Add option to allow ZFS dataset access and extra parameters for builder jails #618
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the preparation for a use case I'm developing with @grembo and @xgarcias at our company PPRO. Namely, we want to package whole application jails (FreeBSD base + package dependencies + application) into a package for use in a new deployment mechanism. The presentation is proposed as talk "Joker: safe and automated deployments using FreeBSD jails" for EuroBSDcon 2018, and we would like to get the necessary patch ready so people could try the solution right after the talk instead of having to wait for a poudriere release. I believe this patch is generally useful, but also we are very sure to use this feature for our purposes (not a hobby project).
I can provide a sample port Makefile showing how it's used, but the basic idea is simple: instead of building a software port, we package a filesystem snapshot:
zfs create parentdataset/myappjail
, install FreeBSD release and packages in it, then ~zfs snapshot parentdataset/myappjail@export && zfs send parentdataset/myappjail@export | xz -c >zfs-image.txz
. We end up with a package containing that compressed ZFS dataset image which we can use in the port's post-install script to extract and make the jail ready once the package gets installed. The deployment mechanism then leverages safe switching between old and new jail whenever an application deployment needs to happen. If you want more info on this use case, let me know.Or in summary: allow port builds to fiddle with a restricted list of ZFS datasets
Tested with 3.2.6, and then applied the patch cleanly to master branch.