EuroBSDCon 2024

DIY Jails Tutorial - Old Skool & Open Container (OCI) (T9)
09-19, 11:00–17:00 (Europe/Dublin), Beech

One of FreeBSD's unique features is the close alignment of containers,
filesystems, and networking, within the base Operating System. There
are many jail manager tools, but they all use the same functionality
under the hood.

This 2024 version will cover an updated version of the core material
as in 2022 & 2023 in the morning, and in the afternoon, dig into using the
new OCI standard jails, using the podman
tools ported to FreeBSD by Doug Rabson.

Join the Elite. Attain Jail Enlightenment.

Along the way, you'll learn how jails are actually built in practice,
from scratch, and deepen your understanding of the relevant bits of
FreeBSD that allow you to do so.

This tutorial is suitable for beginners & intermediates, and will
go at an appropriate pace depending on attendees.

What You'll Learn

  • learn the underlying truth about all jail tools
  • wield & jail ZFS datasets like a ninja
  • how to share data between hosts and jails
  • time & interest permitting, delve into jail networking
    • VNET jails and wireguard
    • route packets with abandon
    • learn about overlay networking to make multiple jail hosts appear as one
  • acquaint yourself with jail security
  • summon customised jails like an arcane sorcerer

Pre-requisites

  • basic knowledge of FreeBSD & sh(1)
  • a vague understanding of ZFS
  • a UNIX laptop capable of SSH and wifi
  • the desire to ascend to a higher realm of reality

What You'll Accomplish

Why yes, you too can write your own Jail Management tool from scratch.
Alternatively, you'll know how existing jail management tools actually
work, and be able to get the most out of them.

You should be generally comfortable with the terminal, and have used
some pf.conf, and zfs already. It doesn't matter if you're not ok with all
of these, but it will be much harder if you've not got some hands-on
experience at all to relate to.

Dave has spent the last 2 decades trying to stay at least 1 step ahead of The Bad Actors on the internet, starting off with OpenBSD 2.8, and the last 9 years with FreeBSD since 9.3, where he has a ports commit bit, and a prediliction for obscure functional programming languages that align with his enjoyment of distributed systems, & power tools with very sharp edges.

  • Professional Yak Herder, shaving BSD-coloured yaks since ~ 2000
  • FreeBSD ports@ committer
  • Ansible DevOops & Elixir developer
  • enjoys telemark skiing, and playing celtic folk music on a variety of instruments
This speaker also appears in: