.png)
4 months ago
2
We are pleased to announce the release of Bastille 1.0, which includes
many enhancements and bug fixes since the previous release (0.14.20250420).
This release continues to improve the stability, functionality, and user experience
of Bastille. We will now use 1.0.x to our release names since we reached a milestone
in our roadmap.
Bastille 1.0.20250714 introduces significant improvements to network management,
allowing both types of VNET jails (-V and -B) to run simultaneously through
dynamic epair handling with a consistent naming scheme. Major enhancements
include a new live migration capability with backup options, improved list
command functionality with priority-based sorting, enhanced IPv6 support across
multiple operations, and a basic API for BastilleBSD integration. The release
also features better template management with subdirectory support, parallel mode
for improved performance, and numerous stability improvements including enhanced
package management, better resource limits handling, and improved etcupdate
functionality. Users upgrading should restart all jails to convert configurations
to the new epair naming syntax and update their bastille.conf file.
Thanks to all contributors who helped make this milestone possible all this years!
1.0 Potentially Breaking Changes ⚠️
Up until version 1.0.20250714, Bastille has handled epairs for -V jails
using the jib script included in FreeBSD installs. However, for -B jails,
Bastille statically assigned an epair to each jail. This means you can only
run one type (-V or -B) of VNET jails on a given system.
Starting with version 1.0.20250714, we are now handling all epairs
dynamically, allowing the use of both types of VNET jails without issue. We
have also selected a naming scheme that will allow for consistency across
these jail types. The naming scheme is as follows:
e0a_jailname and e0b_jailname are the default epair interfaces for every
jail. The a side is on the host, while the b is in the jail. This will
allow better management when trying to figure out which jail a given epair is
linked to. Due to a limitation in how long an interface name can be, Bastille
will truncate "jailname" to avoid errors if it is too long. So,
mylongjailname will be e0a_mylongjxxme and e0b_mylongjxxme. The xx
part is necessary due to another limitation that does not allow dots (.) in
interface names when using the jib script.
If you decide to add an interface using the network sub-command, they will
be named e1a_jailname and e1b_jailname respectively. The number included
will increment by 1 for each interface you add.
Mandatory
We have tried our best to auto-convert each jails jail.conf and rc.conf
to the new syntax (this happens when the jail is stopped). It isn't a huge
change (only a handful of lines), but if you do have an issue please open a
bug report.
After updating, you must restart all your jails (probably one at a time, in
case of issues) to have Bastille convert the jail.conf and rc.conf files.
This simply involves renaming the epairs to the new syntax.
If you have used the network sub-command to add any number of interfaces, you
will have to edit the jail.conf and rc.conf files for each jail to update
the names of the epair interfaces. This is because all epairs will have been
renamed to e0... in both files. For each additional one, simply increment
the number by 1.
Major Enhancements ✅
CI/CD
- We now use some scripts to help us test Bastille itself. This is done with
the help of our other project Rocinante
Basic API
- You can find and play with a basic API for BastilleBSD in this repo:
https://github.com/BastilleBSD/bastille-api
New Migrate subcommand
- Added support for live migration
- Added a backup option with --backup flag
- Added support for sudo, doas and custom ports
- Enhanced user@host:port syntax support. Also supports password authentication.
List subcommand Improvements
- Added ability to list jails according to priority
- Enhanced listing by jail type separately
- Added support for additional listing arguments
- Improved sorting options
Create subcommand Improvements
- Improved IPv6 support for create, clone, rename, and network operations
- Separated IPv4 and IPv6 configurations in /etc/rc.conf
- Added support for 3.x and 4.x MidnightBSD releases
- Added validation to prevent interface conflicts with -V option
- Improved interface naming validation
Setup Improvements
- Enhanced network configuration options
- Improved firewall setup and configuration
- Better handling of ZFS and UFS storage options
Other Notable Improvements
- Enhanced package management with better exit code handling
- Improved template bootstrapping, including support for subdirectories
- Enhanced service management
- Improved resource limits management
- Better handling of etcupdate with improved src verification
- Various documentation updates and improvements
Bug Fixes
- Fixed issues with cloning single templates
- Fixed variable name errors in verify command
- Fixed various shellcheck issues
- Numerous other bug fixes and stability improvements
Upgrading
When upgrading from a previous version of Bastille, you will need to update your bastille.conf:
Merge the lines that are present in the new bastille.conf.sample into your bastille.conf.
Community Support
If you've found a bug in Bastille, please submit it to the Bastille Issue Tracker.
