Add support for FreeBSD 10.x jails
Separate __jail type into distinct __jail_freebsd9 and __jail_freebsd10 types
This commit is contained in:
parent
ab74da9c29
commit
2f68e21a96
27 changed files with 851 additions and 3 deletions
|
@ -37,6 +37,19 @@ jaildir="$(cat "$__object/parameter/jaildir")"
|
||||||
|
|
||||||
__directory ${jaildir} --parents
|
__directory ${jaildir} --parents
|
||||||
|
|
||||||
|
set -- "$@" "$__object_id" "--state" "$state"
|
||||||
|
cd "$__object/parameter"
|
||||||
|
for property in $(ls .); do
|
||||||
|
set -- "$@" "--$property" "$(cat "$property")"
|
||||||
|
done
|
||||||
|
|
||||||
|
ver="$(cat "$__global/explorer/os_version")"
|
||||||
|
if [ -n "$(echo "$ver" | grep '^10\.' )" ]; then # Version is 10.x
|
||||||
|
__jail_freebsd10 "$@"
|
||||||
|
else
|
||||||
|
__jail_freebsd9 "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
# Debug
|
# Debug
|
||||||
#set +x
|
#set +x
|
||||||
|
|
||||||
|
|
52
cdist/conf/type/__jail_freebsd10/gencode-local
Executable file
52
cdist/conf/type/__jail_freebsd10/gencode-local
Executable file
|
@ -0,0 +1,52 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# The __jail type creates, configures, and deletes FreeBSD jails for use as
|
||||||
|
# virtual machines.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
exec >&2
|
||||||
|
set -x
|
||||||
|
|
||||||
|
jaildir="$(cat "$__object/parameter/jaildir")"
|
||||||
|
|
||||||
|
jailbase="$(cat "$__object/parameter/jailbase")"
|
||||||
|
|
||||||
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
|
if [ "$state" = "present" ] && [ -z "$jailbase" ]; then
|
||||||
|
exec >&2
|
||||||
|
echo "jailbase is a REQUIRED parameter when state=present!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
remotebase="${jaildir}/jailbase.tgz"
|
||||||
|
basepresent="$(cat "$__object/explorer/basepresent")"
|
||||||
|
|
||||||
|
if [ "$state" = "present" ]; then
|
||||||
|
if [ "$basepresent" = "NONE" ]; then
|
||||||
|
echo "$__remote_copy" "${jailbase}" "$__target_host:${remotebase}"
|
||||||
|
fi # basepresent=NONE
|
||||||
|
fi # state=present
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
set +x
|
||||||
|
|
362
cdist/conf/type/__jail_freebsd10/gencode-remote
Executable file
362
cdist/conf/type/__jail_freebsd10/gencode-remote
Executable file
|
@ -0,0 +1,362 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# 2012,2014,2016 Jake Guffey (jake.guffey at jointheirstm.org)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# The __jail_freebsd10 type creates, configures, and deletes FreeBSD
|
||||||
|
# jails for use as virtual machines on FreeBSD 10.x.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/name" ]; then
|
||||||
|
name="$(cat "$__object/parameter/name")"
|
||||||
|
else
|
||||||
|
name="$__object_id"
|
||||||
|
fi
|
||||||
|
|
||||||
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
|
started="true"
|
||||||
|
# If the user wants the jail gone, it implies it shouldn't be started.
|
||||||
|
[ -f "$__object/parameter/stopped" -o "$state" = "absent" ] && started="false"
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/ip" ]; then
|
||||||
|
ip="$(cat "$__object/parameter/ip")"
|
||||||
|
else
|
||||||
|
# IP is an optional param when $state=absent, but
|
||||||
|
# when $state=present, it's required. Enforce this.
|
||||||
|
if [ "$state" = "present" ]; then
|
||||||
|
exec >&2
|
||||||
|
echo "If --state is 'present,' --ip must be given\!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/hostname" ]; then
|
||||||
|
hostname="$(cat "$__object/parameter/hostname")"
|
||||||
|
else
|
||||||
|
hostname="$name"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/devfs-disable" ]; then
|
||||||
|
devfsenable="false"
|
||||||
|
else
|
||||||
|
devfsenable="true"
|
||||||
|
fi
|
||||||
|
|
||||||
|
devfsruleset="$(cat "$__object/parameter/devfs-ruleset")"
