From owner-freebsd-jail@FreeBSD.ORG Mon Aug 27 10:16:50 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E093416A417 for ; Mon, 27 Aug 2007 10:16:50 +0000 (UTC) (envelope-from kalnz@kalnz.id.lv) Received: from prime.kalnz.id.lv (prime.kalnz.id.lv [87.226.86.172]) by mx1.freebsd.org (Postfix) with ESMTP id 9C68113C46B for ; Mon, 27 Aug 2007 10:16:50 +0000 (UTC) (envelope-from kalnz@kalnz.id.lv) Received: from localhost (unknown [127.0.0.1]) by prime.kalnz.id.lv (Postfix) with ESMTP id 1EC4A1CEB0 for ; Mon, 27 Aug 2007 13:01:12 +0300 (EEST) X-Virus-Scanned: by amavisd-new at kalnz.id.lv Received: from prime.kalnz.id.lv ([127.0.0.1]) by localhost (prime.kalnz.id.lv [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1U+OvtbYrJaQ for ; Mon, 27 Aug 2007 13:01:08 +0300 (EEST) Received: from [10.40.10.247] (unknown [159.148.19.169]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: kalnz@prime.kalnz.id.lv) by prime.kalnz.id.lv (Postfix) with ESMTP id 318A81CE8B for ; Mon, 27 Aug 2007 13:01:08 +0300 (EEST) Message-ID: <46D29F4B.9070901@kalnz.id.lv> Date: Mon, 27 Aug 2007 12:54:19 +0300 From: Kalnz User-Agent: Thunderbird 2.0.0.5 (X11/20070725) MIME-Version: 1.0 To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: pam _start: system error X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: kalnz@kalnz.id.lv List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2007 10:16:51 -0000 Hi! After installing (in the jail) mysql-server-5.0.45 from ports, I can`t get up and running my mysql server. I have to point out that this problem is only inside the jail. All I have is: 1) clean mysql-server install 2) default my.cnf (small systems) 3) mysql_enable="YES" After this server should run, but it didn`t, so I get this: # /usr/local/etc/rc.d/mysql-server start Starting mysql. su: pam_start: system error # In the logs there is: su: in openpam_load_module(): no pam_unix.so found su: pam_start: system error In fact pam_unix.so file is present in /usr/lib directory. I`m sure this is because of jail, but I can`t figure out what could be the problem. I`ve allready googled and did some search on this but without success:( Any help would be apriciated. I`m running FreeBSD 6.2-RELEASE-p5 Best Regards -- Edmunds aka Kalnz From owner-freebsd-jail@FreeBSD.ORG Mon Aug 27 10:55:14 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9E6AA16A421 for ; Mon, 27 Aug 2007 10:55:14 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 5875313C46C for ; Mon, 27 Aug 2007 10:55:14 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A555D1.dip.t-dialin.net [84.165.85.209]) by redbull.bpaserver.net (Postfix) with ESMTP id 43E012E2B0; Mon, 27 Aug 2007 12:54:53 +0200 (CEST) Received: from webmail.leidinger.net (webmail.Leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id AAFCF5B4D81; Mon, 27 Aug 2007 12:54:50 +0200 (CEST) Received: (from www@localhost) by webmail.leidinger.net (8.13.8/8.13.8/Submit) id l7RAsomv076780; Mon, 27 Aug 2007 12:54:50 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Mon, 27 Aug 2007 12:54:50 +0200 Message-ID: <20070827125450.uqdbto3xiwwk80gg@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Mon, 27 Aug 2007 12:54:50 +0200 From: Alexander Leidinger To: kalnz@kalnz.id.lv References: <46D29F4B.9070901@kalnz.id.lv> In-Reply-To: <46D29F4B.9070901@kalnz.id.lv> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.1.4) / FreeBSD-7.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-14.823, required 8, BAYES_00 -15.00, RDNS_DYNAMIC 0.10, TW_LN 0.08) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: freebsd-jail@freebsd.org Subject: Re: pam _start: system error X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2007 10:55:14 -0000 Quoting Kalnz (from Mon, 27 Aug 2007 12:54:19 +0300): > Hi! > > After installing (in the jail) mysql-server-5.0.45 from ports, > I can`t get up and running my mysql server. > I have to point out that this problem is only inside the jail. > All I have is: > 1) clean mysql-server install > 2) default my.cnf (small systems) > 3) mysql_enable=3D"YES" > > After this server should run, but it didn`t, so I get this: > > # /usr/local/etc/rc.d/mysql-server start > Starting mysql. > su: pam_start: system error > # > > In the logs there is: > su: in openpam_load_module(): no pam_unix.so found > su: pam_start: system error > > In fact pam_unix.so file is present in /usr/lib directory. > I`m sure this is because of jail, but I can`t figure out what could be > the problem. How do you startup the jail, how have you populated the basesystem in =20 the jail initially? What's the size of pam_unix.so, what does "file =20 /usr/lib/pam_unix.so" print? Bye, Alexander. --=20 Old age is too high a price to pay for maturity. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137 From owner-freebsd-jail@FreeBSD.ORG Mon Aug 27 19:35:23 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92E2D16A417 for ; Mon, 27 Aug 2007 19:35:23 +0000 (UTC) (envelope-from kalnz@kalnz.id.lv) Received: from smtp.it-depo.lv (smtp.it-depo.lv [159.148.37.66]) by mx1.freebsd.org (Postfix) with ESMTP id 5141F13C442 for ; Mon, 27 Aug 2007 19:35:23 +0000 (UTC) (envelope-from kalnz@kalnz.id.lv) Received: from [192.168.10.10] (prime.kalnz.id.lv [87.226.86.172]) by smtp.it-depo.lv (ESMTP daemon) with ESMTP id 0319A148002; Mon, 27 Aug 2007 22:21:57 +0300 (EEST) Message-ID: <46D32435.4030707@kalnz.id.lv> Date: Mon, 27 Aug 2007 22:21:25 +0300 From: Kalnz User-Agent: Thunderbird 2.0.0.6 (X11/20070824) MIME-Version: 1.0 To: Alexander Leidinger References: <46D29F4B.9070901@kalnz.id.lv> <20070827125450.uqdbto3xiwwk80gg@webmail.leidinger.net> In-Reply-To: <20070827125450.uqdbto3xiwwk80gg@webmail.leidinger.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-SVQtREVQTw==-Scanner: Found to be clean X-SVQtREVQTw==-Scanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-1.925, required 1, autolearn=not spam, AWL 0.67, BAYES_00 -2.60) Cc: freebsd-jail@freebsd.org Subject: Re: pam _start: system error X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: kalnz@kalnz.id.lv List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2007 19:35:23 -0000 Alexander Leidinger wrote: > Quoting Kalnz (from Mon, 27 Aug 2007 12:54:19 +0300): > >> Hi! >> >> After installing (in the jail) mysql-server-5.0.45 from ports, >> I can`t get up and running my mysql server. >> I have to point out that this problem is only inside the jail. >> All I have is: >> 1) clean mysql-server install >> 2) default my.cnf (small systems) >> 3) mysql_enable="YES" >> >> After this server should run, but it didn`t, so I get this: >> >> # /usr/local/etc/rc.d/mysql-server start >> Starting mysql. >> su: pam_start: system error >> # >> >> In the logs there is: >> su: in openpam_load_module(): no pam_unix.so found >> su: pam_start: system error >> >> In fact pam_unix.so file is present in /usr/lib directory. >> I`m sure this is because of jail, but I can`t figure out what could be >> the problem. > > How do you startup the jail, how have you populated the basesystem in > the jail initially? What's the size of pam_unix.so, what does "file > /usr/lib/pam_unix.so" print? I took some info from here when making my first jail : http://www.section6.net/wiki/index.php/Creating_a_FreeBSD_Jail Anyway I have 2 jails and everything was working fine until now when I installed mysql-server and can`t run it inside the jail. # file /usr/lib/pam_unix.so output: pam_unix.so: symbolic link to `pam_unix.so.3' The same output from base system. size = 10848 Bytes Kalnz > > Bye, > Alexander. > From owner-freebsd-jail@FreeBSD.ORG Tue Aug 28 22:10:33 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1839816A41A; Tue, 28 Aug 2007 22:10:33 +0000 (UTC) (envelope-from jeff@sailorfej.net) Received: from mail.sailorfej.net (mail.sailorfej.net [66.93.72.123]) by mx1.freebsd.org (Postfix) with ESMTP id DB4FC13C45D; Tue, 28 Aug 2007 22:10:32 +0000 (UTC) (envelope-from jeff@sailorfej.net) Received: from [127.0.0.1] (c-67-160-132-255.hsd1.or.comcast.net [67.160.132.255]) (authenticated bits=0) by mail.sailorfej.net (8.13.8/8.13.8) with ESMTP id l7SLmvXx048981 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 28 Aug 2007 14:49:01 -0700 (PDT) (envelope-from jeff@sailorfej.net) Message-ID: <46D4983E.2050305@sailorfej.net> Date: Tue, 28 Aug 2007 14:48:46 -0700 From: Jeffrey Williams User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-jail@freebsd.org, freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=1.4 required=6.0 tests=BAYES_00,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.1.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on mail.sailorfej.net Cc: Subject: Running jails on multiple subnets with multiple interfaces X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2007 22:10:33 -0000 I have a server with two interfaces, I want to run the host and a couple of jails using one interface on one subnet (internal interface, private IP, behind NAT/firewall) and some other jails using the other interface on another subnet (external interface, public IP, DMZ). Now my understanding of the challenge in doing this, is that the network stack is not "virtualized" in the jails, so all the jails use the same routing table, and for obvious reasons only one default router. (also just for sake of clarity I don't want to enable routing between interfaces on the jail host) Now if I understand all this correctly, then what will happen is, if I set the default router to the internal networks exit router (the NAT/firewall), then the jails listening on the external interface will only be able to talk to their local subnet, and because the internal subnet won't exist for them they won't be able to connect to the network at large. If I set the default router to the external networks exit router (the DMZ perimeter firewall) then the host and jails listening on the internal network won't be able to be able to talk to the internet beyond the local nets, the jails because the external network doesn't exist for them, and the host because even though it can talk to both nets, the services are configured to only listen to the internal net, and the it will be trying to send all outgoing traffic to the public net, thus not creating and NAT table entries on the NAT/Firewall for the return connections. Is there anyway to achieve what I have trying to do? Thanks Jeffrey williams From owner-freebsd-jail@FreeBSD.ORG Tue Aug 28 23:13:55 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3BDF16A418; Tue, 28 Aug 2007 23:13:55 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from conn-smtp.