You've done a great job with this!! I'd like to request a bhyve template for Arch Linux though... The Arch Linux ISO is about half the size of the Fedora ISOs and should be a pretty simple addition to the project.

Hi,

How to assign an IPv6 address to a jail ? (in complement of an IPv4 address).

I've tried to jset ip6_addr but it doesn't work.

Thanks

When I change configuration of a jail it warns me if the same ipv4 address is in use or on the network, but doesn't do it for ipv6 addresses. Would be nice to have.

Thanks

Request to support security/doas via port options.

While trying to follow Debian-kfreebsd jail construction (https://www.bsdstore.ru/ru/articles/installing_kfreebsd.html), and change ece_start/stop values, i've got "get_construct_exec_start/stop not found". These functions are also absent in settings-tui.subr script.
Changing exec_start/stop values in rc.conf_ in jails-system/ also have no effect

PS. I tried to expand settings-tui.subr with something like

get_construct_exec_start()
{
        title=" exec_start "
        prompt="${exec_start_msg}"
        defaultitem="${exec_start}"
        cbsd_inputbox_simple && exec_start="${mtag}"
}

get_construct_exec_stop()
{
        local _input
        f_dialog_title " exec_stop "
        f_dialog_input _input "${exec_stop_msg}" "${exec_stop}" "${_message}" || return $?
        exec_stop="${_input}"

}

but any of these end up with eval:1:Syntax error: Unterminated quoted string error message with no effect.

Hi,

Have an issue after upgrading to CBSD v.10.3.0.

When i do sudo cbsd initenv I get no workdir. This does not change when I do env workdir="/usr/jails" /usr/local/cbsd/sudoexec/initenv.

When I do cbsd help I get /usr/local/bin/cbsd: cpr: not found and Illegal option See the attached file.

What can I do about this?

Thank you in advance.

J.

Hello
I have problem with CBSD...
I add to in cbsd jconfig jname=nginx to ip4_addr
91.22.2.2/32,ibg1|192.168.33.2/32
i save it... and now when i try to start nginx
i get
export: =0: bad variable name
oot@hydra:/jails # cbsd jls
export: =0: bad variable name

Best regards.

I have successfully setup a jail with cbsd

root@kavi:~ # cbsd jls
JNAME  JID  IP4_ADDR     HOST_HOSTNAME    PATH                    STATUS
jail1  1    10.0.0.1/16  jail1.kavi.it  /usr/jails/jails/jail1  On

I have installed and started nginx in jail1, and I can see it working from outside the jail:

root@kavi:~ # fetch -o - http://10.0.0.1
-                                               0% of  612  B    0  Bps<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
-                                             100% of  612  B   10 MBps 00m00s

Now, I would like to connect to the nginx server inside jail1 from the internet.

I could perhaps do it by using another nginx install on the host, as a proxy.

But is there a cbsd preferred way to do that?

Would you advice for a more general proxy, like haproxy?

Also, what if one install a different service (ie, not port 80/443), that he needs to be reachable from the internet, like irc, postgresql, syncthing, etc.

Which would be the preferred way to do that?

Could you share some configuration one could customise?

Thank you so much for cbsd, it is a great tool.

Hello again.

I'm trying to figure out what's your workflow with jails on remote nodes? It's kind of hard to understand it from the docs. For example, what's the simplest way of performing similar to local operations on remote node (create, export, etc.)?

I put an fstab file in the $cbsd_root/jails-fstab directory, named as:

fstab.httpd

with the entries similar to:

/device/path /mount/point nullfs rw 0 0

and when I restarted cbsdd the file disappeared. So next, I stopped cbsdd, created the same file, and it disappeared when I started the daemon again. Puzzled, I created the file again, and this time only stopped the cbsdd daemon and same thing, the file disappeared!

In the meantime, I've just appended the entries to the host's /etc/fstab:

/device/path $cbsd_root/jails-data/httpd-data/mount/point nullfs rw 0 0

to work around the issue, but I'm not sure what's wrong. Is the documentation correct? Do you have an example fstab.$jailname file that doesn't disappear for you?
I ran a mkdir /path/to/httpd-data/mount/point before attempting any of this and each of the jails are base_rw

BTW: Sorry I'm such a pest :-P I really like cbsd and intend on using it from here out to manage my jails and eventually my VMs once I get a machine that will run the bhyve hypervisor. Thank you very much for your hard work!

Would i be possible to add Kali linux support ?
I tried copying the vm-linux-Debian-x86-8.conf to vm-linux-Kali-2016.2.amd64.conf
and changing the cd image

diff

diff -ur vm-linux-Debian-x86-8.conf vm-linux-Kali-2016.2.amd64.conf
--- vm-linux-Debian-x86-8.conf 2016-10-21 09:32:35.944340000 +0200
+++ vm-linux-Kali-2016.2.amd64.conf 2016-10-26 10:02:01.085018000 +0200
@@ -1,10 +1,10 @@

don't remove this line:

-vm_profile="Debian-x86-8"
-iso_vmlinuz_file="/install.amd/vmlinuz"
-iso_initrd_file="/install.amd/initrd.gz"
+vm_profile="Kali-2016.2.amd64"
+iso_vmlinuz_file="/install/vmlinuz"
+iso_initrd_file="/install/initrd.gz"

this is one-string additional info strings in dialogue menu

-long_description="Linux Debian 8.6.0 ("Jessie") RELEASE x86-64 (64 bit) architecture"
+long_description="Kali Linux 2016.02 (64 bit) architecture"

custom settings:

fetch=1
@@ -16,16 +16,18 @@

grub-bhyve command to boot from ISO

grub_iso_cmd="/usr/bin/lockf -s -t0 /tmp/bhyveload.${jname}.lock grub-bhyve -r cd0 -m ${_devicemap} -M ${grubmem} ${jname}"

-iso_site="http://cdimage.debian.org/mirror/cdimage/archive/8.6.0/amd64/iso-cd/ http://gemmei.acc.umu.se/debian-cd/8.6.0/amd64/iso-cd/ http://caesar.acc.umu.se/debian-cd/8.6.0/amd64/iso-cd/ http://cdimage.debian.org/debian-cd/8.6.0/amd64/iso-cd/ http://cdimage.debian.org/mirror/cdimage/archive/"
-iso_img="debian-8.6.0-amd64-CD-1.iso"
+iso_site="http://cdimage.kali.org/kali-2016.2/kali-linux-2016.2-amd64.iso "
+iso_img="kali-linux-2016.2-amd64.iso"

register_iso as:

register_iso_name="cbsd-iso-${iso_img}"
register_iso_as="${vm_profile}"

-default_jailname="debian"
-imgsize="6g"
-#boot_from_grub=1
+default_jailname="kali"
+imgsize="8g"
+boot_from_grub=1
+
+vm_ram="1g"

VNC

vm_vnc_port="0"

all i end up with is:

!!!! X64 Exception Type - 0000000000000006 CPU Apic ID - 00000000 !!!!
RIP - 000000000007001A, CS - 0000000000000028, RFLAGS - 0000000000010292
RAX - 0000000000000016, RCX - 000000003E695FF8, RDX - 000000000000003F
RBX - 0000000000000000, RSP - 000000003FBFFAD0, RBP - 000000003E6C5600
RSI - 000000003E695838, RDI - 000000003E6C5600
R8 - 000000000001F800, R9 - 000000003E695818, R10 - 00000000000000D4
R11 - 0000000000000200, R12 - 000000003E6C3180, R13 - 0000000000000000
R14 - 0000000000000000, R15 - 0000000000000000
DS - 0000000000000008, ES - 0000000000000008, FS - 0000000000000008
GS - 0000000000000008, SS - 0000000000000008
CR0 - 0000000080000033, CR2 - 0000000000000000, CR3 - 000000003FB9E000
CR4 - 0000000000000668, CR8 - 0000000000000000
DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 000000003FB88E98 000000000000003F, LDTR - 0000000000000000
IDTR - 000000003F323018 0000000000000FFF, TR - 0000000000000000
FXSAVE_STATE - 000000003FBFF730
!!!! Can't find image information. !!!!

I don't understand the boot process to debug further

debug from blogin

[debug] /usr/sbin/bhyve -W -c 1 -m 1073741824 -A -H -P -s 0,hostbridge -s 31,lpc -l bootrom,/usr/local/cbsd/upgrade/patch/efi.fd -s 4:0,virtio-rnd -s 5:0,virtio-net,tap1 -s 2:0,virtio-blk,/usr/jails/jails-data/kali1-data/dsk1.vhd,sectorsize=512 -s 1:0,ahci-cd,/usr/jails/src/iso/cbsd-iso-kali-linux-2016.2-amd64.iso -s 6,fbuf,tcp=127.0.0.1:5900,w=1024,h=768,wait -s 30,xhci,tablet -l com1,stdio kali1;

Hi,

For using CBSD on a new machine you need to have internet, else you need to copy /usr/src to /path/src/<freebsd-version>/src, and compile.

Some users prefer to avoid compiling and use what is built.
Provide a provision like ezjail-admin where you can use the freebsd-dist directory from a location, which has doc.txz, kernel.txz, ports.txz, base.txz, games.txz, lib32.txz, src.txz.

With an optical disk it would be like following to create a base jail:

# mount_cd9660 /dev/cd0 /mnt/

# ezjail-admin install -h file:///mnt/usr/freebsd-dist/

To install the man pages we can use -m.

# ezjail-admin install -m -h file:///mnt/usr/freebsd-dist/

Now I can use this to create jails.
This will help people who don't have internet or a fast internet link(majority of the world falls into this category).

Hi,

I am trying out cbsd and its very nice so far.

I want to have the IPs of the jails on a loX interface.

in my rc.conf is

cloned_interfaces="lo1"
ifconfig_lo1="inet 10.0.0.1 netmask 255.255.255.0"

There is also an external interface "em0".

I created a jail using "cbsd jconstruct-tui" and chose "10.0.0.10" as the ip and "lo1" as the interface.

But when I start the jail with "cbsd jstart jail1" the ip address "10.0.0.10" is on interface em0 instead of lo1. Also the interface in the config is changed to em0.

How do I make cbsd put the jail IP on the lo1 interface?

