Use a custom "Jail" in SCALE? (Possible? Alternatives?)

[winnielinnie]

Being less familiar with Docker/Kubernetes and containers, while having good results with Jails under TrueNAS Core, I'm curious if it's possible to do the following in SCALE:

Have a standalone "from scratch" container with specific CLI tools, mount points, and the ability to SSH into such a "container"; while being able to freely update the packages within.

In other words, I'm wondering if it's possible to re-create what I'm already doing with Core and a custom Jail. (See below.)


---


I have a "Swiss-army knife" Jail with the following CLI tools:

• wget
• curl
• aria2
• httrack
• yt-dlp (fork of youtube-dl)
• gallery-dl
• wayback_machine_downloader
• ffmpeg

There are mount points to different datasets (for different types of downloads / archives). I can also SSH into this Jail. I can also run "pkg" to update everything within.

With a single session (or using tmux), I can start archival downloads, download galleries, download videos, etc, and even use ffmpeg to encode if needed. It's very lightweight, and gets the job done.

However, this is due to the "vanilla" nature of Jails, in which you can essentially "build your own Jail" from a basic template. Updating a Jail's packages with "pkg" is straightforward.

I'm not sure if what I described above is feasible with Docker/Kubernetes? They seem to be dependent on premade containers, with their own repository and maintenance/update schedules.

Is there such a way to add a "vanilla" container, then install particular packages within, and then update them as you would any packages on a legitimate Linux system?

 

[LarsR]

I think what you want is achivable with LXC Container, but LXC is not supported on scale right now. There is a ticket in jira to add lxc support in future versions, but i dont know if the devs have it on a roadmap or it still needs more votes to be considered.

Edit:
on the German Wikipedia page for LXC Container it says they are comparable to FreeBSD-Jails.

 

[morganL]

Its possible from a VM.... but there are restrictions on any linux host changes (e.g apt get) within SCALE.

 

[winnielinnie]

Its possible from a VM

That would add overhead of which I am spared from with Core (i.e, FreeBSD-based jails). I've never touched any virtualization with FreeNAS/TrueNAS, and never plan to. Especially since I can do everything with jails so far. (And I assumed later on with containers if/when migrating to SCALE.)

I think what you want is achivable with LXC Container, but LXC is not supported on scale right now. There is a ticket in jira to add lxc support in future versions, but i dont know if the devs have it on a roadmap or it still needs more votes to be considered.

I suppose the only way to continue with "customized plugins", for now, is to stick with Core and keep using jails.

The bummer about this is that there are going to be solid and practical features introduced in SCALE, which Core will miss out on for the timebeing, and perhaps indefinitely.

 

[Jip-Hop]

You can do a couple of things.

A bit of a roundabout method, but you could in theory download a root filesystem to use as your jail, mount it inside the TrueCharts docker-compose app and then use docker to run from this rootfs by bind mounting all the sub-directories of the rootfs... This way you can install stuff and update inside the container. Removing the container won't remove any of your files. More info on this 'hack' here and here.

A better alternative may be to use systemd-nspawn to create a 'jail' on TrueNAS SCALE. I've made a script which makes persistent Debian 'jails' so you can install software (wget, curl, ffmpeg etc. and even docker) with full access to all files on TrueNAS via bind mounts. Without modifying the host OS at all because systemd-nspawn is already included.

Note that my script is currently experimental and since systemd-nspawn isn't officially supported I can't promise this will always work.

 

[NugentS]

"Suggestion was approved and systemd-nspawn will be included in the base system for Dragonfish 24.04" - kmoore134 on reddit

See https://ixsystems.atlassian.net/browse/NAS-119787 - systemd-nspawn get a big tick