Warden EOL and iocage jails are now useless -- what do we do?

Status
Not open for further replies.

Stranded Camel

Explorer
Joined
May 25, 2017
Messages
79
Since I had gathered from various forum posts a while back that the Warden jail system is being discontinued, I decided to use the newer alternative, iocage. All was well for the last year or so, but the other day I noticed that pkg update had done nothing for a while. Odd. Then I went to install a minor utility, wget, and I got errors about the package being incompatible with my version of the kernel:

Code:
Newer FreeBSD version for package p5-Email-Address-XS: 
To ignore this error set IGNORE_OSVERSION=yes 
- package: 1102000 
- running kernel: 1101001 
Allow missmatch now?[Y/n]:


So after some research I found out that FreeNAS is so outdated with respect to FreeBSD that not only support, but also compatibility with the package system, has been discontinued. Actually, "discontinued" is practically a euphemism -- "forcibly broken" is the appropriate term. The entire collection of software, which could be installed just fine a month or so ago, is now incompatible with iocage jails on FreeNAS. And the same is true of the ports system -- I just tried to install something that way, and I got this error:

Code:
/!\ ERROR: /!\ 

Ports Collection support for your FreeBSD version has ended, and no ports are 
guaranteed to build on this system. Please upgrade to a supported release. 

No support will be provided if you silence this message by defining 
ALLOW_UNSUPPORTED_SYSTEM. 

*** Error code 1 

Stop. 
make[1]: stopped in /usr/ports/ports-mgmt/synth 
*** Error code 1 

Stop. 
make: stopped in /usr/ports/ports-mgmt/synth


I am left speechless by this. And I'm running U5, which just came out a couple months ago! I've got 98% of my system set up just how I want it, and was looking forward to not having to mess with it for a couple years, with the exception of my Plex and other jails.

So what are our options in this situation, besides never updating iocage jails?

Can 11.1 jails be updated to the next version on their own, or do we have to install the latest and betaest FreeNAS version and then recreate all our jails? I really don't want to update FreeNAS, as every new version brings a plethora of regressions and bugs, and whatever ones U5 has don't affect me.
 

Scrat_

Explorer
Joined
May 3, 2018
Messages
95
I'm running 11.2 beta 3. So far iocage is alive, but it may explain the lack of update notifications I should be getting.

Sent from my SM-N950W using Tapatalk
 

garm

Wizard
Joined
Aug 19, 2017
Messages
1,555
You’ll have to wait for FreeNAS 11.2 to be realeased (or run the Beta). Wha tyounalready have should be fine as iocage makes it relatively easy to update.
 

Stranded Camel

Explorer
Joined
May 25, 2017
Messages
79
You’ll have to wait for FreeNAS 11.2 to be realeased (or run the Beta). Wha tyounalready have should be fine as iocage makes it relatively easy to update.

How do you do the update? No one here seems to have had any luck.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
It's a very frustrating situation to say the least.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,458
FreeNAS is so outdated with respect to FreeBSD
The blame here belongs more to the FreeBSD project, IMO--their release policies are far too aggressive, in that the last point release (11.1) is EOL'd 90 days after the next (11.2) is released. If the point releases were what a point release should be (minor changes that don't break backward compatibility), this might not be a problem--but they aren't.
The entire collection of software, which could be installed just fine a month or so ago, is now incompatible with iocage jails on FreeNAS.
No, it isn't--the vast majority of it will work just fine. You'll just need to work around the mismatch.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,458
No one here seems to have had any luck.
One person in that thread (me) tried, and at the time (three months ago) the current 11.2 beta wasn't running on FreeBSD 11.2.
 

garm

Wizard
Joined
Aug 19, 2017
Messages
1,555
The blame here belongs more to the FreeBSD project, IMO--their release policies are far too aggressive, in that the last point release (11.1) is EOL'd 90 days after the next (11.2) is released. If the point releases were what a point release should be (minor changes that don't break backward compatibility), this might not be a problem--but they aren't.

No, it isn't--the vast majority of it will work just fine. You'll just need to work around the mismatch.

Personally I don’t read point releases as minor changes. The software vendors I work with all do major changes and break backwards compabilitie on point releases with maybe the exception of Microsoft.

