scip/jaildk
1
0
Fork 0
mirror of https://codeberg.org/scip/jaildk.git synced 2025-12-17 04:31:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3270db0d78c87d721af788c61cb069f792d1466a
jaildk/jaildk

1531 lines
37 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
version=1.08
usage_jaildk() {
beg=`tput -T ${TERM:-cons25} md`
end=`tput -T ${TERM:-cons25} me`
usage=$(cat <<EOF
This is jaildk version $version, a jail management toolkit.
Usage: $0 <command> <mode-args>
${beg}Building Jails:${end}
base -b <name> [-w] - build a new base
build <jail> <mode> [-b <base>] [-v <version>] - install a build chroot of a jail
create - create a new jail from a template
clone -s <src> -d <dst> [-o <v>] [-n <v>] - clone an existing jail or jail version
fetch - fetch current port collection
${beg}Installing Jails:${end}
install <jail> <mode> [-r function] - install a jail (prepare mounts, devfs etc)
uninstall <jail> [-w] - uninstall a jail
remove <jail> - remove a jail or a jail version
reinstall <jail> - stop, remove, install and start a jail
${beg}Maintaining Jails:${end}
start <jail> - start a jail
stop <jail> - stop a jail
restart <jail> - restart a jail
status [<jail>] - display a jail's status
rc <jail> <mode> [-r <rc.d script>] - execute an rc-script inside a jail
${beg}Managing Jails:${end}
login <jail> [<user>] - login into a jail
blogin <jail> - chroot into a build jail
${beg}Transferring Jails:${end}
freeze <jail> [-a -b -v <version>] - freeze (build an image of) a jail
thaw <image> - thaw (install) an image of a jail
${beg}Getting help:${end}
help <command> - request help on <command>
EOF
)
echo "$usage"
exit 1
}
usage_help() {
command=$1
usage="usage_${command}"
if ! type "$usage" > /dev/null 2>&1; then
die "Unknown command $command!"
else
$usage
fi
}
ex() {
echo $rcscript - $*
$*
}
err () {
echo "$@" >&2
}
bold() {
if [ -z "$BOLD_ON" ]; then
BOLD_ON=`tput -T ${TERM:-cons25} md`
export BOLD_ON
BOLD_OFF=`tput -T ${TERM:-cons25} me`
export BOLD_OFF
fi
echo -n "$BOLD_ON"
echo "$@"
echo -n "$BOLD_OFF"
}
fin() {
echo "$*" >&2
exit
}
die() {
bold "$*" >&2
exit 1
}
load-jail-config() {
jail=$1
if test -d $j/etc/$jail; then
. $j/etc/$jail/jail.conf
else
die "Jail $jail is not configured!"
fi
}
die_if_not_exist() {
jail=$1
which=$2
VERSION=$3
if test -z "$which"; then
which="Jail"
fi
if ! test -d $j/etc/$jail; then
die "$which $jail doesn't exist!"
fi
if test -n "$VERSION"; then
if ! test -d $j/etc/$jail/etc-$VERSION; then
die "$which $jail $version doesn't exist!"
fi
fi
}
usage_build() {
fin "Usage: $0 build <jail> [<start|stop|status>] [-b <base>] [-v <version>]
Mount <jail> to $j/build read-writable for maintenance. Options:
-b <base> Use specified <base>. default: use configured base.
-v <version> Mount <version> of <jail>.
<mode> One of start, stop or status. default: start."
