summaryrefslogtreecommitdiff
path: root/ezjail-admin
diff options
context:
space:
mode:
Diffstat (limited to 'ezjail-admin')
-rwxr-xr-xezjail-admin79
1 files changed, 45 insertions, 34 deletions
diff --git a/ezjail-admin b/ezjail-admin
index 1a560e0..1846138 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -30,6 +30,14 @@ ezjail_fdescfs_enable=${ezjail_fdescfs_enable:-"YES"}
30 30
31ezjail_dirlist="bin boot lib libexec rescue sbin usr/bin usr/games usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/src usr/share" 31ezjail_dirlist="bin boot lib libexec rescue sbin usr/bin usr/games usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/src usr/share"
32 32
33ezjail_usage_ezjailadmin="Usage: `basename -- $0` [config|create|delete|install|list|update] {params}"
34ezjail_usage_create="Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-u passurl] [-C args] jailname jailip"
35ezjail_usage_delete="Usage: `basename -- $0` delete [-w] jailname"
36ezjail_usage_list="Usage: `basename -- $0` list"
37ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]"
38ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]"
39ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] jailname"
40
33################################ 41################################
34# End of variable initialization 42# End of variable initialization
35# 43#
@@ -134,36 +142,36 @@ ezjail_updateports () {
134# 142#
135 143
136# check for command 144# check for command
137[ $# -gt 0 ] || exerr "Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" 145[ $# -gt 0 ] || exerr ${ezjail_usage_ezjail}
138 146
139case "$1" in 147case "$1" in
140######################## ezjail-admin CREATE ######################## 148######################## ezjail-admin CREATE ########################
141create) 149create)
142 # Clean variables, prevent polution 150 # Clean variables, prevent polution
143 unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams 151 unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams ezjail_passphraseurl ezjail_exists
144 ezjail_fillme="YES"
145 152
146 shift; while getopts :f:r:s:xic:C: arg; do case ${arg} in 153 shift; while getopts :f:r:s:xic:u:C: arg; do case ${arg} in
147 x) ezjail_fillme="NO";; 154 x) ezjail_exists="YES";;
148 r) ezjail_rootdir="${OPTARG}";; 155 r) ezjail_rootdir="${OPTARG}";;
149 f) ezjail_flavour="${OPTARG}";; 156 f) ezjail_flavour="${OPTARG}";;
150 c) ezjail_imagetype="${OPTARG}";; 157 c) ezjail_imagetype="${OPTARG}";;
151 C) ezjail_imageparams="${OPTARG}";; 158 C) ezjail_imageparams="${OPTARG}";;
152 i) ezjail_imagetype=${ezjail_imagetype:-"simple"};; 159 i) ezjail_imagetype=${ezjail_imagetype:-"simple"};;
153 s) ezjail_imagesize="${OPTARG}";; 160 s) ezjail_imagesize="${OPTARG}";;
154 ?) exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip";; 161 u) ezjail_urlpass="${OPTARG}";;
162 ?) exerr ${ezjail_usage_create}
155 esac; done; shift $(( ${OPTIND} - 1 )) 163 esac; done; shift $(( ${OPTIND} - 1 ))
156 164
157 ezjail_name=$1; ezjail_ip=$2 165 ezjail_name=$1; ezjail_ip=$2
158 166
159 # we need at least a name and an ip for new jail 167 # we need at least a name and an ip for new jail
160 [ "${ezjail_name}" -a "${ezjail_ip}" -a $# -eq 2 ] || exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip" 168 [ "${ezjail_name}" -a "${ezjail_ip}" -a $# -eq 2 ] || exerr ${ezjail_usage_create}
161 169
162 # check for sanity of settings concerning the image feature 170 # check for sanity of settings concerning the image feature
163 [ "${ezjail_imagetype}" -a "${ezjail_fillme}" = "YES" -a ! "${ezjail_imagesize}" ] && exerr "Image jails need an image size." 171 [ "${ezjail_imagetype}" -a -z "${ezjail_exists}" -a -z "${ezjail_imagesize}" ] && exerr "Image jails need an image size."
164 172
165 # check for a sane image type 173 # check for a sane image type
166 case ${ezjail_imagetype} in ""|simple|bde|eli) ;; *) exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip";; esac 174 case ${ezjail_imagetype} in ""|simple|bde|eli) ;; *) exerr ${ezjail_usage_create}
167 175
168 # check for a sane image size and split it up in blocks 176 # check for a sane image size and split it up in blocks
169 if [ "${ezjail_imagesize}" ]; then 177 if [ "${ezjail_imagesize}" ]; then
@@ -205,13 +213,13 @@ create)
205 213
206 # if a directory at the specified jail root already exists, refuse to 214 # if a directory at the specified jail root already exists, refuse to
207 # install 215 # install
208 [ -e ${ezjail_rootdir} -a "${ezjail_fillme}" = "YES" ] && exerr "Error: the specified jail root ${ezjail_rootdir} alread exists." 216 [ -e ${ezjail_rootdir} -a -z "${ezjail_exists}" ] && exerr "Error: the specified jail root ${ezjail_rootdir} alread exists."
209 217
210 # if jail root specified on command line does not lie within our jail 218 # if jail root specified on command line does not lie within our jail
211 # directory, we need to create a softlink 219 # directory, we need to create a softlink
212 if [ "${ezjail_rootdir##${ezjail_jaildir}}" = "${ezjail_rootdir}" ]; then 220 if [ "${ezjail_rootdir##${ezjail_jaildir}}" = "${ezjail_rootdir}" ]; then
213 ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` 221 ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}`
214 [ -e ${ezjail_softlink} -a "${ezjail_fillme}" = "YES" ] && exerr "Error: an ezjail already exists at ${ezjail_softlink}." 222 [ -e ${ezjail_softlink} ] && exerr "Error: an ezjail already exists at ${ezjail_softlink}."
215 fi 223 fi
216 224
217 # do some sanity checks on the selected flavour (if any) 225 # do some sanity checks on the selected flavour (if any)
@@ -230,7 +238,7 @@ create)
230 ezjail_image=${ezjail_image}.img 238 ezjail_image=${ezjail_image}.img
231 239
232 # If NOT exist, create image 240 # If NOT exist, create image
233 if [ "${ezjail_fillme}" = "YES" ]; then 241 if [ -z "${ezjail_exists}" ]; then
234 [ -e "${ezjail_image}" ] && exerr "Error: a file exists at the location ${ezjail_image}, preventing our own image file to be created." 242 [ -e "${ezjail_image}" ] && exerr "Error: a file exists at the location ${ezjail_image}, preventing our own image file to be created."
235 243
236 # Now create jail disc image 244 # Now create jail disc image
@@ -249,7 +257,7 @@ create)
249 case "${ezjail_imagetype}" in 257 case "${ezjail_imagetype}" in
250 bde|eli) 258 bde|eli)
251 # parse imageparams, generate attachparams 259 # parse imageparams, generate attachparams
252 if [ -n "${ezjail_imageparams}" ] ; then 260 if [ -n "${ezjail_imageparams}" ]; then
253 ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh ` 261 ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh `
254 [ 0 -eq $? ] || exerr "processing of ezjail_imageparams failed" 262 [ 0 -eq $? ] || exerr "processing of ezjail_imageparams failed"
255 fi 263 fi
@@ -265,10 +273,10 @@ create)
265 echo "Attaching crypto device. Enter the passphrase... (if necessary)" 273 echo "Attaching crypto device. Enter the passphrase... (if necessary)"
266 ( echo ${attach_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not attach crypto image." 274 ( echo ${attach_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not attach crypto image."
267 ezjail_device=${ezjail_imagedevice}.${ezjail_imagetype} 275 ezjail_device=${ezjail_imagedevice}.${ezjail_imagetype}
268 ;; 276 ;;
269 simple) 277 simple)
270 ezjail_device=${ezjail_imagedevice} 278 ezjail_device=${ezjail_imagedevice}
271 ;; 279 ;;
272 esac 280 esac
273 281
274 # Format memory image 282 # Format memory image
@@ -283,7 +291,7 @@ create)
283 fi 291 fi
284 292
285 # now take a copy of our template jail 293 # now take a copy of our template jail
286 if [ "${ezjail_fillme}" = "YES" ]; then 294 if [ -z "${ezjail_exists}" ]; then
287 mkdir -p ${ezjail_rootdir} && cd ${ezjail_jailtemplate} && find * | cpio -p -v ${ezjail_rootdir} > /dev/null 295 mkdir -p ${ezjail_rootdir} && cd ${ezjail_jailtemplate} && find * | cpio -p -v ${ezjail_rootdir} > /dev/null
288 [ $? = 0 ] || detach_images || exerr "Error: Could not copy template jail." 296 [ $? = 0 ] || detach_images || exerr "Error: Could not copy template jail."
