# ezjail-admin install not so easy



## brigzzy (Mar 4, 2012)

Hi all,

I'm having some grief with setting up ezjail with the command [cmd=]ezjail-admin install[/cmd]
I am running FreeBSD 9.0-RELEASE 64 bit

The issue I am having seems to be marked as fixed on the maintainer's page, as of version 3.2, however it doesn't seem to be working for me.  Apparently a little while ago the FreeBSD ftp servers changed their layout or something (I haven't been using it long enough to notice), and it seems to be affecting FTP downloads of the release I am using.  Here is the output from the command:


```
20:08:21 root@freebsd /usr/ports/sysutils/ezjail $ ezjail-admin install
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
250 Directory successfully changed.
local: base.txz remote: base.txz
229 Entering Extended Passive Mode (|||45597|).
150 Opening BINARY mode data connection for base.txz (57097044 bytes).
100% |*********************************************************| 55758 KiB  368.54 KiB/s    00:00 ETA

421 Service not available, remote server timed out. Connection closed.
57097044 bytes received in 03:31 (263.88 KiB/s)
ftp: No control connection for command
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
550 Failed to change directory.
221 Goodbye.
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
550 Failed to change directory.
221 Goodbye.
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
550 Failed to change directory.
221 Goodbye.
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
550 Failed to change directory.
221 Goodbye.
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
550 Failed to change directory.
221 Goodbye.

Could not fetch base from ftp.freebsd.org.
  Maybe your release (9.0-RELEASE) is specified incorrectly or the host ftp.freebsd.org does not provide that release build.
  Use the -r option to specify an existing release or the -h option to specify an alternative ftp server.
Querying your ftp-server... The ftp server you specified (ftp.freebsd.org) seems to provide the following builds:
drwxrwxr-x    2 980      100           512 Jan 07 00:55 9.0-RELEASE
drwxrwxr-x    3 980      100           512 Sep 01  2011 ISO-IMAGES
```

I have tried installing the version from the ports tree, and from the maintainer's site.  Does anyone have any idea why this is not working?

Thanks for reading 

Brigzzy


----------



## vand777 (Mar 4, 2012)

You can use ezjail-admin update [-i] instead.

Look at "ezjail usage" page.


----------



## _martin (Mar 4, 2012)

As you mentioned - info on ezjail home page says it all - you have to update due to some changes in 9.0. I've ezjail-3.2.1_1 port version and it works flawlessly. 

One from 9.0-RELEASE prebuilt packages didn't work for me either. 

Which version do you have?


----------



## debguy (Mar 4, 2012)

*T*ry ftp.debian.org or some other and see if you can pull

*I*f you can then check two things.

(1) is it possible you*'re* using intentionally broken ftp software? (i.e. microsoft perverted ftp)

(2) is it possible your telephone/internet/cable provider is blocking access to ftp or FreeBSD,  or remapping it?


----------



## _martin (Mar 4, 2012)

@debguy: the reason why it fails is right there: 


```
550 Failed to change directory.
```

As far as I read/understood some small reorganization was done in 9.0, update of the ezjail reflects these changes.


----------



## brigzzy (Mar 4, 2012)

matoatlantis said:
			
		

> As you mentioned - info on ezjail home page says it all - you have to update due to some changes in 9.0. I've ezjail-3.2.1_1 port version and it works flawlessly.
> 
> One from 9.0-RELEASE prebuilt packages didn't work for me either.
> 
> Which version do you have?



I am using the version from the ports tree, but I'm not sure how to check the version.  when I run *ezjail-admin* with no parameters, it returns ezjail-admin 3.2.  Since I just installed it from the ports tree yesterday, I can probably assume it's 3.2.1_1.  

I do not have port 21 traffic forwarded to this machine in my router, could that be causing it?


----------



## _martin (Mar 4, 2012)

brigzzy said:
			
		

> I am using the version from the ports tree, but I'm not sure how to check the version.



You can do it either by:

`$ ls -la /var/db/pkg/ | grep -i ezjail`

```
drwxr-xr-x   2 root  wheel        6 Feb  9 21:54 ezjail-3.2.1_1
```

or by: 

`$ pkg_info |grep ezjail`

```
ezjail-3.2.1_1      A framework to easily create, manipulate and run FreeBSD ja
```



			
				brigzzy said:
			
		

> Since I just installed it from the ports tree yesterday, I can probably assume it's 3.2.1_1



Not a good assumption as you didn't mention what against are those ports syncing. 

Your ftp connection is ok - look at the login progress you shared:


```
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
```

I still think your version is not new enough.


----------



## brigzzy (Mar 4, 2012)

matoatlantis said:
			
		

> You can do it either by:
> 
> `$ ls -la /var/db/pkg/ | grep -i ezjail`
> 
> ...



Thank you for the detailed reply (and for showing me how to check package versions, that will come in very handy!)

Here is the output from *pkg_info |grep ezjail*:

```
12:11:03 root@freebsd ~ $ pkg_info |grep ezjail
ezjail-3.2.1_1      A framework to easily create, manipulate and run FreeBSD ja
```


----------



## wblock@ (Mar 4, 2012)

Shorter yet:
`% pkg_info -Ix ezjail`

brigzzy, installing from ports is no guarantee you'll have the latest thing unless the local copy of the ports directory has been recently updated.  Some people never update those, so they get the software that was current when that version of FreeBSD was released.


----------



## brigzzy (Mar 5, 2012)

wblock@ said:
			
		

> brigzzy, installing from ports is no guarantee you'll have the latest thing unless the local copy of the ports directory has been recently updated.  Some people never update those, so they get the software that was current when that version of FreeBSD was released.



That's true, however I believe my ports tree is up to date.  I've run the commands:


```
portsnap fetch
portsnap extract
portsnap update
```
This is the correct way to update your ports tree right?  I ran them before I started this project, and have a periodic script to update it once a week.

Thanks for the reply


----------



## _martin (Mar 5, 2012)

As I'm using cvsup to update my sources/ports I can't comment on that one. But as you have the correct version of the ezjail, I assume ports are updated ok.



> I do not have port 21 traffic forwarded to this machine in my router, could that be causing it?


You are a client here, not a server. Unless you're doing some nasty filtering for outgoing traffic I'd say it's ok. And you can see you were able to connect to the server. 

Just for the sake of check, pls can you share output of this command: 

`# cksum /usr/local/bin/ezjail-admin`

```
375899493 70944 /usr/local/bin/ezjail-admin
```

By the way: are you logged as root when executing ezjail-admin install command ? I just noticed $ next to the command you shared in the original post.


----------



## mecano (Mar 5, 2012)

You only need [CMD=""]portsnap fetch update[/CMD] after you installed the ports tree (that is when 'extract' applies).
read the portsnap chapter in the handbook for details.


----------



## brigzzy (Mar 5, 2012)

matoatlantis said:
			
		

> Just for the sake of check, pls can you share output of this command:
> 
> `# cksum /usr/local/bin/ezjail-admin`
> 
> ...



This is the cksum output:


```
15:12:02 root@freebsd /home/brigzzy $ cksum /usr/local/bin/ezjail-admin 
375899493 70944 /usr/local/bin/ezjail-admin
```

Seems to match yours.  

Yes I am running as root, I just tweaked the PS1 variable in root's bashrc file.  

Thanks for the reply


----------



## _martin (Mar 6, 2012)

Hm, strange. What does your ezjail configuration look like? 

`# grep -vE '^$|^#' /usr/local/etc/ezjail.conf`

This is probably not relevant, but just in case: you do have enough free space on ezjail_jaildir FS, right?

Try to run ezjail-admin in debug mode: 

`# sh -x /usr/local/bin/ezjail-admin install`

and keep an eye on what happens when it attempts to download tarballs: 


```
+ cd /local/jails/ezjailtemp
+ [ pub/FreeBSD/releases = NO ]
+ ftp ftp.freebsd.org:pub/FreeBSD/releases/amd64/amd64/9.0-RELEASE/base.txz
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
```

This way you can track what exactly it's trying to download and verify that location yourself.


----------



## brigzzy (Mar 7, 2012)

Thanks again for the reply 

Everything in the config file was commented out (I forgot to recreate it from the sample when I uninstalled it the first time)  I just recreated it, here are the lines I uncommented:

[cmd=]grep -vE '^$|^#' /usr/local/etc/ezjail.conf[/cmd]

```
ezjail_jaildir=/usr/jails
ezjail_jailtemplate=${ezjail_jaildir}/newjail
ezjail_jailbase=${ezjail_jaildir}/basejail
ezjail_sourcetree=/usr/src
ezjail_ftphost=ftp.freebsd.org
```

