forked from ungleich-public/cdist
Implemented Nico's suggestions
Parameterized {jailbase,jaildir} Replaced all usages of /usr/jail with $jaildir Explicitly fail if $os isn't FreeBSD Removed $__type/files/ as it is pointless to have now Updated man page
This commit is contained in:
parent
131889b454
commit
14e851341a
10 changed files with 75 additions and 24 deletions
|
@ -18,20 +18,26 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# See if the jailbase.tgz or /usr/jail/base dir exists
|
# See if the jailbase.tgz or $jaildir/base dir exists
|
||||||
#
|
#
|
||||||
|
|
||||||
# Debug
|
# Debug
|
||||||
#exec >&2
|
#exec >&2
|
||||||
#set -x
|
#set -x
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/jaildir" ]; then
|
||||||
|
jaildir="$(cat "$__object/parameter/name")"
|
||||||
|
else
|
||||||
|
jaildir="/usr/jail"
|
||||||
|
fi
|
||||||
|
|
||||||
name="base:jailbase.tgz"
|
name="base:jailbase.tgz"
|
||||||
out=""
|
out=""
|
||||||
|
|
||||||
save_IFS="$IFS"
|
save_IFS="$IFS"
|
||||||
IFS=":"
|
IFS=":"
|
||||||
for cur in $name; do
|
for cur in $name; do
|
||||||
if [ -e "/usr/jail/$cur" ]; then
|
if [ -e "${jaildir}/$cur" ]; then
|
||||||
out="${out}:${cur}"
|
out="${out}:${cur}"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
|
@ -31,7 +31,13 @@ else
|
||||||
name=$__object_id
|
name=$__object_id
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ -d "/usr/jail/$name" ] && echo "EXISTS" || echo "NOTEXIST"
|
if [ -f "$__object/parameter/jaildir" ]; then
|
||||||
|
jaildir="$(cat "$__object/parameter/name")"
|
||||||
|
else
|
||||||
|
jaildir="/usr/jail"
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ -d "${jaildir}/$name" ] && echo "EXISTS" || echo "NOTEXIST"
|
||||||
|
|
||||||
#set +x
|
#set +x
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,15 @@ else
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
jls_output="$(jls | grep "[ ^I]\/usr\/jail\/${name}\$")" || true
|
if [ -f "$__object/parameter/jaildir" ]; then
|
||||||
|
jaildir="$(cat "$__object/parameter/name")"
|
||||||
|
else
|
||||||
|
jaildir="/usr/jail"
|
||||||
|
fi
|
||||||
|
# backslash-escaped $jaildir
|
||||||
|
sjaildir="$(echo ${jaildir} | sed 's#/#\\/#g')"
|
||||||
|
|
||||||
|
jls_output="$(jls | grep "[ ^I]${sjaildir}\/${name}\$")" || true
|
||||||
|
|
||||||
if [ -n "${jls_output}" ]; then
|
if [ -n "${jls_output}" ]; then
|
||||||
echo "STARTED"
|
echo "STARTED"
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
Create a tarball jailbase.tgz in this directory containing the base filesystem for a jail.
|
|
|
@ -22,13 +22,18 @@
|
||||||
# virtual machines.
|
# virtual machines.
|
||||||
#
|
#
|
||||||
|
|
||||||
#FIXME: /usr/jail should never be hardcoded in this type
|
if [ -f "$__object/parameter/jaildir" ]; then
|
||||||
#FIXME: jailbase.tgz should not be hardcoded in this file
|
jaildir="$(cat "$__object/parameter/name")"
|
||||||
|
else
|
||||||
|
jaildir="/usr/jail"
|
||||||
|
fi
|
||||||
|
|
||||||
jailbase="/usr/jail/jailbase.tgz"
|
jailbase="$(cat "$__object/parameter/jailbase")"
|
||||||
|
|
||||||
|
remotebase="${jaildir}/jailbase.tgz"
|
||||||
basepresent="$(cat "$__object/explorer/basepresent")"
|
basepresent="$(cat "$__object/explorer/basepresent")"
|
||||||
|
|
||||||
if [ "$basepresent" = "NONE" ]; then
|
if [ "$basepresent" = "NONE" ]; then
|
||||||
echo "$__remote_copy" "$__type/files/jailbase.tgz" "$__target_host:${jailbase}"
|
echo "$__remote_copy" "${jailbase}" "$__target_host:${remotebase}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -90,7 +90,12 @@ if [ -f "$__object/parameter/onboot" ]; then
|
||||||
onboot="$(cat "$__object/parameter/onboot")"
|
onboot="$(cat "$__object/parameter/onboot")"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/jaildir" ]; then
|
||||||
|
jaildir="$(cat "$__object/parameter/name")"
|
||||||
|
else
|
||||||
jaildir="/usr/jail"
|
jaildir="/usr/jail"
|
||||||
|
fi
|
||||||
|
|
||||||
present="$(cat "$__object/explorer/present")"
|
present="$(cat "$__object/explorer/present")"
|
||||||
status="$(cat "$__object/explorer/status")"
|
status="$(cat "$__object/explorer/status")"
|
||||||
|
|
||||||
|
@ -135,9 +140,9 @@ deleteJail() {
|
||||||
fi
|
fi
|
||||||
EOF
|
EOF
|
||||||
# Remove the jail's rw mountpoints
|
# Remove the jail's rw mountpoints
|
||||||
echo "rm -rf \"/usr/jail/rw/${name}\""
|
echo "rm -rf \"${jailbase}/rw/${name}\""
|
||||||
# Remove the jail directory
|
# Remove the jail directory
|
||||||
echo "rm -rf \"/usr/jail/${name}\""
|
echo "rm -rf \"${jailbase}/${name}\""
|
||||||
# Remove the jail's fstab
|
# Remove the jail's fstab
|
||||||
echo "rm -f \"/etc/fstab.${name}\""
|
