diff options
Diffstat (limited to 'ezjail-admin')
-rwxr-xr-x | ezjail-admin | 79 |
1 files changed, 45 insertions, 34 deletions
diff --git a/ezjail-admin b/ezjail-admin index 1a560e0..1846138 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
@@ -30,6 +30,14 @@ ezjail_fdescfs_enable=${ezjail_fdescfs_enable:-"YES"} | |||
30 | 30 | ||
31 | ezjail_dirlist="bin boot lib libexec rescue sbin usr/bin usr/games usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/src usr/share" | 31 | ezjail_dirlist="bin boot lib libexec rescue sbin usr/bin usr/games usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/src usr/share" |
32 | 32 | ||
33 | ezjail_usage_ezjailadmin="Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" | ||
34 | ezjail_usage_create="Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-u passurl] [-C args] jailname jailip" | ||
35 | ezjail_usage_delete="Usage: `basename -- $0` delete [-w] jailname" | ||
36 | ezjail_usage_list="Usage: `basename -- $0` list" | ||
37 | ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" | ||
38 | ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" | ||
39 | ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] jailname" | ||
40 | |||
33 | ################################ | 41 | ################################ |
34 | # End of variable initialization | 42 | # End of variable initialization |
35 | # | 43 | # |
@@ -134,36 +142,36 @@ ezjail_updateports () { | |||
134 | # | 142 | # |
135 | 143 | ||
136 | # check for command | 144 | # check for command |
137 | [ $# -gt 0 ] || exerr "Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" | 145 | [ $# -gt 0 ] || exerr ${ezjail_usage_ezjail} |
138 | 146 | ||
139 | case "$1" in | 147 | case "$1" in |
140 | ######################## ezjail-admin CREATE ######################## | 148 | ######################## ezjail-admin CREATE ######################## |
141 | create) | 149 | create) |
142 | # Clean variables, prevent polution | 150 | # Clean variables, prevent polution |
143 | unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams | 151 | unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams ezjail_passphraseurl ezjail_exists |
144 | ezjail_fillme="YES" | ||
145 | 152 | ||
146 | shift; while getopts :f:r:s:xic:C: arg; do case ${arg} in | 153 | shift; while getopts :f:r:s:xic:u:C: arg; do case ${arg} in |
147 | x) ezjail_fillme="NO";; | 154 | x) ezjail_exists="YES";; |
148 | r) ezjail_rootdir="${OPTARG}";; | 155 | r) ezjail_rootdir="${OPTARG}";; |
149 | f) ezjail_flavour="${OPTARG}";; | 156 | f) ezjail_flavour="${OPTARG}";; |
150 | c) ezjail_imagetype="${OPTARG}";; | 157 | c) ezjail_imagetype="${OPTARG}";; |
151 | C) ezjail_imageparams="${OPTARG}";; | 158 | C) ezjail_imageparams="${OPTARG}";; |
152 | i) ezjail_imagetype=${ezjail_imagetype:-"simple"};; | 159 | i) ezjail_imagetype=${ezjail_imagetype:-"simple"};; |
153 | s) ezjail_imagesize="${OPTARG}";; | 160 | s) ezjail_imagesize="${OPTARG}";; |
154 | ?) exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip";; | 161 | u) ezjail_urlpass="${OPTARG}";; |
162 | ?) exerr ${ezjail_usage_create} | ||
155 | esac; done; shift $(( ${OPTIND} - 1 )) | 163 | esac; done; shift $(( ${OPTIND} - 1 )) |
156 | 164 | ||
157 | ezjail_name=$1; ezjail_ip=$2 | 165 | ezjail_name=$1; ezjail_ip=$2 |
158 | 166 | ||
159 | # we need at least a name and an ip for new jail | 167 | # we need at least a name and an ip for new jail |