This is my first issue. I'm trying to replicate my old setup where jails have a local IP on a separate lo1 interface and they access the internet via the host and NAT. Ports are forwarded so services can be reached all via one public IP.

Thanks for you efforts !

Doing a initenv-tui, you cannot turn off nat. You can only select the 3 types of nat.

running cbsd natoff results in just stopping nat, but does not disable nat from being configured and starting back up when cbsdd is restarted or on system boot.

The only way I found to be able to disable nat once it's been enabled is doing a:
cbsdsql local update local set nat_enable='0'

then rebooting machine.

After https://forums.bsdstore.ru/viewtopic.php?f=3&p=18:

It is a good idea for extra check via second pass (after searching by description) on bridgeX to determine members even bridge no description. This is mostly for cases, where bridge create by hands/manually.

reproduce :

create 3 jails using cbsd - and vnet networking
two of them got same mac address on internal eth0 vnet

[1]

torrent:/root@[10:04] # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
eth0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
* ether 02:ff:70:00:08:0b*
* inet6 fe80::ff:70ff:fe00:80b%eth0 prefixlen 64 scopeid 0x2*
inet 172.16.241.1 netmask 0xffff0000 broadcast 172.16.255.255
inet6 xxxx:xxxx:xxxx::16:241:1 prefixlen 64
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T (10Gbase-T )
status: active

[2]

download:/root@[10:10] # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
eth0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
* ether 02:ff:70:00:08:0b*
inet6 fe80::ff:70ff:fe00:80b%eth0 prefixlen 64 duplicated scopeid 0x2
inet 172.16.241.3 netmask 0xffff0000 broadcast 172.16.255.255
inet6 xxxx:xxxx:xxxx::16:241:3 prefixlen 64
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T (10Gbase-T )
status: active

Try to create another jail got again same mac address on internal eth0 , the host ifconfig looks god , each epair interface has unique mac address , only inside the jail got this issue . before cbsd i wass using iocage on same machine without encountering this problem , which could be the problem ?

Thanks ,

Catalin M

Hi,

I was playing around with importing and exporting jails but as far as i'm able to export i'm not able to fully(?) import it.

[0] # cbsd jimport racker newjname=fiu
no conf rc.conf file for jail: fiu

I have few jails running here - including gitlab, but...

[0] # ls /usr/jails/jails-rcconf | wc -l
       0

And my jails are working without rc.conf here but it refuses to run after import - /usr/jails/jails-data/fiu-data exists, but it looks weird, like /bin/ is empty (without mounts i guess).

Any clue what am i doing wrong here?

In the current implementation we have to specify IP addresses while adding a node to CBSD.
It is helpful to use FQDN/Hostnames if they are already stored in /etc/hosts file or get the IP address by resolving it using the provided name servers in /etc/resolv.conf.

root@Zfreebsd:~ # cbsd node mode=add node=Zfreebsd8.my.domain port=22
Enter password of cbsd user on Zfreebsd8.my.domain: 
Can't resolv IP for Zfreebsd8.my.domain hostname. Use IP address.

I am on version: cbsd-10.3.0 on a FreeBSD 10.3-RELEASE-p3
When I run cbsd help the output contains some "Illegal option --" errors

Here the output:

