Need help with Jail, FTP, and Permissions

[chravis]

I have gotten myself wrapped around the axle with permissions and such. Here's the deal:
I have created a jail and I installed Tomcat 9 into the jail. As far as I can tell it is working as it should (I can start tomcat and get to the manager application).

What I'm trying to do is figure out the easiest way to move a .war file into the webapps directory (/mnt/FreeNASPool1/iocage/jails/tomcat/root/usr/local/apache-tomcat-9.0/webapps).

I already had an ftp user and was able to ftp the .war file to a dataset and then move the file to the webapps directory with a command like this (from inside the FreeNAS shell):
mv /mnt/FreeNASPool1/dataset1/documents/mywar.war /mnt/FreeNASPool1/iocage/jails/tomcat/root/usr/local/apache-tomcat-9.0/webapps

But then based on some googling I think I need to also do the following:

chown www:www /mnt/FreeNASPool1/iocage/jails/tomcat/root/usr/local/apache-tomcat-9.0/webapps/mywar.war

I'm wondering two things:
1. Can I FTP directly to /mnt/FreeNASPool1/iocage/jails/tomcat/root/usr/local/apache-tomcat-9.0/webapps/ so I can skip the step of moving the file? Using FileZilla I can navigate to that directory, but I get permission denied if I try to move a file into it.

2. Is it possible to write a shell script that would do everything for me once I get the .war file on the server? It would stop tomcat. Remove the current .war file from the webapps directory, copy the new .war file to the webapps directory, change any permissions necessary, and then start tomcat?

 

[sretalla]

1. Can I FTP directly to /mnt/FreeNASPool1/iocage/jails/tomcat/root/usr/local/apache-tomcat-9.0/webapps/ so I can skip the step of moving the file? Using FileZilla I can navigate to that directory, but I get permission denied if I try to move a file into it.

If you're a user with permissions to do it, sure. Use scp to put the file there directly.

2. Is it possible to write a shell script that would do everything for me once I get the .war file on the server? It would stop tomcat. Remove the current .war file from the webapps directory, copy the new .war file to the webapps directory, change any permissions necessary, and then start tomcat?

Sure.

write a .sh file that does it (replace jailname with the name of the jail

Code:

#!/bin/sh

iocage exec jailname "service apache2 stop"

rm /mnt/FreeNASPool1/iocage/jails/tomcat/root/usr/local/apache-tomcat-9.0/webapps/mywar.war

# Next line maybe not needed if you scp the file or put the scp command here for the FreeNAS server to go and get it

# mv /mnt/FreeNASPool1/dataset1/documents/mywar.war /mnt/FreeNASPool1/iocage/jails/tomcat/root/usr/local/apache-tomcat-9.0/webapps

iocage exex jailname "chown www:www /usr/local/apache-tomcat-9.0/webapps/mywar.war"

iocage exec jailname "service apache2 start"

 

[chravis]

@sretalla thank you for the help. I'm working on the script and during the mv command I'm getting a permission denied, I think on the webapps folder inside the jail. Assume I need to change permissions on that folder? This is where I'm having issues.

 

[sretalla]

You could try changing the ownership of that directory to www:wheel. The Root user of the host should then have rights to it.

 

[chravis]

Thanks again @sretalla. One more question, this time about jail networking. I am assuming this is possible but I'm unclear which settings to use.
I have created a jail that is running mysql with a configured IP address of 192.168.1.20. I am able to connect to this database via Mysql Administrator on a separate Windows machine. So I know the mysql service is up and running.
Now, I have this tomcat jail which runs a java application that needs to connect to that database. I have set the jdbc url to 192.168.1.20 but it's unable to connect. This makes sense as I believe jails are supposed to be isolated from each other. But I assume there is some way to configure them to be able to communicate?

 

[sretalla]

I'm pretty sure that I have a number of jails talking to each other on their respective IPs and didn't do anything special (that I recall) to make that happen, so I'm not sure that what you're saying is entirely correct.

For sure if your jail was using NAT, it would be more like what you describe, but with VNET, the jail is a more-or-less equal with other hosts on the network, so can talk to others with that same status.

On why that isn't specifically working for you... that's not so easy for me to determine. Is the tomcat jail not using VNET?

 

[chravis]

You are correct. I do not have VNET checked on either of my jails. This is my first time creating jails (other than the plex jail, but I used the plugin). So, I wasn't sure what to check and what not to check, but I was suspecting VNET might be related.

 

[sretalla]

OK, so 192.168.1.20 is the address of FreeNAS also.

In that case, you need to work out the internal jail network IP addresses... I have never really looked into it, but I think it ends up going like 172.0.0.2, 172.0.0.3, etc. or something like that.

 

[chravis]

Well not quite. The Freenas server itself is 192.168.1.26. I have plex configured to .36, MineOS set to .16, mysql to .20, and tomcat to .22.
If the answer is to set up VNET on tomcat and/or mysql jails then I can do that, I just don't fully understand what all it does or means.

 

[sretalla]

If the answer is to set up VNET on tomcat and/or mysql jails then I can do that, I just don't fully understand what all it does or means.

VNET provides the jail with a fully independent network stack (so it can act like a physically separate box from the other jails).

 

[chravis]

Well I think I may have gotten ahead of myself anyways. I probably do have some db connection issues, but I also don't think I've completed my environment set up. The application is developed using the Grails framework on a Windows machine. I set up Grails and Groovy years ago and had forgotten that things don't just magically work. I guess my brain was initially thinking I could just install Tomcat into a jail, put a .war file in there, and things would work. But I think possibly at a minimum I need to install Groovy. I'll have to research it more.

 

[chravis]

Ok, disregard my previous comment. It does "just work" when deploying the war file.
It appears I had some other issues related to when I upgraded FreeNAS from 11.2 to 11.3 a few days ago. I needed to set the FreeNAS default gateway in Network > Global Configuration. Once I did that, I blew away both my mysql and tomcat jails and started over. This time the application in tomcat can communicate with mysql.