explicitly setting a jail property to `-` stops the parent lookup

[igalic]

since we have no way to unset a property, i chose to set it to -, since my puppet runs were complaining about a discrepancy between basejail_type. This may have been because these jails were created with an older version of libiocage(!).

however, setting the property to - causes it to exist and therefore, the lookup to stop right then and there, in this case, it's bad:

root@container-host1 /u/l/s/p/s/ioc# ioc start webirc
[+] JailResolverConfig@webirc: OK [0.005s]
[+] JailDependantsStart@webirc: OK [0.023s]
  [+] JailDependantStart@dhcp: already running [0.005s]
[-] JailLaunch@webirc: ...
Traceback (most recent call last):
  File "/usr/local/bin/ioc", line 10, in <module>
    sys.dd:exit(cli())
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/src/ioc/ioc_cli/start.py", line 85, in cli
    **start_args
  File "/usr/local/src/ioc/ioc_cli/start.py", line 174, in _normal
    print_function(jail.start())
  File "/usr/local/src/ioc/ioc_cli/__init__.py", line 87, in print_events
    for event in generator:
  File "/usr/local/lib/python3.6/site-packages/libioc/Jail.py", line 591, in start
    self.storage_backend.apply(self.storage, self.release)
AttributeError: 'NoneType' object has no attribute 'apply'
root@container-host1 /u/l/s/p/s/ioc#

[igalic]

here's an implementation for the CLI: https://github.com/bsdci/ioc/pull/14

[igalic]

i noticed an interesting discrepancy…

default.json:

{
    "boot": "yes",
    "defaultrouter6": "fdde:fd1d:f9e9:4d0f::",
    "exec_start": "/bin/sh /etc/rc && set -eu && mkdir -p \"/etc/facter/facts.d/\" && echo role=$IOC_USER_FACTS_ROLE > \"/etc/facter/facts.d/role.txt\" && env PATH=$IOC_USER_PATH puppet apply --debug $IOC_USER_PUPPET_MANIFEST",
    "exec_timeout": "600",
    "interfaces": "vnet0:bridge0",
    "ip4_addr": "vnet0|dhcp",
    "pcpu": "3:deny",
    "user": {
        "path": "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin",
        "puppet": {
            "manifest": "/usr/local/etc/puppet/environments/production/manifests/site.pp"
        }
    },
    "vnet": "yes"
}

dhcp's config.json:

{
    "allow_raw_sockets": "1",
    "basejail": "yes",
    "defaultrouter": "172.16.0.1",
    "depends": "none",
    "devfs_ruleset": "5",
    "exec_start": "/bin/sh /etc/rc",
    "id": "dhcp",
    "ip4_addr": "vnet0|172.16.0.2/16",
    "release": "12.0-RELEASE",
    "user.facts.role": "dhcp-server",
    "user.pkglist": "puppet6,dnsmasq"
}

root@container-host1 ~# ioc get basejail_type dhcp
nullfs
root@container-host1 ~# ioc get basejail_type defaults
-

[gronke]

The Jail dhcp is already running. @igalic can you please post the configuration of webirc as well?

The basejail_type JailConfig property is abstracted. When basejail is not enabled, which is the default for compatibility reasons, basejail_type is always None. This also applies for the defaults, as seen here:

root@fbsd12 # python3.6 . set basejail=yes defaults
Defaults updated: basejail
root@fbsd12 # python3.6 . get basejail defaults
yes
root@fbsd12 # python3.6 . get basejail_type defaults
nullfs
root@fbsd12 # python3.6 . set basejail defaults
Defaults updated: basejail
root@fbsd12 # python3.6 . get basejail defaults
no
root@fbsd12 # python3.6 . get basejail_type defaults
-

[igalic]

thank you very much for this explanation!