Solved FreeBSD 11.0 ezjail

I did migration 10.3 -> 11.0 today. It seems ezjail(7) is not supported any more. I know the old syntax was not supported for some time and warning was shown in 10.x.

Did anyone encountered the same problem, and even better, have a workaround for that ? Moving it all manually to /etc/jail.conf is my plan C.

jails are on ZFS, basejail synced with new userland, error shown in logs are related to missing /bin/* files:

Code:
jail: mail: exec /bin/sh: No such file or directory

# sh -x /usr/local/etc/rc.d/ezjail start webserver
..
..
Starting jails: cannot start jail  "webserver":
5
jail: webserver: sleep 2: failed
.
/etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables  is obsolete.  Please consider migrating to /etc/jail.conf.
I verified FS is mounted and ok. It seems it ignores now the /usr/local/etc/ezjail/webserver config completely.


EDIT: Ok, the error is due to the fact that ezjail fails to mount the basejail FS per jail (nullfs mount). But the problem is the same -- it seems ezjail configuration files are ignored.
 
I don't use ezjail fully for the same reason. I only use ezjail to manage jails (create, destroy, console, update) but I don't use it as a daemon.

You will have to configure /etc/jail.conf and use FreeBSD's jail daemon to start or stop jails: service jail start|stop|restart <jailname>

This might help setting up your jail config. https://forums.freebsd.org/threads/49561/

You can ignore the ezjail's <jailname> configs as its no longer useful and ignored.

It looks like it'll have to be fixed upstream for it to work completely in FreeBSD 10 and 11 otherwise it could be removed from ports as broken since it hasn't been updated for almost one year. Actually, the last update in HEAD was 4 months ago but it was minor and not related to the issue here.
 
Yeah, I was hoping there is some workaround I'm now aware of. That was the beauty of ezjail - it created and started jails nicely without too much effort. As I mentioned, plan C is to put it all to /etc/jail.conf, though I'm still hoping there's a way around it.
 
Yeah, I was hoping there is some workaround I'm now aware of. That was the beauty of ezjail - it created and started jails nicely without too much effort. As I mentioned, plan C is to put it all to /etc/jail.conf, though I'm still hoping there's a way around it.

There isn't a way around it until its fixed upstream. My solution works while leaving jails intact.
 
I've gone to the ezjail home page and sent an e-mail to the list address asking about this issue, as I don't want my jails to break when I upgrade to 11.0. It's odd that there's no reference to an online list archive to enable reading previous discussion on issues, and I've commented on that as well, as there must have been discussion of this before.
 
I've gone to the ezjail home page and sent an e-mail to the list address asking about this issue, as I don't want my jails to break when I upgrade to 11.0. It's odd that there's no reference to an online list archive to enable reading previous discussion on issues, and I've commented on that as well, as there must have been discussion of this before.

I have no issues with ezjail after upgraded FreeBSD from 10.3 to 11.0. /etc/jail.conf is still required and I use ezjail to manage jails. One of the biggest reason why I like ezjail is the basejail which makes it easy to upgrade all jails.
 
I've just had the following reply from Dirk Engling, so it sounds as if there's a technical compatibility problem needing some sort of interface script no one wants to write. I hope he doesn't mind me repeating it here.
The warning is there for a while now, since several major versions. It was introduced, when the jail tool was rewritten to read the new jail.conf file.

However no accompanying tool to automatically parse and edit this file was provided and until we have one, ezjail will need to work on its own config directory. If we do have a tool that can work on jail.conf or a jail.conf.d, ezjail will adopt it.

So no, it's not going away in 11, despite some warnings.

Does anyone know whether the parameters used by the two systems are the same, just differing by whether they're in separate files or braced sections in a single file, or quite different? If the former, it should be quite trivial to write a script to convert between them for anyone whose shell scripting is good enough (mine isn't - I could probably write something in PERL or PHP but who would want to add a huge port just to run one little script?).
 
Back
Top