Jails

sudo: effective uid is not 0, is sudo installed setuid root?

Tonight I created a new jail, and later installed sudo into that jail. Then I tried to run sudo: $ sudo make install clean sudo: effective uid is not 0, is sudo installed setuid root? What? It is setuid: $ ls -l `which sudo` -rwsr-xr-x 1 root wheel 117112 Jul 26 17:08 /usr/local/bin/sudo I had no idea. wxs had the answer: mount points. Here is the problem, as revealed by this command in […]

sudo: effective uid is not 0, is sudo installed setuid root? Read More »

FATAL: could not create shared memory segment: Function not implemented

I recently upgraded a jail server from FreeBSD 8.2 to FreeBSD 8.4. This stopped various jails from starting their own instances of PostgreSQL. The messages in the logs were: Jul 9 14:48:48 building postgres[40785]: [2-1] FATAL: could not create shared memory segment: Function not implemented Jul 9 14:48:48 building postgres[40785]: [2-2] DETAIL: Failed system call was shmget(key=5432001, size=12099584, 03600). In my jails, I was seeing: $ sysctl security.jail.sysvipc_allowed security.jail.sysvipc_allowed: 0 Looking at my

FATAL: could not create shared memory segment: Function not implemented Read More »

nrpe: Could not read request from client, bailing out…

I recently upgraded a jail server from FreeBSD 8.2 to 8.4, and part of that process involved recompiling all of the applications. Along the way, nrpe on one jail stopped working. Nagios was reporting: CHECK_NRPE: Socket timeout after 10 seconds. Trying from the command line gave: $ /usr/local/libexec/nagios/check_nrpe2 -H -H dbclone.example.org -c check_pgsql -t 1 CHECK_NRPE: Socket timeout after 1 seconds. Other jails worked just fine: $ /usr/local/libexec/nagios/check_nrpe2 -H building.unixathome.org -c check_pgsql -t

nrpe: Could not read request from client, bailing out… Read More »

nagios – check_ping CRITICAL – You need more args!!! Could not open pipe:

I’ve been moving some services around lately. A server is dying and I need to move stuff off it. Today I managed to move Bacula and Nagios onto a new server. After a short bit of struggle, I had just one service check that was failing: check_ping. Here’s the example: $ /usr/local/libexec/nagios/check_ping -H bast.example.org -w 3000.0,80% -c 5000.0,100% -p 1 CRITICAL – You need more args!!! Could not open pipe: Google searches did

nagios – check_ping CRITICAL – You need more args!!! Could not open pipe: Read More »

ezjail – renaming, moving, and renumbering

ezjail is my tool of choice for managing jails. I’ve been using it since 2008. Today, I want to do something which ezjail won’t do for me, but will allow me to do. I created a bunch of jails for a Bacula tutorial at BSDCan. Now that I have that server safely home again, I need to add more services to this jail server. My main development machine is acting up. It is

ezjail – renaming, moving, and renumbering Read More »

The Bacula Tutorial jail server

One of the challenges of providing hands-on demonstrations is giving everyone their own sandbox to play in. I don’t want people to spend time on installing software. I want people to learn about the software in question, specifically Bacula. With this in mind, I’ve been building up a solution based on FreeBSD 9.1, ZFS, and jails. My solution is pretty nifty, but I don’t think it’s anything special. The key is simplicity. The

The Bacula Tutorial jail server Read More »

Idea from Kris Moore – PC-BSD

I’m sitting in the The Warden – FreeBSD and Linux Jail Management talk at EuroBSDCon 2012. He has mentioned two things, so far, that give me ideas. Evil ideas. Put each jail in a different ZFS data set – this may be useful for my jails running Bacula regression testing Schedule cron jobs to do snapshots on a regular basis – useful for snapshots, which I’m not really using at all And he’s

Idea from Kris Moore – PC-BSD Read More »

jail: fetch: transfer timed out / protocol not supported

After recent efforts to get old jails running on a new server, I tried to upgrade some ports today. I failed. portupgrade was erroring out and reporting: protocol not supported A simple fetch http://www.google.com/ was giving me fetch: transfer timed out I tried portaudit -Fa. Nothing. fetch: transfer timed out I checked ifconfig on the jail host. There is was. I’ll show only a small part of the ifconfig output: $ ifconfig inet

jail: fetch: transfer timed out / protocol not supported Read More »

Scroll to Top