Running openSUSE in a FreeBSD jail using Bastille
Why?
Last week, when the latest version of Bastille, a jail (container) management system for FreeBSD was released, it also included experimental Linux support. Its author needed Ubuntu, so that was implemented. I prefer openSUSE, so with some ugly hacks I could get openSUSE up and running in Bastille. I was asked to document it in a blog. This topic does not fit the sudo or syslog-ng blogs, where I regularly contribute. However it involves two of my favorite operating systems: FreeBSD, which I started to use in 1994 and (open)SUSE, which I started to use in 1996. This is how my personal blog was born after years of procrastination :-)
Note. OpenSUSE in a FreeBSD jail is barely usable. The way I installed it is an ugly hack, even in my own view. But it works, and some people might find it useful…
Some preparations
First of all, you need FreeBSD and you need the latest Bastille installed. I do not know if this version is already available in FreeBSD ports, I installed it using git based on the instructions on the Bastille documentation at: https://bastille.readthedocs.io/en/latest/chapters/installation.html#git.
Before going on to play with Linux I made sure that everything works with Bastille as expected. So, I followed my blog from earlier and created a syslog-ng jail using Bastille: https://www.syslog-ng.com/community/b/blog/posts/running-syslog-ng-in-bastille-revisited Note, that /usr/local/etc/bastille/bastille.conf is not installed when installing from git. Copy /usr/local/etc/bastille/bastille.conf.sample to bastille.conf
Once I made sure that Bastille works fine with FreeBSD jails, the next step was to get Ubuntu working. Just as with FreeBSD-based jails in Bastille, first you need to bootstrap it. If Linux support is not yet enabled, Bastille can do that for you: modify configuration files and load the necessary kernel modules.
root@fb130:~ # bastille bootstrap focal
sysrc: unknown variable 'linprocfs_load'
sysrc: unknown variable 'linsysfs_load'
sysrc: unknown variable 'tmpfs_load'
linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)
y
Loading modules
kldload: can't load tmpfs: module already loaded or in kernel
Persisting modules
linux_enable: NO -> YES
linprocfs_load: -> YES
linsysfs_load: -> YES
tmpfs_load: -> YES
W: Probably required module fdescfs is not loaded
I: Retrieving InRelease
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Checking component main on http://archive.ubuntu.com/ubuntu...
I: Retrieving adduser 3.118ubuntu2
I: Validating adduser 3.118ubuntu2
I: Retrieving apt 2.0.2
[...]
Now you can create your first Linux-based jail to test that everything works as expected:
root@fb130:~ # bastille create -L ubuntu focal 10.17.89.51
Valid: (10.17.89.51).
[ubuntu]:
ubuntu: created
Fetching packages...
Selecting previously unselected package adduser.
(Reading database ... 0 files and directories currently installed.)
Preparing to unpack .../adduser_3.118ubuntu2_all.deb ...
Unpacking adduser (3.118ubuntu2) ...
[...]
Get:3 http://archive.ubuntu.com/ubuntu focal/main Translation-en [506 kB]
Fetched 1741 kB in 1s (1841 kB/s)
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
Verify that the second jail is up and running:
root@fb130:~ # jls
JID IP Address Hostname Path
2 10.17.89.50 alcatraz /usr/local/bastille/jails/alcatraz/root
3 10.17.89.51 ubuntu /usr/local/bastille/jails/ubuntu/root
root@fb130:~ #
You can now reach the console, install software and enjoy your first Linux jail in Bastille.
root@fb130:~ # bastille console ubuntu
[ubuntu]:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 3.17.0 x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Last login: Sun Jul 25 19:32:28 UTC 2021 on pts/0
root@ubuntu:~# uname -a
Linux ubuntu 3.17.0 FreeBSD 13.0-RELEASE-p3 #0: Tue Jun 29 19:46:20 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu:~# apt-get install python3-bs4
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libxslt1.1 python3-chardet python3-html5lib python3-lxml python3-soupsieve python3-webencodings
[...]