}
jaildk_build() {
jail=$1
mode=$2
shift
shift
base=''
version=''
while getopts "b:v:" arg; do
case $arg in
b) base=${OPTARG};;
v) version=${OPTARG};;
*) usage_build;;
esac
done
if test -z "$mode"; then
mode=start
fi
die_if_not_exist $jail $version
load-jail-config $jail
if test -n "$buildbase"; then
base="$buildbase"
elif test -z "$base"; then
# nothing configured, use default: latest
base=`ls $j/base | tail -1`
fi
# install the jail to build/
jaildk_install $jail $mode -r all -w -b $base -v $version
case $mode in
start)
# make it usable
ex chroot $j/build/$jail /etc/rc.d/ldconfig onestart
ex mkdir -p $j/build/$jail/usr/local/db
;;
esac
}
jaildk_rc_mtree() {
jail=$1
mode=$2
base=$3
version=$4
rw=$5
rcscript=mtree
if [ $mode = "start" ]; then
if test -n "$rw"; then
run=$j/build/$jail/
else
run=$j/run/$jail/
fi
ex mtree -p $run -Ue -f $j/etc/$jail/mtree.conf | grep -v "extra:"
fi
}
jaildk_rc_rcoff() {
# avoid starting services inside the build chroot
# + jaildk_rc_rcoff db start 12.1-RELEASE-p10 20201026
jail=$1
mode=$2
BASE=$3
VERSION=$4
rw=$5
rcscript=rcoff
if test -n "$rw"; then
# not required in run mode
case $mode in
start)
if mount | egrep -q "rcoff.*build/$jail"; then
bold "union mount $j/build/jail/etc already mounted"
else
if ! test -d $j/etc/rcoff; then
# in order to be backwards compatible to older jaildk
# create the rcoff directory on the fly
mkdir -p $j/etc/rcoff
( echo "#!/bin/sh"
echo 'echo "$0 disabled in build chroot!"' ) > $j/etc/rcoff/rc
fi
ex mount -t unionfs $j/etc/rcoff $j/build/$jail/etc
fi
;;
stop)
# might fail if executed on a yet not union'ed etc
if mount | egrep -q "rcoff.*build/$jail"; then
ex umount $j/build/$jail/etc
fi
;;
esac
fi
}
jaildk_rc_ports() {
jail=$1
mode=$2
BASE=$3
VERSION=$4
rw=$5
rcscript=ports
load-jail-config $jail
if test -n "$ports"; then
version="$ports"
fi
if test -n "$buildbase" -a -n "$rw"; then
# we only support ports if a buildbase is configured
case $mode in
start)
if mount -v | grep -q " $j/build/$jail/usr/ports "; then
bold "$j/build/$jail/usr/ports already mounted!"
else
ex mount -t nullfs -o rw $j/ports/$version $j/build/$jail/usr/ports
fi
;;
stop)
if mount -v | grep -q " $j/build/$jail/usr/ports "; then
ex umount $j/build/$jail/usr/ports
else
bold "$j/build/$jail/usr/ports not mounted!"
fi
;;
esac
fi
}
jaildk_rc_mount() {
jail=$1
mode=$2
BASE=$3
VERSION=$4
rw=$5
rcscript=mount
load-jail-config $jail
conf=$j/etc/$jail/$rcscript.conf
if ! test -e "$conf"; then
return
fi
if test -n "$rw"; then
run=$j/build
if test -n "$BASE"; then
base=$BASE
fi
if test -n "$VERSION"; then
version=$VERSION
fi
else
run=$j/run
fi
die_if_not_exist $jail
# parse the config and (u)mount
case $mode in
stop)
tail -r $conf | grep -v "#"
;;
*)
grep -v "#" $conf
;;
esac | while read LINE; do
# This command expands variables and performs field-splitting:
set -- $(eval echo \""$LINE"\")
# Skip empty lines:
case "$1" in
"") continue ;;
esac
src=$1
dest=$2
fs=$3
opts=$4
size=$5
perm=$6
if test -n "$rw"; then
if ! echo $src | grep -q base/; then
opts=`echo "$opts" | sed 's/ro/rw/g'`
fi
fi
case $mode in
start)
if mount -v | grep " $run/$dest " > /dev/null ; then
bold "$run/$dest already mounted!"
else
case $fs in
mfs)
ex mdmfs -o $opts -s $size -p $perm md $run/$dest
;;
nullfs)
source=$j/$src
if echo $src | egrep -q "^/"; then
source=$src
fi
if ! test -d "$source"; then
die "Source dir $source doesn't exist!"
fi
if ! test -d "$run/$dest"; then
die "Dest dir $run/$dest doesn't exist!"
fi
ex mount -t $fs -o $opts $source $run/$dest
;;
devfs)
ex mount -t devfs dev $run/$dest
;;
*)
bold "unknown filesystem type $fs!"
;;
esac
fi
;;
stop)
if mount -v | grep " $run/$dest " > /dev/null ; then
ex umount $run/$dest
if mount -v | grep " $run/$dest " > /dev/null ; then
# still mounted! forcing
ex umount -f $run/$dest
fi
else
bold "$run/$dest not mounted!"
fi
;;
status)
if mount -v | grep " $run/$dest " > /dev/null ; then
echo "$run/$dest mounted"
else
bold "$run/$dest not mounted"
fi
;;
*)
bold "Usage: $0 install <jail> mount {start|stop|status|restart}"
;;
esac
done
}
usage_install() {
fin "Usage: $0 install <jail> [<mode>] [-r rc-function]
Install <jail> according to its config. Options:
<mode> Mode can either be start, stop or status. default: start
-r <function> Only execute function with <mode> parameter. default: all.
