summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xezjail-admin111
1 files changed, 56 insertions, 55 deletions
diff --git a/ezjail-admin b/ezjail-admin
index b953fe4..6b7d59f 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -149,7 +149,7 @@ fetchjailinfo () {
149 ezjail_name=$1 149 ezjail_name=$1
150 150
151 # Clean variables, prevent polution 151 # Clean variables, prevent polution
152 unset ezjail_config ezjail_running ezjail_hostname ezjail_rootdir ezjail_image ezjail_imagetype ezjail_imagedevice ezjail_devicelink ezjail_ip ezjail_id ezjail_attached ezjail_device ezjail_device_geom 152 unset ezjail_config ezjail_running ezjail_hostname ezjail_rootdir ezjail_image ezjail_imagetype ezjail_imagedevice ezjail_devicelink ezjail_ips ezjail_id ezjail_attached ezjail_device ezjail_device_geom
153 153
154 ezjail_safename=`echo -n "${ezjail_name}" | tr -c '[:alnum:]' _` 154 ezjail_safename=`echo -n "${ezjail_name}" | tr -c '[:alnum:]' _`
155 155
@@ -164,7 +164,7 @@ fetchjailinfo () {
164 . "${ezjail_config}" 164 . "${ezjail_config}"
165 eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\" 165 eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\"
166 eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\" 166 eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\"
167 eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\" 167 eval ezjail_ips=\"\$jail_${ezjail_safename}_ip\"
168 eval ezjail_image=\"\$jail_${ezjail_safename}_image\" 168 eval ezjail_image=\"\$jail_${ezjail_safename}_image\"
169 eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\" 169 eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\"
170 eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\" 170 eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\"
@@ -334,31 +334,22 @@ parse_gbde_attach_args () {
334 return ${_exit} 334 return ${_exit}
335} 335}
336 336
337check_for_zfs () { 337check_for_zfs () {
338 # check the ZFS version 338 # check the ZFS version
339 _zfs_version=`sysctl -nq vfs.zfs.version.spa` 339 _zfs_version=`sysctl -nq vfs.zfs.version.spa`
340 [ "${_zfs_version}" ] || _zfs_version=0 340 [ -z "${_zfs_version}" -o "${_zfs_version}" -lt 13 ] && exerr "Error: ZFS is not loaded or your ZFS version is not supported."
341 if [ "${_zfs_version}" -lt "13" ]; then 341
342 echo "ERROR: ZFS is not loaded or your ZFS version is not supported." 342 # check if ZFS is enabled when managing basejail/newjail in ZFS
343 exit 343 . /etc/rc.subr
344 fi 344 load_rc_config_var zfs zfs_enable
345 345 checkyesno ezjail_use_zfs && checkyesno zfs_enable && echo "Warning: You should enable ZFS in /etc/rc.conf"
346 # check if ZFS is enabled when managing basejail/newjail in ZFS
347 . /etc/rc.subr
348 load_rc_config_var zfs zfs_enable
349 if [ "${ezjail_use_zfs}" = "YES" -a "${zfs_enable}" != "YES" ]; then
350 echo "WARNING: You should enable ZFS in /etc/rc.conf"
351 fi
352} 346}
353 347
354check_for_zpool () { 348check_for_zpool () {
355 # check for the ZFS zpool to be online 349 # check for the ZFS zpool to be online
356 check_for_zfs 350 check_for_zfs
357 _zpoolstatus=`/sbin/zpool list -H -o health ${ezjail_jailzfs%%/*} 2> /dev/null` 351 _zpoolstatus=`/sbin/zpool list -H -o health ${ezjail_jailzfs%%/*} 2> /dev/null`
358 if [ ! "${_zpoolstatus}" = "ONLINE" ]; then 352 [ "${_zpoolstatus}" = "ONLINE" ] || exerr "Error: Your zpool does not exist or is not online."
359 echo "Your zpool does not exist or is not online."