|
||||||
|
|
||||||
|
# devfs_ruleset being defined without devfs_enable being true
|
||||||
|
# is pointless. Treat this as an error.
|
||||||
|
if [ -n "$devfsruleset" -a "$devfsenable" = "false" ]; then
|
||||||
|
exec >&2
|
||||||
|
echo "Can't have --devfs-ruleset defined with --devfs-disable"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/onboot" ]; then
|
||||||
|
onboot="true"
|
||||||
|
fi
|
||||||
|
|
||||||
|
jaildir="$(cat "$__object/parameter/jaildir")"
|
||||||
|
|
||||||
|
present="$(cat "$__object/explorer/present")"
|
||||||
|
#present="$(cat "$__type/explorer/present")"
|
||||||
|
status="$(cat "$__object/explorer/status")"
|
||||||
|
|
||||||
|
# Handle ip="addr, addr" format
|
||||||
|
if [ $(expr "${ip}" : ".*, .*") -gt "0" ]; then
|
||||||
|
SAVE_IFS="$IFS"
|
||||||
|
IFS=", "
|
||||||
|
for cur_ip in ${ip}; do
|
||||||
|
# Just get the last IP address for SSH to listen on
|
||||||
|
mgmt_ip=$(echo "${ip}" | cut '-d ' -f1) # In case using "ip netmask" format rather than CIDR
|
||||||
|
done
|
||||||
|
IFS="$SAVE_IFS"
|
||||||
|
else
|
||||||
|
mgmt_ip=$(echo "${ip}" | cut '-d ' -f1) # In case using "ip netmask" format rather than CIDR
|
||||||
|
fi
|
||||||
|
|
||||||
|
stopJail() {
|
||||||
|
# Check $status before issuing command
|
||||||
|
if [ "$status" = "STARTED" ]; then
|
||||||
|
echo "/etc/rc.d/jail stop ${name}"
|
||||||
|
echo "stop" >> "$__messages_out"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
startJail() {
|
||||||
|
# Check $status before issuing command
|
||||||
|
if [ "$status" = "NOTSTART" ]; then
|
||||||
|
echo "/etc/rc.d/jail start ${name}"
|
||||||
|
echo "start" >> "$__messages_out"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
deleteJail() {
|
||||||
|
# Unmount the jail's mountpoints if necessary
|
||||||
|
cat <<EOF
|
||||||
|
output="\$(mount | grep "\/${name}\/dev")" || true
|
||||||
|
if [ -n "\${output}" ]; then # /dev is still mounted...jail still running?
|
||||||
|
/etc/rc.d/jail stop "${name}"
|
||||||
|
fi
|
||||||
|
output="\$(mount | grep "\/rw\/${name}\/")" || true
|
||||||
|
if [ -n "\${output}" ]; then # >=1 rw mount is mounted still
|
||||||
|
for DIR in "${output}"; do
|
||||||
|
umount -F "/etc/fstab.${name}" "\$(echo "${DIR}" | awk '{print $3}')"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
output="\$(mount | grep "\/${name} (")" || true
|
||||||
|
if [ -n "\${output}" ]; then # ro mount is mounted still
|
||||||
|
umount -F "/etc/fstab.${name}" "\$(echo "${output}" | awk '{print $3}')"
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
# Remove the jail's rw mountpoints
|
||||||
|
echo "rm -rf \"${jaildir}/rw/${name}\""
|
||||||
|
# Remove the jail directory
|
||||||
|
echo "rm -rf \"${jaildir}/${name}\""
|
||||||
|
# Remove the jail's fstab
|
||||||
|
echo "rm -f \"/etc/fstab.${name}\""
|
||||||
|
# Remove jail entry from jail.conf
|
||||||
|
cat <<EOF
|
||||||