What's Changed (detailed log)
🗞️ New features
- bastille: Initial support for netgraph by @tschettervictor in #978
- Initial beta support for dependant jails by @tschettervictor in #1003
- migrate: Allow live migration by @tschettervictor in #1042 also in #1019
- migrate: Support doas, support port, use user@host:port syntax by @tschettervictor in #1027
- migrate: Use ${USER} as user by @tschettervictor in #1032
- migrate: Add cleanup to more commands to ensure /tmp removal by @tschettervictor in #1037
- migrate: Reconcile LIVE and AUTO by @tschettervictor in #1073
- convert: Allow converting jail to release by @tschettervictor in #928
- config: Allow removing config values from jail.conf by @tschettervictor in #937
- template: Add LINE_IN_FILE as HOOK by @tschettervictor in #918
- Allow bootstrapping templates in subdirectories by @tschettervictor in #959
- Implement parallel mode by @tschettervictor in #924 also in #1018
- boot file to settings file change by @tschettervictor in #1004
- rc: Support parallel start/stop/restart by @tschettervictor in #1014
- limits: Add support for cpuset by @tschettervictor in #1012 also in #1036
- Support jailing datasets by @tschettervictor in #1035
- mount: Allow zfs mounting by @tschettervictor in #1034
- list: Add -u and -d by @tschettervictor in #1051
- setup: Add -y by @tschettervictor in #1070
- setup: allow supplying arg on setup options by @tschettervictor in #1083
- create: Add -g|--gateway by @tschettervictor in #1087
- convert: Support -y by @tschettervictor in #1097
- Update MidnightBSD release versions by @laffer1 in #1119
- common: Use dynamic epairs for all jail types by @tschettervictor in #1132
- export: Allow grouping certain options (-ax) by @tschettervictor in #1147
- rdr: Allow setting table name as source by @tschettervictor in #1152
🔧 Improvements
- CI/CD test by @bmac2 in #1111
- CI/CD testing by @bmac2 in #1114
- destroy: Remove deprecated ref to bastille_list by @tschettervictor in #964
- list: Do not list Path and Hostname + list Name by @tschettervictor in #919
- template: Don’t show usage on ARG/no value supplied by @tschettervictor in #972
- create: Only list IPv4 for _gatway by @tschettervictor in #974
- template: Add comments about warning when ARG not set by @tschettervictor in #975
- template: Add comments about warning on empty ARG by @tschettervictor in #976
- clone: Start both jails if AUTO=1 by @tschettervictor in #980
- restart: Only restart jail that are already running by @tschettervictor in #981
- add blank line after each jail on multiple targets by @tschettervictor in #987 also in #988 also in #990 also in #991 also in #992 also in #993 also in #994
- common: Dont echo by @tschettervictor in #989
- list: First draft of using config to get variables by @tschettervictor in #984
- Refactor line spacing on all commands by @tschettervictor in #995
- list: Do not use config to get path and hostname, too slow by @tschettervictor in #1000
- setup: Exit after auto configuring by @tschettervictor in #1002
- create: Exit if jail directory is mounted under UFS by @tschettervictor in #965
- pkg: Fix promt for y|n by @tschettervictor in #1021
- destroy: Ask for confirmation unless -y by @tschettervictor in #1022
- speedy speedy list by @tschettervictor in #1028 also in #1033
- list: Clear /tmp of list files before starting by @tschettervictor in #1045
- list: Use same format for /tmp files as migrate by @tschettervictor in #1046
- list: Allow --pretty for JSON columns by @tschettervictor in #1047
- list: Print spaces in Ports and IP by @tschettervictor in #1048
- config: Allow setting ip[4|6].addr with out IF by @tschettervictor in #1050
- common: TARGET var by @tschettervictor in #1052
- list: don’t include templatesdir is listing templates by @tschettervictor in #1053
- convert: Help when no args by @tschettervictor in #1056
- zfs: Fix options missing from help by @tschettervictor in #1058
- Don’t error exit if bootstrap complete, just show info by @tschettervictor in #1059
- bootstrap: \n add to extract by @tschettervictor in #1060
- config: Update by @tschettervictor in #1061 also in #1062 also in #1063
- upgrade: Grab release from fstab on thin jails if not present in jail… by @tschettervictor in #1066
- setup: Storage changes by @tschettervictor in #1067
- bootstrap: UFs bootstrap by @tschettervictor in #1068
- create: Use -y on destroy by @tschettervictor in #1074
- Update setup.sh by @tschettervictor in #1077
- support altroot by @tschettervictor in #1078
- verify: Improve help message by @tschettervictor in #1081
- basic spacing fixes for help commands by @tschettervictor in #1082
- template: Allow use of \ as line separator by @tschettervictor in #1089
- typo by @tschettervictor in #1090
- Update Makefile by @thenktor in #1092
- create: Exit if -V and interface already used as member by @tschettervictor in #1096
- destroy: Add newlines on warning message by @tschettervictor in #1098
- Update test.yml by @bmac2 in #1101
- export: Exit if failed to send zfs by @tschettervictor in #1105
- base_template: disable root password by @tschettervictor in #1117
- create: Separate IP4 and IP6 for /etc/rc.conf by @tschettervictor in #1124
- network: Force remove passthrough interface by @tschettervictor in #1129
- common: Remove unneeded if block by @tschettervictor in #1131
- network: Standard is default by @tschettervictor in #1141
- Update export.sh by @tschettervictor in #1142 also in #1143 also in #1144 also in #1145
- export: Exit if sha can't be generated by @tschettervictor in #1148
- cmd: Initiate exit code collect by @tschettervictor in #1159
- etcupdate: Better handling of src verify by @tschettervictor in #1161
- list: List jails according to priority by @tschettervictor in #1165
- list: Cleanup for list with -s by @tschettervictor in #1167
- list: reorder sort options by @tschettervictor in #1168
📓 Documentation
- docs: Reorder boot and priority + minor fixes by @tschettervictor in #955
- docs: Clarify convert by @tschettervictor in #960
- docs: Typos by @tschettervictor in #961
- docs: Reorder priority by @tschettervictor in #968
- docs: We don’t need etcupdate on minor release uodates by @tschettervictor in #969
- docs: Clarify shared and loopback by @tschettervictor in #973
- docs: Move shared interface to bigger heading by @tschettervictor in #977
- docs: Clarify restart by @tschettervictor in #982
- docs: Update destroy by @tschettervictor in #983
- docs: Add depend and netgraph by @tschettervictor in #1005
- docs: Add proper shell ticks by @tschettervictor in #1007
- docs: Typo by @tschettervictor in #1008
- docs: Add parallel mode by @tschettervictor in #1010
- docs: Typo by @tschettervictor in #1015
- docs: Fix rdr options by @tschettervictor in #1017
- docs: Add migrate to index by @tschettervictor in #1030
- docs: Update migration by @tschettervictor in #1075
- docs: Targeting typos by @tschettervictor in #1076
- docs: Update tags by @tschettervictor in #1080
- docs: Document passing template args with INCLUDE by @tschettervictor in #1095
- docs: restructure options for VLAN by @tschettervictor in #1116
- docs: Document built in ARGS for template by @tschettervictor in #1121
- docs: Fix spacing for Configuration by @tschettervictor in #1138
- docs: export: add debug option by @tschettervictor in #1146
- Add parallel mode option to readme by @tschettervictor in #1006
- Merge doc fixes by @tschettervictor in #1139
- Bmac2 patch 1 by @bmac2 in #1025
- fix BASTILLE_VERSION by @tschettervictor in #1026
- Update migration.rst by @tschettervictor in #1031
- Update README.md by @tschettervictor in #1071
- document VLANs by @tschettervictor in #1094
- Info about debootstrap to docs by @thenktor in #1102
- More info about VLAN config for docs by @thenktor in #1112
- limits: Allow adding without logging by @tschettervictor in #1126
- updating bastille docs theme & options; adding logo by @cedwards in #1134
- removing language key; unneeded by @cedwards in #1136
- defining requirements.txt for readthedocs by @cedwards in #1137
🐞 Bug fixes
- bootstrap: Ensure proper bastille_prefix mounting if the directory ex… by @tschettervictor in #958
- temporary setup command fix by @tschettervictor in #962
- bootstrap: Bugfix when bootstrapping multiple templates by @tschettervictor in #970
- mount: Create host path if it doesn’t exist by @tschettervictor in #971
- list: Fix Bad_number on ip6 listing by @tschettervictor in #996
- list: Fix listing single target by @tschettervictor in #997
- list: Fix list when jail is down for release by @tschettervictor in #998
- list: Fix getting hostname on stopped jails by @tschettervictor in #999
- list: Fix listing release when jail is down by @tschettervictor in #1011
- bastille: Fix commands when --delay is specified by @tschettervictor in #1013
- Fix console with a user by @gahr in #1024
- Fix route command for IPv6 by @gahr in #1023
- list: Fix oisting multiple IPs by @tschettervictor in #1029
- clone: Fix replacing IF with subnet (/) by @tschettervictor in #1039
- clone: Fix IP4 IF cloning by @tschettervictor in #1041
- fix missing sourcing of bastille_network_pf_ext_if in rdr.sh by @vegged in #1118
- template.sh: restore JAIL_IP default variable by @vegged in #1120
- fixing language key in conf.py by @cedwards in #1135
- Fix export cmd with predefined/default options by @JRGTH in #1154
New Contributors
Full Changelog: 0.14.20250420...1.0.20250714