360 exit
361 fi
362} 353}
363 354
364############################# 355#############################
@@ -387,14 +378,14 @@ create)
387 ?) exerr ${ezjail_usage_create};; 378 ?) exerr ${ezjail_usage_create};;
388 esac; done; shift $(( ${OPTIND} - 1 )) 379 esac; done; shift $(( ${OPTIND} - 1 ))
389 380
390 ezjail_name=$1; ezjail_ip=$2 381 ezjail_name=$1; ezjail_ips=$2
391 382
392 # we need at least a name and an ip for new jail 383 # we need at least a name and an ip for new jail
393 [ "${ezjail_name}" -a "${ezjail_ip}" -a $# -eq 2 ] || exerr ${ezjail_usage_create} 384 [ "${ezjail_name}" -a "${ezjail_ips}" -a $# -eq 2 ] || exerr ${ezjail_usage_create}
394 385
395 # show the user the type of image used 386 # show the user the type of image used
396 echo "TYPE: $ezjail_imagetype" 387 echo "TYPE: $ezjail_imagetype"
397 388
398 # check for an active ZFS zpool 389 # check for an active ZFS zpool
399 if [ "${ezjail_imagetype}" = "zfs" ]; then 390 if [ "${ezjail_imagetype}" = "zfs" ]; then
400 check_for_zpool 391 check_for_zpool
@@ -481,7 +472,7 @@ create)
481 472
482 # Location of our image file 473 # Location of our image file
483 ezjail_image="${ezjail_image}.img" 474 ezjail_image="${ezjail_image}.img"
484 475
485 # zfs does not use image files 476 # zfs does not use image files
486 [ "${ezjail_imagetype}" = "zfs" ] && unset ezjail_image 477 [ "${ezjail_imagetype}" = "zfs" ] && unset ezjail_image
487 478
@@ -556,7 +547,7 @@ create)
556 mount "/dev/${ezjail_device}" "${ezjail_rootdir}" || detach_images || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}." 547 mount "/dev/${ezjail_device}" "${ezjail_rootdir}" || detach_images || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}."
557 else 548 else
558 if [ -e "${ezjail_rootdir}" -a ! -d "${ezjail_rootdir}" ]; then 549 if [ -e "${ezjail_rootdir}" -a ! -d "${ezjail_rootdir}" ]; then
559 [ "${ezjail_rootdir%%*.img}" ] || exerr "Error: Could not create mount point for your jails image.\n A file exists at its location.\n Try '${ezjail_admin} create -x -r ${ezjail_rootdir%%.img} ${ezjail_name} ${ezjail_ip}' instead." 550 [ "${ezjail_rootdir%%*.img}" ] || exerr "Error: Could not create mount point for your jails image.\n A file exists at its location.\n Try '${ezjail_admin} create -x -r ${ezjail_rootdir%%.img} ${ezjail_name} ${ezjail_ips}' instead."
560 exerr "Error: Could not create mount point for your jails image.\n A file exists at its location." 551 exerr "Error: Could not create mount point for your jails image.\n A file exists at its location."
561 fi 552 fi
562 [ -d "${ezjail_rootdir}" ] || mkdir -p "${ezjail_rootdir}" 553 [ -d "${ezjail_rootdir}" ] || mkdir -p "${ezjail_rootdir}"
@@ -605,7 +596,7 @@ create)
605 echo -e "#\n# PROVIDE: standard_ezjail\n# REQUIRE: \n# BEFORE: \n#\n" 596 echo -e "#\n# PROVIDE: standard_ezjail\n# REQUIRE: \n# BEFORE: \n#\n"
606 fi 597 fi
607 echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" 598 echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
608 echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" 599 echo export jail_${ezjail_safename}_ip=\"${ezjail_ips}\"
609 echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" 600 echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
610 echo export jail_${ezjail_safename}_exec=\"/bin/sh /etc/rc\" 601 echo export jail_${ezjail_safename}_exec=\"/bin/sh /etc/rc\"
611 echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" 602 echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"
@@ -647,17 +638,21 @@ create)
647 # For user convenience some scenarios commonly causing headaches are checked 638 # For user convenience some scenarios commonly causing headaches are checked
648 # 639 #
649 640
650 # check, whether IP is configured on a local interface, warn if it isnt 641 TIFS=${IFS}; IFS=,
651 ping -c 1 -m 1 -t 1 -q ${ezjail_ip} > /dev/null 642 for ezjail_ip in ${ezjail_ips}; do
652 [ $? -eq 0 ] || echo "Warning: IP ${ezjail_ip} not configured on a local interface." 643 # check, whether IP is configured on a local interface, warn if it isnt
644 ping -c 1 -m 1 -t 1 -q ${ezjail_ip} > /dev/null
645 [ $? -eq 0 ] || echo "Warning: IP ${ezjail_ip} not configured on a local interface."
