Niels Erik
Dabbler
- Joined
- Aug 9, 2015
- Messages
- 18
I have an FN11.1 Box with a number of jails
Some are old warden 11.0 jails that have not been updated to iocage yet.
And my internet facing jails have been rebuild with iocage to version 11.1
The jails use VNET.
When i created the iocage jails i had some problems getting networking to work on a newly created jail, I ’solved’ the problem by destroying and creating a new jail (with the same command line).
This has been working for months now without any problems...
But an update of the system (and first system reboot since creation of jails) two days ago via. the GUI changed that.
3 oo 3 jail’s are missing the IP address on the lo0 interface. (mailserver components fail to bind to 127.0.0.1)
And 1 (nextcloud) are also missing the IP address on the epair interface providing bridge to the host.
I have diff’ed the config.jason files of the 3 jails, and they are the same except jailname, ipaddres, and mac address.
I have tried different methods get the loopback to work, including providing several ip in the ip4_addr tuning
http://iocage.readthedocs.io/en/latest/networking.html
This ip4_addr tuning does not assign an lo0 ipaddres to the jail.
I have tried different settings to assign the loopback address in /etc/rc/conf (inside jail) Without success.
I can get the system running by manually assigning an ipaddres, and then restarting all services inside the jail.
But require manual intervention after a restart of the system.
Start test jail
Test jail have no ip on loopback
fix the problem
Yes, that did the trick, until next reboot..
Some are old warden 11.0 jails that have not been updated to iocage yet.
And my internet facing jails have been rebuild with iocage to version 11.1
The jails use VNET.
When i created the iocage jails i had some problems getting networking to work on a newly created jail, I ’solved’ the problem by destroying and creating a new jail (with the same command line).
#iocage create -n test ip4_addr=vnet0|10.0.0.120/24 vnet=on allow_raw_sockets=1 allow_sysvipc=1 defaultrouter=10.0.0.1 -r 11.1-RELEASE
This has been working for months now without any problems...
But an update of the system (and first system reboot since creation of jails) two days ago via. the GUI changed that.
3 oo 3 jail’s are missing the IP address on the lo0 interface. (mailserver components fail to bind to 127.0.0.1)
And 1 (nextcloud) are also missing the IP address on the epair interface providing bridge to the host.
I have diff’ed the config.jason files of the 3 jails, and they are the same except jailname, ipaddres, and mac address.
I have tried different methods get the loopback to work, including providing several ip in the ip4_addr tuning
http://iocage.readthedocs.io/en/latest/networking.html
iocage get ip4_addr test
vnet0|10.0.0.120/24, lo0|127.0.0.1/8
This ip4_addr tuning does not assign an lo0 ipaddres to the jail.
I have tried different settings to assign the loopback address in /etc/rc/conf (inside jail) Without success.
Code:
# Enable IPv6 ipv6_activate_all_interfaces="YES" #ipv6_activate_all_interfaces="NO" ifconfig_lo0="inet 127.0.0.1/8"
I can get the system running by manually assigning an ipaddres, and then restarting all services inside the jail.
ifconfig lo0 127.0.0.1/8
iocage list
+-----+------------+-------+--------------+------------+
| JID | NAME | STATE | RELEASE | IP4 |
+=====+============+=======+==============+============+
| 20 | mailserver| up | 11.1-RELEASE | 10.0.0.106 |
+-----+------------+-------+--------------+------------+
| 21 | nextcloud | up | 11.1-RELEASE | 10.0.0.110 |
+-----+------------+-------+--------------+------------+
| 24 | test | up | 11.1-RELEASE | 10.0.0.120 |
+-----+------------+-------+--------------+------------+
But require manual intervention after a restart of the system.
root@myhost:# uname -a
FreeBSD myhost.dk 11.1-STABLE FreeBSD 11.1-STABLE #0 ….