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2]) by mx1.freebsd.org (Postfix) with ESMTP id 6DB6413C4A5; Tue, 28 Aug 2007 23:13:55 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from mail.tcbug.org (mail.tcbug.org [208.42.70.163]) by conn-smtp.mc.mpls.visi.com (Postfix) with ESMTP id D260A7903; Tue, 28 Aug 2007 17:43:14 -0500 (CDT) Received: by mail.tcbug.org (Postfix, from userid 1001) id 7A379342C9C; Tue, 28 Aug 2007 17:43:14 -0500 (CDT) Date: Tue, 28 Aug 2007 17:43:14 -0500 From: Josh Paetzel To: Jeffrey Williams Message-ID: <20070828224314.GB4446@tcbug.org> Mail-Followup-To: Jeffrey Williams , freebsd-jail@freebsd.org, freebsd-net@freebsd.org References: <46D4983E.2050305@sailorfej.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="C311HLcnHV2CzHlo" Content-Disposition: inline In-Reply-To: <46D4983E.2050305@sailorfej.net> Cc: freebsd-net@freebsd.org, freebsd-jail@freebsd.org Subject: Re: Running jails on multiple subnets with multiple interfaces X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Josh Paetzel List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2007 23:13:55 -0000 --C311HLcnHV2CzHlo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Jeffrey Williams wrote: > I have a server with two interfaces, I want to run the host and a couple = of=20 > jails using one interface on one subnet (internal interface, private IP, = behind=20 > NAT/firewall) and some other jails using the other interface on another s= ubnet=20 > (external interface, public IP, DMZ). >=20 > Now my understanding of the challenge in doing this, is that the network = stack=20 > is not "virtualized" in the jails, so all the jails use the same routing = table,=20 > and for obvious reasons only one default router. (also just for sake of c= larity=20 > I don't want to enable routing between interfaces on the jail host) >=20 > Now if I understand all this correctly, then what will happen is, if I se= t the=20 > default router to the internal networks exit router (the NAT/firewall), t= hen=20 > the jails listening on the external interface will only be able to talk t= o=20 > their local subnet, and because the internal subnet won't exist for them = they=20 > won't be able to connect to the network at large. >=20 > If I set the default router to the external networks exit router (the DMZ= =20 > perimeter firewall) then the host and jails listening on the internal net= work=20 > won't be able to be able to talk to the internet beyond the local nets, t= he=20 > jails because the external network doesn't exist for them, and the host b= ecause=20 > even though it can talk to both nets, the services are configured to only= =20 > listen to the internal net, and the it will be trying to send all outgoin= g=20 > traffic to the public net, thus not creating and NAT table entries on the= =20 > NAT/Firewall for the return connections. >=20 > Is there anyway to achieve what I have trying to do? >=20 > Thanks > Jeffrey williams PF makes a very effective workaround to this with it's route-to option...effectively letting you bypass the routing table altogether and set up per IP behavior. For instance, I use it in the following scenario, where a box has two interfaces with public IPs and I don't want answers to connections on the 'secondary' interface to go out the default route. connection 1's router 192.168.1.1 em0 ip 192.168.1.2/24 connection 2's router 10.0.0.1 em1 ip 10.0.0.2/24 if connection 1 is the 'primary' link then set the default route to 192.168.1.1 and put the following rule in pf.conf pass out route-to (em1 10.0.0.1) from 10.0.0.2 to ! 10.0.0.0/24 If you were to give more concrete examples of your config I could probably help you out with a workable pf solution. --=20 Thanks, Josh Paetzel --C311HLcnHV2CzHlo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQFG1KUBJvkB8SevrssRAtSWAJ0RaJcQTthdu6m7EvKdsgdlgaXGfACgiUna gt1D/TcQzDwxawX3M1OpOLk= =KZ8Q -----END PGP SIGNATURE----- --C311HLcnHV2CzHlo-- From owner-freebsd-jail@FreeBSD.ORG Wed Aug 29 13:34:01 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB26D16A421 for ; Wed, 29 Aug 2007 13:34:01 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outT.internet-mail-service.net (outT.internet-mail-service.net [216.240.47.243]) by mx1.freebsd.org (Postfix) with ESMTP id 8CC3C13C458 for ; Wed, 29 Aug 2007 13:34:01 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Wed, 29 Aug 2007 06:19:16 -0700 Received: from julian-mac.elischer.org (fibhost-122-174.fibernet.bacs-net.hu [85.66.122.174]) by idiom.com (Postfix) with ESMTP id 2B4EA1261F2; Wed, 29 Aug 2007 06:19:14 -0700 (PDT) Message-ID: <46D5724E.8020208@elischer.org> Date: Wed, 29 Aug 2007 06:19:10 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: Jeffrey Williams , freebsd-jail@freebsd.org, freebsd-net@freebsd.org References: <46D4983E.2050305@sailorfej.net> <20070828224314.GB4446@tcbug.org> In-Reply-To: <20070828224314.GB4446@tcbug.