question about jail.

[masterpc]

Hello,

When the jail was introduced to FreeBSD, I installed it on my BSD box at that time.
Right now, I don't remember anything at all. :)

Well, the main reason I put a small SSD into my FreeNAS box was that I planned to install Apache, PHP, MySQL, and Java for testing purpose.
Once I installed FreeNAS 8, I noticed that I better not to make huge changes on boot partition since upgrade process may delete everything on the disk.
Therefore, I put 8G usb memory stick and installed FreeNAS 8 on it.

Now, what I'm considering is installing jail environment on a SSD disk and necessary softwares.

Is this possible on FreeNAS? and how to do it?

Any suggestion would be appreciated.


Thank you.

 

[ProtoSD]

You can do all the things you asked about with a Jail, but FreeNAS has fixed partitions on the flash drive and you can't use the remaining space on the disk. The other problem is that if you were somehow able to put a jail on the disk, it would be erased when you did an upgrade. Probably the best thing is just to create a dataset on your volume and put your jail in there.

 

[kashiwagi]

Wouldn't you need to edit the rc.conf, which gets reset after each reboot? Correct me if I'm wrong....

I've been looking into how to get some additional features on Freenas by either chrooting, using jails, or running freenas itself within esxi and then having another virtual machine to run the things I want. As a final option, I suppose using something other than freenas is also an option (nexentastor + nappit? bare metal Solaris Express 11? etc).

Anyway, if jails are a viable option on the current freenas branch, that would be really cool!

 

[ProtoSD]

Wouldn't you need to edit the rc.conf, which gets reset after each reboot?

With FreeNAS, everything (most of stuff I guess) in /etc gets gets created from /conf/base/etc so if you edit /conf/base/etc/rc.conf it gets copied to /etc on reboot. I didn't know much about Jails before, but I'm really digging them now. I use one now on my NAS that starts at boot every time, it's worked flawlessly.

 

[jgreco]

You should definitely be able to put jails into your storage pool.

I haven't actually tried this, but to get started, here's what I suggest:

Get the same release of FreeBSD installed on your FreeNAS (especially paying attention to amd64 vs i386). You can extract the files off an ISO or get them from the FTP servers. Stick them over on your datastore, /mnt/storage1 in this example, in a subdirectory of your choice.

Mount your root filesystem rw, "mount -u -o rw /"

Add a definition to /conf/base/etc/rc.conf and /etc/rc.conf for a jail.

jail_enable="YES"
jail_list="jail1"

jail_jail1_rootdir="/mnt/storage1/jails/jail1"
jail_jail1_ip="10.2.3.4"
jail_jail1_devfs_enable="YES"
jail_jail1_hostname="jail1.foo.com"

You can add more jails of course. Don't forget to tweak the network config of FreeNAS to have another network alias for jail_${foo}_ip.

Make the referenced directory.

# mkdir -p /mnt/storage1/jails/jail1

Go to the FreeBSD release you've stuffed on the server

# cd /mnt/storage1/freebsd/8.2-RELEASE/base
# setenv DESTDIR /mnt/storage1/jails/jail1
# sh install.sh
You are about to extract the base distribution into /mnt/storage1/jails/jail1 - are you SURE
you want to do this over your installed system (y/n)? y
#

Then you can try starting it :)

# /etc/rc.d/jail start jail1

Not guaranteed to work verbatim, but hopefully a solid push in the right direction. Happy hacking.

 

[ProtoSD]

You can also take a look at my HowTo for setting up JDownloader in a Jail. The steps are more detailed, and feedback from forum users has helped to make it 'idiot proof'. There are some shortcuts to installing the proper version of FreeBSD in the Jail and updating with current fixes, and creating a shared folder between the host and Jail. Here's a link:

HOWTO-Install-JDownloader-in-a-Jail

EDIT: The steps for installing Cygwin-X, downloading JDownloader, and installing Java are optional.

 

[masterpc]

Thank you for all replies!
I really appreciate it.

Once I have enough time to do it, I will try and post the result.

Thanks again :)

 

[kashiwagi]

What the hell! On Friday night, right before heading home from work I see all the great replies to this thread. Now my weekend is ruined! :D

In all seriousness though, thanks for all the great suggestions. I will definitely be trying this stuff out during the weekend. I really like the idea of storing the jails in the zfs pools (who needs virtual machines if you have jails?).

I really do need to read up on how jails work and interact with the host though ...

(it would be nice if the ip of the jail could be assigned by dhcp, which doesn't seem possible http://forums.freebsd.org/showthread.php?t=4386 )

 

[ProtoSD]

kashiwagi,

Security is main concern (also raw sockets are not allowed from jail so it will not broadcast itself). But jail was designed for virtual hosting for ISPs and hosting companies where static IP is norm.

That post is a little bit old. You can setup raw sockets for a jail in /etc/sysctrl.conf or /conf/base/etc

Things might have changed.

 

[kashiwagi]

After some tinkering I have gotten sabnzbd and sickbeard to work. However, I can't get them to startup normally when starting the jail. I have set rc.conf in the jail, but it doesn't seem to do anything.

