Lucas covers "native" jails and iocage in his book and that's what got me poking at iocage. I really like it, it's generally worked well for me and is easy to automate.

There's also an "iohyve" that aims to be a similar tool for bhyve VMs, but looks a little dead: github.com/pr1ntf/iohyve

Title: GitHub - pr1ntf/iohyve: FreeBSD bhyve manager utilizing ZFS

ghoti spork_css i redid the containers page: wiki.freebsd.org/Containers#Container_Tools:_Third-Party

Title: Containers - FreeBSD Wiki

fwiw

must do same for bhyve things

spork_css: I used iohyve for bhyve management for a while, but the project hasn't seen a commit on github since 2017. I migrated to vm-bhyve, which also works nicely.

koobs, do you know if there's a tool or a library that understands config files in the format that jail.conf uses? I've been rolling my own, and I'm never confident that it's 100%, or future-proof.

ghoti: nope im note

not*

Dang. Maybe I'll just write an awk script linter for jail.conf and contribute it.\

how would you want it to work?

Then others can add what's missing. :)

is jails.conf kind of a standin for what would be a OCI/standard method for declaring a jail?

Perhaps, but the spec doesn't match our configs. specs.opencontainers.org/runtime-spec/config/?v=v1.0.2

Title: The OpenContainers Runtime Spec Config

oh i just meant conceptually

ah, maybe.

jails.conf being an 'implementation' of the concept

Anyway, I feel we could use something with a bit of *understanding* of our config. Like, `allow.raw_sockets;` has no = after it, `ip4.addr` can take 1 or more arguments separated by commas, etc.

right

feels like a config 'spec'

'schema'

I have never written a spec, but I have written lots of config automation. :)

there's a concept called a lexer/parser

that programs / languages can be defined in

theres various open source tools to create these 'grammars'

Title: Lexical analysis - Wikipedia

I've spent the last 15 minutes reading src and about json lexers, to get an idea of what is out there for something more mainstream. 15 minutes is not enough..

ghoti: pypi.org/project/jailconf

Title: jailconf · PyPI

?

Title: jail · PyPI

?

I love how the lex man page is a full lesson on how to construct an ERE. Never seen that before.

koobs: jailconf looks like just about exactly what I was hoping for. Not sure I get the other one yet, but it also lead me to github.com/bsdci/ioc which is interesting.

Title: GitHub - bsdci/ioc: libioc command line tool for BSD jail management

ghoti: nice let us know how it goes

Anyone know if a good app for iphone that I can use for mailing list?

Of*

mail works fine?

depends what specific functionality you want

not many choices for free and open source

koobs: something that i can track like mutt for iphone or something. that top post and stuff

hi guys ! any info about libreoffice not showing in the pkg search ?

elliot@phil:~$ pkg search -i libreoffice|grep -v language

libreoffice-7.4.2.3_1 Full integrated office productivity suite

accelerat0r: ^

There is no result in "latest" on stable/13

lets see

oh

pretty weird then

fallout: portsfallout.com/fallout?port=&main…ategory=&categories=editors&flavor= ; logs for "131amd64-default": portsfallout.com/fallout/582676

Title: Fallout list - FreeBSD pkg-fallout

ghoti: thanks for the pointer to github.com/churchers/vm-bhyve!

koobs: awesome list, looks like you've been busy w/edits on that wiki page

how can I restore the boot loader on a freebsd partition?

dksnd: freebsd.org/cgi/man.cgi?query=boot0cfg&sektion=8

also have a look at the gpart manpage (last hint)

last hint in the manpage, i mean

Title: boot0cfg(8)

I'm asking about partition, not a disk

also I'm not sure I'm using the bsdlabel nonsense

it should boot from a normal ufs2-formatted partition - is that possible?

hello, I am study some of periodic scripts for inspiration. Why is colon before this? ": ${daily_scrub_zfs_default_threshold=35}" ....It is a null command according to man page but why is it needed? Thanks

also, why /boot/boot2 doesn't have the first sector? is it combined with something else?

i mean, that's what gpart is for

I'm getting a feeling that the last person who knew how that stuff works died in 1982

have you read the handbook?

yes

and it's not in there?

no, it is not there

dksnd: docs.freebsd.org/en/books/handbook/cutting-edge/#updating-bootcode

Title: Chapter 25. Updating and Upgrading FreeBSD | FreeBSD Documentation Portal

stands to reason that "restoring loader" is akin to "upgrading loader"

something something gpart

it doesn't work obviously

what have you tried and how has this failed for you?

pvalenta, stackoverflow.com/questions/7444504…tion-of-colon-operator-in-foo-value

Title: bash - Explanation of colon operator in ": ${foo=value}" - Stack Overflow

first, gpart doesn't seem to see the partition

post the output to a pastebin

output of what?

I can't even reproduce the environment in a vm because your wonderful os doesn't work in virtualbox

of course it does

you're just doing it wrong

I'm trying to install it but it just hangs

parv, oh, nice. Thank you

playing with boot options doesn't do anything either -  i'm not even sure they are applied because the output is the same

Title: Screenshot, 2022-11-03 12:03:58 - Paste.Pics

and of course the wonderful community has no solution on their wonderful forums

also, why /boot/boot2 doesn't have the first sector? is it combined with something else?

ooo, openzfs devsummit videos are starting to show up.

if that image is the first boot from media, there's no /etc/hostid and /boot/entropy included on the install media, so the problem isn't anything to do with those messages

i'm guessing that since there are blue borders around the image, this is some sort of serial redirection console attached to hardware?

so you need to set up the serial redirection properly

or maybe that's part of the website, but that doesn't really preclude serial redirection

is mixing pkg repositories still discouraged? i recently switched back to the official pkg repo, but my xmpp server is currently broken because the luadbi package is built without postgres support…

so I'm wondering whether i can just make a tiny pkg repo with only the packages for which i need different build-time options without it messing things up…

If you have to use multiple package repositories, it's best if you overlay them with priorities.

pkg.conf(5) describes the property.

debdrup: I assume you're talking about "PRIORITY"?

