Solved Question about FreeBSD Handbook 17.5.1. Creating a Thin Jail Using OpenZFS Snapshots

ykla

ykla

First of all, thank you to the author for the article. However, I noticed some inconsistencies and points of confusion. https://docs.freebsd.org/en/books/handbook/jails/#thin-jail


Code: 
root@ykla:/home/ykla #  zfs create -p zroot/jails/templates/14.2-RELEASE
root@ykla:/home/ykla # fetch https://download.freebsd.org/ftp/releases/amd64/amd64/14.2-RELEASE/baase.txz -o /usr/local/jails/media/14.2-RELEASE-base.txz
fetch: /usr/local/jails/media/14.2-RELEASE-base.txz: open(): No such file or directory
root@ykla:/home/ykla # mkdir -p /usr/local/jails/media/
root@ykla:/home/ykla # fetch https://download.freebsd.org/ftp/releases/amd64/amd64/14.2-RELEASE/base.txz -o /usr/local/jails/media/14.2-RELEASE-base.txz
/usr/local/jails/media/14.2-RELEASE-base.txz           196 MB   37 MBps    06s
root@ykla:/home/ykla #  tar -xf /usr/local/jails/media/14.2-RELEASE-base.txz -C /usr/local/jails/ttemplates/14.2-RELEASE --unlink
tar: could not chdir to '/usr/local/jails/templates/14.2-RELEASE'

root@ykla:/home/ykla # mkdir -p /usr/local/jails/templates/14.2-RELEASE
root@ykla:/home/ykla #  tar -xf /usr/local/jails/media/14.2-RELEASE-base.txz -C /usr/local/jails/templates/14.2-RELEASE --unlink
root@ykla:/home/ykla #  cp /etc/resolv.conf /usr/local/jails/templates/14.2-RELEASE/etc/resolv.connf
root@ykla:/home/ykla # cp /etc/localtime /usr/local/jails/templates/14.2-RELEASE/etc/localtime
root@ykla:/home/ykla # zfs snapshot zroot/jails/templates/14.2-RELEASE@base
root@ykla:/home/ykla #  zfs clone zroot/jails/templates/14.2-RELEASE@base zroot/jails/containers/tthinjail
cannot create 'zroot/jails/containers/thinjail': parent does not exist
root@ykla:/home/ykla # zfs create -p zroot/jails/containers
root@ykla:/home/ykla #  zfs clone zroot/jails/templates/14.2-RELEASE@base zroot/jails/containers/
thinjail
root@ykla:/home/ykla # ee  /etc/jail.conf
^[ (escape) menu ^y search prompt ^k delete line   ^p prev li     ^g prev page
^o ascii code    ^x search        ^l undelete line ^n next li     ^v next page
^u end of file   ^a begin of line ^w delete word   ^b back 1 char ^z next word
^t top of text   ^e end of line   ^r restore word  ^f forward char
^c command       ^d delete char   ^j undelete char              ESC-Enter: exit
=====line 19 col 1 lines from top 19                         ==================
thinjail {                       
  # STARTUP/LOGGING              
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";
  exec.consolelog = "/var/log/jail_console_${name}.log";
                                 
  # PERMISSIONS                  
  allow.raw_sockets;             
  exec.clean;                    
  mount.devfs;                   
                                 
  # HOSTNAME/PATH                
  host.hostname = "${name}";     
  path = "/usr/local/jails/containers/${name}";

  # NETWORK
  ip4 = inherit;
  interface = em0;
}

"/etc/jail.conf" 19 lines, 378 characters
root@ykla:/home/ykla # sysrc jail_enable="YES"
jail_enable: NO -> YES
root@ykla:/home/ykla #  sysrc jail_parallel_start="YES"
jail_parallel_start: NO -> YES
root@ykla:/home/ykla # service jail start thinjail
Starting jails: cannot start jail  "thinjail":
jail: thinjail: mount.devfs: /usr/local/jails/containers/thinjail/dev: No such file or directory
.
root@ykla:/home/ykla # ee  /etc/jail.conf
^[ (escape) menu ^y search prompt ^k delete line   ^p prev li     ^g prev page
^o ascii code    ^x search        ^l undelete line ^n next li     ^v next page
^u end of file   ^a begin of line ^w delete word   ^b back 1 char ^z next word
^t top of text   ^e end of line   ^r restore word  ^f forward char
^c command       ^d delete char   ^j undelete char              ESC-Enter: exit
=====line 10 col 1 lines from top 10                         ==================
thinjail {                       
  # STARTUP/LOGGING              
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";
  exec.consolelog = "/var/log/jail_console_${name}.log";
                                 
  # PERMISSIONS                  
  allow.raw_sockets;             
  exec.clean;                    
#  mount.devfs;                  
                                 
  # HOSTNAME/PATH                
  host.hostname = "${name}";     
  path = "/usr/local/jails/containers/${name}";

  # NETWORK
  ip4 = inherit;
  interface = em0;
}

"/etc/jail.conf" 19 lines, 379 characters
root@ykla:/home/ykla # service jail start thinjail
Starting jails: cannot start jail  "thinjail":
jail: thinjail: path /usr/local/jails/containers/thinjail: No such file or directory
.
root@ykla:/home/ykla # mkdir -p /usr/local/jails/containers/thinjail
root@ykla:/home/ykla # service jail start thinjail
Starting jails: cannot start jail  "thinjail":
1
jail: thinjail: getpwnam: No such file or directory
jail: thinjail: /bin/sh /etc/rc: failed
.


I observed that zroot/jails/templates/14.2-RELEASE, /usr/local/jails/templates/14.2-RELEASE, zroot/jails/containers/thinjail, /usr/local/jails/containers/, and /usr/local/jails/media are being used interchangeably as multiple datasets or directories. This might lead to some issues.

The created ZFS dataset is zroot/jails/containers/thinjail. Why is the startup path in the configuration file set to /usr/local/jails/containers/? Moreover, /usr/local/jails/containers/ was never mentioned earlier in the text.
 
Post the output of zfs list -o mountpoint,canmount zroot/jails/containers/thinjail

ykla said:
Why is the startup path in the configuration file set to /usr/local/jails/containers/?
Click to expand...
ykla said:
Code: 
host.hostname = "${name}"; 
path = "/usr/local/jails/containers/${name}";
Click to expand...

Compare the mountpoint of the dataset with the path settings in jail.conf.
 
You must log in or register to reply here.
Back
Top