Logging into the jail and executing the rc script manually works fine (well, at least for sabnzbd):
/usr/local/etc/rc.d/sabnzbd start

I have googled, and then googled some more, but I can't figure out if there is something "special" I need to do when dealing with rc in a jail.

 

[ProtoSD]

Hi kashiwagi,

I'm not sure why sabnzbd isn't starting, but there are a couple of things you can try. First make sure the hostname in /etc/hosts (Inside the jail) has a full domain name. So if your hostname was sabnzbd, your entry in /etc/hosts should be 192.168.1.99 sabnzbd sabnzbd.freenas.local (change the 192.168.1.99 to the IP for your jail). Another thing is there may be a variable in rc.conf that you need to set to enable sabnzbd, something like SABNZBD_ENABLE=YES (I'm just guessing at the name).

The other thing you can do is create a /etc/rc.local file and add the full path name of the commands you want to run and do a chmod 755 rc.local after you edit it. Here's an example rc.local:

Code:

#!/usr/local/bin/bash
#
su - admin -c "/usr/local/sabnzbd/sabnzbd.sh &"

You may not need the 'su - admin -c" part, try without it first, and you can put your other program in there also.

If you don't have bash installed inside the jail, change the first line in rc.local to #!/bin/sh

 

[kashiwagi]

protosd, thanks for all the help.

I would like to use the rc.d framework since it allows for graceful shutdown of the jail. Sabnzbd comes with rc.d scripts which are placed in /usr/local/etc/rc.d/sabnzbd. This can be started manually without problem, e.g. ./sabnzbd start. I have naturally set /etc/rc.conf appropriately (and done some checking to see that those values are being picked up in the sabnzbd rc script).

My conclusion is that no scripts in /usr/local/etc/rc.d/ are being executed at the boot time of the jail. Manually running "/bin/sh /etc/rc" from inside the jail also doesn't execute the /usr/local/etc/rc.d/ scripts.

The only thing I could find googling was that I should set early_late_divider="NETWORKING" in the rc.conf in the jail. I already had this enabled, and the posts are mostly from around 2005-2006, so it might not be relevant anymore as well.

If you have any ideas of something obvious I might have missed, let me know.

And again, thanks for all the help!

 

[ProtoSD]

Hi Kashiwagi,

I don't know the answer (yet), but there is this jail command you can add to the rc.conf file which is supposed to start a command after the jail starts. It might be a temporary answer. I can look some more, everything in a jail should work mostly the same as a regular system. You'll need to change the name of the jail 'serviio' to the name of your jail.

jail_serviio_exec_afterstart="/usr/local/some-command" (will start a command inside jail after booting)

 

[kashiwagi]

protosd,

yeah, that will work. You can just add exec_afterstarts after one another. Like:
jail_<jname>_exec_afterstart<N>
(str) Unset by default. This is the command run as Nth com-
mand in a jail after jail startup, where N is 1, 2, and so
on.

So that is what I am doing right now. I have no idea why "sh /etc/rc" doesn't properly search the /usr/local/etc/rc.d/ folder, but I suppose I can live with that for now. Now all I need to do is some proper testing to see that everything actually works as expected :D

 

[ProtoSD]

kashiwagi,

I'm glad to hear that will work. I've been digging and like you I haven't found much information, but I think I might have a clue. It seems that /etc/rc.conf inside the jail is empty (at least on mine). There's probably some stuff you need to have in there. Also there's a sysctl variable that gets set inside a jail that indicates that it is a jail and rc.subr checks that to decide what services should be started. Is your rc.conf empty, or did anything get added when you installed your packages? Let me know what you discover.

 

[kashiwagi]

My rc.conf was empty, and I set it up myself manually. The packages I installed just added a /usr/local/etc/rc.d/ scripts, and you are supposed to add the enabling line yourself in rc.conf.

There was a default/rc.conf, so you didn't really need to set anything in rc.conf.

As for rc.subr, it does seem to check if you are within a jail or not, but it will only exclude scripts which have "nojail" set, which my scripts do not. I have honestly read the rc, rc.d, rc.conf and rc.subr documentation, but nothing really useful so far. I have a better understanding of how things are supposed to work though :D

I am thinking that maybe there is something wrong with the rc-scripts themselves, that make them incompatible under jails. However, I have gone through the entire script, and everything seems to be in order :/

 

[omegadraconis]

Rc scripts function properly within a jail. My lighttpd/Mysql jail fires up using un-modified rc scripts. I setup an additional test jail and it seems sabnzbd rc script is broken when in a jail (possibly a normal install aswell?). In the same jail I disabled sendmail, enabled sshd, and had it start sabnzbd. Sabnzbd did not work but, the other services acted properly. The system error logs don't show anything, nor did sabnzbd logs show any sign that it attempted to start.

 

[kashiwagi]

Thanks for testing.

I gave up on the rc scripts, because it wasn't worth the effort to get working. I settled on exec_afterstart, which is chugging along just fine. So if anyone finds this thread googling/searching, I can report that sabnzbd/sickbeard/couchpotato all work fine under a FreeBSD jail, but there are issues with the rc scripts.