diff options
-rwxr-xr-x | ezjail-admin | 111 |
1 files changed, 56 insertions, 55 deletions
diff --git a/ezjail-admin b/ezjail-admin index b953fe4..6b7d59f 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
@@ -149,7 +149,7 @@ fetchjailinfo () { | |||
149 | ezjail_name=$1 | 149 | ezjail_name=$1 |
150 | 150 | ||
151 | # Clean variables, prevent polution | 151 | # Clean variables, prevent polution |
152 | unset ezjail_config ezjail_running ezjail_hostname ezjail_rootdir ezjail_image ezjail_imagetype ezjail_imagedevice ezjail_devicelink ezjail_ip ezjail_id ezjail_attached ezjail_device ezjail_device_geom | 152 | unset ezjail_config ezjail_running ezjail_hostname ezjail_rootdir ezjail_image ezjail_imagetype ezjail_imagedevice ezjail_devicelink ezjail_ips ezjail_id ezjail_attached ezjail_device ezjail_device_geom |
153 | 153 | ||
154 | ezjail_safename=`echo -n "${ezjail_name}" | tr -c '[:alnum:]' _` | 154 | ezjail_safename=`echo -n "${ezjail_name}" | tr -c '[:alnum:]' _` |
155 | 155 | ||
@@ -164,7 +164,7 @@ fetchjailinfo () { | |||
164 | . "${ezjail_config}" | 164 | . "${ezjail_config}" |
165 | eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\" | 165 | eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\" |
166 | eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\" | 166 | eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\" |
167 | eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\" | 167 | eval ezjail_ips=\"\$jail_${ezjail_safename}_ip\" |
168 | eval ezjail_image=\"\$jail_${ezjail_safename}_image\" | 168 | eval ezjail_image=\"\$jail_${ezjail_safename}_image\" |
169 | eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\" | 169 | eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\" |
170 | eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\" | 170 | eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\" |
@@ -334,31 +334,22 @@ parse_gbde_attach_args () { | |||
334 | return ${_exit} | 334 | return ${_exit} |
335 | } | 335 | } |
336 | 336 | ||
337 | check_for_zfs () { | 337 | check_for_zfs () { |
338 | # check the ZFS version | 338 | # check the ZFS version |
339 | _zfs_version=`sysctl -nq vfs.zfs.version.spa` | 339 | _zfs_version=`sysctl -nq vfs.zfs.version.spa` |
340 | [ "${_zfs_version}" ] || _zfs_version=0 | 340 | [ -z "${_zfs_version}" -o "${_zfs_version}" -lt 13 ] && exerr "Error: ZFS is not loaded or your ZFS version is not supported." |
341 | if [ "${_zfs_version}" -lt "13" ]; then | 341 | |
342 | echo "ERROR: ZFS is not loaded or your ZFS version is not supported." | 342 | # check if ZFS is enabled when managing basejail/newjail in ZFS |
343 | exit | 343 | . /etc/rc.subr |
344 | fi | 344 | load_rc_config_var zfs zfs_enable |
345 | 345 | checkyesno ezjail_use_zfs && checkyesno zfs_enable && echo "Warning: You should enable ZFS in /etc/rc.conf" | |
346 | # check if ZFS is enabled when managing basejail/newjail in ZFS | ||
347 | . /etc/rc.subr | ||
348 | load_rc_config_var zfs zfs_enable | ||
349 | if [ "${ezjail_use_zfs}" = "YES" -a "${zfs_enable}" != "YES" ]; then | ||
350 | echo "WARNING: You should enable ZFS in /etc/rc.conf" | ||
351 | fi | ||
352 | } | 346 | } |
353 | 347 | ||
354 | check_for_zpool () { | 348 | check_for_zpool () { |
355 | # check for the ZFS zpool to be online | 349 | # check for the ZFS zpool to be online |
356 | check_for_zfs | 350 | check_for_zfs |
357 | _zpoolstatus=`/sbin/zpool list -H -o health ${ezjail_jailzfs%%/*} 2> /dev/null` | 351 | _zpoolstatus=`/sbin/zpool list -H -o health ${ezjail_jailzfs%%/*} 2> /dev/null` |
358 | if [ ! "${_zpoolstatus}" = "ONLINE" ]; then | 352 | [ "${_zpoolstatus}" = "ONLINE" ] || exerr "Error: Your zpool does not exist or is not online." |
359 | echo "Your zpool does not exist or is not online." | ||
360 | exit | ||
361 | fi | ||
362 | } | 353 | } |
363 | 354 | ||
364 | ############################# | 355 | ############################# |
@@ -387,14 +378,14 @@ create) | |||
387 | ?) exerr ${ezjail_usage_create};; | 378 | ?) exerr ${ezjail_usage_create};; |
388 | esac; done; shift $(( ${OPTIND} - 1 )) | 379 | esac; done; shift $(( ${OPTIND} - 1 )) |
389 | 380 | ||
390 | ezjail_name=$1; ezjail_ip=$2 | 381 | ezjail_name=$1; ezjail_ips=$2 |
391 | 382 | ||
392 | # we need at least a name and an ip for new jail | 383 | # we need at least a name and an ip for new jail |
393 | [ "${ezjail_name}" -a "${ezjail_ip}" -a $# -eq 2 ] || exerr ${ezjail_usage_create} | 384 | [ "${ezjail_name}" -a "${ezjail_ips}" -a $# -eq 2 ] || exerr ${ezjail_usage_create} |
394 | 385 | ||
395 | # show the user the type of image used | 386 | # show the user the type of image used |
396 | echo "TYPE: $ezjail_imagetype" | 387 | echo "TYPE: $ezjail_imagetype" |
397 | 388 | ||
398 | # check for an active ZFS zpool | 389 | # check for an active ZFS zpool |
399 | if [ "${ezjail_imagetype}" = "zfs" ]; then | 390 | if [ "${ezjail_imagetype}" = "zfs" ]; then |
400 | check_for_zpool | 391 | check_for_zpool |
@@ -481,7 +472,7 @@ create) | |||
481 | 472 | ||
482 | # Location of our image file | 473 | # Location of our image file |
483 | ezjail_image="${ezjail_image}.img" | 474 | ezjail_image="${ezjail_image}.img" |
484 | 475 | ||
485 | # zfs does not use image files | 476 | # zfs does not use image files |
486 | [ "${ezjail_imagetype}" = "zfs" ] && unset ezjail_image | 477 | [ "${ezjail_imagetype}" = "zfs" ] && unset ezjail_image |
487 | 478 | ||
@@ -556,7 +547,7 @@ create) | |||
556 | mount "/dev/${ezjail_device}" "${ezjail_rootdir}" || detach_images || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}." | 547 | mount "/dev/${ezjail_device}" "${ezjail_rootdir}" || detach_images || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}." |
557 | else | 548 | else |
558 | if [ -e "${ezjail_rootdir}" -a ! -d "${ezjail_rootdir}" ]; then | 549 | if [ -e "${ezjail_rootdir}" -a ! -d "${ezjail_rootdir}" ]; then |
559 | [ "${ezjail_rootdir%%*.img}" ] || exerr "Error: Could not create mount point for your jails image.\n A file exists at its location.\n Try '${ezjail_admin} create -x -r ${ezjail_rootdir%%.img} ${ezjail_name} ${ezjail_ip}' instead." | 550 | [ "${ezjail_rootdir%%*.img}" ] || exerr "Error: Could not create mount point for your jails image.\n A file exists at its location.\n Try '${ezjail_admin} create -x -r ${ezjail_rootdir%%.img} ${ezjail_name} ${ezjail_ips}' instead." |
560 | exerr "Error: Could not create mount point for your jails image.\n A file exists at its location." | 551 | exerr "Error: Could not create mount point for your jails image.\n A file exists at its location." |
561 | fi | 552 | fi |
562 | [ -d "${ezjail_rootdir}" ] || mkdir -p "${ezjail_rootdir}" | 553 | [ -d "${ezjail_rootdir}" ] || mkdir -p "${ezjail_rootdir}" |
@@ -605,7 +596,7 @@ create) | |||
605 | echo -e "#\n# PROVIDE: standard_ezjail\n# REQUIRE: \n# BEFORE: \n#\n" | 596 | echo -e "#\n# PROVIDE: standard_ezjail\n# REQUIRE: \n# BEFORE: \n#\n" |
606 | fi | 597 | fi |
607 | echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" | 598 | echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" |
608 | echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" | 599 | echo export jail_${ezjail_safename}_ip=\"${ezjail_ips}\" |
609 | echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" | 600 | echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" |
610 | echo export jail_${ezjail_safename}_exec=\"/bin/sh /etc/rc\" | 601 | echo export jail_${ezjail_safename}_exec=\"/bin/sh /etc/rc\" |
611 | echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" | 602 | echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" |
@@ -647,17 +638,21 @@ create) | |||
647 | # For user convenience some scenarios commonly causing headaches are checked | 638 | # For user convenience some scenarios commonly causing headaches are checked |
648 | # | 639 | # |
649 | 640 | ||
650 | # check, whether IP is configured on a local interface, warn if it isnt | 641 | TIFS=${IFS}; IFS=, |
651 | ping -c 1 -m 1 -t 1 -q ${ezjail_ip} > /dev/null | 642 | for ezjail_ip in ${ezjail_ips}; do |
652 | [ $? -eq 0 ] || echo "Warning: IP ${ezjail_ip} not configured on a local interface." | 643 | # check, whether IP is configured on a local interface, warn if it isnt |
644 | ping -c 1 -m 1 -t 1 -q ${ezjail_ip} > /dev/null | ||
645 | [ $? -eq 0 ] || echo "Warning: IP ${ezjail_ip} not configured on a local interface." | ||
653 | 646 | ||
654 | # check, whether some host system services do listen on the Jails IP | 647 | # check, whether some host system services do listen on the Jails IP |
655 | TIFS=${IFS}; IFS=_ | 648 | IFS=_ |
656 | ezjail_listener=`sockstat -4 -l | grep "${ezjail_ip}:[[:digit:]]"` | 649 | ezjail_listener=`sockstat -4 -l | grep "${ezjail_ip}:[[:digit:]]"` |
657 | [ $? -eq 0 ] && echo -e "Warning: Some services already seem to be listening on IP ${ezjail_ip}\n This may cause some confusion, here they are:\n${ezjail_listener}" | 650 | [ $? -eq 0 ] && echo -e "Warning: Some services already seem to be listening on IP ${ezjail_ip}\n This may cause some confusion, here they are:\n${ezjail_listener}" |
658 | 651 | ||
659 | ezjail_listener=`sockstat -4 -l | grep "*:[[:digit:]]"` | 652 | ezjail_listener=`sockstat -4 -l | grep "*:[[:digit:]]"` |
660 | [ $? -eq 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}" | 653 | [ $? -eq 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}" |
654 | IFS=, | ||
655 | done | ||
661 | IFS=${TIFS} | 656 | IFS=${TIFS} |
662 | 657 | ||
663 | [ "${ezjail_imagetype}" -a "${ezjail_imagetype}" != "zfs" ] && echo "Note: To administrate your image jail, attach it using the '${ezjail_admin} config -i attach ${ezjail_hostname}' command." | 658 | [ "${ezjail_imagetype}" -a "${ezjail_imagetype}" != "zfs" ] && echo "Note: To administrate your image jail, attach it using the '${ezjail_admin} config -i attach ${ezjail_hostname}' command." |
@@ -681,7 +676,7 @@ delete) | |||
681 | 676 | ||
682 | # check for existence of jail in our records | 677 | # check for existence of jail in our records |
683 | [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." | 678 | [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." |
684 | 679 | ||
685 | # check for an active ZFS zpool | 680 | # check for an active ZFS zpool |
686 | if [ "${ezjail_imagetype}" = "zfs" ]; then | 681 | if [ "${ezjail_imagetype}" = "zfs" ]; then |
687 | check_for_zpool | 682 | check_for_zpool |
@@ -717,7 +712,7 @@ delete) | |||
717 | if [ "${ezjail_wipeme}" ]; then | 712 | if [ "${ezjail_wipeme}" ]; then |
718 | case ${ezjail_imagetype} in | 713 | case ${ezjail_imagetype} in |
719 | simple|bde|eli) | 714 | simple|bde|eli) |
720 | [ "${ezjail_image}" ] && rm -f "${ezjail_image}" "${ezjail_image%.img}.device" | 715 | [ "${ezjail_image}" ] && rm -f "${ezjail_image}" "${ezjail_image%.img}.device" |
721 | ;; | 716 | ;; |
722 | zfs) | 717 | zfs) |
723 | echo "ZFS: delete the jails ZFS" | 718 | echo "ZFS: delete the jails ZFS" |
@@ -747,7 +742,16 @@ list) | |||
747 | fi | 742 | fi |
