For anyone else wanting to do something like this, most of Poudriere is written in shell script, including the jail creation part.
That said, I’m looking forward to a more mature runj. The containerd port for FreeBSD works nicely with the ZFS snapshotter. It can use runj to manage jails, but there are still a lot of missing features. In the containerd model, each container is built from a set of deltas applied to an empty filesystem, with snapshots for the result of applying each layer. This is a really nice model for ZFS and jails and there’s a lot of other stuff that can be layered nicely on top of OCI containers and containerd that the FreeBSD jails ecosystem ends up trying to reproduce with far fewer people. I’d love to rewrite Poudriere on top of containerd, which would also allow using it on Windows / Linux with Hyper-V/kvm back ends managing FreeBSD VMs, in addition to using it on FreeBSD with jails.
I’ve slowly been migrating toward managing all my home lab towards this same method. It’s amazing how simple and power the jails system is once you get into the basic setup. If you ever you just want to get up an running I’ve also found https://cbsd.io/ to be a really nice way to manage jails.
There’s also pot, which now has a small ecosystem of off-the-shelf recipes for building jails.
I keep meaning to spend some time with pot. The integration with nomad as a orchestrator opens a lot of use cases for the jails system.
Klara systems just released a blog entry describing this, I’ve
submitted a link here at lobste.rs:
I’ve been using iocage to automate some of the tedium, but wow cbsd looks pretty nice—and it works with bhyve as well (which I’ve previously been handling manually). I might look at migrating.
I’ve been meaning to create an ansible role (as it’s the only
automation tool I’m comfortable with) for iocage but have been
postponing it for a long time. How did you automate iocage in
Oh, sorry, I could have been clearer. I didn’t automate iocage. I just meant that I’m using iocage rather than manually setting up jails, as it handles some of the repetitive and tedious tasks of doing so. I’ve considered using ansible as well, but to be honest, if I were to go down that route, I think I’d prefer to ditch iocage and set up ansible roles for jails directly rather than adding yet another layer of abstraction.
In any case, I’m planning on upgrading the main machine in my homelab sometime this year, and I’m not yet 100% decided on whether I’ll stick with FreeBSD. I’m currently looking at Fedora CoreOS or possibly even SmartOS.