Available rc.d-scripts: $RCSCRIPTS_START"
}
jaildk_install() {
jail=$1
mode=$2
shift
shift
rcd=''
# options -b -w -v are undocumented, used by jaildk_build() only
rw=''
base=''
version=''
while getopts "r:b:v:w" arg; do
case $arg in
w) rw=1;;
b) base=${OPTARG};;
v) version=${OPTARG};;
r) rcd=${OPTARG};;
*) usage_install;;
esac
done
if test -z "$jail"; then
usage_install
fi
if test -z "$mode"; then
mode=start
fi
if test -z "$rcd"; then
# default just install everything
rcd=all
fi
case $mode in
start|stop|restart|status) :;;
*) usage_install;;
esac
die_if_not_exist $jail
if test "$rcd" = "all"; then
case $mode in
start) rcscripts="$RCSCRIPTS_START";;
stop) rcscripts="$RCSCRIPTS_STOP";;
esac
else
rcscripts="jaildk_rc_${rcd}"
if ! type "$rcscripts" > /dev/null 2>&1; then
die "rc function $rcd doesn't exist!"
fi
fi
case $mode in
start)
bold "Installing jail $jail"
;;
stop)
bold "Unstalling jail $jail"
;;
esac
for rcscript in $rcscripts; do
$rcscript $jail $mode $base $version $rw || exit 1
done
}
usage_uninstall() {
fin "Usage: $0 uninstall <jail> [-w]
Uninstall <jail>. Options:
-w Uninstall writable build chroot."
}
jaildk_uninstall() {
# wrapper around _install
jail=$1
shift
rw=''
while getopts "w" arg; do
case $arg in
w) rw=1;;
*) usage_uninstall;;
esac
done
if test -z "$jail"; then
usage_uninstall
fi
die_if_not_exist $jail
if jls | egrep -q "${jail}"; then
die "Jail $jail($version) is still running, stop it before removing!"
fi
jaildk_install $jail stop -r all -w
}
usage_base() {
fin "Usage: $0 base -b <basename|basedir> [-w]
Build a base directory from bsd install media. Options:
-b <name> <name> can be the name of a base (e.g. 12.2-RELEASE)
or a directory where it shall be created
-w Create a writable base, including compiler and other
build stuff. Use this if you want to use the ports
collection."
}
jaildk_base() {
base=""
rw=""
while getopts "b:w" arg; do
case $arg in
w) rw=1;;
b) base=${OPTARG};;
*) usage_base;;
esac
done
if test -z "$base"; then
usage_base
fi
removelist="tests
usr/bin/objdump
usr/bin/llvm-profdata
usr/bin/ranlib
usr/bin/ar
usr/bin/as
usr/bin/llvm-tblgen
usr/bin/llvm-symbolizer
usr/bin/llvm-cov
usr/bin/llvm-objdump
usr/bin/ld.lld
usr/bin/lldb
usr/bin/cpp
usr/bin/clang-cpp
usr/bin/clang++
usr/bin/clang
usr/bin/cc
usr/bin/c++
usr/bin/lex
usr/bin/lex++
usr/bin/flex
usr/bin/flex++
usr/bin/telnet
usr/bin/kadmin
usr/bin/kcc
usr/bin/kdestroy
usr/bin/kdump
usr/bin/keylogin
usr/bin/keylogout
usr/bin/kf
usr/bin/kgetcred
usr/bin/kinit
usr/bin/klist
usr/bin/kpasswd
usr/bin/krb5-config
usr/bin/ksu
usr/bin/kswitch
usr/bin/ktrace
usr/bin/ktrdump
usr/bin/finger
usr/bin/crunch*
usr/bin/ibv*
usr/bin/nc
usr/bin/pftp
usr/bin/ssh*
usr/bin/scp
usr/bin/sftp
usr/bin/svn*
usr/bin/yacc
usr/include
usr/lib/*.a
usr/lib32/*.a
usr/share/doc
usr/share/dict
usr/share/examples
usr/share/man
rescue
media
mnt
boot
var/run
var/cache
var/tmp"
if echo "$base" | egrep -vq "^/"; then
basedir=$j/base/$base
else
basedir=$base
fi
if test -d "$basedir"; then
echo "base $basedir already exist!"
exit 1
else
ex mkdir -p $basedir
bsdinstall jail $basedir || exit 1
if test -z "$rw"; then
# run base
for file in $removelist; do
ex rm -rf $basedir/$file
done
else
# build base with ports support
ex mkdir -p $basedir/usr/ports
fi
ex mkdir $basedir/home
ex rm -rf $basedir/var/db
ex ln -s /usr/local/db $basedir/var/db
# add some symlinks from /var to /tmp to make pkg work properly
ex rm -rf $basedir/var/tmp $basedir/var/cache $basedir/var/run
ex ln -s /tmp $basedir/var/tmp
ex ln -s /tmp $basedir/var/cache
ex ln -s /tmp $basedir/var/run
if test -n "$rw"; then
echo "You have choosen to create a build base with ports support"
echo -n "Want to fetch the ports collection now [Yn]? "
read yesno
case $yesno in
y|Y|yes|YES)
jaildk_fetch
;;
esac
fi
fi
}
clone() {
srcdir=$1
dstdir=$2
if test -d $srcdir; then
if ! test -d $dstdir; then
mkdir -p $dstdir
fi
ex cpdup -x $srcdir $dstdir
else
echo "$srcdir doesn't exist, ignored"
fi
}
usage_clone() {
fin "Usage: $0 clone -s <jail> -d <jail> [-o <version>] [-n <version>]
-s <jail> Source jail to clone from
-d <jail> Destionation jail to create from source
-o <version> Old version
-n <version> New version
Hints:
- if no source version has been given, tha latest version will be used.