748 | [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state="${ezjail_state}N" | 743 | [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state="${ezjail_state}N" |
749 | 744 | ||
750 | printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}" | 745 | TIFS=${IFS}; IFS=,; unset _multiline |
746 | for ezjail_ip in ${ezjail_ips}; do | ||
747 | if[ -z "${_multiline}" ]; then | ||
748 | printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}" | ||
749 | else | ||
750 | echo " ${ezjail_ip}" | ||
751 | _multiline=yes | ||
752 | fi | ||
753 | done | ||
754 | IFS=${TIFS} | ||
751 | done | 755 | done |
752 | 756 | ||
753 | ;; | 757 | ;; |
@@ -782,7 +786,7 @@ setup|update) | |||
782 | [ -d "${ezjail_jailbase}" ] || exerr "Error: base jail does not exist.\n You cannot fill base jails ports tree before creating it.\n Please run '${ezjail_admin} update' or '${ezjail_admin} install' first." | 786 | [ -d "${ezjail_jailbase}" ] || exerr "Error: base jail does not exist.\n You cannot fill base jails ports tree before creating it.\n Please run '${ezjail_admin} update' or '${ezjail_admin} install' first." |
783 | elif [ "${ezjail_installaction}" = "freebsd-update" ]; then | 787 | elif [ "${ezjail_installaction}" = "freebsd-update" ]; then |
784 | [ -d "${ezjail_jailbase}" ] || exerr "Error: base jail does not exist.\n You cannot update a base jail until it is created.\n Please run '${ezjail_admin} update' or '${ezjail_admin} install' first." | 788 | [ -d "${ezjail_jailbase}" ] || exerr "Error: base jail does not exist.\n You cannot update a base jail until it is created.\n Please run '${ezjail_admin} update' or '${ezjail_admin} install' first." |
785 | 789 | ||
786 | # If ran from cron be kind to freebsds update servers and sleep first | 790 | # If ran from cron be kind to freebsds update servers and sleep first |
787 | [ -z "$TERM" -o "$TERM" = "dumb" ] && sleep $(( ${RANDOM} % 3600 )) | 791 | [ -z "$TERM" -o "$TERM" = "dumb" ] && sleep $(( ${RANDOM} % 3600 )) |
788 | if [ "${ezjail_use_zfs}" = "YES" ]; then | 792 | if [ "${ezjail_use_zfs}" = "YES" ]; then |
@@ -954,7 +958,7 @@ console) | |||
954 | # This one will also exerr on failure | 958 | # This one will also exerr on failure |
955 | start_stop_jail_by_script start | 959 | start_stop_jail_by_script start |
956 | fi | 960 | fi |
957 | 961 | ||
958 | # use the jails FIB if there is one | 962 | # use the jails FIB if there is one |
959 | if [ -n "${ezjail_fib}" ]; then | 963 | if [ -n "${ezjail_fib}" ]; then |
960 | _setfib="setfib -F ${ezjail_fib}" | 964 | _setfib="setfib -F ${ezjail_fib}" |
@@ -1145,10 +1149,10 @@ restore) | |||
1145 | fetchjailinfo ${ezjail_safename} ${ezjail_config} | 1149 | fetchjailinfo ${ezjail_safename} ${ezjail_config} |
1146 | 1150 | ||
1147 | # Now all parameters are here, invoke ezjail-admin create | 1151 | # Now all parameters are here, invoke ezjail-admin create |
1148 | [ "${ezjail_rootdir}" -a "${ezjail_ip}" -a "${ezjail_hostname}" ] || exerr "Error: Archive does not contain a valid ezjail properties file.\n Some jails properties are missing." | 1152 | [ "${ezjail_rootdir}" -a "${ezjail_ips}" -a "${ezjail_hostname}" ] || exerr "Error: Archive does not contain a valid ezjail properties file.\n Some jails properties are missing." |
1149 | [ "${ezjail_imagetype}" ] && ezjail_imagedata="-c ${ezjail_imagetype} -C '${ezjail_attachparams}' -s ${ezjail_nameprop_imgagesize}" | 1153 | [ "${ezjail_imagetype}" ] && ezjail_imagedata="-c ${ezjail_imagetype} -C '${ezjail_attachparams}' -s ${ezjail_nameprop_imgagesize}" |
1150 | 1154 | ||
