From owner-freebsd-questions@FreeBSD.ORG  Tue Apr 21 20:47:13 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8C420C50;
 Tue, 21 Apr 2015 20:47:13 +0000 (UTC)
Received: from webmail.dweimer.net (24-240-198-187.static.stls.mo.charter.com
 [24.240.198.187])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4D4171A84;
 Tue, 21 Apr 2015 20:47:12 +0000 (UTC)
Received: from www.dweimer.net (webmail [192.168.5.2])
 by webmail.dweimer.net (8.14.9/8.14.9) with ESMTP id t3LKlAxG018865
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Tue, 21 Apr 2015 15:47:11 -0500 (CDT)
 (envelope-from dweimer@dweimer.net)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Tue, 21 Apr 2015 15:47:10 -0500
From: dweimer <dweimer@dweimer.net>
To: Matthew Seaman <matthew@freebsd.org>
Cc: freebsd-questions@freebsd.org, owner-freebsd-questions@freebsd.org
Subject: Re: Jail Already Exists
Organization: dweimer.net
Reply-To: dweimer@dweimer.net
Mail-Reply-To: dweimer@dweimer.net
In-Reply-To: <5536761E.2040308@FreeBSD.org>
References: <99152c411cd85b3cccd77a1404c519cf@dweimer.net>
 <5536761E.2040308@FreeBSD.org>
Message-ID: <d0042c0e5e12ebb038c51dd61ad6f2eb@dweimer.net>
X-Sender: dweimer@dweimer.net
User-Agent: Roundcube Webmail/1.1.1
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2015 20:47:13 -0000

On 04/21/2015 11:09 am, Matthew Seaman wrote:
> On 2015/04/21 16:17, dweimer wrote:
>> At some point in the past I learned the trick of dropping TCP
>> connections that were left open to clear processes that were not
>> allowing a jail that had been shutdown to be restarted. Does anyone 
>> know
>> other things that could cause a jail to be held open? I have one that 
>> I
>> am unable to start, without rebooting the entire server? In this
>> particular instance, It wouldn't be a big deal for me to bounce the
>> server, nor is it an issue leaving the jail down for a while to
>> experiment. However on some other servers both of these would be an
>> issue so I figured now is a good time to experiment with finding a
>> solution.
>> 
>> root@freebsd:/jails/proxy # jls
>>    JID  IP Address      Hostname                      Path
>>      1  192.168.5.6     pgsql.dweimer.local           
>> /jails/pgsql/ROOT
>>      2  192.168.5.9     mysql.dweimer.local           
>> /jails/mysql/ROOT
>>      3  192.168.5.2     webmail.dweimer.local         
>> /jails/webmail/ROOT
>>      4  192.168.5.4     bacula.dweimer.local          
>> /jails/bacula/ROOT
>>      5  192.168.5.8     unifi.dweimer.local           
>> /jails/unifi/ROOT
>> root@freebsd:/jails/proxy # jail -c proxy
>> jail: proxy: jail 6 already exists
>> 
>> jail 6's IP is 192.168.5.3
>> 
>> netstat -an | grep "192.168.5.3"
>> 
>> finds no results.
>> 
>> The jail simply runs a Squid proxy service, I have verified that there
>> isn't a hung up squid process. I have also verified that there are no
>> hung up python processes since I use a Python script as a log daemon 
>> to
>> write the Squid logs into a PostgreSQL database on jail 1. I am not 
>> sure
>> what else to check for.
> 
> I find that not specifying the JID in your jail.conf -- so allowing the
> system to choose an arbitrary JID as required -- will allow restarting
> jails without the hassle of old connections blocking stuff.
> 
> Of course, if you restart jails frequently, you'll end up with some
> arbitrarily large JIDs.  Get used to referring to the jail by name
> instead.  'jls -h name' will help if you're unsure what those are.
> 
> 	Cheers,
> 
> 	Matthew

Thanks Matthew, that appears to work fairly well, I think after looking 
more at the jls man page that a jls -N is more useful to me, as it still 
gives me the other information above but lists the JID by name. I do 
need to make sure none of my scripts are referencing any jails by their 
numeric ID.

# jls -N
  JID             IP Address      Hostname                      Path
  pgsql           192.168.5.6     pgsql.dweimer.local           
/jails/pgsql/ROOT
  mysql           192.168.5.9     mysql.dweimer.local           
/jails/mysql/ROOT
  webmail         192.168.5.2     webmail.dweimer.local         
/jails/webmail/ROOT
  bacula          192.168.5.4     bacula.dweimer.local          
/jails/bacula/ROOT
  unifi           192.168.5.8     unifi.dweimer.local           
/jails/unifi/ROOT
  proxy           192.168.5.3     proxy.dweimer.local           
/jails/proxy/ROOT

-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/