Video: Migrating Jailmaker Sandboxes to Docker in Electric Eel

Stux · August 22, 2024, 11:37am

G’day Guys,

With the support for Docker Compose coming in Electric Eel, I thought it would be a good idea to make a video on migrating from Docker in a Sandbox to Docker on Electric Eel.

In this video I discuss the upcoming Electric Eel release, and how it changes apps, and the response to my video, Sandboxes with Jailmaker, as well as the demise of TrueCharts

I then demonstrate how to install the new Dockge app, migrate your compose stacks from a Jailmaker Sandbox, and finally how to uninstall Jailmaker

davistw · August 22, 2024, 12:24pm

I have said it before but Stux you rock.
On the Electric Eel, how do you like it? Stable?

Stux · August 22, 2024, 12:27pm

Well, at this stage I’ve only focused on the docker testing in a vm, but with the 0819 build that’s working well.

Beta should be out very soon, and if you’re feeling adventurous you could give it whirl.

mooglestiltzkin · August 27, 2024, 5:58pm

Hi Stux.

Just wondering, whats the difference between using jailmaker docker vs the native docker in eel?

Is there going to be a performance and power consumption difference to make that migration worth while?

Cauz from what was said here

seems like jailmaker docker will continue to work.

So i’m just wondering for what reason then would i migrate like in your video (thx for sharing how by the way).

Also with jailmaker, you can update/downgrade docker as required. like there was that situation where the latest docker had issues, so you had to downgrade till they sorted that out. But how would that work in truenas eel? can u upgrade/downgrade docker as you like? or is it based on whats available in the truenas version you have installed? not too familiar with how truenas did things, but in qnap qts that was the situation.

So in that sense jailmaker is pretty flexible. Because you can upgrade/downgrade stuff as per your requirement without affecting the rest of truenas which is kept separate.

Also which makes me wonder, what about nvidia graphics card setup. How is that now done to make that work with the truenas native docker compared to jailmaker docker?

Stux · August 28, 2024, 2:01am

There really should be not that much of a power or performance difference. Also, docker is essentially a “cgroup” and network namespace technology too, just like systemd-nspawn and lxc.

Like you said, in a sandbox you can control the version of docker installed, but unfortunately, that also means you are responsible for the version of docker installed, ie you are responsible for updating the entire sandbox os and docker, which is fine, but when using the electric eel docker support, you don’t have to do that, and the updates will come with system updates.

In a sandbox you have better isolation… ie its perhaps easier to install docker on a bridge network and have it be completely separate to the host… but the corrallary is that you then need to mount datasets into the sandbox, and then into the docker containers… you can by pass that layer on Eel’s docker… but of course, that means that you lose that protection too

You don’t necessarily have to set each capability that the docker requires from the sandbox because the docker is running with full root privs on Eel… agains… swings and roundabouts.

Both methods of running docker work just fine on Eel, and there’s no urgency or even requirement to migrate out of a sandbox.

At the end of the day, its probably simpler for new users to avoid the sandbox, unless they want to do something which is easier in a sandbox.

And one of the purposes of the video is to show how simple it is to migrate… but also… that you don’t have to.

Well, you can use the nvidia graphics just the same in the docker compose script… there will be enhanced support in the apps I believe, and there is no need to pass the graphics drivers into the sandbox

It seems that IX is planning to have nvidia graphcis drivers be updated separately to the base OS

It should actually be simpler on Eel than in a Sandbox to use graphics acceleration in docker.

mooglestiltzkin · August 28, 2024, 4:32am

ty stux for the explanation.

so each has their own pros and cons, but from the sounds of it, in terms of convenience for a new setup, you can just use the eel native docker, easier time to get things setup and maintain.

whereas with jailmaker method, the responsibility for those stuff is on you. but at the same you get that flexibility for the versions you opt to use.

so anyway seems that it’s ok for me to just keep it as is without worry (or at least it’s not urgent to do so since it sounds like we can keep using as is same as before the eel release if you’re already on jailmaker). That said i’ll study the migration in case later i opt to use the native docker approach.

ty

Stux · August 28, 2024, 5:30am

You can also use both at the same time.

If you’re going to do that, it may be better to have two different stacks datasets.

Stux · August 30, 2024, 4:18am

ElectricEel-24.10-BETA.1 has now been released, and everything I discuss in the video still applies.

Davvo · August 31, 2024, 12:06am

Wasn’t iX suggesting against this or do I remember wrong?

Stux · August 31, 2024, 1:02am

Well, that was more about a hypothetical issue, rather than an actual problem, and was more applicable when the jails were using host networking.

The docker jail template (and my tutorial) use macvlan or bridge networking and the jails are almost completely isolated from the host.

Jaywalker · September 8, 2024, 5:41am

@Stux thank you for sharing your insights. Do you know whether rootless docker containers are supported on eel as an additional layer of security?