Jail management tool


#22

here are the commands I used

cat /etc/hostid  # to see the current system host id
# set the .defaults, I did this manually
zfs set 'org.freebsd.iocage:hostid'="$(cat /etc/hostid)" zroot/iocage/.defaults
# checkthe value wwas set:
zfs get 'org.freebsd.iocage:hostid' zroot/iocage/.defaults
# set a particular jail (can be done normally)
iocage set hostid="$(cat /etc/hostid)" myJailTag

#23

Interesting discussion about iocell

the port is there now:
http://www.freshports.org/sysutils/iocell

I’ll keep’n looking at it to see what develops. I may even try it.

Tho, having new zpool, matching UUID(s) and hostid(s), after import, seem like very strict requirements in iocage or iocell, compared to ea. warden which is zfs ready and it installs jails in /usr/jails, so it doesn’t need its own zpool. When I look at warden’s scripts, I only see

JID="`jls | grep ${JAILDIR}$ | tr -s " " | cut -d " " -f 2`"
as any type of jail ID verification. Moreover, starting imported warden jails was never an issue for me. But, updating imported jail and making it run correctly, that's another topic. If I had issues with importing warden's jail, I can simply un-compress (untar) its export archive to recover any configuration or data files that I may need, because warden's export script is simple too.
# Now that the jail is stopped, lets make a large tbz file of it
cd ${JAILDIR}

# Get the Hostname
HOST="`cat ${JMETADIR}/host`"

IP4="`cat ${JMETADIR}/ipv4 2>/dev/null`"
IP6="`cat ${JMETADIR}/ipv6 2>/dev/null`"

get_ip_and_netmask "${IP4}"
IP4="${JIP}"
MASK4="${JMASK}"

get_ip_and_netmask "${IP6}"
IP6="${JIP}"
MASK6="${JMASK}"

if [ ! -d "$OUTDIR" ] ; then
  mkdir -p ${OUTDIR}
fi

TDIR="`mktemp -d ${WTMP}/exportJail-XXXXXXXXX`"
cd ${TDIR}

# Copy over jail extra meta-data
cp ${JMETADIR}/* ${TDIR}/ 2>/dev/null

# Compress the info dir
cd ${TDIR}
tar cvJf "${JAILDIR}/jailinfo.txz" . 2>/dev/null
if [ $? -ne 0 ] ; then
   exit_err "Failed creating jail info file"
fi

# Cleanup the old TDIR
cd ${OUTDIR}
rm -rf "$TDIR"

echo "Creating compressed archive of ${EXPORTNAME}... Please Wait..."
tar cvJf "${OUTDIR}/${EXPORTNAME}.wdn" -C "${JAILDIR}" . 2>/dev/null
if [ $? -ne 0 ] ; then
   exit_err "Failed creating warden archive"
fi

rm "${JAILDIR}/jailinfo.txz" 2>/dev/null

echo "Created ${EXPORTNAME}.wdn in ${OUTDIR}" >&1

exit 0

This jail was created 3 updates ago and it was imported to this system around December’s update.

/usr/home/jghost# warden list

ID                      AUTOSTART   STATUS      TYPE        
webhost               Enabled     Running     standard    

/usr/home/jghost# jls

   JID  IP Address      Hostname        Path
   3  10.1.10.10        webhost         /usr/jails/webhost

root@webhost:/ # uname -a

FreeBSD webhost 12.0-CURRENT FreeBSD 12.0-CURRENT #14 f92c24b(drm-next-4.7): Fri Jan  6 19:28:21 UTC 2017     root@gauntlet:/usr/obj/usr/src/sys/GENERIC  amd64

root@webhost:/ # ping google.com

PING google.com (216.58.216.142): 56 data bytes
64 bytes from 216.58.216.142: icmp_seq=0 ttl=54 time=16.500 ms
64 bytes from 216.58.216.142: icmp_seq=1 ttl=54 time=13.636 ms

root@webhost:/ # ps ax

PID TT  STAT    TIME COMMAND
44569  -  IsJ  0:00.01 /usr/sbin/syslogd -s
44636  -  IsJ  0:00.00 postgres: checkpointer process    (postgres)
44637  -  SsJ  0:00.03 postgres: writer process    (postgres)
44638  -  SsJ  0:00.01 postgres: wal writer process    (postgres)
44639  -  SsJ  0:00.04 postgres: autovacuum launcher process    (postgres)
44640  -  SsJ  0:00.10 postgres: stats collector process    (postgres)
44650  -  IsJ  0:00.00 /usr/local/sbin/exim -bd -q30m
44666  -  SsJ  0:00.13 /usr/local/sbin/httpd -DNOHTTPACCEPT
44672  -  IsJ  0:00.01 /usr/sbin/cron -s
44700  -  IJ   0:00.00 /usr/local/sbin/httpd -DNOHTTPACCEPT
44701  -  IJ   0:00.00 /usr/local/sbin/httpd -DNOHTTPACCEPT
44702  -  IJ   0:00.00 /usr/local/sbin/httpd -DNOHTTPACCEPT
44703  -  IJ   0:00.00 /usr/local/sbin/httpd -DNOHTTPACCEPT
44704  -  IJ   0:00.00 /usr/local/sbin/httpd -DNOHTTPACCEPT
44632  0  SJ   0:00.10 /usr/local/bin/postgres -D /var/db/postgres/data96
49103  0  SJ   0:00.05 /bin/csh

:wink:


#24

@jmaloney,

Now that I got my hostid issue straightened out, jails seem to start just fine.

