Jail Already Exists

dweimer dweimer at dweimer.net
Tue Apr 21 20:47:13 UTC 2015

On 04/21/2015 11:09 am, Matthew Seaman wrote:
> On 2015/04/21 16:17, dweimer wrote:
>> At some point in the past I learned the trick of dropping TCP
>> connections that were left open to clear processes that were not
>> allowing a jail that had been shutdown to be restarted. Does anyone 
>> know
>> other things that could cause a jail to be held open? I have one that 
>> I
>> am unable to start, without rebooting the entire server? In this
>> particular instance, It wouldn't be a big deal for me to bounce the
>> server, nor is it an issue leaving the jail down for a while to
>> experiment. However on some other servers both of these would be an
>> issue so I figured now is a good time to experiment with finding a
>> solution.
>> root at freebsd:/jails/proxy # jls
>>    JID  IP Address      Hostname                      Path
>>      1     pgsql.dweimer.local           
>> /jails/pgsql/ROOT
>>      2     mysql.dweimer.local           
>> /jails/mysql/ROOT
>>      3     webmail.dweimer.local         
>> /jails/webmail/ROOT
>>      4     bacula.dweimer.local          
>> /jails/bacula/ROOT
>>      5     unifi.dweimer.local           
>> /jails/unifi/ROOT
>> root at freebsd:/jails/proxy # jail -c proxy
>> jail: proxy: jail 6 already exists
>> jail 6's IP is
>> netstat -an | grep ""
>> finds no results.
>> The jail simply runs a Squid proxy service, I have verified that there
>> isn't a hung up squid process. I have also verified that there are no
>> hung up python processes since I use a Python script as a log daemon 
>> to
>> write the Squid logs into a PostgreSQL database on jail 1. I am not 
>> sure
>> what else to check for.
> I find that not specifying the JID in your jail.conf -- so allowing the
> system to choose an arbitrary JID as required -- will allow restarting
> jails without the hassle of old connections blocking stuff.
> Of course, if you restart jails frequently, you'll end up with some
> arbitrarily large JIDs.  Get used to referring to the jail by name
> instead.  'jls -h name' will help if you're unsure what those are.
> 	Cheers,
> 	Matthew

Thanks Matthew, that appears to work fairly well, I think after looking 
more at the jls man page that a jls -N is more useful to me, as it still 
gives me the other information above but lists the JID by name. I do 
need to make sure none of my scripts are referencing any jails by their 
numeric ID.

# jls -N
  JID             IP Address      Hostname                      Path
  pgsql      pgsql.dweimer.local           
  mysql      mysql.dweimer.local           
  webmail     webmail.dweimer.local         
  bacula     bacula.dweimer.local          
  unifi      unifi.dweimer.local           
  proxy      proxy.dweimer.local           

    Dean E. Weimer

More information about the freebsd-questions mailing list