Jurgen Segaert
Guru
- Joined
- Jul 10, 2016
- Messages
- 521
I feel your pain...
We have perfectly fine working jails. We don't have pre-packaged maintained and upgradeable plugins. Just install in standard jails and you are good.I don't want to be bitter but seeing comments like https://github.com/iocage/iocage/issues/1289#issuecomment-1273455731 make me feel that we are fighting a rear guard holding action and sacrificing our time for a corp that is happy to take that free effort without telling us that the reward we expect (a functioning NAS with working jails) is being left to run into the ice burg while they chase a new shinny boat.
That comment was saying that iX has stopped working on iocage and it is drifting without anyone to issue a new release. Without iocage being maintained we won't have standard jails forever...We have perfectly fine working jails. We don't have pre-packaged maintained and upgradeable plugins. Just install in standard jails and you are good.
That comment was saying that iX has stopped working on iocage and it is drifting without anyone to issue a new release. Without iocage being maintained we won't have standard jails forever...
Iocage and jails are solid and supported within TrueNAS. If you have any specific major issues, please document them.
The challenge we have is maintaining a wide range of plugins. The kubernetes/docker approach is better for pre-packaged Apps. The vast majority of application developers are embracing linux containers. There is a need to be technically and economically pragmatic to support both existing and new users.
We love jails; we are not arguing that linux containers are superior.....but they are more popular.
Ansible's something I haven't generally paid a lot of attention to, but probably should. I had to deal with it recently in setting up a self-hosted Matrix server (https://github.com/spantaleev/matrix-docker-ansible-deploy), and I have to admit it was pretty slick.I guess I could start to create and publish some Ansible playbooks to set up application X in a jail. Hmmm ...
There are outstanding security pull requests and feature pull requests that haven't been moved on in two years: https://github.com/iocage/iocage/pulls I don't think you can say that it is solid and supported with no action after that much time.
I do think that putting some community members in the seat to approve community plug-in repo might really help as one of the biggest barriers right now is how slow iX has been in approving changes to community plugins.
The second thing that would take some effort from iX but would make plug-ins on CORE a lot better is to fix how long it takes for accepted changes to the community repo to be accessed in TrueNAS. Right now it only happens when there is a patch for TrueNAS and that isn't frequent enough to handle breaking issues in plug-ins.
Not precisely a bug but a major design flaw. We should somehow abandon automatic creation of bridge interfaces and refuse to create a bridged VNET jail unless the user manually created a bridge IF first. At least that's the simplest way to fix the problem. The problem is that you MUST NOT have a bridge member interface with an IP address.Let's discuss iocage first..... its a complex situation.
Iocage was developed by a FreeBSD developer who owns the repo
iXsystems liked the project and hired him to integrate it into FreeNAS/CORE - it worked well.
The developer later left for a more lucrative job in a big Linux company (Commercial success is critical for retaining talent)
The official iocage project stopped and is still owned by the developer.
TrueNAS uses a fork of the Iocage project and has maintained it it with any necessary bug fixes.
Changing from iocage to another jail manager is a major project which would be disruptive to existing CORE users.
The departure of the Iocage developer and the lack of community support for the project was one of the reasons for IX to decide that we should embrace Linux and the Container ecosystem. (If you can't beat them , join them.)
So, our recommendation is that we focus on any bugs in iocage that are really impacting CORE and its jail users. If there are impactful bugs, we intend to fix them. If there are any bugs, please identify them with their Jira ticket numbers and we can prioritize.
Ironically, we are being criticized for not automatically creating a bridge in the SCALE discussions.Not precisely a bug but a major design flaw. We should somehow abandon automatic creation of bridge interfaces and refuse to create a bridged VNET jail unless the user manually created a bridge IF first. At least that's the simplest way to fix the problem. The problem is that you MUST NOT have a bridge member interface with an IP address.