Moving one jail from host to host

Leave a Comment / FreeBSD, Jails, Open Source / By

This is a quick post about the steps I’m using to move my jails from one host to another. This is bing done as I merge two hosts into one. I have not attempted to automate this, apart from the initial syncoid copying of data. This post is base roughly upon my Mastodon post from yesterday.

In this post:

  • FreeBSD 13.1
  • sanoid-2.1.0
  • copying from slocum
  • copying to r730-01
  • use of /etc/jail.conf.d/

Right, now, the jail I am copying is zm.

Here we go.

stop the jail

[slocum dan ~] % sudo service jail stop zm                                                                               18:28:49
Stopping jails: zm.

Then comment out that jail in /etc/jail.conf.

zm {
    ip4.addr = "10.55.0.41";
}

Disable that IP address on the old host

In this case, the IP address is not assigned when the jail is started. It’s probably in /etc/rc.conf.

In addition to commenting out that line in that file, I also removed it from that host:

[slocum dan ~] % sudo ifconfig ix2 10.55.0.41/32 delete
[slocum dan ~] %

That frees up the IP address to be used on the other host.

Create the new jail configuration

If you’re not using ansible, just use whatever you use for jail configuration.

In my ansible configuration, I added this file, roles/jail.conf.d/templates/zm.conf.j2. If you’re using ansible, the code is at https://git.langille.org/dvl/ansible/src/branch/main/jail.conf.d

{{ item }} {

{% include './templates/default_values.j2' %}

    ip4.addr = "{{ host_nic }}|10.55.0.41";
}

As you can see, this IP address will be assigned to a NIC when the jail starts.

I added zm to this list in host_vars/r730-01.int.unixathome.org:

  jails:
  - bacula
  - besser
  - certs
  - certs-rsync
  - cliff2
  - git
  - pkg01
  - svn
  - webserver
  - zm

Then I ran this command:

ansible-playbook jailhosts.yml --limit=r730-01.int.unixathome.org --tags=jail.conf.d

Now, over on the destination host, I have this file:

[r730-01 dvl /etc/jail.conf.d] % cat zm.conf                                                                                                                                      18:35:34
zm {

  #
  # start of standard settings for each jail
  #

  exec.start = "/bin/sh /etc/rc";
  exec.stop  = "/bin/sh /etc/rc.shutdown";
  exec.clean;
  exec.consolelog="/var/tmp/jail-console-$name.log";

  mount.devfs;
  path = /jails/$name;

  allow.raw_sockets;
  #securelevel = 2;
  
  exec.prestart  = "logger trying to start jail $name...";
  exec.poststart = "logger jail $name has started";
  exec.prestop   = "logger shutting down jail $name";
  exec.poststop  = "logger jail $name has shut down";
  
  host.hostname = "$name.int.unixathome.org";
  
  persist;

  #
  # end of standard settings for each jail
  #

    ip4.addr = "igb0|10.55.0.41";
}
[r730-01 dvl /etc/jail.conf.d] %                                                                                                                                                  18:37:11

One last sync

On the destination host, I ran this command as the syncoid user I created.

NOTE: I should have included the –preserve-recordsize parameter on this syncoid command. As it was, the received filesystem had the default recordsize of 128K. This might matter to you if you have set recordsize somewhere.

[syncoid@r730-01 ~]$ time syncoid --sshkey=~syncoid/.ssh/id_ed25519 -r --no-privilege-elevation syncoid@slocum.int.unixathome.org:system/jails/zm data02/jails/zm
Sending incremental system/jails/zm@mkjail-202203272107 ... syncoid_r730-01.int.unixathome.org_2023-02-20:18:38:21-GMT00:00 (~ 5.2 GB):
5.31GiB 0:00:59 [90.9MiB/s] [===============================================] 102%            
cannot destroy snapshots: permission denied
cannot destroy snapshots: permission denied
WARNING: ssh    -i ~syncoid/.ssh/id_ed25519 -S /tmp/syncoid-syncoid@slocum.int.unixathome.org-1676918300 syncoid@slocum.int.unixathome.org ' zfs destroy '"'"'system/jails/zm'"'"'@syncoid_r730-01.int.unixathome.org_2023-02-19:00:44:41-GMT00:00;  zfs destroy '"'"'system/jails/zm'"'"'@syncoid_r730-01.int.unixathome.org_2023-02-18:23:48:01-GMT00:00' failed: 256 at /usr/local/bin/syncoid line 1380.