|
sed -i .bak -E -e "/^${name} {\$/,/^}\\\$/d" /etc/jail.conf
|
||||||
|
if [ -f "/etc/jail.conf.bak" ]; then
|
||||||
|
rm -f "/etc/jail.conf.bak"
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
# Remove " $name " from jail_list if it's there
|
||||||
|
cat <<EOF
|
||||||
|
eval \$(grep '^jail_list=' /etc/rc.conf)
|
||||||
|
|
||||||
|
for JAIL in \${jail_list}; do
|
||||||
|
if [ ! "\${JAIL}" = "${name}" ]; then
|
||||||
|
new_list="\${new_list} \${JAIL}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
jail_list="\${new_list}"
|
||||||
|
|
||||||
|
sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf
|
||||||
|
unset jail_list
|
||||||
|
if [ -f "/etc/rc.conf.bak" ]; then
|
||||||
|
rm -f /etc/rc.conf.bak
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
echo "delete" >> "$__messages_out"
|
||||||
|
}
|
||||||
|
|
||||||
|
createJail() {
|
||||||
|
# Create the jail directory
|
||||||
|
cat <<EOF
|
||||||
|
umask 022
|
||||||
|
mkdir -p ${jaildir}/${name}
|
||||||
|
if [ ! -d "${jaildir}/base" ]; then
|
||||||
|
mkdir "${jaildir}/base"
|
||||||
|
tar -xzf "${jaildir}/jailbase.tgz" -C "${jaildir}/base"
|
||||||
|
if [ ! -d "${jaildir}/base/usr/local" ]; then
|
||||||
|
mkdir -p "${jaildir}/base/usr/local"
|
||||||
|
fi
|
||||||
|
if [ ! -d "${jaildir}/base/usr/home" ]; then
|
||||||
|
mkdir -p "${jaildir}/base/usr/home"
|
||||||
|
fi
|
||||||
|
if [ ! -d "${jaildir}/base/home" ]; then
|
||||||
|
if [ ! -L "${jaildir}/base/home" ]; then
|
||||||
|
SAVE=\$PWD; cd ${jaildir}/base
|
||||||
|
ln -s usr/home home
|
||||||
|
cd \$SAVE; unset SAVE
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ ! -d "${jaildir}/rw" ]; then
|
||||||
|
mkdir "${jaildir}/rw"
|
||||||
|
fi
|
||||||
|
mkdir -p "${jaildir}/rw/${name}/etc"
|
||||||
|
cp -r ${jaildir}/base/etc/* "${jaildir}/rw/${name}/etc/"
|
||||||
|
if [ ! -f "${jaildir}/rw/${name}/etc/resolv.conf" ]; then
|
||||||
|
cp /etc/resolv.conf "${jaildir}/rw/${name}/etc/"
|
||||||
|
fi
|
||||||
|
mkdir "${jaildir}/rw/${name}/local"
|
||||||
|
mkdir "${jaildir}/rw/${name}/var"
|
||||||
|
if [ -n "\$(ls ${jaildir}/base/var)" ]; then
|
||||||
|
cp -r ${jaildir}/base/var/* "${jaildir}/rw/${name}/var/"
|
||||||
|
fi
|
||||||
|
chmod 755 "${jaildir}/rw/${name}/var"
|
||||||
|
chmod 755 "${jaildir}/base/var"
|
||||||
|
if [ ! -d "${jaildir}/base/var/db" ]; then
|
||||||
|
mkdir -p "${jaildir}/base/var/db"
|
||||||
|
fi
|
||||||
|
if [ -n "\$(ls ${jaildir}/base/var/db)" ]; then
|
||||||
|
chmod 755 "${jaildir}/rw/${name}/var/db"
|
||||||
|
chmod 755 "${jaildir}/base/var/db"
|
||||||
|
fi
|
||||||
|
mkdir "${jaildir}/rw/${name}/home"
|
||||||
|
if [ -n "\$(ls ${jaildir}/base/usr/home)" ]; then
|
||||||
|
cp -r ${jaildir}/base/usr/home/* "${jaildir}/rw/${name}/home/"
|
||||||
|
fi
|
||||||
|
mkdir "${jaildir}/rw/${name}/root"
|
||||||
|
if [ -n "\$(ls -A ${jaildir}/base/root)" ]; then
|
||||||
|
