punkt.de GmbH, profile picture
Uploaded bypunkt.de GmbH
PDF, PPTX318 views

FreeBSD hosting

The document discusses the use of FreeBSD as a hosting platform, detailing the evolution of the hosting architecture at punkt.de, which shifted from a Nanobsd setup to a jail-based architecture for better customer isolation and manageability. Key challenges include availability, performance, and cost, and the presentation highlights improvements such as faster, automated updates and easier provisioning of jails versus virtual machines. The document also outlines the technical specifics of the architecture, including the use of ZFS and Ansible for managing jails and backups.

Embed presentation

Download as PDF, PPTX
FreeBSD as a Hosting Platform – Revisited Patrick M. Hausen EuroBSDCon 2017, Paris
Agenda • Introduction • Challenges in Hosting • Our Old NanoBSD Setup • Why a Jail Based Architecture • How We Do it Today • What We Would Like to Do in the Future
About Me • Working in IT since 1986 • Minix 1.1 since 1989 • FreeBSD since 1993 • In charge of network and data centre operations at punkt.de
About Our Team • mOps – the Magnificent Operators • 3 (originally) operators • 1 (originally) developer
About punkt.de • Founded in 1996 • Started as an ISP • Today:Hosting and development of web applications • Roughly 100 Servers • RIPE Member • DENIC Member • 2 development, 1 operations team
Challenges • Availability • Performance • Cost • Manageability • … Scalability – of the entire data centre!
„Updates? Never change a running system!“
„Nobody wants backup – everyone wants restore.“
Our First Attempt: nanobsd root root (alternate slice) /cfg /var (customer data) m0s1a m0s2a m0s3a m0s3d mirror/m0 ada0 ada1
Advantages • OS and packages are read–only • Atomic updates • Rollback (with exceptions) • Identical software across all servers
Drawbacks • We did not go all the way – image creation remained manual • Reboot of the entire machine required • Installation of additional ports afterwards is difficult • Too little flexibility – PHP, MySQL versions … We did address some of these: • Image creation is now vagrant up • Packages come from our own poudriere
Goals for the New Architecture • Better isolation of customers on the same machine • Individual configurations per customer (PHP, MySQL, …) • N instances per physical machine • Faster more reliable updates • Fully automated
All the Rage Now …
So, Why Not a Hypervisor? VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Machine MachineMachineMachine
So, Why Not a Hypervisor? • Each VM is managed like a separate system • Memory and/or storage overprovisioning at least difficult • Which one to pick? • Storage is either fast or cheap
What Do You Want to Virtualize Today? Machine Hypervisor /sbin/init Jail Single Server Process Docker
So … • Our customers want • The semantics of a VM • We as operators want • Fast provisioning • Easy updates • Our CEO wants • Low cost (within reason)
Advantage Jails • Look like a VM to the customer • Low overhead • Don’t require a running server process they depend on • Look just like regular processes from the outside host • Local filesystem semantics! • Now come with virtualized network stack! • Networking is straightforward and simple (if you know your basics)
VIMAGE • Introduces the epair(4) virtual interface • Essentially a virtual patch cable • One end inside the jail, other end on the host system • Bridge, route, NAT to your heart’s content
System Architecture LAN Jail Jail Jail Jail Bridge Interface vnet0 vnet0 vnet0 vnet0 igb0, ix0, … IPv6 and IPv4 (subject to change)
Shameless Marketing Plug
What the Customer Gets • Virtual proServer:
 One jail instance on a large host. • Dedicated proServer:
 Own host with as many jails as he desires or the host can bear. • But it’s all the same technology!
 Which makes it way easier for us.
Virtual proServer Host • All SSD based • All ZFS • 256 GB of RAM • 2x 10 Cores / 20 Threads • 50 customer jails and twiddling it’s thumbs
Jail Management Tools • Ezjail • Warden („old“ FreeNAS jails) • py-iocage („new“ FreeNAS jails) We picked iocage and actively contribute to the current rewrite.
 https://github.com/iocage/iocage
Peculiarities … Template Jail Instance Instance Instance copy-on-write clones One does not simply update … Snapshot!
Blueprint Jails • Not iocage templates! • Regular jails with FreeBSD-X.Y-RELEASE (11.1 as of now) • Contain all the software we think is relevant for the customer
 PHP-FPM, MySQL/MariaDB, Elastic, NginX and Apache, … • Use our own poudriere as the repo for pkg • Created and configured with Ansible • Not running! (after initial creation)
Instance Jail • Empty jail in iocage • Blueprint jail mounted on top – read-only, nullfs • All the read-write directories are separate ZFS datasets • Mountpoints are set to legacy • Mounted at jail startup by iocage’s fstab feature
Filesystem Layout /etc /usr/local/etc /tmp /var … /iocage/jails/2017Q3-php70-es1/root (blueprint) /iocage/jails/vpro0042/root (empty) nullfs RO RW zfs
A Jail’s fstab /iocage/jails/2017Q3-php70-es1/root /iocage/jails/vpro0042/root nullfs ro … zdata/iocage/jails/vpro0042/root/etc /iocage/jails/vpro0042/root/etc zfs rw … zdata/iocage/jails/vpro0042/root/home /iocage/jails/vpro0042/root/home zfs rw … zdata/iocage/jails/vpro0042/root/tmp /iocage/jails/vpro0042/root/tmp zfs rw … zdata/iocage/jails/vpro0042/root/var /iocage/jails/vpro0042/root/var zfs rw … […] /iocage/jails/2017Q3-php70-es1/root/usr/local/etc/rc.d 
 /iocage/jails/vpro0042/root/usr/local/etc/rc.d nullfs ro … /iocage/jails/2017Q3-php70-es1/root/var/db/pkg /iocage/jails/vpro0042/root/var/db/pkg nullfs ro … zroot/vpro0042/mysql /iocage/jails/vpro0042/root/var/db/mysql zfs rw … zroot/vpro0042/mysql/logs /iocage/jails/vpro0042/root/var/db/mysql/logs zfs rw …
Provisioning proServer Host PXE (unattended) Blueprint Jail Ansible, Poudriere Instance Jail Ansible
Making Updating Great Again • chroot <blueprint> pkg upgrade • Actually we don’t do that, although we could … • Immutable infrastructure! • We create a new blueprint jail • Then update all the dependent instances to use the new one
Backups • Easy – ZFS snapshots • Hourly, Daily, … • sysutils/zfstools • Differential clones to central (per rack) backup server
 https://github.com/adaugherity/zfs-backup • We have a port – will need some polishing to be included in the tree
What Now? Jail Jail Jail Jail Jail Jail Jail Jail Jail Jail Jail Jail Storage?
Self–Provisioning • Would be nice ;-) • Essentially a complete private cloud solution • But first: an API (REST possibly) • Then a UI can be done by a frontend developer Possibly this already exists …
Questions? ?
Thanks!

