iocage Shared IP jails and TrueNAS GUI weirdness

TomWaller

TomWaller

Dabbler
Joined
Aug 15, 2013
Messages
24
This is somewhat related to my previous post here:

Can't get my head around jail and plugin networking.

Hey all. I have a TrueNAS server with 4 gigabit NICs in a lagg (lagg0). I use LACP, untagged trunk for native VLAN. This works. I also have two additional VLANs, 20 and 50. They are tagged and configured on the switch. I've configured the interfaces in TrueNAS like this: Physical ports ->...
www.truenas.com www.truenas.com

Shared IP jails don’t seem to work through the GUI in TrueNAS. I can manually create jails with the same IP address on a secondary interface (Bridge associated with a VLAN) but for some reason when trying to configure this through the GUI I get an error stating the IP address is already in use in the system.

Is this a known issue with TrueNAS?

I’ve seen lots of advice on here about using VNET, but according to the iocage documentation, VNET is marked experimental, and Shared IP is the recommended approach.

Is anyone able to shed some light on this?
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
OMG ... nothing experimental about VNET. I run a data center of 100 servers with roughly 1000 VNET jails total.
 
TomWaller

TomWaller

Dabbler
Joined
Aug 15, 2013
Messages
24
Patrick M. Hausen said:
OMG ... nothing experimental about VNET. I run a data center of 100 servers with roughly 1000 VNET jails total.
Click to expand...
Curious isn’t it. Seen loads of mention of VNET everywhere else, just not the official docs.

Don’t suppose you ran any Shared IP configs and can provide any advice on my setup could you? Really struggling to resolve this.
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
The point of VNET is to give each jail its own IP stack. So that's what we run. And why we specifically picked jails as the platform for our hosting product.

Observations:
  • the iocage project is somewhat stalled
  • this includes its documentation which is terribly outdated
  • there was a fork/rewrite (libioc) that isn't seeing much activity, either
  • iXsystems maintain their own fork of iocage to supply jail functionality in TrueNAS
  • these two versions might have diverged or might do so in the future - I honestly don't know
  • most people I know who run jails on plain FreeBSD (like us) are either using no jail manager at all (the base system can fundamentally do everything) or actively looking into more modern and maintained projects like Bastille
  • that does not change the situation for TrueNAS and I doubt iXsystems is planning to change that as long as their version of iocage works for them
  • I do expect some minor improvements in networking in 13.0-U1 or -U2 - see this issue.
Most advice I give on this forum is founded in a very solid understanding of how jails (specifically VNET ones) work on plain FreeBSD plus hours of tinkering with my own TrueNAS CORE. We do not use TrueNAS to run jails @work. But we do use the "official" version of iocage for now.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "iocage Shared IP jails and TrueNAS GUI weirdness"

Similar threads

B
  • Locked
Network problem with iocage jails
Replies
15
Views
5K
nojohnny101
nojohnny101
ewhac
  • Locked
iocage: To VNET or Not To VNET
Replies
2
Views
2K
ewhac
ewhac
L
"pkg" problem when trying to install jail plugin
2
Replies
33
Views
5K
Patrick M. Hausen
Patrick M. Hausen
A
SOLVED Basejail networking does not work with VNET and BPF
Replies
16
Views
2K
Arun Gupta
A
Junicast
Jail Networking issue in 12.0 Beta 2.1
Replies
3
Views
2K
Junicast
Junicast
Top