Posts Tagged ‘clone’

Building a 10-Server FreeBSD Jail Cluster Running a LAMP (Linux / Apache / MySQL / Perl / PHP / Python) Stack

Wednesday, March 25th, 2026

building-freebsd-jails-cluster-running-linux-apache-10-cluster-high-availability-with-mariadb-perl-php-howto

Virtualization and workload isolation are foundational to modern infrastructure.
While most teams today default to container platforms like Docker and orchestration systems such as Kubernetes, an older and highly capable alternative exists in the form of jails from FreeBSD.

FreeBSD jails provide lightweight OS-level isolation, allowing multiple independent userland environments to run on a single host. Introduced long before containers became mainstream, jails were designed with a strong focus on security, simplicity, and performance.
Despite their maturity and robustness, they are less commonly used today, largely due to the rapid rise of container ecosystems and cloud-native tooling.

Choosing between jails and containers is not simply a matter of “old vs new,” but rather a trade-off between control and simplicity versus portability and ecosystem support.

Short Comparison of FreeBSD jails and Containers ( Pros and Cons )

Advantages of FreeBSD Jails

a. Strong, simple isolation

Jails provide a clear and tightly integrated security boundary within the FreeBSD kernel. Their design is straightforward, reducing the risk of misconfiguration compared to layered container security models.

freebsd_jails_infographic_diagram

b. High performance

Because jails operate very close to the base system, they deliver near-native performance with minimal overhead—especially beneficial for networking and I/O-heavy workloads.

c. Operational simplicity

There are fewer component moving parts (easier to maintain and debbug):

  • No separate container runtime
  • No image layers
  • No complex orchestration requirements

This makes jails appealing for stable, long-running systems.

d. Predictability and stability

FreeBSD’s conservative, design philosophy results in systems that are highly stable over long periods, that is ideal for infrastructure roles like: storage or networking.

Disadvantages of FreeBSD Jails

a. Limited portability

Not neceserry a huge disadvantage but still,
Jails are tied to FreeBSD. Unlike containers, they cannot be easily moved across different operating systems or cloud platforms.


b. Smaller ecosystem

FBSD Jails is not full equivallent to:

  • Container registries (like Docker Hub)
  • Massive orchestration ecosystems (similar things has to be done with scripts and customizations)
  • Broad third-party integrations

This can slow down a bit development and deployment workflows. Though for a matured Applications that are once well tuned with jails that can be not a real probblem.

Note that though a con, this can also be a pros, as once you tune up an App for it becomes easier to maintain.

c. Less automation tooling

While tools exist, they are not as standardized or widely adopted as container-based CI/CD pipelines.

d. Harder to find people for it
 

Most developers and DevOps engineers are trained in container technologies, making hiring and collaboration easier in container-based environments. However for senior hard core sysadmins and system engineers that could be also advantage as not so many people have an indepth insight with both freebsd and fbsd jails.

This guide walks through a practical, production-style setup: 10 FreeBSD servers, each running isolated jails that host a classic LAMP stack (Linux, here replaced by FreeBSD, Apache, MySQL/MariaDB, PHP).
However still the use of companies or individuals who choose freebsd jails aim to better focus is on repeatability, clean architecture, and operational sanity, not just getting it to run once.

Architecture Overview of sample FBSD Cluster

Our Goal:

  • 10 physical or virtual servers
  • Each server runs multiple jails
  • Each jail runs a LAMP app instance
  • Load balancing across nodes (to have a High Availability Cluster like setup)

Host Setup:

  • 2 × load balancer nodes (nginx or HAProxy)
  • 6 × application nodes (Apache + PHP in jails)
  • 2 × database nodes (MariaDB primary/replica)

All systems run FreeBSD, using native jails for isolation.

1. Base FreeBSD Installation (All 10 Servers)

Install FreeBSD on each machine (minimal install is fine).

Update system:

# freebsd-update fetch install
# pkg update && pkg upgrade -y

Install base tools:

# pkg install -y sudo vim bash git

2. Install Jail Management tool (iocage)

We’ll use iocage, a modern jail manager.