More Related Content

PDF
EuroBSDCon 2021 - (auto)Installing BSD Systems
byVinícius Zavam
 
PDF
Porting Puppet to OpenBSD
byPuppet
 
PDF
How can OpenNebula fit your needs - OpenNebulaConf 2013
byMaxence Dunnewind
 
PDF
NetBSDworkshop
byJun Ebihara
 
PDF
How Can OpenNebula Fit Your Needs: A European Project Feedback
byNETWAYS
 
PDF
Openwrt startup
by晓东 杜
 
PPT
OpenWRT guide and memo
by家榮 吳
 
PDF
Look Into Libvirt Osier Yang
byOpenCity Community
 
EuroBSDCon 2021 - (auto)Installing BSD Systems
byVinícius Zavam
 
Porting Puppet to OpenBSD
byPuppet
 
How can OpenNebula fit your needs - OpenNebulaConf 2013
byMaxence Dunnewind
 
NetBSDworkshop
byJun Ebihara
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
byNETWAYS
 
Openwrt startup
by晓东 杜
 
OpenWRT guide and memo
by家榮 吳
 
Look Into Libvirt Osier Yang
byOpenCity Community
 

What's hot

PDF
NetBSD workshop
byJun Ebihara
 
PDF
XPDS14: libvirt support for libxenlight - James Fehlig, SUSE
byThe Linux Foundation
 
PDF
Strategies for developing and deploying your embedded applications and images
byMender.io
 
ODP
Libvirt and bhyve under FreeBSD
byCraig Rodrigues
 
PDF
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
DOCX
Bsdtw17: lightning talks/wip sessions
byScott Tsai
 
PDF
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
bydotCloud
 
ODP
How to access your FIWARE Lab Instance.
byJosé Ignacio Carretero Guarde
 
PDF
LCE13: Virtualization Forum
byLinaro
 
PDF
Optimization_of_Virtual_Machines_for_High_Performance
byStorPool Storage
 
PDF
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
PDF
OpenNebulaConf2017EU: Torturing OpenNebula for Fun and Profit by Carlo Daffar...
byOpenNebula Project
 
