-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
"pkg" problem when trying to install jail plugin
- Thread starter Louis2
- Start date
- Joined
- Nov 25, 2013
- Messages
- 7,776
Told you 
Come on, the FreeBSD network stack does have its idiosyncrasies. As does Linux's. But neither of them is completely broken.
iXsystems definitely needs to do something here - at the very least providing a concise guide how to set up "advanced networking". At best enforcing all of this in the UI. Create vnet jail? Sorry, you must have a bridge interface, first. Create bridge interface? Sorry, you must disable hardware offloading first. Something like that.
Come on, the FreeBSD network stack does have its idiosyncrasies. As does Linux's. But neither of them is completely broken.
iXsystems definitely needs to do something here - at the very least providing a concise guide how to set up "advanced networking". At best enforcing all of this in the UI. Create vnet jail? Sorry, you must have a bridge interface, first. Create bridge interface? Sorry, you must disable hardware offloading first. Something like that.
I am trying to activate IPV6 now ...... vnet problem for yet unkown reason
by the way, when accessing the interface I get the nice message below
by the way, when accessing the interface I get the nice message below
Disable Hardware Offloading
Disabling hardware offloading can severely reduce network performance. Disabling this feature is only recommended when an interface is used for plugin, jail, or virtual machine networking.
- Joined
- Nov 25, 2013
- Messages
- 7,776
I did not claim the UI was perfect. This message is achieving the opposite of what would be necessary. It is discouraging people to use the correct settings.
IPv6 - do you have a static prefix in the VLAN with the jail? Can you use SLAAC? That's the most simple way.
IPv6 - do you have a static prefix in the VLAN with the jail? Can you use SLAAC? That's the most simple way.
I do not think so, for the simple reason that all my "fixed computers" (virtual)servers and network equipment have fixed addresses. I only use DHCP for ^portable equipment^.
I am not an ipv6 expert, but I think that slaac dynamically assigns addresses, where I want and for e.g. equipment which should be accessible from the internet even need fixed addresses.
But I can enter fixed addresses in the GUI, so why should that be an problem !?
I am not an ipv6 expert, but I think that slaac dynamically assigns addresses, where I want and for e.g. equipment which should be accessible from the internet even need fixed addresses.
But I can enter fixed addresses in the GUI, so why should that be an problem !?
- Joined
- Nov 25, 2013
- Messages
- 7,776
It shouldn't. I will check the settings in one of our "proServer" jails later. They use static addresses, because "Ansible". It's just simpler to use SLAAC. The addresses are configured automatically, but fixed. Tied to the MAC address. So even when moving a jail or VM you just need to keep the MAC address of the virtual interface. That's the way I prefer in the TrueNAS context.
I did some more ^attempts^ which are not successful. Some how my impression is that the behave is not always the same. No idea why. So perhaps are the issues not directly related to ipv6. I will do some more attempts tomorrow. What ever checking what the exact values should be can never harm.
- Joined
- Nov 25, 2013
- Messages
- 7,776
So I switched one of my SLAAC jails to static configuration. Looks like you cannot use a link local address plus scope as the default gateway. That is a bug and I am going to file a ticket for that. Using link local for gateways is common and considered best practice. In our data center each VLAN has the default gateway at fe80::<VLAN ID>.
But you can use a global unicast address as the default gateway.
Basic Properties - not working:
Basic Properties: working:
Network Properties - both cases:
If you want to use SLAAC, that looks like this - Network Properties identical to above, Basic Properties:
As I wrote - the addresses you get that way are automatically assigned but fixed and even predictable. Perfectly usable for DNS entries, reverse proxies etc. ...
HTH,
Patrick
P.S. https://jira.ixsystems.com/browse/NAS-113434
But you can use a global unicast address as the default gateway.
Basic Properties - not working:
Basic Properties: working:
Network Properties - both cases:
If you want to use SLAAC, that looks like this - Network Properties identical to above, Basic Properties:
As I wrote - the addresses you get that way are automatically assigned but fixed and even predictable. Perfectly usable for DNS entries, reverse proxies etc. ...
HTH,
Patrick
P.S. https://jira.ixsystems.com/browse/NAS-113434
Last edited:
I have no idea why I successfully installed an ipv4 based plugin ones, and afterwards never managed to to that again (see earlier replays) . One thing I tried is to setup the testplugin (nextcloud) again this time with ipv4 and ipv6.
Today I again spend a couple op hours trying to get the nextcloud plugin up and running, but I did not manage ..... again
So the only posible test left is a complete reinstall on a wiped disk set . Here the tests I performed today:
Using plugin advanced setup
basissettings
vnet on
vnet0 192.168.111.10 24
192.168.111.1
vnet0 2001:984:abcd:111::1:10 64
2001:984:abcd:111::1
auto start off (for the moment)
netweok settings
vnet0:bridge111
domain=rz.lan
host=ijsbeer
resolver: 2001:888:0:9::99;194.109.6.66;2001:4860:4860::8888;8.8.8.8
test-1 static routes present; tunables on; default gateway 10.1
=> dns issue; no dns queries visible on vlan using pfsense capture
=> dns failure
Error: NextCloud had a failure Exception: RuntimeError Message: DNS Exception: The DNS operation timed out after 30.085813283920288 seconds pkg.FreeBSD.org could not be reached via DNS, check your network Partial plugin destroyed
test-2 removed static routes
+ same result
Error: NextCloud had a failure Exception: RuntimeError Message: DNS Exception: The DNS operation timed out after 30.085813283920288 seconds pkg.FreeBSD.org could not be reached via DNS, check your network Partial plugin destroyed
test-3 adding in host file via gui
213.138.116.73 pkg.FreeBSD.org
2604:1380:2000:9501::50:2 pkg.FreeBSD.org
=> still no result
test-4 changing vnet_default interface from auto to none
=> same result
test-5 changing default interface to the trunk
=> truenas interface via other vlan disconnects and can not be reconnected via the trunk
=> nothing installed
=> interface via other vlan still not reachable after the failure
=> restart system
=> interface reachable again
test-6 ); removed the host file entrys; vnet_default_interface = none
- should not have impact / however you never know
=> same dns problem
test-7 added berkeley packet filter
=> same dns problem
test-8 turned packet off; turned all tunables off; restart
- stack seems to be damaged; plugin interface not loading
test-9 reset config to defaults; reinstall old save "basis config with vlans etc, however without jails"
(20211120191802)
- static routes present again
- tryed to delete iocage (not possible due to mounts)
- tryed to delete jails (not possible)
- trying to install nextcloud
- vnet default none
Install
Error: HTTPConnectionPool(host='download.freebsd.org', port=80): Max retries exceeded with url: /ftp/releases/amd64 (Caused by NewConnectionError('< urllib3.connection.HTTPConnection object at 0x81e17f6d0 >: Failed to establish a new connection: [Errno 8] Name does not resolve'))
=> note that there was nothing in the vlan capture file
test-10 same however resolver to none
=> same result
test-11 changed default dateway to vlan1 (accessed via ix1 ip oposit to ix0 beeing the trunk)
- trying to install from the interface using vlan1
- trying to install a default jail first and tryed to ping google => OK
Install
Error: NextCloud had a failure Exception: RuntimeError Message: pkg.FreeBSD.org could not be reached via DNS, check NextCloud's network configuration Partial plugin destroyed
================
One more test to do
- wipe disks
- install again
- configure vlan and bridges
- try again
- how much tryes and testing should you do ?????
