Modify existing jails using jail -mv and jail.conf with multiple interfaces *always* fails for randomly selected jails: : jail: : unknown parameter:
Raphael Eiselstein
rabe at uugrn.org
Thu Oct 8 10:54:43 UTC 2015
Hi there,
I'm running some jail servers on 10.2-RELEASE without VIMAGE or
something like that but using jail(8) and jail.conf(5).
Something seems to be wrong on my jail.conf but I wasn't able to track
this down.
For example (output with additional line breaks):
----------------------------------------------
[root at top4 ~]# jail -mv uug_proxy
uug_proxy: jail_set(JAIL_UPDATE) jid=60 name=uug_proxy
devfs_ruleset=4 children.max=0 allow.set_hostname=false
allow.sysvipc=false allow.raw_sockets=false allow.chflags=false
allow.mount=false allow.mount.devfs=false allow.mount.nullfs=false
allow.mount.procfs=true allow.mount.zfs=true allow.quotas=false
allow.socket_af=false host.hostname=proxy.uugrn.lan
ip4.addr=10.253.1.13,164.177.171.13
ip6.addr=2a03:2500:1:6:d::
uug_proxy: updated
----------------------------------------------
----------------------------------------------
[root at top4 ~]# jail -mv uug_mail
: jail_set(JAIL_UPDATE) jid=44 name=uug_mail
devfs_ruleset=4 children.max=0 allow.set_hostname=false
allow.sysvipc=false allow.raw_sockets=false allow.chflags=false
allow.mount=false allow.mount.devfs=false allow.mount.nullfs=false
allow.mount.procfs=true allow.mount.zfs=true allow.quotas=false
allow.socket_af=false host.hostname=mail.uugrn.lan
=10.253.1.11,164.177.171.11 ip6.addr=2a03:2500:1:6:b::: Invalid argument
jail: : unknown parameter:
corresponding blocks from my jail.conf:
----------------------------------------------
…
uug_mail {
host.hostname = "mail.uugrn.lan";
path = "/jails/uug/mail";
ip4.addr = em1|10.253.1.11, em0|164.177.171.11;
ip6.addr = em0|2a03:2500:1:6:b::;
exec.prestart = "/root/bin/jail_zfs_snap.sh zroot/jails/uug/mail prestart";
exec.poststop = "/root/bin/jail_zfs_snap.sh zroot/jails/uug/mail poststop";
}
…
uug_proxy {
host.hostname = "proxy.uugrn.lan";
path = "/jails/uug/proxy";
ip4.addr = em1|10.253.1.13, em0|164.177.171.13;
ip6.addr = em0|2a03:2500:1:6:d::;
exec.prestart = "/root/bin/jail_zfs_snap.sh zroot/jails/uug/proxy prestart";
exec.poststop = "/root/bin/jail_zfs_snap.sh zroot/jails/uug/proxy poststop";
}
----------------------------------------------
I cannot see any difference between uug_mail and uug_proxy.
Stopping and starting those jails works using jail -rv and jail -cv:
----------------------------------------------
[root at top4 ~]# jail -rv uug_proxy
uug_proxy: run command in jail: /bin/sh /etc/rc.shutdown
uug_proxy: sent SIGTERM to: 26681 26678 26588
uug_proxy: removed
uug_proxy: run command: /root/bin/jail_zfs_snap.sh zroot/jails/uug/proxy poststop
Snapshotted zroot/jails/uug/proxy at 20151008124019_poststop, see /jails/uug/proxy/.zfs/snapshot/20151008124019_poststop
uug_proxy: run command: /sbin/umount /jails/uug/proxy/dev
uug_proxy: run command: /sbin/ifconfig em0 inet6 2a03:2500:1:6:d:: prefixlen 128 -alias
uug_proxy: run command: /sbin/ifconfig em0 inet 164.177.171.13 netmask 255.255.255.255 -alias
uug_proxy: run command: /sbin/ifconfig em1 inet 10.253.1.13 netmask 255.255.255.255 -alias
----------------------------------------------
----------------------------------------------
[root at top4 ~]# jail -rv uug_mail
uug_mail: run command in jail: /bin/sh /etc/rc.shutdown
uug_mail: sent SIGTERM to: 60825 60822 60763
uug_mail: removed
uug_mail: run command: /root/bin/jail_zfs_snap.sh zroot/jails/uug/mail poststop
Snapshotted zroot/jails/uug/mail at 20151008124024_poststop, see /jails/uug/mail/.zfs/snapshot/20151008124024_poststop
uug_mail: run command: /sbin/umount /jails/uug/mail/dev
uug_mail: run command: /sbin/umount -t nullfs /jails/uug/mail/freebsd
uug_mail: run command: /sbin/ifconfig em0 inet6 2a03:2500:1:6:b:: prefixlen 128 -alias
uug_mail: run command: /sbin/ifconfig em0 inet 164.177.171.11 netmask 255.255.255.255 -alias
uug_mail: run command: /sbin/ifconfig em1 inet 10.253.1.11 netmask 255.255.255.255 -alias