Yup.

Great, thanks.

It'd be quite odd for it to be named anything else ;)

debdrup: I wouldn't be surprised by that, tho. :P

Really?

I assume one problem with mixed repos would be if my overlay repo has some ports built with some option deactivated that's active by default when others ports not in the overlay depend on it?

Yes, really. This is IT, things don't necessarily make sense. :P

Depends on the priority.

Usually things make a _little_ more sense in FreeBSD though.

The overlay would obviously have a higher priority so the packages that are in there override the ones from official pkg repo.

Yes, usually. :P

Big reason why I picked FreeBSD ;)

The biggest problem with mixed repos is when you're not in-sync with the latest checkout of the packages, really.

morning

Full FreeBSD DevSummit Day 1 Video is up: youtu.be/RxSTqxpT1y0

Title: November 2022 FreeBSD Vendor Summit - Day 1 - YouTube

spork_css: my pleasure

glad its useful

heya, dch!

meena: hey I set up hedgedo today, its cake now.

Thanks koobs all those FreeBSD heads talking about stuff. Makes me feel not alone 😁

\o/

anyone have any idea why i can ping a jail's host, but cannot ping anything else beyond that?

this is a vnet jail. shared jail works fine

usually that means you didn't enable forwarding on the host

if not that, it's likely either a routing or firewall problem

RhodiumToad: net.inet.ip.forwarding=1 # Enable IP forwarding between interfaces

in my sysctl.conf

i have unifi hardware, say the jail is 192.168.1.17, and the host is 192.168.1.125, and the router is 192.168.1.1

dch: did you put it into ports?

host network works fine

codersmoke: I think you're probably misunderstanding how routing works with vnet

RhodiumToad: I probably am :)

the vnet jail behaves like an entirely separate host, attached by a _separate_ network interface

have you set up a bridge for the host and the jail to share the network?

yes, i'll share my ifconfig, if that's ok?

sure

RhodiumToad: ^

dpaste.org/jL0LZ is my rc.conf on the host

you've put the host ip on the physical interface not on the bridge, in my experience this doesn't work properly though the failures can be subtle

any firewall rules?

none

thought i'd get it going before i implement firewall

so, em0 on host shouldn't have ip?

oh, also you have two ifconfig_em0 lines, that doesn't work

I would try it like this: ifconfig_em0="up" ifconfig_bridge0="inet 192.168.1.150 netmask 255.255.255.0 addm em0"

gateway_enable="YES" should enable forwarding without needing to have that separately in sysctl.conf

ok, i'll give this a go right now

thanks for your help RhodiumToad

host inaccessible now via ssh

what exactly does the rc.conf look like now?

dpaste.org/ubxQa RhodiumToad i had to type it over from vmware interface

no i won't win any awards for following instructions, maybe i botched your tip

I should add, i have a functioning vnet on my freenas server, and it puts the inet ip on the igb0 interface and not the bridge0

you missed out the ifconfig_em0="up"

(you need that to bring the interface up in the absence of an address)

thanks, is that before or after the ifconfig_bridge0 line?

doesn't matter

rc.conf is just a set of variable assignments, not a list of commands

that's why specifying some name twice doesn't work, the second assignment just overwrites the first

so, I added it, and still can't ping the host

(from my laptop)

"addm em0" not "add em0" in the bridge0 line

codersmoke: any progress?

not yet, i'm messing a bit with ifconfig though

thanks for hanging around though.

RhodiumToad: hardly as simple as a static route in my unifi controller?

shouldn't be needed if the bridge is correctly set up.

resorting to tcpdump

can you see the ARP table on the router?

a bit complicated on the unifi controller, it can be done, but i just don't have immediate access to the console

strange thing though. i am seeing ARP requests in tcpdump in the jail itself

yes, you should

seeing reference to my wife's iphone too, which make me certain that *something* is coming through

i can only suspect its a routing issue

the vnet jail should see any broadcasts on the network that it's bridged to

which will include all arp requests

possibly an in-jail routing issue, perhaps

it should answer arp requests for its own IP

there is no reference to the jail's ip, or even the host's ip for that matter

in the tcpdump that is

if you try pinging the jail from outside, do you see arp requests for it?

no

none

oh wait, 22:33:26.522137 ARP, Request who-has 192.168.1.240 tell 192.168.1.17, length 28

do you see the pings?

and do you see a response to that request?

no

nothing there. so it's outbound issue (jail--->host) presumably?

what's the ifconfig look like from within the jail?

hm

ah

.17 is the jail

yes

what is .240 ? the box you were pinging from?

correct

and the host is .150

so the jail sent out an arp request to find out where .240 is, and got nothing?

oh wait yes, that makes more sense

frustrating, right?

can you check with tcpdump on the host em0 to see if that arp request got out, and on .240 to see if it was received there?

RhodiumToad: I must hit the sack now, but I'll try tomorrow, is it ok to /msg you with the end result?

sure, if you like

thanks mate! appreciate the help.