- only reason to try is that first test without ipv6 did have sucses
Today I again spend a couple op hours trying to get the nextcloud plugin up and running, but I did not manage ..... again
So the only posible test left is a complete reinstall on a wiped disk set . Here the tests I performed today:
Using plugin advanced setup
basissettings
vnet on
vnet0 192.168.111.10 24
192.168.111.1
vnet0 2001:984:abcd:111::1:10 64
2001:984:abcd:111::1
auto start off (for the moment)
netweok settings
vnet0:bridge111
domain=rz.lan
host=ijsbeer
resolver: 2001:888:0:9::99;194.109.6.66;2001:4860:4860::8888;8.8.8.8
test-1 static routes present; tunables on; default gateway 10.1
=> dns issue; no dns queries visible on vlan using pfsense capture
=> dns failure
Error: NextCloud had a failure Exception: RuntimeError Message: DNS Exception: The DNS operation timed out after 30.085813283920288 seconds pkg.FreeBSD.org could not be reached via DNS, check your network Partial plugin destroyed
test-2 removed static routes
+ same result
Error: NextCloud had a failure Exception: RuntimeError Message: DNS Exception: The DNS operation timed out after 30.085813283920288 seconds pkg.FreeBSD.org could not be reached via DNS, check your network Partial plugin destroyed
test-3 adding in host file via gui
213.138.116.73 pkg.FreeBSD.org
2604:1380:2000:9501::50:2 pkg.FreeBSD.org
=> still no result
test-4 changing vnet_default interface from auto to none
=> same result
test-5 changing default interface to the trunk
=> truenas interface via other vlan disconnects and can not be reconnected via the trunk
=> nothing installed
=> interface via other vlan still not reachable after the failure
=> restart system
=> interface reachable again
test-6 ); removed the host file entrys; vnet_default_interface = none
- should not have impact / however you never know
=> same dns problem
test-7 added berkeley packet filter
=> same dns problem
test-8 turned packet off; turned all tunables off; restart
- stack seems to be damaged; plugin interface not loading
test-9 reset config to defaults; reinstall old save "basis config with vlans etc, however without jails"
(20211120191802)
- static routes present again
- tryed to delete iocage (not possible due to mounts)
- tryed to delete jails (not possible)
- trying to install nextcloud
- vnet default none
Install
Error: HTTPConnectionPool(host='download.freebsd.org', port=80): Max retries exceeded with url: /ftp/releases/amd64 (Caused by NewConnectionError('< urllib3.connection.HTTPConnection object at 0x81e17f6d0 >: Failed to establish a new connection: [Errno 8] Name does not resolve'))
=> note that there was nothing in the vlan capture file
test-10 same however resolver to none
=> same result
test-11 changed default dateway to vlan1 (accessed via ix1 ip oposit to ix0 beeing the trunk)
- trying to install from the interface using vlan1
- trying to install a default jail first and tryed to ping google => OK
Install
Error: NextCloud had a failure Exception: RuntimeError Message: pkg.FreeBSD.org could not be reached via DNS, check NextCloud's network configuration Partial plugin destroyed
================
One more test to do
- wipe disks
- install again
- configure vlan and bridges
- try again
- how much tryes and testing should you do ?????
- only reason to try is that first test without ipv6 did have sucses
Last edited:
- Joined
- Nov 25, 2013
- Messages
- 7,776
The resolver field of the properties takes the syntax:
nameserver 2001:888:0:9::99;nameserver 194.109.6.66;nameserver 2001:4860:4860::8888;nameserver 8.8.8.8As I already explained
It's the content of a resolv.conf file with newline replaced by semicolon. Feel free to add e.g.
search my.do.main.Patrick, thanks again. That is probably one of the mistakes.
However,
- I also used "none" which did not work as well.
- and trying "nameserver 2001:888:0:9::99;nameserver 194.109.6.66;nameserver 2001:4860:4860::8888;nameserver 8.8.8.8 did not solve the problem as well.
I noticed that there is one strange other thing. In the screen "network properties" there is a field vnet0_mac which default none, which I never changed. If you make that field "" than the name "vnet0_mac" becomes the value.
