summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2006-03-15 23:49:11 +0000
committererdgeist <erdgeist@erdgeist.org>2006-03-15 23:49:11 +0000
commitac7c4c9c42ce707caeae4c651a7bc16e369f906a (patch)
treebd014145692b893309267c73ad80f30f3ea3ad3e
parent9cbb2d786e12bec46e7a4c7cbfa7e84b9496a9c4 (diff)
Experimental image based ezjail support
-rw-r--r--ezjail-img.sh194
1 files changed, 194 insertions, 0 deletions
diff --git a/ezjail-img.sh b/ezjail-img.sh
new file mode 100644
index 0000000..b577682
--- /dev/null
+++ b/ezjail-img.sh
@@ -0,0 +1,194 @@
1#!/bin/sh
2
3# ugly: this variable is set during port install time
4ezjail_prefix=EZJAIL_PREFIX
5ezjail_etc=${ezjail_prefix}/etc
6ezjail_share=${ezjail_prefix}/share/ezjail
7ezjail_examples=${ezjail_prefix}/share/examples/ezjail
8ezjail_jailcfgs=${ezjail_etc}/ezjail
9
10# read user config
11[ -f ${ezjail_etc}/ezjail.conf ] && . ${ezjail_etc}/ezjail.conf
12
13# set defaults
14ezjail_jaildir=${ezjail_jaildir:-"/usr/jails"}
15ezjail_jailtemplate=${ezjail_jailtemplate:-"${ezjail_jaildir}/newjail"}
16ezjail_jailbase=${ezjail_jailbase:-"${ezjail_jaildir}/basejail"}
17ezjail_jailfull=${ezjail_jailfull:-"${ezjail_jaildir}/fulljail"}
18ezjail_flavours=${ezjail_flavours:-"${ezjail_jaildir}/flavours"}
19ezjail_sourcetree=${ezjail_sourcetree:-"/usr/src"}
20ezjail_portscvsroot=${ezjail_portscvsroot:-":pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs"}
21
22ezjail_mount_enable=${ezjail_mount_enable:-"YES"}
23ezjail_devfs_enable=${ezjail_devfs_enable:-"YES"}
24ezjail_devfs_ruleset=${ezjail_devfs_ruleset:-"devfsrules_jail"}
25ezjail_procfs_enable=${ezjail_procfs_enable:-"YES"}
26ezjail_fdescfs_enable=${ezjail_fdescfs_enable:-"YES"}
27
28# define our bail out shortcut
29exerr () { echo -e "$*"; exit 1; }
30
31# check for command
32[ "$1" ] || exerr "Usage: `basename -- $0` [create] {params}"
33
34case "$1" in
35######################## ezjail-admin CREATE ########################
36create)
37 shift
38 args=`getopt xf:r:i: $*` || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-i size] [-xc] jailname jailip"
39
40 newjail_root=
41 newjail_flavour=
42 newjail_softlink=
43 newjail_imagesize=
44 newjail_cryptimage=
45 newjail_fill="YES"
46
47 set -- ${args}
48 for arg do
49 case ${arg} in
50 -x) newjail_fill="NO"; shift;;
51 -r) newjail_root="$2"; shift 2;;
52 -f) newjail_flavour="$2"; shift 2;;
53 -i) newjail_imagesize="$2"; shift 2;;
54 -c) newjail_cryptimage="YES"; shift;;
55 --) shift; break;;
56 esac
57 done
58 newjail_name=$1; newjail_ip=$2
59
60 # we need at least a name and an ip for new jail
61 [ "${newjail_name}" -a "${newjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-x] jailname jailip"
62
63 # check for sanity of settings concerning the image feature
64 [ "${newjail_cryptimage}" = "YES" -a ! "${newjail_imagesize}" ] && exerr "Cryptimages need an image size."
65
66 # check, whether ezjail-update has been called. existence of
67 # ezjail_jailbase is our indicator
68 [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first."
69
70 # relative paths don't make sense in rc.scripts
71 [ "${ezjail_jaildir%%[!/]*}" ] || exerr "Error: Need an absolute path in ezjail_jaildir, it currently is set to: ${ezjail_jaildir}."
72
73 # jail names must not irritate file systems, excluding dots from this list
74 # was done intentionally to permit foo.com style directory names, however,
75 # the jail name will be foo_com in most scripts
76
77 newjail_name=`echo -n ${newjail_name} | tr /~ __`
78 newjail_nname=`echo -n "${newjail_name}" | tr -c [:alnum:] _`
79 newjail_root=${newjail_root:-"${ezjail_jaildir}/${newjail_name}"}
80
81 # This scenario really will only lead to real troubles in the 'fulljail'
82 # case, but I should still explain this to the user and not claim that
83 # "an ezjail would already exist"
84 [ "${newjail_nname}" = "basejail" -o "${newjail_nname}" = "newjail" -o "${newjail_nname}" = "fulljail" -o "${newjail_nname}" = "flavours" ] && \
85 exerr "Error: ezjail needs the ${newjail_nname} directory for its own administrative purposes. Please rename the ezjail."
86
87 # jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com
88 # so check, whether we might be running into problems
89 [ -e ${ezjail_jailcfgs}/${newjail_nname} ] && exerr "Error: an ezjail config already exists at ${ezjail_jailcfgs}/${newjail_nname}. Please rename the ezjail."
90
91 # if jail root specified on command line is not absolute, make it absolute
92 # inside our jail directory
93 [ "${newjail_root%%[!/]*}" ] || newjail_root=${ezjail_jaildir}/${newjail_root}
94
95 # if a directory at the specified jail root already exists, refuse to
96 # install
97 [ -e ${newjail_root} -a "${newjail_fill}" = "YES" ] && exerr "Error: the specified jail root ${newjail_root} alread exists."
98
99 # if jail root specified on command line does not lie within our jail
100 # directory, we need to create a softlink
101 if [ "${newjail_root##${ezjail_jaildir}}" = "${newjail_root}" ]; then
102 newjail_softlink=${ezjail_jaildir}/`basename -- ${newjail_root}`
103 [ -e ${newjail_softlink} -a "${newjail_fill}" = "YES" ] && exerr "Error: an ezjail already exists at ${newjail_softlink}."
104 fi
105
106 # do some sanity checks on the selected flavour (if any)
107 [ "${newjail_flavour}" -a ! -d ${ezjail_flavours}/${newjail_flavour} ] && exerr "Error: Flavour config directory ${ezjail_flavours}/${newjail_flavour} not found."
108
109 #
110 # All sanity checks that may lead to errors are hopefully passed here
111 #
112
113 # if image is wanted, check, whether the img-file already is present
114 if [ "${newjail_imagesize}" ]; then
115 newjail_image=${newjail_root%/}; while [ "${newjail_image}" -a -z "${newjail_image%%*/" ]; do newjail_image=${newjail_image%/}; done
116 [ -z "${newjail_image}" ] && exerr Could not determine image file name, something is wrong with the jail root: ${newjail_root}.
117 newjail_image=${newjail_image}.img
118 [ -e "${newjail_image}" ] && exerr "Error: a file exists at the location ${newjail_image}, preventing our own image file to be created.
119
120 touch "${newjail_image}"
121 dd if=/dev/random of="${newjail_image}" bs=${newjail_imagesize} count=1 || exerr Could not (or not fully) create the image file. You might want to check (and possibly remove) the file "${newjail_image}". The image size provided was ${newjail_imagesize}.
122 newjail_device=/dev/`mdconfig -a -t vnode -f ${newjail_image}`
123 newfs ${newjail_device}
124 mount ${newjail_device} ${newjail_root}
125 fi
126
127 # now take a copy of our template jail
128 if [ "${newjail_fill}" = "YES" ]; then
129 mkdir -p ${newjail_root} && cd ${ezjail_jailtemplate} && \
130 find * | cpio -p -v ${newjail_root} > /dev/null
131 [ $? = 0 ] || exerr "Error: Could not copy template jail."