# pkg install -y iocage
# sysrc iocage_enable="YES"
# service iocage start

Activate ZFS (recommended):

# zpool create zroot /dev/da0

Initialize iocage:

# iocage activate zroot
# iocage fetch

3. Create a Reusable Jail Template

Instead of building each jail manually, create a golden template.

# iocage create -n lamp-template -r 13.2-RELEASE ip4_addr="vnet0|10.0.0.10/24" boot=off
# iocage start lamp-template
# iocage console lamp-template

4. Install LAMP Stack Inside the Jail

Inside the jail:

4.1. Install Apache

# pkg install -y apache24
# sysrc apache24_enable="YES"

4.2. Install MariaDB

# pkg install -y mariadb106-server
# sysrc mysql_enable="YES"

Initialize DB:

service mysql-server start
mysql_secure_installation

4.3. Install PHP pre-compiled ports

# pkg install -y php82 php82-mysqli php82-mbstring php82-opcache


Configure Apache to use PHP:

# echo 'LoadModule php_module libexec/apache24/libphp.so' >> /usr/local/etc/apache24/httpd.conf
# echo 'AddType application/x-httpd-php .php' >> /usr/local/etc/apache24/httpd.conf

5. Test LAMP Stack works OK

Create a test file:

# echo "<?php phpinfo(); ?>" > /usr/local/www/apache24/data/index.php

Start services:

service apache24 start

Visit the jail IP and confirm PHP (page output) works in Firefox / Chrome Browser.

6. Convert Template into Clones

Stop Jail and snapshot:

iocage stop lamp-template
iocage snapshot lamp-template@base

Clone for production:

iocage clone lamp-template -n app01 ip4_addr="vnet0|10.0.0.21/24"
iocage clone lamp-template -n app02 ip4_addr="vnet0|10.0.0.22/24"

Repeat across servers and once working create a small shell script to run as a cron job to create backups automated.

Each server might run 5 up to 20 jails depending on resources.

7. Networking Between Jails

Use VNET for proper isolation:

Enable bridge on host:

# ifconfig bridge0 create
# ifconfig bridge0 addm em0 up

Assign jail interfaces automatically via iocage.

8.  Load Balancing Layer

On 2 dedicated nodes, install nginx:

# pkg install -y nginx
# sysrc nginx_enable="YES"

Example config:

http {
    upstream backend {
        server 10.0.0.21;
        server 10.0.0.22;
        server 10.0.1.21;
        server 10.0.1.22;
    }

    server {
        listen 80;

        location / {
            proxy_pass http://backend;
        }
    }
}

9. Database Strategy

You have few options to choose from:

a. Use Centralized DB

  • Dedicated DB jails on 2 nodes
  • Primary + replica

b. Use Per-node DB (simpler)

  • Each jail has its own MariaDB
  • Use app-level replication if needed

10. Automation Across 10 Servers

Use tools like:

  • Ansible
  • SSH scripts
  • ZFS replication

Example (simple parallel execution loop) or use a set of scripts to handle updating with some Ansible Playbooks or Puppet:

# for host in server{1..10}; do
  ssh $host "pkg update"
done

Few more Operational Tips to consider

a. Tune up setup / Do Resource management

  • Limit jail CPU/memory using rctl
  • Avoid overcommitting RAM

b. Use Centralized Logging

c. Do regular jail Backups

  • Use ZFS snapshots to backup each of the Jails:

# zfs snapshot zroot/iocage/jails/app01@backup

d. Tighten Security

  • Disable root SSH
  • Use PF firewall on host
  • Keep jails minimal

e. Do a Further Scaling Strategy

  • Add more servers -> replicate template
  • Add more jails -> clone snapshots
  • Scale horizontally via load balancer

Summary and Last Thoughts

When Choose FBSD Jails and when Containers

  • Use jails when you control the infrastructure, need maximum efficiency, and value simplicity (e.g., appliances, CDNs, storage systems).
  • Use containers when portability, scalability, and integration with modern DevOps workflows are critical.

This setup plays to the strengths of FreeBSD jails:

1. Performance: near-native speed
2.Isolation: strong and predictable
3. Simplicity: fewer layers than container stacks

FreeBSD jails remain a powerful and efficient isolation mechanism, particularly well-suited for controlled, performance-sensitive environments. Containers, however, dominate in modern application deployment due to their flexibility and ecosystem. The choice ultimately depends on whether you prioritize system-level control or platform-level convenience.

You won’t get the ecosystem of tools like Docker or Kubernetes, but you gain control, stability, and efficiency, which is exactly why companies like Netflix still rely on this model in critical infrastructure.

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Automation, Cloud services, Clusters, Curious Facts, FreeBSD, Linux, System Administration, System Optimization | No Comments »

How to Copy / Backup Windows USB drive from one USB to a second

Friday, October 18th, 2024

Did you know that when you copy all the files from a USB Drive you don’t copy all the data?

Did you know that there may be files that are not even visible?

In this tutorial you will discover how to copy all of your USB Drive sector by sector, that is to say, that you will see how to create a copy identical to your USB drive without missing anything!

This can be useful if you have formatted your USB stick in error and want to use it, you can create an image for the USB Drive on your computer and then you can recover the formatted data in the image afterward!

The software used in this tutorial is called ImageUSB, it is free, portable, and easy to use.

Don’t use this method if you want only to copy some files, use this to clone/backup your USB Drive with all its master boot record, partition tables, and data.

Let’s go!

Clone Your USB Drive with ImageUSB on Windows 10

Start by downloading and extracting ImageUSB from this official URL: https://www.osforensics.com/tools/write-usb-images.html

Double-click on  imageUSB.exe .

Select your USB Drive from the list, select “Create image from USB drive“. Choose the location for the binary image file (.bin) that will be created from the USB drive.

Click on “Create“.Click “Yes” to confirm your choices.

imageusb clone usb flash drive backup restore 3 create image

Click “Yes” to overwrite the bin file in case it’s already there.

Wait for a couple of minutes…

After the image is created you should see this message. Click “OK“.

Now if you want to restore an image to your USB Drive, just select your USB Drive and choose “Write image to USB drive“. Choose your bin image and click on “Write“.

imageusb clone usb flash drive backup restore 7 write

This program is not recommended on different sizes USB Drives…
Use it mostly for backup/restore on the same USB Drive for your bootable software.

There you have it, the copy of USB to second USB completed !

Enjoy ! 

 

 

Tags: , , , , , , , , , , , , , , , , , , ,
Posted in Backups, System Administration, Windows | No Comments »

Mount ISO Image file in Windows 7 and Windows Vista ( Virtual Clone Drive )

Saturday, September 21st, 2013

Virtual Clone drive logo open iso files Microsoft Windows

In Microsoft Windows 8, there is embedded way to mount ISO files. However in Windows 7 still there is no way to mount ISO image files. I just installed a new Windows 7 on my office work notebook given by Hewlett Packard and had to mount an ISO with Microsoft Visio. Normally all know the two standard programs to mount ISO images in Windows;

1. DaemonTools Lite
2. MagicISO
3. Virtual CD-ROM (Microsoft program)

After consulting my colleague I was recommended to rather install Virtual Clone Drive, for the reason Daemontool's latest versions install Spyware on Computer. On the other hand MagicISO is nice one but a bit obsolete already.
Launching installation prompts opens below install Window;

Virtual Clonedrive 2 on microsoft windows 7 screenshot great program to mount iso files
As you can see from installation Virtual Clone Drive supports ISO / IMG / UDF / BIN and CCD images. Once installation complete to Mount an ISO into separate drive quickest way is to Double click on Image. Also it can be done from program by navigating to:

Virtual Clone Drive Windows 7 mount drive open iso files

From my little experience so far with Virtual Clone Drive I would recommend Windows users to better install it instead of freeware alternatives. VCD feels more robust.

