From e68bd1b3ae0dc2625e70ef7dd97ccda6bf5ae2c2 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Wed, 20 Nov 2019 19:16:21 -0700 Subject: [PATCH] standardizing on container vs jail --- docs/chapters/jail-config.rst | 4 ++++ docs/chapters/networking.rst | 6 +++--- docs/chapters/subcommands/cmd.rst | 2 +- docs/chapters/subcommands/console.rst | 6 +++--- docs/chapters/subcommands/cp.rst | 2 +- docs/chapters/subcommands/create.rst | 6 +++--- docs/chapters/subcommands/destroy.rst | 8 ++++---- docs/chapters/subcommands/htop.rst | 6 +++--- docs/chapters/subcommands/pkg.rst | 2 +- docs/chapters/subcommands/restart.rst | 2 +- docs/chapters/subcommands/start.rst | 2 +- docs/chapters/subcommands/stop.rst | 2 +- docs/chapters/subcommands/sysrc.rst | 2 +- docs/chapters/subcommands/top.rst | 4 ++-- docs/chapters/subcommands/update.rst | 6 +++--- docs/chapters/targeting.rst | 28 +++++++++++++-------------- docs/chapters/template.rst | 10 +++++----- docs/chapters/usage.rst | 20 +++++++++---------- 18 files changed, 61 insertions(+), 57 deletions(-) diff --git a/docs/chapters/jail-config.rst b/docs/chapters/jail-config.rst index 71cf998e..ea3e812e 100644 --- a/docs/chapters/jail-config.rst +++ b/docs/chapters/jail-config.rst @@ -1,3 +1,7 @@ +Note: FreeBSD introduced container technology twenty years ago, long before the +industry standardized on the term "container". Internally, FreeBSD refers to +these containers as "jails". + jail.conf ========= In this section we'll look at the default config for a new container. The diff --git a/docs/chapters/networking.rst b/docs/chapters/networking.rst index d0f71347..3e14e80c 100644 --- a/docs/chapters/networking.rst +++ b/docs/chapters/networking.rst @@ -114,7 +114,7 @@ Create the firewall rules: - Make sure to include the last line (`port ssh`) or you'll end up locked out. Note: if you have an existing firewall, the key lines for in/out traffic -to jails are: +to containers are: .. code-block:: shell @@ -127,8 +127,8 @@ The `nat` routes traffic from the loopback interface to the external interface for outbound access. The `rdr pass ...` will redirect traffic from the host firewall on port X to -the ip of Jail Y. The example shown redirects web traffic (80 & 443) to the -jails at `10.17.89.45`. +the ip of Container Y. The example shown redirects web traffic (80 & 443) to the +containers at `10.17.89.45`. Finally, start up the firewall: diff --git a/docs/chapters/subcommands/cmd.rst b/docs/chapters/subcommands/cmd.rst index bb09f2dd..d3d7031e 100644 --- a/docs/chapters/subcommands/cmd.rst +++ b/docs/chapters/subcommands/cmd.rst @@ -2,7 +2,7 @@ cmd === -To execute commands within the jail you can use `bastille cmd`. +To execute commands within the container you can use `bastille cmd`. .. code-block:: shell diff --git a/docs/chapters/subcommands/console.rst b/docs/chapters/subcommands/console.rst index 4a16ad4a..ffe90fe2 100644 --- a/docs/chapters/subcommands/console.rst +++ b/docs/chapters/subcommands/console.rst @@ -1,7 +1,7 @@ console ======= -This sub-command launches a login shell into the jail. Default is password-less +This sub-command launches a login shell into the container. Default is password-less root login. .. code-block:: shell @@ -31,6 +31,6 @@ root login. Edit /etc/motd to change this login announcement. root@folsom:~ # -At this point you are logged in to the jail and have full shell access. The +At this point you are logged in to the container and have full shell access. The system is yours to use and/or abuse as you like. Any changes made inside the -jail are limited to the jail. +container are limited to the container. diff --git a/docs/chapters/subcommands/cp.rst b/docs/chapters/subcommands/cp.rst index 45987037..890c5438 100644 --- a/docs/chapters/subcommands/cp.rst +++ b/docs/chapters/subcommands/cp.rst @@ -1,7 +1,7 @@ cp == -This command allows efficiently copying files from host to jail(s). +This command allows efficiently copying files from host to container(s). .. code-block:: shell diff --git a/docs/chapters/subcommands/create.rst b/docs/chapters/subcommands/create.rst index b06d1bfe..44d4db79 100644 --- a/docs/chapters/subcommands/create.rst +++ b/docs/chapters/subcommands/create.rst @@ -2,7 +2,7 @@ create ====== Bastille create uses any available bootstrapped release to create a -lightweight jailed system. To create a jail simply provide a name, +lightweight container