Strange things happening with jails?? Not starting up on boot or services not running inside!

Andrew Hotlab andrew.hotlab at hotmail.com
Thu Jun 3 22:04:46 UTC 2010 

----------------------------------------
> Date: Thu, 3 Jun 2010 22:15:21 +0300
> From: SamanKaya at netscape.net
> To: freebsd-jail at freebsd.org
> Subject: Strange things happening with jails?? Not starting up on boot or services not running inside!
>
> I have managed to create 4 and migrate many services in them already.
> The only issue is that one Jail containing the Postfix MTA which I use
> as an SMTP mail relay agent for my mail servers is not starting up when
> the OS has been rebooted or booted for that matter??
>
> I can't give any error logs as there are none but I can post the config
> which is here:
>
> JID IP Address Hostname Path
> 1 192.168.1.100 ns1.optiplex-networks.com /var/jail/named_1
> 2 192.168.1.101 ns2.optiplex-networks.com /var/jail/named_2
> 3 192.168.1.110 proxy.optiplex-networks.com /var/jail/squid
> 4 192.168.1.115 relay.optiplex-networks.com /var/jail/postfix
>
>
> jail_enable="YES"
> jail_list="named_1 named_2 squid"
> jail_named_1_rootdir="/var/jail/named_1"
> jail_named_1_hostname="ns1.optiplex-networks.com"
> jail_interface="em0"
> jail_named_1_ip="192.168.1.100"
> #jail_named_1_exec_start="/usr/local/bin/named"
> jail_named_1_devfs_enable="YES"
> jail_named_2_rootdir="/var/jail/named_2"
> jail_named_2_hostname="ns2.optiplex-networks.com"
> jail_interface="em0"
> jail_named_2_ip="192.168.1.101"
> jail_named_2_devfs_enable="YES"
> jail_squid_rootdir="/var/jail/squid"
> jail_squid_hostname="proxy.optiplex-networks.com"
> jail_interface="em0"
> jail_squid_ip="192.168.1.110"
> jail_squid_devfs_enable="YES"
> jail_postfix_rootdir="/var/jail/postfix"
> jail_postfix_hostname="relay.optiplex-networks.com"
> jail_interface="em0"
> jail_postfix_ip="192.168.1.115"
> jail_postfix_devfs_enable="YES"
>
>

These lines are in the file /etc/rc.conf on the jail host?  If you created all jails with ezjail, there should be nothing like that: all jail_ vars would have been written in files stored in /usr/local/etc/ezjail/ (by default).  If you are managing all jails with ezjail you can safely delete all these entries in the host's rc.conf (only remember to leave ezjail_enable="YES" if you want automatic startup of all jails at boot time)


>
> Now another few issues related to the services inside is that I'm trying
> to start Squid for my reverse proxy inside a Jail. However, the service
> won't start on it's own as I'm needing port 80 and there seems to be a
> block against normal users using ports <1024. I tested this by getting
> Squid to run on it's default port 3128 and it works.....
>
> However the logs or screen readout just tells me that the service cannot
> connect to port 80??
>
> May 31 17:47:11 proxy squid[4360]: Cannot open HTTP Port
> May 31 17:47:11 proxy squid[4358]: Squid Parent: child process 4360
> exited due to signal 6
> May 31 17:47:14 proxy squid[4358]: Squid Parent: child process 4364 started
> May 31 17:47:15 proxy squid[4364]: Cannot open HTTP Port
> May 31 17:47:15 proxy squid[4358]: Squid Parent: child process 4364
> exited due to signal 6
> May 31 17:47:18 proxy squid[4358]: Squid Parent: child process 4367 started
> May 31 17:47:18 proxy squid[4367]: Cannot open HTTP Port
> May 31 17:47:18 proxy squid[4358]: Squid Parent: child process 4367
> exited due to signal 6
> May 31 17:47:21 proxy squid[4358]: Squid Parent: child process 4370 started
> May 31 17:47:21 proxy squid[4370]: Cannot open HTTP Port
> May 31 17:47:21 proxy squid[4358]: Squid Parent: child process 4370
> exited due to signal 6
>
> I tried adding the user's Proxy and Squid to the group Wheel however
> again no such luck :-(
>

I've never had to make Squid listening on port 80, but referring its startup script in /usr/local/etc/rc.d/:

# squid_user:   The user id that should be used to run the Squid master
#               process. Default: squid.
#               Note that you probably need to define "squid_user=root" if
#               you want to run Squid in reverse proxy setups or if you want
#               Squid to listen on a "privileged" port < 1024.

So you only need to write the following line in /etc/rc.conf to have Squid listening on this privileged port:
squid_user="root"

I've just tried that with Squid 3.0 and it works (check the output of the command "sockstat -4l").

This is obviously a Squid-related issue, the fact that it's running in a jail is not relevant here.


Andrew

 		 	   		  
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969

More information about the freebsd-jail mailing list