160 | [ "${ezjail_name}" -a "${ezjail_ip}" -a $# -eq 2 ] || exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip" | 168 | [ "${ezjail_name}" -a "${ezjail_ip}" -a $# -eq 2 ] || exerr ${ezjail_usage_create} |
161 | 169 | ||
162 | # check for sanity of settings concerning the image feature | 170 | # check for sanity of settings concerning the image feature |
163 | [ "${ezjail_imagetype}" -a "${ezjail_fillme}" = "YES" -a ! "${ezjail_imagesize}" ] && exerr "Image jails need an image size." | 171 | [ "${ezjail_imagetype}" -a -z "${ezjail_exists}" -a -z "${ezjail_imagesize}" ] && exerr "Image jails need an image size." |
164 | 172 | ||
165 | # check for a sane image type | 173 | # check for a sane image type |
166 | case ${ezjail_imagetype} in ""|simple|bde|eli) ;; *) exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip";; esac | 174 | case ${ezjail_imagetype} in ""|simple|bde|eli) ;; *) exerr ${ezjail_usage_create} |
167 | 175 | ||
168 | # check for a sane image size and split it up in blocks | 176 | # check for a sane image size and split it up in blocks |
169 | if [ "${ezjail_imagesize}" ]; then | 177 | if [ "${ezjail_imagesize}" ]; then |
@@ -205,13 +213,13 @@ create) | |||
205 | 213 | ||
206 | # if a directory at the specified jail root already exists, refuse to | 214 | # if a directory at the specified jail root already exists, refuse to |
207 | # install | 215 | # install |
208 | [ -e ${ezjail_rootdir} -a "${ezjail_fillme}" = "YES" ] && exerr "Error: the specified jail root ${ezjail_rootdir} alread exists." | 216 | [ -e ${ezjail_rootdir} -a -z "${ezjail_exists}" ] && exerr "Error: the specified jail root ${ezjail_rootdir} alread exists." |
209 | 217 | ||
210 | # if jail root specified on command line does not lie within our jail | 218 | # if jail root specified on command line does not lie within our jail |
211 | # directory, we need to create a softlink | 219 | # directory, we need to create a softlink |
212 | if [ "${ezjail_rootdir##${ezjail_jaildir}}" = "${ezjail_rootdir}" ]; then | 220 | if [ "${ezjail_rootdir##${ezjail_jaildir}}" = "${ezjail_rootdir}" ]; then |
213 | ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` | 221 | ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` |
214 | [ -e ${ezjail_softlink} -a "${ezjail_fillme}" = "YES" ] && exerr "Error: an ezjail already exists at ${ezjail_softlink}." | 222 | [ -e ${ezjail_softlink} ] && exerr "Error: an ezjail already exists at ${ezjail_softlink}." |
215 | fi | 223 | fi |
216 | 224 | ||
217 | # do some sanity checks on the selected flavour (if any) | 225 | # do some sanity checks on the selected flavour (if any) |
@@ -230,7 +238,7 @@ create) | |||
230 | ezjail_image=${ezjail_image}.img | 238 | ezjail_image=${ezjail_image}.img |
231 | 239 | ||
232 | # If NOT exist, create image | 240 | # If NOT exist, create image |
233 | if [ "${ezjail_fillme}" = "YES" ]; then | 241 | if [ -z "${ezjail_exists}" ]; then |
234 | [ -e "${ezjail_image}" ] && exerr "Error: a file exists at the location ${ezjail_image}, preventing our own image file to be created." | 242 | [ -e "${ezjail_image}" ] && exerr "Error: a file exists at the location ${ezjail_image}, preventing our own image file to be created." |
235 | 243 | ||
236 | # Now create jail disc image | 244 | # Now create jail disc image |
@@ -249,7 +257,7 @@ create) | |||
249 | case "${ezjail_imagetype}" in | 257 | case "${ezjail_imagetype}" in |
250 | bde|eli) | 258 | bde|eli) |
251 | # parse imageparams, generate attachparams | 259 | # parse imageparams, generate attachparams |