- if no new version has been given, source version will be used.
- if source and new jail are the same, both versions must be given
and a new version of the same jail will be created (update)"
}
jaildk_clone() {
src=''
new=''
srcversion=''
newversion=''
update=''
while getopts "s:d:o:n:" arg; do
case $arg in
o) srcversion=${OPTARG};;
n) newversion=${OPTARG};;
s) src=${OPTARG};;
d) new=${OPTARG};;
*) usage_clone;;
esac
done
if test -z "$new"; then
usage_clone
fi
if test "$src" = "$new"; then
# same jail, expect different versions
if test -z "$newversion" -o -z "$srcversion"; then
die "source and new version required!"
fi
if test "$srcversion" = "$newversion"; then
die "new version must be different from source version!"
fi
update=1
else
# clone from A to B
die_if_not_exist $src "Source jail"
if test -z "$srcversion"; then
. $j/etc/$src/jail.conf
srcversion=$version
newversion=$version
else
if ! test -d $j/etc/$src/etc-$srcversion; then
die "Version $srcversion of source jail $src doesn't exist!"
else
if test -z "$newversion"; then
newversion=$srcversion
fi
fi
fi
fi
clone $j/log/$src-$srcversion $j/log/$new-$newversion
clone $j/home/$src/root-$srcversion $j/home/$new/root-$newversion
clone $j/etc/$src/etc-$srcversion $j/etc/$new/etc-$newversion
clone $j/etc/$src/local-etc-$srcversion $j/etc/$new/local-etc-$newversion
if test -z "$update"; then
clone $j/data/$src/www $j/data/$new/www
clone $j/data/$src/spool $j/data/$new/spool
ex cp -pRp $j/etc/$src/mount.conf $j/etc/$src/ports.conf $j/etc/$src/mtree.conf $j/etc/$src/ipfw.conf $j/etc/$new/
echo "Creating $j/etc/$src/jail.conf"
cat $j/etc/$src/jail.conf | egrep -v "^(name|version)=" > $j/etc/$new/jail.conf
(echo "name=$new"; echo "version=$newversion") >> $j/etc/$new/jail.conf
echo "Creating run and build dirs"
ex mkdir -p $j/run/$new
ex mkdir -p $j/build/$new
fi
echo "DONE."
if test -z "$update"; then
if ! egrep -q "^$new" /etc/jail.conf; then
bold "Consider adding the jail $new to /etc/jail.conf!"
echo
fi
bold "To mount the build chroot of the new jail, execute:"
echo "jaildk build $new start"
echo
bold "To login into the build chroot"
echo "jaildk blogin $new"
echo
bold "To mount the production chroot of the new jail, execute:"
echo "jaildk install $new"
echo
bold "To login into the build chroot"
echo "jaildk login $new"
echo
bold "To start the jail, execute:"
echo "jaildk start $new"
echo
else
. $j/etc/$src/jail.conf
jail=$new
bold "To mount the build chroot of the new jail, execute:"
echo "jaildk build $new start $base $newversion"
fi
}
usage_create() {
fin "Usage: $0 create <jail>
Create a new jail from template."
}
jaildk_create() {
jail=$1
# $jail gets overwritten in jaildk_clone or some subcall to .template :-( ...
newjail=$jail
src=.template
if test -z "$jail"; then
usage_create
fi
. $j/etc/$src/jail.conf
srcversion=$version
newversion=`date +%Y%m%d`
mkdir -p $j/etc/$jail
jaildk_clone -s $src -d $jail -o $srcversion -n $newversion
# some perl magic to extract the hostname (if any) from /etc/jail.conf - and write it into the jails rc.conf
jailhostname=$(cat /etc/jail.conf | tr -d '\t\r\n ' | perl -ne '$_ =~ /.*'"$newjail"'(\{(?:\{.*\}|[^{])*\})|\w+/; print $1;' | grep -oE 'hostname=[^;]+' | cut -d= -f2)
if [ -n "$jailhostname" ]; then
echo "new name: $jailhostname"
echo "in path $j/etc/$jail/local-etc-$newversion/rc.conf"
sed -iE 's/^hostname.*$/hostname="'"$jailhostname"'"/' $j/etc/$newjail/local-etc-$newversion/rc.conf
fi
}
remove() {
dir=$1
if test -d $dir; then
ex rm -rf $dir
else
echo "$dir doesn't exist anymore"
fi
}
usage_remove() {
fin "Usage: $0 remove <jail> [-v <version>]
Remove <jail> from disk."