I tried that option as well.
The additional tests did not solve the problem.
However there is a different error
Install
Error: NextCloud had a failure Exception: RuntimeError Message: Stopped NextCloud due to VNET failure Partial plugin destroyed
I tried to find the error in the message log ("nice that there is a gui for that") and a verdict message could be
Nov 21 18:12:19 truenas kernel: in6_purgeaddr: err=65, destination address delete failed. However I doubt if that is the problem
I will try a fresh setup tomorrow. What ever it ..... should work in 15 minutes and without issues ..... however the reality is that I did not yet manage after spending many hours
However,
- I also used "none" which did not work as well.
- and trying "nameserver 2001:888:0:9::99;nameserver 194.109.6.66;nameserver 2001:4860:4860::8888;nameserver 8.8.8.8 did not solve the problem as well.
I noticed that there is one strange other thing. In the screen "network properties" there is a field vnet0_mac which default none, which I never changed. If you make that field "" than the name "vnet0_mac" becomes the value.
I tried that option as well.
The additional tests did not solve the problem.
However there is a different error
Install
Error: NextCloud had a failure Exception: RuntimeError Message: Stopped NextCloud due to VNET failure Partial plugin destroyed
I tried to find the error in the message log ("nice that there is a gui for that"
) and a verdict message could beNov 21 18:12:19 truenas kernel: in6_purgeaddr: err=65, destination address delete failed. However I doubt if that is the problem
I will try a fresh setup tomorrow. What ever it ..... should work in 15 minutes and without issues ..... however the reality is that I did not yet manage after spending many hours
- Joined
- Nov 25, 2013
- Messages
- 7,776
There's supposed to be a MAC address in there. The field is automatically filled at jail creation if left empty. See my screenshots.
Sometimes checking with
iocage get all <jailname> is more helpful than the UI.Patrick,
I tried again using the modified resolver field and vnet0_mac "none"deleted => vnet0_mac.
Next to that I had an ssh console window opened and during the jail generation process I executed "root@truenas[~]# iocage get all NextCloud" a couple of times (I did save the output).
I did try these settings before and also which resolver = "none" and it never worked.
Surprisingly, Surprisingly ..... this time the plugin / jail was successfully generated ...... however I have really no idea why !!!!!!
Just as I have no idea why it worked the first time (with ipv4 only) and later never again .....
Of course during the latest try's I used "vnet0_mac" in opposite to none, that did probably help, however the first time I did install the plugins (IPV4!!?) That setting was none as well.
No idea what was wrong and if it will work next time ... I will find out ..... "vnet0_mac" must have been a factor, certainly in relation with IPV6
I had preferred to clearly identify the problem
I tried again using the modified resolver field and vnet0_mac "none"deleted => vnet0_mac.
Next to that I had an ssh console window opened and during the jail generation process I executed "root@truenas[~]# iocage get all NextCloud" a couple of times (I did save the output).
I did try these settings before and also which resolver = "none" and it never worked.
Surprisingly, Surprisingly ..... this time the plugin / jail was successfully generated ...... however I have really no idea why !!!!!!
Just as I have no idea why it worked the first time (with ipv4 only) and later never again .....
Of course during the latest try's I used "vnet0_mac" in opposite to none, that did probably help, however the first time I did install the plugins (IPV4!!?) That setting was none as well.
No idea what was wrong and if it will work next time ... I will find out ..... "vnet0_mac" must have been a factor, certainly in relation with IPV6
I had preferred to clearly identify the problem
- Joined
- Nov 25, 2013
- Messages
- 7,776
If you really want to follow through with advanced networking and debugging of UI/middleware problems, I recommend to familiarize yourself with the iocage command.
Apart from that: for IPv6 use SLAAC. It works. Fairy dust!
iocage start <jail> will many times give you more information than the UI, for example.Apart from that: for IPv6 use SLAAC. It works. Fairy dust!