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Running jails on multiple subnets with multiple interfaces X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2007 13:34:01 -0000 Josh Paetzel wrote: > Jeffrey Williams wrote: >> I have a server with two interfaces, I want to run the host and a couple of >> jails using one interface on one subnet (internal interface, private IP, behind >> NAT/firewall) and some other jails using the other interface on another subnet >> (external interface, public IP, DMZ). >> >> Now my understanding of the challenge in doing this, is that the network stack >> is not "virtualized" in the jails, so all the jails use the same routing table, >> and for obvious reasons only one default router. (also just for sake of clarity >> I don't want to enable routing between interfaces on the jail host) >> >> Now if I understand all this correctly, then what will happen is, if I set the >> default router to the internal networks exit router (the NAT/firewall), then >> the jails listening on the external interface will only be able to talk to >> their local subnet, and because the internal subnet won't exist for them they >> won't be able to connect to the network at large. >> >> If I set the default router to the external networks exit router (the DMZ >> perimeter firewall) then the host and jails listening on the internal network >> won't be able to be able to talk to the internet beyond the local nets, the >> jails because the external network doesn't exist for them, and the host because >> even though it can talk to both nets, the services are configured to only >> listen to the internal net, and the it will be trying to send all outgoing >> traffic to the public net, thus not creating and NAT table entries on the >> NAT/Firewall for the return connections. >> >> Is there anyway to achieve what I have trying to do? >> >> Thanks >> Jeffrey williams > > PF makes a very effective workaround to this with it's route-to > option...effectively letting you bypass the routing table altogether > and set up per IP behavior. > > For instance, I use it in the following scenario, where a box has two > interfaces with public IPs and I don't want answers to connections on > the 'secondary' interface to go out the default route. ipfw can also do this using the fwd rule. in 7.x (and 6-stable) you can also do: ipfw table 1 add 1.2.3.4/28 2.2.2.2 <-- a specific route ipfw table 1 add 0.0.0.0/0 3.3.3.3 <-- a default route ipfw add 300 fwd tablearg ip from ${ADDRESS2} to table(1) out > > connection 1's router 192.168.1.1 > em0 ip 192.168.1.2/24 > > connection 2's router 10.0.0.1 > em1 ip 10.0.0.2/24 > > if connection 1 is the 'primary' link then set the default route to > 192.168.1.1 and put the following rule in pf.conf > > pass out route-to (em1 10.0.0.1) from 10.0.0.2 to ! 10.0.0.0/24 > > If you were to give more concrete examples of your config I could > probably help you out with a workable pf solution. > From owner-freebsd-jail@FreeBSD.ORG Wed Aug 29 15:36:35 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F1BCF16A4D4 for ; Wed, 29 Aug 2007 15:36:34 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 6DBCA13C428 for ; Wed, 29 Aug 2007 15:36:34 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A5718D.dip.t-dialin.net [84.165.113.141]) by redbull.bpaserver.net (Postfix) with ESMTP id 4DD312E332; Wed, 29 Aug 2007 17:36:22 +0200 (CEST) Received: from webmail.leidinger.net (webmail.Leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id D48A55B4996; Wed, 29 Aug 2007 17:36:19 +0200 (CEST) Received: (from www@localhost) by webmail.leidinger.net (8.13.8/8.13.8/Submit) id l7TFaJcO010471; Wed, 29 Aug 2007 17:36:19 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from proxy.Leidinger.net (proxy.Leidinger.net [192.168.1.103]) by webmail.leidinger.net (Horde MIME library) with HTTP; Wed, 29 Aug 2007 17:36:19 +0200 Message-ID: <20070829173619.sghqpfenb4swkkk8@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Wed, 29 Aug 2007 17:36:19 +0200 From: Alexander Leidinger To: kalnz@kalnz.id.lv References: <46D29F4B.9070901@kalnz.id.lv> <20070827125450.uqdbto3xiwwk80gg@webmail.leidinger.net> <46D32435.4030707@kalnz.id.lv> In-Reply-To: <46D32435.4030707@kalnz.id.lv> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.1.4) / FreeBSD-7.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-14.746, required 8, BAYES_00 -15.00, RDNS_DYNAMIC 0.10, TW_LN 0.08, TW_ZJ 0.08) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: freebsd-jail@freebsd.org Subject: Re: pam _start: system error X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2007 15:36:35 -0000 Quoting Kalnz (from Mon, 27 Aug 2007 22:21:25 +0300): > Alexander Leidinger wrote: >> Quoting Kalnz (from Mon, 27 Aug 2007 12:54:19 +0300): >> >>> Hi! >>> >>> After installing (in the jail) mysql-server-5.0.45 from ports, >>> I can`t get up and running my mysql server. >>> I have to point out that this problem is only inside the jail. >>> All I have is: >>> 1) clean mysql-server install >>> 2) default my.cnf (small systems) >>> 3) mysql_enable=3D"YES" >>> >>> After this server should run, but it didn`t, so I get this: >>> >>> # /usr/local/etc/rc.d/mysql-server start >>> Starting mysql. >>> su: pam_start: system error >>> # >>> >>> In the logs there is: >>> su: in openpam_load_module(): no pam_unix.so found >>> su: pam_start: system error >>> >>> In fact