cbsd help

basels -- [build] List of bases
bclone -- [bhyve] Jail cloning
bconfig -- [bhyve] Configure for jail
Illegal option --
Illegal option --
Illegal option --
bconstruct-tui -- [sys] Ncurses based Bhyve guest creation wizard
Illegal option --
Illegal option --
Illegal option --
bcontrol-tui -- [jail] Ncurses based control for VM
bcreate -- [bhyve] Create jail from config file
bexport -- [jail] Export jail into image
bhyvedsk -- [bhyve] Operate with bhyve disk images and databse
bhyvedsk-tui -- [bhyve] Exec login into jail
bimport -- [jail] Import jail from image
blogin -- [bhyve] Exec login into jail
bls -- [bhyve] List jail and status
border -- [jail] List jail run order
Illegal option --
Illegal option --
Illegal option --
border-tui -- [sys] Ncurses based VM order editor
bremove -- [jail] Destroy jail
brename -- [bhyve] Rename jail
bset -- [bhyve] Modify parameter for jail
Illegal option --
Illegal option --
Illegal option --
bsetup-tui -- [bhyve] Ncurses based setup for jail-arg
bstart -- [bhyve] Start jail
bstop -- [bhyve] Stop jail
buildkernel -- [build] Build kernel from sources
buildworld -- [build] Buildworld from sources
carpcfg -- [sys] Enable CARP configuration
/usr/local/bin/cbsd: cpr: not found
cpr --
ddns -- [sys] Update DDNS records for jail
delete-old-libs -- [sys] make delete-old and delete-old-libs for base
geli -- [sys] cbsd geli helper
getnics-by-ip -- [sys] Return network interface name by ip
help -- [sys] This help
history -- [sys] Show cbsd history command
initenv -- Node re-initialization
Illegal option --
Illegal option --
Illegal option --
initenv-tui -- [sys] Node re-initialization
installkernel -- [build] Build kernel from sources
installworld -- [build] Installbase from obj
j2prepare -- [jail] Prepare remote node for accepting jail via j2slave
j2slave -- [jail] Transfer jail as slave jail to remote node
jail2iso -- [sys] Convert jail into cd9660 ISO or memstick image
jailmapdb -- [sys] Return or update node for jail map
jbackup -- [sys] Backup jail to slave node with slave status
jcleanup -- [jail] Force unmount and cleanup for offline jail
jclone -- [jail] Jail cloning
jcoldmigrate -- [jail] Cold migrate (with save status) jail to remote node, set local jail as slave
jconfig -- [jail] Configure for jail
jconstruct -- [sys] console dialog for jail creation
Illegal option --
Illegal option --
Illegal option --
jconstruct-tui -- [sys] Ncurses based jail creation wizard
Illegal option --
Illegal option --
Illegal option --
jcontrol-tui -- [jail] Ncurses based control for jail
jcreate -- [jail] Create jail from config file
jdescr -- [jail] Show or modify jail description
jexec -- [jail] Execution for command inside jail
jexport -- [jail] Export jail into image
jget -- [jail] Get info related to jail
jimport -- [jail] Import jail from image
jlogin -- [jail] Exec login into jail
jls -- [jail] List jail and status
jmkrcconf -- [jail] Create ascii rc.conf for jail
jmkrctlconf -- [jail] Import or export from/to ascii rctl.conf from/to SQLite3 tables for jail
jorder -- [jail] List jail run order
Illegal option --
Illegal option --
Illegal option --
jorder-tui -- [sys] Ncurses based jail order editor
jrclone -- [jail] Clone jail to remote machine
jrctl -- [jail] Set or flush resource limit for jail
Illegal option --
Illegal option --
Illegal option --
jrctl-tui -- [jail] Dialog based UI for RACCR/RCTL
jregister -- [jail] Register jail records to SQLite from ASCii config or re-populate ASCii config from SQLite
jremove -- [jail] Destroy jail
jrename -- [jail] Rename jail
jrestart -- [jail] jail jstop jstart sequence
jset -- [jail] Modify parameter for jail
Illegal option --
Illegal option --
Illegal option --
jsetup-tui -- [jail] Ncurses based setup for jail-arg
jsnapshot -- [jail] Jail snapshot management
jstart -- [jail] Start jail
jstatus -- [jail] Return jail ID in output and jail existance as error code (0 -no jail, 1 - jail exist, 2 - slave)
jstop -- [jail] Stop jail
jswmode -- [jail] Jail switch mode between master/slave
junregister -- [jail] Register jail records to SQLite from ASCii config or re-populate ASCii config from SQLite
jupgrade -- [jail] Upgrade jail base data when baserw=1
jwhereis -- [jail] Return node for jname
kernel -- [build] Build kernel from sources
kernells -- [sys] List of kernel
makejconf -- [sys] Make jailv2 config file
makescene -- [sys] Make jail by scenario file
mountfstab -- [sys] Mount jail by fstab file
natcfg -- [sys] Enable NAT service for RFC1918 Networks
natoff -- [sys] Disable NAT service for RFC1918 Networks
naton -- [sys] Enable NAT service for RFC1918 Networks
ndescr -- [node] Show or modify node description
netinv -- [sys] Update Network-related information in inventory tables
nlogin -- [node] Login to remote node and/or exec command
node -- [node] Manipulate or show information for remote nodes
portsup -- [sys] Update FreeBSD ports tree in /usr/ports
objls -- [build] List of object file
removebase -- [build] Remove base dir
removekernel -- [build] Remove base dir
removeobj -- [sys] Remove obj-dir
removesrc -- [sys] Remove src-dir
repo -- [sys] Working with CBSD Repository
retrinv -- [sys] Fetch sqldb from remote node
rexe -- [sys] Execute remote command by ssh on the node
rsyncdoff -- [sys] Disable RSYNC service for jail migration
rsyncdon -- [sys] Enable RSYNC service for jail migration
srcls -- [build] List of source
summary -- [sys] Show summary statistics for the farm
srcpatch -- [sys] Apply CBSD patch for FreeBSD source tree in
srcup -- [sys] Update FreeBSD source tree in
sysinv -- [sys] Collect and/or update system-related information in inventory tables
trafstat -- [sys] Show traffic statistics for the jail
unmountfstab -- [sys] Unmount jail by fstab file
upgrade -- [sys] Upgrade base and/or kernel from other prepared hier
world -- [build] Buildworld from sources + install world
zrep -- [zrep] ZFS-snapshot-based replication for jail data
Illegal option --
Illegal option --
Illegal option --
vhidcfg-tui -- [bhyve] Edit properties for vitual image of VM
Illegal option --
Illegal option --
Illegal option --
xconstruct-tui -- [sys] Ncurses based Xen guest creation wizard
pkg -- [helpers] cbsd pkg wrapper
tzsetup -- [bsdconf] cbsd tzsetup wrapper
ssh -- [bsdconf] OpenSSH jail helper
ftp -- [bsdconf] Install timezone helper
adduser -- [sys] Add user to jail
passwd -- [bsdconf] cbsd passwd wrapper
service -- [bsdconf] cbsd service wrapper
sysrc -- [bsdconf] cbsd sysrc wrapper
userlist -- [sys] Show user list
grouplist -- [sys] Show group list
Illegal option --
Illegal option --
Illegal option --
adduser-tui -- [bsdconf] Ncurses based dialog for jcreate
pw -- [bsdconf] cbsd pw wrapper
zfsinstall -- [helpers] mfsBSD ZFS install script

