Separate Linux container?

[danb35]

It's not a very good thread title, but I'm not sure how to better phrase it. I'm continuing to look into migrating from CORE to SCALE, and the major question is migrating jails. I get that it's a manual process, and I'm OK with that. Most of my jails are running things that are available as apps, either in the official repo or in Truecharts, so that seems straightforward enough. But in one of them, I'm running youtube-dl, periodically scraping a few YouTube channels I'd like to have local copies of. Is there a way of having an "app" in SCALE that's just a basic Linux system, into which I can install arbitrary software? Yes, I know about VMs, and I can use one of those if I need to--though it'd likely be on my Proxmox cluster rather than on my NAS. But it'd be nice to not have to deal with the networking/filesharing stuff for this.

 

[winnielinnie]

Use a custom "Jail" in SCALE? (Possible? Alternatives?)

Being less familiar with Docker/Kubernetes and containers, while having good results with Jails under TrueNAS Core, I'm curious if it's possible to do the following in SCALE: Have a standalone "from scratch" container with specific CLI tools, mount points, and the ability to SSH into such a...

www.truenas.com

Same boat as you. That's why I'm sticking with CORE for the indefinite future (unless I have a real reason to migrate that I haven't considered yet.)

 

[c77dk]

You might want to look into building a Docker image for that usage - when I tested SCALE I ran some small containers, to "dip the toes" on doing that on SCALE, and it worked fine, alongside stuff from TrueCharts

 

[danb35]

unless I have a real reason to migrate that I haven't considered yet.

Traefik and Ingress are looking really attractive to me, along with SCALE (but not CORE) supporting Cloudflare for DNS validation for Let's Encrypt (and features like that in SCALE, not showing up in CORE, have me thinking that iX is just leaving CORE to die on the vine)--that gives me the cert, reverse proxy, and TLS termination, all in the UI (along with, if desired, single sign-on and optional 2FA with Authelia). And the *arr suite are better supported under Linux than under BSD (as is Plex).

But it sounds like the trade-off is that there just really isn't anything quite comparable to a jail. There are workarounds, of course. I can set up a Debian LXC under Proxmox, and it seems to work, though it oddly terminates the tmux session when I log out of it. Or, of course, I can set up a VM. Both of those mean mounting the NAS storage via a file-sharing protocol, which I'd rather not mess with, but it's certainly do-able.

 

[morganL]

Traefik and Ingress are looking really attractive to me, along with SCALE (but not CORE) supporting Cloudflare for DNS validation for Let's Encrypt (and features like that in SCALE, not showing up in CORE, have me thinking that iX is just leaving CORE to die on the vine)--that gives me the cert, reverse proxy, and TLS termination, all in the UI (along with, if desired, single sign-on and optional 2FA with Authelia). And the *arr suite are better supported under Linux than under BSD (as is Plex).

But it sounds like the trade-off is that there just really isn't anything quite comparable to a jail. There are workarounds, of course. I can set up a Debian LXC under Proxmox, and it seems to work, though it oddly terminates the tmux session when I log out of it. Or, of course, I can set up a VM. Both of those mean mounting the NAS storage via a file-sharing protocol, which I'd rather not mess with, but it's certainly do-able.

TrueNAS CORE is not dying on the vine. We've just released TrueNAS 13.0 with a lot of major security and performance improvements. It is true that CORE/Enterprise will be be more storage focussed and that SCALE is more oriented to Linux apps (and scale-out).

CORE/Enterprise have a very large installed base.... so there is tendency to preserve the current way of doing things and focus on reliability and smooth updates. SCALE will have faster innovation.

 

[sretalla]

I would say that in answer to the original ask...

You can run a docker container like debian or ubuntu and just make sure that any of the paths that you care about are redirected outside the container, so won't matter when the container is redeployed.

 

[danb35]

TrueNAS CORE is not dying on the vine.