pam_unix.so file is present in /usr/lib directory. >>> I`m sure this is because of jail, but I can`t figure out what could be >>> the problem. >> >> How do you startup the jail, how have you populated the basesystem =20 >> in the jail initially? What's the size of pam_unix.so, what does =20 >> "file /usr/lib/pam_unix.so" print? > I took some info from here when making my first jail : > http://www.section6.net/wiki/index.php/Creating_a_FreeBSD_Jail > Anyway I have 2 jails and everything was working fine until now when I > installed mysql-server and can`t run it inside the jail. It's not the installtion instruction as documented by FreeBSD. I use =20 mysql in an ezjail (ports) created jail. It works without any problems. > # file /usr/lib/pam_unix.so output: > pam_unix.so: symbolic link to `pam_unix.so.3' > The same output from base system. > size =3D 10848 Bytes As the size is printed, there's a real file at the end of the link. So =20 my first idea what the problem is, is busted. ATM I have no further =20 idea. You would have to "ktrace -i" what the mysql startup is doing =20 and have a look at the output (man ktrace, man dump). Then you can =20 maybe check that everything what it tries to touch is there. Bye, Alexander. --=20 People who go to conferences are the ones who shouldn't. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137 From owner-freebsd-jail@FreeBSD.ORG Thu Aug 30 08:51:01 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 471B716A417 for ; Thu, 30 Aug 2007 08:51:01 +0000 (UTC) (envelope-from photor@photor.de) Received: from mout1.freenet.de (mout1.freenet.de [IPv6:2001:748:100:40::2:3]) by mx1.freebsd.org (Postfix) with ESMTP id 8BA6A13C4A3 for ; Thu, 30 Aug 2007 08:51:00 +0000 (UTC) (envelope-from photor@photor.de) Received: from [195.4.92.13] (helo=mx3.freenet.de) by mout1.freenet.de with esmtpa (Exim 4.68-dev) (envelope-from ) id 1IQfjv-0003xv-Mz for freebsd-jail@freebsd.org; Thu, 30 Aug 2007 10:50:59 +0200 Received: from nagare.informatik.uni-rostock.de ([139.30.241.8]:59948 helo=worf.mydomain.home) by mx3.freenet.de with esmtpsa (ID photor@photor.de) (TLSv1:AES256-SHA:256) (port 25) (Exim 4.68-dev #12) id 1IQfju-00013T-7V for freebsd-jail@freebsd.org; Thu, 30 Aug 2007 10:50:58 +0200 Received: from photor by worf.mydomain.home with local (Exim 4.67 (FreeBSD)) (envelope-from ) id 1IQfeI-000HMy-UT for freebsd-jail@freebsd.org; Thu, 30 Aug 2007 10:45:11 +0200 Date: Thu, 30 Aug 2007 10:45:10 +0200 From: Karsten Rothemund To: freebsd-jail@freebsd.org Message-ID: <20070830084510.GA66523@www.photor.de> Mail-Followup-To: freebsd-jail@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="BOKacYhQ+x31HxR3" Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Organisation: private site X-Url: http://www.photor.de X-GPG-Fingerprint: E752 C759 B9B2 2057 E42F 50EE 47AC A7CE 7019 CAA5 Sender: Karsten Rothemund X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: photor@photor.de X-SA-Exim-Scanned: No (on worf.mydomain.home); SAEximRunCond expanded to false Subject: Running postgres 8.2 in a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: karsten@photor.de List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Aug 2007 08:51:01 -0000 --BOKacYhQ+x31HxR3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello list, I played a little bit with jails on FBSD 6.2 (just to learn). One jail I want to use as database server, so installed postgresql82-server from the ports.=20 But when I try to initdb I get the following: pgsql# /usr/local/etc/rc.d/postgresql initdb The files belonging to this database system will be owned by user "pgsql". This user must also own the server process. The database cluster will be initialized with locales COLLATE: C CTYPE: en_US.UTF-8 MESSAGES: en_US.UTF-8 MONETARY: en_US.UTF-8 NUMERIC: en_US.UTF-8 TIME: en_US.UTF-8 creating directory /usr/local/pgsql/data ... ok creating subdirectories ... ok selecting default max_connections ... 10 selecting default shared_buffers/max_fsm_pages ... 400kB/20000 creating configuration files ... ok creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: cou= ld not create semaphores: No space left on device DETAIL: Failed system call was semget(1, 17, 03600). HINT: This error does *not* mean that you have run out of disk space. It occurs when either the system limit for the maximum number of se= maphore sets (SEMMNI), or the system wide maximum number of semaphores (SEM= MNS), would be exceeded. You need to raise the respective kernel parameter= . Alternatively, reduce PostgreSQL's consumption of semaphores by reducing= its max_connections parameter (currently 10). The PostgreSQL documentation contains more information about config= uring your system for PostgreSQL. child process exited with exit code 1 initdb: removing data directory "/usr/local/pgsql/data" As I understand, I have to change some sysctls to - allow the jail to use some resources: security.jail.sysvipc_allowed=3D1 - raise some values of kern.ipc; this looks like the following: pgsql# sysctl kern.ipc | grep sem kern.ipc.semmap: 256 kern.ipc.semmni: 10 kern.ipc.semmns: 60 kern.ipc.semmnu: 30 kern.ipc.semmsl: 60 kern.ipc.semopm: 100 kern.ipc.semume: 10 kern.ipc.semusz: 92 kern.ipc.semvmx: 32767 kern.ipc.semaem: 16384 - and the same with shared memory (got this from the postgres documentation) pgsql# sysctl -a | grep shm kern.ipc.shmmax: 134217728 kern.ipc.shmmin: 1 kern.ipc.shmmni: 192 kern.ipc.shmseg: 128 kern.ipc.shmall: 32768 kern.ipc.shm_use_phys: 0 kern.ipc.shm_allow_removed: 0 but postgres does still not initdb (I tried also with postgresql74-server which worked).