summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2006-03-21 16:46:40 +0000
committererdgeist <erdgeist@erdgeist.org>2006-03-21 16:46:40 +0000
commit28ebd0e7012ee8ff1bc092af05cfe280405be70a (patch)
tree4a782242a1133e470af9d2f8948f947352ec16b5
parent6c388abea89dddcf8c1c8b56b7d8a7f5edcfb2d5 (diff)
Functionality moved to ezjail-admin
-rw-r--r--ezjail-img.sh244
1 files changed, 0 insertions, 244 deletions
diff --git a/ezjail-img.sh b/ezjail-img.sh
deleted file mode 100644
index fc7d02f..0000000
--- a/ezjail-img.sh
+++ /dev/null
@@ -1,244 +0,0 @@
1#!/bin/sh
2
3# ugly: this variable is set during port install time
4#ezjail_prefix=EZJAIL_PREFIX
5ezjail_prefix=/usr/local/
6ezjail_etc=${ezjail_prefix}/etc
7ezjail_share=${ezjail_prefix}/share/ezjail
8ezjail_examples=${ezjail_prefix}/share/examples/ezjail
9ezjail_jailcfgs=${ezjail_etc}/ezjail
10
11# read user config
12[ -f ${ezjail_etc}/ezjail.conf ] && . ${ezjail_etc}/ezjail.conf
13
14# set defaults
15ezjail_jaildir=${ezjail_jaildir:-"/usr/jails"}
16ezjail_jailtemplate=${ezjail_jailtemplate:-"${ezjail_jaildir}/newjail"}
17ezjail_jailbase=${ezjail_jailbase:-"${ezjail_jaildir}/basejail"}
18ezjail_jailfull=${ezjail_jailfull:-"${ezjail_jaildir}/fulljail"}
19ezjail_flavours=${ezjail_flavours:-"${ezjail_jaildir}/flavours"}
20ezjail_sourcetree=${ezjail_sourcetree:-"/usr/src"}
21ezjail_portscvsroot=${ezjail_portscvsroot:-":pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs"}
22
23ezjail_mount_enable=${ezjail_mount_enable:-"YES"}
24ezjail_devfs_enable=${ezjail_devfs_enable:-"YES"}
25ezjail_devfs_ruleset=${ezjail_devfs_ruleset:-"devfsrules_jail"}
26ezjail_procfs_enable=${ezjail_procfs_enable:-"YES"}
27ezjail_fdescfs_enable=${ezjail_fdescfs_enable:-"YES"}
28
29# define our bail out shortcut
30exerr () { echo -e "$*"; exit 1; }
31
32# define detach strategy for image jails
33detach_images () {
34 # unmount and detach memory disc
35 if [ "${newjail_img_device}" ]; then
36 umount ${newjail_root}
37 [ "${newjail_image}" = "crypto" ] && gbde detach /dev/${newjail_img_device}
38 mdconfig -d -u ${newjail_img_device}
39 fi
40}
41
42# check for command
43[ "$1" ] || exerr "Usage: `basename -- $0` [create] {params}"
44
45case "$1" in
46######################## ezjail-admin CREATE ########################
47create)
48 shift
49 args=`getopt f:r:s:xic $*` || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-s size] [-xic] jailname jailip"
50
51 newjail_root=
52 newjail_flavour=
53 newjail_softlink=
54 newjail_image=
55 newjail_imagesize=
56 newjail_device=
57 newjail_fill="YES"
58
59 set -- ${args}
60 for arg do
61 case ${arg} in
62 -x) newjail_fill="NO"; shift;;
63 -r) newjail_root="$2"; shift 2;;
64 -f) newjail_flavour="$2"; shift 2;;
65 -i) newjail_image="simple"; shift;;
66 -s) newjail_imagesize="$2"; shift 2;;
67 -c) newjail_image="crypto"; shift;;
68 --) shift; break;;
69 esac
70 done
71 newjail_name=$1; newjail_ip=$2
72
73 # we need at least a name and an ip for new jail
74 [ "${newjail_name}" -a "${newjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-x] jailname jailip"
75
76 # check for sanity of settings concerning the image feature
77 [ "${newjail_image}" -a "$newjail_fill" = "YES" -a ! "${newjail_imagesize}" ] && exerr "Image jails need an image size."
78
79 # check, whether ezjail-update has been called. existence of
80 # ezjail_jailbase is our indicator
81 [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first."
82
83 # relative paths don't make sense in rc.scripts
84 [ "${ezjail_jaildir%%[!/]*}" ] || exerr "Error: Need an absolute path in ezjail_jaildir, it currently is set to: ${ezjail_jaildir}."