}
jaildk_remove() {
jail=$1
shift
version=''
while getopts "v:" arg; do
case $arg in
v) version=${OPTARG};;
*) usage_remove;;
esac
done
if test -z "$jail"; then
usage_remove
fi
if jls | egrep -q "${jail}"; then
die "Jail $jail($version) is still running, stop it before removing!"
fi
if mount | egrep -q "${jail}.*${version}"; then
die "Jail $jail($version) is still mounted, umount it before removing!"
fi
die_if_not_exist $jail
if test -n "$version"; then
if ! test -d $j/etc/$jail/etc-$version; then
die "Jail $jail $version doesn't exist!"
fi
remove $j/etc/$jail/etc-$version
remove $j/etc/$jail/local-etc-$version
remove $j/home/$jail/root-$version
remove $j/log/$jail-$version
remove $j/data/$jail/www
remove $j/data/$jail/spool
else
remove $j/etc/$jail
remove $j/home/$jail
remove $j/log/$jail-*
remove $j/data/$jail
fi
}
jaildk_jail_usage() {
fin "Usage: $0 <start|stop|restart|status> <jail> | status"
}
usage_start() {
fin "Usage $0 start <jail>
Start <jail>."
}
usage_stop() {
fin "Usage $0 stop <jail>
Stop <jail>."
}
usage_restart() {
fin "Usage $0 restart <jail>
Restart <jail>."
}
usage_status() {
fin "Usage $0 status [<jail>]
Show status of <jail>. Without <jail>, show status of all jails."
}
jaildk_jail() {
jail=$2
mode=$1
if test -z "$jail"; then
usage_$mode
elif test -z "$jail" -a $mode = "status"; then
bold "Running jails:"
bold " JID IP Address Hostname Path"
jls | grep -v JID
bold "Mounted build jails:"
format=" %-15s %-29s %s\n"
bold " Version Hostname Path"
mount | egrep "local-etc.*build" | awk '{print $1}' | sed -e 's|/| |g' -e 's/local-etc-//' | while read j e jail version; do
printf "$format" $version $jail $j/build/$jail
done
jls | grep -v JID | awk '{print $3}' | while read J; do
jaildk_rc $J status
done
else
bold "Jail $jail $mode:"
case $mode in
status)
service jail $mode $jail | egrep "IP|$jail"
jaildk_rc $jail status
;;
*)
service jail $mode $jail
jaildk_ipfw $jail $mode
;;
esac
fi
}
get_rc_scripts() {
jail="$1"
files=$(ls $j/run/$jail/usr/local/etc/rc.d/* $j/run/$jail/etc/rc.d/*)
rcorder $files | while read SCRIPT; do
rcvar=`egrep "^rcvar=" $SCRIPT | cut -d= -f2 | sed 's/"//g' | tail -1`
if egrep -iq "^${rcvar}=.*yes" $j/run/$jail/usr/local/etc/rc.conf; then
echo $SCRIPT | sed "s|$j/run/$jail||"
fi
done
}
usage_rc() {
fin "Usage: $0 rc <jail> [<mode>] [-r <rc.d script]
Execute an rc.d script inside <jail> with parameter <mode>. Options:
-r <rc.d script> Execute <rc.d script>. default: execute all enabled scripts."
}
jaildk_rc() {
jail=$1
mode=$1
shift
shift
rc=''
while getopts "r:" arg; do
case $arg in
r) rcd=${OPTARG};;
*) usage_rc;;
esac
done
if test -z "$rc"; then
rc='all'
fi
if test -z "$jail" -o -z "$mode"; then
usage_rc
fi
if ! jls | egrep -q "${jail}"; then
die "Jail $jail is not running."
fi
rcs=`get_rc_scripts $jail`
if test $rc = "all"; then
bold "Jail $jail rc status:"
for script in $rcs; do
jexec $jail $script $mode
done
else
ok=''
for script in $rcs; do
if echo "$script" | egrep -q "/$rc"; then
jexec $jail $script $mode
ok=1
fi
done
if test -z "$ok"; then
die "Script $rc doesn't exist in $jail or is not enabled."
fi
fi
}
usage_blogin() {
err "Usage: $file <jail>
Chroot into a build jail.