Tags: , , , , , , , , , , , , , , , ,
Posted in Windows | No Comments »

How to copy / clone installed packages from one Debian server to another

Friday, April 13th, 2012

1. Dump all installed server packages from Debian Linux server1

First it is necessery to dump a list of all installed packages on the server from which the intalled deb packages 'selection' will be replicated.

debian-server1:~# dpkg --get-selections \* > packages.txt

The format of the produced packages.txt file will have only two columns, in column1 there will be the package (name) installed and in column 2, the status of the package e.g.: install or deinstall

Note that you can only use the –get-selections as root superuser, trying to run it with non-privileged user I got:

hipo@server1:~$ dpkg --set-selections > packages.txt
dpkg: operation requires read/write access to dpkg status area

2. Copy packages.txt file containing the installed deb packages from server1 to server2

There is many way to copy the packages.txt package description file, one can use ftp, sftp, scp, rsync … lftp or even copy it via wget if placed in some Apache directory on server1.

A quick and convenient way to copy the file from Debian server1 to server2 is with scp as it can also be used easily for an automated script to do the packages.txt file copying (if for instance you have to implement package cloning on multiple Debian Linux servers).

root@debian-server1:~# scp ./packages.txt hipo@server-hostname2:~/packages.txt
The authenticity of host '83.170.97.153 (83.170.97.153)' can't be established. RSA key fingerprint is 38:da:2a:79:ad:38:5b:64:9e:8b:b4:81:09:cd:94:d4. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '83.170.97.153' (RSA) to the list of known hosts. hipo@83.170.97.153's password:
packages.txt

As this is the first time I make connection to server2 from server1, I'm prompted to accept the host RSA unique fingerprint.

3. Install the copied selection from server1 on server2 with apt-get or dselect

debian-server2:/home/hipo# apt-get update
...
debian-server2:/home/hipo# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
debian-server2:/home/hipo# dpkg --set-selections < packages.txt
debian-server2:/home/hipo# apt-get -u dselect-upgrade --yes

The first apt-get update command assures the server will have the latest version of the packages currently installed, this will save you from running an outdated versions of the installed packages on debian-server2

Bear in mind that using apt-get sometimes, might create dependency issues. This is depending on the exact package names, being replicated in between the servers

Therefore it is better to use another approach with bash for loop to "replicate" installed packages between two servers, like so:

debian-server2:/home/hipo# for i in $(cat packages.txt |awk '{ print $1 }'); do aptitude install $i; done

If you want to automate the questioning about aptitude operations pass on the -y

debian-server2:/home/hipo# for i in $(cat packages.txt |awk '{ print $1 }'); do aptitude -y install $i; done

Be cautious if the -y is passed as sometimes some packages might be removed from the server to resolve dependency issues, if you need this packages you will have to again install them manually.

4. Mirroring package selection from server1 to server2 using one liner

A quick one liner, that does replicate a set of preselected packages from server1 to server2 is also possible with either a combination of apt, ssh, awk and dpkg or with ssh + dpkg + dselect :

a) One-liner code with apt-get unifying the installed packages between 2 or more servers

debian-server2:~# apt-get --yes install `ssh root@debian-server1 "dpkg -l | grep -E ^ii" | awk '{print $2}'`
...

If it is necessery to install on more than just debian-server2, copy paste the above code to all servers you want to have identical installed packages as with debian-server1 or use a shor for loop to run the commands for each and every host of multiple servers group.

In some cases it might be better to use dselect instead as in some situations using apt-get might not correctly solve the package dependencies, if encountering problems with dependencies better run:

debian-server2:/home/hipo# ssh root@debian-server1 'dpkg --get-selections' | dpkg --set-selections && dselect install

As you can see using this second dselect installed "package" mirroring is also way easier to read and understand than the prior "cryptic" method with apt-get, hence I personally think using dselect method is a better.

Well that's basically it. If you need to synchronize also configurations, either an rsync/scp shell script, should be used with all defined server1 config files or in case if a cloning of packages between identical server machines is necessery dd or some other tool like Norton Ghost could be used.
Hope this helps, someone.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration | No Comments »

KRaptor a Raptor free software (open source) arcade game clone for GNU / Linux

Monday, January 30th, 2012

Kraptor is another Raptor Shadow of Death free software, open source clone arcade game for GNU/Linux, DOS and Windows (98, XP etc.).