Hi again ;-)

First, i've tested connectivity with:

root@master:/vagrant # ssh [email protected] 'pwd'
Password for [email protected]:
/usr/jails

It works, but

root@master:/vagrant # env workdir="/usr/jails" cbsd node mode=add node=10.0.1.71 pw=cbsd port=22
Connecting to 10.0.1.71...
Connection problem (code 1): 10.0.1.71

I was trying to get something more from documentation but no luck there, also not sure how can i debug cbsd problems in the future? Perhaps there is something like env debug=cbsd? ;-)

tools/mountfstab seems to require a "substr" tool that isn't installed by default for bare installs, nor specified as a dependency for cbsd.

I was following these instructions trying to get a zfs mount
https://www.bsdstore.ru/de/10.3/wf_jconfig_ssi.html

I created a jails-fstab/fstab.services.local with this entry:

tank/default/weblogs /var/log/weblogs zfs rw 0 0

and I get the following during startup (independent of allow_zfs config param):

# cbsd jstart services
NIC automatically selected: em0
Starting jail: services, parallel timeout=5
services: created
Setting hostname: services.local
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
32-bit compatibility ldconfig path: /usr/lib32
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Performing sanity check on sshd configuration.
Starting sshd.
Starting cron.

Sat Mar 19 20:35:33 EDT 2016
/usr/jails/rcconf.subr: substr: not found
/usr/jails/rcconf.subr: substr: not found
/usr/jails/rcconf.subr: substr: not found
/usr/jails/rcconf.subr: substr: not found
/usr/jails/rcconf.subr: substr: not found
/usr/jails/rcconf.subr: cbsdjls: not found
attachzfs: jail is not running: services
jail: services: /bin/sh -c /usr/local/bin/cbsd attachzfs fstab=/usr/jails/jails-fstab/fstab.services.local jname=services; : failed
services: removed

This jail starts fine without fstab.services.local (or if I modify fstab.services directly ...)

cbsd retrinv --help shows:

retrinv -- [sys] Fetch sqldb from remove node

while means

retrinv -- [sys] Fetch sqldb from remote node

one letter makes sense :)

I just installed cbsd on a fresh FreeBSD 11-RELEASE, and followed the first tutorial here: https://www.bsdstore.ru/en/tutorial.html but it throws error Syntax error: Unterminated quoted string

root@kavi:~ # cbsd jconstruct-tui
[...]
/usr/jails/ftmp/jcreate_jconf.67746: 48: Syntax error: Unterminated quoted string
Config file for jconf: /usr/jails/ftmp/jail1.67455.jconf

# cat /usr/jails/ftmp/jail1.67455.jconf

# DO NOT EDIT THIS FILE. PLEASE USE INSTEAD:
# cbsd jconfig jname=jail1
relative_path="1";
jname="jail1";
path="/usr/jails/jails/jail1";
host_hostname="jail1.my.domain";
ip4_addr="DHCP";
mount_devfs="1";
allow_mount="1";
allow_devfs="1";
allow_nullfs="1";
mount_fstab="/usr/jails/jails-fstab/fstab.jail1";
arch="amd64";
mkhostsfile="1";
devfs_ruleset="4";
ver="11.0";
basename="";
baserw="0";
mount_src="0";
mount_obj="0";
mount_kernel="0";
mount_ports="1";
astart="1";
data="/usr/jails/jails-data/jail1-data";
vnet="0";
applytpl="1";
mdsize="0";
rcconf="/usr/jails/jails-rcconf/rc.conf_jail1";
floatresolv="1";
zfs_snapsrc="";

exec_poststart="0";
exec_poststop="";
exec_prestart="0";
exec_prestop="0";

exec_master_poststart="0";
exec_master_poststop="0";
exec_master_prestart="0";
exec_master_prestop="0";
pkg_bootstrap="1";
with_img_helpers="";
runasap="0";
interface="auto";
jailskeldir="/usr/jails/share/FreeBSD-jail-skel";
jail_profile="default";
# root password
user_pw_root=''';
emulator="jail"

Hi. Thanks for making cbsd. It is almost perfect for me, but for one possibe bug. When using cbsd initenv-tui to change the 'natip' property, the /usr/jails/etc/ipfw.conf does not get updated with the new 'natip'. The workaround I've used is to change 'nat_enable' property to another firewall e.g., pf, press 'COMMIT'. then rerun cbsd initenv-tui, but this time switch 'nat_enable' property back to 'ipfw'. Pressing 'COMMIT' after this will update and source the '/usr/jails/etc/ipfw.conf' file properly.

Hi,

Is there any way to determine if cbsd is already configured and initenv was performed? Also, any way to override prompts with inline options passed to cbsd command?

Kind regards.

This patch takes care of the Illegal option message, for me.