As for running in debug mode, here is the output:


```
100% |***********************************| 55758 KiB  266.45 KiB/s    00:00 ETA

421 Service not available, remote server timed out. Connection closed.
57097044 bytes received in 04:29 (207.07 KiB/s)
ftp: No control connection for command
+ [ pub/FreeBSD/snapshot = NO ]
+ ftp ftp.freebsd.org:pub/FreeBSD/snapshot/amd64/amd64/9.0-RELEASE/base.txz
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
550 Failed to change directory.
221 Goodbye.
+ [ pub/FreeBSD = NO ]
+ ftp ftp.freebsd.org:pub/FreeBSD/amd64/amd64/9.0-RELEASE/base.txz
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
550 Failed to change directory.
221 Goodbye.
+ [ releases = NO ]
+ ftp ftp.freebsd.org:releases/amd64/amd64/9.0-RELEASE/base.txz
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
550 Failed to change directory.
221 Goodbye.
+ [ snapshots = NO ]
+ ftp ftp.freebsd.org:snapshots/amd64/amd64/9.0-RELEASE/base.txz
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
550 Failed to change directory.
221 Goodbye.
+ [ pub/FreeBSD-Archive/old-releases = NO ]
+ ftp ftp.freebsd.org:pub/FreeBSD-Archive/old-releases/amd64/amd64/9.0-RELEASE/base.txz
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
550 Failed to change directory.
221 Goodbye.
+ [ NO = NO ]
+ echo -e '\nCould not fetch base from ftp.freebsd.org.\n  Maybe your release (9.0-RELEASE) is specified incorrectly or the host ftp.freebsd.org does not
 provide that release build.\n  Use the -r option to specify an existing release or the -h option to specify an alternative ftp server.'

Could not fetch base from ftp.freebsd.org.
  Maybe your release (9.0-RELEASE) is specified incorrectly or the host ftp.freebsd.org does not provide that release build.
  Use the -r option to specify an existing release or the -h option to specify an alternative ftp server.
+ [ '' ]
+ ezjail_queryftpserver
+ unset _ret
+ echo -n 'Querying your ftp-server... '
Querying your ftp-server... + TIFS='
'
+ IFS=''
+ [ pub/FreeBSD/releases = NO ]
+ echo ls
+ ftp ftp.freebsd.org:pub/FreeBSD/releases/amd64/amd64/
+ ezjail_ftpresponse='drwxrwxr-x    2 980      100           512 Jan 07 00:55 9.0-RELEASE
drwxrwxr-x    3 980      100           512 Sep 01  2011 ISO-IMAGES'
+ [ 0 -eq 0 ]
+ echo -e 'The ftp server you specified (ftp.freebsd.org) seems to provide the following builds:\ndrwxrwxr-x    2 980      100           512 Jan 07 00:55 9.0-RELEASE
drwxrwxr-x    3 980      100           512 Sep 01  2011 ISO-IMAGES'
The ftp server you specified (ftp.freebsd.org) seems to provide the following builds:
drwxrwxr-x    2 980      100           512 Jan 07 00:55 9.0-RELEASE
drwxrwxr-x    3 980      100           512 Sep 01  2011 ISO-IMAGES
+ _ret=0
+ break
+ IFS='
'
+ ezjail_ftpserverqueried=YES
+ return 0
+ exit 1
```

I may not be reading it correctly, but it seems to still be having problems switching directories.

Thanks 

Brigzzy


----------



## _martin (Mar 8, 2012)

Ok, now you see why it fails .. in my scenario, I fetch: 


```
+ ftp ftp.freebsd.org:pub/FreeBSD/releases/amd64/amd64/9.0-RELEASE/base.txz
```

where you are trying to fetch: 


```
+ ftp ftp.freebsd.org:pub/FreeBSD/amd64/amd64/9.0-RELEASE/base.txz
```

And/or its variants. When you login to the FTP manually, you see the structure is different; it always starts with: ftp ftp.freebsd.org:pub/FreeBSD but then you have releases and snapshots.

So the question is: why does it behave the "old" way? As far as ezjail-admin script goes, we have the same version. 

It does detect the correct version (as you can see in the end of the output) and it does find the release during the test. Now the question is why it starts to look in different places ..

UPDATE: I went through ezjail-admin script, the part that fetches the tarballs: 


```
# Try all paths as stolen from sysinstall, break on success.
      for ezjail_path in pub/FreeBSD/releases pub/FreeBSD/snapshot pub/FreeBSD releases snapshots pub/FreeBSD-Archive/old-releases NO; do

      --< snip >-- 

        ftp "${ezjail_ftphost}:${ezjail_path}/${ezjail_installarch}/${ezjail_release} ${pkg}${ezjail_pkgsuffix}" && break

      --< snip >--
```

So when you hit a problem with FTP connection itself, you hit the break part and it starts to download from different location (as if the $ezjail_path was not valid).