289 fi 297 fi
@@ -298,7 +306,7 @@ create)
298 echo ${ezjail_rootdir}.device ${ezjail_rootdir} ufs rw 0 0 >> /etc/fstab.${ezjail_safename} 306 echo ${ezjail_rootdir}.device ${ezjail_rootdir} ufs rw 0 0 >> /etc/fstab.${ezjail_safename}
299 echo ${ezjail_jailbase} ${ezjail_rootdir}/basejail nullfs ro 0 0 >> /etc/fstab.${ezjail_safename} 307 echo ${ezjail_jailbase} ${ezjail_rootdir}/basejail nullfs ro 0 0 >> /etc/fstab.${ezjail_safename}
300 308
301 # now, where everything seems to have gone right, create control file in 309 # now, where everything seems to have gone right, create control file in
302 # ezjails config dir 310 # ezjails config dir
303 mkdir -p ${ezjail_jailcfgs} 311 mkdir -p ${ezjail_jailcfgs}
304 echo "# To specify the start up order of your ezjails, use these lines to" > ${ezjail_config} 312 echo "# To specify the start up order of your ezjails, use these lines to" > ${ezjail_config}
@@ -316,9 +324,10 @@ create)
316 echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} 324 echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config}
317 echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} 325 echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config}
318 echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config} 326 echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config}
327 echo export jail_${ezjail_safename}_passphraseurl=\"${ezjail_passphraseurl}\" >> ${ezjail_config}
319 328
320 # Final steps for flavour installation 329 # Final steps for flavour installation
321 if [ "${ezjail_fillme}" = "YES" -a "${ezjail_flavour}" ]; then 330 if [ -z "${ezjail_exists}" -a -n "${ezjail_flavour}" ]; then
322 # install files and config to new jail 331 # install files and config to new jail
323 cd ${ezjail_flavours}/${ezjail_flavour} && find * | cpio -p -u -v ${ezjail_rootdir} > /dev/null 332 cd ${ezjail_flavours}/${ezjail_flavour} && find * | cpio -p -u -v ${ezjail_rootdir} > /dev/null
324 [ $? = 0 ] || echo "Warning: Could not fully install flavour." 333 [ $? = 0 ] || echo "Warning: Could not fully install flavour."
@@ -350,7 +359,9 @@ create)
350 ezjail_listener=`sockstat -4 -l | grep \*:[[:digit:]]` 359 ezjail_listener=`sockstat -4 -l | grep \*:[[:digit:]]`
351 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}" 360 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}"
352 IFS=${TIFS} 361 IFS=${TIFS}
353 362
363 [ -n "${ezjail_passphraseurl}" ] && echo -e "You specified a passphrase file location ${ezjail_passphraseurl}\nThis will be fetched by ezjail.sh when auto-running this jail. The file should contain a line in the form\njail_${ezjail_safename}_passphrase=YOURPASSPHRASE\n. If fetching fails or the file does not contain that line, the jail ${ezjail_name} will not be started, even if no passphrase was necessary."
364
354 ;; 365 ;;
355######################## ezjail-admin DELETE ######################## 366######################## ezjail-admin DELETE ########################
356delete) 367delete)
@@ -359,11 +370,11 @@ delete)
359 370
360 shift; while getopts :w arg; do case ${arg} in 371 shift; while getopts :w arg; do case ${arg} in
361 w) ezjail_wipeme="YES";; 372 w) ezjail_wipeme="YES";;
362 ?) exerr "Usage: `basename -- $0` delete [-w] jailname";; 373 ?) exerr ${ezjail_usage_delete}
363 esac; done; shift $(( $OPTIND - 1 )) 374 esac; done; shift $(( $OPTIND - 1 ))
364 375
365 # we need name of jail to vanish 376 # we need name of jail to vanish
366 [ $# -eq 1 ] || exerr "Usage: `basename -- $0` delete [-w] jailname" 377 [ $# -eq 1 ] || exerr ${ezjail_usage_delete}
367 378
368 # Get all info we have on that jail 379 # Get all info we have on that jail
369 fetchjailinfo $1 380 fetchjailinfo $1
@@ -390,7 +401,7 @@ delete)
390 ;; 401 ;;
391######################## ezjail-admin LIST ######################## 402######################## ezjail-admin LIST ########################
392list) 403list)
393 [ $# -eq 1 ] || exerr "Usage: `basename -- $0` list" 404 [ $# -eq 1 ] || exerr ${ezjail_usage_list}
