Bastille Groundhog Day Release

Bastille is an open-source system for automating deployment and management containerized applications on FreeBSD.

• Follow @BastilleBSD on Mastodon
• Join the discussion BastilleBSD on Discord
• Join the discussion BastilleBSD on Telegram
• Subscribe to BastilleBSD on YouTube
• Support BastilleBSD on Patreon

0.6.20200202 “Groundhog Day”

This release includes a number of awesome new features! If you were impressed with Bastille before… get ready to turn it up to 11.

NEW sub-commands

bastille import & export

Bastille now supports exporting containers into compressed archives. These archives can later be imported as a backup or sent to another Bastille host for deployment.

This example will create a compressed archive or compressed ZFS snapshot (depending on the underlying filesystem) of TARGET. This archive will be placed in a backups directory which is found alongside the standard Bastille directories (jails, releases, etc).

bastille export TARGET

This archive can later be imported automatically creating the container as needed.

bastille import archive.xz

Note: bastille list backups to output a listing of exported archives.

bastille convert

With this release it is now possible to convert a “thin” container to a “thick” container.
Support for bi-directional conversion is in the works.

bastille convert alcatraz

bastille rdr

Dynamic rules allowing redirecting host port to container port. This example would redirect connections on the host port 2001 to container port 22. See documentation for full details.

bastille rdr TARGET tcp 2001 22

bastille limits

Initial support for resource control (rctl) was contributed by the community. Thank you Sven!

A new limits sub-command allows you to set resource controls on containers dynamically. See rctl(8) for a deep dive but get started with this example:

bastille limits TARGET memoryuse 1G

The template system also now supports automated resource controls backed by the limits sub-command. This means resource limits can be applied automatically to containers as they are built. Support is new–your mileage may vary–but so far results are promising. Please report otherwise.

A template hook to apply resource limits looks something like:

template/LIMITS

memoryuse 1G

Bastille will also automatically add and remove resource limits for containers as they are started and stopped.

Improvements

FSTAB template hook

Check out the “behind the scenes” video on YouTube for the inspiration for this next improvement. With this release you can auto-mount directories from the host into the containers in either read-only or read-write modes. This opens the doors for automating a wider range of applications on NAS servers such as Plex Media Server and the like.

Syntax for this new template hook follows standard fstab(5) format with the minor exception that the mount path (mnt/storage in this case) is a relative path within the container. An example:

template/FSTAB

/usr/local/storage mnt/storage nullfs ro 0 0

Template Validation

The verify sub-command can now be targeted at templates. This validation will parse the template files and display a read-only overview of actions to be performed. This improves on previous behavior when template preview was provided only once during bootstrap.

Validation has also been extended with additional checks into the contents of the template to ensure it is parsed without any surprises.

man bastille

Bastille now installs a man page for additional built-in documentation.

bastille update

The update sub-command can now be targeted at “thick” containers, allowing simple upgrade process for those standalone containers.

bastille start/stop

Minor improvements to the targeting capability of the start and stop commands. These fixes should ensure you never hit the wrong container with your actions.

bastille list -j

For those that would like the option to see bastille list output in json you’re now in luck. Append -j to the bastille list command and you’ll get all the same list output wrapped in a soup of curly brackets!

bastille create

Improvements were made to the create sub-command improving tests and validation prior to making certain changes.

We’ve also removed unnecessary output during the create step. You’ll find Bastille appropriately less verbose going forward.

bastille console

A bug was discovered and fixed in the console sub-command wherein a user could become “stuck” trying to use console to login as a user that does not exist. User and shell validation is now performed before attempting to login to a container as a non-root user.

bastille console TARGET username

bastille bootstrap

Improvements to the bootstrap sub-command perform additional checks on storage and network configurations to ensure a working state.

Corresponding updates to the README and other documentation has also been made.

MISC

For those doing development and testing there is a Makefile now available in the repository. This is able to perform bleeding-edge installation from a Git checkout. Use at your own risk; don’t use in production.