252 | if [ -n "${ezjail_imageparams}" ] ; then | 260 | if [ -n "${ezjail_imageparams}" ]; then |
253 | ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh ` | 261 | ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh ` |
254 | [ 0 -eq $? ] || exerr "processing of ezjail_imageparams failed" | 262 | [ 0 -eq $? ] || exerr "processing of ezjail_imageparams failed" |
255 | fi | 263 | fi |
@@ -265,10 +273,10 @@ create) | |||
265 | echo "Attaching crypto device. Enter the passphrase... (if necessary)" | 273 | echo "Attaching crypto device. Enter the passphrase... (if necessary)" |
266 | ( echo ${attach_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not attach crypto image." | 274 | ( echo ${attach_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not attach crypto image." |
267 | ezjail_device=${ezjail_imagedevice}.${ezjail_imagetype} | 275 | ezjail_device=${ezjail_imagedevice}.${ezjail_imagetype} |
268 | ;; | 276 | ;; |
269 | simple) | 277 | simple) |
270 | ezjail_device=${ezjail_imagedevice} | 278 | ezjail_device=${ezjail_imagedevice} |
271 | ;; | 279 | ;; |
272 | esac | 280 | esac |
273 | 281 | ||
274 | # Format memory image | 282 | # Format memory image |
@@ -283,7 +291,7 @@ create) | |||
283 | fi | 291 | fi |
284 | 292 | ||
285 | # now take a copy of our template jail | 293 | # now take a copy of our template jail |
286 | if [ "${ezjail_fillme}" = "YES" ]; then | 294 | if [ -z "${ezjail_exists}" ]; then |
287 | mkdir -p ${ezjail_rootdir} && cd ${ezjail_jailtemplate} && find * | cpio -p -v ${ezjail_rootdir} > /dev/null | 295 | mkdir -p ${ezjail_rootdir} && cd ${ezjail_jailtemplate} && find * | cpio -p -v ${ezjail_rootdir} > /dev/null |
288 | [ $? = 0 ] || detach_images || exerr "Error: Could not copy template jail." | 296 | [ $? = 0 ] || detach_images || exerr "Error: Could not copy template jail." |
289 | fi | 297 | fi |
@@ -298,7 +306,7 @@ create) | |||
298 | echo ${ezjail_rootdir}.device ${ezjail_rootdir} ufs rw 0 0 >> /etc/fstab.${ezjail_safename} | 306 | echo ${ezjail_rootdir}.device ${ezjail_rootdir} ufs rw 0 0 >> /etc/fstab.${ezjail_safename} |
299 | echo ${ezjail_jailbase} ${ezjail_rootdir}/basejail nullfs ro 0 0 >> /etc/fstab.${ezjail_safename} | 307 | echo ${ezjail_jailbase} ${ezjail_rootdir}/basejail nullfs ro 0 0 >> /etc/fstab.${ezjail_safename} |
300 | 308 | ||
301 | # now, where everything seems to have gone right, create control file in | 309 | # now, where everything seems to have gone right, create control file in |
302 | # ezjails config dir | 310 | # ezjails config dir |
303 | mkdir -p ${ezjail_jailcfgs} | 311 | mkdir -p ${ezjail_jailcfgs} |
304 | echo "# To specify the start up order of your ezjails, use these lines to" > ${ezjail_config} | 312 | echo "# To specify the start up order of your ezjails, use these lines to" > ${ezjail_config} |
@@ -316,9 +324,10 @@ create) | |||
316 | echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} | 324 | echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} |
317 | echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} | 325 | echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} |
318 | echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config} | 326 | echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config} |
327 | echo export jail_${ezjail_safename}_passphraseurl=\"${ezjail_passphraseurl}\" >> ${ezjail_config} | ||
319 | 328 | ||
320 | # Final steps for flavour installation | 329 | # Final steps for flavour installation |
