Linux Jails (sandboxes / containers) with Jailmaker

davistw · May 9, 2024, 8:49pm

Yep @Stux i appreciate the run though. Took me a couple of views to grasp but It got me up and running. The one comment I would make is you talk and run though the settings real fast. I did a lot of step though just to catch what you typed on the screen and then clicked though.

KJM · May 11, 2024, 1:29pm

Can someone tell me what to enter in the Docker shell.
I just can’t manage to switch to the compose environment.
Get the message:
Must have at least a valid docker run/create/service create/container run command.

Want to run docker compose as in @Stux explanation
See image.

mooglestiltzkin · May 12, 2024, 9:54pm

how exactly did you install docker?

did you use the guide for installing docker via the jailmaker docker template config? that was how i did it. Stux’s youtube has 2 videos part1 and 2 for setting it up.

Once done, i went to truenas shell

jlmkr shell docker
*i named my jail docker

then i installed dockge using a compose.yaml using the official latest template

github.com

louislam/dockge/blob/master/compose.yaml

services:
  dockge:
    image: louislam/dockge:1
    restart: unless-stopped
    ports:
      # Host Port : Container Port
      - 5001:5001
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data:/app/data
        
      # If you want to use private registries, you need to share the auth file with Dockge:
      # - /root/.docker/:/root/.docker

      # Stacks Directory
      # ⚠️ READ IT CAREFULLY. If you did it wrong, your data could end up writing into a WRONG PATH.
      # ⚠️ 1. FULL path only. No relative path (MUST)
      # ⚠️ 2. Left Stacks Path === Right Stacks Path (MUST)
      - /opt/stacks:/opt/stacks
    environment:

This file has been truncated. show original

change directory to where the compose.yaml is located, then run the command
docker compose up -d

this deploys dockge

then enter dockge via browser url. to find the ip go back to truenas shell type jlmkr list, it will show the ip for the docker container. I am assuming you were smart enough to setup a static ip for your jailmaker bridge so it doesn’t change all the time. The choices are bridged or macvlan. I opted for bridge networking with a static ip for the docker jail.

So then go to http://your lan ip for the bridge:port for dockge ui

it should work at this point

Anyway seems like you don’t know how to use dockge? not blaming you but you should watch how to use it first to get a better understanding

in the Ui screenshot you posted, you see the docker run? you paste the command there. Personally i don’t use that, because i create stacks that use docker compose which i fill in the dockge UI, which after i save, it then saves it into the stack folder i specified in my compose. This makes backing up my docker compose for my containers much easier for backup/restore/deploy.

A basic usage, click the create stack, name your container, then copy paste the compose for that container, and make edits as necessary

Like this is an example docker container compose you can try

github.com

Lissy93/dashy/blob/master/docker-compose.yml

---
# Welcome to Dashy! To get started, run `docker compose up -d`
# You can configure your container here, by modifying this file
version: "3.8"
services:
  dashy:
    container_name: Dashy

    # Pull latest image from DockerHub
    image: lissy93/dashy

    # To build from source, replace 'image: lissy93/dashy' with 'build: .'
    # build: .

    # You can also use an image with a different tag, or pull from a different registry, e.g:
    # image: ghcr.io/lissy93/dashy or image: lissy93/dashy:3.0.0

    # Pass in your config file below, by specifying the path on your host machine
    # volumes:
      # - /path/to/my-config.yml:/app/user-data/conf.yml

This file has been truncated. show original

sounds like you don’t know much about docker. i suggest using google and youtube to look up guides on that.

KJM · May 13, 2024, 3:41pm

@mooglestiltzkin thanks for the time on my question.
I am indeed not an ict person, but I am interested in all things computer related.
This forum and the many youtube videos has made me enjoy running my nas for several years now.
This is the youtube movie of stux that I followed to the end and not once but …
My ultimate concern is that I can get Eclipse Mosquitto, is already installed, to communicate with the truechart home assistant app on my truenas scale 24.04

https://www.youtube.com/watch?v=S0nTRvAHAP8

winnielinnie · May 13, 2024, 3:52pm

Russell Crowe stars as “Stux”, in this much anticipated movie. In theaters, summer 2024.

mooglestiltzkin · May 13, 2024, 6:49pm

Not sure if this is the same app you are talking about. i don’t use it myself but there is a docker compose guide for it here. Jim’s garage is also another good channel to follow to learn docker and stuff

the thing is, for truenas they have truenas app. Then going further there is truecharts to expand the catalog for it.

I don’t use any of that. Instead i used the jailmaker docker install setup. Then i deploy my docker containers manually.

You can use one or the other, but not both because i heard there are issues doing so.

