From owner-freebsd-questions@freebsd.org Mon Nov 25 04:12:41 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A76B41C773B for ; Mon, 25 Nov 2019 04:12:41 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [184.105.128.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "xray.he.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Ltt03594z3QLy for ; Mon, 25 Nov 2019 04:12:40 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from 99.100.19.101 ([99.100.19.101]) by holgerdanske.com with ESMTPSA (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Sun, 24 Nov 2019 20:12:36 -0800 Subject: Re: 'ezjail-admin create ...' and "Warning: Some services already seem to be listening on IP ..." To: freebsd-questions@freebsd.org References: <8a0572a5-010e-4301-c3ca-3d3f3700f2ad@holgerdanske.com> From: David Christensen Message-ID: <6fb48705-0e2b-222c-018c-c8b7695295ee@holgerdanske.com> Date: Sun, 24 Nov 2019 20:12:36 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <8a0572a5-010e-4301-c3ca-3d3f3700f2ad@holgerdanske.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 47Ltt03594z3QLy X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of dpchrist@holgerdanske.com has no SPF policy when checking 184.105.128.27) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-1.59 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.94)[-0.944,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-0.56)[ipnet: 184.104.0.0/15(0.74), asn: 6939(-3.51), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.986,0]; DMARC_NA(0.00)[holgerdanske.com]; RCVD_IN_DNSWL_NONE(0.00)[27.128.105.184.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:184.104.0.0/15, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Nov 2019 04:12:41 -0000 On 11/23/19 8:33 PM, David Christensen wrote: > freebsd-questions: > > I have a newly installed FreeBSD host: > > 2019-11-23 19:53:00 toor@soho2 ~ > # freebsd-version ; uname -a > 11.3-RELEASE-p5 > FreeBSD soho2.tracy.holgerdanske.com 11.3-RELEASE-p5 FreeBSD > 11.3-RELEASE-p5 #0: Tue Nov 12 08:59:04 UTC 2019 > root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64 > > > I would like to run some jailed services using ezjail(7).  I have > installed and configured ezjail, installed a base jail, created a > flavour "cvs", and added the desired IP alias to my host.  When I create > the jail: > > 2019-11-23 20:23:14 toor@soho2 ~ > # ezjail-admin create -f cvs cvs.tracy.holgerdanske.com 192.168.5.19 > /usr/jails/cvs.tracy.holgerdanske.com/. > /usr/jails/cvs.tracy.holgerdanske.com/./etc > /usr/jails/cvs.tracy.holgerdanske.com/./etc/rc.d > /usr/jails/cvs.tracy.holgerdanske.com/./etc/rc.d/ezjail.flavour.cvs > /usr/jails/cvs.tracy.holgerdanske.com/./etc/rc.d/ezjail.flavour.cvs.packages > > /usr/jails/cvs.tracy.holgerdanske.com/./etc/rc.conf > 5 blocks > find: /usr/jails/cvs.tracy.holgerdanske.com/pkg/: No such file or directory > Warning: Some services already seem to be listening on IP 192.168.5.19 >   This may cause some confusion, here they are: > root     ntpd       735   27 udp4   192.168.5.19:123      *:* > Warning: Some services already seem to be listening on all IP, > (including 192.168.5.19) >   This may cause some confusion, here they are: > root     ntpd       735   20 udp6   *:123                 *:* > root     ntpd       735   21 udp4   *:123                 *:* > root     syslogd    583   6  udp6   *:514                 *:* > root     syslogd    583   7  udp4   *:514                 *:* > > > Do I need to worry about the listening services warnings?  