Considering FreeBSD Jails

by Ostatic Staff - Jan. 01, 2011

FreeBSD has a long and strange history, tracing its roots back to the original Unix from Bell Labs. FreeBSD can almost be seen as the older brother to the younger, more popular Linux. While they are similar, FreeBSD’s long history has given it a very different philosophy and purpose. You can, and many people do, run FreeBSD as a desktop OS, but that’s not where the systems real talent lies. While Linux has tried, and in many cases succeeded, to be everywhere that a kernel can run, FreeBSD has decided that it belongs in the datacenter, a belief that is personified in the FreeBSD slogan, “The Power to Serve”. FreeBSD’s Jails are a great example of where the philosophy of Linux and FreeBSD diverges and produces systems that are functionally similar but logically very different.

In a traditional virtual machine, built the way VMware, Xen, and VirtualBox do VMs, the virtualization application runs an entire operating system as an independent entity. This requires the application to virtualize the hardware, producing CPU, RAM, and storage in software. The application then boots a new kernel in the virtualized environment, and runs specialized drivers, like VMware tools, inside of the newly booted operating system to allow communication between the two systems.

FreeBSD jails are very different. The jail does not boot its own kernel, and does not run a full version of the operating system. A jail is comprised of a filesystem, a hostname, an IP address, and an application. Jails can be seen as the logical successor to the older chroot environment, which restricted an applications access to the filesystem by providing the application it’s own root. Jails expand on this concept by further separating the host operating system and the application they are running. The difference between virtual machines and jails can be summed up by saying that virtual machines are for operating systems, jails are for applications.

Virtual machines have become popular in part because of the ease of deployment of a new operating system, spinning up a new operating system is as simple as clicking a button or two. However, from a systems administration point of view, once the new operating system is deployed, you then have a new operating system, as in, yet another box to manage. That means another box to keep patched and up to date, another box to keep user accounts on, another box to monitor in Nagios, in short, additional managerial overhead for each virtual machine. Not to mention administration of the host server. All of these detractors can be mitigated with additional tools like cfengine or Puppet, and creation of appropriate templates can make deployment and management easier.

Virtual machines have also become popular thanks to the dropping price and availability of amazingly powerful hardware. It is not at all uncommon for a single blade to ship with dual-six-core processors and 64G of RAM. To adequately utilize all of that power, virtualization lets you load up multiple operating systems into RAM. It has been my experience that RAM becomes the bottleneck in a virtualized environment far before CPU does.

I have a quote hanging by my desk at work that reads:

  1. It is more important to reduce the Effort of Maintenance than it is to reduce the Effort of Implementation.
  2. The Effort of Maintenance is proportional to the complexity of the system.

The quote is in reference to software design, but it applies equally well to any complex system, like systems administration.

FreeBSD jails allow an administrator to use a single operating system on a single physical machine, and then partition that machine into logical application entities that are no more than an IP address, a name, and the files absolutely necessary to run the application. I’ve been running the FreeBSD jails in a development environment for a while, and I’ve been very happy with them so far. You trade off some of the high-availability aspects that comes with the higher-priced VMware licenses, but what you get is a simple, reliable system. I’m impressed with Jails, and I hope that similar Linux projects, like Linux-Vserver really take off.

If you are just dipping your feet into virtualization, or if you have experience, and are looking into something different, it might just pay off to look into the FreeBSD jails. If you have experience running the jails in a production environment, I’d love to hear about your experiences. Drop me a line in the comments!