Project

General

Profile

Bug #53334

Correctly add bpf to devfs rules

Added by Sebastien DURIS almost 2 years ago. Updated over 1 year ago.

Status:
Done
Priority:
No priority
Assignee:
Brandon Schneider
Category:
Middleware
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Hi,

i have 3 openvpn jails (2 clients and 1 server) and a dnsmasq jail.

since upgrade :
- openvpn jails, openvpn can't allocate tun devices
- dnsmasq can't find bpf devices

i tried to modify options like allow mounts, devsfs mount and so on, no result

since all was working in beta3, i had to roll back

i attached some jails config files for example

thanks in advance


Related issues

Related to FreeNAS - Bug #40872: Add ability to allocate TUN devices dynamically in iocageDone
Has duplicate FreeNAS - Bug #58374: [RC2] after update devices STILL unavaliable in jailsClosed

History

#1 Updated by Dru Lavigne almost 2 years ago

  • Assignee changed from Release Council to William Grzybowski
  • Private changed from No to Yes

#3 Updated by William Grzybowski almost 2 years ago

  • Assignee changed from William Grzybowski to Brandon Schneider
  • Target version changed from Backlog to 11.2-RC2

#4 Updated by Brandon Schneider almost 2 years ago

  • Status changed from Unscreened to Not Started

#5 Updated by Brandon Schneider almost 2 years ago

  • Related to Bug #40872: Add ability to allocate TUN devices dynamically in iocage added

#6 Updated by Brandon Schneider almost 2 years ago

  • Status changed from Not Started to Closed
  • Reason for Closing set to Duplicate Issue

Marking as duplicate as this behavior was also fixed as a result of #40872.

#7 Updated by Dru Lavigne almost 2 years ago

  • File deleted (config_files.zip)

#8 Updated by Dru Lavigne almost 2 years ago

  • Target version changed from 11.2-RC2 to N/A
  • Private changed from Yes to No

#9 Updated by Sebastien DURIS over 1 year ago

  • Seen in changed from 11.2-RC1 to 11.2-RC2

problem still in 11.2-RC2 :
- my DHCP server jail has no BPF in /dev
- my openvpn server failing again with no tun
- my 2 openVPN clients failing again with no tun

#10 Updated by William Grzybowski over 1 year ago

Sebastien DURIS wrote:

problem still in 11.2-RC2 :
- my DHCP server jail has no BPF in /dev
- my openvpn server failing again with no tun
- my 2 openVPN clients failing again with no tun

did you delete the jail and install a new one?

#11 Updated by Sebastien DURIS over 1 year ago

I tried to make a new one for each.

Nb : I updated freenas... Currently trying on a fresh install on a vm

#12 Updated by Dru Lavigne over 1 year ago

  • Related to Bug #58374: [RC2] after update devices STILL unavaliable in jails added

#13 Updated by Dru Lavigne over 1 year ago

  • Related to deleted (Bug #58374: [RC2] after update devices STILL unavaliable in jails)

#14 Updated by Dru Lavigne over 1 year ago

  • Has duplicate Bug #58374: [RC2] after update devices STILL unavaliable in jails added

#15 Updated by Paul Bolton over 1 year ago

  • File debug-freenas-20181119232821.tgz added

Sebastien DURIS wrote:

I tried to make a new one for each.

Nb : I updated freenas... Currently trying on a fresh install on a vm

Just to add to this, I'm also still having this "Cannot allocate TUN/TAP dev dynamically" issue when starting OpenVPN on 11.2 RC2. It seems to be fixed for some people but the update hasn't helped for me. I've run set allow_tun=1 for the jail and checked it's set before starting but still no luck, also rebuilt the jail again in 11.2 RC2 which I originally created in 11.2 RC1.

Also tried to run ifconfig tun0 create and get an "Operation not permitted" error message.

I assume we may both be having the same issue, I've attached my debug file in case it's useful. I have a couple of jails I was trying to get the VPN working in and the latest one is called "Transmission-VPN".

#16 Updated by Brandon Schneider over 1 year ago

Paul: You must set vnet=on for that to work.

#17 Updated by Paul Bolton over 1 year ago

Brandon Schneider wrote:

Paul: You must set vnet=on for that to work.