Not supporting a previous release after the next one is shipped is proabobly a resource issue as maintaining several tracks increase complexity exponentially. If you chose to package an operating system in your own product you need to plan your own release calendar based on the support commitment of your suppliers. Making a kernel update on FreeNAS should not be a major change. If you want to package it as a major change you need to ensure your other deliveries are done in time or you need to push those and go ahead with the kernel update if the one you have is EOL.
 

tprelog

Patron
Joined
Mar 2, 2016
Messages
291
No one here seems to have had any luck.

I have had some success with this... I upgraded my Home-Assistant jail from From 11.1-RELEASE-p10 to 11.2-RELEASE-p3
In my case the exact command I used was sudo iocage upgrade -r 11.2-RELEASE homeassistant

I first made a backup using iocage snapshot but it was not needed.
I did however still try to iocage rollback my jail to the 11.1-RELEASE. This also worked for me without issue.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
Yes but to upgrade means you need to be using bug ridden beta software. The jails can't be upgraded to a release that's newer than the base system. We're still months out from a 11.2 release so that leaves those of us that have web facing services unable to get security updates on any software running in a jail until the base FreeNAS system is upgraded. That to me is an issue.

I also have to agree with @danb35 that the support model for FreeBSD is not an ideal one. Each point release brings some major changes and some don't always play nice.
 

tprelog

Patron
Joined
Mar 2, 2016
Messages
291
The jails can't be upgraded to a release that's newer than the base system.
I have read that but I also did just that before I knew I wasn't supposed too. My jail worked just fine (at least as far as I could tell) Yes the FreeNAS GUI did complain and would not start but from the console it started just fine. Also it would start-up no problem on reboot as well. I have a jailed app that stopped working with Warden almost 10 months ago so I switched to iocage back then and haven't looked back. I guess I've been lucky using iocage from console. I do see somethings that are polar opposite though. For example, adding storage to the jail... In the FreeNAS GUI the jail must be stopped however when using the console I have found I can only add storage while the jail is running. (At least that's how it is in 11.2). On FreeNAS 11.1, I only use iocage from the console.

Those of us that have web facing services unable to get security updates on any software running in a jail until the base FreeNAS system is upgraded. That to me is an issue.
I luck out again here as well. I feel like most of you guys are using FreeNAS for some serious business. I on the other hand only use FreeNAS at home and I think I have a very basic setup at that. Nothing I have faces the inter-webs
 
Last edited:

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,458
...and, of course, the same thing's going to happen to 11.2 when FreeBSD 11.3 releases. At the rate things are going, that will be less than six months after 11.2 releases.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
And don't forget about 12.0 RELEASE due out in December.........
 

Stranded Camel

Explorer
Joined
May 25, 2017
Messages
79
Gads -- what a clusterfsck! Is there no way to point an 11.1 jail to an 11.1 repo, even if it's now not updated or maintained? Or to use portsnap with 11.1 ports?

I don't know how this works behind the scenes, but it seems like jails have one single repo they point to and the FreeBSD folks switched the 11.1 repo out for the 11.2 repo. There has to be some flexibility here!

The only long-term stable solution seems to be forgoing all FreeNAS jails for a Linux VM, as sucky as bhyve is.
 

Stranded Camel

Explorer
Joined
May 25, 2017
Messages
79
The entire collection of software, which could be installed just fine a month or so ago, is now incompatible with iocage jails on FreeNAS.

No, it isn't--the vast majority of it will work just fine. You'll just need to work around the mismatch.

In other words, no, nothing will work just fine, and yes, the collection is incompatible, until the user hacks the system in order to kludgily get things to work.

That doesn't qualify as "working just fine" in anyone reasonable's book, sorry.
 

adrianwi

Guru
Joined
Oct 15, 2013
Messages
1,231
It has to be said, this is pretty piss poor whichever way you look at it.

I could maybe understand this if someone was running a 12-month-old version of FreeNAS, but for everyone running the latest version 11.1-U6 to be unable to update jails, potentially created only a few weeks ago, until the next release of FreeNAS just adds to the shambolic way iXsystems have managed FreeNAS over the last 18 months.

You would have thought serious lessons had been learned from Corral, but things like this suggest not.
 
Last edited:

lopr

Explorer
Joined
Mar 19, 2015
Messages
71
I am either running 11.2 jails on 11.1 (you can't start them, but you can console into them and then they start) or I use ALLOW_UNSUPPORTED_SYSTEM=YES in my /etc/make.conf
some things won't work but most do; just don't file bug reports for such hacky jails.

and yes, this is not a great situation
 
Status
Not open for further replies.
Top