--- /usr/local/cbsd/tools/help  2016-03-01 15:39:04.000000000 -0500
+++ help        2016-03-25 12:20:38.666120032 -0400
@@ -37,7 +37,7 @@
                if [ ${descr} -eq 0 ]; then
                        echo "${i}"
                else
-                       _cmddesc=$( /usr/local/bin/cbsd ${i} --help |/usr/bin/head -n1 2>/dev/null )
+                       _cmddesc=$( /usr/local/bin/cbsd ${i} --help 2>&1 |grep -v 'Illegal option' |/usr/bin/head -n1 2>/dev/null )
                        ${XO} ${CBSDXO} --open cbsd_help
                        $ECHO "${BOLD}${i} ${MAGENTA} --  ${GREEN}${_cmddesc}${NORMAL}"
 #                      ${XO} ${CBSDXO} "{k:i} {:_cmddesc/%s}\n" ${i} ${_cmddesc}

When I create jail using the jconstruct-tui I got error "No such emulator: 0". I can start and stop it but can't jlogin. The same error appears

Hi,
I followed the directions here:
http://www.bsdstore.ru/en/installing_cbsd.html
but was unable to install on a fresh FreeBSD 10 installation in Virtualbox, with an updated ports tree:

root@tookie:/usr/ports/sysutils/cbsd # uname -a
FreeBSD tookie 10.0-RELEASE-p12 FreeBSD 10.0-RELEASE-p12 #0: Tue Nov  4 05:07:17 UTC 2014     [email protected]:/usr/obj/usr/src/sys/GENERIC  amd64
root@tookie:~ # pkg install cbsd
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
pkg: No packages available to install matching 'cbsd' have been found in the repositories
root@tookie:/usr/ports/sysutils/cbsd # cd /usr/ports/sysutils/cbsd
root@tookie:/usr/ports/sysutils/cbsd # make clean
===>  Cleaning for cbsd-10.1.1_1
root@tookie:/usr/ports/sysutils/cbsd # make -C /usr/ports/sysutils/cbsd install
===>  License BSD2CLAUSE accepted by the user
===>   cbsd-10.1.1_1 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by cbsd-10.1.1_1 for building
===>  Extracting for cbsd-10.1.1_1
=> SHA256 Checksum OK for cbsd-10.1.1.tar.gz.
===>  Patching for cbsd-10.1.1_1
===>  Applying FreeBSD patches for cbsd-10.1.1_1
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to ./Makefile.rej
=> Patch patch-Makefile failed to apply cleanly.
*** Error code 1

Stop.
make: stopped in /usr/ports/sysutils/cbsd

When doing cbsd portsup nothing is reported on the cmd-line.
Looking at the process I do see that svnlite is running but it takes a few minutes before something is shown.
Is it possible to add some progress feedback when portsup is running?

I build my own source tree and think it'd be a good idea to be able to have the option to have cbsd installworld install from this tree, instead of having to do a separate buildworld for cbsd nodes.

Hi. The documentation says that the nodeip should be the:

Working and static IP address of a node. It shouldn't be an alias

This is fine for most use cases, but not for mine, as I travel a lot with my laptop, and connect to many different wifi hotspots (work, home, hotel). This breaks the connectivity of my jails. So is it possible to use DHCP assigned IP with cbsd rather than static? That would save me the time of editing static IP in /etc/rc.conf and NAT rules (ipfw/pf) each time.

Or perhaps the nodeip is not essential to the jail management? Could I leave it blank, and just edit the NAT rules to use the wlan0 interface IP, rather than a static IP? I remember ipfw rules support the to me syntax to get the DHCP assigned IP of the interface.

If this is not possible, would you consider adding a feature to cbsd to support roaming between locations through wifi with jails?

Thanks. I realise my use case is unusual, but I can't be the only one that uses jails on the move to test and develop. I'm sure some people could benefit from a roaming jail setup.

Construction
case "${1}" in
...)
is good for ipv4, but not good for level 4 domain name :(

Hey,

I have a problem with some nodes. The error is: "CBSD: Fetching inventory failed:"
The node is added without a problem(ssh keys are in place) but when it comes to fetch the inventory from the remote node it fails. I think that is related to the fact that the local machine cannot get the sqlite file from the node

