From d5b015b268280470602d70dd8814a7ae4bc5a26b Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Fri, 17 Feb 2012 14:13:55 -0500 Subject: [PATCH 01/15] Initial commit. Placeholder files. --- conf/type/__jail/gencode-remote | 0 conf/type/__jail/man.text | 0 conf/type/__jail/parameter/optional | 0 conf/type/__jail/parameter/required | 0 4 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 conf/type/__jail/gencode-remote create mode 100644 conf/type/__jail/man.text create mode 100644 conf/type/__jail/parameter/optional create mode 100644 conf/type/__jail/parameter/required diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote new file mode 100644 index 00000000..e69de29b diff --git a/conf/type/__jail/man.text b/conf/type/__jail/man.text new file mode 100644 index 00000000..e69de29b diff --git a/conf/type/__jail/parameter/optional b/conf/type/__jail/parameter/optional new file mode 100644 index 00000000..e69de29b diff --git a/conf/type/__jail/parameter/required b/conf/type/__jail/parameter/required new file mode 100644 index 00000000..e69de29b From d082815c811ba53cb096198d1199f5c35e11f269 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Sun, 19 Feb 2012 14:09:36 -0500 Subject: [PATCH 02/15] Created explorers, man page, jailbase placeholder. Began initial development of gencode-remote. --- conf/type/__jail/explorer/present | 27 +++++++++++++++ conf/type/__jail/explorer/status | 28 +++++++++++++++ conf/type/__jail/files/jailbase | 1 + conf/type/__jail/gencode-remote | 44 +++++++++++++++++++++++ conf/type/__jail/man.text | 54 +++++++++++++++++++++++++++++ conf/type/__jail/manifest | 31 +++++++++++++++++ conf/type/__jail/parameter/optional | 1 + conf/type/__jail/parameter/required | 1 + 8 files changed, 187 insertions(+) create mode 100755 conf/type/__jail/explorer/present create mode 100755 conf/type/__jail/explorer/status create mode 100644 conf/type/__jail/files/jailbase mode change 100644 => 100755 conf/type/__jail/gencode-remote create mode 100755 conf/type/__jail/manifest diff --git a/conf/type/__jail/explorer/present b/conf/type/__jail/explorer/present new file mode 100755 index 00000000..c559cf65 --- /dev/null +++ b/conf/type/__jail/explorer/present @@ -0,0 +1,27 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# See if the requested jail exists +# + +name=$__object_id + +[ -d "/usr/jail/$name" ] && echo "EXISTS" + diff --git a/conf/type/__jail/explorer/status b/conf/type/__jail/explorer/status new file mode 100755 index 00000000..19b57672 --- /dev/null +++ b/conf/type/__jail/explorer/status @@ -0,0 +1,28 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# See if the requested jail is started +# + +name=$__object_id + +jls_output=$(jls | grep "[ ]\/usr\/jail\/$name\$") +[ -n "$jls_output" ] && echo "STARTED" + diff --git a/conf/type/__jail/files/jailbase b/conf/type/__jail/files/jailbase new file mode 100644 index 00000000..defb739a --- /dev/null +++ b/conf/type/__jail/files/jailbase @@ -0,0 +1 @@ +Create a tarball jailbase.tgz in this directory containing the base filesystem for a jail. diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote old mode 100644 new mode 100755 index e69de29b..264ce111 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -0,0 +1,44 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# The __jail type creates, configures, and deletes FreeBSD jails for use as +# virtual machines. +# + +jaildir="/usr/jail" +present="$(cat "$__object/explorer/present")" +status="$(cat "$__object/explorer/status")" +state="$(cat "$__object/parameter/state")" +name="$__object_id" + +if [ -f "$__object/parameter/started" ]; then + started="$(cat "$__object/parameter/started")" +fi + +# + +if [ "$present" = "EXISTS" ]; then +# blah +fi + +if [ "$status" = "STARTED" ]; then +# blah +fi + diff --git a/conf/type/__jail/man.text b/conf/type/__jail/man.text index e69de29b..b2e49468 100644 --- a/conf/type/__jail/man.text +++ b/conf/type/__jail/man.text @@ -0,0 +1,54 @@ +cdist-type__jail(7) +========================== +Jake Guffey + + +NAME +---- +cdist-type__jail - Manage FreeBSD jails + + +DESCRIPTION +----------- +This type is used on FreeBSD to manage jails. + + +REQUIRED PARAMETERS +------------------- +state:: + Either "present" or "absent." + + +OPTIONAL PARAMETERS +------------------- +started:: + Either "true" or "false." + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Create a jail called www +__jail www --state present + +# Remove the jail called www +__jail www --state absent + +# Ensure that the jail called www is started +__jail www --state present --started true + +# Use the name variable explicitly +__jail thisjail --state present --name www +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2012 Jake Guffey. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/conf/type/__jail/manifest b/conf/type/__jail/manifest new file mode 100755 index 00000000..81fcd65b --- /dev/null +++ b/conf/type/__jail/manifest @@ -0,0 +1,31 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# The __jail type creates, configures, and deletes FreeBSD jails for use as +# virtual machines. +# + +#FIXME: /usr/jail should never be hardcoded in this type +#FIXME: jailbase.tgz should not be hardcoded in this file + +jailbase="/usr/jail/jailbase.tgz" + +__rsyncer "$jailbase" --source "$__object/files/jailbase.tgz" + diff --git a/conf/type/__jail/parameter/optional b/conf/type/__jail/parameter/optional index e69de29b..c06c82c7 100644 --- a/conf/type/__jail/parameter/optional +++ b/conf/type/__jail/parameter/optional @@ -0,0 +1 @@ +started diff --git a/conf/type/__jail/parameter/required b/conf/type/__jail/parameter/required index e69de29b..ff72b5c7 100644 --- a/conf/type/__jail/parameter/required +++ b/conf/type/__jail/parameter/required @@ -0,0 +1 @@ +state From 2e4e291449af87d1aafaed9e604766ff28e35aa0 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Mon, 20 Feb 2012 14:20:55 -0500 Subject: [PATCH 03/15] Added gencode-local to sync jailbase with remote side, added .gitignore to keep from syncing jailbase.tgz with github, new explorer basepresent to look for /usr/jail/{base,jailbase.tgz} --- conf/type/__jail/.gitignore | 1 + conf/type/__jail/explorer/basepresent | 42 +++++++++++++++++++++++++++ conf/type/__jail/gencode-local | 34 ++++++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 conf/type/__jail/.gitignore create mode 100755 conf/type/__jail/explorer/basepresent create mode 100755 conf/type/__jail/gencode-local diff --git a/conf/type/__jail/.gitignore b/conf/type/__jail/.gitignore new file mode 100644 index 00000000..e0471be4 --- /dev/null +++ b/conf/type/__jail/.gitignore @@ -0,0 +1 @@ +files/jailbase.tgz diff --git a/conf/type/__jail/explorer/basepresent b/conf/type/__jail/explorer/basepresent new file mode 100755 index 00000000..7c21fc08 --- /dev/null +++ b/conf/type/__jail/explorer/basepresent @@ -0,0 +1,42 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# See if the jailbase.tgz or /usr/jail/base dir exists +# + +name="base:jailbase.tgz" +exists=0 + +save_IFS="$IFS" +IFS=":" +for cur in $name; do + if [ -e "/usr/jail/$cur" ]; then + echo -n "$cur:" + let exists="$exists+1" 2>&1 >&- + fi +done +IFS="$save_IFS" + +if [ "$exists" -eq "0" ]; then + echo "NONE" +else + echo "$exists" +fi + diff --git a/conf/type/__jail/gencode-local b/conf/type/__jail/gencode-local new file mode 100755 index 00000000..6ad476e6 --- /dev/null +++ b/conf/type/__jail/gencode-local @@ -0,0 +1,34 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# The __jail type creates, configures, and deletes FreeBSD jails for use as +# virtual machines. +# + +#FIXME: /usr/jail should never be hardcoded in this type +#FIXME: jailbase.tgz should not be hardcoded in this file + +jailbase="/usr/jail/jailbase.tgz" +basepresent="$(cat "$__object/explorer/basepresent")" + +if [ "$basepresent" = "NONE" ]; then + __file "$jailbase" --source "$__object/files/jailbase.tgz" +fi + From b9c757b78a095fb344c2043cea843333f2447fe8 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Tue, 21 Feb 2012 15:59:19 -0500 Subject: [PATCH 04/15] Filled out man page, created gencode-local to copy jailbase to __target_host, filled out parameter list, made explorers useful, created basic layout within gencode-remote. --- conf/type/__jail/explorer/present | 6 +- conf/type/__jail/explorer/status | 6 +- conf/type/__jail/gencode-local | 2 +- conf/type/__jail/gencode-remote | 118 +++++++++++++++++++++++++--- conf/type/__jail/man.text | 52 ++++++++++-- conf/type/__jail/manifest | 31 -------- conf/type/__jail/parameter/optional | 7 ++ 7 files changed, 173 insertions(+), 49 deletions(-) delete mode 100755 conf/type/__jail/manifest diff --git a/conf/type/__jail/explorer/present b/conf/type/__jail/explorer/present index c559cf65..9338fd56 100755 --- a/conf/type/__jail/explorer/present +++ b/conf/type/__jail/explorer/present @@ -21,7 +21,11 @@ # See if the requested jail exists # -name=$__object_id +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name=$__object_id +fi [ -d "/usr/jail/$name" ] && echo "EXISTS" diff --git a/conf/type/__jail/explorer/status b/conf/type/__jail/explorer/status index 19b57672..3fe22adc 100755 --- a/conf/type/__jail/explorer/status +++ b/conf/type/__jail/explorer/status @@ -21,7 +21,11 @@ # See if the requested jail is started # -name=$__object_id +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name=$__object_id +fi jls_output=$(jls | grep "[ ]\/usr\/jail\/$name\$") [ -n "$jls_output" ] && echo "STARTED" diff --git a/conf/type/__jail/gencode-local b/conf/type/__jail/gencode-local index 6ad476e6..2d4415e3 100755 --- a/conf/type/__jail/gencode-local +++ b/conf/type/__jail/gencode-local @@ -29,6 +29,6 @@ jailbase="/usr/jail/jailbase.tgz" basepresent="$(cat "$__object/explorer/basepresent")" if [ "$basepresent" = "NONE" ]; then - __file "$jailbase" --source "$__object/files/jailbase.tgz" + echo "$__remote_copy" "$__object/files/jailbase.tgz" "${target_host}:${jailbase}" fi diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index 264ce111..038daa14 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -22,23 +22,121 @@ # virtual machines. # +# Debug +#exec >&2 +#set -x + +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name="$__object_id" +fi + +state="$(cat "$__object/parameter/state")" + +if [ -f "$__object/parameter/started" ]; then + started="$(cat "$__object/parameter/started")" +else + started="true" +fi + +if [ -f "$__object/parameter/ip" ]; then + ip="$(cat "$__object/parameter/ip")" +else +# IP is an optional param when $state=absent, but +# when $state=present, it's required. Enforce this. + if [ "$state" = "present" ]; then + exec >&2 + echo "If --state is 'present,' --ip must be given\!" + exit 1 + fi +fi + +if [ -f "$__object/parameter/hostname" ]; then + hostname="$(cat "$__object/parameter/hostname")" +else + hostname="$name" +fi + +if [ -f "$__object/parameter/interface" ]; then + interface="$(cat "$__object/parameter/interface")" +fi + +if [ -f "$__object/parameter/devfs-enable" ]; then + devfsenable="$(cat "$__object/parameter/devfs-enable")" +else + devfsenable="true" +fi + +if [ -f "$__object/parameter/devfs-ruleset" ]; then + devfsruleset="$(cat "$__object/parameter/devfs-ruleset")" +else + devfsruleset="jailrules" +fi + +# devfs_ruleset being defined without devfs_enable being true +# is pointless. Treat this as an error. +if [ -n "$devfsrules" -a "$devfsenable" = "false" ]; then + exec >&2 + echo "Can't have --devfs-ruleset defined without --devfs-enable true." + exit 1 +fi + +if [ -f "$__object/parameter/onboot" ]; then + onboot="$(cat "$__object/parameter/onboot")" +fi + jaildir="/usr/jail" present="$(cat "$__object/explorer/present")" status="$(cat "$__object/explorer/status")" -state="$(cat "$__object/parameter/state")" -name="$__object_id" -if [ -f "$__object/parameter/started" ]; then - started="$(cat "$__object/parameter/started")" +# Defining a jail as absent and started at the same time +# makes no sense. Treat this as an error. +if [ "$started" = "true" -a "$state" = "absent" ]; then + exec >&2 + echo "Can't have --state absent and --started true together\!" + exit 1 fi -# +stopJail() { +# Check $status before issuing command + [ "$status" = "STARTED" ] && echo "/etc/rc.d/jail stop ${name}" +} -if [ "$present" = "EXISTS" ]; then -# blah +startJail() { +# Check $status before issuing command + [ ! "$status" = "STARTED" ] && echo "/etc/rc.d/jail start ${name}" +} + +deleteJail() { +} + +createJail() { +} + +if [ "$present" = "EXISTS" ]; then # The jail currently exists + if [ "$state" = "present" ]; then # The jail is supposed to exist + if [ "$started" = "true" ]; then # The jail is supposed to be started + startJail + else # The jail is not supposed to be started + stopJail + fi + exit 0 + else # The jail is not supposed to exist + stopJail + deleteJail + exit 0 + fi +else # The jail does not currently exist + if [ "$state" = "absent" ]; then # The jail is not supposed to be present + exit 0 + else # The jail is supposed to exist + createJail + [ "$started" = "true" ] && startJail + exit 0 + fi fi -if [ "$status" = "STARTED" ]; then -# blah -fi +# Debug +#set +x diff --git a/conf/type/__jail/man.text b/conf/type/__jail/man.text index b2e49468..e6256975 100644 --- a/conf/type/__jail/man.text +++ b/conf/type/__jail/man.text @@ -21,25 +21,67 @@ state:: OPTIONAL PARAMETERS ------------------- -started:: - Either "true" or "false." +name:: + The name of the jail. Default is to use the object_id as the jail name. +started:: + Either "true" or "false." Defaults to true. + +ip:: + The ifconfig style IP/netmask combination to use for the jail guest. If + the state parameter is "present," this parameter is required. + +hostname:: + The FQDN to use for the jail guest. Defaults to the name parameter. + +interface:: + The name of the physical interface on the jail server to bind the jail to. + +devfs-enable:: + Whether to allow devfs mounting within the jail. Must be "true" or "false." + Defaults to true. + +devfs-ruleset:: + The name of the devfs ruleset to associate with the jail. Defaults to + "jailrules." This ruleset must be copied to the server via another type. + To use this option, devfs-enable must be "true." + +onboot:: + Whether to add the jail to rc.conf's jail_list variable. Must be either + "true" or "false." Defaults to false. + + +CAVEATS +------- +This type does not currently support modification of jail options. If, for +example a jail needs to have its IP address or netmask changed, the jail must +be removed then re-added with the correct IP address/netmask or the appropriate +line (jail__ip="...") modified within rc.conf through some alternate +means. EXAMPLES -------- -------------------------------------------------------------------------------- # Create a jail called www -__jail www --state present +__jail www --state present --ip "192.168.1.2 netmask 255.255.255.0" # Remove the jail called www __jail www --state absent # Ensure that the jail called www is started -__jail www --state present --started true +__jail www --state present --started true \ + --ip "192.168.1.2 netmask 255.255.255.0" # Use the name variable explicitly -__jail thisjail --state present --name www +__jail thisjail --state present --name www \ + --ip "192.168.1.2 netmask 255.255.255.0" + +# Go nuts +__jail lotsofoptions --state present --name testjail --started true \ + --ip "192.168.1.100 netmask 255.255.255.0" \ + --hostname "testjail.example.com" --interface "em0" \ + --onboot yes -------------------------------------------------------------------------------- diff --git a/conf/type/__jail/manifest b/conf/type/__jail/manifest deleted file mode 100755 index 81fcd65b..00000000 --- a/conf/type/__jail/manifest +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -# -# 2012 Jake Guffey (jake.guffey at eprotex.com) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# -# The __jail type creates, configures, and deletes FreeBSD jails for use as -# virtual machines. -# - -#FIXME: /usr/jail should never be hardcoded in this type -#FIXME: jailbase.tgz should not be hardcoded in this file - -jailbase="/usr/jail/jailbase.tgz" - -__rsyncer "$jailbase" --source "$__object/files/jailbase.tgz" - diff --git a/conf/type/__jail/parameter/optional b/conf/type/__jail/parameter/optional index c06c82c7..85b94270 100644 --- a/conf/type/__jail/parameter/optional +++ b/conf/type/__jail/parameter/optional @@ -1 +1,8 @@ +name started +ip +hostname +interface +devfs-enable +devfs-ruleset +onboot From 18c0e947aa6cf57f0dbe01e61b860298b20fcb17 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Tue, 21 Feb 2012 18:34:21 -0500 Subject: [PATCH 05/15] Created initial createJail function. Script still can't delete jails yet. --- conf/type/__jail/gencode-remote | 95 ++++++++++++++++++++++++++++++++- 1 file changed, 94 insertions(+), 1 deletion(-) diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index 038daa14..5e1bdc02 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -76,7 +76,7 @@ fi # devfs_ruleset being defined without devfs_enable being true # is pointless. Treat this as an error. -if [ -n "$devfsrules" -a "$devfsenable" = "false" ]; then +if [ -n "$devfsruleset" -a "$devfsenable" = "false" ]; then exec >&2 echo "Can't have --devfs-ruleset defined without --devfs-enable true." exit 1 @@ -109,9 +109,102 @@ startJail() { } deleteJail() { +# If the jail's mountpoints are mounted, unmount them +# Remove the jail's rw mountpoints +# Remove the jail's ro mountpoint +# Remove the jail directory +# If the jail's devfs rules are custom (!="jailrules"), remove them +# Remove jail_$name_* lines from rc.conf +# Remove " $name " from jail_list if it's there } createJail() { +# Create the jail directory +echo <<-EOF + mkdir -p ${jaildir}/${name} + if [ ! -d "${jaildir}/base" ]; then + mkdir "${jaildir}/base" + tar -xzf "${jaildir}/jailbase.tgz" -C "${jaildir}/base" + if [ ! -d "${jaildir}/base/usr/local" ]; then + mkdir -p "${jaildir}/base/usr/local" + fi + if [ ! -d "${jaildir}/base/usr/home" ]; then + mkdir -p "${jaildir}/base/usr/home" + fi + fi + if [ ! -d "${jaildir}/rw" ]; then + mkdir "${jaildir}/rw" + fi + mkdir -p "${jaildir}/rw/${name}/etc" + cp -r ${jaildir}/base/etc/* "${jaildir}/rw/${name}/etc/" + mkdir "${jaildir}/rw/${name}/local" + mkdir "${jaildir}/rw/${name}/db" + if [ -d "${jaildir}/base/var/db" ]; then + cp -r ${jaildir}/base/var/db/* "${jaildir}/rw/${name}/db/" + fi + mkdir "${jaildir}/rw/${name}/home" + if [ -d "${jaildir}/base/usr/home" ]; then + cp -r ${jaildir}/base/usr/home/* "${jaildir}/rw/${name}/home/" + fi + mkdir "${jaildir}/rw/${name}/tmp" +EOF + +# Create the ro+rw mountpoint entries in fstab +echo <<-EOF + echo >/etc/fstab.${name} <<-END + /usr/jail/base /usr/jail/${name} nullfs ro 0 0 + /usr/jail/rw/${name}/etc /usr/jail/${name}/etc nullfs rw 0 0 + /usr/jail/rw/${name}/local /usr/jail/${name}/usr/local nullfs rw 0 0 + /usr/jail/rw/${name}/db /usr/jail/${name}/var/db nullfs rw 0 0 + /usr/jail/rw/${name}/home /usr/jail/${name}/usr/home nullfs rw 0 0 + /usr/jail/rw/${name}/tmp /usr/jail/${name}/var/tmp nullfs rw 0 0 + END +EOF + +# Add the jail_$name_* lines to rc.conf +echo <<-EOF + echo >>/etc/rc.conf <<-END + jail_${name}_rootdir="${jaildir}/${name}" + jail_${name}_hostname="${hostname}" + jail_${name}_ip="${ip}" + jail_${name}_devfs_enable="${devfsenable}" + jail_${name}_mount_enable="YES" + jail_${name}_fstab="/etc/fstab.$name" + END +EOF + +if [ -n "$interface" ]; then + echo <<-EOF + echo >>/etc/rc.conf <<-END + jail_${name}_interface="${interface}" + END +EOF +fi + +if [ "$devfsenable" = "true" ]; then + echo <<-EOF + echo >>/etc/rc.conf <<-END + jail_${name}_devfs_ruleset="$devfsruleset" + END +EOF +fi + +# Add $name to jail_list if $onboot=true +if [ "$onboot" = "true" ]; then + echo <<-EOF + eval $(grep '^jail_list=' /etc/rc.conf) + jail_list="${jail_list} ${name}" + sed -i "s/^jail_list=\".*\"/jail_list=\"${jail_list}\"/" /etc/rc.conf + unset jail_list +EOF +fi + +# Add the normal entries into the jail's rc.conf +echo "echo hostname=\"${hostname}\"" >>"${jaildir}/rw/${name}/etc/rc.conf" +echo 'echo sendmail_enable=\"NONE\"' >>"${jaildir}/rw/${name}/etc/rc.conf" +echo 'echo syslogd_enable=\"YES\"' >>"${jaildir}/rw/${name}/etc/rc.conf" +echo 'echo syslogd_flags=\"-ss\"' >>"${jaildir}/rw/${name}/etc/rc.conf" + } if [ "$present" = "EXISTS" ]; then # The jail currently exists From 446f497c4c911929ecb6a54d531bb06a82142926 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 22 Feb 2012 12:13:20 -0500 Subject: [PATCH 06/15] Created deleteJail function. Ready to begin debugging. --- conf/type/__jail/gencode-remote | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index 5e1bdc02..37aa8d56 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -109,13 +109,31 @@ startJail() { } deleteJail() { -# If the jail's mountpoints are mounted, unmount them # Remove the jail's rw mountpoints -# Remove the jail's ro mountpoint + echo "rm -rf /usr/jail/rw/${name}" +# Remove the jail's fstab + echo "rm -f /etc/fstab.${name}" # Remove the jail directory -# If the jail's devfs rules are custom (!="jailrules"), remove them + echo "rm -rf /usr/jail/${name}" # Remove jail_$name_* lines from rc.conf + echo <<-EOF + sed -i '.bak' "/^jail_${name}_/d" /etc/rc.conf +EOF # Remove " $name " from jail_list if it's there + echo <<-EOF + eval $(grep '^jail_list=' /etc/rc.conf) + + for JAIL in ${jail_list}; do + if [ ! "${JAIL}" = "${name}" ]; then + new_list="${new_list} ${JAIL}" + fi + done + jail_list="${new_list}" + + sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"${jail_list}\"/" /etc/rc.conf + unset jail_list + rm -f /etc/rc.conf.bak +EOF } createJail() { @@ -194,8 +212,9 @@ if [ "$onboot" = "true" ]; then echo <<-EOF eval $(grep '^jail_list=' /etc/rc.conf) jail_list="${jail_list} ${name}" - sed -i "s/^jail_list=\".*\"/jail_list=\"${jail_list}\"/" /etc/rc.conf + sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"${jail_list}\"/" /etc/rc.conf unset jail_list + rm -f /etc/rc.conf.bak EOF fi From 0515fd84831f76d31a7689e38931d4d76b55deae Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Thu, 23 Feb 2012 17:17:30 -0500 Subject: [PATCH 07/15] Various bugfixes. Needed to use '|| true' on subshell variable assignments in case of empty return Added default status (started=true or false) Added default devfs rules Replaced <<- HEREDOC usage with << Added escapes where necessary within quoted strings or HEREDOCs --- conf/type/__jail/explorer/basepresent | 16 ++- conf/type/__jail/explorer/present | 8 +- conf/type/__jail/explorer/status | 18 ++- conf/type/__jail/gencode-remote | 153 +++++++++++++++++--------- 4 files changed, 132 insertions(+), 63 deletions(-) diff --git a/conf/type/__jail/explorer/basepresent b/conf/type/__jail/explorer/basepresent index 7c21fc08..aa155b03 100755 --- a/conf/type/__jail/explorer/basepresent +++ b/conf/type/__jail/explorer/basepresent @@ -21,22 +21,28 @@ # See if the jailbase.tgz or /usr/jail/base dir exists # +# Debug +#exec >&2 +#set -x + name="base:jailbase.tgz" -exists=0 +out="" save_IFS="$IFS" IFS=":" for cur in $name; do if [ -e "/usr/jail/$cur" ]; then - echo -n "$cur:" - let exists="$exists+1" 2>&1 >&- + out="${out}:${cur}" fi done IFS="$save_IFS" -if [ "$exists" -eq "0" ]; then +if [ -z "$out" ]; then echo "NONE" else - echo "$exists" + echo "${out}" fi +# Debug +#set +x + diff --git a/conf/type/__jail/explorer/present b/conf/type/__jail/explorer/present index 9338fd56..a1f44302 100755 --- a/conf/type/__jail/explorer/present +++ b/conf/type/__jail/explorer/present @@ -21,11 +21,17 @@ # See if the requested jail exists # +# Debug +#exec >&2 +#set -x + if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name=$__object_id fi -[ -d "/usr/jail/$name" ] && echo "EXISTS" +[ -d "/usr/jail/$name" ] && echo "EXISTS" || echo "NOTEXIST" + +#set +x diff --git a/conf/type/__jail/explorer/status b/conf/type/__jail/explorer/status index 3fe22adc..5f95f406 100755 --- a/conf/type/__jail/explorer/status +++ b/conf/type/__jail/explorer/status @@ -21,12 +21,24 @@ # See if the requested jail is started # +# Debug +#exec >&2 +#set -x + if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else - name=$__object_id + name="$__object_id" fi -jls_output=$(jls | grep "[ ]\/usr\/jail\/$name\$") -[ -n "$jls_output" ] && echo "STARTED" +jls_output="$(jls | grep "[ ^I]\/usr\/jail\/${name}\$")" || true + +if [ -n "${jls_output}" ]; then + echo "STARTED" +else + echo "NOTSTART" +fi + +# Debug +#set +x diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index 37aa8d56..3dfec9ad 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -37,7 +37,11 @@ state="$(cat "$__object/parameter/state")" if [ -f "$__object/parameter/started" ]; then started="$(cat "$__object/parameter/started")" else - started="true" + if [ ! "$state" = "present" ]; then + started="false" + else + started="true" + fi fi if [ -f "$__object/parameter/ip" ]; then @@ -100,45 +104,71 @@ fi stopJail() { # Check $status before issuing command - [ "$status" = "STARTED" ] && echo "/etc/rc.d/jail stop ${name}" + if [ "$status" = "STARTED" ]; then + echo "/etc/rc.d/jail stop ${name}" + fi } startJail() { # Check $status before issuing command - [ ! "$status" = "STARTED" ] && echo "/etc/rc.d/jail start ${name}" + if [ "$status" = "NOTSTART" ]; then + echo "/etc/rc.d/jail start ${name}" + fi } deleteJail() { +# Unmount the jail's mountpoints if necessary + cat <=1 rw mount is mounted still + for DIR in "${output}"; do + umount -F "/etc/fstab.${name}" "\$(echo "${DIR}" | awk '{print $3}')" + done + fi + output="\$(mount | grep "\/${name} (")" || true + if [ -n "\${output}" ]; then # ro mount is mounted still + umount -F "/etc/fstab.