1151 | $0 create -a "${ezjail_fromarchive}" -A "${ezjail_config}" ${ezjail_imagedata} -r "${ezjail_rootdir}" "${ezjail_hostname}" "${ezjail_ip}" || exerr "Error: Create failed." | 1155 | $0 create -a "${ezjail_fromarchive}" -A "${ezjail_config}" ${ezjail_imagedata} -r "${ezjail_rootdir}" "${ezjail_hostname}" "${ezjail_ips}" || exerr "Error: Create failed." |
1152 | rm -f "${ezjail_config}" | 1156 | rm -f "${ezjail_config}" |
1153 | 1157 | ||
1154 | done | 1158 | done |
@@ -1241,12 +1245,9 @@ config) | |||
1241 | else | 1245 | else |
1242 | unset ezjail_new_image | 1246 | unset ezjail_new_image |
1243 | fi | 1247 | fi |
1244 | |||
1245 | if [ "${ezjail_imagetype}" = "zfs" ]; then | ||
1246 | # ZFS: using the zfs rename feature to rename the filesystem, remounting is done by ZFS | ||
1247 | zfs rename ${ezjail_jailzfs}/${ezjail_hostname} ${ezjail_jailzfs}/${ezjail_new_hostname} | ||
1248 | fi | ||
1249 | 1248 | ||
1249 | # ZFS: using the zfs rename feature to rename the filesystem, remounting is done by ZFS | ||
1250 | [ "${ezjail_imagetype}" = "zfs" ] && zfs rename ${ezjail_jailzfs}/${ezjail_hostname} ${ezjail_jailzfs}/${ezjail_new_hostname} | ||
1250 | 1251 | ||
1251 | # adjust softlink | 1252 | # adjust softlink |
1252 | if [ -L "${ezjail_softlink}" ]; then | 1253 | if [ -L "${ezjail_softlink}" ]; then |
@@ -1310,7 +1311,7 @@ config) | |||
1310 | grep -e ^\# "${ezjail_config}" | 1311 | grep -e ^\# "${ezjail_config}" |
1311 | echo | 1312 | echo |
1312 | echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" | 1313 | echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" |
1313 | echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" | 1314 | echo export jail_${ezjail_safename}_ip=\"${ezjail_ips}\" |
1314 | echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" | 1315 | echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" |
1315 | echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\" | 1316 | echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\" |
1316 | echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" | 1317 | echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" |
@@ -1339,7 +1340,7 @@ config) | |||
1339 | grep -e ^\# "${ezjail_config}" | 1340 | grep -e ^\# "${ezjail_config}" |
1340 | echo | 1341 | echo |
1341 | echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" | 1342 | echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" |
1342 | echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" | 1343 | echo export jail_${ezjail_safename}_ip=\"${ezjail_ips}\" |
1343 | echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" | 1344 | echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" |
1344 | echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\" | 1345 | echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\" |
1345 | echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" | 1346 | echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" |
@@ -1370,7 +1371,7 @@ config) | |||
1370 | grep -e ^\# "${ezjail_config}" | 1371 | grep -e ^\# "${ezjail_config}" |
1371 | echo | 1372 | echo |
1372 | echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" | 1373 | echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" |
1373 | echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" | 1374 | echo export jail_${ezjail_safename}_ip=\"${ezjail_ips}\" |
1374 | echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" | 1375 | echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" |
1375 | echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\" | 1376 | echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\" |
1376 | echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" | 1377 | echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" |