Ah ok, I figured I may just be missing something. I'll test it later today.

I wonder if this is a step that Sebastien missed as well.

#18 Updated by Dru Lavigne over 1 year ago

  • File deleted (debug-freenas-20181119232821.tgz)

#19 Updated by Sebastien DURIS over 1 year ago

so :
test on a VM with fresh install :
- openvpn can work

- i updated all jails from 11.2-RELEASE-P2 to P4 via iocage upgrade <jail>, upgrade on gui fail
even if i iocage do iocage upgrade, version stay in p2

- i fixed my openvpn server adress and relaunch my vpn server, it connects well

2nd problem still fail :
- dnsmasq - my dhcp server - not
root@infra:~ # service dnsmasq start
Starting dnsmasq.

dnsmasq: cannot create DHCP BPF socket: No such file or directory
/usr/local/etc/rc.d/dnsmasq: WARNING: failed to start dnsmasq

no bpf device come if the jail is not a dhcp client (i can't declare a dhcp server as a dynamic adressing)

#20 Updated by Brandon Schneider over 1 year ago

Sebastien: Make sure the jail has bpf=yes and vnet=on. Those are required for bpf device usage in a jail.

#21 Updated by Sebastien DURIS over 1 year ago

tags are ok, here my jail config : {
"CONFIG_VERSION": "14",
"allow_chflags": "0",
"allow_mlock": "0",
"allow_mount": "1",
"allow_mount_devfs": "1",
"allow_mount_nullfs": "0",
"allow_mount_procfs": "0",
"allow_mount_tmpfs": "0",
"allow_mount_zfs": "0",
"allow_quotas": "0",
"allow_raw_sockets": "1",
"allow_set_hostname": "1",
"allow_socket_af": "1",
"allow_sysvipc": "0",
"allow_tun": "1",
"available": "readonly",
"basejail": "no",
"boot": "on",
"bpf": "yes",
"children_max": "0",
"cloned_release": "11.2-RELEASE-p2",
"comment": "none",
"compression": "lz4",
"compressratio": "readonly",
"coredumpsize": "off",
"count": "1",
"cpuset": "off",
"cputime": "off",
"datasize": "off",
"dedup": "off",
"defaultrouter": "192.168.1.1",
"defaultrouter6": "none",
"depends": "none",
"devfs_ruleset": "4",
"dhcp": "off",
"enforce_statfs": "1",
"exec_clean": "1",
"exec_fib": "0",
"exec_jail_user": "root",
"exec_poststart": "/usr/bin/true",
"exec_poststop": "/usr/bin/true",
"exec_prestart": "/usr/bin/true",
"exec_prestop": "/usr/bin/true",
"exec_start": "/bin/sh /etc/rc",
"exec_stop": "/bin/sh /etc/rc.shutdown",
"exec_system_jail_user": "0",
"exec_system_user": "root",
"exec_timeout": "60",
"host_domainname": "none",
"host_hostname": "infra",
"host_hostuuid": "infra",
"host_time": "yes",
"hostid": "602e5043-a7bc-11e8-80d1-f8db88fe03e8",
"hostid_strict_check": "off",
"interfaces": "vnet0:bridge0",
"ip4": "new",
"ip4_addr": "vnet0|192.168.1.10/24",
"ip4_saddrsel": "1",
"ip6": "new",
"ip6_addr": "none",
"ip6_saddrsel": "1",
"jail_zfs": "off",
"jail_zfs_dataset": "iocage/jails/infra/data",
"jail_zfs_mountpoint": "none",
"last_started": "2018-11-20 14:28:08",
"login_flags": "-f root",
"mac_prefix": "02ff60",
"maxproc": "off",
"memorylocked": "off",
"memoryuse": "off",
"mount_devfs": "1",
"mount_fdescfs": "1",
"mount_linprocfs": "0",
"mount_procfs": "1",
"mountpoint": "readonly",
"msgqqueued": "off",
"msgqsize": "off",
"nmsgq": "off",
"notes": "none",
"nsemop": "off",
"nshm": "off",
"nthr": "off",
"openfiles": "off",
"origin": "readonly",
"owner": "root",
"pcpu": "off",
"priority": "1",
"pseudoterminals": "off",
"quota": "none",
"release": "11.2-RELEASE-p2",
"reservation": "none",
"resolver": "/etc/resolv.conf",
"rlimits": "off",
"securelevel": "2",
"shmsize": "off",
"stacksize": "off",
"stop_timeout": "30",
"swapuse": "off",
"sync_state": "none",
"sync_target": "none",
"sync_tgt_zpool": "none",
"sysvmsg": "new",
"sysvsem": "new",
"sysvshm": "new",
"template": "no",
"type": "jail",
"used": "readonly",
"vmemoryuse": "off",
"vnet": "on",
"vnet0_mac": "02ff60b2c78d,02ff60b2c78e",
"vnet1_mac": "none",
"vnet2_mac": "none",
"vnet3_mac": "none",
"vnet_default_interface": "none",
"vnet_interfaces": "none",
"wallclock": "off"
}

