From b9c757b78a095fb344c2043cea843333f2447fe8 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Tue, 21 Feb 2012 15:59:19 -0500 Subject: [PATCH] Filled out man page, created gencode-local to copy jailbase to __target_host, filled out parameter list, made explorers useful, created basic layout within gencode-remote. --- conf/type/__jail/explorer/present | 6 +- conf/type/__jail/explorer/status | 6 +- conf/type/__jail/gencode-local | 2 +- conf/type/__jail/gencode-remote | 118 +++++++++++++++++++++++++--- conf/type/__jail/man.text | 52 ++++++++++-- conf/type/__jail/manifest | 31 -------- conf/type/__jail/parameter/optional | 7 ++ 7 files changed, 173 insertions(+), 49 deletions(-) delete mode 100755 conf/type/__jail/manifest diff --git a/conf/type/__jail/explorer/present b/conf/type/__jail/explorer/present index c559cf65..9338fd56 100755 --- a/conf/type/__jail/explorer/present +++ b/conf/type/__jail/explorer/present @@ -21,7 +21,11 @@ # See if the requested jail exists # -name=$__object_id +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name=$__object_id +fi [ -d "/usr/jail/$name" ] && echo "EXISTS" diff --git a/conf/type/__jail/explorer/status b/conf/type/__jail/explorer/status index 19b57672..3fe22adc 100755 --- a/conf/type/__jail/explorer/status +++ b/conf/type/__jail/explorer/status @@ -21,7 +21,11 @@ # See if the requested jail is started # -name=$__object_id +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name=$__object_id +fi jls_output=$(jls | grep "[ ]\/usr\/jail\/$name\$") [ -n "$jls_output" ] && echo "STARTED" diff --git a/conf/type/__jail/gencode-local b/conf/type/__jail/gencode-local index 6ad476e6..2d4415e3 100755 --- a/conf/type/__jail/gencode-local +++ b/conf/type/__jail/gencode-local @@ -29,6 +29,6 @@ jailbase="/usr/jail/jailbase.tgz" basepresent="$(cat "$__object/explorer/basepresent")" if [ "$basepresent" = "NONE" ]; then - __file "$jailbase" --source "$__object/files/jailbase.tgz" + echo "$__remote_copy" "$__object/files/jailbase.tgz" "${target_host}:${jailbase}" fi diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index 264ce111..038daa14 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -22,23 +22,121 @@ # virtual machines. # +# Debug +#exec >&2 +#set -x + +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name="$__object_id" +fi + +state="$(cat "$__object/parameter/state")" + +if [ -f "$__object/parameter/started" ]; then + started="$(cat "$__object/parameter/started")" +else + started="true" +fi + +if [ -f "$__object/parameter/ip" ]; then + ip="$(cat "$__object/parameter/ip")" +else +# IP is an optional param when $state=absent, but +# when $state=present, it's required. Enforce this. + if [ "$state" = "present" ]; then + exec >&2 + echo "If --state is 'present,' --ip must be given\!" + exit 1 + fi +fi + +if [ -f "$__object/parameter/hostname" ]; then + hostname="$(cat "$__object/parameter/hostname")" +else + hostname="$name" +fi + +if [ -f "$__object/parameter/interface" ]; then + interface="$(cat "$__object/parameter/interface")" +fi + +if [ -f "$__object/parameter/devfs-enable" ]; then + devfsenable="$(cat "$__object/parameter/devfs-enable")" +else + devfsenable="true" +fi + +if [ -f "$__object/parameter/devfs-ruleset" ]; then + devfsruleset="$(cat "$__object/parameter/devfs-ruleset")" +else + devfsruleset="jailrules" +fi + +# devfs_ruleset being defined without devfs_enable being true +# is pointless. Treat this as an error. +if [ -n "$devfsrules" -a "$devfsenable" = "false" ]; then + exec >&2 + echo "Can't have --devfs-ruleset defined without --devfs-enable true." + exit 1 +fi + +if [ -f "$__object/parameter/onboot" ]; then + onboot="$(cat "$__object/parameter/onboot")" +fi + jaildir="/usr/jail" present="$(cat "$__object/explorer/present")" status="$(cat "$__object/explorer/status")" -state="$(cat "$__object/parameter/state")" -name="$__object_id" -if [ -f "$__object/parameter/started" ]; then - started="$(cat "$__object/parameter/started")" +# Defining a jail as absent and started at the same time +# makes no sense. Treat this as an error. +if [ "$started" = "true" -a "$state" = "absent" ]; then + exec >&2 + echo "Can't have --state absent and --started true together\!" + exit 1 fi -# +stopJail() { +# Check $status before issuing command + [ "$status" = "STARTED" ] && echo "/etc/rc.d/jail stop ${name}" +} -if [ "$present" = "EXISTS" ]; then -# blah +startJail() { +# Check $status before issuing command + [ ! "$status" = "STARTED" ] && echo "/etc/rc.d/jail start ${name}" +} + +deleteJail() { +} + +createJail() { +} + +if [ "$present" = "EXISTS" ]; then # The jail currently exists + if [ "$state" = "present" ]; then # The jail is supposed to exist + if [ "$started" = "true" ]; then # The jail is supposed to be started + startJail + else # The jail is not supposed to be started + stopJail + fi + exit 0 + else # The jail is not supposed to exist + stopJail + deleteJail + exit 0 + fi +else # The jail does not currently exist + if [ "$state" = "absent" ]; then # The jail is not supposed to be present + exit 0 + else # The jail is supposed to exist + createJail + [ "$started" = "true" ] && startJail + exit 0 + fi fi -if [ "$status" = "STARTED" ]; then -# blah -fi +# Debug +#set +x diff --git a/conf/type/__jail/man.text b/conf/type/__jail/man.text index b2e49468..e6256975 100644 --- a/conf/type/__jail/man.text +++ b/conf/type/__jail/man.text @@ -21,25 +21,67 @@ state:: OPTIONAL PARAMETERS ------------------- -started:: - Either "true" or "false." +name:: + The name of the jail. Default is to use the object_id as the jail name. +started:: + Either "true" or "false." Defaults to true. + +ip:: + The ifconfig style IP/netmask combination to use for the jail guest. If + the state parameter is "present," this parameter is required. + +hostname:: + The FQDN to use for the jail guest. Defaults to the name parameter. + +interface:: + The name of the physical interface on the jail server to bind the jail to. + +devfs-enable:: + Whether to allow devfs mounting within the jail. Must be "true" or "false." + Defaults to true. + +devfs-ruleset:: + The name of the devfs ruleset to associate with the jail. Defaults to + "jailrules." This ruleset must be copied to the server via another type. + To use this option, devfs-enable must be "true." + +onboot:: + Whether to add the jail to rc.conf's jail_list variable. Must be either + "true" or "false." Defaults to false. + + +CAVEATS +------- +This type does not currently support modification of jail options. If, for +example a jail needs to have its IP address or netmask changed, the jail must +be removed then re-added with the correct IP address/netmask or the appropriate +line (jail__ip="...") modified within rc.conf through some alternate +means. EXAMPLES -------- -------------------------------------------------------------------------------- # Create a jail called www -__jail www --state present +__jail www --state present --ip "192.168.1.2 netmask 255.255.255.0" # Remove the jail called www __jail www --state absent # Ensure that the jail called www is started -__jail www --state present --started true +__jail www --state present --started true \ + --ip "192.168.1.2 netmask 255.255.255.0" # Use the name variable explicitly -__jail thisjail --state present --name www +__jail thisjail --state present --name www \ + --ip "192.168.1.2 netmask 255.255.255.0" + +# Go nuts +__jail lotsofoptions --state present --name testjail --started true \ + --ip "192.168.1.100 netmask 255.255.255.0" \ + --hostname "testjail.example.com" --interface "em0" \ + --onboot yes -------------------------------------------------------------------------------- diff --git a/conf/type/__jail/manifest b/conf/type/__jail/manifest deleted file mode 100755 index 81fcd65b..00000000 --- a/conf/type/__jail/manifest +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -# -# 2012 Jake Guffey (jake.guffey at eprotex.com) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# -# The __jail type creates, configures, and deletes FreeBSD jails for use as -# virtual machines. -# - -#FIXME: /usr/jail should never be hardcoded in this type -#FIXME: jailbase.tgz should not be hardcoded in this file - -jailbase="/usr/jail/jailbase.tgz" - -__rsyncer "$jailbase" --source "$__object/files/jailbase.tgz" - diff --git a/conf/type/__jail/parameter/optional b/conf/type/__jail/parameter/optional index c06c82c7..85b94270 100644 --- a/conf/type/__jail/parameter/optional +++ b/conf/type/__jail/parameter/optional @@ -1 +1,8 @@ +name started +ip +hostname +interface +devfs-enable +devfs-ruleset +onboot