653 646
654 # check, whether some host system services do listen on the Jails IP 647 # check, whether some host system services do listen on the Jails IP
655 TIFS=${IFS}; IFS=_ 648 IFS=_
656 ezjail_listener=`sockstat -4 -l | grep "${ezjail_ip}:[[:digit:]]"` 649 ezjail_listener=`sockstat -4 -l | grep "${ezjail_ip}:[[:digit:]]"`
657 [ $? -eq 0 ] && echo -e "Warning: Some services already seem to be listening on IP ${ezjail_ip}\n This may cause some confusion, here they are:\n${ezjail_listener}" 650 [ $? -eq 0 ] && echo -e "Warning: Some services already seem to be listening on IP ${ezjail_ip}\n This may cause some confusion, here they are:\n${ezjail_listener}"
658 651
659 ezjail_listener=`sockstat -4 -l | grep "*:[[:digit:]]"` 652 ezjail_listener=`sockstat -4 -l | grep "*:[[:digit:]]"`
660 [ $? -eq 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}" 653 [ $? -eq 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}"
654 IFS=,
655 done
661 IFS=${TIFS} 656 IFS=${TIFS}
662 657
663 [ "${ezjail_imagetype}" -a "${ezjail_imagetype}" != "zfs" ] && echo "Note: To administrate your image jail, attach it using the '${ezjail_admin} config -i attach ${ezjail_hostname}' command." 658 [ "${ezjail_imagetype}" -a "${ezjail_imagetype}" != "zfs" ] && echo "Note: To administrate your image jail, attach it using the '${ezjail_admin} config -i attach ${ezjail_hostname}' command."
@@ -681,7 +676,7 @@ delete)
681 676
682 # check for existence of jail in our records 677 # check for existence of jail in our records
683 [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." 678 [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
684 679
685 # check for an active ZFS zpool 680 # check for an active ZFS zpool
686 if [ "${ezjail_imagetype}" = "zfs" ]; then 681 if [ "${ezjail_imagetype}" = "zfs" ]; then
687 check_for_zpool 682 check_for_zpool
@@ -717,7 +712,7 @@ delete)
717 if [ "${ezjail_wipeme}" ]; then 712 if [ "${ezjail_wipeme}" ]; then
718 case ${ezjail_imagetype} in 713 case ${ezjail_imagetype} in
719 simple|bde|eli) 714 simple|bde|eli)
720 [ "${ezjail_image}" ] && rm -f "${ezjail_image}" "${ezjail_image%.img}.device" 715 [ "${ezjail_image}" ] && rm -f "${ezjail_image}" "${ezjail_image%.img}.device"
721 ;; 716 ;;
722 zfs) 717 zfs)
723 echo "ZFS: delete the jails ZFS" 718 echo "ZFS: delete the jails ZFS"
@@ -747,7 +742,16 @@ list)
747 fi 742 fi
748 [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state="${ezjail_state}N" 743 [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state="${ezjail_state}N"
749 744
750 printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}" 745 TIFS=${IFS}; IFS=,; unset _multiline
746 for ezjail_ip in ${ezjail_ips}; do
747 if[ -z "${_multiline}" ]; then
748 printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}"
749 else
750 echo " ${ezjail_ip}"
751 _multiline=yes
752 fi
753 done
754 IFS=${TIFS}
751 done 755 done
752 756
753 ;; 757 ;;
@@ -782,7 +786,7 @@ setup|update)
782 [ -d "${ezjail_jailbase}" ] || exerr "Error: base jail does not exist.\n You cannot fill base jails ports tree before creating it.\n Please run '${ezjail_admin} update' or '${ezjail_admin} install' first." 786 [ -d "${ezjail_jailbase}" ] || exerr "Error: base jail does not exist.\n You cannot fill base jails ports tree before creating it.\n Please run '${ezjail_admin} update' or '${ezjail_admin} install' first."
783 elif [ "${ezjail_installaction}" = "freebsd-update" ]; then 787 elif [ "${ezjail_installaction}" = "freebsd-update" ]; then
784 [ -d "${ezjail_jailbase}" ] || exerr "Error: base jail does not exist.\n You cannot update a base jail until it is created.\n Please run '${ezjail_admin} update' or '${ezjail_admin} install' first." 788 [ -d "${ezjail_jailbase}" ] || exerr "Error: base jail does not exist.\n You cannot update a base jail until it is created.\n Please run '${ezjail_admin} update' or '${ezjail_admin} install' first."
