Video: Migrating Jailmaker Sandboxes to Docker in Electric Eel

G’day Guys,

With the support for Docker Compose coming in Electric Eel, I thought it would be a good idea to make a video on migrating from Docker in a Sandbox to Docker on Electric Eel.

In this video I discuss the upcoming Electric Eel release, and how it changes apps, and the response to my video, Sandboxes with Jailmaker, as well as the demise of TrueCharts

I then demonstrate how to install the new Dockge app, migrate your compose stacks from a Jailmaker Sandbox, and finally how to uninstall Jailmaker

I have said it before but Stux you rock.
On the Electric Eel, how do you like it? Stable?

Well, at this stage I’ve only focused on the docker testing in a vm, but with the 0819 build that’s working well.

Beta should be out very soon, and if you’re feeling adventurous you could give it whirl.

Hi Stux.

Just wondering, whats the difference between using jailmaker docker vs the native docker in eel?

Is there going to be a performance and power consumption difference to make that migration worth while?

Cauz from what was said here

seems like jailmaker docker will continue to work.

So i’m just wondering for what reason then would i migrate like in your video (thx for sharing how by the way).

Also with jailmaker, you can update/downgrade docker as required. like there was that situation where the latest docker had issues, so you had to downgrade till they sorted that out. But how would that work in truenas eel? can u upgrade/downgrade docker as you like? or is it based on whats available in the truenas version you have installed? not too familiar with how truenas did things, but in qnap qts that was the situation.

So in that sense jailmaker is pretty flexible. Because you can upgrade/downgrade stuff as per your requirement without affecting the rest of truenas which is kept separate.

Also which makes me wonder, what about nvidia graphics card setup. How is that now done to make that work with the truenas native docker compared to jailmaker docker?

There really should be not that much of a power or performance difference. Also, docker is essentially a “cgroup” and network namespace technology too, just like systemd-nspawn and lxc.

Like you said, in a sandbox you can control the version of docker installed, but unfortunately, that also means you are responsible for the version of docker installed, ie you are responsible for updating the entire sandbox os and docker, which is fine, but when using the electric eel docker support, you don’t have to do that, and the updates will come with system updates.

In a sandbox you have better isolation… ie its perhaps easier to install docker on a bridge network and have it be completely separate to the host… but the corrallary is that you then need to mount datasets into the sandbox, and then into the docker containers… you can by pass that layer on Eel’s docker… but of course, that means that you lose that protection too

You don’t necessarily have to set each capability that the docker requires from the sandbox because the docker is running with full root privs on Eel… agains… swings and roundabouts.

Both methods of running docker work just fine on Eel, and there’s no urgency or even requirement to migrate out of a sandbox.

At the end of the day, its probably simpler for new users to avoid the sandbox, unless they want to do something which is easier in a sandbox.

And one of the purposes of the video is to show how simple it is to migrate… but also… that you don’t have to.

Well, you can use the nvidia graphics just the same in the docker compose script… there will be enhanced support in the apps I believe, and there is no need to pass the graphics drivers into the sandbox

It seems that IX is planning to have nvidia graphcis drivers be updated separately to the base OS

It should actually be simpler on Eel than in a Sandbox to use graphics acceleration in docker.

ty stux for the explanation.

so each has their own pros and cons, but from the sounds of it, in terms of convenience for a new setup, you can just use the eel native docker, easier time to get things setup and maintain.

whereas with jailmaker method, the responsibility for those stuff is on you. but at the same you get that flexibility for the versions you opt to use.

so anyway seems that it’s ok for me to just keep it as is without worry (or at least it’s not urgent to do so since it sounds like we can keep using as is same as before the eel release if you’re already on jailmaker). That said i’ll study the migration in case later i opt to use the native docker approach.

ty

You can also use both at the same time.

If you’re going to do that, it may be better to have two different stacks datasets.

ElectricEel-24.10-BETA.1 has now been released, and everything I discuss in the video still applies.

Wasn’t iX suggesting against this or do I remember wrong?

Well, that was more about a hypothetical issue, rather than an actual problem, and was more applicable when the jails were using host networking.