If so, what > is the best way to resolve them? I noted that both the ezjail web site and the FreeBSD handbook install ezjail from ports, while I installed the binary package: http://erdgeist.org/arts/software/ezjail/ https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html So, I removed ezjail: 2019-11-24 19:12:07 toor@soho2 ~ # pkg delete ezjail Checking integrity... done (0 conflicting) Deinstallation has been requested for the following 1 packages (of 0 packages in the universe): Installed packages to be REMOVED: ezjail-3.4.2_1 Number of packages to be removed: 1 Proceed with deinstalling packages? [y/N]: y [1/1] Deinstalling ezjail-3.4.2_1... You may need to manually remove /usr/local/etc/ezjail.conf if it is no longer needed. [1/1] Deleting files for ezjail-3.4.2_1: 100% I also removed the ezjail configuration file as suggested: 2019-11-24 19:17:32 toor@soho2 ~ # rm /usr/local/etc/ezjail.conf remove /usr/local/etc/ezjail.conf? y I then logged out from toor (Bash shell), logged in as root (C shell), and tried to follow along with the handbook. Cloned interface "lo1" already exists: root@soho2:~ # ifconfig lo1 lo1: flags=8008 metric 0 mtu 16384 options=680003 nd6 options=29 groups: lo Install ezjail (from ports, not binary package): root@soho2:~ # echo $SHELL /bin/csh root@soho2:~ # cd /usr/ports/sysutils/ezjail root@soho2:/usr/ports/sysutils/ezjail # make install clean ===> ezjail-3.4.2_1 depends on file: /usr/local/sbin/pkg - found => ezjail-3.4.2.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch http://erdgeist.org/arts/software/ezjail/ezjail-3.4.2.tar.bz2 ezjail-3.4.2.tar.bz2 37 kB 202 kBps 00s ===> Fetching all distfiles required by ezjail-3.4.2_1 for building ===> Extracting for ezjail-3.4.2_1 => SHA256 Checksum OK for ezjail-3.4.2.tar.bz2. ===> Patching for ezjail-3.4.2_1 ===> Applying FreeBSD patches for ezjail-3.4.2_1 ===> Configuring for ezjail-3.4.2_1 ===> Building for ezjail-3.4.2_1 ===> Staging for ezjail-3.4.2_1 ===> Generating temporary packing list mkdir -p /usr/ports/sysutils/ezjail/work/stage/usr/local/etc/ezjail/ /usr/ports/sysutils/ezjail/work/stage/usr/local/man/man5/ /usr/ports/sysutils/ezjail/work/stage/usr/local/man/man7 /usr/ports/sysutils/ezjail/work/stage/usr/local/man/man8 /usr/ports/sysutils/ezjail/work/stage/usr/local/etc/rc.d/ /usr/ports/sysutils/ezjail/work/stage/usr/local/bin/ /usr/ports/sysutils/ezjail/work/stage/usr/local/share/examples/ezjail /usr/ports/sysutils/ezjail/work/stage/usr/local/share/zsh/site-functions cp -R examples/example /usr/ports/sysutils/ezjail/work/stage/usr/local/share/examples/ezjail/ cp -R examples/nullmailer-example /usr/ports/sysutils/ezjail/work/stage/usr/local/share/examples/ezjail/ cp -R share/zsh/site-functions/ /usr/ports/sysutils/ezjail/work/stage/usr/local/share/zsh/site-functions/ sed s:EZJAIL_PREFIX:/usr/local: ezjail.conf.sample > /usr/ports/sysutils/ezjail/work/stage/usr/local/etc/ezjail.conf.sample sed s:EZJAIL_PREFIX:/usr/local: ezjail.sh > /usr/ports/sysutils/ezjail/work/stage/usr/local/etc/rc.d/ezjail sed s:EZJAIL_PREFIX:/usr/local: ezjail-admin > /usr/ports/sysutils/ezjail/work/stage/usr/local/bin/ezjail-admin sed s:EZJAIL_PREFIX:/usr/local: man8/ezjail-admin.8 > /usr/ports/sysutils/ezjail/work/stage/usr/local/man/man8/ezjail-admin.8 sed s:EZJAIL_PREFIX:/usr/local: man5/ezjail.conf.5 > /usr/ports/sysutils/ezjail/work/stage/usr/local/man/man5/ezjail.conf.5 sed s:EZJAIL_PREFIX:/usr/local: man7/ezjail.7 > /usr/ports/sysutils/ezjail/work/stage/usr/local/man/man7/ezjail.7 chmod 755 /usr/ports/sysutils/ezjail/work/stage/usr/local/etc/rc.d/ezjail /usr/ports/sysutils/ezjail/work/stage/usr/local/bin/ezjail-admin chmod 0440 /usr/ports/sysutils/ezjail/work/stage/usr/local/share/examples/ezjail/example/usr/local/etc/sudoers ====> Compressing man pages (compress-man) ===> Installing for ezjail-3.4.2_1 ===> Checking if ezjail is already installed ===> Registering installation for ezjail-3.4.2_1 Installing ezjail-3.4.2_1... ===> Cleaning for ezjail-3.4.2_1 Nuke ezjail basejail and newjail: root@soho2:~ # zfs destroy -r soho2_zroot/usr/jails/basejail root@soho2:~ # zfs destroy -r soho2_zroot/usr/jails/newjail ezjail already enabled in rc.conf: root@soho2:~ # grep ezjail /etc/rc.conf ezjail_enable="YES" Start ezjail service: root@soho2:~ # service ezjail start ezjail Perform initial ezjail setup: root@soho2:~ # ezjail-admin install -p base.txz 112 MB 3357 kBps 34s lib32.txz 23 MB 3473 kBps 07s src component not installed, skipped Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching metadata signature for 11.3-RELEASE from update2.freebsd.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. The following files will be updated as part of updating to 11.3-RELEASE-p5: /bin/freebsd-version /boot/loader /boot/loader.efi /usr/jails/basejail/usr/lib32/libgssapi_krb5.so.10 /usr/jails/basejail/usr/lib32/libsmb.a /usr/jails/basejail/usr/lib32/libosmcomp.so 180002 blocks Note: a non-standard /etc/make.conf was copied to the template jail in order to get the ports collection running inside jails. Looking up portsnap.FreeBSD.org mirrors... 6 mirrors found. Fetching public key from metapeer.portsnap.freebsd.org... done. Fetching snapshot tag from metapeer.portsnap.freebsd.org... done. Fetching snapshot metadata... done. Fetching snapshot generated at Sun Nov 24 16:21:30 PST 2019: 5b7ede0afbd64b2d0ce6bff7add18d8cfec4d71499cbe8 84 MB 1875 kBps 46s Extracting snapshot... done. Verifying snapshot integrity... done. Fetching snapshot tag from metapeer.portsnap.freebsd.org... done. Fetching snapshot metadata... done. Updating from Sun Nov 24 16:21:30 PST 2019 to Sun Nov 24 19:04:16 PST 2019. Fetching 5 metadata patches... done. Applying metadata patches... done. Fetching 0 metadata files... done. Fetching 11 patches. (11/11) 100.00% done. done. Applying patches... done. Fetching 1 new ports or files... done. /usr/jails/basejail/usr/ports/.arcconfig /usr/jails/basejail/usr/ports/.gitattributes /usr/jails/basejail/usr/ports/.gitauthors /usr/jails/basejail/usr/ports/x11/yeahconsole/ /usr/jails/basejail/usr/ports/x11/yelp/ /usr/jails/basejail/usr/ports/x11/zenity/ Building new INDEX files... done. Create a jail: root@soho2:~ # ezjail-admin create cvs.tracy.holgerdanske.com 'lo1|127.0.1.1,em0|192.168.5.19' /usr/jails/cvs.tracy.holgerdanske.com/. /usr/jails/cvs.tracy.holgerdanske.com/./boot /usr/jails/cvs.tracy.holgerdanske.com/./libexec /usr/jails/cvs.tracy.holgerdanske.com/./etc/ssl /usr/jails/cvs.tracy.holgerdanske.com/./etc/ssl/openssl.cnf /usr/jails/cvs.tracy.holgerdanske.com/./etc/csh.cshrc 12123 blocks Warning: Some services already seem to be listening on all IP, (including 127.0.1.1) This may cause some confusion, here they are: root ntpd 857 20 udp6 *:123 *:* root ntpd 857 21 udp4 *:123 *:* root syslogd 705 6 udp6 *:514 *:* root syslogd 705 7 udp4 *:514 *:* Warning: Some services already seem to be listening on IP 192.168.5.19 This may cause some confusion, here they are: root ntpd 857 23 udp4 192.168.5.19:123 *:* Warning: Some services already seem to be listening on all IP, (including 192.168.5.19) This may cause some confusion, here they are: root ntpd 857 20 udp6 *:123 *:* root ntpd 857 21 udp4 *:123 *:* root syslogd 705 6 udp6 *:514 *:* root syslogd 705 7 udp4 *:514 *:* More of the same problems. Any suggestions? David