132 fi
133
134 # if a soft link is necessary, create it now
135 [ "${newjail_softlink}" ] && ln -s ${newjail_root} ${newjail_softlink}
136
137 # if the automount feature is not disabled, this fstab entry for new jail
138 # will be obeyed
139 echo ${ezjail_jailbase} ${newjail_root}/basejail nullfs ro 0 0 > /etc/fstab.${newjail_nname}
140
141 # now, where everything seems to have gone right, create control file in
142 # ezjails config dir
143 mkdir -p ${ezjail_jailcfgs}
144 echo export jail_${newjail_nname}_hostname=\"${newjail_name}\" > ${ezjail_jailcfgs}/${newjail_nname}
145 echo export jail_${newjail_nname}_ip=\"${newjail_ip}\" >> ${ezjail_jailcfgs}/${newjail_nname}
146 echo export jail_${newjail_nname}_rootdir=\"${newjail_root}\" >> ${ezjail_jailcfgs}/${newjail_nname}
147 echo export jail_${newjail_nname}_exec=\"/bin/sh /etc/rc\" >> ${ezjail_jailcfgs}/${newjail_nname}
148 echo export jail_${newjail_nname}_mount_enable=\"${ezjail_mount_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
149 echo export jail_${newjail_nname}_devfs_enable=\"${ezjail_devfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
150 echo export jail_${newjail_nname}_devfs_ruleset=\"devfsrules_jail\" >> ${ezjail_jailcfgs}/${newjail_nname}
151 echo export jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
152 echo export jail_${newjail_nname}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
153 [ "${newjail_imagesize}" ] && \
154 echo export jail_${newjail_nname}_image=\"YES\" >> ${ezjail_jailcfgs}/${newjail_nname}
155 [ "${newjail_cryptimage}" ] && \
156 echo export jail_${newjail_nname}_cryptimage=\"YES\" >> ${ezjail_jailcfgs}/${newjail_nname}
157
158 # Final steps for flavour installation
159 if [ "${newjail_flavour}" ]; then
160 # install files and config to new jail
161 cd ${ezjail_flavours}/${newjail_flavour} && find * | cpio -p -v ${newjail_root} > /dev/null
162 [ $? = 0 ] || echo "Warning: Could not fully install flavour."
163
164 # If a config is found, make it auto run on jails startup
165 if [ -f ${newjail_root}/ezjail.flavour ]; then
166 ln -s /ezjail.flavour ${newjail_root}/etc/rc.d/ezjail-config.sh
167 chmod 0700 ${newjail_root}/ezjail.flavour
168 echo "Note: Shell scripts installed, flavourizing on jails first startup."
169 fi
170 fi
171
172 #
173 # For user convenience some scenarios commonly causing headaches are checked
174 #
175
176 # check, whether IP is configured on a local interface, warn if it isnt
177 ping -c 1 -m 1 -t 1 -q ${newjail_ip} > /dev/null
178 [ $? = 0 ] || echo "Warning: IP ${newjail_ip} not configured on a local interface."
179
180 # check, whether some host system services do listen on the Jails IP
181 TIFS=${IFS}; IFS=_
182 newjail_listener=`sockstat -4 -l | grep ${newjail_ip}:[[:digit:]]`
183 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on IP ${newjail_ip}\n This may cause some confusion, here they are:\n${newjail_listener}"
184
185 newjail_listener=`sockstat -4 -l | grep \*:[[:digit:]]`
186 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${newjail_ip})\n This may cause some confusion, here they are:\n${$
187 IFS=${TIFS}
188
189 ;;
190*)
191 exerr "Usage: `basename -- $0` [create|delete|list|update] {params}"
192 ;;
193esac
194