Bastille is an open-source system designed to automate the deployment and management of containerized applications on FreeBSD. Leveraging the power of FreeBSD Jails, Bastille provides a lightweight and secure way to run applications in isolated environments. Whether you’re a developer, system administrator, or security-conscious user, Bastille offers a streamlined approach to container management.

Features of Bastille

Bastille comes with a range of features that make it an excellent choice for containerized environments on FreeBSD:

• Automation Templates: Create and share container templates.
• Zero Dependencies: Lightweight and efficient.
• Highly Secure by Default: Implements strict access controls.
• Read-only Root: Protects the root user environment.
• Flexible Networking & Firewall Options: Supports various network configurations.
• Target Containers: Execute commands inside specific or all containers.
• Snapshots & Backups: Easily snapshot and restore containers.
• Open Source (BSD 3-Clause License): Free to use and modify.
• Disk Quotas: Limit disk space usage per container.
• Stackable Templates: Reuse configurations by stacking templates.
• Active Development: Ongoing improvements and new features.

Supported Platforms

Bastille runs on any system where FreeBSD is supported, including:

• Servers
• Raspberry Pi
• Cloud Providers

Installing Bastille

Bastille is available through the FreeBSD ports and package system. You can install it using:

Using pkg

pkg install bastille

Using Ports

portsnap fetch auto
make -C /usr/ports/sysutils/bastille install clean

From Git (Bleeding Edge)

git clone https://github.com/bastillebsd/bastille.git
cd bastille
make install

Enable Bastille at Boot

sysrc bastille_enable=YES
sysrc bastille_rcorder=YES

Upgrading Bastille

If upgrading from a previous version, merge new configurations into your existing bastille.conf:

cd /usr/local/etc/bastille
diff -u bastille.conf bastille.conf.sample

Update your configuration as needed before proceeding.

Basic Usage

Bastille provides a simple command structure:

bastille command TARGET [args]

Common Commands

• bastille create – Create a new container.
• bastille start – Start a container.
• bastille stop – Stop a running container.
• bastille list – List running containers.
• bastille console – Access a running container.
• bastille destroy – Remove a container.

Setting Up Bastille

To configure networking, firewall, and storage, use:

bastille setup

For custom setups, you can specify options like bastille setup zfs or bastille setup vnet.

Note: If enabling the PF firewall, manually start it using service pf start after running bastille setup.

Example: Creating and Managing a Container

Step 1: Create a Container

bastille create alcatraz 14.0-RELEASE 10.17.89.10/24

Step 2: Start the Container

bastille start alcatraz

Output:

[alcatraz]:
alcatraz: created

Step 3: Access the Container

bastille console alcatraz

Output:

FreeBSD 14.0-RELEASE GENERIC
Welcome to FreeBSD!

Step 4: Check Running Processes

ps -auxw

Example Output:

USER   PID %CPU %MEM  VSZ  RSS TT  STAT STARTED    TIME COMMAND
root 83222  0.0  0.0 6412 2492  -  IsJ  02:21   0:00.00 /usr/sbin/syslogd -ss
root 88531  0.0  0.0 6464 2508  -  SsJ  02:21   0:00.01 /usr/sbin/cron -s

Conclusion

Bastille provides an efficient and secure way to manage FreeBSD containers. With powerful automation, security features, and ease of use, it is an excellent tool for developers and system administrators alike. If you’re running FreeBSD and need a container solution, give Bastille a try!

For more information, check out the official Bastille Documentation.