If you are deploying your apps via the truenas apps method, i can’t help much there since i don’t use it myself.

Jeremy_Bridgeman · May 15, 2024, 9:03am

I’m wondering how you configured Tailscale in a jail on Truenas Scale…did you have to enable/map anything special? Or did you simply install Tailscale per the official documentation for Debian from the Tailscale website? I’m also guessing that you used a bridge instead of macvlan for the jail configuration?

Cellobita · May 15, 2024, 11:24am

Nothing special, except for inserting this when jlmkr asks for “Additional flags”:

–capability=CAP_NET_ADMIN

When the jail starts, shell into it, then

apt install curl
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up -authkey [your auth key]

It just works. I’m aware that using simple host networking (instead of --network-macvlan or --network-bridge) is frowned upon, but in my specific case - using Tailscale to manage the host itself - it seemed the easiest way.

Jip-Hop · May 15, 2024, 12:00pm

Isn’t it cool what jailmaker can do?

Cellobita · May 15, 2024, 12:07pm

Heh, I’ll never cease to sing jailmaker’s praises… iX should hire you to maintain it as an official part of TrueNAS!

davistw · May 15, 2024, 4:41pm

Absolutely…Much Thanks

Stux · May 15, 2024, 5:04pm

Soooo

That’s how you make a tailscale scale jail…

Could be a nice jailmaker template…

skittlebrau · May 16, 2024, 3:07pm

Same here. I have a Dell Optiplex SFF PC at my mum’s house which acts as my offsite backup. I installed Tailscale via jailmaker with host networking so that I could easily access the web UI remotely when needed. I use replication tasks and it all works so easily and is pretty much ‘set and forget’. The only maintenance I need to do is to verify backups and apply patches.

Using jailmaker/nspawn has been massively more reliable than TN Apps.

KJM · May 16, 2024, 3:48pm

@mooglestiltzkin Thanks !

seanchs · May 16, 2024, 7:53pm

Hi Jip-Hop,

Thanks for the wonderful work! I am a newbie here and trying to set up the docker in my TrueNAS Scale (DragonFish). I successfully installed the jailmaker. When I copy/paste the config under “templates/docker”, I got following errors from the Shell screen on TrueNAS:

Press Enter to open the text editor.1
Traceback (most recent call last):

File “/mnt/NAS10T/jailmaker/[jlmkr.py](javascript:void(0);)”, line 2170, in main()
File “/mnt/NAS10T/jailmaker/[jlmkr.py](javascript:void(0);)”, line 2165, in main sys.exit(func(**args)) ^^^^^^^^^^^^
File “/mnt/NAS10T/jailmaker/[jlmkr.py](javascript:void(0);)”, line 1335, in create_jail jail_name, config, start_now = interactive_config() ^^^^^^^^^^^^^^^^^^^^
File “/mnt/NAS10T/jailmaker/[jlmkr.py](javascript:void(0);)”, line 1084, in interactive_config config.read_file(f)
File “/usr/lib/python3.11/[configparser.py](javascript:void(0);)”, line 734, in read_file self._read(f, source)
File “/mnt/NAS10T/jailmaker/[jlmkr.py](javascript:void(0);)”, line 203, in _read return super()._read(lines, fpname) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/[configparser.py](javascript:void(0);)”, line 1112, in _read raise DuplicateOptionError(sectname, optname, configparser.DuplicateOptionError: While reading from ‘/tmp/tmp_hzqqkim’ [line 83]: option ‘gpu_passthrough_intel’ in section ‘a’ already exists

Any help on how to fix this? Thanks a lot for your generous help,

Jip-Hop · May 16, 2024, 8:46pm

You should remove the duplicate gpu_passthrough_intel option from the config file. Each config option should be present at most 1 time in the config file.

seanchs · May 16, 2024, 10:16pm

Thanks - Jip-Hop!
I tripple checked the file: “jailmaker/templates/docker/config”. I only see line2 has “gpu_passthrough_intel=0”. No other place has that code in the config file. I am puzzled where to find that duplicated “gpu_passthrough_intel option”. Do I need to check file “/usr/lib/phthon3.11”?

Thanks a lot and really appreciate your help!

Stux · May 16, 2024, 10:44pm

In your jailmaker dataset, there is a jails directory and in there should be a jail directory for your jail.

There is a config file in that. Can you upload/paste a copy here?

You can use sftp/scp to copy it.

seanchs · May 17, 2024, 12:00am

I have config file downloaded to my laptop. But when I pasted it, it shows up as HTML file and very hard to read. How do I just post original text here on th forum? Sorry for the naive question. : )

Stux · May 17, 2024, 1:18am

quote it in triple backticks ie ```