real	1m1.255s
user	0m16.104s
sys	0m13.089s
[syncoid@r730-01 ~]$

I don’t know why I’m getting cannot destroy snapshots: permission denied, but all seems well.

Add the jail to the list of what gets started

Because I’m using /etc/jail.conf.d/, as opposed to /etc/jail.conf, I’m adding the new jail to the list of jails to be started.

[r730-01 dvl /etc/jail.conf.d] % sysrc jail_list
jail_list: pkg01 bacula besser certs-rsync certs cliff2 git svn webserver

[r730-01 dvl /etc/jail.conf.d] % sudo sysrc jail_list+=zm
jail_list: pkg01 bacula besser certs-rsync certs cliff2 git svn webserver -> pkg01 bacula besser certs-rsync certs cliff2 git svn webserver zm
[r730-01 dvl /etc/jail.conf.d] %

mount the jail

Before I rebooted the host, I had to manually mount the jail filesystem which had just been copied over. However, now, since I have rebooted the host, for other reasons, I no longer have to do that step.

Check for other filesystems needed in this jail

On the sending host, I ran this command:

[slocum dan ~] % zfs list | grep zm
system/jails/zm                    4.97G  15.0T     2.18G  /jails/zm

I was checking for other filesystems which might be mounted under /jails/zm. I found none.

Other jails, yet to be transferred, such as this one, have different results:

[slocum dan ~] % zfs list | grep stage-nginx01
nvd/freshports/stage-nginx01                                           30.1M   616G       24K  none
nvd/freshports/stage-nginx01/var                                       30.0M   616G       24K  none
nvd/freshports/stage-nginx01/var/db                                    30.0M   616G       24K  none
nvd/freshports/stage-nginx01/var/db/freshports                         30.0M   616G       24K  none
nvd/freshports/stage-nginx01/var/db/freshports/cache                   30.0M   616G       24K  /var/db/freshports/cache
nvd/freshports/stage-nginx01/var/db/freshports/cache/categories          41K   616G       26K  /var/db/freshports/cache/categories
nvd/freshports/stage-nginx01/var/db/freshports/cache/commits           29.0M   616G     29.0M  /var/db/freshports/cache/commits
nvd/freshports/stage-nginx01/var/db/freshports/cache/daily               38K   616G       24K  /var/db/freshports/cache/daily
nvd/freshports/stage-nginx01/var/db/freshports/cache/general             38K   616G       24K  /var/db/freshports/cache/general
nvd/freshports/stage-nginx01/var/db/freshports/cache/news               331K   616G      316K  /var/db/freshports/cache/news
nvd/freshports/stage-nginx01/var/db/freshports/cache/packages            24K   616G       24K  /var/db/freshports/cache/packages
nvd/freshports/stage-nginx01/var/db/freshports/cache/pages               38K   616G       24K  /var/db/freshports/cache/pages
nvd/freshports/stage-nginx01/var/db/freshports/cache/ports              422K   616G      406K  /var/db/freshports/cache/ports
nvd/freshports/stage-nginx01/var/db/freshports/cache/spooling            59K   616G       34K  /var/db/freshports/cache/spooling
system/jails/stage-nginx01                                             5.93G  15.0T     2.15G  /jails/stage-nginx01
[slocum dan ~] %

If I was moving that jail, I’d also have to copy over 

 nvd/freshports/stage-nginx01

.

start the jail

This is me, starting the jail:

[r730-01 dvl /etc/jail.conf.d] % sudo service jail start zm
Starting jails: zm.

All seems well. One to the next one.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top