KRaptor main menu game screenshot Linux Debian Squeeze

The game is not under active development anymore since 2004. Kraptor features a powerful engine for creating quickly 2D shooter games, so the game should be a good learning curve for people interested into creation of arcade game shooter games.

The game just like Rafkill is built upon DUMB sound engine.
The game intro is quite entertaining 😉 The intro plays one by one the text:

Near Future:
Blobalization
Imperalizm
Corporations
Megalomaniacs
Money and Power. Slaves of the New Millenium!

KRaptor Bill gates like looking oppressor

After years of oppression, the slaved people of the world have raised against their masters. You, has a mercenary pilot, has been
contacted by the popular rebellion to fight against the forces of oppression.

In the morning, you jump into your cockpit and start up the engines. It's time to get airborne and start the attack. Get ready to
scramble the scum hired by the masters. Murder for freedom is the only way, you're on a mission, don't defraud us...

Like Rafkill, Kraptor is one man masterpiece created by a free software Argentinean geek known under the Kronoman artistic pseudonim. The game is really incredible for a one man work … a true masterpiece.
The game is licensed under MIT License.

Even though Kraptor is older game than Rafkill, the design is more resembling the original Raptor game. The game music is high quality stereo. Besides that music and fx sound effects are quite awesome. After each level you have a Raptor like weapons "blackmarket", where you can buy new weapons, recharge ship energy, upgrade ship etc.
The blackmarket implementation part of the game is probably the worst moment in the game along with the game menus (in my view).
Talking about graphics Kraptor supports really high number of resolutions ranging from 320×240 to 1280×1024! 640×480 is the standard resolution in which the game is running.

Kraptor raptor like Linux game plasma gun debian screenshot

Something I really like in the game is the number of multiple weapons your ship uses during play. Even if played in Easy mode it is taught.

There are game Saves after each level, so thanksfully you don't have to start again from zero once death.
At the end of each level there is a huge bad BOSS you have to destroy ;).
Kraptor the boss Debian GNU / linux

Installing Kraptor on Debian / Ubuntu and deb derivatives is with:

debian:~# apt-get install kraptor

On most rpm based Linux distributions, you can install the game by converting the deb package to rpm with alien or by building from source from Kraptor's sourceforge page

Its interesting the game name e.g. Kraptor is also a death / grind metal band name, (Maybe Kronoman is metalhead big fan of Kraptor and that's how he came up with the playful name. For all the old school game addicts there is the joystick support. I've tested it with my Genius analogous joystick and it works fine.

The game is lacking .desktop gnome definition and after once installed it only appears through Debian (section) GNOME menus and not in Applications -> Games :

Applications -> Debian -> Games -&act; Action -&t; Kraptor

Just like Rafkill on Debian the game exacutable binary is located in /usr/games/kraptor . Also like with the Rafkill case when launched the game has troubles with choppy sound and music caused by the stupid buggy! pulseaudio

Analogously like with Rafkill's case, the work around to the problematic music en sound is to use a little bash shell script like:

#!/bin/bash
pulseaudio -k;
/usr/games/kraptor
pulseaudio --start;

You can dowload Kraptor fix sound issues wrapper here

To install it on your Debian / Ubuntu and hence make the game sound play good issue with root:

debian:~# cd /usr/bin
debian:/usr/bin# wget https://www.pc-freak.net/bshscr/kraptor.wrapper.sh
...
debian:/usr/bin:# chmod +x kraptor.wrapper.sh
debian:/usr/bin:# mv kraptor.wrapper.sh kraptor
 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Games Linux, Linux, Linux and FreeBSD Desktop | No Comments »

RafKill Raptor Free Software (Open Source) clone for GNU/Linux

Saturday, January 28th, 2012

I've earlier blogged on playing Apogee's Raptor Shadows of Death arcade on GNU / Linux with dosbox

All the old school raptor addicts will be interested to hear Kazzmir (Jon Rafkind) a free software devotee developer has created a small game resembling many aspects of the original Raptor arcade game.
The game is called Rafkill and is aimed to be a sort of Raptor like fork/clone.
Originally the game was also named Raptor like the DOS game, however in year 2006 it was changed to current Rafkill in order to avoid legal issues with Apogee's Raptor.

The game is not anymore in active development, the latest Rafkill release is from January 2007, anyhow even for the 2012 it is pretty entertaining. The sound and music are on a good level for a Linux / BSD shoot'em'up free software game . The graphics are not of a top quality and are too childish, but this is normal, since the game is just one man masterpiece.

Rafkill Level 1 Debian GNU/Linux

Rafkill is developed in C/C++ programming language, the game music engine it uses is called DUMB (Dynamic Universal Bibliotheque). By the way DUMB library is used for music engine in many Linux arcade games. DUMB allows the Linux game developer to develop his game and play a music files within different game levels in "tracked" formats like mod, s3m, xm etc.

The game is available in compiled form for almost all existent GNU/Linux distributions, as well as one can easily port it as it is open source.

To install Rafkill on Debian, Ubuntu, Xubuntu and Linux Mint en other Debian based distros

root@debian:~# apt-get install rafkill

Installing on Fedora and other rpm based is with yum

debian:~# apt-get install rafkill
...

Once rafkill is installed, in order to start it on Debian the only way is using the rafkill (/usr/bin/rafkill) command. It appears the deb package maintainer did not wrote a gnome launcher file like for example /usr/share/applications/rafkill.desktop
Just to explain for all the GNOME noobs, the .desktop files are a description file GNOME reads in order to understand where exactly to place certain application in the (Gnome Applications, Places, System …) menu panel.

Even though it miss the .desktop, it is launchable via Applications menu under the Debian section e.g. to open it from the GNOME menus you will have to navigate to:

Applications -> Debian -> Games -> Action -> Rafkill

This "shortcut" to launch the game is quite long and hard to remember thus it is handy to directly launch it via xterm:

hipo@debian:~$ rafkill

Rafkill raptor like native Linux game main menu screenshot Debian GNU / Linux Squeeze

or by pressing ALT+F2 and typing rafkill :

Rafkill Linux game gnome launcher screenshot

Rafkill Debian Linux Level 5 power weaponscreenshot

Starting the game I got some really ugly choppy music / sound issues.
My guess was the fizzling sounds were caused by some bug with the sound portions streamed through pulseaudio sound system.
To test if my presume is correct, stopped pulseaudio and launched rafkill once again:

hipo@debian:~$ pulseaudio -k
hipo@debian:~$ rafkill

This way the game was counting on ALSA to process sound en the sound was playing perfectly fine.

I solved this problem through small wrapper shell script. The script did kill pulseaudio before launching rafkill and that way solve gchoppy sound issues, once the game execution is over the script starts pulseaudio again in order to prevent all other applications working with pulseaudio.

Finally, I've placed the executable script in /usr/bin/rafkill :

Here is the script:

#!/bin/bash
pulseaudio --kill
/usr/games/rafkill
pulseaudio --start

You can download rafkill.wrapper.sh here
Or write in root terminal:

debian:~# cd /usr/bin
debian:/usr/bin:# wget https://www.pc-freak.net/bshscr/rafkill.wrapper.sh
debian:/usr/bin:# mv https://www.pc-freak.net/bshscr/rafkill.wrapper.sh rafkill
debian:/usr/bin:# chmod +x rafkill

Interesting in Ubuntu Linux, rafkill music is okay and I suppose the bug is also solved in newer Linux distributions based on Ubuntu. Probably the Debian Squeeze pulseaudio (0.9.21-4) package version has a bug or smth..

After the change the game music will be playing fine and the game experience is cooler. The game is hard to play. Its really nice the game has game Saves, so once you die you don't have to start from level 1.

Rafkill Load menu screenshot

  I've seen rafkill rolling around on freebsd.org ftps under the ubuntu packages pool, which means rafkill could probably be played easily on FreeBSD and other BSDs.

Enjoy the cool game 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Games Linux, Linux, Linux and FreeBSD Desktop | 1 Comment »