if i set my DHCP server jail with dhcp=on and i start my ISP router DHCP server to bind adress, bpf device file is spawned at jail's start and dnsmasq start (that's not the target configuration but i wanted to test)

#22 Updated by Brandon Schneider over 1 year ago

You don't need dhcp=on, that's for the jail to get a DHCP address, you're handing out DHCP addresses.

#23 Updated by Sebastien DURIS over 1 year ago

that was the only way to make the bpf device availaible, it was only for a test purpose.

meanwhile as a workaround i fixed all my jails ip adresses and returned my ISP router DHCP ON, i really need your help to go back to a nominal situation.

even on a fresh install VM and jail, the same problem occurs

i tried also another package to provide dhcp (isc-dhcp), the same ...

#24 Updated by Brandon Schneider over 1 year ago

  • Subject changed from [RC1] after update devices unavaliable in jails to bpf device is not created when dhcp is not specified
  • Status changed from Closed to In Progress
  • Target version changed from N/A to 11.2-U2
  • Reason for Closing deleted (Duplicate Issue)

#26 Updated by Brandon Schneider over 1 year ago

  • Needs QA changed from Yes to No

#28 Updated by Dru Lavigne over 1 year ago

  • Subject changed from bpf device is not created when dhcp is not specified to Correctly add bpf to devfs rules

#29 Updated by Sebastien DURIS over 1 year ago

thanks a lot,

i modified /usr/local/lib/python3.6/site-packages/iocage_lib/ioc_common.py with pull request :

line 699 changed

if conf['dhcp'] 'on':
to

if conf['bpf'] 'yes':

and it works !

really, thanks a lot !

#30 Updated by Dru Lavigne over 1 year ago

  • Status changed from In Progress to Done
  • Needs Doc changed from Yes to No
  • Needs Merging changed from Yes to No

#31 Updated by Sebastien DURIS over 1 year ago

this ticket has been forgotten in 11.2 release, need to rechange /usr/local/lib/python3.6/site-packages/iocage_lib/ioc_common.py script after update

and when i apply this update manually i can't start dhcp jails :
Can't find free bpf: No such file or directory
exiting.
/etc/rc.d/dhclient: WARNING: failed to start dhclient

Stopped openvpn_srv due to VNET failure

#32 Updated by Brandon Schneider over 1 year ago

It wasn't forgotten :) It's targeted for U1

#33 Updated by Sebastien DURIS over 1 year ago

ok then why i can't apply the further change in iocage script ?

something has changed ?

#34 Updated by Daniel shsh over 1 year ago

Hello everyone,

I arrived here from google. I have 11.2-U1 installed on my server and the issue persists as described by OP. The fix in PR https://github.com/freenas/iocage/pull/101 works after editing the file and rebooting FreeNAS. Just wanted to help others that get here by looking for a fix.

I have recreated the jail from scratch before applying the fix&rebooting. The jail used the same settings but it didn't work before rebooting although I've applied the fix before recreating the jail.

This jail is meant for dnsmasq to run as a local dns&pxe server.

Regards and a Happy New Year to everyone!

#35 Updated by meku m over 1 year ago

This fix has not yet been released.

Confusingly the 11.2-U1 release that is now public is not the same as the 11.2-U1 target attached to this issue.

Also available in: Atom PDF