system. To create a container simply provide a name, bootstrapped release and a private (rfc1918) IP address. - name @@ -18,10 +18,10 @@ bootstrapped release and a private (rfc1918) IP address. NAME: folsom. IP: 10.17.89.10. -This command will create a 11.3-RELEASE jail assigning the 10.17.89.10 ip +This command will create a 11.3-RELEASE container assigning the 10.17.89.10 ip address to the new system. -I recommend using private (rfc1918) ip address ranges for your jails. These +I recommend using private (rfc1918) ip address ranges for your container. These ranges include: - 10.0.0.0/8 diff --git a/docs/chapters/subcommands/destroy.rst b/docs/chapters/subcommands/destroy.rst index f6686145..d03090ca 100644 --- a/docs/chapters/subcommands/destroy.rst +++ b/docs/chapters/subcommands/destroy.rst @@ -1,8 +1,8 @@ destroy ======= -Jails can be destroyed and thrown away just as easily as they were -created. Note: jails must be stopped before destroyed. +Containers can be destroyed and thrown away just as easily as they were +created. Note: containers must be stopped before destroyed. .. code-block:: shell @@ -13,6 +13,6 @@ created. Note: jails must be stopped before destroyed. .. code-block:: shell ishmael ~ # bastille destroy folsom - Deleting Jail: folsom. - Note: jail console logs not destroyed. + Deleting Container: folsom. + Note: containers console logs not destroyed. /usr/local/bastille/logs/folsom_console.log diff --git a/docs/chapters/subcommands/htop.rst b/docs/chapters/subcommands/htop.rst index c0f7951e..40656b6b 100644 --- a/docs/chapters/subcommands/htop.rst +++ b/docs/chapters/subcommands/htop.rst @@ -2,10 +2,10 @@ htop ==== -This one runs `htop` inside the jail. -note: won't work if you don't have htop installed in the jail. +This one runs `htop` inside the container. +note: won't work if you don't have htop installed in the container. .. image:: ../../images/htop.png :align: center - :alt: bastille htop jail + :alt: bastille htop container diff --git a/docs/chapters/subcommands/pkg.rst b/docs/chapters/subcommands/pkg.rst index 5f11203b..90f7afe3 100644 --- a/docs/chapters/subcommands/pkg.rst +++ b/docs/chapters/subcommands/pkg.rst @@ -2,7 +2,7 @@ pkg === -To manage binary packages within the jail use `bastille pkg`. +To manage binary packages within the container use `bastille pkg`. .. code-block:: shell diff --git a/docs/chapters/subcommands/restart.rst b/docs/chapters/subcommands/restart.rst index eeabd3dc..8ec5d9aa 100644 --- a/docs/chapters/subcommands/restart.rst +++ b/docs/chapters/subcommands/restart.rst @@ -1,7 +1,7 @@ restart ======= -To restart a jail you can use the `bastille restart` command. +To restart a container you can use the `bastille restart` command. .. code-block:: shell diff --git a/docs/chapters/subcommands/start.rst b/docs/chapters/subcommands/start.rst index ddf93fbf..3d17e078 100644 --- a/docs/chapters/subcommands/start.rst +++ b/docs/chapters/subcommands/start.rst @@ -1,7 +1,7 @@ start ===== -To start a jail you can use the `bastille start` command. +To start a container you can use the `bastille start` command. .. code-block:: shell diff --git a/docs/chapters/subcommands/stop.rst b/docs/chapters/subcommands/stop.rst index f9aeee46..81bdfc7e 100644 --- a/docs/chapters/subcommands/stop.rst +++ b/docs/chapters/subcommands/stop.rst @@ -1,7 +1,7 @@ stop ==== -To stop a jail you can use the `bastille stop` command. +To stop a container you can use the `bastille stop` command. .. code-block:: shell diff --git a/docs/chapters/subcommands/sysrc.rst b/docs/chapters/subcommands/sysrc.rst index 03a97a0a..ab1f0ccb 100644 --- a/docs/chapters/subcommands/sysrc.rst +++ b/docs/chapters/subcommands/sysrc.rst @@ -3,7 +3,7 @@ sysrc ===== The `sysrc` sub-command allows for safely editing system configuration files. -In jail terms, this allows us to toggle on/off services and options at startup. +In container terms, this allows us to toggle on/off services and options at startup. .. code-block:: shell diff --git a/docs/chapters/subcommands/top.rst b/docs/chapters/subcommands/top.rst index 571e8dee..ed64ca4c 100644 --- a/docs/chapters/subcommands/top.rst +++ b/docs/chapters/subcommands/top.rst @@ -2,9 +2,9 @@ top === -This one runs `top` in that jail. +This one runs `top` in that container. .. image:: ../../images/top.png :align: center - :alt: bastille top jail + :alt: bastille top container diff --git