I need some help for jail setup

I

ikevin8me

I need some help for jail setup.

We have now moved to jail.conf and the "devfs_ruleset" is giving us some problem.
Previously, it was something like jail_jailname_devfs_ruleset="devfsrules_jail" in the old style.

I tried to put "devfs_ruleset = "nginx_ruleset";"

and I'm getting this error:
Code: 
jail: nginx: devfs_ruleset: non-integer value "nginx_ruleset"
The entire jail.conf is:
Code: 
nginx {
    host.hostname = nginx.jpik.com;
    ip4.addr = 192.168.1.80;
    path ="/jails/nginx";
    devfs_ruleset = "nginx_ruleset";
    mount.devfs;
    exec.start = "/bin/sh /etc/rc";
    exec.stop = "/bin/sh /etc/rc.shutdown";
}

How can I resolve this?
 
ikevin8me said:
So, what is the numerical ID?
Click to expand...
Example:
Code: 
[devfsrules_unhide_basic=2]
add path log unhide
add path null unhide
add path zero unhide
add path crypto unhide
add path random unhide
add path urandom unhide
The numerical ID is 2 for this rule set.
 
OK. I changed it to:
Code: 
devfs_ruleset = 2;
or
devfs_ruleset = 4;
and the jail did get started.

However, I noticed another problem:
Upon executing service jail start nginx,
It hangs after "Starting jails:". I had to issue a break command (Command.Period) on macOS to stop it. The jail does show up in "jls". So, what is causing the hang up?

The jail.conf file is:
Code: 
nginx {
    host.hostname = nginx.jpik.com;
    ip4.addr = 192.168.1.80;
    path ="/jails/nginx";
    devfs_ruleset = 4;
    mount.devfs;
    exec.start = "/bin/sh /etc/rc";
    exec.stop = "/bin/sh /etc/rc.shutdown";
}
 
OK. I resolved the latter problem (ie. the hangup problem) by adding:
Code: 
    interface = em0;
:-)

Regarding the previous problem of the numerial ID, the documentation is wrong. Please consider updating it: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-build.html

The line should be changed to:
Code: 
    devfs_ruleset = 4;
May I suggest the documentation be updated to:
Code: 
www {
    host.hostname = www.example.org;           # Hostname
    ip4.addr = 192.168.0.10;                   # IP address of the jail
    interface = em0;                                # the network interface   --- TO ADD
    path ="/usr/jail/www";                     # Path to the jail
    devfs_ruleset = 4;                         # devfs ruleset --- TO CHANGE
    mount.devfs;                               # Mount devfs inside the jail
    exec.start = "/bin/sh /etc/rc";            # Start command
    exec.stop = "/bin/sh /etc/rc.shutdown";    # Stop command
}
 
The hanging is sometimes caused in jails with web servers or similar apps, when the server tries to resolve its hostname via DNS.
So if at the jail start time your DNS connection does not work (missing network interface in your case, or the connection to the DNS server cannot be established, or missing DNS settings), the jail start command just hangs for quite a long time (your jail startup timeout time, defined in the jail.conf).
I myself have had a number of these problems when the DNS server jail starts after jails that need it.
 
You must log in or register to reply here.
Back
Top