I hope this is true, but remain somewhat skeptical. Yes, you just released CORE 13--with at least one Corral-class showstopping bug. Over six weeks later, and it hasn't been fixed, nor has the release been pulled. And Kris' comments at that time sounded a lot like CORE was going to stagnate. The remarks here about "the major transition of TrueNAS from FreeBSD to Linux," well, don't do much to dispel that impression.

But what makes me more concerned is the treatment of even fairly minor feature requests. For example, in https://jira.ixsystems.com/browse/NAS-105082 I asked for a way to hide the half-dozen inactive network interfaces from my dashboard--over two years ago, under FreeNAS 11. The response was "we'll put it in SCALE." Great, but SCALE is a different product. Over two years, and two major releases, later, and it isn't in CORE.

Or https://jira.ixsystems.com/browse/NAS-104912, also over two years old, which asked for Cloudflare (and other) support in the ACME DNS authenticators. Once again, it's in SCALE, but not in CORE, and it doesn't look like there's any intention of putting it there.

I can somewhat understand not wanting to radically redesign the GUI in an Enterprise product (though it wouldn't be the first time--or even the second), but these represent minor changes that surely could have taken place over the course of two major releases. And the issue isn't so much that they weren't implemented (though obviously I wanted them, or I wouldn't have requested them), but that the feature requested for COREFreeNAS ("CORE" didn't even exist yet) was put into a different product. That makes CORE look very much like a second-class citizen. Examples could be multiplied, but I think this is enough to make the point.

 

[danb35]

You can run a docker container like debian or ubuntu and just make sure that any of the paths that you care about are redirected outside the container, so won't matter when the container is redeployed.

This is an interesting possibility--can you flesh it out a bit more? Would I need to build a container including (e.g.) Debian along with the other software I'm interested in? Or are you suggesting I install that in an external mount to the container?

 

[winnielinnie]

Hate to do this, but "ditto" to the post #7 above.

Another example:

https://jira.ixsystems.com/browse/NAS-115670

I don't understand the rationale for this bug to be fixed only in SCALE, but not Core? It's not a major change to the product, and it's an actual bug. Yet looking at the status, it appears a fix will only be implemented in SCALE.

The irony is, our reports are created after discovering it in Core (not SCALE). Yet it is the SCALE users will who reap the benefits.

---

Phrased another way, the Core-SCALE dichotomy is creating an uncomfortable dilemma. Stick with Core, because of its jails, but then miss out on fixed bugs and practical features that SCALE has garnered? Or ditch jails and figure out how to keep your workflow going with SCALE? (Reading posts about a tsunami of automatically generated snapshots populating the "ix-applications" dataset under SCALE also makes me nervous.)

Jails aren't as "sexy" as containers/kubernetes, but they sure are flexible and clean.

 

[morganL]

I hope this is true, but remain somewhat skeptical. Yes, you just released CORE 13--with at least one Corral-class showstopping bug. Over six weeks later, and it hasn't been fixed, nor has the release been pulled. And Kris' comments at that time sounded a lot like CORE was going to stagnate. The remarks here about "the major transition of TrueNAS from FreeBSD to Linux," well, don't do much to dispel that impression.

But what makes me more concerned is the treatment of even fairly minor feature requests. For example, in https://jira.ixsystems.com/browse/NAS-105082 I asked for a way to hide the half-dozen inactive network interfaces from my dashboard--over two years ago, under FreeNAS 11. The response was "we'll put it in SCALE." Great, but SCALE is a different product. Over two years, and two major releases, later, and it isn't in CORE.

Or https://jira.ixsystems.com/browse/NAS-104912, also over two years old, which asked for Cloudflare (and other) support in the ACME DNS authenticators. Once again, it's in SCALE, but not in CORE, and it doesn't look like there's any intention of putting it there.

