Install Debian GNU/Linux using debootstrap on a FreeBSD Jail with ZFS

  1. Install the tool Debootstrap, which installs Debian in a subdirectory of another system.
    Code:
    root@morsa:/root # portsnap fetch update 
    root@morsa:/root # portmaster sysutils/debootstrap
  2. Configure the file system where we will install the Jail.
    Code:
    root@morsa:/root # zfs create -o mountpoint=/jailz fbsdzpool1/jailz
    root@morsa:/root # zfs create fbsdzpool1/jailz/deb-master
    root@morsa:/root # mkdir /jailz/etc
  3. Load the necessary modules.
    Code:
    root@morsa:/root # kldload fdescfs linprocfs linsysfs tmpfs
  4. We enable jail support and compatibility with Linux.
    Code:
    root@morsa:/root # echo 'jail_enable="YES"' >> /etc/rc.conf
    root@morsa:/root # echo 'linux_enable="YES"' >> /etc/rc.conf
  5. Only if installing Squeeze, change the compatibility level declared 2.6.18.
    Code:
    root@morsa:/root #  echo 'compat.linux.osrelease=2.6.18' >> /etc/sysctl.conf
  6. Include in the configuration file /jailz/etc/jail.conf, change the IP address at your convenience:
    Code:
    deb-master {
     path = /jailz/deb-master;
     allow.mount;
     mount.devfs;
     host.hostname = deb-master;
     mount.fstab="/jailz/etc/fstab.deb-master";
     ip4.addr = [B]127.0.0.10[/B];
     interface = lo0;
     exec.start = "/etc/init.d/rc 3";
     exec.stop = "/etc/init.d/rc 0";
    }
  7. Define the mounting points for the jail in /jail/etc/fstab.dev-master:
    Code:
    linsys   /jailz/deb-master/sys         linsysfs  rw          0 0
    linproc  /jailz/deb-master/proc        linprocfs rw          0 0
    tmpfs    /jailz/deb-master/lib/init/rw tmpfs     rw,mode=777 0 0
  8. With debootstrap install Debian GNU/Linux, Lenny or Squeeze versions, in the path of the jail.
    Code:
    root@morsa:/root # debootstrap [B]--foreign --arch=i386[/B] lenny /jailz/deb-master http://archive.debian.org/debian/
    I: Retrieving Release
    W: Cannot check Release signature; keyring file not available /usr/share/keyring
    s/debian-archive-keyring.gpg
    I: Retrieving Packages
    I: Validating Packages
    I: Resolving dependencies of required packages...
    I: Resolving dependencies of base packages...
    I: Checking component main on http://archive.debian.org/debian...
    I: Retrieving libacl1 2.2.47-2
    I: Validating libacl1 2.2.47-2
    I: Retrieving adduser 3.110
    I: Validating adduser 3.110
    I: Retrieving apt-utils 0.7.20.2+lenny2
    I: Validating apt-utils 0.7.20.2+lenny2
    I: Retrieving apt 0.7.20.2+lenny2
    [B]....[/B]
    I: Extracting login...
    I: Extracting passwd...
    I: Extracting libslang2...
    I: Extracting initscripts...
    I: Extracting sysv-rc...
    I: Extracting sysvinit-utils...
    I: Extracting sysvinit...
    I: Extracting tar...
    I: Extracting tzdata...
    I: Extracting bsdutils...
    I: Extracting mount...
    I: Extracting util-linux...
    I: Extracting zlib1g...
  9. Inside the jail, delete the configuration files sysvinit_*.
    Code:
    root@morsa:/jailz/etc # ls /jailz/deb-master/var/cache/apt/archives/sysvinit_*
    /jailz/deb-master/var/cache/apt/archives/sysvinit_2.86.ds1-61_i386.deb
    root@morsa:/jailz/etc # rm /jailz/deb-master/var/cache/apt/archives/sysvinit_*
  10. We mount the filesystems of the jail, in this case, takes place after installation with debootstrap.
    Code:
    root@morsa:/root # mount -t linprocfs none /jailz/deb-master/proc
    root@morsa:/root # mount -t devfs none /jailz/deb-master/dev
    root@morsa:/root # mount -t linsysfs none /jailz/deb-master/sys
    root@morsa:/root # mount -t tmpfs none /jailz/deb-master/lib/init/rw
  11. Run a shell with chroot within the path of the jail.
    Code:
    root@morsa:/root # chroot /jailz/deb-master /bin/bash
  12. To complete the configuration of the jail, from the shell started in the chroot environment, run:
    Code:
    I have no name!@morsa:/# dpkg --force-depends -Ei /var/cache/apt/archives/*.deb
  13. We left the previous shell and unmount the previously mounted file systems in step 10.
    Code:
    root@morsa:/root # umount /jailz/deb-master/proc
    root@morsa:/root # umount /jailz/deb-master/dev
    root@morsa:/root # umount /jailz/deb-master/sys
    root@morsa:/root # umount /jailz/deb-master/lib/init/rw