Can you try to download the base.txz manually from command line?: 

`$ ftp ftp.freebsd.org:pub/FreeBSD/releases/amd64/amd64/9.0-RELEASE/base.txz`


----------



## mecano (Mar 8, 2012)

what do you have in /etc/make.conf ?


----------



## brigzzy (Mar 9, 2012)

mecano said:
			
		

> what do you have in /etc/make.conf ?



Here is my make.conf file:


```
# added by use.perl 2012-02-19 16:33:01
PERL_VERSION=5.12.4
# Added by Brigzzy
MAKE_JOBS_NUMBER=4
MAKEOPTS="-j5"
MAKE_JOBS_SAFE=yes
# Not added by Brigzzy
```

matoatlantis:  Here is the FTP results:


```
15:53:25 root@freebsd ~ # ftp ftp.freebsd.org:pub/FreeBSD/releases/amd64/amd64/9.0-RELEASE/base.txz
Trying 204.152.184.73:21 ...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
250 Directory successfully changed.
local: base.txz remote: base.txz
229 Entering Extended Passive Mode (|||15093|).
150 Opening BINARY mode data connection for base.txz (57097044 bytes).
100% |*********************************************| 55758 KiB  550.56 KiB/s    00:00 ETA

421 Service not available, remote server timed out. Connection closed.
57097044 bytes received in 02:41 (345.70 KiB/s)
ftp: No control connection for command
```

Very strange.  

Thanks

Brigzzy


----------



## brigzzy (Mar 9, 2012)

Sorry for the double post but I do not seem to have edit post rights yet.  I tried commenting out everything in the make.conf file to see if something in there was causing problems, and the results are the same.  Thanks for the suggestion though!


----------



## _martin (Mar 9, 2012)

brigzzy said:
			
		

> Sorry for the double post but I do not seem to have edit post rights yet.  I tried commenting out everything in the make.conf file to see if something in there was causing problems, and the results are the same.  Thanks for the suggestion though!



OK, so there you go - that's the problem - you are not able to fetch it with a simple FTP client. The ezjail script is ok, even though the logic of the script is not considering a broken connection during the ftp transaction making some false assumptions afterward. 

So to trace down why you have a broken connection, you can try some things: 

a) try another mirror, preferably closer to you (defined in /usr/local/etc/ezjail.conf)

b) I doubt this, but anyway: firewall settings? Try to fetch it again without firewall

c) client? Hm, why would be default ftp client broken on your release .. anyway, try to fetch it with a different client: 

`$ fetch ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/9.0-RELEASE/base.txz`

do a checksum of it afterward (you can find cksum on the ftp site or just share yours)

d) faulty connection in general? Check:

`# netstat -s`

and look for /huge amount of/ errors, retransmissions, etc.


----------



## DarwinSurvivor (Sep 18, 2012)

*Resolved?*

Was this issue ever resolved?

I am experiencing the same problem on a brand-new 9.0 install (on amd64) using ezjail 3.2.2.

It downloads the first file (base.txz) but then fails when trying to download another file (it tries about 15 servers, all of which fail).


----------



## DarwinSurvivor (Sep 18, 2012)

Hmm, on second read-through of my terminal output, the download hits 100%, but then the next line is a 421 error (Service not available)


```
hestia# ezjail-admin install
Trying 193.162.146.4:21 ...
Connected to ftp.freebsd.org.
220 ftp.beastie.tdk.net FTP server (Version 6.00LS) ready.
331 Guest login ok, send your email address as password.
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Type set to I.
250 CWD command successful.
local: base.txz remote: base.txz
229 Entering Extended Passive Mode (|||63932|)
150 Opening BINARY mode data connection for 'base.txz' (57097044 bytes).
100% |***************************************************************************************************************************| 55758 KiB  236.66 KiB/s    00:00 ETA

421 Service not available, remote server timed out. Connection closed.
57097044 bytes received in 04:55 (188.62 KiB/s)
ftp: No control connection for command
Trying 193.162.146.4:21 ...
Connected to ftp.freebsd.org.
220 ftp.beastie.tdk.net FTP server (Version 6.00LS) ready.
331 Guest login ok, send your email address as password.
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Type set to I.
550 pub/FreeBSD/snapshot/amd64/amd64/9.0-RELEASE: No such file or directory.
221 Goodbye.
Trying 193.162.146.4:21 ...
Connected to ftp.freebsd.org.
```

The last part (where it fails on another mirror) just repeats about 10 times on different mirrors before finally failing completely (I guess it runs out of mirrors).


----------