I can somewhat understand not wanting to radically redesign the GUI in an Enterprise product (though it wouldn't be the first time--or even the second), but these represent minor changes that surely could have taken place over the course of two major releases. And the issue isn't so much that they weren't implemented (though obviously I wanted them, or I wouldn't have requested them), but that the feature requested for COREFreeNAS ("CORE" didn't even exist yet) was put into a different product. That makes CORE look very much like a second-class citizen. Examples could be multiplied, but I think this is enough to make the point.

TrueNAS 13.0-U1 will be out next week. Hopefully resolves some of these issues.
Just as an FYI.. the work on TrueNAS 13.0 has reduce reboot and failover times by > 95% for large systems. That work was done in 13.0 first because it impacted the installed base most.

TrueNAS 13.0 was a little rushed because of a security vulnerability. So some other improvements were skipped. I'll circle back with the team on the two issues you raised.

Please understand that the team has had to work double time to develop/support both CORE and SCALE.. so yes there are some limitations in short term, but we are confident it's the right long term decision for growth of TrueNAS.

 

[sretalla]

This is an interesting possibility--can you flesh it out a bit more? Would I need to build a container including (e.g.) Debian along with the other software I'm interested in? Or are you suggesting I install that in an external mount to the container?

sure...

I suggest just using the published container on docker hub called debian or ubuntu (https://hub.docker.com/_/debian https://hub.docker.com/_/ubuntu)

Then make sure that you're managing the Storage and persistence settings to capture the locations where the packages or other important stuff will go (maybe needing a little bit of side-by-side mounting like /etc/app1... you would mount something on the host first to /etc/tmp_app1 in the container, then copy over the contents of /etc/app1 to /etc/tmp_app1 then stop the container, change the mount to override /etc/app1... then all goes fine from there forward.

It might be painstaking work depending on how complex the stuff you need to run is, so you'll need to make the assessment if it's worth the effort, but it should allow for updates to the app and redeployments of the container... but need to be careful you're not casting too wide a net to catch system files that would otherwise be changed on a container update... like the whole of /etc for example...


The other alternative is you need to put together your dockerfile and build the image of the container you want to run... then rebuilding the image it when you want an app or OS upgrade in that container.

 

[noexpand]

You could give metube a try:

charts/charts/stable/metube at master · truecharts/charts

Community Helm Chart Repository. Contribute to truecharts/charts development by creating an account on GitHub.

github.com

 

[danb35]

You could give metube a try:

If I want a one-time download, sure. But it doesn't seem to support setting custom parameters, and (more importantly) I don't see any way to run downloads on a schedule using it.

 

[truecharts]

It's not a very good thread title, but I'm not sure how to better phrase it. I'm continuing to look into migrating from CORE to SCALE, and the major question is migrating jails. I get that it's a manual process, and I'm OK with that. Most of my jails are running things that are available as apps, either in the official repo or in Truecharts, so that seems straightforward enough. But in one of them, I'm running youtube-dl, periodically scraping a few YouTube channels I'd like to have local copies of. Is there a way of having an "app" in SCALE that's just a basic Linux system, into which I can install arbitrary software? Yes, I know about VMs, and I can use one of those if I need to--though it'd likely be on my Proxmox cluster rather than on my NAS. But it'd be nice to not have to deal with the networking/filesharing stuff for this.

We discussed this with @morganL before...
LXC/LXD containers are definately something people are interested in, it's just that developers and dev-time is limited and there are just so incredible many features that would really benefid the community as a whole :(

 

[morganL]

We discussed this with @morganL before...
LXC/LXD containers are definately something people are interested in, it's just that developers and dev-time is limited and there are just so incredible many features that would really benefid the community as a whole :(

It seems that there are several potential solutions:

1) Linux VM
2) docker app for youtube.dl (seems to be several)
3) TrueCharts app for youtube.dl (needs a developer)
4) TrueCharts Docker Compose app - then deploy youtube.dl app? (not sure if this makes it easier)
5) LXD/LXE development (active in Kubernetes, but not yet in TrueNAS) https://github.com/automaticserver/lxe#lxe

I'd suggest trying 2) and then working out any remaining issues. Has anyone tried the docker version?