    In the likely event that can not be unmounted /jailz/deb-master/dev because the filesystem is busy, run:
    Code:
    # fstat | grep deb-master # kill -9 PID (For each process listed in the previous step)
    Never start the jail without cleaning the processes and unmounting /jailz/deb-master/dev.
  14. You need to disable rsyslog inside the jail, because it is not supported by the Linux compatibility module. Therefore, before starting the jail, for each directory in the path /jailz/deb-master/etc/rcX.d (where X takes values from 0 to 6) rename the service startup scripts.
    Code:
    # mv S10rsyslog _S10rsyslog
    # mv K90rsyslog _K90rsyslog
  15. Start the jail, check that is correctly started and login.
    Code:
    root@morsa:/root # jail -f /jailz/etc/jail.conf -c deb-master
    deb-master: created
    Starting periodic command scheduler: crond.
    
    root@morsa:/root # jls
       JID  IP Address      Hostname                      Path
         1  127.0.0.10      deb-master                   /jailz/deb-master
    
    root@morsa:/root # jexec 1 /bin/bash
    deb-master:/# uname -a
    Linux deb-master 2.6.16 FreeBSD 9.1-RELEASE-p4 #0: Mon Jun 17 11:42:37 UTC 2013 i686 GNU/Linux
  16. Edit the file /etc/apt/sources.list and correct their content.
    Code:
    http://archive.debian.org/debian/ deb lenny main contrib non-free
  17. Update the package list.
    Code:
    deb-master:/# apt-get update
    Get:1 http://archive.debian.org lenny Release.gpg [1034B]
    Get:2 http://archive.debian.org lenny Release [99.6kB]
    Get:3 http://archive.debian.org lenny/main Packages [6872kB]
    Get:4 http://archive.debian.org lenny/non-free Packages [124kB]
    Get:5 http://archive.debian.org lenny/contrib Packages [94.3kB]
    Fetched 7191kB in 11s (649kB/s)
    Reading package lists... Done
  18. Shutdown the jail, the error messages are due to processes within the jail can not perform certain operations.
    Code:
    root@morsa:/root # jail -f /jailz/etc/jail.conf -r deb-master
    umount2: Operation not permitted
    umount: fbsdzpool1/jailz: must be superuser to umount
    umount2: Operation not permitted
    umount: fbsdzpool1/ROOT/91_30062013/usr: must be superuser to umount
    umount2: Operation not permitted
    umount: fbsdzpool1/ROOT/91_30062013/usr: must be superuser to umount
    umount2: Operation not permitted
    umount: fbsdzpool1/ROOT/91_30062013/var: must be superuser to umount
    umount2: Operation not permitted
    umount: fbsdzpool1/ROOT/91_30062013/var: must be superuser to umount
    failed.
    mount: fbsdzpool1/ROOT/91_30062013: unknown device
    Will now halt.
    ifdown: shutdown usbus0: Invalid argument
    ifdown: shutdown ath0: Invalid argument
    ifdown: shutdown usbus1: Invalid argument
    ifdown: shutdown lo0: Invalid argument
    ifdown: shutdown lo0: Invalid argument
    ifdown: shutdown eth1: Invalid argument 
    
    deb-master: removed
  19. Make a ZFS snapshot of the jail.
    Code:
    root@morsa:/root # zfs snapshot zfs snapshot fbsdzpool1/jailz/deb-master@lenny
    Now, we have a base jail, from which we can generate new jails with ZFS clones, then we added a new entry to /jailz/jail.conf and we created the file /jailz/etc/fstab.newjail.
    Code:
    # zfs clone fbsdzpool1/jailz/deb-master@lenny fbsdzpool1/jailz/newjail
 
I really appreciate the effort for posting a HOWTO but could you please review it before submitting it? It took me 20 minutes just to get rid of all the useless [font] references.
 
jail: getpwnam root: no such file or directory

First of all, thanks for the instructions. However, trying them out, I end up with a Linux environment I can chroot into, but not start a jail in.