85
86 # jail names must not irritate file systems, excluding dots from this list
87 # was done intentionally to permit foo.com style directory names, however,
88 # the jail name will be foo_com in most scripts
89
90 newjail_name=`echo -n ${newjail_name} | tr /~ __`
91 newjail_nname=`echo -n "${newjail_name}" | tr -c [:alnum:] _`
92 newjail_root=${newjail_root:-"${ezjail_jaildir}/${newjail_name}"}
93
94 # This scenario really will only lead to real troubles in the 'fulljail'
95 # case, but I should still explain this to the user and not claim that
96 # "an ezjail would already exist"
97 [ "${newjail_nname}" = "basejail" -o "${newjail_nname}" = "newjail" -o "${newjail_nname}" = "fulljail" -o "${newjail_nname}" = "flavours" ] && \
98 exerr "Error: ezjail needs the ${newjail_nname} directory for its own administrative purposes. Please rename the ezjail."
99
100 # jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com
101 # so check, whether we might be running into problems
102 [ -e ${ezjail_jailcfgs}/${newjail_nname} ] && exerr "Error: an ezjail config already exists at ${ezjail_jailcfgs}/${newjail_nname}. Please rename the ezjail."
103
104 # if jail root specified on command line is not absolute, make it absolute
105 # inside our jail directory
106 [ "${newjail_root%%[!/]*}" ] || newjail_root=${ezjail_jaildir}/${newjail_root}
107
108 # if a directory at the specified jail root already exists, refuse to
109 # install
110 [ -e ${newjail_root} -a "${newjail_fill}" = "YES" ] && exerr "Error: the specified jail root ${newjail_root} alread exists."
111
112 # if jail root specified on command line does not lie within our jail
113 # directory, we need to create a softlink
114 if [ "${newjail_root##${ezjail_jaildir}}" = "${newjail_root}" ]; then
115 newjail_softlink=${ezjail_jaildir}/`basename -- ${newjail_root}`
116 [ -e ${newjail_softlink} -a "${newjail_fill}" = "YES" ] && exerr "Error: an ezjail already exists at ${newjail_softlink}."
117 fi
118
119 # do some sanity checks on the selected flavour (if any)
120 [ "${newjail_flavour}" -a ! -d ${ezjail_flavours}/${newjail_flavour} ] && exerr "Error: Flavour config directory ${ezjail_flavours}/${newjail_flavour} not found."
121
122 #
123 # All sanity checks that may lead to errors are hopefully passed here
124 #
125
126 if [ "${newjail_image}" ]; then
127 # Strip trailing slashes from jail root, those would confuse image path
128 newjail_img=${newjail_root%/}; while [ "${newjail_img}" -a -z "${newjail_img%%*/}" ]; do newjail_img=${newjail_img%/}; done
129 [ -z "${newjail_img}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${newjail_root}."
130
131 # Location of our image and crypto image lock file
132 newjail_lock=${newjail_img}.lock
133 newjail_img=${newjail_img}.img
134
135 # If NOT exist, create image
136 if [ "$newjail_fill" = "YES" ]; then
137 [ -e "${newjail_img}" ] && exerr "Error: a file exists at the location ${newjail_img}, preventing our own image file to be created."
138 [ "${newjail_image}" = "crypto" -a -e "${newjail_lock}" ] && exerr "Error: a file exists at the location ${newjail_lock}, preventing our own crypto image lock file to be created."
139
140 # Now create jail disc image
141 touch "${newjail_img}"
142 dd if=/dev/random of="${newjail_img}" bs="${newjail_imagesize}" count=1 || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${newjail_img}. The image size provided was ${newjail_imagesize}."
143
144 # And attach device
145 newjail_img_device=`mdconfig -a -t vnode -f ${newjail_img}`
146
147 if [ "${newjail_image}" = "crypto" ]; then
148 # Initialise crypto image
149 # XXX TODO: catch error and detach memory disc
150 echo "Initialising crypto device. Enter a new passphrase twice..."
151 gbde init /dev/${newjail_img_device} -L ${newjail_lock}
152
153 # XXX TODO: catch error and detach memory disc
154 echo "Attaching crypto device. Enter the passphrase..."
155 gbde attach /dev/${newjail_img_device} -l ${newjail_lock}
156 newjail_device=${newjail_img_device}.bde
157 else
158 newjail_device=${newjail_img_device}
159 fi
160
161 # Format memory image
162 newfs /dev/${newjail_device}
163 # Create mount point and mount
164 mkdir -p ${newjail_root}
165 mount /dev/${newjail_device} ${newjail_root}
166 else
167 [ -e ${newjail_root} -a ! -d ${newjail_root} ] && exerr "Error: Could not create mount point for your jail image. A file exists at its location. (For existing image jails, call this tool without the .img suffix when specifying jail root.)"
