Date: Fri, 7 Feb 2020 23:49:32 -0800 From: David Christensen <dpchrist@holgerdanske.com> To: freebsd-questions@freebsd.org Subject: Re: jail and dedicated zfs dataset Message-ID: <6e0b58da-4162-06b8-0859-e584cbf1fc99@holgerdanske.com> In-Reply-To: <20200207082621.GB38088@foucry.net> References: <20200204214404.GB36588@foucry.net> <bb55f226-5e35-77db-0219-03ef972853f4@holgerdanske.com> <20200207082621.GB38088@foucry.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2020-02-07 00:26, Jacques Foucry wrote:
> Le mardi 04 févr. 2020 à 22:56:54 (-0800), David Christensen à écrit:
>> On 2020-02-04 13:44, Jacques Foucry wrote:
>
> Hello David,
>
> Thanks for your answer.
>> I have a SOHO LAN with a FreeBSD server and jails for CVS and Samba. I
>> (mostly) followed along with Chapter 22 of Lucas AF3E [1]:
>
> Definitively I need to buy and read it.
+1
>> 2020-02-04 22:30:15 toor@soho ~
>> # freebsd-version
>> 12.1-RELEASE-p1
>>
>> 2020-02-04 22:30:23 toor@soho ~
>> # uname -a
>> FreeBSD soho.tracy.holgerdanske.com 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1
>> GENERIC amd64
>
> Same situation as mine…
Okay.
>> I created a top-level ZFS dataset in my root pool for jails. I then created
>> a dataset for each jail. I did not modify any of the ZFS properties:
>>
>>
>> The bulk CVS and the Samba data are in separate datasets in another pool:
>
> Ok, I have only one pool, but the trick still the same.
>>
>
> NAME PROPERTY VALUE SOURCE
> tank/root/mails mountpoint /jails/mail/var/mail local
>
>> # zfs get mountpoint p1/ds2/cvs p1/ds2/samba
>> NAME PROPERTY VALUE SOURCE
>> p1/ds2/cvs mountpoint /jail/cvs/var/local/cvs received
>> p1/ds2/samba mountpoint /jail/samba/var/local/samba received
>
> But the source for stay local. Is it because I only have one pool (I guess it's
> that).
This Oracle ZFS page:
https://docs.oracle.com/cd/E18752_01/html/819-5461/gayns.html
Documents the following SOURCE terms:
default
inherited from dataset-name
local
temporary
- (none)
But fails to document "received".
RFTM zfs(8) and STFW 'zfs property received' finds some usage examples,
but not a solid definition of a SOURCE value of "received".
Searching my SOHO server, only two datasets have a property value of
"received":
2020-02-07 23:11:31 toor@soho ~
# zfs get -s received all
NAME
PROPERTY VALUE
SOURCE
p1/ds2/cvs
mountpoint /jail/cvs/var/local/cvs
received
p1/ds2/samba
mountpoint /jail/samba/var/local/samba
received
Both were created via ZFS replication -- e.g. I did a 'zfs send' on my
previous server and a 'zfs receive' on this new server.
So, I guess the definition of a "received" property source is that the
value came from a 'zfs receive' operation (?).
<snip>
> But in the jail the Mouted on is [restriced]
>
> mail# df -h .
> Filesystem Size Used Avail Capacity Mounted on
> tank/root/mails 6.9T 88K 6.9T 0% [restricted]
> mail# pwd
> /var/mail
RTFM df(1) does not define "restricted". I am seeing a pattern here...
> I can, as root create folders. Is it weird or normal?
Usually, root can create folders anywhere. What matters is whether or
not the user the mail server runs as inside the jail can create folders
and files where it needs to.
Understanding why is how I prefer to operate, but it seems I must settle
for "if it ain't broke, don't fix it" and hope to understand later.
> Another question if you can answer.
>
> Using nullfs and fstab.<jailname> I mount the host lestencrypt folder in the
> jail in order to have a single point for certificates.
>
> At the jail startup, postfix and dovecot failed to launch, but connected to the
> jail they start with no problem. I suppose this came because the nullfs is not
> mounted when dovecot and postfix start.
> Btw, I did found any log about the start of my jail.
>
> On the jail /var/log/maillog I found:
>
> Feb 7 07:45:15 mail postfix/master[51684]: fatal: bind :: port 25: Can't assign
> requested address
>
> Does it means postfix try to be started to soon in the jail create process?
>
> How can I manage the start time?
I do not know how to administer postfix or dovecot.
My approach would be to comment out the jail in rc.conf, reboot, verify
that the jail is not running, and then troubleshoot the filesystem by
hand. Once the filesystem is correct by hand, then get it to come up
correctly at system startup and to shut down correctly at system
shutdown. Next, troubleshoot jail startup and shutdown by hand. Next,
jail startup at system startup and jail shutdown at system shutdown.
I don't know how to alter the order of things at boot, but I have
observed that the jails are started late or last.
> Thanks a lot for your help,
>
> Regards,
YW. Good luck. Let us know what you figure out.
David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6e0b58da-4162-06b8-0859-e584cbf1fc99>