No, @Jip-Hop re-implemented them 
As to why? So that you can use jails on scale.
I’d rather just use CORE.
SCALE was announced as the “horizontal scale out platform”. Now that it doesn’t do that any more I see no feature I am missing apart from “quick and easy way to run Onlyoffice Document Server”.
But I can have that with a Debian VM and docker compose if I have to.
For Home Assistant they even strongly recommend not to use Docker but their complete VM (“HAOS”) images instead. Runs perfectly in bhyve/CORE.
Etc.
And CORE can’t run OCI containers in a jail.
So there you are.
Run CORE or run SCALE. They both have jails.
2 Likes
Hi @ddaenen1 … I’m not eager to change but I do like ths stability of CORE. I need to set up a Nextcloud and I am trying to decide if I try and do it on CORE or move to SCALE.
Can you please tell me a bit about your Nexctcloud install.
What version are you running?
How long have you run Nextcloud on CORE?
Have you updated Nextcloud, and how easy was it?
Do you access Nextcloud from the internet, or just behind your firewall.
Anything else that you think I should know.
Thanks for any guidance you can offer.
Sure @NASbox.
I am running TrueNAS Core 13.0 U6.1 on the server with specs as in my signature from the time that it was still FreeNAS. Not sure but it must like 6 years now.
I have 2 jails running: Plex and Nextcloud which both run flawless.
Nextcloud is 29.0.0.19 and fully updated. I have been running Nextcloud for about 4 years now, initially installed as a plugin but since some time now as a manual install in a jail using @dan script. I access Nextcloud only via the internet through my own FQDN with letsencrypt certificates and HAproxy as a reverse proxy. The certificates are managed by the ACME package in my pfSense router where also HAproxy resides.
Updating is pretty easy as i do it from the Nextcloud GUI since Dan’s script installs from source. All other updates, php and MariaDb and stuff are done via CLI with the ‘pkg update && upgrade’ command. i check the regularly with ‘pkg version’ and if there is something significant, i just update.
I like Core a lot. FreeBSD is just rock solid. Same for my pfSense firewall. When it is configured, it just works. If you run into an issue, in most cases easy to solve without ruining the entire install. Upgrading hardware on the go, no issue at all. In the period that i have been running core, i have swapped motherboards once and CPU’s twice without a glitch. At the moment, i cannot think of a single reason to switch over.
We have a similar setup. I played with HAProxy a bit, but so far just use a VPN for access. Do you just use the Nextcloud id/password for authentication, or do you use client certificates? I was thinking that client certificates would be a great way to go for hardening an install. No client cert, and you can’t get in even if you know the uid/pswd.
Thanks very much for sharing … that has given me something to think about. I’ll loop up that script and give it a go. I do very much like doing an install so I understand what is going on, so if it breaks I have a good chance of being able to fix it.
Thanks everyone for the input. I’ve been away for a few days, so I hope I can pick this up againl
Just dipped my toes in the water wth jails, and it isn’t going well. As a preliminary exercise I created a new jail TestJail and attempted to install a package without success. I looked at the documentation and it appeared that IX is trying to discourage jails since they aren’t supported. Here’s the output from my session. Can anyone opper guidance:
#>iocage console TestJail
Last login: Mon May 27 22:13:44 on pts/2
FreeBSD 13.1-RELEASE-p9 n245429-296d095698e TRUENAS
Welcome to FreeBSD!
Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories: https://www.FreeBSD.org/security/
FreeBSD Handbook: https://www.FreeBSD.org/handbook/
FreeBSD FAQ: https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums: https://forums.FreeBSD.org/
Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with: pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.
Show the version of FreeBSD installed: freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages: man man
FreeBSD directory layout: man hier
Edit /etc/motd to change this login announcement.
root@TestJail:~ # pkg update
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/quarterly, please wait...
pkg: Error fetching http://pkg.FreeBSD.org/FreeBSD:12:amd64/quarterly/Latest/pkg.txz: Not Found
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.
root@TestJail:~ #
When you created your jail, did you set your default gateway and DNS?
Is the “@dan script” still available? If so where can I find it?
I think so - I can ping google.com which proves dns resolution and internet connectivity.
W
root@TestJail:~ # ping google.com
PING google.com (142.251.41.78): 56 data bytes
64 bytes from 142.251.41.78: icmp_seq=0 ttl=116 time=15.571 ms
64 bytes from 142.251.41.78: icmp_seq=1 ttl=116 time=14.529 ms
64 bytes from 142.251.41.78: icmp_seq=2 ttl=116 time=16.663 ms
Does the fetch/install process use ports other than 443 or 80?
I see what’s happening. What is your jail version? It looks like 12, which is EOL.
You should only be using jails from 13.2 and up, as 13.1 and below are EOL and have no packages available.
I will also add that you shouldn’t use 13.3 jails until CORE is updated to 13.3
3 Likes
Thanks, that was it. I am wondering if it would have been possible to update the jail to 13.2? I couldn’t figure out how to do it, so I just deleted it and started over.
iocage upgrade -r 13.2 <jailname>
2 Likes
Thanks… that helps…
Should I be updating all my jails to 13.2?
(Assuming that the application is compatable.)
I am assuming the upgrade just replaces the O/S directories /bin/ /sbin/ etc.
Can I snapshot a jail for a quick revert if the update screws things up?
I know how to get a consolde with
iocage console jailname
Is there an easy way to get files in and out of a jail?
Yes, most probably.
Exactly.
iocage upgrade does that, automatically.
Sure - scp or similar with SSH enabled in the jail. Or drag and drop the files to some SMB share you have probably, and then on the command line use cp /mnt/<pool>/some/share/some/file /mnt/<pool>/iocage/jails/<somejail>/root/path/to/some/destination
HTH,
Patrick
1 Like
Can you please say a bit more about this?
How would I restore a snapshot if the update appeared to run OK, but if the application failed as a result of the output?
If I want to run a program once or twice per day, what is the best way to go about it?
Do I need to install cron or something like that?
Any suggestions as to best practices for where to store code/data:
Inside the jail, outside the jail?
Organization outside the Jail - separate datasets?
Any guidance is much appreciated.
iocage will create snapshots of all datasets of the jail when you perform an iocage upgrade operation. They are named “something something ioc upgrade” plus a timestamp.
You can iocage stop the jail and perform a zfs rollback operation of the datasets, then iocage start the jail again.
There’s also iocage rollback which supposedly does all of that in one go.
What do you mean by “install cron”? Create a cron job, yes. Cron is part of the system and also of every jail.
To run a cron job outside the jail you can use the Tasks section of the UI. Inside the jail there’s the regular crontab command.
1 Like
Thanks again for the response… OK, I didn’t realize that cron was part of the standard installation. I will look into that.
How would I run a job inside a jail from a cron job outside the jail?
You don’t. You login to the jail as root and create a cron job inside the jail like so:
crontab -u <user> -e
1 Like