168 [ -d ${newjail_root} ] || mkdir -p ${newjail_root}
169 fi
170 fi
171
172 # now take a copy of our template jail
173 if [ "${newjail_fill}" = "YES" ]; then
174 mkdir -p ${newjail_root} && cd ${ezjail_jailtemplate} && find * | cpio -p -v ${newjail_root} > /dev/null
175 [ $? = 0 ] || detach_images || exerr "Error: Could not copy template jail."
176 fi
177
178 # if a soft link is necessary, create it now
179 [ "${newjail_softlink}" ] && ln -s ${newjail_root} ${newjail_softlink}
180
181 # if the automount feature is not disabled, this fstab entry for new jail
182 # will be obeyed
183 echo -n > /etc/fstab.${newjail_nname}
184 [ "${newjail_image}" ] && \
185 echo ${newjail_root}.device ${newjail_root} ufs rw 0 0 >> /etc/fstab.${newjail_nname}
186 echo ${ezjail_jailbase} ${newjail_root}/basejail nullfs ro 0 0 >> /etc/fstab.${newjail_nname}
187
188 # now, where everything seems to have gone right, create control file in
189 # ezjails config dir
190 mkdir -p ${ezjail_jailcfgs}
191 echo export jail_${newjail_nname}_hostname=\"${newjail_name}\" > ${ezjail_jailcfgs}/${newjail_nname}
192 echo export jail_${newjail_nname}_ip=\"${newjail_ip}\" >> ${ezjail_jailcfgs}/${newjail_nname}
193 echo export jail_${newjail_nname}_rootdir=\"${newjail_root}\" >> ${ezjail_jailcfgs}/${newjail_nname}
194 echo export jail_${newjail_nname}_exec=\"/bin/sh /etc/rc\" >> ${ezjail_jailcfgs}/${newjail_nname}
195 echo export jail_${newjail_nname}_mount_enable=\"${ezjail_mount_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
196 echo export jail_${newjail_nname}_devfs_enable=\"${ezjail_devfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
197 echo export jail_${newjail_nname}_devfs_ruleset=\"devfsrules_jail\" >> ${ezjail_jailcfgs}/${newjail_nname}
198 echo export jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
199 echo export jail_${newjail_nname}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
200 [ "${newjail_image}" ] && \
201 echo export jail_${newjail_nname}_image=\"${newjail_img}\" >> ${ezjail_jailcfgs}/${newjail_nname}
202 [ "${newjail_image}" = "crypto" ] && \
203 echo export jail_${newjail_nname}_cryptimage=\"YES\" >> ${ezjail_jailcfgs}/${newjail_nname}
204
205 # Final steps for flavour installation
206 if [ "${newjail_fill}" = "YES" -a "${newjail_flavour}" ]; then
207 # install files and config to new jail
208 cd ${ezjail_flavours}/${newjail_flavour} && find * | cpio -p -v ${newjail_root} > /dev/null
209 [ $? = 0 ] || echo "Warning: Could not fully install flavour."
210
211 # If a config is found, make it auto run on jails startup
212 if [ -f ${newjail_root}/ezjail.flavour ]; then
213 ln -s /ezjail.flavour ${newjail_root}/etc/rc.d/ezjail-config.sh
214 chmod 0700 ${newjail_root}/ezjail.flavour
215 echo "Note: Shell scripts installed, flavourizing on jails first startup."
216 fi
217 fi
218
219 # Detach (crypto and) memory discs
220 detach_images
221
222 #
223 # For user convenience some scenarios commonly causing headaches are checked
224 #
225
226 # check, whether IP is configured on a local interface, warn if it isnt
227 ping -c 1 -m 1 -t 1 -q ${newjail_ip} > /dev/null
228 [ $? = 0 ] || echo "Warning: IP ${newjail_ip} not configured on a local interface."
229
230 # check, whether some host system services do listen on the Jails IP
231 TIFS=${IFS}; IFS=_
232 newjail_listener=`sockstat -4 -l | grep ${newjail_ip}:[[:digit:]]`
233 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on IP ${newjail_ip}\n This may cause some confusion, here they are:\n${newjail_listener}"
234
235 newjail_listener=`sockstat -4 -l | grep \*:[[:digit:]]`
236 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${newjail_ip})\n This may cause some confusion, here they are:\n${newjail_listener}"
237 IFS=${TIFS}
238
239 ;;
240*)
241 exerr "Usage: `basename -- $0` [create|delete|list|update] {params}"
242 ;;
243esac
244