Managing virtual environments with ClonOS 12ClonOS is one of the latest operating systems to be entered into the DistroWatch database. The project's website describes ClonOS as follows:
ClonOS is a free, open-source FreeBSD-based platform for virtual environment creation and management.
The operating system uses FreeBSD's development branch (12.0-CURRENT) as its base. ClonOS uses ZFS as the default file system and includes web-based administration tools for managing virtual machines and jails. The project's website also mentions the availability of templates for quickly setting up new containers and web-based VNC access to jails. Puppet, we are told, can be used for configuration management.
ClonOS can be downloaded as a disk image file (IMG) or as an optical media image (ISO). I downloaded the ISO file which is 1.6GB in size. Booting from ClonOS's media displays a text console asking us to select the type of text terminal we are using. There are four options and most people can probably safely take the default, xterm, option.
The ClonOS installer then launches. The installer presents us with simple text menus were we are tasked with configuring our network interface (providing an IP address and Internet gateway), selecting which hard drive should be used to install ClonOS and creating administrator passwords. We are asked to come up with two passwords, one for the operating system's root account and one for accessing the web-based control panel. As I found out later, it does not matter what passwords we provide during the installation. With these three sets of questions answered, the installer copies its files to our hard drive, taking over the entire disk. We are then prompted to restart the computer to begin using our new copy of ClonOS.
When the freshly installed copy of ClonOS boots, it brings us to a text console and automatically signs us in as the root user. If we log out of the command line interface, ClonOS automatically logs us back in. Presumably, it is assumed the ClonOS server will be kept in a locked room to protect the operating system from people walking by the terminal.
The operating system, on the surface, appears to be a full installation of FreeBSD 12. The usual collection of FreeBSD packages are available, including manual pages, a compiler and the typical selection of UNIX command line utilities. The operating system uses ZFS as its file system and uses approximately 3.3GB of disk space. ClonOS requires about 50MB of active memory and 143MB of wired memory before any services or jails are created.
Most of the key features of ClonOS, the parts which set it apart from vanilla FreeBSD, can be accessed through a web-based control panel. When we connect to this control panel, over a plain HTTP connection, using our web browser, we are not prompted for an account name or password.
The web-based interface has a straight forward layout. Down the left side of the browser window we find categories of options and controls. Over on the right side of the window are the specific options or controls available in the selected category. At the top of the page there is a drop-down menu where we can toggle the displayed language between English and Russian, with English being the default.
There are twelve option screens we can access in the ClonOS interface and I want to quickly give a summary of each one:
Overview - this page shows a top-level status summary. The page lists the number of jails and nodes in the system. We are also shown the number of available CPU cores and available RAM on the system.
Jail containers - this page allows us to create and delete jails. We can also change some basic jail settings on this page, adjusting the network configuration and hostname. Plus we can click a button to open a VNC window that allows us to access the jail's command line interface.
Template for jails - provides a list of available jail templates. Each template is listed with its name and a brief description. For example, we have a Wordpress template and a bittorrent template. We can click a listed template to create a new jail with a vanilla installation of the selected software included. We cannot download or create new templates from this page.
Bhyve VMs - this page is very much like the Jails containers page, but concerns the creation of new virtual machines and managing them.
Virtual Private Network - allows for the management of subnets
Authkeys - upload security keys for something, but it is not clear for what these keys will be used.
Storage media - upload ISO files that will be used when creating virtual machines and installing an operating system in the new virtual environment.
FreeBSD Bases - I think this page downloads and builds source code for alternative versions of FreeBSD, but I am unsure and could not find any associated documentation for this page.
FreeBSD Sources - download source code for various versions of FreeBSD.
TaskLog - browse logs of events, particularly actions concerning jails.
SQLite admin - this page says it will open an interface for managing a SQLite database. Clicking link on the page gives a file not found error.
Settings - this page simply displays a message saying the settings page has not been implemented yet.