Starting the jail fails with the following message:
Code:
jail: getpwnam root: no such file or directory

Digging around, it turns out this is a POSIX call for acquiring a password file entry:
http://linux.die.net/man/3/getpwnam

This would lead to assume that there is something wrong with the root account. It turns out this is somehow correct. The situation can be simulated by mounting linprocfs, linsysfs, devfs and tmpfs manually, then trying to log into the chroot environment:
> sudo chroot /jails/debian/ /bin/login
Then try as root:
hostname login: root
The login system hangs for a while, then fails:
Code:
Login incorrect

Logging in with login -f works, and one can use the shell generated thus to set password for root. This does not affect the outcome though.

I tried around different Debian releases and different values for osrelease, but it seems no matter what I do, it fails the same way.

Any help would be appreciated.

P.S. It is possible to install Debian Wheezy using the instructions above. To do this, you need to change the osrelease to 2.6.26 first:
sysctl compat.linux.osrelease=2.6.26

P.P.S. Rather than remove rsyslog from the startup manually, it is easier to delete the rsyslog package from /var/apt/cache/archives at the same time as deleting sysvinit archive, so it does not get started in the first place:

rm /jails/debian/var/apt/cache/archives/rsyslog_*
 
Hi @trilkk,

Some suggestions:

First of all, what is the FreeBSD version that you are using?, this guide was developed under FreeBSD 9.1-RELEASE-p4.

Next, to my mind setting
Code:
compat.linux.osrelease=2.6.26
is rather on the edge. In fact I tested this guide with Lenny and Squeeze but my advice is using Lenny, you con install Oracle 11gR2 on a jailed Lenny but no way with a jailed Squeeze.

In some cases you may need to run the step 12 repeatedly, until no more packages need to be processed. The mount points defined in the fstab for the jail need be tailored for the specific Debian release.

Do you run step 14 as is originally defined, or only with yours variation?.

You can read this post http://forums.freebsd.org/showthread.php?t=10485 regarding this error.
 
Last edited by a moderator:
apple said:
Detail: Alan Cox, a leading developer of Linux, said there no is GNU/Linux. Reference http://www.linuxjournal.com/node/1000111.

This falls along the line of politics. One has the right to call it "Debian Linux", "Debian GNU/Linux", or even "Chocolate-Covered-Peanut-Butter-Bar-With-Coconut Debian Linux" if they want. The naming convention of "Debian GNU/Linux" is commonly used in the Debian Community and is considered proper by them. Think of this tutorial as an alternative to the standard Fedora_10 base.
 
Thanks -- I will be trying this out once I get FreeBSD 10 running and configured a bit more on a spare machine. I'm definitely interested in seeing how much of Wheezy I can get up and running.

BTW, http://www.debian.org/releases/ clearly calls it Debian GNU/Linux Lenny in the "Index of Releases" section.
 
devildetail said:
You can read this post http://forums.freebsd.org/showthread.php?t=10485 regarding this error.

Thanks! This solved it. Now I'm able to successfully start the jail.

For the sake of having all necessary information in the same thread, after executing @devildetail's steps, run /usr/sbin/pwd_mkdb -d /<jaildir>/etc -p /<jaildir>/etc/master.passwd before starting the jail for the first time.

devildetail said:
Hi @trilkk,
First of all, what is the FreeBSD version that you are using?, this guide was developed under FreeBSD 9.1-RELEASE-p4.

This guide is now confirmed to work in FreeBSD 9.2-RELEASE.

devildetail said:
Next, to my mind setting
Code:
compat.linux.osrelease=2.6.26
is rather on the edge.

This is indeed the case.

To elaborate, I'm using the jail cross-compiling Linux applications and trying out demoscene stuff. The jail directory is, in my case, actually /compat/linux, which allows me to reuse it to run Linux applications from outside the jail.

It turns out that using Squeeze, getting sound to work for SDL applications is problematic. With Lenny, there are no problems whatsoever. The only problem being the apparent age of Lenny, which means you have to compile parts of the userland manually inside the jail.

devildetail said:
Do you run step 14 as is originally defined, or only with yours variation?.

After I reinstanted the jail to use Lenny, I still removed rsyslog manually before running dpkg. No problems with this approach.

