Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Allan and Kris,
- When I set up my new FreeBSD 10.3 server, I decided to use jails to keep processes segregated for security as well as being able to easily start and stop multiple processes that are all part of the same overall service. I used iocage to make jail configuration and management easier, but I think I went about things the wrong way for my needs.
- At this point, I don't need different versions of FreeBSD in any of the jails, and I'd like to make it as easy as possible to keep the host system and the jails up-to-date -- both the base system and packages. I didn't fully understand how I should configure the jails when I first set them up, so I created them all with the default "thick" jail type. This seems to mean that they all have their own base file system, ports tree, etc., so they all have redundant files which should be able to be shared between jails. I currently have to update the base system in each, individually, which is a pain.
- In reading through iocage docs, it lists multiple jail types, but I'm confused about how my configuration should be in order to accomplish what I'm after.
- Do I need a single base jail and several thin (clone) jails to do this? Does this accomplish the goal of only needing to update the FreeBSD base once for all the jails? Any light you could shed on this would be very helpful.
- And one more jail-related question... what's the best way to configure the networking for this jail/system configuration? I've currently just got the jails assigned to aliases on the host's physical igb0 interface (in the same class C network). Should I use VNETs? NAT to a loopback interface? Something else...?
- Thanks,
- Matt
Add Comment
Please, Sign In to add comment