cp -r ${jaildir}/base/root/ "${jaildir}/rw/${name}/root/"
|
||||||
|
fi
|
||||||
|
|
||||||
|
EOF
|
||||||
|
echo "create" >> "$__messages_out"
|
||||||
|
|
||||||
|
# Create the ro+rw mountpoint entries in fstab
|
||||||
|
cat <<EOF
|
||||||
|
cat >/etc/fstab.${name} <<END
|
||||||
|
${jaildir}/base ${jaildir}/${name} nullfs ro 0 0
|
||||||
|
${jaildir}/rw/${name}/etc ${jaildir}/${name}/etc nullfs rw 0 0
|
||||||
|
${jaildir}/rw/${name}/local ${jaildir}/${name}/usr/local nullfs rw 0 0
|
||||||
|
${jaildir}/rw/${name}/var ${jaildir}/${name}/var nullfs rw 0 0
|
||||||
|
${jaildir}/rw/${name}/home ${jaildir}/${name}/usr/home nullfs rw 0 0
|
||||||
|
${jaildir}/rw/${name}/root ${jaildir}/${name}/root nullfs rw 0 0
|
||||||
|
END
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Add the jail configuration to jail.conf
|
||||||
|
cat <<EOF
|
||||||
|
# first check to see whether jail_enable="YES" exists in rc.conf or not and add it
|
||||||
|
# if necessary
|
||||||
|
|
||||||
|
jail_enable="\$(grep '^jail_enable=' /etc/rc.conf | cut -d= -f2)"
|
||||||
|
if [ -z "\$jail_enable" ]; then # no jail_enable line in rc.conf at all
|
||||||
|
echo "jail_enable=\"YES\"" >>/etc/rc.conf
|
||||||
|
elif [ ! "\$(echo \$jail_enable | tr '[a-z]' '[A-Z]' | tr -d '"')" = "YES" ]; then # jail_enable="NO"
|
||||||
|
sed -i '.bak' 's/^jail_enable=.*$/jail_enable="YES"/g' /etc/rc.conf # fix this -^
|
||||||
|
rm -f /etc/rc.conf.bak
|
||||||
|
fi
|
||||||
|
|
||||||
|
jailfile=/etc/jail.conf
|
||||||
|
jailheader="${name} {"
|
||||||
|
|
||||||
|
jaildata="path=\"${jaildir}/${name}\";"
|
||||||
|
|
||||||
|
if [ "$devfsenable" = "true" ]; then
|
||||||
|
jaildata="\$jaildata
|
||||||
|
mount.devfs;"
|
||||||
|
else
|
||||||
|
jaildata="\$jaildata
|
||||||
|
mount.nodevfs;"
|
||||||
|
fi
|
||||||
|
|
||||||
|
jaildata="\$jaildata
|
||||||
|
host.hostname=\"${hostname}\";
|
||||||
|
ip4.addr=\"${ip}\";
|
||||||
|
exec.start=\"/bin/sh /etc/rc\";
|
||||||
|
exec.stop=\"/bin/sh /etc/rc.shutdown\";
|
||||||
|
exec.consolelog=\"/var/log/jail_${name}_console.log\";
|
||||||
|
mount.fstab=\"/etc/fstab.${name}\";
|
||||||
|
allow.mount;
|
||||||
|
exec.clean;
|
||||||
|
allow.set_hostname=0;
|
||||||
|
allow.sysvipc=0;
|
||||||
|
allow.raw_sockets=0;"
|
||||||
|
|
||||||
|
jailtrailer="}"
|
||||||
|
|
||||||
|
if [ "$devfsenable" = "true" ] && [ "${devfsruleset}" = "jailrules" ]; then # The default ruleset is to be used
|
||||||
|
if [ ! -f /etc/devfs.rules ]; then
|
||||||
|
touch /etc/devfs.rules
|
||||||
|
fi
|
||||||
|
if [ -z "\$(grep '\[jailrules=' /etc/devfs.rules)" ]; then # The default ruleset doesn't exist
|
||||||
|
# Get the highest-numbered ruleset
|
||||||
|
highest="\$(sed -n 's/\[.*=\([0-9]*\)\]/\1/pg' /etc/devfs.rules | sort -u | tail -n 1)" || true
|
||||||
|
# increment by 1
|
||||||
|
[ -z "\$highest" ] && highest=10
|
||||||
|
let num="\${highest}+1" 2>&1 >/dev/null # Close the FD==fail...