321 | if [ "${ezjail_fillme}" = "YES" -a "${ezjail_flavour}" ]; then | 330 | if [ -z "${ezjail_exists}" -a -n "${ezjail_flavour}" ]; then |
322 | # install files and config to new jail | 331 | # install files and config to new jail |
323 | cd ${ezjail_flavours}/${ezjail_flavour} && find * | cpio -p -u -v ${ezjail_rootdir} > /dev/null | 332 | cd ${ezjail_flavours}/${ezjail_flavour} && find * | cpio -p -u -v ${ezjail_rootdir} > /dev/null |
324 | [ $? = 0 ] || echo "Warning: Could not fully install flavour." | 333 | [ $? = 0 ] || echo "Warning: Could not fully install flavour." |
@@ -350,7 +359,9 @@ create) | |||
350 | ezjail_listener=`sockstat -4 -l | grep \*:[[:digit:]]` | 359 | ezjail_listener=`sockstat -4 -l | grep \*:[[:digit:]]` |
351 | [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}" | 360 | [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}" |
352 | IFS=${TIFS} | 361 | IFS=${TIFS} |
353 | 362 | ||
363 | [ -n "${ezjail_passphraseurl}" ] && echo -e "You specified a passphrase file location ${ezjail_passphraseurl}\nThis will be fetched by ezjail.sh when auto-running this jail. The file should contain a line in the form\njail_${ezjail_safename}_passphrase=YOURPASSPHRASE\n. If fetching fails or the file does not contain that line, the jail ${ezjail_name} will not be started, even if no passphrase was necessary." | ||
364 | |||
354 | ;; | 365 | ;; |
355 | ######################## ezjail-admin DELETE ######################## | 366 | ######################## ezjail-admin DELETE ######################## |
356 | delete) | 367 | delete) |
@@ -359,11 +370,11 @@ delete) | |||
359 | 370 | ||
360 | shift; while getopts :w arg; do case ${arg} in | 371 | shift; while getopts :w arg; do case ${arg} in |
361 | w) ezjail_wipeme="YES";; | 372 | w) ezjail_wipeme="YES";; |
362 | ?) exerr "Usage: `basename -- $0` delete [-w] jailname";; | 373 | ?) exerr ${ezjail_usage_delete} |
363 | esac; done; shift $(( $OPTIND - 1 )) | 374 | esac; done; shift $(( $OPTIND - 1 )) |
364 | 375 | ||
365 | # we need name of jail to vanish | 376 | # we need name of jail to vanish |
366 | [ $# -eq 1 ] || exerr "Usage: `basename -- $0` delete [-w] jailname" | 377 | [ $# -eq 1 ] || exerr ${ezjail_usage_delete} |
367 | 378 | ||
368 | # Get all info we have on that jail | 379 | # Get all info we have on that jail |
369 | fetchjailinfo $1 | 380 | fetchjailinfo $1 |
@@ -390,7 +401,7 @@ delete) | |||
390 | ;; | 401 | ;; |
391 | ######################## ezjail-admin LIST ######################## | 402 | ######################## ezjail-admin LIST ######################## |
392 | list) | 403 | list) |
393 | [ $# -eq 1 ] || exerr "Usage: `basename -- $0` list" | 404 | [ $# -eq 1 ] || exerr ${ezjail_usage_list} |
394 | 405 | ||
395 | ezjail_list=`find -X ${ezjail_prefix}/etc/ezjail/ 2> /dev/null | xargs rcorder | xargs basename -a` | 406 | ezjail_list=`find -X ${ezjail_prefix}/etc/ezjail/ 2> /dev/null | xargs rcorder | xargs basename -a` |
396 | 407 | ||
@@ -417,10 +428,10 @@ setup|update) | |||
417 | s) ezjail_sourcetree="${OPTARG}";; | 428 | s) ezjail_sourcetree="${OPTARG}";; |
418 | p) ezjail_provideports="YES";; | 429 | p) ezjail_provideports="YES";; |
419 | P) ezjail_provideports="YES"; ezjail_installaction="none";; | 430 | P) ezjail_provideports="YES"; ezjail_installaction="none";; |
420 | ?) exerr "Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]";; | 431 | ?) exerr ${ezjail_usage_update} |
421 | esac; done; shift $(( ${OPTIND} - 1 )) | 432 | esac; done; shift $(( ${OPTIND} - 1 )) |
422 | 433 | ||
