From 0515fd84831f76d31a7689e38931d4d76b55deae Mon Sep 17 00:00:00 2001 From: Jake Guffey <jake.guffey@eprotex.com> Date: Thu, 23 Feb 2012 17:17:30 -0500 Subject: [PATCH] Various bugfixes. Needed to use '|| true' on subshell variable assignments in case of empty return Added default status (started=true or false) Added default devfs rules Replaced <<- HEREDOC usage with << Added escapes where necessary within quoted strings or HEREDOCs --- conf/type/__jail/explorer/basepresent | 16 ++- conf/type/__jail/explorer/present | 8 +- conf/type/__jail/explorer/status | 18 ++- conf/type/__jail/gencode-remote | 153 +++++++++++++++++--------- 4 files changed, 132 insertions(+), 63 deletions(-) diff --git a/conf/type/__jail/explorer/basepresent b/conf/type/__jail/explorer/basepresent index 7c21fc08..aa155b03 100755 --- a/conf/type/__jail/explorer/basepresent +++ b/conf/type/__jail/explorer/basepresent @@ -21,22 +21,28 @@ # See if the jailbase.tgz or /usr/jail/base dir exists # +# Debug +#exec >&2 +#set -x + name="base:jailbase.tgz" -exists=0 +out="" save_IFS="$IFS" IFS=":" for cur in $name; do if [ -e "/usr/jail/$cur" ]; then - echo -n "$cur:" - let exists="$exists+1" 2>&1 >&- + out="${out}:${cur}" fi done IFS="$save_IFS" -if [ "$exists" -eq "0" ]; then +if [ -z "$out" ]; then echo "NONE" else - echo "$exists" + echo "${out}" fi +# Debug +#set +x + diff --git a/conf/type/__jail/explorer/present b/conf/type/__jail/explorer/present index 9338fd56..a1f44302 100755 --- a/conf/type/__jail/explorer/present +++ b/conf/type/__jail/explorer/present @@ -21,11 +21,17 @@ # See if the requested jail exists # +# Debug +#exec >&2 +#set -x + if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name=$__object_id fi -[ -d "/usr/jail/$name" ] && echo "EXISTS" +[ -d "/usr/jail/$name" ] && echo "EXISTS" || echo "NOTEXIST" + +#set +x diff --git a/conf/type/__jail/explorer/status b/conf/type/__jail/explorer/status index 3fe22adc..5f95f406 100755 --- a/conf/type/__jail/explorer/status +++ b/conf/type/__jail/explorer/status @@ -21,12 +21,24 @@ # See if the requested jail is started # +# Debug +#exec >&2 +#set -x + if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else - name=$__object_id + name="$__object_id" fi -jls_output=$(jls | grep "[ ]\/usr\/jail\/$name\$") -[ -n "$jls_output" ] && echo "STARTED" +jls_output="$(jls | grep "[ ^I]\/usr\/jail\/${name}\$")" || true + +if [ -n "${jls_output}" ]; then + echo "STARTED" +else + echo "NOTSTART" +fi + +# Debug +#set +x diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index 37aa8d56..3dfec9ad 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -37,7 +37,11 @@ state="$(cat "$__object/parameter/state")" if [ -f "$__object/parameter/started" ]; then started="$(cat "$__object/parameter/started")" else - started="true" + if [ ! "$state" = "present" ]; then + started="false" + else + started="true" + fi fi if [ -f "$__object/parameter/ip" ]; then @@ -100,45 +104,71 @@ fi stopJail() { # Check $status before issuing command - [ "$status" = "STARTED" ] && echo "/etc/rc.d/jail stop ${name}" + if [ "$status" = "STARTED" ]; then + echo "/etc/rc.d/jail stop ${name}" + fi } startJail() { # Check $status before issuing command - [ ! "$status" = "STARTED" ] && echo "/etc/rc.d/jail start ${name}" + if [ "$status" = "NOTSTART" ]; then + echo "/etc/rc.d/jail start ${name}" + fi } deleteJail() { +# Unmount the jail's mountpoints if necessary + cat <<EOF + output="\$(mount | grep "\/${name}\/dev")" || true + if [ -n "\${output}" ]; then # /dev is still mounted...jail still running? + /etc/rc.d/jail stop "${name}" + fi + output="\$(mount | grep "\/rw\/${name}\/")" || true + if [ -n "\${output}" ]; then # >=1 rw mount is mounted still + for DIR in "${output}"; do + umount -F "/etc/fstab.${name}" "\$(echo "${DIR}" | awk '{print $3}')" + done + fi + output="\$(mount | grep "\/${name} (")" || true + if [ -n "\${output}" ]; then # ro mount is mounted still + umount -F "/etc/fstab.${name}" "\$(echo "${output}" | awk '{print $3}')" + fi +EOF # Remove the jail's rw mountpoints - echo "rm -rf /usr/jail/rw/${name}" -# Remove the jail's fstab - echo "rm -f /etc/fstab.${name}" + echo "rm -rf \"/usr/jail/rw/${name}\"" # Remove the jail directory - echo "rm -rf /usr/jail/${name}" + echo "rm -rf \"/usr/jail/${name}\"" +# Remove the jail's fstab + echo "rm -f \"/etc/fstab.${name}\"" # Remove jail_$name_* lines from rc.conf - echo <<-EOF + cat <<EOF sed -i '.bak' "/^jail_${name}_/d" /etc/rc.conf + if [ -f "/etc/rc.conf.bak" ]; then + rm -f /etc/rc.conf.bak + fi EOF # Remove " $name " from jail_list if it's there - echo <<-EOF - eval $(grep '^jail_list=' /etc/rc.conf) + cat <<EOF + eval \$(grep '^jail_list=' /etc/rc.conf) - for JAIL in ${jail_list}; do - if [ ! "${JAIL}" = "${name}" ]; then - new_list="${new_list} ${JAIL}" + for JAIL in \${jail_list}; do + if [ ! "\${JAIL}" = "${name}" ]; then + new_list="\${new_list} \${JAIL}" fi done - jail_list="${new_list}" + jail_list="\${new_list}" - sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"${jail_list}\"/" /etc/rc.conf + sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf unset jail_list - rm -f /etc/rc.conf.bak + if [ -f "/etc/rc.conf.bak" ]; then + rm -f /etc/rc.conf.bak + fi EOF } createJail() { # Create the jail directory -echo <<-EOF +cat <<EOF mkdir -p ${jaildir}/${name} if [ ! -d "${jaildir}/base" ]; then mkdir "${jaildir}/base" @@ -157,73 +187,88 @@ echo <<-EOF cp -r ${jaildir}/base/etc/* "${jaildir}/rw/${name}/etc/" mkdir "${jaildir}/rw/${name}/local" mkdir "${jaildir}/rw/${name}/db" - if [ -d "${jaildir}/base/var/db" ]; then + if [ -n "\$(ls ${jaildir}/base/var/db)" ]; then cp -r ${jaildir}/base/var/db/* "${jaildir}/rw/${name}/db/" fi mkdir "${jaildir}/rw/${name}/home" - if [ -d "${jaildir}/base/usr/home" ]; then + if [ -n "\$(ls ${jaildir}/base/usr/home)" ]; then cp -r ${jaildir}/base/usr/home/* "${jaildir}/rw/${name}/home/" fi mkdir "${jaildir}/rw/${name}/tmp" EOF # Create the ro+rw mountpoint entries in fstab -echo <<-EOF - echo >/etc/fstab.${name} <<-END - /usr/jail/base /usr/jail/${name} nullfs ro 0 0 - /usr/jail/rw/${name}/etc /usr/jail/${name}/etc nullfs rw 0 0 - /usr/jail/rw/${name}/local /usr/jail/${name}/usr/local nullfs rw 0 0 - /usr/jail/rw/${name}/db /usr/jail/${name}/var/db nullfs rw 0 0 - /usr/jail/rw/${name}/home /usr/jail/${name}/usr/home nullfs rw 0 0 - /usr/jail/rw/${name}/tmp /usr/jail/${name}/var/tmp nullfs rw 0 0 - END +cat <<EOF + cat >/etc/fstab.