Mounted build chroot's:"
mount|egrep "base.*build" | awk '{print $3}' | cut -d/ -f 4
exit 1
}
jaildk_blogin() {
jail=$1
if test -z "$jail"; then
file=`basename $0`
if test "$file" = "jaildk"; then
file="$0 blogin"
else
file="$0"
fi
usage_blogin
fi
chroot="$j/build/$jail"
if ! test -d $chroot/root; then
echo "build jail $jail not mounted!"
echo "Mount it with jaildk build $jail start"
exit 1
fi
shell=/bin/csh
term=vt100
home=/root
path=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
if test -e $chroot/root/.bashrc; then
shell=/usr/local/bin/bash
fi
chroot $chroot /etc/rc.d/ldconfig onestart > /dev/null 2>&1
env - HOME=$home TERM=$term SHELL=$shell PATH=$path chroot $chroot $shell
}
usage_login() {
err "Usage: $file <jail-name|jail-domain|jail-ip> [<user>]
Login into a jail by name, ip or domain. If <user> has not been
specified, login as root.
Available jails:"
jls
exit 1
}
jaildk_login() {
jail=$1
user=$2
me=`id -u`
jexec="jexec"
if test -z "$jail"; then
file=`basename $0`
if test "$file" = "jaildk"; then
file="$0 jlogin"
else
file="$0"
fi
usage_login
fi
jid=""
echo $jail
jid=`jls | grep "$jail" | awk '{print $1}'`
echo $jid
if test -z "$jid"; then
echo "jail $jail doesn't run!"
exit 1
fi
shell=sh
home=/home/$user
term=vt100
path=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
chroot_subdir=`grep "jail_${name}_rootdir" /etc/rc.conf | awk -F\" '{print $2}'`
if test -z "$user"; then
user=root
fi
if test "$me" != "0"; then
jexec="sudo $jexec"
fi
shell=/bin/sh
home=/
if grep "^$user" $chroot_subdir/etc/passwd > /dev/null 2>&1; then
shell=`grep "^$user" $chroot_subdir/etc/passwd | awk -F: '{print $7}' | sed 's/ //g'`
home=`grep "^$user" $chroot_subdir/etc/passwd | awk -F: '{print $6}' | sed 's/ //g'`
fi
env - JAIL=$jail HOME=$home TERM=$term SHELL=$shell PATH=$path $jexec -U $user $jid $shell
}
usage_reinstall() {
fin "Usage: $0 reinstall <jail>
Stop, uninstall, install and start <jail>.
"
}
jaildk_reinstall() {
jail=$1
if test -z "$jail"; then
usage_reinstall
fi
die_if_not_exist $jail
if jls | egrep -q "${jail}"; then
jaildk_jail stop $jail
fi
jaildk_uninstall $jail
sleep 0.2
sync
jaildk_install $jail start
jaildk_jail start $jail
sleep 0.2
jaildk_jail status $jail
}
jaildk_setup() {
j=$1
if test -z "$j"; then
fin "Usage: $0 setup <base dir for jail environment>"
fi
bold "preparing directories"
ex mkdir -p $j
for subdir in etc bin appl base data home log run ports; do
ex mkdir -p $j/$subdir
done
version=`date +%Y%m%d`
for subdir in appl/default-$version/db/ports appl/default-$version/etc etc/.template/etc-$version etc/.template/local-etc-$version home/.template/root-$version log/.template-$version; do
ex mkdir -p $j/$subdir
done
bold "building jail template"
ex cpdup /etc $j/etc/.template/etc-$version
echo "creating $j/etc/.template/etc-$version/rc.conf"
rm -f $j/etc/.template/etc-$version/rc.conf
echo 'rc_conf_files="/etc/rc.conf /etc/rc.conf.local /usr/local/etc/rc.conf"' > $j/etc/.template/etc-$version/rc.conf
echo "creating $j/etc/.template/local-etc-$version/rc.conf"
echo 'hostname="TEMPLATE"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"' > $j/etc/.template/local-etc-$version/rc.conf
bold "creating template config $j/etc/.template/jail.conf"
os=`uname -r`
(echo "base=$os"; echo "version=$version"; name=template) > $j/etc/.template/jail.conf
bold "creating template config $j/etc/.template/mount.conf"
echo 'base/$base $name nullfs ro
md $name/tmp mfs rw,nosuid,async 128m 1777
dev $name/dev devfs
log/$name-$version $name/var/log nullfs rw
appl/default-$version $name/usr/local nullfs ro
etc/$name/etc-$version $name/etc nullfs ro
etc/$name/local-etc-$version $name/usr/local/etc nullfs ro
home/$name/root-$version $name/root nullfs rw' > $j/etc/.template/mount.conf
bold "creating template config $j/etc/.template/ports.conf"
(echo bash; echo ca_root_nss) > $j/etc/.template/ports.conf
bold "creating template config $j/etc/.template/ipfw.conf"
touch $j/etc/.template/ipfw.conf
bold "creating template config $j/etc/.template/mtree.conf"
# touch $j/etc/.template/mtree.conf
echo '/set type=dir uid=0 gid=0 mode=01777
. type=dir mode=0755
tmp
var
cache
pkg
..