=20 The question is simple: what is missing, what is wrong? (I can of course provide any config and information if more is needed) Thank you for any hint, Karsten --=20 Karsten Rothemund /"\ PGP-Key: 0x7019CAA5 \ / Fingerprint: E752 C759 B9B2 2057 E42F \ ASCII Ribbon Campaign 50EE 47AC A7CE 7019 CAA5 / \ Against HTML Mail and News --BOKacYhQ+x31HxR3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG1oOWR6ynznAZyqURAsROAJ95/+MMeAY1BrmjnmufIaD22mT+TgCguFNz W7eACnKdK7pIz236WBMTErE= =2Zc+ -----END PGP SIGNATURE----- --BOKacYhQ+x31HxR3-- From owner-freebsd-jail@FreeBSD.ORG Thu Aug 30 10:19:01 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D91C616A41A for ; Thu, 30 Aug 2007 10:19:01 +0000 (UTC) (envelope-from kalnz@kalnz.id.lv) Received: from prime.kalnz.id.lv (prime.kalnz.id.lv [87.226.86.172]) by mx1.freebsd.org (Postfix) with ESMTP id 939B113C48E for ; Thu, 30 Aug 2007 10:19:01 +0000 (UTC) (envelope-from kalnz@kalnz.id.lv) Received: from localhost (unknown [127.0.0.1]) by prime.kalnz.id.lv (Postfix) with ESMTP id 5B8491CEC3; Thu, 30 Aug 2007 13:22:27 +0300 (EEST) X-Virus-Scanned: by amavisd-new at kalnz.id.lv Received: from prime.kalnz.id.lv ([127.0.0.1]) by localhost (prime.kalnz.id.lv [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mFLMXaqAnzVm; Thu, 30 Aug 2007 13:22:23 +0300 (EEST) Received: from [10.40.10.247] (unknown [159.148.19.169]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: kalnz@prime.kalnz.id.lv) by prime.kalnz.id.lv (Postfix) with ESMTP id 7B3051CEC1; Thu, 30 Aug 2007 13:22:23 +0300 (EEST) Message-ID: <46D6989E.6080400@kalnz.id.lv> Date: Thu, 30 Aug 2007 13:14:54 +0300 From: Kalnz User-Agent: Thunderbird 2.0.0.6 (X11/20070824) MIME-Version: 1.0 To: Alexander Leidinger References: <46D29F4B.9070901@kalnz.id.lv> <20070827125450.uqdbto3xiwwk80gg@webmail.leidinger.net> <46D32435.4030707@kalnz.id.lv> <20070829173619.sghqpfenb4swkkk8@webmail.leidinger.net> In-Reply-To: <20070829173619.sghqpfenb4swkkk8@webmail.leidinger.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: pam _start: system error X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: kalnz@kalnz.id.lv List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Aug 2007 10:19:01 -0000 Alexander Leidinger wrote: > Quoting Kalnz (from Mon, 27 Aug 2007 22:21:25 +0300): > >> Alexander Leidinger wrote: >>> Quoting Kalnz (from Mon, 27 Aug 2007 12:54:19 >>> +0300): >>> >>>> Hi! >>>> >>>> After installing (in the jail) mysql-server-5.0.45 from ports, >>>> I can`t get up and running my mysql server. >>>> I have to point out that this problem is only inside the jail. >>>> All I have is: >>>> 1) clean mysql-server install >>>> 2) default my.cnf (small systems) >>>> 3) mysql_enable="YES" >>>> >>>> After this server should run, but it didn`t, so I get this: >>>> >>>> # /usr/local/etc/rc.d/mysql-server start >>>> Starting mysql. >>>> su: pam_start: system error >>>> # >>>> >>>> In the logs there is: >>>> su: in openpam_load_module(): no pam_unix.so found >>>> su: pam_start: system error >>>> >>>> In fact pam_unix.so file is present in /usr/lib directory. >>>> I`m sure this is because of jail, but I can`t figure out what could be >>>> the problem. >>> >>> How do you startup the jail, how have you populated the basesystem >>> in the jail initially? What's the size of pam_unix.so, what does >>> "file /usr/lib/pam_unix.so" print? >> I took some info from here when making my first jail : >> http://www.section6.net/wiki/index.php/Creating_a_FreeBSD_Jail >> Anyway I have 2 jails and everything was working fine until now when I >> installed mysql-server and can`t run it inside the jail. > > It's not the installtion instruction as documented by FreeBSD. I use > mysql in an ezjail (ports) created jail. It works without any problems. > >> # file /usr/lib/pam_unix.so output: >> pam_unix.so: symbolic link to `pam_unix.so.3' >> The same output from base system. >> size = 10848 Bytes > > As the size is printed, there's a real file at the end of the link. So > my first idea what the problem is, is busted. ATM I have no further > idea. You would have to "ktrace -i" what the mysql startup is doing > and have a look at the output (man ktrace, man dump). Then you can > maybe check that everything what it tries to touch is there. > > Bye, > Alexander. > At the moment I`ve noticed that mysql do not like 2 files in /etc/pam.d - "su" and "other" which are here by default after freebsd install. In fact in base system mysql works well and /etc/pam.d content is the same. Anyway when I rename or remove these 2 files, mysql starts and run well, it seems there is no problems then. It is clear that it is connected with pam modules. I think I should do some debug when starting mysql as you said to find out where exactly is the problem... -- Edmunds aka Kalnz From owner-freebsd-jail@FreeBSD.ORG Thu Aug 30 