785 789
786 # If ran from cron be kind to freebsds update servers and sleep first 790 # If ran from cron be kind to freebsds update servers and sleep first
787 [ -z "$TERM" -o "$TERM" = "dumb" ] && sleep $(( ${RANDOM} % 3600 )) 791 [ -z "$TERM" -o "$TERM" = "dumb" ] && sleep $(( ${RANDOM} % 3600 ))
788 if [ "${ezjail_use_zfs}" = "YES" ]; then 792 if [ "${ezjail_use_zfs}" = "YES" ]; then
@@ -954,7 +958,7 @@ console)
954 # This one will also exerr on failure 958 # This one will also exerr on failure
955 start_stop_jail_by_script start 959 start_stop_jail_by_script start
956 fi 960 fi
957 961
958 # use the jails FIB if there is one 962 # use the jails FIB if there is one
959 if [ -n "${ezjail_fib}" ]; then 963 if [ -n "${ezjail_fib}" ]; then
960 _setfib="setfib -F ${ezjail_fib}" 964 _setfib="setfib -F ${ezjail_fib}"
@@ -1145,10 +1149,10 @@ restore)
1145 fetchjailinfo ${ezjail_safename} ${ezjail_config} 1149 fetchjailinfo ${ezjail_safename} ${ezjail_config}
1146 1150
1147 # Now all parameters are here, invoke ezjail-admin create 1151 # Now all parameters are here, invoke ezjail-admin create
1148 [ "${ezjail_rootdir}" -a "${ezjail_ip}" -a "${ezjail_hostname}" ] || exerr "Error: Archive does not contain a valid ezjail properties file.\n Some jails properties are missing." 1152 [ "${ezjail_rootdir}" -a "${ezjail_ips}" -a "${ezjail_hostname}" ] || exerr "Error: Archive does not contain a valid ezjail properties file.\n Some jails properties are missing."
1149 [ "${ezjail_imagetype}" ] && ezjail_imagedata="-c ${ezjail_imagetype} -C '${ezjail_attachparams}' -s ${ezjail_nameprop_imgagesize}" 1153 [ "${ezjail_imagetype}" ] && ezjail_imagedata="-c ${ezjail_imagetype} -C '${ezjail_attachparams}' -s ${ezjail_nameprop_imgagesize}"
1150 1154
1151 $0 create -a "${ezjail_fromarchive}" -A "${ezjail_config}" ${ezjail_imagedata} -r "${ezjail_rootdir}" "${ezjail_hostname}" "${ezjail_ip}" || exerr "Error: Create failed." 1155 $0 create -a "${ezjail_fromarchive}" -A "${ezjail_config}" ${ezjail_imagedata} -r "${ezjail_rootdir}" "${ezjail_hostname}" "${ezjail_ips}" || exerr "Error: Create failed."
1152 rm -f "${ezjail_config}" 1156 rm -f "${ezjail_config}"
1153 1157
1154 done 1158 done
@@ -1241,12 +1245,9 @@ config)
1241 else 1245 else
1242 unset ezjail_new_image 1246 unset ezjail_new_image
1243 fi 1247 fi
1244
1245 if [ "${ezjail_imagetype}" = "zfs" ]; then
1246 # ZFS: using the zfs rename feature to rename the filesystem, remounting is done by ZFS
1247 zfs rename ${ezjail_jailzfs}/${ezjail_hostname} ${ezjail_jailzfs}/${ezjail_new_hostname}
1248 fi
1249 1248
1249 # ZFS: using the zfs rename feature to rename the filesystem, remounting is done by ZFS
1250 [ "${ezjail_imagetype}" = "zfs" ] && zfs rename ${ezjail_jailzfs}/${ezjail_hostname} ${ezjail_jailzfs}/${ezjail_new_hostname}
1250 1251
1251 # adjust softlink 1252 # adjust softlink
1252 if [ -L "${ezjail_softlink}" ]; then 1253 if [ -L "${ezjail_softlink}" ]; then
@@ -1310,7 +1311,7 @@ config)
1310 grep -e ^\# "${ezjail_config}" 1311 grep -e ^\# "${ezjail_config}"
1311 echo 1312 echo
1312 echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" 1313 echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
1313 echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" 1314 echo export jail_${ezjail_safename}_ip=\"${ezjail_ips}\"
1314 echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" 1315 echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
1315 echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\" 1316 echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\"
1316 echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" 1317 echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"
@@ -1339,7 +1340,7 @@ config)
1339 grep -e ^\# "${ezjail_config}" 1340 grep -e ^\# "${ezjail_config}"
1340 echo 1341 echo
1341 echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" 1342 echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
1342 echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" 1343 echo export jail_${ezjail_safename}_ip=\"${ezjail_ips}\"
1343 echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" 1344 echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
1344 echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\" 1345 echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\"
1345 echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" 1346 echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"
@@ -1370,7 +1371,7 @@ config)
1370 grep -e ^\# "${ezjail_config}" 1371 grep -e ^\# "${ezjail_config}"
1371 echo 1372 echo
1372 echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" 1373 echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
1373 echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" 1374 echo export jail_${ezjail_safename}_ip=\"${ezjail_ips}\"
1374 echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" 1375 echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
1375 echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\" 1376 echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\"
1376 echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" 1377 echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"