..
run
..
tmp' > $j/etc/.template/mtree.conf
bold "installing jaildk"
realj=`cd $j; pwd`
sed "s|^JAILDIR=.*|JAILDIR=$realj|" $0 > $j/bin/jaildk
ex chmod 755 $j/bin/jaildk
bold "configuring root shell template"
echo "# root shell inside jail
alias h history 25
alias j jobs -l
alias la ls -a
alias lf ls -FA
alias ll ls -lA
alias l ls -laF
alias .. cd ..
alias ... cd ../..
alias .... cd ../../../
umask 22
set path = (/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin)
setenv EDITOR vi
setenv PAGER less
setenv BLOCKSIZE K
if (\$?prompt) then
set chroot=`ps axu|grep /sbin/init | grep -v grep | awk '{print $1}'`
if("\$chroot" == \"\") then
set prompt = \"(jail) %N@%m:%~ %# \"
else
set prompt = \"(build chroot) %N@%m:%~ %# \"
endif
set promptchars = \"%#\"
set filec
set history = 1000
set savehist = (1000 merge)
set autolist = ambiguous
# Use history to aid expansion
set autoexpand
set autorehash
endif
" > $j/home/.template/root-$version/.cshrc
bold "building base"
echo -n "Do you want to build a base directory [Yn]? "
read yesno
case $yesno in
y|Y|yes|YES)
jaildk_base -b $j/base/$os
;;
esac
}
jaildk_fetch() {
version=`date +%Y%m%d`
if test -d "$j/ports/$version"; then
echo -n "Ports dir $version already exist. Do you want to recreate it [y/N]? "
read yesno
case $yesno in
y|Y|yes|YES)
ex rm -rf $j/ports/$version
jaildk_fetch_ports
;;
esac
else
jaildk_fetch_ports
fi
}
jaildk_fetch_ports() {
ex mkdir -p $j/ports/tmp
ex fetch -o $j/ports/tmp/ports.tar.gz http://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz
ex tar xzfC $j/ports/tmp/ports.tar.gz $j/ports/tmp
ex mv $j/ports/tmp/ports $j/ports/$version
ex rm -rf $j/ports/tmp/ports*
}
usage_freeze() {
echo "Usage: $0 freeze <jail> [options]
Options:
-v <version> freeze <version> of <jail>
-b include the base layer (default: no)
-a include the application layer (default: no)"
exit 1
}
freeze_dir() {
dstdir=$1
src=$2
srcdir=$(echo $src | cut -d/ -f1)
layer=$(echo $src | sed "s|$srcdir/||")
layerfile=$(echo $layer | sed 's|/|-|g')
ex tar -C $j/$srcdir -cpf $dstdir/$srcdir-$layerfile.tar $layer
}
jaildk_freeze() {
jail=$1
shift
VERSION=""
ADDBASE=""
ADDAPPL=""
while getopts "abv:" arg; do
case $arg in
a) ADDAPPL=1;;
b) ADDBASE=1;;
v) VERSION=${OPTARG};;
*) usage_freeze;;
esac
done
if test -z "$jail"; then
usage_freeze
fi
die_if_not_exist $jail "Jail to freeze" $VERSION
if jls | egrep -q "${jail}"; then
echo "The jail $jail is actually running. It's recommended"
echo -n "to stop it before freezing. Stop the jail now [Ny]? "
read yesno
case $yesno in
y|Y|yes|YES|Yes)
service jail stop $jail
;;
esac
fi
load-jail-config $jail
if test -n "$VERSION"; then
version=$VERSION
fi
bold "Freezing jail $jail $version"
host=$(hostname | cut -d\. -f1)
freeze=$j/images/$host-$jail-$version.tgz
tmp=$j/images/tmp/$jail-$version
ex mkdir -p $tmp
mountconf=$j/etc/$jail/mount.conf
if ! test -e "$mountconf"; then
die "$mountconf doesn't exist!"