ODP
Ansible & Vagrant
byMukul Malhotra
 
PDF
Conair
byTimo Derstappen
 
PDF
Talk on PHP Day Uruguay about Docker
byWellington Silva
 
PDF
FreeBSD preseed installation (PXE) AsiaBSDCon 2015
byKamil Czekirda
 
PPTX
Introduction to containers
byNitish Jadia
 
PDF
Storage based snapshots for KVM VMs in CloudStack
byShapeBlue
 
PDF
Deep dive-oz
byLi Jiansheng
 
PDF
Vagrant are you still develop in a non-virtual environment-
byAnatoly Bubenkov
 
NetBSD workshop
byJun Ebihara
 
XPDS14: libvirt support for libxenlight - James Fehlig, SUSE
byThe Linux Foundation
 
Strategies for developing and deploying your embedded applications and images
byMender.io
 
Libvirt and bhyve under FreeBSD
byCraig Rodrigues
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
Bsdtw17: lightning talks/wip sessions
byScott Tsai
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
bydotCloud
 
How to access your FIWARE Lab Instance.
byJosé Ignacio Carretero Guarde
 
LCE13: Virtualization Forum
byLinaro
 
Optimization_of_Virtual_Machines_for_High_Performance
byStorPool Storage
 
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
OpenNebulaConf2017EU: Torturing OpenNebula for Fun and Profit by Carlo Daffar...
byOpenNebula Project
 
Ansible & Vagrant
byMukul Malhotra
 
Conair
byTimo Derstappen
 
Talk on PHP Day Uruguay about Docker
byWellington Silva
 
FreeBSD preseed installation (PXE) AsiaBSDCon 2015
byKamil Czekirda
 
Introduction to containers
byNitish Jadia
 
Storage based snapshots for KVM VMs in CloudStack
byShapeBlue
 
Deep dive-oz
byLi Jiansheng
 
Vagrant are you still develop in a non-virtual environment-
byAnatoly Bubenkov
 

Similar to FreeBSD hosting

PDF
Fsoss12
byDru Lavigne
 
PPT
FreeNAS 10: Challenges of Building a Modern Storage Appliance based on FreeBS...
byiXsystems
 
PDF
FreeBSD is not Linux
byMuhammad Moinur Rahman
 
PPT
.ppt
bywebhostingguy
 
PDF
Smartcom's control plane software, a customized version of FreeBSD by Boris A...
byeurobsdcon
 
PDF
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
byrhatr
 
PDF
Tlf2012
byDru Lavigne
 
PDF
This one goes to 11!
byAPNIC
 
PDF
Network Administration With Freebsd Babak Farrokhi
bykniqrjwvr7030
 
ODP
State of systemd @ Facebook
byDavide Cavalca
 
PDF
600M+ Unsuspecting FreeBSD Users (MeetBSD California 2014)
byiXsystems
 
PDF
Sweden11
byDru Lavigne
 
PDF
P05-slides
byIsaac (.ike) Levy
 
PDF
OpenVZ Linux Containers
byKirill Kolyshkin
 
PDF
2. Vagin. Linux containers. June 01, 2013
byru-fedora-moscow-2013
 
ODP
Fedora Virtualization Day: Linux Containers & CRIU
byAndrey Vagin
 
PDF
Immutable Infrastructure: Rise of the Machine Images
byC4Media
 
PDF
Ilf2013
byDru Lavigne
 
PDF
Ilf2012
byDru Lavigne
 
PDF
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
byCasey Bisson
 
Fsoss12
byDru Lavigne
 
FreeNAS 10: Challenges of Building a Modern Storage Appliance based on FreeBS...
byiXsystems
 
FreeBSD is not Linux
byMuhammad Moinur Rahman
 
.ppt
bywebhostingguy
 
Smartcom's control plane software, a customized version of FreeBSD by Boris A...
byeurobsdcon
 