----------------------------------------------
----------------------------------------------
[root at top4 ~]# jail -cv uug_mail
uug_mail: run command: /sbin/ifconfig em1 inet 10.253.1.11 netmask 255.255.255.255 alias
uug_mail: run command: /sbin/ifconfig em0 inet 164.177.171.11 netmask 255.255.255.255 alias
uug_mail: run command: /sbin/ifconfig em0 inet6 2a03:2500:1:6:b:: prefixlen 128 alias
uug_mail: run command: /sbin/mount -t nullfs -o ro /tank/freebsd /jails/uug/mail/freebsd
uug_mail: run command: /sbin/mount -t devfs -oruleset=4 . /jails/uug/mail/dev
uug_mail: run command: /root/bin/jail_zfs_snap.sh zroot/jails/uug/mail prestart
Snapshotted zroot/jails/uug/mail at 20151008124133_prestart, see /jails/uug/mail/.zfs/snapshot/20151008124133_prestart
uug_mail: jail_set(JAIL_CREATE) persist name=uug_mail devfs_ruleset=4 children.max=0 allow.set_hostname=false allow.sysvipc=false allow.raw_sockets=false allow.chflags=false allow.mount=false allow.mount.devfs=false allow.mount.nullfs=false allow.mount.procfs=true allow.mount.zfs=true allow.quotas=false allow.socket_af=false host.hostname=mail.uugrn.lan path=/jails/uug/mail ip4.addr=10.253.1.11,164.177.171.11 ip6.addr=2a03:2500:1:6:b::
uug_mail: created
uug_mail: run command in jail: /bin/sh /etc/rc
uug_mail: jail_set(JAIL_UPDATE) jid=72 nopersist
----------------------------------------------
----------------------------------------------
[root at top4 ~]# jail -cv uug_proxy
uug_proxy: run command: /sbin/ifconfig em1 inet 10.253.1.13 netmask 255.255.255.255 alias
uug_proxy: run command: /sbin/ifconfig em0 inet 164.177.171.13 netmask 255.255.255.255 alias
uug_proxy: run command: /sbin/ifconfig em0 inet6 2a03:2500:1:6:d:: prefixlen 128 alias
uug_proxy: run command: /sbin/mount -t devfs -oruleset=4 . /jails/uug/proxy/dev
uug_proxy: run command: /root/bin/jail_zfs_snap.sh zroot/jails/uug/proxy prestart
Snapshotted zroot/jails/uug/proxy at 20151008124139_prestart, see /jails/uug/proxy/.zfs/snapshot/20151008124139_prestart
uug_proxy: jail_set(JAIL_CREATE) persist name=uug_proxy devfs_ruleset=4 children.max=0 allow.set_hostname=false allow.sysvipc=false allow.raw_sockets=false allow.chflags=false allow.mount=false allow.mount.devfs=false allow.mount.nullfs=false allow.mount.procfs=true allow.mount.zfs=true allow.quotas=false allow.socket_af=false host.hostname=proxy.uugrn.lan path=/jails/uug/proxy ip4.addr=10.253.1.13,164.177.171.13 ip6.addr=2a03:2500:1:6:d::
uug_proxy: created
uug_proxy: run command in jail: /bin/sh /etc/rc
uug_proxy: jail_set(JAIL_UPDATE) jid=73 nopersist
----------------------------------------------
after restarting jails and without any changes to jail.conf uug_mail
still cannot be updated using "jail -mv":
----------------------------------------------
[root at top4 ~]# jail -mv uug_mail
: jail_set(JAIL_UPDATE) jid=72 name=uug_mail devfs_ruleset=4 children.max=0 allow.set_hostname=false allow.sysvipc=false allow.raw_sockets=false allow.chflags=false allow.mount=false allow.mount.devfs=false allow.mount.nullfs=false allow.mount.procfs=true allow.mount.zfs=true allow.quotas=false allow.socket_af=false host.hostname=mail.uugrn.lan =10.253.1.11,164.177.171.11 ip6.addr=2a03:2500:1:6:b::: Invalid argument
jail: : unknown parameter:
----------------------------------------------
... "ip4.addr" and ${jail_name} are missing from output here and
obviously generate invalid properties for JAIL_UPDATE.
Maybe the jail.conf parser fails on "modify" but not on "create"?
This was just an example. I guess about 20% of my jails fail this way
just on "modify".
Any idea?
TIA and regards
Raphael
PS: I run this setup for local unix user group ("uug"), non-profit :)
--
SMTP: rabe at uugrn.org, rabe at sigsys.de
XMPP: rabe at sigsys.de
PGP: 4E63 5307 6F6A 036D 518D 3C4F 75EE EA14 F625 DB4E
.........|.........|.........|.........|.........|.........|.........|..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20151008/6c29bddc/attachment.bin>
More information about the freebsd-jail
mailing list