So instead of step 9, run:
rm /<jaildir>/var/cache/apt/archives/rsyslog_* /<jaildir>/var/cache/apt/archives/sysvinit_*
 
Last edited by a moderator:
Hi,

You have an (copy/paste may be) error in point 10 last row.
Regarding point 7 correct mount should be:
Code:
root@morsa:/root # mount -t tmpfs none /jailz/deb-master[B]/lib/init/rw[/B]
instead:
Code:
root@morsa:/root # mount -t tmpfs none /jailz/deb-master
 
First, let me say thanks to everyone who has contributed in this thread, especially @devildetail and @trilkk. Thanks to your efforts I now have Debian Wheezy running like a champ on my FBSD FreeBSD box.

I just wanted to note a couple of issues and observations:

First, in Wheezy you should no longer mount a tmpfs at /lib/init/rw. Instead, the tmpfs should be mounted at /run. You can get the details at the /run entry in the Debian Wiki.

Second, I ran into a problem with dpkg and apt-get where I couldn't install or upgrade any packages because /var/lib/dpkg/status was missing 'Version' and 'Description' entries for dpkg. The error was:

Code:
dpkg: error: parsing file '/var/lib/dpkg/status' near line 2357
missing version

I fixed this by inserting the version value for dpkg given from running dpkg -l | grep dpkg for 'Version' and a dummy entry 'Description' -- any string will do for that, it seems; I used something like 'something something go crazy'. After making the edits, I ran apt-get -f install to fix some broken packages, and now package management seems to be working entirely as it should.

Also, I've set
Code:
compat.linux.osrelease=2.6.32
, which I suppose is even more on the bleeding edge than 2.6.26. Nonetheless, so far the jail works a treat -- but I'll be sure to note here any relevant issues I may encounter.

Again, thanks for everyone's efforts and insight.
 
Last edited by a moderator:
Somebody more knowledgeable please step in here, but are you sure you want lo0 to connect to the Internet? I thought loopback interfaces were generally used solely for TCP/IP stuff that's limited to localhost itself, not for connecting to the outside world. Are you asking about lo0 because it's the only interface that shows up when you run ifconfig?

If your issue is Internet access, as such, and not lo0 specifically, my guess is that you've got to edit /etc/resolv.conf. It seems that the standard practice is to just copy it from the host OS into the jail.
 
Re: Install Debian GNU/Linux using debootstrap on a FreeBSD

I use the lo0 is for educational purposes. You can find examples of configuring a virtual network interface in this forum: https://forums.freebsd.org/viewtopic.php?&t=36507.

Anyway, to get Internet access with the lo0 interface you can use the following method:

Code:
root@morsa:/root # kldload pf
root@morsa:/root # echo 'pf_enable="YES"' >> /etc/rc.conf
root@morsa:/root # echo "nat on wlan0 from 127.0.0.10 to any -> (wlan0)" >> /etc/pf.conf
 
Thanks for the how-to. Now that I've got Debian Squeeze installed in a jail, is there a how-to for setting up devices? I'd like to be able to access a USB printer from the Linux jail.
 
> "With debootstrap install Debian GNU/Linux, Lenny or Squeeze versions, in the path of the jail."

unfortunatley i don't think anyone can use your TIPS

i suggest most people aren't going to know what debootstrap is. (i made a script that installs debian fresh over a debian partition without CDROM, so i know)

Debian admins "particalized" and broke (lost parts, they will say by accident) of Squeeze probably lenny too by now.

they are on a "limbo" site that requires using jigdo to download them in a perverted form, reassemble, then to make CD of them. the ISO .. GONE, deleted - rather - they carefully removed them from public access

------------------------------

i suggest you make a "small chroot" (not full install), and a bootable flash or at least a flash sized image people can use (a pre-made chroot). much like people provide VM images - just offer the image for download on some GPL download site.

i don't think people will be able to follow scripted directions to get squeeze inside a chroot. it's been been tampered with / no longer available in that way unfortunately.

(i do not suggest doing this: but x-lfs-2010 is a linux from scratch (not LFS brand) that runs something close to squeeze but a little newer. to compile it requires getting squeeze bins, because, gotta start from somewhere. so if others wish to make LFS from scratch with simple script - i have to upload all the (just several) .deb bin packages required because debian admins have removed them from public pretty much.)
 
Hey,
Only if installing Squeeze, change the compatibility level declared 2.6.18.
Code:
  root@morsa:/root #  echo 'compat.linux.osrelease=2.6.18' >> /etc/sysctl.conf

Where can i find and how newer version of level declared then 2.6.18 ?
For now the newest version of Debian is stretch so what kind of level is available ? Where can i find that info.
By the way, great tutorial.
 
Back
Top