While playing with ClonOS, I wanted to perform a couple of simple tasks. I wanted to use the Wordpress template to set up a blog inside a jail. I wanted a generic, empty jail in which I could play and run commands without harming the rest of the operating system. I also wanted to try installing an operating system other than FreeBSD inside a Bhyve virtual environment. I thought this would give me a pretty good idea of how quick and easy ClonOS would make common tasks.
First, I tried to create a Wordpress jail using the provided template. Clicking the Wordpress template brings up a screen where we are asked to provide some configuration details. Basically, we are given the chance to select passwords for the blogging software's database and administrator login. We are then taken to the jails management page where we can see our new Wordpress instance being created. The set up process just takes a minute and then the jail automatically launches.
ClonOS 12 -- The VNC console for accessing jails (full image size: 116kB, resolution: 1240x1004 pixels)
On the surface, it looks like nothing happens as the jail runs silently in the background. We can click the VNC icon on the jail management screen to open a terminal window inside the Wordpress jail. The first hurdle I ran into was the jail was not connected to the network. I tried to bring the jail's network on-line, but kept running into “permission denied” errors. I later found jails are created in what is essentially read-only mode and deactivating this made it possible to adjust jail settings. At that point I could get on-line, but network options had to be set manually; the DHCP client software failed to acquire an address from the network.
I ran into a similar problem when I set up a generic, empty jail. The jail itself was created successfully, but it was unable to connect automatically to the network. This resulted in some fiddling to try to get the jail on-line. I have run into this issue before and it seems to be a problem with certain specific jail managers. Some jail management tools set up networking that functions automatically, while others leave us to tweak the jail manually to get a working network connection.
One last problem I ran into with jails was I had set both jails to automatically start when ClonOS booted. Despite this setting being selected, neither jail would start when the host operating system came on-line. Each jail had to be started manually.
The final task I had set for myself was to install an operating system on ClonOS using the Bhyve virtual machine manager. To make things easy on myself, I decided to install OpenBSD, which is a relatively small download of 209MB and OpenBSD has a simple system installer. I downloaded the ISO to my workstation and then tried to upload it to ClonOS using the storage management panel. The upload failed and I was shown an error saying the file I was uploading was too large. Since OpenBSD has one of the smaller ISO files available (apart from niche systems like Tiny Core Linux and a few net-install options) this limitation rules out most open source server platforms I might wish to install. This meant I didn't get to test Bhyve as most ISO files I could download would not get by ClonOS's upload size limitation.
ClonOS 12 -- Trying to upload an ISO file (full image size: 84kB, resolution: 1240x1004 pixels)
One set of features I felt was missing from the ClonOS control panel were methods for managing the underlying operating system. I found no button for rebooting the computer, checking for software updates or checking process information. We can turn to the local terminal and its command line for these features if need be. During my trial there were 753 software updates available for ClonOS's FreeBSD base system and these updates totaled 657MB in size. The updates installed cleanly using FreeBSD's pkg command line package manager and the system continued to work the same way once package update had been installed.
ClonOS appears to be in its early stages of development, more of a feature preview or proof-of-concept than a polished product. A few of the settings pages have not been finished yet, the web-based controls for jails are unable to create jails that connect to the network and I was unable to upload even small ISO files to create virtual machines.
The project's website mentions working with Puppet to handle system configuration, but I did not encounter any Puppet options. There also does not appear to be any documentation on using Puppet on the ClonOS platform.
One of the biggest concerns I had was the lack of security on ClonOS. The web-based control panel and terminal both automatically login as the root user. Passwords we create for our accounts are ignored and we cannot logout of the local terminal. This means anyone with physical access to the server automatically gains root access and, in addition, anyone on our local network gets access to the web-based admin panel. As it stands, it would not be safe to install ClonOS on a shared network.
Some of the ideas present are good ones. I like the idea of jail templates and have used them on other systems. The graphical Bhyve tools could be useful too, if the limitations of the ISO manager are sorted out. But right now, ClonOS still has a way to go before it is likely to be safe or practical to use.