a/docs/chapters/subcommands/update.rst b/docs/chapters/subcommands/update.rst index 9a03fe55..ee64d7be 100644 --- a/docs/chapters/subcommands/update.rst +++ b/docs/chapters/subcommands/update.rst @@ -2,8 +2,8 @@ update ====== -The `update` command targets a release instead of a jail. Because every jail is -based on a release, when the release is updated all the jails are automatically +The `update` command targets a release instead of a container. Because every container is +based on a release, when the release is updated all the containers are automatically updated as well. If no updates are available, a message will be shown: @@ -38,4 +38,4 @@ The older the release, however, the more updates will be available: The following files will be added as part of updating to 10.4-RELEASE-p13: ...[snip]... -To be safe, you may want to restart any jails that have been updated live. +To be safe, you may want to restart any containers that have been updated live. diff --git a/docs/chapters/targeting.rst b/docs/chapters/targeting.rst index b613533d..138e0a07 100644 --- a/docs/chapters/targeting.rst +++ b/docs/chapters/targeting.rst @@ -2,20 +2,20 @@ Targeting ========= Bastille uses a `command-target-args` syntax, meaning that each command -requires a target. Targets are usually jails, but can also be releases. +requires a target. Targets are usually containers, but can also be releases. -Targeting a jail is done by providing the exact jail name. +Targeting a containers is done by providing the exact containers name. Targeting a release is done by providing the release name. (Note: do note include the `-pX` point-release version.) -Bastille includes a pre-defined keyword ALL to target all running jails. +Bastille includes a pre-defined keyword ALL to target all running containers. In the future I would like to support more options, including globbing, lists and regular-expressions. -Examples: Jails -=============== +Examples: Containers +==================== .. code-block:: shell @@ -24,25 +24,25 @@ Examples: Jails +-----------+--------+------------------+-------------------------------------------------------------+ | command | target | args | description | +===========+========+==================+=============================================================+ -| cmd | ALL | 'sockstat -4' | execute `sockstat -4` in ALL jails (listening ip4 sockets) | +| cmd | ALL | 'sockstat -4' | execute `sockstat -4` in ALL containers (ip4 sockets) | +-----------+--------+-----+------------+-------------------------------------------------------------+ | console | mariadb02 | --- | console (shell) access to mariadb02 | +----+------+----+---------+------------+--------------+----------------------------------------------+ -| pkg | web01 | 'install nginx' | install nginx package in web01 jail | +| pkg | web01 | 'install nginx' | install nginx package in web01 container | +-----------+--------+------------------+-------------------------------------------------------------+ -| pkg | ALL | upgrade | upgrade packages in ALL jails | +| pkg | ALL | upgrade | upgrade packages in ALL containers | +-----------+--------+------------------+-------------------------------------------------------------+ -| pkg | ALL | audit | (CVE) audit packages in ALL jails | +| pkg | ALL | audit | (CVE) audit packages in ALL containers | +-----------+--------+------------------+-------------------------------------------------------------+ -| sysrc | web01 | nginx_enable=YES | execute `sysrc nginx_enable=YES` in web01 jail | +| sysrc | web01 | nginx_enable=YES | execute `sysrc nginx_enable=YES` in web01 container | +-----------+--------+------------------+-------------------------------------------------------------+ -| template | ALL | username/base | apply `username/base` template to ALL jails | +| template | ALL | username/base | apply `username/base` template to ALL containers | +-----------+--------+------------------+-------------------------------------------------------------+ -| start | web02 | --- | start web02 jail | +| start | web02 | --- | start web02 container | +-----------+--------+-----+------------+-------------------------------------------------------------+ -| cp | bastion03 | /tmp/resolv.conf-cf etc/resolv.conf | copy host-path to jail-path in bastion03 | +| cp | bastion03 | /tmp/resolv.conf-cf etc/resolv.conf | copy host-path to container-path in