${name} <<END +/usr/jail/base /usr/jail/${name} nullfs ro 0 0 +/usr/jail/rw/${name}/etc /usr/jail/${name}/etc nullfs rw 0 0 +/usr/jail/rw/${name}/local /usr/jail/${name}/usr/local nullfs rw 0 0 +/usr/jail/rw/${name}/db /usr/jail/${name}/var/db nullfs rw 0 0 +/usr/jail/rw/${name}/home /usr/jail/${name}/usr/home nullfs rw 0 0 +/usr/jail/rw/${name}/tmp /usr/jail/${name}/var/tmp nullfs rw 0 0 +END EOF # Add the jail_$name_* lines to rc.conf -echo <<-EOF - echo >>/etc/rc.conf <<-END - jail_${name}_rootdir="${jaildir}/${name}" - jail_${name}_hostname="${hostname}" - jail_${name}_ip="${ip}" - jail_${name}_devfs_enable="${devfsenable}" - jail_${name}_mount_enable="YES" - jail_${name}_fstab="/etc/fstab.$name" - END +cat <<EOF + cat >>/etc/rc.conf <<END +jail_${name}_rootdir="${jaildir}/${name}" +jail_${name}_hostname="${hostname}" +jail_${name}_ip="${ip}" +jail_${name}_devfs_enable="${devfsenable}" +jail_${name}_mount_enable="YES" +jail_${name}_fstab="/etc/fstab.$name" +END EOF if [ -n "$interface" ]; then - echo <<-EOF - echo >>/etc/rc.conf <<-END - jail_${name}_interface="${interface}" - END + cat <<EOF + cat >>/etc/rc.conf <<END +jail_${name}_interface="${interface}" +END EOF fi if [ "$devfsenable" = "true" ]; then - echo <<-EOF - echo >>/etc/rc.conf <<-END - jail_${name}_devfs_ruleset="$devfsruleset" - END + cat <<EOF + cat >>/etc/rc.conf <<END +jail_${name}_devfs_ruleset="${devfsruleset}" +END + if [ "${devfsruleset}" = "jailrules" ]; then # The default ruleset is to be used + if [ -z "\$(grep '\[jailrules=' /etc/devfs.rules)" ]; then # The default ruleset doesn't exist + # Get the highest-numbered ruleset + highest="\$(sed -n 's/\[.*=\([0-9]*\)\]/\1/pg' /etc/devfs.rules | sort -u | tail -n 1)" || true + # increment by 1 + let num="\${highest}+1" 2>&- >&- + # add default ruleset + cat >>/etc/devfs.rules <<END + +[jailrules=\${num}] +add include \\\$devfsrules_hide_all +add include \\\$devfsrules_unhide_basic +add include \\\$devfsrules_unhide_login +END + fi + fi EOF fi # Add $name to jail_list if $onboot=true if [ "$onboot" = "true" ]; then - echo <<-EOF - eval $(grep '^jail_list=' /etc/rc.conf) - jail_list="${jail_list} ${name}" - sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"${jail_list}\"/" /etc/rc.conf + cat <<EOF + eval \$(grep '^jail_list=' /etc/rc.conf) + jail_list="\${jail_list} ${name}" + sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf unset jail_list rm -f /etc/rc.conf.bak EOF fi # Add the normal entries into the jail's rc.conf -echo "echo hostname=\"${hostname}\"" >>"${jaildir}/rw/${name}/etc/rc.conf" -echo 'echo sendmail_enable=\"NONE\"' >>"${jaildir}/rw/${name}/etc/rc.conf" -echo 'echo syslogd_enable=\"YES\"' >>"${jaildir}/rw/${name}/etc/rc.conf" -echo 'echo syslogd_flags=\"-ss\"' >>"${jaildir}/rw/${name}/etc/rc.conf" - +echo "echo hostname=\"${hostname}\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" +echo "echo sendmail_enable=\"NONE\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" +echo "echo syslogd_enable=\"YES\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" +echo "echo syslogd_flags=\"-ss\" >>\"${jaildir}/rw/${name}/etc/rc.conf\"" } if [ "$present" = "EXISTS" ]; then # The jail currently exists