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
byrhatr
 
Tlf2012
byDru Lavigne
 
This one goes to 11!
byAPNIC
 
Network Administration With Freebsd Babak Farrokhi
bykniqrjwvr7030
 
State of systemd @ Facebook
byDavide Cavalca
 
600M+ Unsuspecting FreeBSD Users (MeetBSD California 2014)
byiXsystems
 
Sweden11
byDru Lavigne
 
P05-slides
byIsaac (.ike) Levy
 
OpenVZ Linux Containers
byKirill Kolyshkin
 
2. Vagin. Linux containers. June 01, 2013
byru-fedora-moscow-2013
 
Fedora Virtualization Day: Linux Containers & CRIU
byAndrey Vagin
 
Immutable Infrastructure: Rise of the Machine Images
byC4Media
 
Ilf2013
byDru Lavigne
 
Ilf2012
byDru Lavigne
 
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
byCasey Bisson
 

More from punkt.de GmbH

PDF
Backend-Berechtigungen und 
Best Practices
bypunkt.de GmbH
 
PDF
Arbeiten bei punkt.de
bypunkt.de GmbH
 
PPTX
Backend User Experience in TYPO3
bypunkt.de GmbH
 
PPTX
Playing around with page types in TYPO3
bypunkt.de GmbH
 
PPTX
Experiences with backend user rights in TYPO3
bypunkt.de GmbH
 
PDF
One Neos CMS - many websites
bypunkt.de GmbH
 
PDF
Continuous relaunch - DIGITAL FUTUREcongress 2018
bypunkt.de GmbH
 
PDF
Webhosting on IPv6-only Virtual Machines
bypunkt.de GmbH
 
PDF
Erweiterte Berechtigungen im TYPO3 FE
bypunkt.de GmbH
 
PDF
Search as main navigation
bypunkt.de GmbH
 
PPTX
Punkt.de – Layout-Testing: was geht, was bringt´s, wer braucht´s?
bypunkt.de GmbH
 
PDF
Teams langfristig führen und entwickeln: Der ScrumMaster als Visionär des Tea...
bypunkt.de GmbH
 
Backend-Berechtigungen und 
Best Practices
bypunkt.de GmbH
 
Arbeiten bei punkt.de
bypunkt.de GmbH
 
Backend User Experience in TYPO3
bypunkt.de GmbH
 
Playing around with page types in TYPO3
bypunkt.de GmbH
 
Experiences with backend user rights in TYPO3
bypunkt.de GmbH
 
One Neos CMS - many websites
bypunkt.de GmbH
 
Continuous relaunch - DIGITAL FUTUREcongress 2018
bypunkt.de GmbH
 
Webhosting on IPv6-only Virtual Machines
bypunkt.de GmbH
 
Erweiterte Berechtigungen im TYPO3 FE
bypunkt.de GmbH
 
Search as main navigation
bypunkt.de GmbH
 
Punkt.de – Layout-Testing: was geht, was bringt´s, wer braucht´s?
bypunkt.de GmbH
 
Teams langfristig führen und entwickeln: Der ScrumMaster als Visionär des Tea...
bypunkt.de GmbH
 

Recently uploaded

PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
PDF
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
PDF
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
PDF
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
PDF
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
PDF
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
PDF
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
PPTX
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
PDF
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PDF
Website Redesign Vs Website Refresh, What’s Right for You in 2026?
byAnuj Kumar Singh
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
Website Redesign Vs Website Refresh, What’s Right for You in 2026?
byAnuj Kumar Singh
 