retr_db testnode
+ local '_rnode=testnode'
+ [ -z testnode ]
+ nodescp 'tryoffline=0' testnode:var/db/inv.testnode.sqlite /usr/jails/var/db/testnode.sqlite
+ [ 75 -eq 0 ]
+ echo -e '\033[0;35mCBSD: Fetching inventory failed: \033[0;32mtestnode\033[0m'
CBSD: Fetching inventory failed: testnode
+ retr_jdescr testnode
+ local '_rnode=testnode' _jname
+ [ -z testnode ]
+ [ ! -f /usr/jails/var/db/testnode.sqlite ]
+ return 0
+ retr_nodedescr testnode
+ local '_rnode=testnode' _files _i
+ [ -z testnode ]
+ [ ! -d /usr/jails/var/db/nodedescr ]
+ _files='descr role domain notes location'
+ nodescp 'tryoffline=0' testnode:node.descr /usr/jails/var/db/nodedescr/testnode.descr
+ chmod 0640 /usr/jails/var/db/nodedescr/testnode.descr
+ chown cbsd /usr/jails/var/db/nodedescr/testnode.descr
+ nodescp 'tryoffline=0' testnode:node.role /usr/jails/var/db/nodedescr/testnode.role
+ chmod 0640 /usr/jails/var/db/nodedescr/testnode.role
+ chown cbsd /usr/jails/var/db/nodedescr/testnode.role
+ nodescp 'tryoffline=0' testnode:node.domain /usr/jails/var/db/nodedescr/testnode.domain
+ chmod 0640 /usr/jails/var/db/nodedescr/testnode.domain
+ chown cbsd /usr/jails/var/db/nodedescr/testnode.domain
+ nodescp 'tryoffline=0' testnode:node.notes /usr/jails/var/db/nodedescr/testnode.notes
+ chmod 0640 /usr/jails/var/db/nodedescr/testnode.notes
+ chown cbsd /usr/jails/var/db/nodedescr/testnode.notes
+ nodescp 'tryoffline=0' testnode:node.location /usr/jails/var/db/nodedescr/testnode.location
+ chmod 0640 /usr/jails/var/db/nodedescr/testnode.location
+ chown cbsd /usr/jails/var/db/nodedescr/testnode.location
+ retr_fwcnt testnode
+ local '_rnode=testnode' _jname
+ [ -z testnode ]
+ [ ! -f /usr/jails/var/db/testnode.sqlite ]
+ return 0
+ /bin/rm -f /usr/jails/tmp/retrinv-log.24896

nlogin testnode works perfectly.

What can I do to fix this thing?

When trying to initialize geli encryption on a device (zvol) it ends with an error.

 cbsd geli mode=init device=/dev/zvol/storage/usr/jails/enc-www
Enter passphrase for /dev/zvol/storage/usr/jails/enc-www:
New Password:
Retype New Password:
Metadata backup can be found in /var/backups/zvol_storage_usr_jails_enc-www.eli and
can be restored with the following command:

# geli restore /var/backups/zvol_storage_usr_jails_enc-www.eli /dev/zvol/storage/usr/jails/enc-www

mdconfig: option requires an argument -- f
usage: mdconfig -a -t type [-n] [-o [no]option] ... [-f file]
                [-s size] [-S sectorsize] [-u unit]
                [-x sectors/track] [-y heads/cylinder]
       mdconfig -d -u unit [-o [no]force]
       mdconfig -r -u unit -s size [-o [no]force]
       mdconfig -l [-v] [-n] [-f file] [-u unit]
       mdconfig file
                type = {malloc, vnode, swap}
                option = {cluster, compress, reserve}
                size = %d (512 byte blocks), %db (B),
                       %dk (kB), %dm (MB), %dg (GB),
                       %dt (TB), or %dp (PB)
error: geli: Invalid number of arguments.

Hi,

Please take a look at this cli output. First cbsd jimport was issued using "sudo" and "sh". Second one, was issued directly. Please compare IP addr which was set and selected (by cbsd) interfaces. The one with sudo is invalid here.

root@fe-fra1-do:~ # jls
   JID  IP Address      Hostname                      Path

root@fe-fra1-do:~ # /usr/local/bin/sudo -H sh -c '/usr/local/bin/cbsd jimport jname=/root/nginx.img newjname=nginx newip=172.23.0.4; /usr/local/bin/cbsd jstart jname=nginx;'
IP sets to: 172.23.0.4
NIC automatically selected: vtnet0
Starting jail: nginx, parallel timeout=5
nginx: created
Setting hostname: nginx.salva.sys.

Sun Apr 17 10:06:00 UTC 2016
root@fe-fra1-do:~ # jls
   JID  IP Address      Hostname                      Path
     3  172.23.0.2      foo1.salva.sys                /usr/jails/jails/foo1
     9  172.16.0.7      nginx.salva.sys               /usr/jails/jails/nginx

root@fe-fra1-do:~ # /usr/local/bin/cbsd jimport jname=/root/nginx.img newjname=nginx2 newip=172.23.0.5; /usr/local/bin/cbsd jstart jname=nginx2;
IP sets to: 172.23.0.5
NIC automatically selected: vlan0
Starting jail: nginx2, parallel timeout=5
nginx2: created
Setting hostname: nginx2.salva.sys.

Sun Apr 17 10:06:57 UTC 2016
root@fe-fra1-do:~ # jls
   JID  IP Address      Hostname                      Path
     3  172.23.0.2      foo1.salva.sys                /usr/jails/jails/foo1
     9  172.16.0.7      nginx.salva.sys               /usr/jails/jails/nginx
    10  172.23.0.5      nginx2.salva.sys              /usr/jails/jails/nginx2
root@fe-fra1-do:~ #

Can i get any hint on how can i make this work?

(cbsd-10.3.0)

Hello ;)

root@master:/ # /usr/local/bin/cbsd jimport jname=/images/base.img newjname=webmin newip=dhcp
/usr/jails/tools/dhcpd: arithmetic expression: expecting primary: "255 & "
IP sets to:

Any ideas what could be wrong?

Hi,

cbsd is now up and running for me, but I needed some additional steps to make it work.