root@myhost:~ # ifconfig
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
ether 00:25:90:f1:02:08
hwaddr 00:25:90:f1:02:08
inet 10.0.0.100 netmask 0xffffff00 broadcast 10.0.0.255
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether 00:25:90:f1:02:09
hwaddr 00:25:90:f1:02:09
inet 192.168.0.0 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet autoselect
status: no carrier
igb2: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether 00:25:90:f1:02:0a
hwaddr 00:25:90:f1:02:0a
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet autoselect
status: no carrier
igb3: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether 00:25:90:f1:02:0b
hwaddr 00:25:90:f1:02:0b
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet autoselect
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:1c:30:45:09:00
nd6 options=9<PERFORMNUD,IFDISABLED>
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vnet0:26 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 16 priority 128 path cost 2000
member: vnet0:24 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 14 priority 128 path cost 2000
member: vnet0:20 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 18 priority 128 path cost 2000
member: epair6a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 13 priority 128 path cost 2000
member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 12 priority 128 path cost 2000
member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 11 priority 128 path cost 2000
member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 10 priority 128 path cost 2000
member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 9 priority 128 path cost 2000
member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 8 priority 128 path cost 2000
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 2000
member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 55
epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ad:90:00:07:0a
hwaddr 02:ad:90:00:07:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
epair1a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ad:90:00:08:0a
hwaddr 02:ad:90:00:08:0a
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
epair2a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ad:90:00:09:0a
hwaddr 02:ad:90:00:09:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
epair3a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ad:90:00:0a:0a
hwaddr 02:ad:90:00:0a:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
epair4a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ad:90:00:0b:0a
hwaddr 02:ad:90:00:0b:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
epair5a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ad:90:00:0c:0a
hwaddr 02:ad:90:00:0c:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
epair6a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ad:90:00:0d:0a
hwaddr 02:ad:90:00:0d:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
vnet1:14: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: mailserver
options=8<VLAN_MTU>
ether 02:ff:60:a1:d8:86
hwaddr 02:ad:90:00:0f:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
epair1: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ff:60:a1:d8:87
hwaddr 02:ad:e0:00:11:0b
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
vnet0:20: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: mailserver
options=8<VLAN_MTU>
ether 02:ff:60:d4:a1:2a
hwaddr 02:ad:90:00:12:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
vnet0:24: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: test
options=8<VLAN_MTU>
ether 02:ff:60:ae:1b:75
hwaddr 02:ad:90:00:0e:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
vnet0:26: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: nextcloud
options=8<VLAN_MTU>
ether 02:ff:60:ba:b5:81
hwaddr 02:ad:90:00:10:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
Code:
root@tango:/mnt/iocage/jails/test # cat config.json { "CONFIG_VERSION": "9", "allow_chflags": "0", "allow_mount": "0", "allow_mount_devfs": "0", "allow_mount_nullfs": "0", "allow_mount_procfs": "0", "allow_mount_tmpfs": "0", "allow_mount_zfs": "0", "allow_quotas": "0", "allow_raw_sockets": "1", "allow_set_hostname": "1", "allow_socket_af": "0", "allow_sysvipc": "1", "available": "readonly", "basejail": "no", "boot": "off", "bpf": "no", "children_max": "0", "cloned_release": "11.1-RELEASE", "comment": "none", "compression": "lz4", "compressratio": "readonly", "coredumpsize": "off", "count": "1", "cpuset": "off", "cputime": "off", "datasize": "off", "dedup": "off", "defaultrouter": "10.0.0.1", "defaultrouter6": "none", "depends": "none", "devfs_ruleset": "4", "dhcp": "off", "enforce_statfs": "2", "exec_clean": "1", "exec_fib": "0", "exec_jail_user": "root", "exec_poststart": "/usr/bin/true", "exec_poststop": "/usr/bin/true", "exec_prestart": "/usr/bin/true", "exec_prestop": "/usr/bin/true", "exec_start": "/bin/sh /etc/rc", "exec_stop": "/bin/sh /etc/rc.shutdown", "exec_system_jail_user": "0", "exec_system_user": "root", "exec_timeout": "60", "host_domainname": "none", "host_hostname": "test", "host_hostuuid": "test", "host_time": "yes", "hostid": "d411680f-8542-11e5-bff4-002590f10208", "interfaces": "vnet0:bridge0", "ip4": "new", "ip4_addr": "vnet0|10.0.0.120/24, lo0|127.0.0.1/8", "ip4_saddrsel": "1", "ip6": "new", "ip6_addr": "none", "ip6_saddrsel": "1", "jail_zfs": "off", "jail_zfs_dataset": "iocage/jails/test/data", "jail_zfs_mountpoint": "none", "last_started": "2018-03-04 09:05:29", "login_flags": "-f root", "mac_prefix": "02ff60", "maxproc": "off", "memorylocked": "off", "memoryuse": "off", "mount_devfs": "1", "mount_fdescfs": "1", "mount_linprocfs": "0", "mount_procfs": "0", "mountpoint": "readonly", "msgqqueued": "off", "msgqsize": "off", "nmsgq": "off", "notes": "none", "nsemop": "off", "nshm": "off", "nthr": "off", "openfiles": "off", "origin": "readonly", "owner": "root", "pcpu": "off", "priority": "99", "pseudoterminals": "off", "quota": "none", "release": "11.1-RELEASE-p6", "reservation": "none", "resolver": "/etc/resolv.conf", "rlimits": "off", "securelevel": "2", "shmsize": "off", "stacksize": "off", "stop_timeout": "30", "swapuse": "off", "sync_state": "none", "sync_target": "none", "sync_tgt_zpool": "none", "sysvmsg": "new", "sysvsem": "new", "sysvshm": "new", "template": "no", "type": "jail", "used": "readonly", "vmemoryuse": "off", "vnet": "on", "vnet0_mac": "02ff60ae1b75,02ff60ae1b76", "vnet1_mac": "none", "vnet2_mac": "none", "vnet3_mac": "none", "wallclock": "off" }
Start test jail
iocage start test
* Starting test
+ Started OK
+ Configuring VNET OK
+ Starting services OK
Test jail have no ip on loopback
iocage exec test ifconfig
lo0: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
epair0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ff:60:ae:1b:76
hwaddr 02:ad:e0:00:13:0b
inet 10.0.0.120 netmask 0xffffff00 broadcast 10.0.0.255
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
fix the problem
iocage exec test ifconfig lo0 127.0.0.1/8
Yes, that did the trick, until next reboot..
iocage exec test ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
epair0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ff:60:ae:1b:76
hwaddr 02:ad:e0:00:13:0b
inet 10.0.0.120 netmask 0xffffff00 broadcast 10.0.0.255
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair