From owner-freebsd-questions@freebsd.org Sat Feb 8 07:50:00 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A47C223B24B for ; Sat, 8 Feb 2020 07:50:00 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [IPv6:2001:470:0:19b::b869:801b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "holgerdanske.com", Issuer "holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48F4873zyvz4Wf7 for ; Sat, 8 Feb 2020 07:49:59 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from IPv6:2601:644:8000:5990::ddba ([2601:644:8000:5990::ddba]) by holgerdanske.com with ESMTPSA (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Fri, 7 Feb 2020 23:49:47 -0800 Subject: Re: jail and dedicated zfs dataset To: freebsd-questions@freebsd.org References: <20200204214404.GB36588@foucry.net> <20200207082621.GB38088@foucry.net> From: David Christensen Message-ID: <6e0b58da-4162-06b8-0859-e584cbf1fc99@holgerdanske.com> Date: Fri, 7 Feb 2020 23:49:32 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <20200207082621.GB38088@foucry.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 48F4873zyvz4Wf7 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of dpchrist@holgerdanske.com has no SPF policy when checking 2001:470:0:19b::b869:801b) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-2.76 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-1.66)[ipnet: 2001:470::/32(-4.65), asn: 6939(-3.58), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; DMARC_NA(0.00)[holgerdanske.com]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Feb 2020 07:50:00 -0000 On 2020-02-07 00:26, Jacques Foucry wrote: > Le mardi 04 févr. 2020 à 22:56:54 (-0800), David Christensen à écrit: >> On 2020-02-04 13:44, Jacques Foucry wrote: > > Hello David, > > Thanks for your answer. >> I have a SOHO LAN with a FreeBSD server and jails for CVS and Samba. I >> (mostly) followed along with Chapter 22 of Lucas AF3E [1]: > > Definitively I need to buy and read it. +1 >> 2020-02-04 22:30:15 toor@soho ~ >> # freebsd-version >> 12.1-RELEASE-p1 >> >> 2020-02-04 22:30:23 toor@soho ~ >> # uname -a >> FreeBSD soho.tracy.holgerdanske.com 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1 >> GENERIC amd64 > > Same situation as mine… Okay. >> I created a top-level ZFS dataset in my root pool for jails. I then created >> a dataset for each jail. I did not modify any of the ZFS properties: >> >> >> The bulk CVS and the Samba data are in separate datasets in another pool: > > Ok, I have only one pool, but the trick still the same. >> > > NAME PROPERTY VALUE SOURCE > tank/root/mails mountpoint /jails/mail/var/mail local > >> # zfs get mountpoint p1/ds2/cvs p1/ds2/samba >> NAME PROPERTY VALUE SOURCE >> p1/ds2/cvs mountpoint /jail/cvs/var/local/cvs received >> p1/ds2/samba mountpoint /jail/samba/var/local/samba received > > But the source for stay local. Is it because I only have one pool (I guess it's > that). This Oracle ZFS page: https://docs.oracle.com/cd/E18752_01/html/819-5461/gayns.html Documents the following SOURCE terms: default inherited from dataset-name local temporary - (none) But fails to document "received". RFTM zfs(8) and STFW 'zfs property received' finds some usage examples, but not a solid definition of a SOURCE value of "received". Searching my SOHO server, only two datasets have a property value of "received": 2020-02-07 23:11:31 toor@soho ~ # zfs get -s received all NAME PROPERTY VALUE SOURCE p1/ds2/cvs mountpoint /jail/cvs/var/local/cvs received p1/ds2/samba mountpoint /jail/samba/var/local/samba received Both were created via ZFS replication -- e.g. I did a 'zfs send' on my previous server and a 'zfs receive' on this new server. So, I guess the definition of a "received" property source is that the value came from a 'zfs receive' operation (?). > But in the jail the Mouted on is [restriced] > > mail# df -h . > Filesystem Size Used Avail Capacity Mounted on > tank/root/mails 6.9T 88K 6.9T 0% [restricted] > mail# pwd > /var/mail RTFM df(1) does not define "restricted". I am seeing a pattern here... > I can, as root create folders. Is it weird or normal? Usually, root can create folders anywhere. What matters is whether or not the user the mail server runs as inside the jail can create folders and files where it needs to. Understanding why is how I prefer to operate, but it seems I must settle for "if it ain't broke, don't fix it" and hope to understand later. > Another question if you can answer. > > Using nullfs and fstab. I mount the host lestencrypt folder in the > jail in order to have a single point for certificates. > > At the jail startup, postfix and dovecot failed to launch, but connected to the > jail they start with no problem. I suppose this came because the nullfs is not > mounted when dovecot and postfix start. > Btw, I did found any log about the start of my jail. > > On the jail /var/log/maillog I found: > > Feb 7 07:45:15 mail postfix/master[51684]: fatal: bind :: port 25: Can't assign > requested address > > Does it means postfix try to be started to soon in the jail create process? > > How can I manage the start time? I do not know how to administer postfix or dovecot. My approach would be to comment out the jail in rc.conf, reboot, verify that the jail is not running, and then troubleshoot the filesystem by hand. Once the filesystem is correct by hand, then get it to come up correctly at system startup and to shut down correctly at system shutdown. Next, troubleshoot jail startup and shutdown by hand. Next, jail startup at system startup and jail shutdown at system shutdown. I don't know how to alter the order of things at boot, but I have observed that the jails are started late or last. > Thanks a lot for your help, > > Regards, YW. Good luck. Let us know what you figure out. David