#!/bin/sh
#
# 2012,2014,2016 Jake Guffey (jake.guffey at jointheirstm.org)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see .
#
#
# The __jail_freebsd9 type creates, configures, and deletes FreeBSD jails
# for use as virtual machines on FreeBSD 9.x and before.
#
# Debug
#exec >&2
#set -x
if [ -f "$__object/parameter/name" ]; then
name="$(cat "$__object/parameter/name")"
else
name="$__object_id"
fi
state="$(cat "$__object/parameter/state")"
started="true"
# If the user wants the jail gone, it implies it shouldn't be started.
[ -f "$__object/parameter/stopped" -o "$state" = "absent" ] && started="false"
if [ -f "$__object/parameter/ip" ]; then
ip="$(cat "$__object/parameter/ip")"
else
# IP is an optional param when $state=absent, but
# when $state=present, it's required. Enforce this.
if [ "$state" = "present" ]; then
exec >&2
echo "If --state is 'present,' --ip must be given\!"
exit 1
fi
fi
if [ -f "$__object/parameter/hostname" ]; then
hostname="$(cat "$__object/parameter/hostname")"
else
hostname="$name"
fi
if [ -f "$__object/parameter/interface" ]; then
interface="$(cat "$__object/parameter/interface")"
fi
if [ -f "$__object/parameter/devfs-disable" ]; then
devfsenable="false"
else
devfsenable="true"
fi
devfsruleset="$(cat "$__object/parameter/devfs-ruleset")"
# devfs_ruleset being defined without devfs_enable being true
# is pointless. Treat this as an error.
if [ -n "$devfsruleset" -a "$devfsenable" = "false" ]; then
exec >&2
echo "Can't have --devfs-ruleset defined with --devfs-disable"
exit 1
fi
if [ -f "$__object/parameter/onboot" ]; then
onboot="true"
fi
jaildir="$(cat "$__object/parameter/jaildir")"
present="$(cat "$__object/explorer/present")"
status="$(cat "$__object/explorer/status")"
# Handle ip="iface|addr, iface|addr" format
if [ $(expr "${ip}" : ".*|.*") -gt "0" ]; then
# If we have multiple IPs defined, $interface doesn't make sense because ip="iface|addr, iface|addr" implies it
interface=""
SAVE_IFS="$IFS"
IFS=", "
for cur_ip in ${ip}; do
# Just get the last IP address for SSH to listen on
mgmt_ip=$(echo "${ip}" | sed -E -e 's/^.*\|(.*)\/[0-9]+$/\1/')
done
IFS="$SAVE_IFS"
else
mgmt_ip=$(echo "${ip}" | cut '-d ' -f1)
fi
stopJail() {
# Check $status before issuing command
if [ "$status" = "STARTED" ]; then
echo "/etc/rc.d/jail stop ${name}"
echo "stop" >> "$__messages_out"
fi
}
startJail() {
# Check $status before issuing command
if [ "$status" = "NOTSTART" ]; then
echo "/etc/rc.d/jail start ${name}"
echo "start" >> "$__messages_out"
fi
}
deleteJail() {
# Unmount the jail's mountpoints if necessary
cat <=1 rw mount is mounted still
for DIR in "${output}"; do
umount -F "/etc/fstab.${name}" "\$(echo "${DIR}" | awk '{print $3}')"
done
fi
output="\$(mount | grep "\/${name} (")" || true
if [ -n "\${output}" ]; then # ro mount is mounted still
umount -F "/etc/fstab.${name}" "\$(echo "${output}" | awk '{print $3}')"
fi
EOF
# Remove the jail's rw mountpoints
echo "rm -rf \"${jaildir}/rw/${name}\""
# Remove the jail directory
echo "rm -rf \"${jaildir}/${name}\""
# Remove the jail's fstab
echo "rm -f \"/etc/fstab.${name}\""
# Remove jail_$name_* lines from rc.conf
cat <> "$__messages_out"
}
createJail() {
# Create the jail directory
cat <> "$__messages_out"
# Create the ro+rw mountpoint entries in fstab
cat </etc/fstab.${name} <>/etc/rc.conf
elif [ ! "\$(echo \$jail_enable | tr '[a-z]' '[A-Z]')" = "YES" ]; then # jail_enable="NO"
sed -i '.bak' 's/^jail_enable=.*$/jail_enable="YES"/g' /etc/rc.conf # fix this -^
rm -f /etc/rc.conf.bak
fi
cat >>/etc/rc.conf <>/etc/rc.conf <>/etc/rc.conf <>/etc/rc.conf <&- >&-
# add default ruleset
cat >>/etc/devfs.rules <>/etc/rc.conf
else
jail_list="\${jail_list} ${name}"
sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf
rm -f /etc/rc.conf.bak
fi
unset jail_list
EOF
echo "onboot" >> "$__messages_out"
fi
# Add the normal entries into the jail's rc.conf
cat <"${jaildir}/rw/${name}/etc/rc.conf"
echo sshd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
echo sendmail_enable=\"NONE\" >>"${jaildir}/rw/${name}/etc/rc.conf"
echo syslogd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
echo syslogd_flags=\"-ss\" >>"${jaildir}/rw/${name}/etc/rc.conf"
EOF
# Configure SSHd's listening address
cat <