bastille
bastille copied to clipboard
BastilleBSD
Suggestion: Use ports instead of pkg in bastillebsd-templates
Hi,
pkg fetch is unbelievably slow even in gigabyte network (~300kb/s) even at this point of writing similar to https://forums.freebsd.org/threads/very-slow-pkg-install.70708/ despite changing the upstream pkg repos to alternatives including pkg0.bme.freebsd.org (EU mirror).
Fetching gsfonts-8.11_8.txz: 100% 4 MiB 169.4kB/s 00:25
Fetching ghostscript9-agpl-base-9.50.txz: 100% 12 MiB 168.9kB/s 01:13
However, ports is relatively faster than pkg in the same host and jails, fyi.
Cheers, /z
I added this comment to #117 You could set up a pkg caching server I am using apt-cacher-ng running on a raspberry pi. You could do the same in a jail, it makes expermenting with jails very fast the only thing you need to do if your adding a caching server is topoint the jail to it.
Add the following to the jail
mkdir -p /usr/local/etc/pkg/repos
touch /usr/local/etc/pkg/repos/freebsd.conf
vi /etc/local/pkg/repos/freebsd.conf
FreeBSD {
url: "pkg+http://{server ip}:3142/pkg.FreeBSD.org/${ABI}//quarterly"
}
I may try to create a template for bastille if that would be any use?
I've done something similar with a reverse caching proxy in nginx and I think templates for either solution would be useful.
Supporting ports is still of interest to me. Thinking more about an implementation.
There is another use case for this: sometimes you need packages with non default options e.g. different Postgres version, database support at all, ….
While I could (and I did) setup poudriere to build my own packages and distribute them though the method you described above, it's still a huge overhead for just one package.
What I generally do in that case is that I fetch the port tree on the host, and then rw-mount /usr/ports into the jails to use it there.
@tobiastom @cedwards Would documenting how to do this for a specific template meet this request??? Christer did this exact thing on the minecraft server template.
Shouldn't we use pkg by default, then leave it to each template if needed to be set up to use ports??
My idea was that somehow I could use a port with Bastille. My use case for using a newer version of Postgres is still one of the best examples I can think of.
While I see that I could create another Bastille jail in which I compile this port and make it available though Nginx or something else, this is quite some work. Also, to separate concerns I should build the port inside a separate jail and just copy it to the delivering pkg repository jail.
I also agree that having this inside Bastille makes it much more complicated to manage over time. I think one of the best solutions would be to document:
- create a Bastille template (with nginx?) that can deliver packages locally
- add a ports chapter to the documentation that describes
- how to compile a port and create a package from it
- how to copy the resulting file into the correct folder of the Bastille templated jail
- how to configure the package repository inside another Bastille jail
While I see that this is documented on various different places on different sites, it might make sense to add it to the Bastille docs.
@cedwards did this on the minecraft template. Will leave this open to add to the documentation of how to do it. No change really needed to bastille, just a change in the Bastillefile.