FreeBSD hosting

  • 1.
    FreeBSD as aHosting Platform – Revisited Patrick M. Hausen EuroBSDCon 2017, Paris
  • 2.
    Agenda • Introduction • Challengesin Hosting • Our Old NanoBSD Setup • Why a Jail Based Architecture • How We Do it Today • What We Would Like to Do in the Future
  • 3.
    About Me • Workingin IT since 1986 • Minix 1.1 since 1989 • FreeBSD since 1993 • In charge of network and data centre operations at punkt.de
  • 4.
    About Our Team •mOps – the Magnificent Operators • 3 (originally) operators • 1 (originally) developer
  • 5.
    About punkt.de • Foundedin 1996 • Started as an ISP • Today:Hosting and development of web applications • Roughly 100 Servers • RIPE Member • DENIC Member • 2 development, 1 operations team
  • 6.
    Challenges • Availability • Performance •Cost • Manageability • … Scalability – of the entire data centre!
  • 7.
  • 8.
  • 9.
    Our First Attempt:nanobsd root root (alternate slice) /cfg /var (customer data) m0s1a m0s2a m0s3a m0s3d mirror/m0 ada0 ada1
  • 10.
    Advantages • OS andpackages are read–only • Atomic updates • Rollback (with exceptions) • Identical software across all servers
  • 11.
    Drawbacks • We didnot go all the way – image creation remained manual • Reboot of the entire machine required • Installation of additional ports afterwards is difficult • Too little flexibility – PHP, MySQL versions … We did address some of these: • Image creation is now vagrant up • Packages come from our own poudriere
  • 12.
    Goals for theNew Architecture • Better isolation of customers on the same machine • Individual configurations per customer (PHP, MySQL, …) • N instances per physical machine • Faster more reliable updates • Fully automated
  • 13.
    All the RageNow …
  • 14.
    So, Why Nota Hypervisor? VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Machine MachineMachineMachine
  • 15.
    So, Why Nota Hypervisor? • Each VM is managed like a separate system • Memory and/or storage overprovisioning at least difficult • Which one to pick? • Storage is either fast or cheap
  • 17.
    What Do YouWant to Virtualize Today? Machine Hypervisor /sbin/init Jail Single Server Process Docker
  • 18.
    So … • Ourcustomers want • The semantics of a VM • We as operators want • Fast provisioning • Easy updates • Our CEO wants • Low cost (within reason)
  • 19.
    Advantage Jails • Looklike a VM to the customer • Low overhead • Don’t require a running server process they depend on • Look just like regular processes from the outside host • Local filesystem semantics! • Now come with virtualized network stack! • Networking is straightforward and simple (if you know your basics)
  • 20.
    VIMAGE • Introduces theepair(4) virtual interface • Essentially a virtual patch cable • One end inside the jail, other end on the host system • Bridge, route, NAT to your heart’s content
  • 21.
    System Architecture LAN Jail JailJail Jail Bridge Interface vnet0 vnet0 vnet0 vnet0 igb0, ix0, … IPv6 and IPv4 (subject to change)
  • 22.
  • 23.
    What the CustomerGets • Virtual proServer:
 One jail instance on a large host. • Dedicated proServer:
 Own host with as many jails as he desires or the host can bear. • But it’s all the same technology!
 Which makes it way easier for us.
  • 24.
    Virtual proServer Host •All SSD based • All ZFS • 256 GB of RAM • 2x 10 Cores / 20 Threads • 50 customer jails and twiddling it’s thumbs
  • 25.
    Jail Management Tools •Ezjail • Warden („old“ FreeNAS jails) • py-iocage („new“ FreeNAS jails) We picked iocage and actively contribute to the current rewrite.
 https://github.com/iocage/iocage
  • 26.
  • 27.
    Blueprint Jails • Notiocage templates! • Regular jails with FreeBSD-X.Y-RELEASE (11.1 as of now) • Contain all the software we think is relevant for the customer
 PHP-FPM, MySQL/MariaDB, Elastic, NginX and Apache, … • Use our own poudriere as the repo for pkg • Created and configured with Ansible • Not running! (after initial creation)
  • 28.
    Instance Jail • Emptyjail in iocage • Blueprint jail mounted on top – read-only, nullfs • All the read-write directories are separate ZFS datasets • Mountpoints are set to legacy • Mounted at jail startup by iocage’s fstab feature
  • 29.
    Filesystem Layout /etc /usr/local/etc/tmp /var … /iocage/jails/2017Q3-php70-es1/root (blueprint) /iocage/jails/vpro0042/root (empty) nullfs RO RW zfs
  • 30.
    A Jail’s fstab /iocage/jails/2017Q3-php70-es1/root/iocage/jails/vpro0042/root nullfs ro … zdata/iocage/jails/vpro0042/root/etc /iocage/jails/vpro0042/root/etc zfs rw … zdata/iocage/jails/vpro0042/root/home /iocage/jails/vpro0042/root/home zfs rw … zdata/iocage/jails/vpro0042/root/tmp /iocage/jails/vpro0042/root/tmp zfs rw … zdata/iocage/jails/vpro0042/root/var /iocage/jails/vpro0042/root/var zfs rw … […] /iocage/jails/2017Q3-php70-es1/root/usr/local/etc/rc.d 
 /iocage/jails/vpro0042/root/usr/local/etc/rc.d nullfs ro … /iocage/jails/2017Q3-php70-es1/root/var/db/pkg /iocage/jails/vpro0042/root/var/db/pkg nullfs ro … zroot/vpro0042/mysql /iocage/jails/vpro0042/root/var/db/mysql zfs rw … zroot/vpro0042/mysql/logs /iocage/jails/vpro0042/root/var/db/mysql/logs zfs rw …
  • 31.
    Provisioning proServer Host PXE(unattended) Blueprint Jail Ansible, Poudriere Instance Jail Ansible
  • 32.
    Making Updating GreatAgain • chroot <blueprint> pkg upgrade • Actually we don’t do that, although we could … • Immutable infrastructure! • We create a new blueprint jail • Then update all the dependent instances to use the new one
  • 33.
    Backups • Easy –ZFS snapshots • Hourly, Daily, … • sysutils/zfstools • Differential clones to central (per rack) backup server
 https://github.com/adaugherity/zfs-backup • We have a port – will need some polishing to be included in the tree
  • 34.
  • 35.
    Self–Provisioning • Would benice ;-) • Essentially a complete private cloud solution • But first: an API (REST possibly) • Then a UI can be done by a frontend developer Possibly this already exists …
  • 36.
  • 37.