echo "rm -f \"/etc/fstab.${name}\""
|
||||||
# Remove jail_$name_* lines from rc.conf
|
# Remove jail_$name_* lines from rc.conf
|
||||||
|
@ -207,12 +212,12 @@ EOF
|
||||||
# Create the ro+rw mountpoint entries in fstab
|
# Create the ro+rw mountpoint entries in fstab
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
cat >/etc/fstab.${name} <<END
|
cat >/etc/fstab.${name} <<END
|
||||||
/usr/jail/base /usr/jail/${name} nullfs ro 0 0
|
${jailbase}/base ${jailbase}/${name} nullfs ro 0 0
|
||||||
/usr/jail/rw/${name}/etc /usr/jail/${name}/etc nullfs rw 0 0
|
${jailbase}/rw/${name}/etc ${jailbase}/${name}/etc nullfs rw 0 0
|
||||||
/usr/jail/rw/${name}/local /usr/jail/${name}/usr/local nullfs rw 0 0
|
${jailbase}/rw/${name}/local ${jailbase}/${name}/usr/local nullfs rw 0 0
|
||||||
/usr/jail/rw/${name}/var /usr/jail/${name}/var nullfs rw 0 0
|
${jailbase}/rw/${name}/var ${jailbase}/${name}/var nullfs rw 0 0
|
||||||
/usr/jail/rw/${name}/home /usr/jail/${name}/usr/home nullfs rw 0 0
|
${jailbase}/rw/${name}/home ${jailbase}/${name}/usr/home nullfs rw 0 0
|
||||||
/usr/jail/rw/${name}/root /usr/jail/${name}/root nullfs rw 0 0
|
${jailbase}/rw/${name}/root ${jailbase}/${name}/root nullfs rw 0 0
|
||||||
END
|
END
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
|
|
@ -18,6 +18,9 @@ REQUIRED PARAMETERS
|
||||||
state::
|
state::
|
||||||
Either "present" or "absent."
|
Either "present" or "absent."
|
||||||
|
|
||||||
|
jailbase::
|
||||||
|
The location of the .tgz archive containing the base fs for your jails.
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
@ -51,6 +54,10 @@ onboot::
|
||||||
Whether to add the jail to rc.conf's jail_list variable. Must be either
|
Whether to add the jail to rc.conf's jail_list variable. Must be either
|
||||||
"true" or "false." Defaults to false.
|
"true" or "false." Defaults to false.
|
||||||
|
|
||||||
|
jaildir::
|
||||||
|
The location on the remote server to use for hosting jail filesystems.
|
||||||
|
Defaults to /usr/jail.
|
||||||
|
|
||||||
|
|
||||||
CAVEATS
|
CAVEATS
|
||||||
-------
|
-------
|
||||||
|
@ -65,24 +72,26 @@ EXAMPLES
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------
|
||||||
# Create a jail called www
|
# Create a jail called www
|
||||||
__jail www --state present --ip "192.168.1.2"
|
__jail www --state present --ip "192.168.1.2" --jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
# Remove the jail called www
|
# Remove the jail called www
|
||||||
__jail www --state absent
|
__jail www --state absent --jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
# Ensure that the jail called www is started
|
# Ensure that the jail called www is started
|
||||||
__jail www --state present --started true \
|
__jail www --state present --started true \
|
||||||
--ip "192.168.1.2 netmask 255.255.255.0"
|
--ip "192.168.1.2 netmask 255.255.255.0" \
|
||||||
|
--jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
# Use the name variable explicitly
|
# Use the name variable explicitly
|
||||||
__jail thisjail --state present --name www \
|
__jail thisjail --state present --name www \
|
||||||
--ip "192.168.1.2"
|
--ip "192.168.1.2" \
|
||||||
|
--jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
# Go nuts
|
# Go nuts
|
||||||
__jail lotsofoptions --state present --name testjail --started true \
|
__jail lotsofoptions --state present --name testjail --started true \
|
||||||
--ip "192.168.1.100 netmask 255.255.255.0" \
|
--ip "192.168.1.100 netmask 255.255.255.0" \
|
||||||
--hostname "testjail.example.com" --interface "em0" \
|
--hostname "testjail.example.com" --interface "em0" \
|
||||||
--onboot yes
|
--onboot yes --jailbase /my/jail/base.tgz --jaildir /jails
|
||||||
--------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,18 @@
|
||||||
#exec >&2
|
#exec >&2
|
||||||
#set -x
|
#set -x
|
||||||
|
|
||||||
|
# Can only be used on FreeBSD
|
||||||
|
os="$(cat "$__global/explorer/os")"
|
||||||
|
if [ ! "$os" = "freebsd" ]; then
|
||||||
|
echo "__jail can only be used on FreeBSD targets!" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/jaildir" ]; then
|
||||||
|
jaildir="$(cat "$__object/parameter/name")"
|
||||||
|
else
|
||||||
jaildir="/usr/jail"
|
jaildir="/usr/jail"
|
||||||
|
fi
|
||||||
|
|
||||||
__directory ${jaildir} --parents yes
|
__directory ${jaildir} --parents yes
|
||||||
|
|
||||||
|
|
|
@ -6,3 +6,4 @@ interface
|
||||||
devfs-enable
|
devfs-enable
|
||||||
devfs-ruleset
|
devfs-ruleset
|
||||||
onboot
|
onboot
|
||||||
|
jaildir
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
state
|
state
|
||||||
|
jailbase
|
||||||
|
|
Loading…
Reference in a new issue