pkg -j first _jail install does not work

Aruns

New Member


Messages: 6

Hi All, I am new to jail and am learning; I have created few jails,
Code:
root@FreeBSD113:~ # jls
   JID  IP Address      Hostname                      Path
     1  10.0.0.6        y_jail                        /usr/jails/y_jail
     2  10.0.0.2        firts_jls                     /usr/jails/firts_jls
am trying to install python on a jail
Code:
root@FreeBSD113:~ # pkg -j firts_jls install python3
Updating FreeBSD repository catalogue...
pkg: http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/meta.txz: No address record
repository FreeBSD has no meta file, using default settings
pkg: http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/packagesite.txz: No address record
Unable to update repository FreeBSD
Error updating repositories!
The VM has internet connection. Please suggest me the work around to fix this.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,358
Messages: 33,929

"No address record" indicates problems with DNS name resolving. Check your /etc/resolv.conf.
 

chrbr

Aspiring Daemon

Reaction score: 309
Messages: 773

Dear Aruns,
I assume that the jails just have the lo1 address. I have that setup as well. The problem is how to communicate with the outer world via your hosts network interface. There are three options I am aware of.
  1. Assign an additional address of the hosts interface to the jail.
  2. Use NAT to let packets transfer from and to the jails interface lo1.
  3. Use proxies on the host which listen at lo1.
I am describing the third path. The reason is that I like dns/unbound to do filtering based on host files. Additionally I have used www/privoxy for http filtering, too. Both proxies can listen on various interfaces.

For dns/unbound you need the package or port. The is a local unbound in the base system, but it cannot be configured to listen elsewhere (if I am not wrong).

/usr/local/etc/unbound/unbound.conf is the configuration file. Please add to the appropriate sections
Code:
interface: 10.0.0.1
access-control: 10.0.0.0/8 allow

For http I have switched to www/squid.
/usr/local/etc/squid/squid.conf is the configuration file. Just add
Code:
acl localnet src 10.0.0.0/8
shutdown_lifetime 1 seconds
pinger_enable off
The first line allows www/squid listen to lo1. The second line let www/squid terminate faster when you shutdown your computer. I do not remember what the third line was good for or if it is necessary or not.

The jail of course has to know there to ask for DNS resolution. This is configured in /usr/jails/YOURJAIL/etc/resolv.conf as
Code:
nameserver 10.0.0.1

Now you have pkg() in the jails where to look at. The configuration is /usr/jails/YOURJAIL/usr/local/etc/pkg.conf. Please add
Code:
pkg_env: {
        http_proxy: "http://10.0.0.1:3128",
}
This is where www/squid should listen to. 3128 is the default port number. The repository is configured in /usr/jails/YOURJAIL/usr/local/etc/pkg/repos/FreeBSD.conf. On my system it is
Code:
FreeBSD: {
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}
.

If you have configured and started www/squid and dns/unbound netstat -a -p tcp -n and netstat -a -p udp -n should show the proxies listening to their ports.

To start www/squid and dns/unbound at boot time add
Code:
squid_enable="yes"
unbound_enable="yes"
to /etc/rc.conf. For testing you can start them using service start squid and stopping by service stop squid. Type onestart and onestop if the entries are not yet in /etc/rc.conf.

I hope I have not forgotten anything. EDIT: What popped up into my mind: I am not 100% sure if I have had to assign an adress of the hosts interface temprorary, just for the very first pkg -j YOURJAIL something when pkg has not yet been present in the jail. I will try that these days. EDIT2: I have just tried it using a brand new jail, there is no need for that.
 
Top