11:19:13 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CE3DC16A420 for ; Thu, 30 Aug 2007 11:19:13 +0000 (UTC) (envelope-from m.boyarov@bsd.by) Received: from mx1.cybernet.by (mx1.cybernet.by [212.98.164.131]) by mx1.freebsd.org (Postfix) with ESMTP id 7AD9313C4B0 for ; Thu, 30 Aug 2007 11:19:13 +0000 (UTC) (envelope-from m.boyarov@bsd.by) Received: from mx1.cybernet.by (mx1.cybernet.by [127.0.0.10]) by mx1.cybernet.by (Postfix) with ESMTP id 7A7C6CDF558 for ; Thu, 30 Aug 2007 13:59:17 +0300 (EEST) Received: from interceptor.bsd.by (partizan.velesys.com [213.184.230.195]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.cybernet.by (Postfix) with ESMTP id 286B0CDED8A for ; Thu, 30 Aug 2007 13:59:16 +0300 (EEST) Received: by interceptor.bsd.by (Postfix, from userid 1001) id 13BCD22850; Thu, 30 Aug 2007 13:59:47 +0300 (EEST) X-Comment-To: Karsten Rothemund To: freebsd-jail@freebsd.org References: <20070830084510.GA66523@www.photor.de> From: m.boyarov@bsd.by (Max N. Boyarov) Date: Thu, 30 Aug 2007 13:59:42 +0300 In-Reply-To: <20070830084510.GA66523@www.photor.de> (Karsten Rothemund's message of "Thu, 30 Aug 2007 10:45:10 +0200") Message-ID: <86hcmhb84h.fsf@bsd.by> X-Mailer: Gnus v5.11/GNU Emacs 22.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Virus-Scanned: ClamAV Subject: Re: Running postgres 8.2 in a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Aug 2007 11:19:13 -0000 --=-=-= Content-Transfer-Encoding: quoted-printable >>>>> "KR" =3D=3D Karsten Rothemund writes: KR> Hello list, KR> I played a little bit with jails on FBSD 6.2 (just to learn). One jail KR> I want to use as database server, so installed postgresql82-server KR> from the ports.=20 [cut] KR> The question is simple: what is missing, what is wrong? KR> (I can of course provide any config and information if more is needed) KR> Thank you for any hint, try enable security.jail.sysvipc_allowed =2D-=20 Max N. Boyarov / jid: zotrix@jabber.ru / Key fingerprint: F6E5 A1DE 619F 72E3 3EEC 2EFF 5C95 E05C CA05 9E8F --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFG1qMjXJXgXMoFno8RAkvIAJ0fHigf/LcT7rhfa8LehmR22DgLWACfU/fP gWtns8VbJzQSaNf444GbooM= =apjr -----END PGP SIGNATURE----- --=-=-=-- From owner-freebsd-jail@FreeBSD.ORG Thu Aug 30 14:46:33 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 497FD16A420 for ; Thu, 30 Aug 2007 14:46:33 +0000 (UTC) (envelope-from phoffman@proper.com) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by mx1.freebsd.org (Postfix) with ESMTP id 12BBA13C474 for ; Thu, 30 Aug 2007 14:46:32 +0000 (UTC) (envelope-from phoffman@proper.com) Received: from [10.20.30.108] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l7UEkN9O050652 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 30 Aug 2007 07:46:24 -0700 (MST) (envelope-from phoffman@proper.com) Mime-Version: 1.0 Message-Id: Date: Thu, 30 Aug 2007 07:45:40 -0700 To: freebsd-jail@freebsd.org From: Paul Hoffman Content-Type: text/plain; charset="us-ascii" ; format="flowed" Subject: Hosted FreeBSD jail services? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Aug 2007 14:46:33 -0000 Greetings again. Do folks here know of any commercially hosted FreeBSD virtual servers that use jails? I could not find any that used FreeBSD as Xen domU images. Verio's $90/month is ridiculously expensive. From owner-freebsd-jail@FreeBSD.ORG Thu Aug 30 18:20:37 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C14C316A41A for ; Thu, 30 Aug 2007 18:20:37 +0000 (UTC) (envelope-from photor@photor.de) Received: from mout0.freenet.de (mout0.freenet.de [IPv6:2001:748:100:40::2:2]) by mx1.freebsd.org (Postfix) with ESMTP id E544613C4F3 for ; Thu, 30 Aug 2007 18:20:36 +0000 (UTC) (envelope-from photor@photor.de) Received: from [195.4.92.14] (helo=mx4.freenet.de) by mout0.freenet.de with esmtpa (Exim 4.68-dev) (envelope-from ) id 1IQod7-0000ea-26 for freebsd-jail@freebsd.org; Thu, 30 Aug 2007 20:20:33 +0200 Received: from nagare.informatik.uni-rostock.de ([139.30.241.8]:52775 helo=worf.mydomain.home) by mx4.freenet.de with esmtpsa (ID photor@photor.de) (TLSv1:AES256-SHA:256) (port 25) (Exim 4.68-dev #12) id 1IQod6-0002OG-Du for freebsd-jail@freebsd.org; Thu, 30 Aug 2007 20:20:32 +0200 Received: from photor by worf.mydomain.home with local (Exim 4.67 (FreeBSD)) (envelope-from ) id 1IQod3-000BmH-AZ for freebsd-jail@freebsd.org; Thu, 30 Aug 2007 20:20:29 +0200 Date: Thu, 30 Aug 2007 20:20:29 +0200 From: Karsten Rothemund To: freebsd-jail@freebsd.org Message-ID: <20070830182029.GA45007@www.photor.de> Mail-Followup-To: freebsd-jail@freebsd.org References: <20070830084510.GA66523@www.photor.de> <86hcmhb84h.fsf@bsd.by> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vtzGhvizbBRQ85DL" Content-Disposition: inline In-Reply-To: <86hcmhb84h.fsf@bsd.by> User-Agent: Mutt/1.4.2.3i X-Organisation: private site X-Url: http://www.photor.de X-GPG-Fingerprint: E752 C759 B9B2 2057 E42F 50EE 47AC A7CE 7019 CAA5 Sender: Karsten Rothemund X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: photor@photor.de X-SA-Exim-Scanned: No (on worf.mydomain.home); SAEximRunCond expanded to false Subject: Re: Running postgres 8.2 in a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: karsten@photor.de