mpasternacki
commented
9 years ago Hi,
Looks like inside of the pod doesn't have access to the network, or functional DNS.
Did you follow the pf setup to NAT traffic from within the pod/jail to the outside world?
Does your /etc/resolv.conf use DNS servers that may not be reachable from within the container? The DNS setup for the pod jails currently consists of copying host's /etc/resolv.conf.
I see that you have successfully built the freebsd-base/release image (the unpatched 10.1 base system). To help diagnose the problem, you can start a pod with interactive console of that image, and look for the reason. I'll paste some samples, assuming you use the default settings (in particular, the default IP range where host uses interface lo1 configured as 127.23.0.1. I'll set allow.raw_sockets=true in pod's jail.conf to be able to ping from the container:
$ jetpack pod create -run -destroy -a=jetpack/jail.conf/allow.raw-sockets=true freebsd-base/releaseThis should drop you into a root console. First, let's try to ping the host. Next, we'll try to ping the IP for example.com:
root@99c71b82-bdd7-4b63-82b0-ebd4dcebc2e3:~ # ping -c 3 172.23.0.1
PING 172.23.0.1 (172.23.0.1): 56 data bytes
64 bytes from 172.23.0.1: icmp_seq=0 ttl=64 time=0.035 ms
64 bytes from 172.23.0.1: icmp_seq=1 ttl=64 time=0.123 ms
64 bytes from 172.23.0.1: icmp_seq=2 ttl=64 time=0.122 ms
--- 172.23.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.035/0.093/0.123/0.041 ms
root@99c71b82-bdd7-4b63-82b0-ebd4dcebc2e3:~ # ping -c 3 93.184.216.34
PING 93.184.216.34 (93.184.216.34): 56 data bytes
64 bytes from 93.184.216.34: icmp_seq=0 ttl=52 time=109.691 ms
64 bytes from 93.184.216.34: icmp_seq=1 ttl=52 time=112.540 ms
64 bytes from 93.184.216.34: icmp_seq=2 ttl=52 time=112.311 ms
--- 93.184.216.34 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 109.691/111.514/112.540/1.292 msIf first one fails, there's a general problem with networking. If the second one fails, there's a routing or NAT issue. If you configured PF correctly, please check sysctl net.inet.ip.forwarding on the host. If it's set to 0, try whether setting it to 1 helps. It might be necessary; if it is, I may have missed it from README, because I have that enabled for other reasons. Please let me know if that is the issue.
If IP works correctly, please check that /etc/resolv.conf looks reasonable, and that hostnames resolve correctly. Ping your name servers. Use the host command to run DNS queries. Use fetch command to check TCP:
root@99c71b82-bdd7-4b63-82b0-ebd4dcebc2e3:~ # cat /etc/resolv.conf
…
root@99c71b82-bdd7-4b63-82b0-ebd4dcebc2e3:~ # ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=54 time=16.912 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=18.406 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=22.436 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 16.912/19.251/22.436/2.333 ms
root@99c71b82-bdd7-4b63-82b0-ebd4dcebc2e3:~ # host example.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
example.com has address 93.184.216.34
example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946
root@99c71b82-bdd7-4b63-82b0-ebd4dcebc2e3:~ # host example.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
example.com has address 93.184.216.34
example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946
root@99c71b82-bdd7-4b63-82b0-ebd4dcebc2e3:~ # ping -c 3 example.com
PING example.com (93.184.216.34): 56 data bytes
64 bytes from 93.184.216.34: icmp_seq=0 ttl=52 time=113.945 ms
64 bytes from 93.184.216.34: icmp_seq=1 ttl=52 time=111.940 ms
64 bytes from 93.184.216.34: icmp_seq=2 ttl=52 time=109.855 ms
--- example.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 109.855/111.913/113.945/1.670 ms
root@99c71b82-bdd7-4b63-82b0-ebd4dcebc2e3:~ # fetch http://example.com
example.com 100% of 1270 B 2932 kBps 00m00sPlease let me know what you found out. If you need to set custom DNS servers for the pods (e.g. to avoid IPs unreachable from jails), this should be reasonably easy to implement. If all of the above works, and the make in images/freebsd-base still fails, let me know; I will try to figure out what might be the cause.
Thanks for trying out Jetpack, BTW! I hope you'll be able to get it up and running soon.
ghost
jetpack image freebsd-base/release build -cp=/root/jetpack/share/jetpack.image.mk /usr/bin/make .jetpack.build. sed -i '' 's|^Components.*|Components world/base|' /etc/freebsd-update.conf install -v -m 0644 rc.conf /etc/rc.conf install: rc.conf -> /etc/rc.conf install -v -m 0600 entropy /entropy install: entropy -> /entropy patch /usr/sbin/freebsd-update < freebsd-update.patch Hmm... Looks like a unified diff to me...
The text leading up to this was:
|--- /usr/sbin/freebsd-update 2015-02-08 22:15:58.178818000 +0100
|+++ freebsd-update 2015-02-09 13:45:42.202917000 +0100
Patching file /usr/sbin/freebsd-update using Plan A... Hunk #1 succeeded at 610 (offset -8 lines). done env PAGER=cat freebsd-update -s update6.freebsd.org fetch install Looking up update6.freebsd.org mirrors... none found. Fetching public key from update6.freebsd.org... failed. No mirrors remaining, giving up. *\ Error code 1
Stop. make: stopped in /.jetpack.build. run.Command[/root/jetpack/bin/stage2 -jid 1 -chroot /0 -user 0 -group 0 -name jetpack/build -cwd /.jetpack.build. /usr/bin/make .jetpack.build.]: exit status 1 /root/jetpack/jetpack/image.go:331: *\ Error code 1
Stop. make: stopped in /root/jetpack/images/freebsd-base ERROR: run.Command[make -C /root/jetpack/images/freebsd-base]: exit status 1 cannot unmount '/var/jetpack/test.462087242/pods/0a5966da-e84c-4cd5-a14b-2c78c0a6fdd9/rootfs/0': Device busy ERROR: run.Command[/sbin/zfs destroy -r zroot/jetpack/test.462087242]: exit status 1 run.Command[/root/jetpack/bin/test.integration dataset=zroot/jetpack]: exit status 2 root@xoa:~/jetpack # ping update6.freebsd.org PING update6.freebsd.org (198.148.79.66): 56 data bytes 64 bytes from 198.148.79.66: icmp_seq=0 ttl=49 time=270.566 ms 64 bytes from 198.148.79.66: icmp_seq=1 ttl=49 time=270.299 ms ^C --- update6.freebsd.org ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 270.299/270.433/270.566/0.133 ms root@xoa:~/jetpack # freebsd-update -s update6.freebsd.org fetch install Looking up update6.freebsd.org mirrors... none found. Fetching public key from update6.freebsd.org... failed. No mirrors remaining, giving up.