I do have another question. I installed gpodder in a jail, but ssh is not being set up. Is there some knob I need to twist to get it working?


#25

Crawling freshports yesterday I noticed that iocage had been rewritten in python and added to the ports collection.
http://www.freshports.org/sysutils/py-iocage/


#26

More adventures with jails

I’ve been refreshing my basic skills in warden before I make switch to iocell. They both seem similar at the basic configuration levels, so I decided to create quick linux jail with warden first, since I’m more handy with it.

  1. First, I’ve utilized my warden template for the current TrueOS version, which I use for all my warden jails.
warden template create -trueos 12.0-CURRENT -tar /usr/home/urek/Downloads/base.txz -nick lnx
  1. Next, I’ve created Debian (wheezy) jail
warden create lnx  --template lnx  --linuxjail /usr/local/share/warden/linux-installs/debian-7-wheezy

Next, I just did all needed warden set configurations of: iface, IPV4, flags, and ended up with working linux jail.

warden list


ID AUTOSTART STATUS TYPE

lnx Disabled Running linuxjail

jls
  JID  IP Address      Hostname                      Path
    21  192.168.5.25    lnx                           /usr/jails/lnx
root@lnx:/# uname -a
GNU/kFreeBSD lnx 12.0-CURRENT FreeBSD 12.0-CURRENT #14 f92c24b(drm-next-4.7): Fri Jan  6 19:28:21 UTC 2017 

root@lnx:/# ping googel.com:grin:
PING googel.com (216.58.193.100): 48 data bytes
56 bytes from 216.58.193.100: icmp_seq=0 ttl=53 time=14.431 ms
56 bytes from 216.58.193.100: icmp_seq=1 ttl=53 time=13.876 ms

Then, while inside the jail and experimenting with wheezy, the output of man pages failed with:

root@lnx:/# man bash

more: unknown option -erX
Usage: more [options] file...
Options:
  -d        display help instead of ring bell
  -f        count logical, rather than screen lines
  -l        suppress pause after form feed
  -p        suppress scroll, clean screen and disblay text
  -c        suppress scroll, display text and clean line ends
  -u        suppress underlining
  -s        squeeze multiple blank lines into one
  -NUM      specify the number of lines per screenful
  +NUM      display file beginning from line number NUM
  +/STRING  display file beginning from search string match
  -V        output version information and exit
man: command exited with status 1: LESS=-ix8RmPm Manual page bash(1) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$PM Manual page bash(1) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$ MAN_PN=bash(1) more

I noticed rly quick, from the strange message, that man needed less not more :slight_smile:
When I looked around, there were only more(s) - in jail’s tamplate .profile and .cshrc PAGER settings. Trying to edit those to PAGER less did not make any diff, because wheezy didn’t like FreeBSD setenv. So, I went to look for less in my fav. search engine, but there I found even more confusion:

http://unix.stackexchange.com/questions/21598/how-do-i-set-a-user-environment-variable-permanently-not-session
LOL

After an hour of mindless reading of other misleading hints, I eventually got it fixed somehow inside wheezy:

root@lnx:~# less .bashrc

# ~/.bashrc: executed by bash(1) for non-login shells.

# Note: PS1 and umask are already set in /etc/profile. You should not
# need this unless you want different defaults for root.
# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
# umask 022

# You may uncomment the following lines if you want `ls' to be colorized:
export LS_OPTIONS='--color=auto'
eval "`dircolors`"
alias ls='ls $LS_OPTIONS'
alias ll='ls $LS_OPTIONS -l'
alias l='ls $LS_OPTIONS -lA'
#
# Some more alias to avoid making mistakes:
# alias rm='rm -i'
# alias cp='cp -i'
# alias mv='mv -i'
export PAGER='less'   <--- it took less to do more :)

I’ll remember forever that less is better than more, if I ever run into something like this in iocell


#27

:thumbsup:

:-)

https://www.freebsd.org/cgi/man.cgi?query=iocage&sektion=8&manpath=ports I assume that the rewrite in Python has not invalidated any part of the manual page.

Re: iocage compared to Joe’s work (above), here’s a point from chat:

It is possible to have a jailed version of the OS that differs from the kernel. As long as the jailed version of the OS is older than the host kernel. You cant run a 12 CURRENT jail on a 10.3 host. But you can run a 10.3 jail on a 12 CURRRNT host. IOCAGE should be used for this. Not my scripts which will only use TrueOS 12 CURRRNT for the jail.


#28