List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Aug 2007 18:20:37 -0000 --vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 30, 2007 at 01:59:42PM +0300, Max N. Boyarov wrote: >=20 > try enable security.jail.sysvipc_allowed > It was already set to "1" # sysctl security.jail.sysvipc_allowed security.jail.sysvipc_allowed: 1 So I think, the jail should see the settings I talked about in the previous post. Ciao, Karsten --=20 Karsten Rothemund /"\ PGP-Key: 0x7019CAA5 \ / Fingerprint: E752 C759 B9B2 2057 E42F \ ASCII Ribbon Campaign 50EE 47AC A7CE 7019 CAA5 / \ Against HTML Mail and News --vtzGhvizbBRQ85DL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG1wptR6ynznAZyqURAnsUAJ9Pif9dMn6vPO4BZFRKInlOCPbNvQCcD3I2 Xzu5DnsUSXMs5MJkrw4AGmk= =SFce -----END PGP SIGNATURE----- --vtzGhvizbBRQ85DL-- From owner-freebsd-jail@FreeBSD.ORG Thu Aug 30 22:32:15 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F2BD116A421 for ; Thu, 30 Aug 2007 22:32:15 +0000 (UTC) (envelope-from davidn04@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.226]) by mx1.freebsd.org (Postfix) with ESMTP id 5AF7313C49D for ; Thu, 30 Aug 2007 22:32:15 +0000 (UTC) (envelope-from davidn04@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so570355wxd for ; Thu, 30 Aug 2007 15:32:14 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=nqRV9++q1jKEqQ0cssvIErGzL70LxGIjcmIShrHWfSrMVUfZAb719+9YVkKieQm6GvR5hggAgmZ76AJOfwmPDWbynOlj+D4dfDveU0mpfH0KtMJGBhe/dt2msaA3yOXocrOQP2EFDTVzEbibOQwxmHq1IR8fsSMnmHTwlZmrgrA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=b35YgNeaFG0jMd2yWojI+1fWNcHHSxxl5RvjLqtgZNeUrjYqiKN2sXL0hcBh23TPz14mMdhaF4zid2mWWUHcYPNFpgy5WiEpcZrvu9xRUrK0F7N7P16QHw8X1VdGqux5lacWio93hY9yftH0hpuWFBgtU4S76/n/wQ0MaVmwZv4= Received: by 10.90.115.9 with SMTP id n9mr1305008agc.1188511459098; Thu, 30 Aug 2007 15:04:19 -0700 (PDT) Received: by 10.90.120.17 with HTTP; Thu, 30 Aug 2007 15:04:19 -0700 (PDT) Message-ID: <4d7dd86f0708301504u7078d444m950cadbe5d906159@mail.gmail.com> Date: Fri, 31 Aug 2007 08:04:19 +1000 From: "David N" To: karsten@photor.de, freebsd-jail@freebsd.org In-Reply-To: <20070830084510.GA66523@www.photor.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070830084510.GA66523@www.photor.de> Cc: Subject: Re: Running postgres 8.2 in a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Aug 2007 22:32:16 -0000 On 30/08/2007, Karsten Rothemund wrote: > Hello list, > > I played a little bit with jails on FBSD 6.2 (just to learn). One jail > I want to use as database server, so installed postgresql82-server > from the ports. > > But when I try to initdb I get the following: > > pgsql# /usr/local/etc/rc.d/postgresql initdb > The files belonging to this database system will be owned by user "pgsql". > This user must also own the server process. > > The database cluster will be initialized with locales > COLLATE: C > CTYPE: en_US.UTF-8 > MESSAGES: en_US.UTF-8 > MONETARY: en_US.UTF-8 > NUMERIC: en_US.UTF-8 > TIME: en_US.UTF-8 > > creating directory /usr/local/pgsql/data ... ok > creating subdirectories ... ok > selecting default max_connections ... 10 > selecting default shared_buffers/max_fsm_pages ... 400kB/20000 > creating configuration files ... ok > creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: could not create semaphores: No space left on device > DETAIL: Failed system call was semget(1, 17, 03600). > HINT: This error does *not* mean that you have run out of disk space. > It occurs when either the system limit for the maximum number of semaphore sets (SEMMNI), or the system wide maximum number of semaphores (SEMMNS), would be exceeded. You need to raise the respective kernel parameter. Alternatively, reduce PostgreSQL's consumption of semaphores by reducing its max_connections parameter (currently 10). > The PostgreSQL documentation contains more information about configuring your system for PostgreSQL. > child process exited with exit code 1 > initdb: removing data directory "/usr/local/pgsql/data" > > As I understand, I have to change some sysctls to > - allow the jail to use some resources: security.jail.sysvipc_allowed=1 > - raise some values of kern.ipc; this looks like the following: > pgsql# sysctl kern.ipc | grep sem > kern.ipc.semmap: 256 > kern.ipc.semmni: 10 > kern.ipc.semmns: 60 > kern.ipc.semmnu: 30 > kern.ipc.semmsl: 60 > kern.ipc.semopm: 100 > kern.ipc.semume: 10 > kern.ipc.semusz: 92 > kern.ipc.semvmx: 32767 > kern.ipc.semaem: 16384 > - and the same with shared memory (got this from the postgres > documentation) > pgsql# sysctl -a | grep shm > kern.ipc.shmmax: 134217728 > kern.ipc.shmmin: 1 > kern.ipc.shmmni: 192 > kern.ipc.shmseg: 128 > kern.ipc.shmall: 32768 > kern.ipc.shm_use_phys: 0 > kern.ipc.shm_allow_removed: 0 > > but postgres does still not initdb (I tried also with postgresql74-server > which worked). > > The question is simple: what is missing, what is wrong? > > (I can of course provide any config and information if more is needed) > > Thank you for any hint, > > Karsten > > -- > > Karsten Rothemund /"\ > PGP-Key: 0x7019CAA5 \ / > Fingerprint: E752 C759 B9B2 2057 E42F \ ASCII Ribbon Campaign > 50EE 47AC A7CE 7019 CAA5 / \ Against HTML Mail and News > > in your /etc/rc.conf put jail_sysvipc_allow="YES" Regards David N