Installing openSUSE
There is no dedicated installation method yet for openSUSE. And I am not aware of a tool similar to debootstrap for openSUSE, that could bootstrap a distribution. Instead of that I downloaded a ready to use openSUSE operating system image and replaced the content of the Ubuntu directory under /usr/local/bastille/releases/Ubuntu_2004 with the openSUSE image.
root@fb130:~ # cd /usr/local/bastille/releases/
root@fb130:/usr/local/bastille/releases # ls
13.0-RELEASE Ubuntu_2004
root@fb130:/usr/local/bastille/releases # mv Ubuntu_2004 Ubuntu_2004.orig
root@fb130:/usr/local/bastille/releases # mkdir Ubuntu_2004
root@fb130:/usr/local/bastille/releases # wget http://download.opensuse.org/distribution/leap/15.3/appliances/opensuse-leap-dnf-image.x86_64-lxc-dnf.tar.xz
--2021-07-26 22:36:42-- http://download.opensuse.org/distribution/leap/15.3/appliances/opensuse-leap-dnf-image.x86_64-lxc-dnf.tar.xz
Resolving download.opensuse.org (download.opensuse.org)... 195.135.221.134, 2001:67c:2178:8::13
Connecting to download.opensuse.org (download.opensuse.org)|195.135.221.134|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://downloadcontent.opensuse.org/distribution/leap/15.3/appliances/opensuse-leap-dnf-image.x86_64-15.3.0-lxc-dnf-Build9.150.tar.xz [following]
--2021-07-26 22:36:42-- http://downloadcontent.opensuse.org/distribution/leap/15.3/appliances/opensuse-leap-dnf-image.x86_64-15.3.0-lxc-dnf-Build9.150.tar.xz
Resolving downloadcontent.opensuse.org (downloadcontent.opensuse.org)... 195.135.221.157, 2001:67c:2178:8::27
Connecting to downloadcontent.opensuse.org (downloadcontent.opensuse.org)|195.135.221.157|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 45147784 (43M) [application/octet-stream]
Saving to: ‘opensuse-leap-dnf-image.x86_64-lxc-dnf.tar.xz’
opensuse-leap-dnf-image.x86_64-lxc-dnf.tar.xz 100%[=========================================================================================================================================>] 43.06M 10.7MB/s in 4.3s
2021-07-26 22:36:46 (10.1 MB/s) - ‘opensuse-leap-dnf-image.x86_64-lxc-dnf.tar.xz’ saved [45147784/45147784]
root@fb130:/usr/local/bastille/releases # cd Ubuntu_2004
root@fb130:/usr/local/bastille/releases/Ubuntu_2004 # tar xf ../opensuse-leap-dnf-image.x86_64-lxc-dnf.tar.xz
There are more images available on the openSUSE download site, but the above one seemed to be small enough and still contain package management. It is the latest stable release, Leap 15.2 is still available and Tumbleweed provides you with a cutting edge rolling-release distribution.
Next, create another jail based on the Ubuntu image, which in practice contains now openSUSE. There will be plenty of error messages, as the script tries to run Debian package management tools, but in the end there will be an openSUSE image up and running:
root@fb130:~ # bastille create -L opensuse focal 10.17.89.52
Valid: (10.17.89.52).
[opensuse]:
opensuse: created
Fetching packages...
