In this post, I’m not exporting an iocage jail to another host. I am moving the entire iocage instance to another host. This is accomplished by doing a zfs export on the zpool, moving the drives to a new system, and doing a zfs import.
The drive migration is covered in a previous post.
In this post:
The first power
The first power up after moving the drives indicated that iocage was running but could not find anything to start:
In the /var/log/iocage.log I saw:
2019/10/26 16:57:56 (ERROR) IOCAGE_SKIP is TRUE or an RC operation, not activating a pool. Please manually issue iocage activate POOL
This is all expected because there was no iocage instance mounted. The zpool import had not yet bee done. The drives were moved over while the new server was powered off. The server cold have been powered on; it just wasn’t.
iocage list
I ran this command and it froze:
[dan@r720-01:~] $ iocage list ******************************************************************************** fdescfs(5) is not mounted, performance may suffer. Please run: mount -t fdescfs null /dev/fd You can also permanently mount it in /etc/fstab with the following entry: fdescfs /dev/fd fdescfs rw 0 0 ******************************************************************************** ^C Aborted!
Examining processes, I see:
[dan@r720-01:~] $ ps auwwx | grep iocage dan 4483 15.3 0.0 50992 40988 0 R+ 17:15 0:01.61 /usr/local/bin/python3.6 /usr/local/bin/iocage list dan 4485 0.0 0.0 11204 2796 1 R+ 17:15 0:00.00 grep iocage dan 4326 0.0 0.0 50992 40992 0 S+ 17:08 0:00.98 /usr/local/bin/python3.6 /usr/local/bin/iocage list [dan@r720-01:~] $
Looking at the old host, I am missing this entry:
[dan@r710-01:~] $ grep fdescfs /etc/fstab fdescfs /dev/fd fdescfs rw 0 0 [dan@r710-01:~] $
I added it that to /etc/fstab on the host and issued these commands:
[dan@r720-01:~] $ sudo mount fdescfs [dan@r720-01:~] $ mount | grep fdescfs fdescfs on /dev/fd (fdescfs) [dan@r720-01:~] $
Now I see:
[dan@r720-01:~] $ iocage list +-----+---------------------------------+-------+--------------+-------------------------------+ | JID | NAME | STATE | RELEASE | IP4 | +=====+=================================+=======+==============+===============================+ | - | bacula-sd-02.int.unixathome.org | down | 12.0-RELEASE | 172.16.214.33 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | deleteme | down | 12.0-RELEASE | - | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | dev-pgeu | down | 12.0-RELEASE | 172.16.214.35 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | mqtt01 | down | 12.0-RELEASE | 127.1.0.201,ix0|172.16.214.10 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | pg02.int.unixathome.org | down | 12.0-RELEASE | 172.16.214.32 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | pg03.int.unixathome.org | down | 12.0-RELEASE | 172.16.214.34 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | pkg01 | down | 12.0-RELEASE | 172.16.214.29 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | pkg02 | down | 12.0-RELEASE | 172.16.214.30 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | pkg03 | down | 12.0-RELEASE | 172.16.214.47 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | pkg04 | down | 12.0-RELEASE | 172.16.214.48 | +-----+---------------------------------+-------+--------------+-------------------------------+ [dan@r720-01:~] $
But wait! There’s more!
Just as I was about to start these jails, I remembered some are special.
$ grep rules /iocage/jails/*/config.json /iocage/jails/bacula-sd-02.int.unixathome.org/config.json: "devfs_ruleset": "6", /iocage/jails/deleteme/config.json: "devfs_ruleset": "4", /iocage/jails/dev-pgeu/config.json: "devfs_ruleset": "4", /iocage/jails/mqtt01/config.json: "devfs_ruleset": "4", /iocage/jails/pg02.int.unixathome.org/config.json: "devfs_ruleset": "4", /iocage/jails/pg03.int.unixathome.org/config.json: "devfs_ruleset": "4", /iocage/jails/pkg01/config.json: "devfs_ruleset": "4", [dan@r720-01:~] $
bacula-sd-02.int.unixathome.org needs that devfs_ruleset 6. Let’s get that from the old host first.
[dan@r710-01:~] $ cat /etc/devfs.rules [devfsrules_jail_unhide_tapes=5] add path sa0 unhide add path pass8 unhide mode 0660 add path pass9 unhide mode 0660 add path ch0 unhide add path nsa0 unhide add path sa1 unhide add path pass6 unhide add path pass7 unhide mode 0660 add path ch1 unhide add path nsa1 unhide [devfsrules_jail_bacula=6] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path zfs unhide add include $devfsrules_jail_unhide_tapes [dan@r710-01:~] $
For more information on what this magic is doing, please readn Moving bacula-sd into a FreeBSD jail or Using Bacula in a jail.
I copied the whole thing over from the old host to the new host, saved the file, then issued this command:
[dan@r720-01:~] $ sudo service devfs restart [dan@r720-01:~] $
Time to start
Now that the new zpool has been imported and /etc/devfs.rules is updated, let’s try starting one jail.
[dan@r720-01:~] $ sudo iocage start bacula-sd-02 * Starting bacula-sd-02_int_unixathome_org + Started OK + Using devfs_ruleset: 6 + Using IP options: ip4.addr=ix0|172.16.214.33 ip4.saddrsel=1 ip4=new ip6.saddrsel=1 ip6=new + Starting services OK + Executing poststart OK [dan@r720-01:~] $
That worked, and I can ssh in. Time to start them all.
[dan@r720-01:~] $ sudo service iocage start * [I|O|C] starting jails... [dan@r720-01:~] $ iocage list +-----+---------------------------------+-------+--------------+-------------------------------+ | JID | NAME | STATE | RELEASE | IP4 | +=====+=================================+=======+==============+===============================+ | 1 | bacula-sd-02.int.unixathome.org | up | 12.0-RELEASE | 172.16.214.33 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | deleteme | down | 12.0-RELEASE | - | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | dev-pgeu | down | 12.0-RELEASE | 172.16.214.35 | +-----+---------------------------------+-------+--------------+-------------------------------+ | 3 | mqtt01 | up | 12.0-RELEASE | 127.1.0.201,ix0|172.16.214.10 | +-----+---------------------------------+-------+--------------+-------------------------------+ | 5 | pg02.int.unixathome.org | up | 12.0-RELEASE | 172.16.214.32 | +-----+---------------------------------+-------+--------------+-------------------------------+ | 2 | pg03.int.unixathome.org | up | 12.0-RELEASE | 172.16.214.34 | +-----+---------------------------------+-------+--------------+-------------------------------+ | 4 | pkg01 | up | 12.0-RELEASE | 172.16.214.29 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | pkg02 | down | 12.0-RELEASE | 172.16.214.30 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | pkg03 | down | 12.0-RELEASE | 172.16.214.47 | +-----+---------------------------------+-------+--------------+-------------------------------+ | - | pkg04 | down | 12.0-RELEASE | 172.16.214.48 | +-----+---------------------------------+-------+--------------+-------------------------------+ [dan@r720-01:~] $
That worked! Let’s wait for the Nagios monitoring to complete.
Networking missed
I missed copying over one networking item from /etc/rc.conf:
ifconfig_lo1_alias0="inet 127.1.0.201/32" # ot-recorder will listen on this in mqtt01 jail
All green on Nagios
We are no all green on Nagios.
Mission accomplished. I expected bigger problems.
