SKIP_OS_CHECK was suggested by the installer after it failed with my first try.
This is the output I get to see:
[i] SELinux not detected
[✓] Update local cache of available packages
[✗] Checking apt-get for upgraded packages
Kernel update detected. If the install fails, please reboot and try again
[i] Checking for / installing Required dependencies for OS Check...
[✓] Checking for grep
[✓] Checking for dnsutils
[i] PIHOLE_SKIP_OS_CHECK env variable set to true - installer will continue
[i] Checking for / installing Required dependencies for this install script...
[✓] Checking for git
[✓] Checking for iproute2
[✓] Checking for dialog
[✓] Checking for ca-certificates
Cannot open netlink socket: Address family not supported by protocol
Cannot open netlink socket: Address family not supported by protocol
Here's some info about the environment:
root@pihole:~# uname -a
Linux pihole 3.17.0 FreeBSD 13.1-RELEASE-p7 n245418-79e75956dbb TRUENAS x86_64 GNU/Linux
root@pihole:~# cat /etc/debian_version
11.6
root@pihole:~# mount
RAIDZ2/iocage/jails/pihole/root on / type zfs (rw)
root@pihole:~# df -h
Filesystem Size Used Avail Use% Mounted on
RAIDZ2/iocage/jails/pihole/root 3.2T 395M 3.2T 1% /
root@pihole:~# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 42
model name : Intel(R) Xeon(R) CPU E31220 @ 3.10GHz
So as I'm failing with a socket error: Cannot open netlink socket: Address family not supported by protocol
I'ld be interested to learn how to debug the installer to find out where exactly it fails
Thanks Dan, I’ll check that tonight after we returned from our family daytrip…
EDIT:
Seems I can't handle the interfaces and routes in my jail:
Cannot open netlink socket: Address family not supported by protocol
+ availableInterfaces=
+ chooseInterface
+ local interfacesList
+ local interfaceCount
++ printf '%s\n' ''
++ wc -l
+ interfaceCount=1
+ [[ 1 -eq 1 ]]
+ PIHOLE_INTERFACE=
+ collect_v4andv6_information
+ find_IPv4_information
+ local route
+ local IPv4bare
++ ip route get 8.8.8.8
Cannot open netlink socket: Address family not supported by protocol
+ route=
Can I tell the script which interface to use via a parameter?
If your Linux jail is offering only userland Linux/Debian, then you may run into difficulties with pihole-FTL's binary as well.
Avoiding that could perhaps be as easy as allowing full network access for your Pi-hole jail, but I'm already moving into the realm of speculations here (and I'd have no idea how to accomplish that, unfortunately).
As pihole-FTL essentially is a tailored fork of dnsmasq with optimisations for Pi-hole's usage, you could consider to research how to install dnsmasq in a jail under BSD. Chances are that similar steps would be applicable to getting Pi-hole operational as well - no guarantees, though.
It's not something currently possible but it's something that I'm open to investigating.
The majority of the IP address detection for the installer is to check (and set) a static IP and to test the nodes connectivity to the WAN world. This is from the start of Pi-hole when most users didn't not much about IP addressing and we did a lot of hand holding and trying to set up the static IP for the server node.
We've decided to move away from that idea and the latest released code will only modify the host IP stack if Raspbian is detected. The intent is to remove that completely and have users set up their own IP addressing on the Pi-hole host. (Partially driven by Raspberry OS deciding to drop dhcpcd5 and move to netman and my reluctancy to redo everything to accommodate that.) Plus it's a very valid use case to set up an address reservation with a DHCP server and let the Pi-hole host configure itself under that scheme.
Before we move to do more decoupling of the install and the IP addressing options I need to ask if you can run the pihole-FTL binary in your jail without the modules available. Let me know if you need instructions or help on how to get a binary down to test with.
On a personal level, I'd love to have Pi-hole on BSD. I run opnSense for my home firewall and have thought about packaging Pi-hole for that environment and I think getting a functional jail configuration would help in that process. So thank you for opening this issue and bringing this up.
I currently have my PiHole in a VM but would like to move that into a jail to save some ressources...
I'm in for investigating it on the jail side of things!
You can also count me in to document that process so it'll be available for others running Debian in a FreeBSD Jail. Would be awesome to get a TrueNAS Plugin but that is currently (with three kids and a fulltime DevOps Job) nothing I can commit to
Regarding Testing on FreeBSD Jails I'm also in, as that is the passage to a OPNsense setup <3
I'm happy to test for the ability to run pihole-FTL, please send me a short descr...
I too would love to run it on my OPNsense, I've nearly a dozen deployed!
According to dnsmasq documentation, it is supported on *BSD systems via the ports system. FreeBSD documentation states:
Each port listed here contains any patches necessary to make the original application source code compile and run on FreeBSD.
This would indicate that dnsmasq's source code has required patching to get it running on FreeBSD, in which case pihole-FTL would potentially require similar patching.
root@pihole:~# uname -a
Linux pihole 3.17.0 FreeBSD 13.1-RELEASE-p7 n245418-79e75956dbb TRUENAS x86_64 GNU/Linux
root@pihole:~# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 36 bits physical, 48 bits virtual
CPU(s): 4
On-line CPU(s) list: 0-3
Vendor ID: GenuineIntel
CPU family: 6
Model: 42
Model name: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz
Stepping: 7
CPU MHz: 3092.97
BogoMIPS: 6184.97
Virtualization: VT-x
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush
dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm pni pclmulqdq dtes6
4 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic
popcnt tsc_deadline_timer aes xsave avx lahf_lm
I'll now go ahead and download FTL and test if it runs...
