Bastille Groundhog Day Release
0.6.20200202 “Groundhog Day”
Bastille is an open-source system for automating deployment and management of containerized applications on FreeBSD.
This release includes a number of awesome new features! If you were impressed with Bastille before… get ready to turn it up to 11.
bastille import & export
Bastille now supports exporting containers into compressed archives. These archives can later be imported as a backup or sent to another Bastille host for deployment.
This example will create a compressed archive or compressed ZFS snapshot
(depending on the underlying filesystem) of TARGET. This archive will be placed
backups directory which is found alongside the standard Bastille
bastille export TARGET
This archive can later be imported automatically creating the container as needed.
bastille import archive.xz
bastille list backups to output a listing of exported archives.
With this release it is now possible to convert a “thin” container to a “thick”
Support for bi-directional conversion is in the works.
bastille convert alcatraz
Dynamic rules allowing redirecting host port to container port. This example would redirect connections on the host port 2001 to container port 22. See documentation for full details.
bastille rdr TARGET tcp 2001 22
Initial support for resource control (
rctl) was contributed by the community.
Thank you Sven!
limits sub-command allows you to set resource controls on containers
rctl(8) for a deep dive but get started with this example:
bastille limits TARGET memoryuse 1G
The template system also now supports automated resource controls backed by the
limits sub-command. This means resource limits can be applied automatically
to containers as they are built. Support is new–your mileage may vary–but so
far results are promising. Please report otherwise.
A template hook to apply resource limits looks something like:
Bastille will also automatically add and remove resource limits for containers as they are started and stopped.
FSTAB template hook
Check out the “behind the scenes” video on YouTube for the inspiration for this next improvement. With this release you can auto-mount directories from the host into the containers in either read-only or read-write modes. This opens the doors for automating a wider range of applications on NAS servers such as Plex Media Server and the like.
Syntax for this new template hook follows standard
fstab(5) format with the
minor exception that the mount path (
mnt/storage in this case) is a relative
path within the container. An example:
/usr/local/storage mnt/storage nullfs ro 0 0
verify sub-command can now be targeted at templates. This validation will
parse the template files and display a read-only overview of actions to be
performed. This improves on previous behavior when template preview was
provided only once during bootstrap.
Validation has also been extended with additional checks into the contents of the template to ensure it is parsed without any surprises.
Bastille now installs a man page for additional built-in documentation.
update sub-command can now be targeted at “thick” containers, allowing
simple upgrade process for those standalone containers.
Minor improvements to the targeting capability of the start and stop commands. These fixes should ensure you never hit the wrong container with your actions.
bastille list -j
For those that would like the option to see
bastille list output in json
you’re now in luck. Append
-j to the
bastille list command and you’ll get
all the same list output wrapped in a soup of curly brackets!
Improvements were made to the
create sub-command improving tests and
validation prior to making certain changes.
We’ve also removed unnecessary output during the create step. You’ll find Bastille appropriately less verbose going forward.
A bug was discovered and fixed in the
console sub-command wherein a user
could become “stuck” trying to use
console to login as a user that does not
exist. User and shell validation is now performed before attempting to login to
a container as a non-root user.
bastille console TARGET username
Improvements to the
bootstrap sub-command perform additional checks on
storage and network configurations to ensure a working state.
Corresponding updates to the README and other documentation has also been made.
For those doing development and testing there is a
Makefile now available in
the repository. This is able to perform bleeding-edge installation from a Git
checkout. Use at your own risk; don’t use in production.