${name}" "\$(echo "${output}" | awk '{print $3}')" + fi +EOF # Remove the jail's rw mountpoints - echo "rm -rf /usr/jail/rw/${name}" -# Remove the jail's fstab - echo "rm -f /etc/fstab.${name}" + echo "rm -rf \"/usr/jail/rw/${name}\"" # Remove the jail directory - echo "rm -rf /usr/jail/${name}" + echo "rm -rf \"/usr/jail/${name}\"" +# Remove the jail's fstab + echo "rm -f \"/etc/fstab.${name}\"" # Remove jail_$name_* lines from rc.conf - echo <<-EOF + cat </etc/fstab.${name} <<-END - /usr/jail/base /usr/jail/${name} nullfs ro 0 0 - /usr/jail/rw/${name}/etc /usr/jail/${name}/etc nullfs rw 0 0 - /usr/jail/rw/${name}/local /usr/jail/${name}/usr/local nullfs rw 0 0 - /usr/jail/rw/${name}/db /usr/jail/${name}/var/db nullfs rw 0 0 - /usr/jail/rw/${name}/home /usr/jail/${name}/usr/home nullfs rw 0 0 - /usr/jail/rw/${name}/tmp /usr/jail/${name}/var/tmp nullfs rw 0 0 - END +cat </etc/fstab.${name} <>/etc/rc.conf <<-END - jail_${name}_rootdir="${jaildir}/${name}" - jail_${name}_hostname="${hostname}" - jail_${name}_ip="${ip}" - jail_${name}_devfs_enable="${devfsenable}" - jail_${name}_mount_enable="YES" - jail_${name}_fstab="/etc/fstab.$name" - END +cat <>/etc/rc.conf <>/etc/rc.conf <<-END - jail_${name}_interface="${interface}" - END + cat <>/etc/rc.conf <>/etc/rc.conf <<-END - jail_${name}_devfs_ruleset="$devfsruleset" - END + cat <>/etc/rc.conf <&- >&- + # add default ruleset + cat >>/etc/devfs.rules <>"${jaildir}/rw/${name}/etc/rc.conf" -echo 'echo sendmail_enable=\"NONE\"' >>"${jaildir}/rw/${name}/etc/rc.conf" -echo 'echo syslogd_enable=\"YES\"' >>"${jaildir}/rw/${name}/etc/rc.conf" -echo 'echo syslogd_flags=\"-ss\"' >>"${jaildir}/rw/${name}/etc/rc.conf" - +echo "echo hostname=\"${hostname}\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" +echo "echo sendmail_enable=\"NONE\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" +echo "echo syslogd_enable=\"YES\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" +echo "echo syslogd_flags=\"-ss\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" } if [ "$present" = "EXISTS" ]; then # The jail currently exists From 20a3538e72ee6182edc7f12abe6e5bcd5dcf2df4 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Tue, 28 Feb 2012 11:21:23 -0500 Subject: [PATCH 08/15] Fixed echoing entries Entries weren't being properly echoed into /usr/jail/rw/${name}/etc/rc.conf --- conf/type/__jail/gencode-remote | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index 3dfec9ad..dc18312b 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -265,10 +265,11 @@ EOF fi # Add the normal entries into the jail's rc.conf -echo "echo hostname=\"${hostname}\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" -echo "echo sendmail_enable=\"NONE\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" -echo "echo syslogd_enable=\"YES\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" -echo "echo syslogd_flags=\"-ss\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" +echo "echo hostname=\\\"${hostname}\\\" >\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" +echo "echo sshd_enable=\\\"YES\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" +echo "echo sendmail_enable=\\\"NONE\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" +echo "echo syslogd_enable=\\\"YES\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" +echo "echo syslogd_flags=\\\"-ss\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" } if [ "$present" = "EXISTS" ]; then # The jail currently exists From 46b916c0e18f145a5229e5c8cdf4fe655c433346 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Tue, 28 Feb 2012 16:39:08 -0500 Subject: [PATCH 09/15] Various bugfixes Added logic to ensure that /etc/resolv.conf exists within a jail Replaced /var/db, /var/tmp mountpoints with /var mountpoint in jail Added logic to ensure that every jail is bound to an interface Modified how information is inserted into the jail's rc.conf Added ListenAddress directive for SSHd Updated manpage to reflect these changes --- conf/type/__jail/gencode-remote | 38 +++++++++++++++++++++++---------- conf/type/__jail/man.text | 5 +++-- 2 files changed, 30 insertions(+), 13 deletions(-) diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index dc18312b..c0a35784 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -185,16 +185,18 @@ cat <>/etc/rc.conf <\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" -echo "echo sshd_enable=\\\"YES\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" -echo "echo sendmail_enable=\\\"NONE\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" -echo "echo syslogd_enable=\\\"YES\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" -echo "echo syslogd_flags=\\\"-ss\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" +cat <"${jaildir}/rw/${name}/etc/rc.conf" +echo sshd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf" +echo sendmail_enable=\"NONE\" >>"${jaildir}/rw/${name}/etc/rc.conf" +echo syslogd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf" +echo syslogd_flags=\"-ss\" >>"${jaildir}/rw/${name}/etc/rc.conf" + +EOF +# Configure SSHd's listening address +cat < Date: Fri, 6 Apr 2012 13:32:59 -0400 Subject: [PATCH 10/15] Bugfix for jail_list If jail_list wasn't already defined in /etc/rc.conf, gencode-remote wasn't adding the variable to the file. --- conf/type/__jail/gencode-remote | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index c0a35784..d32ea7d6 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -266,7 +266,12 @@ if [ "$onboot" = "true" ]; then cat <>/etc/rc.conf + fi unset jail_list rm -f /etc/rc.conf.bak EOF From 847fc9d8c168d0395d1f29458005e30f6f9e922d Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 11 Apr 2012 14:53:28 -0400 Subject: [PATCH 11/15] Multiple bugfixes fixed remote copy command fixed problem with code-remote when jail_enable wasn't in rc.conf fixed problem with code-remote when jail_list wasn't in rc.conf added check to see if /etc/devfs.rules exists before trying to use it added dependency on __directory/usr/jail --- conf/type/__jail/gencode-local | 2 +- conf/type/__jail/gencode-remote | 30 +++++++++++++++++++++------- conf/type/__jail/manifest | 35 +++++++++++++++++++++++++++++++++ 3 files changed, 59 insertions(+), 8 deletions(-) create mode 100755 conf/type/__jail/manifest diff --git a/conf/type/__jail/gencode-local b/conf/type/__jail/gencode-local index 2d4415e3..6a66c658 100755 --- a/conf/type/__jail/gencode-local +++ b/conf/type/__jail/gencode-local @@ -29,6 +29,6 @@ jailbase="/usr/jail/jailbase.tgz" basepresent="$(cat "$__object/explorer/basepresent")" if [ "$basepresent" = "NONE" ]; then - echo "$__remote_copy" "$__object/files/jailbase.tgz" "${target_host}:${jailbase}" + echo "$__remote_copy" "$__type/files/jailbase.tgz" "$__target_host:${jailbase}" fi diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index d32ea7d6..56fe9b9a 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -212,6 +212,16 @@ EOF # Add the jail_$name_* lines to rc.conf cat <>/etc/rc.conf + elif [ ! "\$(echo \$jail_enable | tr '[a-z]' '[A-Z]')" = "YES" ]; then # jail_enable="NO" + sed -i '.bak' 's/^jail_enable=.*$/jail_enable="YES"/g' /etc/rc.conf # fix this -^ + rm -f /etc/rc.conf.bak + fi cat >>/etc/rc.conf <>/etc/rc.conf else - echo jail_list=\"\${jail_list}\" >>/etc/rc.conf + jail_list="\${jail_list} ${name}" + sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf + rm -f /etc/rc.conf.bak fi unset jail_list - rm -f /etc/rc.conf.bak EOF fi diff --git a/conf/type/__jail/manifest b/conf/type/__jail/manifest new file mode 100755 index 00000000..fc3d2ac7 --- /dev/null +++ b/conf/type/__jail/manifest @@ -0,0 +1,35 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# The __jail type creates, configures, and deletes FreeBSD jails for use as +# virtual machines. +# + +# Debug +#exec >&2 +#set -x + +jaildir="/usr/jail" + +__directory ${jaildir} --parents yes + +# Debug +#set +x + From d39821782d989b194c436b5669bdb76a0037bf1f Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Mon, 23 Apr 2012 13:43:27 -0400 Subject: [PATCH 12/15] Copy /root to $jailbase/rw/$name/root Copies /root to ${jailbase}/rw/${name}/root Adds /root to /etc/fstab.${name} --- conf/type/__jail/gencode-remote | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index 56fe9b9a..23e8debc 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -197,6 +197,11 @@ cat < Date: Mon, 23 Apr 2012 14:39:26 -0400 Subject: [PATCH 13/15] Added jail_${name}_flags variable To make future work, such as resource limiting (rctl(8)) easier, added "-n ${name}" to jail_flags for each jail. --- conf/type/__jail/gencode-remote | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index 23e8debc..9b91bd50 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -198,8 +198,8 @@ cat < Date: Fri, 27 Apr 2012 11:45:34 -0400 Subject: [PATCH 14/15] Implemented Nico's suggestions Parameterized {jailbase,jaildir} Replaced all usages of /usr/jail with $jaildir Explicitly fail if $os isn't FreeBSD Removed $__type/files/ as it is pointless to have now Updated man page --- conf/type/__jail/explorer/basepresent | 10 ++++++++-- conf/type/__jail/explorer/present | 8 +++++++- conf/type/__jail/explorer/status | 10 +++++++++- conf/type/__jail/files/jailbase | 1 - conf/type/__jail/gencode-local | 13 +++++++++---- conf/type/__jail/gencode-remote | 23 ++++++++++++++--------- conf/type/__jail/man.text | 19 ++++++++++++++----- conf/type/__jail/manifest | 13 ++++++++++++- conf/type/__jail/parameter/optional | 1 + conf/type/__jail/parameter/required | 1 + 10 files changed, 75 insertions(+), 24 deletions(-) delete mode 100644 conf/type/__jail/files/jailbase diff --git a/conf/type/__jail/explorer/basepresent b/conf/type/__jail/explorer/basepresent index aa155b03..f167a19c 100755 --- a/conf/type/__jail/explorer/basepresent +++ b/conf/type/__jail/explorer/basepresent @@ -18,20 +18,26 @@ # along with cdist. If not, see . # # -# See if the jailbase.tgz or /usr/jail/base dir exists +# See if the jailbase.tgz or $jaildir/base dir exists # # Debug #exec >&2 #set -x +if [ -f "$__object/parameter/jaildir" ]; then + jaildir="$(cat "$__object/parameter/name")" +else + jaildir="/usr/jail" +fi + name="base:jailbase.tgz" out="" save_IFS="$IFS" IFS=":" for cur in $name; do - if [ -e "/usr/jail/$cur" ]; then + if [ -e "${jaildir}/$cur" ]; then out="${out}:${cur}" fi done diff --git a/conf/type/__jail/explorer/present b/conf/type/__jail/explorer/present index a1f44302..2ba3b2af 100755 --- a/conf/type/__jail/explorer/present +++ b/conf/type/__jail/explorer/present @@ -31,7 +31,13 @@ else name=$__object_id fi -[ -d "/usr/jail/$name" ] && echo "EXISTS" || echo "NOTEXIST" +if [ -f "$__object/parameter/jaildir" ]; then + jaildir="$(cat "$__object/parameter/name")" +else + jaildir="/usr/jail" +fi + +[ -d "${jaildir}/$name" ] && echo "EXISTS" || echo "NOTEXIST" #set +x diff --git a/conf/type/__jail/explorer/status b/conf/type/__jail/explorer/status index 5f95f406..fe81eaf7 100755 --- a/conf/type/__jail/explorer/status +++ b/conf/type/__jail/explorer/status @@ -31,7 +31,15 @@ else name="$__object_id" fi -jls_output="$(jls | grep "[ ^I]\/usr\/jail\/${name}\$")" || true +if [ -f "$__object/parameter/jaildir" ]; then + jaildir="$(cat "$__object/parameter/name")" +else + jaildir="/usr/jail" +fi +# backslash-escaped $jaildir +sjaildir="$(echo ${jaildir} | sed 's#/#\\/#g')" + +jls_output="$(jls | grep "[ ^I]${sjaildir}\/${name}\$")" || true if [ -n "${jls_output}" ]; then echo "STARTED" diff --git a/conf/type/__jail/files/jailbase b/conf/type/__jail/files/jailbase deleted file mode 100644 index defb739a..00000000 --- a/conf/type/__jail/files/jailbase +++ /dev/null @@ -1 +0,0 @@ -Create a tarball jailbase.tgz in this directory containing the base filesystem for a jail. diff --git a/conf/type/__jail/gencode-local b/conf/type/__jail/gencode-local index 6a66c658..6292d943 100755 --- a/conf/type/__jail/gencode-local +++ b/conf/type/__jail/gencode-local @@ -22,13 +22,18 @@ # virtual machines. # -#FIXME: /usr/jail should never be hardcoded in this type -#FIXME: jailbase.tgz should not be hardcoded in this file +if [ -f "$__object/parameter/jaildir" ]; then + jaildir="$(cat "$__object/parameter/name")" +else + jaildir="/usr/jail" +fi -jailbase="/usr/jail/jailbase.tgz" +jailbase="$(cat "$__object/parameter/jailbase")" + +remotebase="${jaildir}/jailbase.tgz" basepresent="$(cat "$__object/explorer/basepresent")" if [ "$basepresent" = "NONE" ]; then - echo "$__remote_copy" "$__type/files/jailbase.tgz" "$__target_host:${jailbase}" + echo "$__remote_copy" "${jailbase}" "$__target_host:${remotebase}" fi diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index 9b91bd50..b52eb572 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -90,7 +90,12 @@ if [ -f "$__object/parameter/onboot" ]; then onboot="$(cat "$__object/parameter/onboot")" fi -jaildir="/usr/jail" +if [ -f "$__object/parameter/jaildir" ]; then + jaildir="$(cat "$__object/parameter/name")" +else + jaildir="/usr/jail" +fi + present="$(cat "$__object/explorer/present")" status="$(cat "$__object/explorer/status")" @@ -135,9 +140,9 @@ deleteJail() { fi EOF # Remove the jail's rw mountpoints - echo "rm -rf \"/usr/jail/rw/${name}\"" + echo "rm -rf \"${jailbase}/rw/${name}\"" # Remove the jail directory - echo "rm -rf \"/usr/jail/${name}\"" + echo "rm -rf \"${jailbase}/${name}\"" # Remove the jail's fstab echo "rm -f \"/etc/fstab.${name}\"" # Remove jail_$name_* lines from rc.conf @@ -207,12 +212,12 @@ EOF # Create the ro+rw mountpoint entries in fstab cat </etc/fstab.${name} <&2 #set -x -jaildir="/usr/jail" +# Can only be used on FreeBSD +os="$(cat "$__global/explorer/os")" +if [ ! "$os" = "freebsd" ]; then + echo "__jail can only be used on FreeBSD targets!" >&2 + exit 1 +fi + +if [ -f "$__object/parameter/jaildir" ]; then + jaildir="$(cat "$__object/parameter/name")" +else + jaildir="/usr/jail" +fi __directory ${jaildir} --parents yes diff --git a/conf/type/__jail/parameter/optional b/conf/type/__jail/parameter/optional index 85b94270..53b8895f 100644 --- a/conf/type/__jail/parameter/optional +++ b/conf/type/__jail/parameter/optional @@ -6,3 +6,4 @@ interface devfs-enable devfs-ruleset onboot +jaildir diff --git a/conf/type/__jail/parameter/required b/conf/type/__jail/parameter/required index ff72b5c7..29797ee6 100644 --- a/conf/type/__jail/parameter/required +++ b/conf/type/__jail/parameter/required @@ -1 +1,2 @@ state +jailbase From 4b11a6172dee9026558361de054b1b23131b8c5c Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Mon, 30 Apr 2012 17:29:08 -0400 Subject: [PATCH 15/15] Fixed variable naming in /etc/fstab.$name had referenced $jailbase when meaning to reference $jaildir --- conf/type/__jail/gencode-remote | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index b52eb572..7ebe26eb 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -140,9 +140,9 @@ deleteJail() { fi EOF # Remove the jail's rw mountpoints - echo "rm -rf \"${jailbase}/rw/${name}\"" + echo "rm -rf \"${jaildir}/rw/${name}\"" # Remove the jail directory - echo "rm -rf \"${jailbase}/${name}\"" + echo "rm -rf \"${jaildir}/${name}\"" # Remove the jail's fstab echo "rm -f \"/etc/fstab.${name}\"" # Remove jail_$name_* lines from rc.conf @@ -212,12 +212,12 @@ EOF # Create the ro+rw mountpoint entries in fstab cat </etc/fstab.${name} <