The docker jail template (and my tutorial) use macvlan or bridge networking and the jails are almost completely isolated from the host.

@Stux thank you for sharing your insights. Do you know whether rootless docker containers are supported on eel as an additional layer of security?

Great video, I am still new to TrueNas so some terminology is still confusing to me. Right now I installed Nextcloud through the Apps which gives me some freedom where the data goes, but it also creates a bunch of other folder .ix_apps and ix_applications where I don’t know what’s in there. But it also provides a nice default stack that works with minimal configuration.
With Dockge I would have all data in generic dataset but I would also have to create my own stacks. Is there any way to port the apps stack into Dockge or are there default stacks for apps like nextcloud that I could use with TrueNas?

Stephan

Only if your existing apps stack were launched with docker compose… If they were then just create a stacks folder, and put a folder for each stack into the stacks folder, with the compose file in each folder to each corresponding stack:

example
/stacks/arr/compose.yaml
/stacks/filebrowser/compose.yaml

then is dockge compose

volume:
- /mnt/pathtostacks:/opt/stacks
environment:
- DOCKGE_STACKS_DIR=/opt/stacks

When you launch dockge the stacks will be there

full compose example

networks:
  dockge:
    name: dockge
services:
  dockge:
    container_name: dockge
    image: louislam/dockge:1.4.2
    hostname: dockge
    ports:
     - 5001:5001
    restart: unless-stopped
    environment:
      - DOCKGE_STACKS_DIR=/opt/stacks
    networks:
      - dockge
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/hostpathto/config:/app/data
      - /mnt/hostpathto/stacks:/opt/stacks

@stephan182730 are you using Dragonfish or Electric Eel? (24.04 or 24.10)

@Stux I am using 24.10. It is also unfortunate that you can not maintain any dockers that were created through apps.

You don’t need to edit the Dockge compose as @Tyler_Shield suggested. Its enough to just install the App as per my video, and then if you wanted you can change the stacks directory in the GUI.

But yes, at this stage, I still think the best way to edit and maintain compose based apps is to run your own stacks dataset, and use dockge (you can also just edit via shell or VS Code etc)

Its a pity the dockge stacks don’t show up in the TrueNAS UI.

If you really want to edit a TrueNAS app, and you have dockge setup, you can shell into the the app configs directory, for the latest version of an app, for example

# cd /mnt/.ix-apps/app_configs/minio/versions/1.0.10/templates
# ll
total 23
drwxr-xr-x 5 root    6 Aug 29 21:01 ./
drwxr-xr-x 4 root    9 Aug 29 21:01 ../
-rw-r--r-- 1 root 5832 Aug 29 19:25 docker-compose.yaml
drwxr-xr-x 3 root    3 Aug 29 19:25 library/
drwxr-xr-x 2 root    3 Aug 29 21:01 rendered/
drwxr-xr-x 2 root    4 Aug 29 19:25 test_values/

In the rendered is the docker compose that has had your values added

Thus, if you copy that rendered directory into your dockge stacks directory, and rename to an app name… you can stop the original app, and spin it up in Dockge… then you can edit it… in ways you can’t using the current apps system, for example, to add networking, labels, static IPs etc.

eg:

cp -R rendered /mnt/dozer/docker/stacks/minio

Which will copy “rendered” into the stacks directry, and rename to “minio”

You can then edit/start/control with Dockge.

Screenshot 2024-10-03 at 4.19.20 PM1948×1500 286 KB

For this to work you don’t want to be using ix-volumes.

I played around with dockge but there are still some things missing that I use in portainer. For example, looking at networks or environmental variables. Is there a way to make this visible in dockge?

Stephan

No. Well. Technically you can do docker network ls in the Dockge shell.

Once the networks are created you can add/remove them to containers in the GUI

Hi @Stux , I followed your instructions, but when I started up the container in the new dockge it installed a new instance, and I mean overwrote my existing container and started it from scratch, I’m not sure what I did wrong, It’s not a big lose for that container but the other containers I’d really love to not have to re-set all of them up again.

Did you update the mounts? Were you using host mounts, or docker volumes? If docker volumes, the data is still in the jail

You can access your previous version of the stacks via snapshots if you had them setup