Finch broken?

[Ceaus]

I'm trying to install Finch on N4F 10.3.0.3 - Pilingitam (revision 2964).
I've followed http://dreamcat4.github.io/finch/install/ to the letter.

After running the installation I'm trying to create my first jail. And that leads to an error message, suggesting the shell environment is not correctly set up. Adding set -x to the top of the qjail script leads to the following:

Code: Select all

nas // root^> qjail create -4 "$jail_ip,$jail_loopback" "$jailname"
+ alias help=__finch_help_wrapper
+ [ /mnt/pool1/finch/etc/finch/exports/qjail = su ]
+ [ /mnt/pool1/finch/etc/finch/exports/qjail != /mnt/pool1/finch/etc/finch/exports/qjail ]
+ _shell=/mnt/pool1/finch/etc/finch/exports/qjail
+ [ /mnt/pool1/finch/etc/finch/exports/qjail != sh ]
+ [ /mnt/pool1/finch/etc/finch/exports/qjail = /mnt/pool1/finch/etc/finch/exports/qjail ]
+ [ /mnt/pool1/finch/etc/finch/exports/qjail = /mnt/pool1/finch/etc/finch/exports/qjail ]
+ [ /mnt/pool1/finch/etc/finch/exports/qjail = /mnt/pool1/finch/etc/finch/exports/qjail ]
+ complete -o default -F __finch_completion finch
/etc/finch/subr/__p__profile: complete: not found
+ complete -o default -F __finch_bootstrap_completion finch-bootstrap
/etc/finch/subr/__p__profile: complete: not found

Now the root shell in reality is bash:

Code: Select all

nas // root^> echo $SHELL
/usr/local/bin/bash

So that is correct. And the complete bash command is also known:

Code: Select all

nas // root^> complete
complete -o default -F __finch_bootstrap_completion finch-bootstrap
complete -o default -F __finch_completion finch

So why is the script complaining about:

Code: Select all

/etc/finch/subr/__p__profile: complete: not found

Any suggestion much appreciated.

[MikeMac]

qjail create -4 "$jail_ip,$jail_loopback" "$jailname"
+ alias help=__finch_help_wrapper

I am using finch for years, on 9.x, then 10.x now on 11.0

Code: Select all

nas4free ~/ root~$ sudo finch chroot
finch: chrooting to "/mnt/Pool/Ext/Finch".
nas4free // root^> jail_ip="192.168.1.201"
nas4free // root^> jail_loopback="lo0|127.0.0.201"
nas4free // root^> jailname="nginx"
nas4free // root^> qjail create -4 "$jail_ip,$jail_loopback" "$jailname"
Successfully created  nginx

Before upgrage my NAS from 10.3 to 11.0 I have installed finch from the scratch into virtual machine and then upgrade. Everyting works just couple month ago (I've reported to dreamcat4 a 11.0-connected bug and he had corrected one in a few minutes)

So definetelly your installation fails. I reccomend to try on virtual machine - there are less variables...

[Ceaus]

I did a complete wipe and reinstall of Finch. With unfortunately the same effect:

Code: Select all

nas // root^> qjail create -4 "$jail_ip,$jail_loopback" "$jailname"
/etc/finch/subr/__p__profile: complete: not found
/etc/finch/subr/__p__profile: complete: not found
warn (1): already in finch chroot.
/mnt/pool1/finch/etc/finch/exports/qjail: create: not found

Haven't been able to find the root cause

[Ceaus]

Can you tell me which shell your qjail script is using?

Mine is:

Code: Select all

nas // root^> head /mnt/pool1/finch/etc/finch/exports/qjail
#!/bin/sh
# 
# Finch - FreeBSD in a chroot! - dreamcat4@gmail.com (C 2014). FreeBSD License.
# 

So mine is using /bin/sh. Which is strange, considering that complete is a Bash built in. And than the error messages suddenly start to make sense.

[MikeMac]

Can you tell me which shell your qjail script is using?

Content of this file is the same

finch_qjail.PNG

[MikeMac]

Haven't been able to find the root cause

I have reanimated my testing virtual machine
1) You are right, on 10.3 qjail under finch does not work

finch_qjail2.PNG

2) But on virtual machine with 11.0 everything is OK

finch_qjail4.PNG

So I could recomment you try current version of nas4free. If something binds you with 10.3 - try to repair qjail.

PS O upgraded machine (10.3->11.0) there is no such error message as per 1st picture. But qjail has sharedfs missing and I am downloading one from web. It is time consuming.

UPD Does not work even after sharedfs download

[Ceaus]

Thanks a bunch for all your effort, MikeMac. Much appreciated.

I've contacted the finch maintainer, and he says finch is no longer maintained. See https://github.com/dreamcat4/finch. So I don't expect this this problem to be fixed anymore.

Best wishes for 2017!

[MikeMac]

finch is no longer maintained.

Absolutelly. But it works not only on my NAS, but also at hundreds of devices of my blog readers. Finch was written at FreeBSD 9.x times, but works for 11.0 (One not even exist in time of finch creation.) I have used one on 10.3 too, include qjail.

I do not know your particular need, but if you have any other solution, you should better avoid finch ussage. For example as nas4free jail manager please cosider TheBrig (I use both). But there are a few unical features of finch, that prevents me from just droping it. FreeBSD in chroot is virtually full FreeBSD (not cut-out version, not jail-restricted one) on top of easy -manageable nas4free. You could install here probably any FreeBSD software, even not suitable for jail. And install one just with same step-by step instruction, written for FreeBSD itself, no modifications.


Best wishes for you in 2017 too!

[Ceaus]

My need for a good virtualization solution is to have absolute configuration separation between the core NAS functionality and the "non-NAS add-ons". Such as nextCloud and dovecot imap server. I have those running inside a jail.
I have used TheBrig on 9.x. But after upgrading to 10.x it got quirky. Finch seemed a natural next step to try. I'll see what docker can offer in this regard. Upgrading to N4F 11 to make this happen is not a problem.

[MikeMac]

My need for a good virtualization solution is to have absolute configuration separation

For really absolute separation you'd rather try hypervisor. Both Virtualbox (slow, but easy manageable) and bhyve (fast, but need CLI ) are included in nas4free from the box

I have used TheBrig on 9.x. But after upgrading to 10.x it got quirky.

I use both TheBrig and qjail from finch. IMHO both are workable. I have tried ezjail, but at embedded installation one is quite problematic.

May be just for couple of jails you could do all the work manually, see nas4free wiki. I've made it last time for ARM installation without possibility to use TheBrig or qjail. Create jail manually is not a rocket science after all

Finch seemed a natural next step to try.

As far as one is no longer supported you was right here. IMHO you should try other ways.

docker

Very interesting, I just today check possibilities. But this job is still experimental for beastie