes to distinguish templates, if the type
is actually template
.
from libioc.
I agree, so my suggestion is:
type = template
readonly = on
That should be all that's needed to distinguish a template. We have legacy users using POOL/iocage/templates
but they could easily be moved to this system when they choose by setting templates=no
and back to yes
.
from libioc.
you wouldn't move those jails on iocage upgrade?
from libioc.
Why would they be moved on upgrade? That's for jails, not templates. Templates should be immutable. So that means no starting, or modifying them in anyway.
Upgrade shouldn't change the structure of the filesystem outside the jail, that's way out of scope.
from libioc.
what does that mean if i want to upgrade all the jails derived from a certain template?
If they were NullFS based, it could mean:
- destroy template
- rebuild template from new RELEASE
- reinstall needed packages
- …
- set
type = template
&readonly = on
and now, we can reboot our jails, and they'll be up-to-date.
Does this make sense?
from libioc.
No that doesn't make sense.
You don't need to destroy the template, you simply set template
to no
. Then it's a jail you can change, and when you're happy set it back to yes
. Instead of requiring the user to set both of those properties, that one will handle that internally. The current structure of templates mean that once created from them, the jail inherits nothing else from that template.
Destroying the template means destroying the jails, as they are children of that template.
From ZFS's viewpoint they are forever linked. Unless you're suggesting some nullfs approach to templates, but that is not currently how it's done. Templates for all intents and purposes serve the same role as RELEASE, except they have modifications. The reason being they could just be meant as an initial seed, that is then modified for each jail.
from libioc.
@foo2342 It is an abandoned patch afaik. And that meant it was incredibly unstable with any workload i put on it. I tried to figure out some way to keep it but in the end had to leave it.
from libioc.
I tried using unionfs with ZFS underneath and got reproducible kernel panics. I think whiteout support is incomplete. It's a shame, because that would be amazing. It just needs a little more work.
from libioc.
@rwestlund that should not prevent us from implementing it. Who should fix it if nobody uses UnionFS? 😼
We only need UnionFS while changing a template. This could be even done on a virtual host. As long as UnionFS is not known to corrupt data, I'd like to spike on the feature.
from libioc.
We already have a dependency on rsync. We can use it to achieve the same behavior by using rsync --compare-dest
:
RELEASE_DIR=/iocage/release/11.1-RELEASE/root
TEMPLATE_JAIL_DIR=/tmp/11.1-RELEASE-clone/root
TARGET_DIR=/iocage/template/my-template
rsync --compare-dest=$RELEASE_DIR $TEMPLATE_JAIL_DIR $TARGET_DIR
Found here: https://serverfault.com/a/508272
from libioc.
Related Issues (20)
- Exporting ZFS basejails includes basejail datasets
- provisioning does not cleanup mounted resources HOT 1
- ioc pkg no longer works HOT 2
- `ioc destroy -f` should call `ioc stop -f` HOT 3
- DHCP no longer works HOT 3
- Disable sendmail, for real please
- Symlink race condition
- Broken create Jail with net address already available on host HOT 3
- FreeBSD package names can contain dots
- Exporting jails fails with AbsolutePath error
- Unable to build under 12.1-p2 (python3.7)
- ZFS root dataset is not mounted HOT 1
- METADATA is incomplete
- Missing files in sdist
- how to (remember to) reload /etc/pf.conf when (re)starting a jail HOT 3
- fdescfs is no longer necessary HOT 1
- libioc's pkg feature can conflict badly with its provisioning feature HOT 1
- Network's __create_new_epair_interface function parameter nic_suffix_b is ignored
- Export without fstab fails
- EOL Warnings fail download on FreeBSD 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libioc.