394 405
395 ezjail_list=`find -X ${ezjail_prefix}/etc/ezjail/ 2> /dev/null | xargs rcorder | xargs basename -a` 406 ezjail_list=`find -X ${ezjail_prefix}/etc/ezjail/ 2> /dev/null | xargs rcorder | xargs basename -a`
396 407
@@ -417,10 +428,10 @@ setup|update)
417 s) ezjail_sourcetree="${OPTARG}";; 428 s) ezjail_sourcetree="${OPTARG}";;
418 p) ezjail_provideports="YES";; 429 p) ezjail_provideports="YES";;
419 P) ezjail_provideports="YES"; ezjail_installaction="none";; 430 P) ezjail_provideports="YES"; ezjail_installaction="none";;
420 ?) exerr "Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]";; 431 ?) exerr ${ezjail_usage_update}
421 esac; done; shift $(( ${OPTIND} - 1 )) 432 esac; done; shift $(( ${OPTIND} - 1 ))
422 433
423 [ $# -eq 0 ] || exerr "Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" 434 [ $# -eq 0 ] || exerr ${ezjail_usage_update}
424 435
425 if [ "${ezjail_installaction}" = "none" ]; then 436 if [ "${ezjail_installaction}" = "none" ]; then
426 # check, whether ezjail-update has been called. existence of 437 # check, whether ezjail-update has been called. existence of
@@ -458,10 +469,10 @@ install)
458 p) ezjail_installports="YES";; 469 p) ezjail_installports="YES";;
459 h) ezjail_ftphost="${OPTARG}";; 470 h) ezjail_ftphost="${OPTARG}";;
460 r) ezjail_release="${OPTARG}";; 471 r) ezjail_release="${OPTARG}";;
461 ?) exerr "Usage: `basename -- $0` install [-mps] [-h host] [-r release]";; 472 ?) exerr ${ezjail_usage_install}
462 esac; done; shift $(( ${OPTIND} - 1 )) 473 esac; done; shift $(( ${OPTIND} - 1 ))
463 474
464 [ $# -eq 0 ] || exerr "Usage: `basename -- $0` install [-mps] [-h host] [-r release]" 475 [ $# -eq 0 ] || exerr ${ezjail_usage_install}
465 476
466 ezjail_installarch=`uname -p` 477 ezjail_installarch=`uname -p`
467 ezjail_ftphost=${ezjail_ftphost:-"ftp.freebsd.org"} 478 ezjail_ftphost=${ezjail_ftphost:-"ftp.freebsd.org"}
@@ -531,10 +542,10 @@ config)
531 542
532 shift; while getopts :r: arg; do case ${arg} in 543 shift; while getopts :r: arg; do case ${arg} in
533 r) ezjail_setrunnable=${OPTARG};; 544 r) ezjail_setrunnable=${OPTARG};;
534 ?) exerr "Usage: `basename -- $0` config [-r run|norun] jailname";; 545 ?) exerr ${ezjail_usage_config}
535 esac; done; shift $(( ${OPTIND} - 1 )) 546 esac; done; shift $(( ${OPTIND} - 1 ))
536 547
537 [ $# -eq 1 ] || exerr "Usage: `basename -- $0` config [-r run|norun] jailname" 548 [ $# -eq 1 ] || exerr ${ezjail_usage_config}
538 549
539 # Jail name mandatory 550 # Jail name mandatory
540 fetchjailinfo $1 551 fetchjailinfo $1
@@ -559,10 +570,10 @@ config)
559############################################################################## 570##############################################################################
560# ezjail_imageparams HACK starts here 571# ezjail_imageparams HACK starts here
561# 572#
562# 573#
563_parse_geli_attach_args_) 574_parse_geli_attach_args_)
564 # create geli(8) attach arguments from geli(8) init arguments: 575 # create geli(8) attach arguments from geli(8) init arguments:
565 # -P becomes -p if present, -K newkeyfile becomes -k newkeyfile if present, 576 # -P becomes -p if present, -K newkeyfile becomes -k newkeyfile if present,
566 # everything else is dicarded 577 # everything else is dicarded
567 shift; while getopts :bPva:i:K:l:s: arg; do case ${arg} in 578 shift; while getopts :bPva:i:K:l:s: arg; do case ${arg} in
568 b|v|a|i|l|s);; # ignore these 579 b|v|a|i|l|s);; # ignore these
@@ -591,6 +602,6 @@ _parse_gbde_attach_args_)
591# ezjail_imageparams HACK ends here (thank god) 602# ezjail_imageparams HACK ends here (thank god)
592############################################################################## 603##############################################################################
593*) 604*)
594 exerr "Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" 605 exerr ${ezjail_usage_ezjail}
595 ;; 606 ;;
596esac 607esac