 

[winnielinnie]

It seems that there are several potential solutions:

But it doesn't address the "one container, several uses" need, which can easily be accomplished with FreeBSD jails.

Hence this:

Is there a way of having an "app" in SCALE that's just a basic Linux system, into which I can install arbitrary software?

And this:

Use a custom "Jail" in SCALE? (Possible? Alternatives?)

Being less familiar with Docker/Kubernetes and containers, while having good results with Jails under TrueNAS Core, I'm curious if it's possible to do the following in SCALE: Have a standalone "from scratch" container with specific CLI tools, mount points, and the ability to SSH into such a...

www.truenas.com

Hoping to avoid the overhead of VMs for something that is currently a "lean" jail.

Here's a custom jail in which I installed an assortment of "Swiss army knife" software:

• wget
• curl
• aria2
• httrack
• yt-dlp (fork of youtube-dl)
• gallery-dl
• wayback_machine_downloader
• ffmpeg

With a single jail, I can convert and encode videos; scrape, download, and archive YouTube videos; retrieve snapshots and archives of historical websites; download torrents; download galleries and collections; and even do a combination of the above. All within a single lightweight lean jail.

 

[morganL]

But it doesn't address the "one container, several uses" need, which can easily be accomplished with FreeBSD jails.

Hence this:


And this:

Use a custom "Jail" in SCALE? (Possible? Alternatives?)

Being less familiar with Docker/Kubernetes and containers, while having good results with Jails under TrueNAS Core, I'm curious if it's possible to do the following in SCALE: Have a standalone "from scratch" container with specific CLI tools, mount points, and the ability to SSH into such a...

www.truenas.com

Hoping to avoid the overhead of VMs for something that is currently a "lean" jail.

Here's a custom jail in which I installed an assortment of "Swiss army knife" software:

• wget
• curl
• aria2
• httrack
• yt-dlp (fork of youtube-dl)
• gallery-dl
• wayback_machine_downloader
• ffmpeg

With a single jail, I can convert and encode videos; scrape, download, and archive YouTube videos; retrieve snapshots and archives of historical websites; download torrents; download galleries and collections; and even do a combination of the above. All within a single lightweight lean jail.

Understood... jails in FreeBSD are a very good capability.

Linux has dockerized applications and pods/helm charts which are also good but different. VMs are the alternative.

TrueNAS gives you a choice..... but its not both at this stage.

Is LXD/LXE the solution and how should it be prioritized?

 

[sretalla]

But it doesn't address the "one container, several uses" need, which can easily be accomplished with FreeBSD jails.

Actually Option 4 does... if you run portainer as the docker compose app.

 

[morganL]

Actually Option 4 does... if you run portainer as the docker compose app.

Interesting concept.... Portainer could be the App (with docker compose included). Any experience on how well this works?

 

[sretalla]

Interesting concept.... Portainer could be the App (with docker compose included). Any experience on how well this works?

I saw one report of it going well... conceptually it sounded good to me but I hadn't run the use-case yet.

Prompted by your question, I thought I should at least try it myself, since for the life of me I can't seem to find the post mentioning it works well.

So, what I did:

I made a directory and then a file inside it:
/mnt/tank/apps/portainer/docker-compose.yml
File contents like this:

Code:

services:
  webapp:
    image: portainer/portainer-ce
    ports:
      - "9000:9000"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"

Then launched the TrueCharts App, specifying the compose file location above, defaults for all other fields (except name... portainer).

Then connected to http://myTrueNASScale.ip:9000/

Bingo, portainer.

Then I launched an app from inside portainer... just picked NginX as a random app to try, publishing 443 to 50443 and pushed a host location to bind inside the container to /www just for fun.

Launched... then went to the console of the container, cd to /www and found that dir empty... put a file there from the host, and then ran ls again... file is there...

All looking good so far.

Seems I can arbitrarily launch apps at will (and maybe even use portainer's features to launch multiple docker compose files from there...).