Bastille Groundhog Day Release
0.6.20200202
Bastille is an open-source system for automating deployment and management containerized applications on FreeBSD.
- Follow @BastilleBSD on Mastodon
- Join the discussion BastilleBSD on Discord
- Join the discussion BastilleBSD on Telegram
- Subscribe to BastilleBSD on YouTube
- Support BastilleBSD on Patreon
0.6.20200202 “Groundhog Day”
This release includes a number of awesome new features! If you were impressed with Bastille before… get ready to turn it up to 11.
NEW sub-commands
bastille import & export
Bastille now supports exporting containers into compressed archives. These archives can later be imported as a backup or sent to another Bastille host for deployment.
This example will create a compressed archive or compressed ZFS snapshot
(depending on the underlying filesystem) of TARGET. This archive will be placed
in a backups
directory which is found alongside the standard Bastille
directories (jails
, releases
, etc).
bastille export TARGET
This archive can later be imported automatically creating the container as needed.
bastille import archive.xz
Note: bastille list backups
to output a listing of exported archives.
bastille convert
With this release it is now possible to convert a “thin” container to a “thick”
container.
Support for bi-directional conversion is in the works.
bastille convert alcatraz
bastille rdr
Dynamic rules allowing redirecting host port to container port. This example would redirect connections on the host port 2001 to container port 22. See documentation for full details.
bastille rdr TARGET tcp 2001 22
bastille limits
Initial support for resource control (rctl
) was contributed by the community.
Thank you Sven!
A new limits
sub-command allows you to set resource controls on containers
dynamically. See rctl(8)
for a deep dive but get started with this example:
bastille limits TARGET memoryuse 1G
The template system also now supports automated resource controls backed by the
limits
sub-command. This means resource limits can be applied automatically
to containers as they are built. Support is new–your mileage may vary–but so
far results are promising. Please report otherwise.
A template hook to apply resource limits looks something like:
template/LIMITS
memoryuse 1G
Bastille will also automatically add and remove resource limits for containers as they are started and stopped.
Improvements
FSTAB template hook
Check out the “behind the scenes” video on YouTube for the inspiration for this next improvement. With this release you can auto-mount directories from the host into the containers in either read-only or read-write modes. This opens the doors for automating a wider range of applications on NAS servers such as Plex Media Server and the like.
Syntax for this new template hook follows standard fstab(5)
format with the
minor exception that the mount path (mnt/storage
in this case) is a relative
path within the container. An example:
template/FSTAB
/usr/local/storage mnt/storage nullfs ro 0 0
Template Validation
The verify
sub-command can now be targeted at templates. This validation will
parse the template files and display a read-only overview of actions to be
performed. This improves on previous behavior when template preview was
provided only once during bootstrap.
Validation has also been extended with additional checks into the contents of the template to ensure it is parsed without any surprises.
man bastille
Bastille now installs a man page for additional built-in documentation.
bastille update
The update
sub-command can now be targeted at “thick” containers, allowing
simple upgrade process for those standalone containers.
bastille start/stop
Minor improvements to the targeting capability of the start and stop commands. These fixes should ensure you never hit the wrong container with your actions.
bastille list -j
For those that would like the option to see bastille list
output in json
you’re now in luck. Append -j
to the bastille list
command and you’ll get
all the same list output wrapped in a soup of curly brackets!
bastille create
Improvements were made to the create
sub-command improving tests and
validation prior to making certain changes.
We’ve also removed unnecessary output during the create step. You’ll find Bastille appropriately less verbose going forward.
bastille console
A bug was discovered and fixed in the console
sub-command wherein a user
could become “stuck” trying to use console
to login as a user that does not
exist. User and shell validation is now performed before attempting to login to
a container as a non-root user.
bastille console TARGET username
bastille bootstrap
Improvements to the bootstrap
sub-command perform additional checks on
storage and network configurations to ensure a working state.
Corresponding updates to the README and other documentation has also been made.
MISC
For those doing development and testing there is a Makefile
now available in
the repository. This is able to perform bleeding-edge installation from a Git
checkout. Use at your own risk; don’t use in production.