jail: fetch: transfer timed out / protocol not supported

 General  No Responses »
Mar 312012
 

After recent efforts to get old jails running on a new server, I tried to upgrade some ports today. I failed.

portupgrade was erroring out and reporting: protocol not supported

A simple fetch http://www.google.com/ was giving me fetch: transfer timed out

I tried portaudit -Fa. Nothing. fetch: transfer timed out

I checked ifconfig on the jail host. There is was. I’ll show only a small part of the ifconfig output:

$ ifconfig
	inet 10.45.0.100 netmask 0x20 broadcast 255.255.255.255
	inet 10.45.0.101 netmask 0x20 broadcast 255.255.255.255
	inet 10.45.0.102 netmask 0xffffffff broadcast 10.45.0.102
	inet 10.45.0.104 netmask 0xffffffff broadcast 10.45.0.104

See that 0×20. That’s wrong. It should be 0xffffffff like the others. I recall making this error at the time.

I had copied pasted the entries from /etc/rc.conf to the command line. In my haste, I tried:

sudo ifconfig em0 alias 10.45.0.101/32

Which failed. So then I tried:

sudo ifconfig em0 alias 10.45.0.101 netmask 32

Which succeeded, but was not what I wanted.

Solution, stop the jail in question, then:

sudo ifconfig em0 delete 10.45.0.100
sudo ifconfig em0 alias 10.45.0.100 netmask 255.255.255.255

After, restart the jail. All was well.

jail: execv: /bin/sh: No such file or directory

 BSDCan, FreeBSD, General, hardware, Open Source, The FreeBSD Diary  No Responses »
Mar 312012
 

Recently, I was moving some jails from one server to another.

First, I created the jail using the -x switch, which indicates the jail already exists, don’t create it, just add entries for it:

# ezjail-admin create -f bacula -x mysql41.example.org 10.35.0.100
Warning: Some services already seem to be listening on IP 10.35.0.100
  This may cause some confusion, here they are:
root     ntpd       63822 25 udp4   10.35.0.100:123       *:*
Warning: Some services already seem to be listening on all IP, (including 10.35.0.100)
  This may cause some confusion, here they are:
root     ntpd       63822 20 udp4   *:123                 *:*
#

Then, I tried starting that jail:

# /usr/local/etc/rc.d/ezjail.sh start
 ezjailConfiguring jails:.
Starting jails: cannot start jail "mysql41_unixathome_org":
jail: execvp: /bin/sh: No such file or directory
.
[root@kraken /usr/local/etc/ezjail]#

DOH! Why?

Eventually, I read through my old notes and realized: I have never run on jails on this new server.

I had not created the basejail…

ezjail-admin update -ip

This step takes quite some time. Be prepared.

But that was not quite enough. ezjail uses symlinks. Extensively. They are missing. Compare this newly created jail with my old jail:

[root@kraken /storage/compressed/jails]# ls -l pg74.unixathome.org XXXXXXXXXXX.unixathome.org
XXXXXXXXXXX.unixathome.org:
total 41
-rw-r--r--   2 root  wheel   794 Mar 30 18:25 .cshrc
-rw-r--r--   2 root  wheel   261 Mar 30 18:25 .profile
-r--r--r--   1 root  wheel  6196 Mar 30 18:25 COPYRIGHT
drwxr-xr-x   2 root  wheel     2 Mar 30 18:25 basejail
lrwxr-xr-x   1 root  wheel    13 Mar 30 18:25 bin -> /basejail/bin
lrwxr-xr-x   1 root  wheel    14 Mar 30 18:25 boot -> /basejail/boot
dr-xr-xr-x   2 root  wheel     2 Mar 30 18:25 dev
drwxr-xr-x  20 root  wheel   101 Mar 30 18:25 etc
lrwxr-xr-x   1 root  wheel    13 Mar 30 18:25 lib -> /basejail/lib
lrwxr-xr-x   1 root  wheel    17 Mar 30 18:25 libexec -> /basejail/libexec
drwxr-xr-x   2 root  wheel     2 Mar 30 18:25 media
drwxr-xr-x   2 root  wheel     2 Mar 30 18:25 mnt
dr-xr-xr-x   2 root  wheel     2 Mar 30 18:25 proc
lrwxr-xr-x   1 root  wheel    16 Mar 30 18:25 rescue -> /basejail/rescue
drwxr-xr-x   2 root  wheel     6 Mar 30 18:25 root
lrwxr-xr-x   1 root  wheel    14 Mar 30 18:25 sbin -> /basejail/sbin
lrwxr-xr-x   1 root  wheel    11 Mar 30 18:25 sys -> usr/src/sys
drwxrwxrwt   6 root  wheel     6 Mar 30 18:28 tmp
drwxr-xr-x   5 root  wheel    16 Mar 30 18:25 usr
drwxr-xr-x  24 root  wheel    24 Mar 30 18:28 var

