Re: Daemons in schroot or how to start chroot automatically
Thanks for your answer, Bob!
On Thu, 19 Jul 2012 21:28:52 -0600, Bob Proulx wrote:
>> Installed sid $ sudo debootstrap sid /srv/chroot/sid/
>> http://ftp.ch.debian.org/debian/
>
> I haven't submitted a bug yet but I always have problems with sysvinit
> postinst depending upon ischroot and ischroot getting it wrong and that
> leaving a broken /run - /var/run behind. You might hit that too.
>
> You should set up a usr/sbin/policy-rc.d script in your chroot.
> Something like this:
>
> #!/bin/sh exit 101
>
> That will prevent installations from starting daemons in the chroot. Or
> if there is a daemon that you wish to start in the chroot then you could
> use a script such as this:
>
> #!/bin/sh # /usr/sbin/policy-rc.d [options] <initscript ID> <actions>
> # [<runlevel>]
> # /usr/sbin/policy-rc.d [options] --list <initscript ID> [<runlevel>
> # ...]
> # See /usr/share/doc/sysv-rc/README.policy-rc.d for documentation. #
> Live example found in ps:
> # /bin/sh /usr/sbin/policy-rc.d x11-common stop unknown while [ $#
> -gt 0 ]; do
> case $1 in
> --list) exit 101 ;; --quiet) shift ;; -*) shift ;;
> cron) exit 0 ;; nullmailer) exit 0 ;;
> *) exit 101 ;;
> esac
> done exit 101
>
> See /usr/share/doc/sysv-rc/README.policy-rc.d.gz for documentation.
The program I'd like to jail is a daemon which means I should use the
longer script. Unfortunately I couldn't find anything about the initscript
ID in the policy-rc.d documentation.
Can I just copy/paste the script in my case to
/srv/chroot/sid/usr/sbin/policy-rc.d
and make it executable?
I found this:
"There is a provision for a "local initscript policy layer" (...),
which allows the local system administrator to control the behaviour of
invoke-rc.d for every initscript id and action"
http://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt
So this script controls the way and order the daemons are started?
Is it correct that without it I wouldn't be able to start the daemon from
outside the chroot because of this:
"Can I run a dæmons in a chroot?
(...) Unfortunately, this means schroot detects that the program
exited (the dæmon is a orphaned grandchild of this process) and it
then ends the session. (...)"
http://manpages.ubuntu.com/manpages/natty/man7/schroot-faq.7.html
>> Entered the chroot with $ sudo schroot -p -c sid
>>
>> Installed locales and reconfigured them. I also installed vim.
>
> Seems reasonable so far. Some packages will require /proc. Some will
> also require /dev. Some will require other things.
Oh, yes, I read about that but I forgot to update my /etc/fstab and mount
the directories. Should I also remount /sys?
Or is there a better way to do this? I mean can schroot handle it
directly so that when I create a new jail or copy one that the
directories are remounted there as well?
>> I noticed that auto-completion isn't working.
>> What packages should I install? Is auto-complete-el sufficient or is
>> there a meta package for some base system packages?
>
> apt-get install bash-completion
>
>> In the chroot I have created a new user called hoferr and am now able
>> to login without root privilieges.
>> But in there sudo is missing. Maybe this can be resolved by installing
>> the correct base system meta package mentioned above?
>
> apt-get install sudo
Thanks!
Btw I had to set the password for my user inside the chroot to be able to
use sudo.
>> Aside some missing packages everything looks promising.
>
> The premise of debootstrap is that it installs a very small system. If
> you want something installed you are going to need to install it
> yourself.
>
> Perhaps you should consider using 'tasksel' to install a standard task
> set of packages. That would pull in a lot. I prefer the small system
> and only install what I need to install. But if you don't like that
> then you may always install a larger set all at once.
Aha, the base system option of the Debian installer uses tasksel.
I think I'll try with the minimal installation as well and when I run
into serious problems I might install the rest with tasksel. It makes to
not install too much because I won't work in the chroot. So probably even
sudo and bash-completion are too much...
Btw In the jail I also did `dpkg-reconfigure tzdata` to set the time zone
(it was set to "Etc"). But I don't know if that makes any difference...
>> To get back to my main reason of doing this: After stopping the "old"
>> sabnzbdplus can I just install the chroot sabnzbplus with the "normal"
>> home partition mounted?
>
> Yes.
I could also just use /etc/schroot/default/copyfiles and put the config
directory .sabnzbd onto it. Like that I still have the configuration file
outside of the jail in my home dir and when I retsart the daemon the jail
gets restarted as well and the config dir is copied again.
Btw when I think about it: schroot manages the copying of the files. So
when I create a new jail the files are copied in there as well.
Is it possible to have a separate copyfiles for my sid jail like /etc/
schroot/sid/copyfiles instead of /etc/schroot/default/copyfiles?
And the "global" configuration should be possible for the remounts as
well. There isn't any configuration for global remounts is there?
>> It will probably start automatically when the chroot is started
>
> Wait! Hold it right there. What do you mean "when the chroot is
> started"? Unless you are doing something "magical" there isn't anything
> that "starts a chroot". I think right here there is a huge
> misunderstanding of chroots. If you want a particular daemon to start
> in the chroot then you will need to ensure that it is started.
I thought that starting a chroot is like starting a virtual machine. But
it's probably more like directly starting a program (in my case sabnzbd+)
for which schroot starts the jail?
> (...)
>
> I would use the same header as in the original script.
Unfortunately the init.d script for sabnzbd is quite cmplex and I don't
understand exactly what I have to change.
Probably I can just change the beginning which is.
DAEMON=/usr/bin/sabnzbdplus
SETTINGS=/etc/default/sabnzbdplus
([ -x $DAEMON ] && [ -r $SETTINGS ]) || exit 0
DESC="SABnzbd+ binary newsgrabber"
DEFOPTS="--daemon"
PYTHONEXEC="^$(sed -n '1s/^#\!\([a-z0-9\.\/]\+\)\(.*\)/\1(\2)?/p'
$DAEMON)"
PIDFILE=/var/run/sabnzbdplus.pid
SETTINGS_LOADED=FALSE
Here's the whole script:
http://pastebin.com/raw.php?i=6PKD1JP5
Since /usr/bin/sabnzbdplus is a python script python should probably also
be started in the jail.
> For example I run 'nullmailer' in the chroot. Therefore I create an
> initscript like this following. And I install it using update-rc.d.
> Copy it to /etc/init.d/chroot-nullmailer and then install it with:
>
> update-rc.d chroot-nullmailer defaults
>
> In a chroot I usually run nullmailer and cron plus whatever else I
> wanted the chroot for, such as apache.
Your script is much more understandable to me.
I have done it as follows:
Inside the chroot I created usr/sbin/policy-rc.d with your longer script
from above and made it executable.
Outside the chroot I have stopped sabnzbd+
Remounted /proc, /dev, /etc/default/sabnzbdplus, /home/hoferr/.sabnzbd
and the download location. (I couldn't use /etc/schroot/default/copyfiles
because the directory wasn't copied.)
Inside the chroot installed sabnzbd+ and was able to connect to it's
webinterface.
Outside chroot I created the sid-sabnzbd script
http://pastebin.com/raw.php?i=Lamy4K4a
Thanks for your example :-)
Updated-rc.d and removed sabnzbdplus.
Now I can `sudo /etc/init.d/sid-sabnzbdplus start / stop / ...` :-)
Thanks again for your help!
Best regards
Ramon
Reply to: