Assertion failed

Running FreeBSD 7.2 on 8.4

Just before this weekend we had some issues with an old server which had lost one of the disks in it’s mirror and the second was starting to fail. This is a server we plan to decommission, but unfortunately we can’t do this yet as it still has a lot of important services running. This server was running an FreeBSD 7.2 and thankfully all services we care about was running in a jail. So it was decided, to get a temporary solution to this, we would create a new FreeBSD 8.4 virtual machine and move the jail as is to the new machine.

From my earlier experience with running 9.x on 10 I expected this to go like a charm, but unfortunately this was not the case. After several ours of transfering the jail to the new host, the time had finally come to start it. It started just as expected, but some of the services did not come up. More specifically stunnel and mysql. After some debugging it turned out they both failed on the function ‘kse_create’. This function is a part of the kernel supported user threads (kse(2)). Support for these was removed with FreeBSD 8, and since I was staying with the 7.2 userland in the jail it was not just to recompile the affected programs in the jail.

To solve this I recompiled the affected programs for 8.4, before I installed them to the 7.2 jail. This did have one problem though, the binary was linked against libraries which wasn’t available in FreeBSD 7.2. The natural solution for this would be the compat8x port, but it contained a lot of libraries which wasn’t necessary and was lacking a few which was needed. So instead of using compat8x, I chose to manually copy the missing libraries from the 8.4 machine and install them to the 7.2 jail. Then after some compiling the services which originally used kse was back up again without it.

Running poudriere in a jail

Poudriere is a great tool when you need to build packages for freebsd, but sometimes one would prefer to run it in a jail. Even though this is not recomended there is a basic guide for how to do this on the poudriere wiki. But this does not work if your poudriere jail is configured with an ip-address instead of inheriting ip-addresses.

In addition to the settings shown in the guide one would have to add the following to poudriere.conf:

LOIP4="192.168.1.10/24" # IPv4 of jail
LOIP6="fec0::10/64"     # IPv6 of jail

But there is still one caveat left to discover. If your kernel supports IPv4/6 and the jail does not have an IPv4/6-address it will fail. This problem can be solved with the following patch assuming you use poudriere 3.1-pre (your miles may wary with other versions).

diff --git a/src/share/poudriere/common.sh b/src/share/poudriere/common.sh
index 6a78e37..ef91e4b 100755
--- a/src/share/poudriere/common.sh
+++ b/src/share/poudriere/common.sh
@@ -4341,6 +4341,13 @@ fi

 : ${LOIP6:=::1}
 : ${LOIP4:=127.0.0.1}
+
+[ "${LOIP4}" = "no" ] && \
+       IPS="0$(echo $IPS | tail -c 1)"
+
+[ "${LOIP6}" = "no" ] && \
+       IPS="$(echo $IPS | head -c 1)0"
+
 case $IPS in
 01)
        localipargs="ip6.addr=${LOIP6}"

After applying this patch you can use the following in poudriere.conf to disable IPv4 and/or IPv6:

LOIP4="no" # Disable IPv4
LOIP6="no" # Disable IPv6

What you will probably want is something similar to the following:

LOIP4="192.168.1.10/24" # IPv4 of jail
LOIP6="no"              # Disable IPv6

or:

LOIP4="no"          # Disable IPv4
LOIP6="fec0::10/64" # IPv6 of jail

Note: When disabling either IPv4 or IPv6 ‘no’ is case sensitive when using this pathch.

Netbooting mfsbsd

Currently I’m trying to automatically installing FreeBSD on zfs by netbooting a comuter. As a part of this I have to pxeboot a mfsbsd image which actually does the install. So far this is how I got mfsbsd to netboot of a FreeBSD host.

First of all we need to grab an mfsbsd image and setup the root for tftp. The tftp root folder is commonly placed at /tftpboot.

# fetch http://mfsbsd.vx.sk/files/iso/10/amd64/mfsbsd-10.0-RELEASE-amd64.iso
# mkdir -p /tftpboot/mfsroot
# tar -xf mfsbsd-10.0-RELEASE-amd64.iso -C /tftpboot/mfsroot
# cp /boot/pxeboot /tftpboot

After this is done we will need an tftp server. FreeBSD comes with one in the base system so we will only have to activate this in /etc/inetd.conf. This is done by uncommenting the following lines in /etc/inetd.conf, the second line is only necessary if you want to use ipv6.

tftp    dgram   udp     wait    root    /usr/libexec/tftpd  tftpd -l -s /tftpboot
tftp    dgram   udp6    wait    root    /usr/libexec/tftpd  tftpd -l -s /tftpboot

Unfortunately the freebsd pxe loader only supports nfs without recompiling it. This isn’t a big issue though as FreeBSD as an nfs server in the base system. To tell nfsd to share the location where we placed the mfsbsd image, add the following to /etc/exports

/tftpboot/mfsroot -ro -maproot=root -network=192.168.1.0 -mask=255.255.255.0

Before we are done we will need an dhcp server, if you don’t have one allready you can get one from port by using the following command.

# pkg install isc-dhcp42-server

Following is an example of dhcpd.conf, you will probably have to modify it for your needs.

subnet 192.168.1.1 netmask 255.255.255.0 {
    range 192.168.1.50 192.168.1.100;
    option routers 192.168.1.1;
    option domain-name-servers 192.168.1.1;
    option domain-name "domain.tld";
    default-lease-time 3600;
    max-lease-time 3600;
    next-server 192.168.1.2;
    option root-path "/tftpboot/mfsroot";
    filename "pxeboot";
}

host host.domain.tld {
    ethernet AA:BB:CC:DD:EE:FF;
    option host-name "host";
}

At last before we can netboot mfsbsd we will have to activate and start all the services we just configured. This can be done with the following commands.

# sysrc dhcpd_enable=YES
# sysrc nfsd_enable=YES
# sysrc mountd_enable=YES
# sysrc inetd_enable=YES
# service nfsd start
# service isc-dhcpd start
# service inetd start

Finally we should be able to boot netboot mfsbsd. Going forward I’m looking into modifying the mfsbsd image to include either an installer or some bootstraping to download and execute an installer. The goal is to install FreeBSD without human intervention, only by pxe booting a host in the correct subnet.

Automagically fetching FreeBSD

While building a custom mfsbsd image I had to fetch the distfiles and verify their hash, to do this simpler and faster I threw together this shellscript, which I’m going leave here for later. The script will automatically download a manifest via http or ftp, then it will continue by downloading all files defined in the manifest check their checksum.

#!/bin/sh
set -e

url=${1:-"http://ftp.uninett.no/FreeBSD/releases/amd64/amd64/10.1-RC1/"}

fetch ${url}/MANIFEST

cat MANIFEST | while read file x; do
        fetch ${url}/${file}
done

cat MANIFEST | while read file sum x; do
        echo -n "${file}: "

        if [ "$(sha256 -q ${file})" = "${sum}" ]; then
                echo "OK"
        else
                echo "FAIL"
        fi
done