bastion03| +----+------+----+---+------------------+--------------+----------------------------------------------+ -| create | folsom | 12.0-RELEASE 10.17.89.10 | create v12.0 jail named `folsom` with IP | +| create | folsom | 12.0-RELEASE 10.17.89.10 | create 12.0 container named `folsom` with IP | +-----------+--------+------------------+--------------+----------------------------------------------+ diff --git a/docs/chapters/template.rst b/docs/chapters/template.rst index 65db9fbc..7abded93 100644 --- a/docs/chapters/template.rst +++ b/docs/chapters/template.rst @@ -3,7 +3,7 @@ Template ======== Bastille supports a templating system allowing you to apply files, pkgs and -execute commands inside the jail automatically. +execute commands inside the containers automatically. Currently supported template hooks are: `PRE`, `OVERLAY`, `PKG`, `SYSRC`, `CMD`. Planned template hooks include: `FSTAB`, `PF`, `LOG`. @@ -48,20 +48,20 @@ Note: SYSRC requires that NO quotes be used or that quotes (`"`) be escaped. ie; `\"`) In addition to supporting template hooks, Bastille supports overlaying -files into the jail. This is done by placing the files in their full path, +files into the container. This is done by placing the files in their full path, using the template directory as "/". An example here may help. Think of `bastille/templates/username/base`, our example template, as the root of our filesystem overlay. If you create an `etc/hosts` or `etc/resolv.conf` *inside* the base template directory, these -can be overlayed into your jail. +can be overlayed into your container. Note: due to the way FreeBSD segregates user-space, the majority of your overlayed template files will be in `usr/local`. The few general exceptions are the `etc/hosts`, `etc/resolv.conf`, and `etc/rc.conf.local`. -After populating `usr/local/` with custom config files that your jail will +After populating `usr/local/` with custom config files that your container will use, be sure to include `usr` in the template OVERLAY definition. eg; .. code-block:: shell @@ -76,7 +76,7 @@ line. Applying Templates ------------------ -Jails must be running to apply templates. +Containers must be running to apply templates. Bastille includes a `template` command. This command requires a target and a template name. As covered in the previous section, template names correspond to diff --git a/docs/chapters/usage.rst b/docs/chapters/usage.rst index 0d30155c..bb131315 100644 --- a/docs/chapters/usage.rst +++ b/docs/chapters/usage.rst @@ -4,34 +4,34 @@ Usage .. code-block:: shell ishmael ~ # bastille -h - Bastille is an open-source system for automating deployment and management - of containerized applications on FreeBSD. - + Bastille is an open-source system for automating deployment and management of + containerized applications on FreeBSD. + Usage: - bastille command [ALL|glob] [args] - + bastille command [ALL|glob] [args] + Available Commands: bootstrap Bootstrap a FreeBSD release for container base. cmd Execute arbitrary command on targeted container(s). console Console into a running container. cp cp(1) files from host to targeted container(s). - create Create a new container. + create Create a new thin container or a thick container if -T|--thick option specified. destroy Destroy a stopped container or a FreeBSD release. help Help about any command htop Interactive process viewer (requires htop). - list List containers (running and stopped). + list List containers, releases, templates, or logs. pkg Manipulate binary packages within targeted container(s). See pkg(8). restart Restart a running container. - service Manage services within targeted jail(s). + service Manage services within targeted containers(s). start Start a stopped container. stop Stop a running container. sysrc Safely edit rc files within targeted container(s). - template Apply file templates to targeted jail(s). + template Apply file templates to targeted container(s). top Display and update information about the top(1) cpu processes. update Update container base -pX release. upgrade Upgrade container release to X.Y-RELEASE. verify Compare release against a "known good" index. - zfs Manage (get|set) zfs attributes on targeted jail(s). + zfs Manage (get|set) zfs attributes on targeted container(s). Use "bastille -v|--version" for version information. Use "bastille command -h|--help" for more information about a command.