pg74.unixathome.org:
total 47
-rw-r--r--   1 root  wheel   794 Jan 22  2010 .cshrc
-rw-r--r--   1 root  wheel   261 Jan 22  2010 .profile
-r--r--r--   1 root  wheel  6202 Jan 22  2010 COPYRIGHT
drwxr-xr-x   2 root  wheel     2 Jan 22  2010 basejail
dr-xr-xr-x   2 root  wheel     2 Jan 22  2010 dev
drwxr-xr-x  21 root  wheel   106 Aug 21  2010 etc
drwxr-xr-x   3 root  wheel     3 Jan 22  2010 home
drwxr-xr-x   2 root  wheel     2 Jan 22  2010 media
drwxr-xr-x   2 root  wheel     2 Jan 22  2010 mnt
dr-xr-xr-x   2 root  wheel     2 Jan 22  2010 proc
drwxr-xr-x   2 root  wheel     9 Jan 23  2010 root
drwxrwxrwt   6 root  wheel   183 Jul 28  2011 tmp
drwxr-xr-x   5 root  wheel     5 Jan 22  2010 usr
drwxr-xr-x  24 root  wheel    24 Jul 27  2011 var
[root@kraken /storage/compressed/jails]#

After creating those symlinks by hand, the jail still would not start:

# /usr/local/etc/rc.d/ezjail.sh start
 ezjailConfiguring jails:.
Starting jails: mysql41.unixathome.org.
# jls
   JID  IP Address      Hostname                      Path

Hmm, starting the jail manually yields a clue:

# jail /storage/compressed/jails/mysql41.unixathome.org mysql41.unixathome.org 10.55.0.100 /bin/sh
Cannot read termcap database;
using dumb terminal settings.
#

The solution: create symlinks by hand:

cd /storage/compressed/jails/mysql41.unixathome.org
ln -s /basejail/bin
ln -s /basejail/boot
ln -s /basejail/lib
ln -s /basejail/libexec
ln -s /basejail/rescue
ln -s /basejail/sbin
ln -s usr/src/sys

cd /storage/compressed/jails/mysql41.unixathome.org/usr
ln -s /basejail/usr/bin
ln -s /basejail/usr/games
ln -s /basejail/usr/include
ln -s /basejail/usr/lib
ln -s /basejail/usr/lib32
ln -s /basejail/usr/libdata
ln -s /basejail/usr/libexec
ln -s /basejail/usr/ports
ln -s /basejail/usr/sbin
ln -s /basejail/usr/share
ln -s /basejail/usr/src

Now the jail starts.

Upgrading to Bacula database version 14

 General  No Responses »
Mar 262012
 

After running the script which upgrades your Bacula database to version 14, there are a couple of fix-ups you may wish to run:

alter table restoreobject owner to bacula;
grant all on restoreobject_restoreobjectid_seq to bacula;
grant all on restoreobject to bacula;

You may or may not have to do this, depending on how you ran the upgrade script.

Examine the following command output for your database:

bacula=# \dt restoreobject
            List of relations
 Schema |     Name      | Type  | Owner
--------+---------------+-------+--------
 public | restoreobject | table | bacula
(1 row)

bacula=#

If the table owner is not bacula, you have to run the script.