PC-BSD 9.1 Linux Jails, VirtualBox, Citadel Groupware

v 0.2

6 Feb 13

The last few days, I've been playing with PC-BSD Jails via Warden.  I've found that the BSD Jails work just great, as I've mentioned previously, however I've been having problems installing servers on a Debian Linux Jail.  Some servers install without a hitch, and others just won't let the outside world see them. 

A case in point is installing Citadel Groupware.  In the Linux Jail, the two components can't talk to each other - Webcit, which provides the outward facing web interface, can't see the Citserver to talk on TCP 504.  Installing on Virtualbox, no problems - it installs without a hitch.

Another example is the installation of Web Servers.  Apache - nope.  Nginx - worked out of the box.  In all cases, the installation was using the standard Debian packages from the Main repository.

Debian Jail - Install Script

The way Debian is installed in a Linux Jail, is using the debootstrap command.  The way this is set in the install script is simply:

debootstrap squeeze

However, there are several architectures for Debian, in particular, the ones we want use the FreeBSD kernel .. should we include the architecture we want?  So, it would look like:

debootstrap --arch kfreebsd-i386 squeeze
or
debootstrap --arch kfreebsd-amd64 squeeze

I haven't really seen any difference, however I wonder ...

Citadel Again

Maybe I take a little longer for the concepts to sink in, but I've finally satisfied myself that the Debian packages do the same installation (albeit with files in different places - because it is Debian).

• The servers are installed
• The "citadel" user is created to run the server
• The init scripts are sorted.

The outcome of all this is that when the machine (virtual or real) is started, Citadel starts as well.

How to re-configure the Citadel Server?  There is a setup script in
"/usr/lib/citadel-server"
Run that script if you need to and you can adjust ports, and add an admin user.

Be aware, that Webcit ignores your setup instructions.  Get a text editor and edit
"/etc/default/webcit"
to your liking.




Later .........

PC-BSD 9.1 - More Jails and Linux

v 0.3.1

1 Feb 13
2 Feb 13
4 Feb 13

As I mentioned a couple of posts ago, most things are easy in hindsight, but maddening when you have to work them out.  Another such example I have found with PC-BSD Jails under the "Warden".  Rather than try and organise what I've found into little chunks, this will be a narration of the adventure.

I started learning about Jails using a Linux Jail.  I used an IP address within the router address space.  All was well until I tried to communicate with services within the Jail that I thought I'd started.  Not only that, but when I check the router's "attached devices" list, my Jail was nowhere to be seen.

I remembered there were two tutorial articles about Jails in BSD Magazine, one on Linux Jails in issue 12/12 and a tutorial on installing OwnCloud in a Standard Jail in issue 9/12.

The article on Linux Jails went into NAT configuration on the host and editing a few configuration files - I must confess I found this puzzling as a requirement since everything else about PC-BSD organisation of Jails was so automated.  Eventually I went back to the beginning and went through the tutorial setting up a standard BSD Jail.

What I found with the BSD Jail was that there were several other tools to manage these Jail types - including a Process manager, where I could make sure the processes I wanted were started.  That is where I started remembering the list of ports being monitored in the Linux Jail ....  Also, it was about that time I chanced on reading a statement in the PC-BSD forums where the poster pointed out that Warden does quite a few things in the background.

So ...

I cloned my BSD Jail, giving one an IP in the router address space, and the other another address in another address space.  I made sure the Apache process was started in each Jail and that the firewall had opened port 80.  Then I went to another computer on my network and simply typed in the IP address of each jail in a web browser.  The Jail with the router address space address worked immediately and Apache talked back.  The other one, not.

My conclusion as to Jail IP address:

• If you are simply starting a Jail - give it an IP in the router address space.
• If you are going to configure NAT on the host system, use another address space.

How do you find the Jail if the router does not know about it?  When you address your Jail, the router queries each of its attached machines.  When it queries the host machine, that machine recognises the Jail address and passes the request on to the Jail.  So the router doesn't have to know about the Jail, it just has to be able to have an address in its address space that it can give to the host machine that then knows.

NOW .. I went back to my Linux Jail - with its IP address in the router address space.  I installed an SSH server, made sure it was started (the listened port came up on the info tab).  I opened the SSH port on the firewall.  I then went to another machine on the network,

ssh (ip address)

The Jail replied!  Victory!

So you can now configure your router to talk to a Jail just like any other attached machine.  I would guess you could even assign a static IP to a Jail, using the mac address of the host machine.

A final note about Debian Jails.  When you install the Jail, there are several configuration tasks that are not taken care of that would normally be done so in a Debian Install, but are not.  That is my next little task to take care of with a Debian Linux Jail ....


Later ............

PS
For Debian,

• an easy way to manage startup services is to load package " rcconf " and use that to graphically set services.
• to set the default Locale, install package  " locales " and run " dpkg-reconfigure locales " to select and set your desired Locale.