A question about php in a jail

Tue Jan 17 16:36:41 UTC 2017

On Tue, Jan 17, 2017 at 9:35 AM, James B. Byrne via freebsd-questions
<freebsd-questions at freebsd.org> wrote:
>
> On Tue, January 17, 2017 00:35, Ernie Luzar wrote:
>> James B. Byrne via freebsd-questions wrote:
>>> This past week I have been setting up a jail for a drupal7
>>> website.  I am now at the point where I need to update the
>>> modules and I would like to employ the drush cli utility.
>>> To install this on a Drupal7 website it is suggested to run
>>> this command in the Drupal document root:
>>>
>>>
>>> php -r
>>> "readfile('https://s3.amazonaws.com/files.drush.org/drush.phar');" >
>>> drush
>>>
>>> However, when I run this inside the jail then I see this error,
>>>
>>> PHP Warning:  readfile(): Unable to find the wrapper "https" - did
>>> you forget to enable it when you configured PHP? in Command line
>>> code on line 1
>>> PHP Warning:
>>> readfile(https://s3.amazonaws.com/files.drush.org/drush.phar):
>>> failed to open stream: No such file or directory in Command
>>> line code on line 1.
>>>
>>> If I run the same command on the host system of the jail then I
>>> do not get this error.  What am I missing with respect to the
>>> jailed setup?
>>>
>>
>> I have no idea what Drupal is and you provided no details about how
>> you populated the jail with it. So just a shot in the dark.
>
> Thanks you for your reply. Drupal is a Web Content Management System.
> Drush is an ancillary project that automates numerous common
> maintenance tasks involving a Drupal installation.  Both Drupal and
> Drush are written in PHP.  Drupal was installed using 'pkg install
> drupal7'
>
>>
>> Sounds like your jail does not have public internet access. Is the
>> jails IP address being NATed by your hosts firewall?
>
> The jail does have internet access via NAT configured on our gateway
> router.  Installing and updating packages from within the jail work
> fine.  I can ssh in and out.  I can ping the jail.  I cannot ping out,
> but that is expected behaviour for a jail.
>
>>
>> Issuing "whois 9.9.9.9" from with in your running jail should return
>> results if the jail/host firewall is configured correctly.
>>
>> You really need to post details about what steps you did before more
>> people can help you.
>
> I regret is my original question was perfunctory. The issue seems to
> me to be one of a missing component or php module rather than anything
> to do with network connectivity.
>
> I initially took a too literal approach to installing Drush as there
> exists a package for it.  I installed Drush within the jail via pkg
> install and things work fine.
>
> I am not sure what the issue is with php because I can wget the file
> from inside the jail, I just cannot get the recommended php command to
> work.
>
> # wget https://s3.amazonaws.com/files.drush.org/drush.phar
> --2017-01-17 09:18:43--
> https://s3.amazonaws.com/files.drush.org/drush.phar
> Resolving s3.amazonaws.com (s3.amazonaws.com)... 54.231.80.243
> Connecting to s3.amazonaws.com
> (s3.amazonaws.com)|54.231.80.243|:443... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 6135132 (5.9M) [application/octet-stream]
> Saving to: 'drush.phar'
>
> drush.phar            100%[=======================>]   5.85M  1.20MB/s
>    in 5.0s
>
> 2017-01-17 09:18:58 (1.17 MB/s) - 'drush.phar' saved [6135132/6135132]
>
>
> # php -r
> "readfile('https://s3.amazonaws.com/files.drush.org/drush.phar');" >
> drush
> PHP Warning:  readfile(): Unable to find the wrapper "https" - did you
> forget to enable it when you configured PHP? in Command line code on
> line 1
> PHP Warning:
> readfile(https://s3.amazonaws.com/files.drush.org/drush.phar): failed
> to open stream: No such file or directory in Command line code on line
> 1
>
>
> I ran across references to 'extension=php_openssl.dll' in php.ini
> having some bearing on this elsewhere
> (https://stackoverflow.com/questions/5444249/unable-to-find-the-wrapper-https-did-you-forget-to-enable-it-when-you-config)
> but I cannot see that a .dll and FreeBSD have much in common.
> None-the-less I checked this and found these references:
>
> # grep php_openssl /usr/local/etc/*
> /usr/local/etc/php.ini:;extension=php_openssl.dll
> /usr/local/etc/php.ini-development:;extension=php_openssl.dll
> /usr/local/etc/php.ini-production:;extension=php_openssl.dll
>
> Changing the commented reference in /usr/local/etc/php.ini gives the
> dismal results I anticipated:
>
> # php -r
> "readfile('https://s3.amazonaws.com/files.drush.org/drush.phar');" >
> drush
> PHP Warning:  PHP Startup: Unable to load dynamic library
> '/usr/local/lib/php/20131226/php_openssl.dll' - Cannot open
> "/usr/local/lib/php/20131226/php_openssl.dll" in Unknown on line 0
> PHP Warning:  readfile(): Unable to find the wrapper "https" - did you
> forget to enable it when you configured PHP? in Command line code on
> line 1
> PHP Warning:
> readfile(https://s3.amazonaws.com/files.drush.org/drush.phar): failed
> to open stream: No such file or directory in Command line code on line
> 1
>
>
> Fortunately, the packaged version of Drush installed cleanly and works
> fine.  The only mystery I have is why the errors only occur in the
> jail.
>
>

I think this may be more of a php issue.  I haven't set up Drupal in a
jail but I know php and I know jails.  Here are my thoughts.
php can have multiple .ini files, one file for the webserver,
(Apache, Nginx, etc.) and another one for running from the command
line.  If you search for php.ini on your system and find two (or more)
, that could be the issue, you could have different settings in the
two .php files.

There are a couple of gotchas about jails.  You don't have access to
devices or other items that some programs require, unless you set them
up.  Some programs or specific commands may need access to specific
parts of the kernel.  Postgresql (for example) requires access to
System V flags, which operate at the kernel level and require some
extra set up steps to get working in a jail.

If you are having problems, try and figure out what parts of the
system a program needs access to and then try and figure out if the
jail has that access, or if you need to simulate it, etc.

Good Luck

Mark Moellering