TrueNAS SCALE放弃K8s回到Dokcer

事前准备

参考 https://www.truenas.com/docs/scale/scaletutorials/apps/sandboxes/

https://github.com/Jip-Hop/jailmaker

创建jailmaker用的数据集

在你随机池创建jailmaker的文件夹，名字随意，我这里直接命名为jailmaker

安装jailmaker

进入目录


cd /mnt/[池名字]/[刚刚创建的目录名]

我这里例子是池：tank 目录名: jailmaker


cd /mnt/tank/jailmaker
curl --location --remote-name https://raw.githubusercontent.com/Jip-Hop/jailmaker/main/jlmkr.py
chmod +x jlmkr.py

PS：此时已经可以运行通过指定文件位置来运行，但是如果想在任何地方直接输入jlmkr来运行的话，可以输入下面的命令


echo alias jlmkr=\"sudo '/mnt/[池名字]/[刚刚创建的目录名]/jlmkr.py'\" >> ~/.zshrc
source ~/.zshrc

添加开机启动

照抄

替换中间命令的部分


/mnt/[池名字]/[刚刚创建的目录名]/jlmkr.py startup

安装系统以及Docker环境

命令行输入


jlmkr

提示你是否创建，输入 Y 按下回车


root@truenas[~]# jlmkr
Create a new jail? [Y/n] y

USE THIS SCRIPT AT YOUR OWN RISK!
IT COMES WITHOUT WARRANTY AND IS NOT SUPPORTED BY IXSYSTEMS.

提示你用模板的方式。


A text editor will open so you can provide the config template.

  1. Please copy your config
  2. Paste it into the text editor
  3. Save and close the text editor

Press Enter to open the text editor.

输入 Enter ，会进入nano的输入界面，此时你需要复制下面的代码，粘贴到里面后，按下 ctrl+x，再按 Y 再按 回车


startup=0
#直通intel显卡把值改成1
gpu_passthrough_intel=0
#直通nvidia显卡把值改成1
gpu_passthrough_nvidia=0
# Turning off seccomp filtering improves performance at the expense of security
seccomp=1

# Use macvlan networking to provide an isolated network namespace,
# so docker can manage firewall rules
# Alternatively use --network-macvlan=eno1 instead of --network-bridge
# Ensure to change eno1/br1 to the interface name you want to use
# You may want to add additional options here, e.g. bind mounts
# 注意这里的br0需要提前改成自己网络对应的网桥名字
systemd_nspawn_user_args=--network-bridge=br0
    --resolv-conf=bind-host
    --system-call-filter='add_key keyctl bpf'

# Script to run on the HOST before starting the jail
# Load kernel module and config kernel settings required for docker
pre_start_hook=#!/usr/bin/bash
    set -euo pipefail
    echo 'PRE_START_HOOK'
    echo 1 > /proc/sys/net/ipv4/ip_forward
    modprobe br_netfilter
    echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
    echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables

# Only used while creating the jail
distro=debian
release=bookworm

# Install docker inside the jail:
# https://docs.docker.com/engine/install/debian/#install-using-the-repository
# Will also install the NVIDIA Container Toolkit if gpu_passthrough_nvidia=1 during initial setup
# https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html
initial_setup=#!/usr/bin/bash
    set -euo pipefail

    apt-get update && apt-get -y install ca-certificates curl
    install -m 0755 -d /etc/apt/keyrings
    curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
    chmod a+r /etc/apt/keyrings/docker.asc

    echo \
    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
    tee /etc/apt/sources.list.d/docker.list > /dev/null
    
    apt-get update
    apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
    
    # The /usr/bin/nvidia-smi will be present when gpu_passthrough_nvidia=1
    if [ -f /usr/bin/nvidia-smi ]; then
        curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey -o /etc/apt/keyrings/nvidia.asc
        chmod a+r /etc/apt/keyrings/nvidia.asc
        curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
        sed 's#deb https://#deb [signed-by=/etc/apt/keyrings/nvidia.asc] https://#g' | \
        tee /etc/apt/sources.list.d/nvidia-container-toolkit.list

        apt-get update
        apt-get install -y nvidia-container-toolkit

        nvidia-ctk runtime configure --runtime=docker
        systemctl restart docker
    fi

    docker info

# You generally will not need to change the options below
systemd_run_default_args=--property=KillMode=mixed
    --property=Type=notify
    --property=RestartForceExitStatus=133
    --property=SuccessExitStatus=133
    --property=Delegate=yes
    --property=TasksMax=infinity
    --collect
    --setenv=SYSTEMD_NSPAWN_LOCK=0

systemd_nspawn_default_args=--keep-unit
    --quiet
    --boot
    --bind-ro=/sys/module
    --inaccessible=/sys/module/apparmor

此时提示你输入jail的名字，输入你想要的，我这里实例为 docker

（这里的名字和后面修改hosts有关）


Enter jail name: docker
Do you want to start this jail now (when create is done)? [Y/n] Y

并且在之后提示中按 Y ，回车

此时就会进入安装环节，中间应该要等待，其次需要科学，因为模板需要从lxc库拉取镜像，docker源也需要。

等待跑码结束就完成安装了

输入下面命令进入docker的系统


jlmkr shell [应用名]

然后就能正常像使用所有docker一样使用，安装jellyfin，portainer之类的

另外ip是独立于与TrueNAS的，输入下面命令可以查看ip


#在Truenas中
jlmkr list
#在docker系统中
ip a

挂载文件

在TrueNAS输入jlmkr edit [应用名] 来编辑配置文件

在下面一块加入 systemd_nspawn_user_args 参数中


--bind='/truenas/path/to/:/jail/path/to'

/truenas/path/to/ 是TrueNAS中路径

/jail/path/to 是你想要挂在到sandbox里面的路径