fi
# create sub tarballs from every layer
grep -v "#" $mountconf | while read LINE; do
# this is a copy of the code in jaildk_rc_mount()
# FIXME: put this into a function somehow
set -- $(eval echo \""$LINE"\")
# Skip empty lines:
case "$1" in
"") continue ;;
esac
src=$1
dest=$2
fs=$3
opts=$4
size=$5
perm=$6
case $fs in
nullfs)
if ! echo $src | egrep -q "^/"; then
# only freeze nullfs mounts relative to $j
if echo $src | egrep -q "^base/"; then
if test -n "$ADDBASE"; then
freeze_dir $tmp $src
fi
elif echo $src | egrep -q "^appl/"; then
if test -n "$ADDAPPL"; then
freeze_dir $tmp $src
fi
else
freeze_dir $tmp $src
fi
fi
;;
esac
done
# add the jail config
files=$(find $j/etc/$jail -type f -maxdepth 1)
for file in $files; do
cp -pP $file $tmp/
done
# build the final image file
ex tar -C $j/images/tmp -cpf $freeze $jail-$version
# cleaning up
ex rm -rf $j/images/tmp
bold "Done, jail $jail frozen to $freeze."
}
thaw_tarball() {
srcdir=$1
tarball=$2
# etc-test-local-etc-20201128.tar
layer=$(echo $tarball | cut -d\- -f1)
if ! test -d $j/$layer; then
ex mkdir -p $j/$layer
fi
ex tar -C $j/$layer -xf $srcdir/$tarball
ex rm -f $srcdir/$tarball
}
usage_thaw() {
fin "Usage: $0 thaw <image>"
}
jaildk_thaw() {
image=$1
if test -n "$J"; then
j=$J
fi
jail=$(echo $image | cut -d\- -f2)
version=$(echo $image | cut -d\- -f3 | cut -d\. -f1)
if ! test -n "$version" -o -n "$jail"; then
usage_thaw
fi
if test -d $j/etc/$jail/etc-$version; then
bold -n "Jail $jail $version already exists, overwrite [Ny]? "
read yesno
case $yesno in
y|Y|yes|YES|Yes)
:;;
*)
echo "abort.";;
esac
fi
bold "Thawing jail $image"
tmp=$j/images/tmp
ex mkdir -p $tmp
# too many things can go wrong from here, so better abort on error
set -e
ex tar -C $tmp -xf $image
if ! test -d $tmp/$jail-$version; then
die "Invalid image format!"
ex rm -rf $tmp
fi
for tarball in `cd $tmp/$jail-$version && ls *.tar`; do
thaw_tarball $tmp/$jail-$version $tarball
done
files=$(find $tmp -type f)
bak=""
if test -e $j/etc/$jail/jail.conf; then
bold -n "$j/etc/$jail/jail.conf already exist. Overwrite configs [Ny]? "
read yesno
case $yesno in
y|Y|yes|YES|Yes)
:;;
*)
bold "Copying configs with extension -$version"
bak="-$version"
;;
esac
fi
for file in $files; do
filename=$(basename $file)
ex cp -Pp $file $j/etc/$jail/$filename$bak
done
bold "Done. Thawed jail $jail $version from $image."
}
jaildk_ipfw() {
jail=$1
mode=$2
if [ -f "$j/etc/$jail/ipfw.conf" ]; then
echo
bold "Managing IPFW Rules..."
case $mode in
start)
# Deleting existing rules first to avoid duplicates.
ipfw show | grep -E "// $jail\$" | while read rule; do sh -c "ipfw delete $(echo $rule| awk '{print $1}')"; done
# Getting current jails IP..
jailip=$(jls | grep -E "$jail\$" | awk '{print $2}')
# Adding rules
cat /jail/etc/revprx/ipfw.conf | awk -v jailname="$jail" '{print "ipfw add "$0" // " jailname}' | sed -E "s/\\\$ip/$jailip/g" | while read rule; do $rule; done
;;
stop)
# Deleting rules
ipfw show | grep -E "// $jail\$" | while read rule; do bold "Deleting rule $rule"; sh -c "ipfw delete $(echo $rule| awk '{print $1}')"; done
;;
esac
bold "... done"
echo
fi
}
##########################
#
# main()
# will be modified during installation
JAILDIR=/jail
# install modules
RCSCRIPTS_START="jaildk_rc_mount jaildk_rc_rcoff jaildk_rc_ports jaildk_rc_mtree"
RCSCRIPTS_STOP="jaildk_rc_rcoff jaildk_rc_mount jaildk_rc_ports"
# globals
j=$JAILDIR
rcdir=$j/bin
runner=$1
shift
if test -z "$runner"; then
usage_jaildk
fi
case $runner in
start|stop|status|restart)
jaildk_jail $runner $*
;;
setup|reinstall|install|uninstall|build|blogin|login|clone|create|remove|rc|base|fetch|freeze|thaw)
jaildk_$runner $*
;;
help)
usage_help $*
;;
*)
usage_jaildk $*
;;
esac
Reference in New Issue View Git Blame Copy Permalink