423 | [ $# -eq 0 ] || exerr "Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" | 434 | [ $# -eq 0 ] || exerr ${ezjail_usage_update} |
424 | 435 | ||
425 | if [ "${ezjail_installaction}" = "none" ]; then | 436 | if [ "${ezjail_installaction}" = "none" ]; then |
426 | # check, whether ezjail-update has been called. existence of | 437 | # check, whether ezjail-update has been called. existence of |
@@ -458,10 +469,10 @@ install) | |||
458 | p) ezjail_installports="YES";; | 469 | p) ezjail_installports="YES";; |
459 | h) ezjail_ftphost="${OPTARG}";; | 470 | h) ezjail_ftphost="${OPTARG}";; |
460 | r) ezjail_release="${OPTARG}";; | 471 | r) ezjail_release="${OPTARG}";; |
461 | ?) exerr "Usage: `basename -- $0` install [-mps] [-h host] [-r release]";; | 472 | ?) exerr ${ezjail_usage_install} |
462 | esac; done; shift $(( ${OPTIND} - 1 )) | 473 | esac; done; shift $(( ${OPTIND} - 1 )) |
463 | 474 | ||
464 | [ $# -eq 0 ] || exerr "Usage: `basename -- $0` install [-mps] [-h host] [-r release]" | 475 | [ $# -eq 0 ] || exerr ${ezjail_usage_install} |
465 | 476 | ||
466 | ezjail_installarch=`uname -p` | 477 | ezjail_installarch=`uname -p` |
467 | ezjail_ftphost=${ezjail_ftphost:-"ftp.freebsd.org"} | 478 | ezjail_ftphost=${ezjail_ftphost:-"ftp.freebsd.org"} |
@@ -531,10 +542,10 @@ config) | |||
531 | 542 | ||
532 | shift; while getopts :r: arg; do case ${arg} in | 543 | shift; while getopts :r: arg; do case ${arg} in |
533 | r) ezjail_setrunnable=${OPTARG};; | 544 | r) ezjail_setrunnable=${OPTARG};; |
534 | ?) exerr "Usage: `basename -- $0` config [-r run|norun] jailname";; | 545 | ?) exerr ${ezjail_usage_config} |
535 | esac; done; shift $(( ${OPTIND} - 1 )) | 546 | esac; done; shift $(( ${OPTIND} - 1 )) |
536 | 547 | ||
537 | [ $# -eq 1 ] || exerr "Usage: `basename -- $0` config [-r run|norun] jailname" | 548 | [ $# -eq 1 ] || exerr ${ezjail_usage_config} |
538 | 549 | ||
539 | # Jail name mandatory | 550 | # Jail name mandatory |
540 | fetchjailinfo $1 | 551 | fetchjailinfo $1 |
@@ -559,10 +570,10 @@ config) | |||
559 | ############################################################################## | 570 | ############################################################################## |
560 | # ezjail_imageparams HACK starts here | 571 | # ezjail_imageparams HACK starts here |
561 | # | 572 | # |
562 | # | 573 | # |
563 | _parse_geli_attach_args_) | 574 | _parse_geli_attach_args_) |
564 | # create geli(8) attach arguments from geli(8) init arguments: | 575 | # create geli(8) attach arguments from geli(8) init arguments: |
565 | # -P becomes -p if present, -K newkeyfile becomes -k newkeyfile if present, | 576 | # -P becomes -p if present, -K newkeyfile becomes -k newkeyfile if present, |
566 | # everything else is dicarded | 577 | # everything else is dicarded |
567 | shift; while getopts :bPva:i:K:l:s: arg; do case ${arg} in | 578 | shift; while getopts :bPva:i:K:l:s: arg; do case ${arg} in |
568 | b|v|a|i|l|s);; # ignore these | 579 | b|v|a|i|l|s);; # ignore these |
@@ -591,6 +602,6 @@ _parse_gbde_attach_args_) | |||
591 | # ezjail_imageparams HACK ends here (thank god) | 602 | # ezjail_imageparams HACK ends here (thank god) |
592 | ############################################################################## | 603 | ############################################################################## |
593 | *) | 604 | *) |
594 | exerr "Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" | 605 | exerr ${ezjail_usage_ezjail} |
595 | ;; | 606 | ;; |
596 | esac | 607 | esac |