These are not bugs really, but required settings for the host.

devfs

devfs was not hiding the devices in the jail (like da0* etc.). I knew this issue from my previous setup and here is what I did:

add

devfs_load_rulesets="YES"

to the hosts rc.conf

and restart the service with service devfs restart

after that, the devices in a started jail were hidden.

IP forwarding with NAT

I added net.inet.ip.forwarding=1 to /etc/sysctl.conf so ip forwarding is on and NAT works.
Since cbsd also adds settings to the loader.conf, maybe inform the user that he needs this too.

Thank you so much, I love cbsd already :)

([J:0]root(1)@galatians5[/cbsd/jails]# cbsd jstart httpd                                                                                               [10/02/16][17:23:29])
Ip 192.168.0.128 already exists in LAN
NIC automatically selected: em0
Starting jail: httpd, parallel timeout=5
jail: httpd: unknown parameter: allow.mount.linsysfs
jail: httpd: unknown parameter: allow.mount.linprocfs
IPFW is not enabled
([J:0]root(1)@galatians5[/cbsd/jails]# cbsd jlogin httpd                                                                                               [10/02/16][17:23:42])
Not running
([J:0]root(1)@galatians5[/cbsd/jails]#

I just upgraded my ports packages, including cbsd, then after reboot, cbsd told me to run:
cbsd initenv
to upgrade the backend. But none of my jails now will start.

Is it possible to use ssh keys which are already configured?

I guess when we add a new cbsd node, a new key is generated. Can we specify keys which are already configured on the remote node?

Olevole,

Thanks for the great work. This looks like it will be a great project. I cannot figure out how to debug what is going on with my linux bhyves. The CD downloads. With Debian I see the first menu. Then I get the message to: cbsd blogin debian1

When I give that command, I am told that that bhyve isn't running. Where can I find some logs or begin to figure out what is going on?

Thanks.

Hi,

I was trying to play around with your preconfigured image (rtorrent). While initializing cbsd i was asked about jails directory and i've selected /jails but after importing rtorrent jail:

root@x:/home/x # cbsd jls
rtorrent  0    10.0.0.10/24  rtorrent.x  /usr/jails/jails/rtorrent      Off
root@x:/home/x # cbsd jstart jname=rtorrent
mkdir: /usr/jails/jails: No such file or directory

Hello,

it seems ver cannot be set to something like 10.0, it always forces 10.1-RELEASE as we need to have different releases available in multiple jails.

when we set 10.0 it does

Please wait: this will take a while...
Applying skel dir template from: /usr/local/jails/share/FreeBSD-jail-skel
First running pkg. Bootstrapping...
pkg: [bootstrap...Ok]
Updating FreeBSD repository catalogue...
Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
Fetching packagesite.txz: 100% 5 MiB 5.3MB/s 00:01
Processing entries: 100%
FreeBSD repository update completed. 23912 packages processed.

To edit jail properties use: cbsd jconfig jname=api3
Creating api3 complete: Enjoy!

then we cbsd start api3 and cbsd jlogin api3 just to see

FreeBSD 10.1-RELEASE (GENERIC) #0 r274401: Tue Nov 11 21:02:49 UTC 2014

which is not the correct version, any ideas?

I tried to configure ddns.
doing update with nsupdate works.

following the docs i tried this:

hostname is tomcat01.my.zone

547 20:40 cbsd sysrc jname=tomcat01 ddns_zone_list="my_zone"
549 20:41 cbsd sysrc jname=tomcat01 ddns_zones_my_zone="jail.my.zone"
550 20:41 cbsd sysrc jname=tomcat01 ddns_key_my_zone="/usr/local/etc/namedb/keys/Kjail.+157+40074.private"

path to private key is on node host, not in target jail.

now following command failed:

cbsd ddns jname=tomcat01 mode=add

Please set ddns_zone_list

this variable is set to my_zone.

Where did i miss something? docs broken? code broken?

Regards

It would be great to have option for disable automatic TAP bridging for bhyve VMs.

Hi olevole!
How feasible would it be to support CBSD on DragonflyBSD? I would really like to see CBSD on DF.

PS: Also I just wanted to say a very big thank you for all your hard work and a big well done to you all.

Hey,

It seems, that images from previous release are not working properly with new version of CBSD (here, at least), can You confirm that? The issue i had yesterday looked weird. As far as i was able to import "base" image (clean jail exported to .img) it seemed to be "detached" from cbsd. Like i was able to see it up and running under jls but there was no jails under cbsd jls. Now i have new "base" image, import works as expected. It took me a while to understand what's going on here.

I've been scanning the source but haven't figured this out yet. cbsd 10.0.7 cannot run more than one VNET jail, as they all try to use the epair0 interface.

IP 0 not identified
ifconfig: BRDGADD epair0a: File exists
Starting jail: packages, parallel timeout=5
packages: created
ifconfig: interface epair0b does not exist
jail: packages: /sbin/ifconfig epair0b vnet packages: failed
packages: removed

Added node

cbsd node mode=add node=s1.ru pw=123123123 port=22222

Connecting...
ip has nodename: s1.ru
Added successfull: ip
Fetching inventory done: s1.ru

cbsd jailmapdb update=1

cbsd jailmapdb all=1

task="task.local"
After adding node,can't see jails on remote node.
How can i debug this?
cbsd@#> version
version
10.0.3