rm: cannot remove '/var/cache/apt/archives/rsyslog*.deb': No such file or directory
/bin/bash: dpkg: command not found
/bin/bash: dpkg: command not found
/bin/bash: apt: command not found
root@fb130:~ #
You can verify that something is up and running:
root@fb130:~ # jls
JID IP Address Hostname Path
1 10.17.89.50 alcatraz /usr/local/bastille/jails/alcatraz/root
2 10.17.89.51 ubuntu /usr/local/bastille/jails/ubuntu/root
3 10.17.89.52 opensuse /usr/local/bastille/jails/opensuse/root
Unfortunately the bastille console command does not work with openSUSE. Not even after the missing dependencies are installed. You can still access the running jail using jexec. In this case the command is, where 3 is the JID:
root@fb130:~ # jexec 3 /bin/bash
opensuse:/ # uname -a
Linux opensuse 3.17.0 FreeBSD 13.0-RELEASE-p3 #0: Tue Jun 29 19:46:20 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
opensuse:/ # dnf update
openSUSE Leap 15.3 - OSS 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'opensuse-leap-oss':
- Curl error (6): Couldn't resolve host name for http://download.opensuse.org/distribution/leap/15.3/repo/oss/repodata/repomd.xml [Could not resolve host: download.opensuse.org]
Error: Failed to download metadata for repo 'opensuse-leap-oss': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
openSUSE Leap 15.3 - OSS - Updates 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'opensuse-leap-oss-update':
- Curl error (6): Couldn't resolve host name for http://download.opensuse.org/update/leap/15.3/oss/repodata/repomd.xml [Could not resolve host: download.opensuse.org]
Error: Failed to download metadata for repo 'opensuse-leap-oss-update': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
openSUSE Leap 15.3 - Updates from Backports for SUSE Linux Enterprise 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'opensuse-leap-sle-backports-update':
- Curl error (6): Couldn't resolve host name for http://download.opensuse.org/update/leap/15.3/backports/repodata/repomd.xml [Could not resolve host: download.opensuse.org]
Error: Failed to download metadata for repo 'opensuse-leap-sle-backports-update': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
openSUSE Leap 15.3 - Updates from SUSE Linux Enterprise 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'opensuse-leap-sle-update':
- Curl error (6): Couldn't resolve host name for http://download.opensuse.org/update/leap/15.3/sle/repodata/repomd.xml [Could not resolve host: download.opensuse.org]
Error: Failed to download metadata for repo 'opensuse-leap-sle-update': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: opensuse-leap-oss, opensuse-leap-oss-update, opensuse-leap-sle-backports-update, opensuse-leap-sle-update
allow_vendor_change is disabled. This option is currently not supported for downgrade and distro-sync commands
Dependencies resolved.
Nothing to do.
Complete!
As you can see, networking does not work either. It’s a missing /etc/resolve.conf, which is easy to resolve (pun intended):
root@fb130:~ # cp /etc/resolv.conf /usr/local/bastille/jails/opensuse/root/etc/
root@fb130:~ #
Now you can jexec again into the openSUSE jail, install software packages and enjoy :)
opensuse:/ # dnf install python3-beautifulsoup4
Last metadata expiration check: 0:03:34 ago on Mon Jul 26 21:02:50 2021.
allow_vendor_change is disabled. This option is currently not supported for downgrade and distro-sync commands
Dependencies resolved.
==============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
==============================================================================================================================================================================================================================================
Installing:
python3-beautifulsoup4 noarch 4.8.2-1.18 opensuse-leap-oss 191 k
Installing dependencies:
python3-soupsieve noarch 1.9.5-1.17 opensuse-leap-oss 68 k
Transaction Summary
==============================================================================================================================================================================================================================================
Install 2 Packages
Total download size: 259 k
Installed size: 1.3 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): python3-soupsieve-1.9.5-1.17.noarch.rpm 444 kB/s | 68 kB 00:00
(2/2): python3-beautifulsoup4-4.8.2-1.18.noarch.rpm 1.2 MB/s | 191 kB 00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.5 MB/s | 259 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-soupsieve-1.9.5-1.17.noarch 1/2
Installing : python3-beautifulsoup4-4.8.2-1.18.noarch 2/2
Verifying : python3-beautifulsoup4-4.8.2-1.18.noarch 1/2
Verifying : python3-soupsieve-1.9.5-1.17.noarch 2/2
Installed:
python3-beautifulsoup4-4.8.2-1.18.noarch python3-soupsieve-1.9.5-1.17.noarch
Complete!
What is next?
I’m still not convinced how useful it is, but you can run openSUSE on FreeBSD using Bastille. You can try other openSUSE images, install more software in the jail, etc. Note, that Linux support is still experimental in Bastille, and running openSUSE is an ugly hack. But as this hack lets me run my two favorite operating systems together, I love this hack :-)