Hazimil
Contributor
- Joined
- May 26, 2014
- Messages
- 172
A discussion (hopefully) regarding Jail creation and their dependencies upon releases (especially when upgrading Jails).
When you create a Jail, whether from the CLI or via the GUI, the Jail is created as a Clone of the release you specify. The benefit of this is that it only uses a small amount of space, preserving only the changing data, however I have since found that this does lead to problem later on if you have upgraded to a later release.
The way the default (Clone) Jail works, is that as it only preserves the changing data (like a snapshot), it leaves a dependency behind for the creation base release and all base releases upgraded to, for example:
On my server (FreeNAS v11.3-U1), I have three Jails (
As all my Jails have been upgraded to the FreeBSD v11.3 release, I thought it be useful to delete the old releases, as they are not needed (or so I thought), and to save space. The current list of base releases (
So I went ahead and tried to delete an old release, using the command
This led to some head scratching, and a trip to Google for help! I found the iocage documents regarding Jail creation, and this is where I found out about the fact Jails are created as a Clone by default. Further research led me to the GitHub pages for iocage, where I found the following:
The conclusion is that if we plan to just upgrade our Jails when new releases come out, then its best to create Jails as a Base Jail or Thick Jail, as this leaves no dependencies on old base releases. However, I cannot see an option for this within the GUI, also, I couldn't find if there was a way to convert a Clone Jail into a Base Jail or Thick Jail, otherwise we are going to have to delete and recreate our Jails via the CLI with the
Questions:
Jonathan
When you create a Jail, whether from the CLI or via the GUI, the Jail is created as a Clone of the release you specify. The benefit of this is that it only uses a small amount of space, preserving only the changing data, however I have since found that this does lead to problem later on if you have upgraded to a later release.
The way the default (Clone) Jail works, is that as it only preserves the changing data (like a snapshot), it leaves a dependency behind for the creation base release and all base releases upgraded to, for example:
On my server (FreeNAS v11.3-U1), I have three Jails (
iocage list
), Syncthing has been upgraded from FreeBSD v11.1 to FreeBSD v11.3, and ClamAV/PlexMS have been upgraded from FreeBSD v11.2 to FreeBSD v11.3:Code:
root@fruitbowl:~ # iocage list +-----+-----------+-------+--------------+------------------+ | JID | NAME | STATE | RELEASE | IP4 | +=====+===========+=======+==============+==================+ | 18 | ClamAV | up | 11.3-RELEASE | 192.168.0.105/24 | +-----+-----------+-------+--------------+------------------+ | 11 | PlexMS | up | 11.3-RELEASE | 192.168.0.103/24 | +-----+-----------+-------+--------------+------------------+ | 12 | Syncthing | up | 11.3-RELEASE | 192.168.0.106/24 | +-----+-----------+-------+--------------+------------------+
As all my Jails have been upgraded to the FreeBSD v11.3 release, I thought it be useful to delete the old releases, as they are not needed (or so I thought), and to save space. The current list of base releases (
iocage list -r
) on my server is:Code:
root@fruitbowl:~ # iocage list -r +---------------+ | Bases fetched | +===============+ | 11.1-RELEASE | +---------------+ | 11.2-RELEASE | +---------------+ | 11.3-RELEASE | +---------------+
So I went ahead and tried to delete an old release, using the command
iocage destroy -d -r 11.1-RELEASE
, and after confirming the "Are you sure?" prompt, I got the following result:Code:
root@fruitbowl:~ # iocage destroy -d -r 11.1-RELEASE This will destroy RELEASE: 11.1-RELEASE Are you sure? [y/N]: y 11.1-RELEASE has dependent jails (who may also have dependents), use --recursive to destroy: Syncthing auto-20200319.0000-2w auto-20200319.0000-2w
This led to some head scratching, and a trip to Google for help! I found the iocage documents regarding Jail creation, and this is where I found out about the fact Jails are created as a Clone by default. Further research led me to the GitHub pages for iocage, where I found the following:
Because of the use of zfs clone, in long term this can cause disk space lost and a mess with snapshots dependencies; in this link you can read about the possible related problem of using clones for basejails in more technical detail. Initially, clones can be "cheap" but in long term, moreover after a release upgrade, we can start to loose a lot disk space if we have a lot of jails.
Clones were really chosen for speed. The divergence for clone jail basejails should be minimal, really conf files and whatever you install. Since they switch bases. But it's not intuitive that these things would be applicable to them on upgrade (IE: Destroying an old RELEASE).
By default, jails are created as "Clone jails"; they take up less space initially but you will be stuck with a dependency on the "release". If you do not want this, you can create your jail as a "Base jail" or a "Thick jail".
The conclusion is that if we plan to just upgrade our Jails when new releases come out, then its best to create Jails as a Base Jail or Thick Jail, as this leaves no dependencies on old base releases. However, I cannot see an option for this within the GUI, also, I couldn't find if there was a way to convert a Clone Jail into a Base Jail or Thick Jail, otherwise we are going to have to delete and recreate our Jails via the CLI with the
iocage create -r [RELEASE] -b
or iocage create -r [RELEASE] -T
commands.Questions:
- What do people think of this?
- Should I do a feature request for Clone/Base/Thick Jail types in the GUI?
- Does anyone know if we can convert a Clone Jail into a Base Jail or Thick Jail?
- Whats the best way forward, Clone Jail, Base Jail or Thick Jail?
Jonathan