EDIT:
After installing three additional libs it now runs:
root@pihole:~# ./pihole-FTL-linux-x86_64_full -h
./pihole-FTL-linux-x86_64_full: /usr/lib/x86_64-linux-gnu/libnftables.so.1: no version information available (required by ./pihole-FTL-linux-x86_64_full)
The Pi-hole FTL engine - v5.22
Typically, pihole-FTL runs as a system service and is controlled
by sudo service pihole-FTL <action> where <action> is one out
of start, stop, or restart.
pihole-FTL exposes some features going beyond the standard
service pihole-FTL command. These are:
Version information:
-v, version Return FTL version
-vv Return verbose version information
-t, tag Return git tag
-b, branch Return git branch
--hash Return git commit hash
Regular expression testing:
regex-test str Test str against all regular
expressions in the database
regex-test str rgx Test str against regular expression
given by regular expression rgx
Example: pihole-FTL regex-test somebad.domain bad
to test somebad.domain against bad
An optional -q prevents any output (exit code testing):
pihole-FTL -q regex-test somebad.domain bad
Embedded Lua engine:
--lua, lua FTL's lua interpreter
--luac, luac FTL's lua compiler
Usage: pihole-FTL lua [OPTIONS] [SCRIPT [ARGS]]
Options:
- [OPTIONS] is an optional set of options. All available
options can be seen by running pihole-FTL lua --help
- [SCRIPT] is the optional name of a Lua script.
If this script does not exist, an interactive shell is
started instead.
- [SCRIPT [ARGS]] can be used to pass optional args to
the script.
Embedded SQLite3 shell:
sql [-h], sqlite3 [-h] FTL's SQLite3 shell
-h starts a special human-readable mode
Usage: pihole-FTL sqlite3 [-h] [OPTIONS] [FILENAME] [SQL]
Options:
- [OPTIONS] is an optional set of options. All available
options can be found in pihole-FTL sqlite3 --help
- [FILENAME] is the optional name of an SQLite database.
A new database is created if the file does not previously
exist. If this argument is omitted, SQLite3 will use a
transient in-memory database instead.
- [SQL] is an optional SQL statement to be executed. If
omitted, an interactive shell is started instead.
Embedded dnsmasq options:
dnsmasq-test Test syntax of dnsmasq's config
--list-dhcp4 List known DHCPv4 config options
--list-dhcp6 List known DHCPv6 config options
Debugging and special use:
d, debug Enter debugging mode
test Don't start pihole-FTL but
instead quit immediately
-f, no-daemon Don't go into daemon mode
Other:
dhcp-discover Discover DHCP servers in the local
network
-h, help Display this help and exit
Can you run ./pihole-FTL-linux-x86_64_full test please? And if possible can you remove the additional libraries to show what that test output shows when they are not installed?
sadly I got an error (even without removing any lib):
root@pihole:~# ./pihole-FTL-linux-x86_64_full test
./pihole-FTL-linux-x86_64_full: /usr/lib/x86_64-linux-gnu/libnftables.so.1: no version information available (required by ./pihole-FTL-linux-x86_64_full)
Notice: Found no readable FTL config file
FATAL: Opening of FTL log (/var/log/pihole/FTL.log) failed!
Make sure it exists and is writeable by user root
root@pihole:~# mkdir /var/log/pihole
root@pihole:~# ./pihole-FTL-linux-x86_64_full test
./pihole-FTL-linux-x86_64_full: /usr/lib/x86_64-linux-gnu/libnftables.so.1: no version information available (required by ./pihole-FTL-linux-x86_64_full)
Notice: Found no readable FTL config file
What is most obvious and definitely problematic here is
FATAL: create_shm(): Failed to create shared memory object "FTL-lock": Function not implemented
This means that your kernel may have been built without CONFIG_SYSVIPC. Related kernel documentation:
config SYSVIPC
bool "System V IPC"
---help---
Inter Process Communication is a suite of library functions and
system calls which let processes (running programs) synchronize and
exchange information. It is generally considered to be a good thing,
and some programs won't run unless you say Y here. In particular, if
you want to run the DOS emulator dosemu under Linux (read the
DOSEMU-HOWTO, available from <http://www.tldp.org/docs.html#howto>),
you'll need to say Y here.
You can find documentation about IPC with "info ipc" and also in
section 6.4 of the Linux Programmer's Guide, available from
<http://www.tldp.org/guides.html>.
FTL cannot run without the kernel supporting shared memory segments as it is multi-parallel (threads belonging to a main process and forks descending from the same) for various tasks. To communicate between these processes, FTL uses shared memory.
Seems we/I need to find a workaround for this Prob.
@ DL6ER kannst Du mich net auf ne Whitelist für snipboard.io setzen? Wollte gerade noch ein Detail posten aber da wieder Screenshot hab ich da keine Chance...
As Posting screenshots on snipboard.io isn't allowed (or gets my postings flagged as spam) I'll add it as text: There's an overlay help menu at allow_sysvipc ->
help allow_sysvipc
Choose whether a process in the jail has access to System V IPC primitives. Equivalent to setting sysvmsg , sysvsem , and sysvshm to Inherit . Deprecated in FreeBSD 11.0 and newer!
Use sysvmsg , sysvsem , and sysvshm instead.
Ich habe alle Posts freigegeben, sie wurden als Spam markiert, weil wiederholt auf diese Dienste mit gehosteter Werbung verwiesen wurde. Du kannst Medien hier einfach per Drag-&-Drop direkt ins Forum ziehen ohne dass dafür ein externer Dienstleister benötigt wird.
Ohne Drag-&-Drop geht das auch explizit mit folgendem Button:
I'ld say I'll take it from here to the TrueNAS Forum... Except you guys say let's push the FreeBSD build, for when I'm happy to test with FreeBSD Jail's or VM's on my ProxMox Cluster...
