search

BastilleBSD / bastille

Bastille is an open-source system for automating deployment and management of containerized applications on FreeBSD.
https://bastillebsd.org
BSD 3-Clause "New" or "Revised" License
853 stars 134 forks source link

[BUG] Dual stack jails - rc.conf ifconfig_ variable doesn't work. #655

Open david-ramsden opened 10 months ago

david-ramsden commented 10 months ago

[MANDATORY] Describe the bug [MANDATORY] Disclaimer: New user to FreeBSD, jails and Bastille.

I have the requirement to deploy dual stack jails. I'm doing so using an external bridge so that I can use IPv6 RAs from my VPS provider and also IPv4 using RFC1918 addressing and NAT via pf on the host. As such, I've installed bastille from the latest git main branch to take advantage of dual stack jail deployment.

However, after creating a jail, the rc.conf that has been created doesn't work and no networking comes up. I need to change rc.conf and restart netif to get things going.

See steps to reproduce for detailed information.

[MANDATORY] Bastille and FreeBSD version (paste bastille -v && freebsd-version -kru output)

3a4ebc63bb84b66d456713e608be86e4cba3b637
14.0-RELEASE-p3
14.0-RELEASE-p3
14.0-RELEASE-p4

[MANDATORY] How did you install bastille? (port/pkg/git) git

[optional] Steps to reproduce?

Create a new jail, e.g: bastille create -B test2 14.0-RELEASE "10.77.4.3/24 SLAAC" bastille1

Output from jail creation:

Valid: (10.77.4.3/24).
Valid: (SLAAC).
Valid: (bastille1).

Creating a thinjail...

no IP address found for not set
[test2]:
epair1a
e1a_test2
e1b_test2
test2: created

[test2]:
Applying template: default/vnet...
[test2]:
Applying template: default/base...
[test2]:
[test2]: 0

[test2]:
syslogd_flags: -s -> -ss

[test2]:
sendmail_enable: NONE -> NO

[test2]:
sendmail_submit_enable: YES -> NO

[test2]:
sendmail_outbound_enable: YES -> NO

[test2]:
sendmail_msp_queue_enable: YES -> NO

[test2]:
cron_flags:  -> -J 60

[test2]:
/etc/resolv.conf -> /usr/local/bastille/jails/test2/root/etc/resolv.conf

Template applied: default/base

No value provided for arg: GATEWAY6
[test2]:
ifconfig_e1b_test2_name:  -> vnet0

[test2]:
ifconfig_vnet0:  ->  inet 10.77.4.3/24 inet6 -ifdisabled accept_rtadv

[test2]:
defaultrouter: NO -> 10.77.4.1
[test2]: 0

[test2]:
[test2]: 0

Template applied: default/vnet

[test2]:
test2: removed

no IP address found for not set
[test2]:
epair1a
e1a_test2
e1b_test2
test2: created

(side note: is there a typo in the text "no IP address found for not set" - should this be "or" instead of "for"?)

Console to the jail and check ifconfig:

lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0 metric 0 mtu 33152
        options=0
        groups: pflog
vnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:5b:06:ae:11:0b
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

No IPv4 or IPv6 config has been applied to vnet0 interface.

/etc/rc.conf is as follows:

syslogd_flags="-ss"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
cron_flags="-J 60"
ifconfig_e1b_test2_name="vnet0"
ifconfig_vnet0=" inet 10.77.4.3/24 inet6 -ifdisabled accept_rtadv"
defaultrouter="10.77.4.1"

When restarting netif, the following error is seen: ifconfig: inet6: bad value

To resolve this, I edit rc.conf and remove the inet6 parameters from the ifconfig_vnet0 variable and use a ifconfig_vnet0_ipv6 specific variable, e.g:

ifconfig_vnet0="inet 10.77.4.3/24"
ifconfig_vnet0_ipv6="inet6 -ifdisabled accept_rtadv"

Now restarting netif produces no errors and IPv4 and IPv6 are configured as expected.

david-ramsden commented 10 months ago

Another observation is that /etc/resolv.conf inside the jail doesn't contain the IPv4 nameserver that is present in the host's /etc/resolv.conf. Only the IPv6 nameserver is present. Unrelated (I think?) to this issue but commenting so that I don't forget about it.