|
||||||
|
# add default ruleset
|
||||||
|
cat >>/etc/devfs.rules <<END
|
||||||
|
|
||||||
|
[jailrules=\${num}]
|
||||||
|
add include \\\$devfsrules_hide_all
|
||||||
|
add include \\\$devfsrules_unhide_basic
|
||||||
|
add include \\\$devfsrules_unhide_login
|
||||||
|
END
|
||||||
|
fi
|
||||||
|
devfsruleset_num=\$(grep "\[${devfsruleset}=" /etc/devfs.rules | sed -n 's/\[.*=\([0-9]*\)\]/\1/pg')
|
||||||
|
if [ -n "\$devfsruleset_num" ]; then
|
||||||
|
jaildata="\$jaildata
|
||||||
|
devfs_ruleset=\"\${devfsruleset_num}\";"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "printf \"%s\\n%s\n%s\n\" \"\$jailheader\" \"\$jaildata\" \"\$jailtrailer\" >>\"\$jailfile\""
|
||||||
|
|
||||||
|
# Add $name to jail_list if $onboot=yes
|
||||||
|
if [ "$onboot" = "yes" ]; then
|
||||||
|
|
||||||
|
# first check to see whether jail_enable="YES" exists in rc.conf or not and add it
|
||||||
|
# if necessary
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
eval "\$(grep '^jail_list=' /etc/rc.conf)"
|
||||||
|
if [ -z "\$jail_list" ]; then # no jail_list line in rc.conf at all
|
||||||
|
echo "jail_list=\"${name}\"" >>/etc/rc.conf
|
||||||
|
else
|
||||||
|
jail_list="\${jail_list} ${name}"
|
||||||
|
sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf
|
||||||
|
rm -f /etc/rc.conf.bak
|
||||||
|
fi
|
||||||
|
unset jail_list
|
||||||
|
EOF
|
||||||
|
echo "onboot" >> "$__messages_out"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Add the normal entries into the jail's rc.conf
|
||||||
|
cat <<EOF
|
||||||
|
echo hostname=\"${hostname}\" >"${jaildir}/rw/${name}/etc/rc.conf"
|
||||||
|
echo sshd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
|
||||||
|
echo sendmail_enable=\"NONE\" >>"${jaildir}/rw/${name}/etc/rc.conf"
|
||||||
|
echo syslogd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
|
||||||
|
echo syslogd_flags=\"-ss\" >>"${jaildir}/rw/${name}/etc/rc.conf"
|
||||||
|
|
||||||
|
EOF
|
||||||
|
# Configure SSHd's listening address
|
||||||
|
cat <<EOF
|
||||||
|
mgmt_ip="$(echo "$mgmt_ip" | sed -E -e 's#/[0-9]*$##g')"
|
||||||
|
sed -E -i '.bak' -e "s/#?ListenAddress 0.0.0.0/ListenAddress \${mgmt_ip}/" "${jaildir}/rw/${name}/etc/ssh/sshd_config"
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ "$present" = "EXISTS" ]; then # The jail currently exists
|
||||||
|
if [ "$state" = "present" ]; then # The jail is supposed to exist
|
||||||
|
if [ "$started" = "true" ]; then # The jail is supposed to be started
|
||||||
|
startJail
|
||||||
|
else # The jail is not supposed to be started
|
||||||
|
stopJail
|
||||||
|
fi
|
||||||
|
exit 0
|
||||||
|
else # The jail is not supposed to exist
|
||||||
|
stopJail
|
||||||
|
deleteJail
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
else # The jail does not currently exist
|
||||||
|
if [ "$state" = "absent" ]; then # The jail is not supposed to be present
|
||||||
|
exit 0
|
||||||
|
else # The jail is supposed to exist
|
||||||
|
createJail
|
||||||
|
[ "$started" = "true" ] && startJail
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
119
cdist/conf/type/__jail_freebsd10/man.text
Normal file
119
cdist/conf/type/__jail_freebsd10/man.text
Normal file
|
@ -0,0 +1,119 @@
|
||||||
|
cdist-type__jail_freebsd_10(7)
|
||||||
|
==============================
|
||||||
|
Jake Guffey <jake.guffey--@--jointheirstm.org>
|
||||||
|
|
||||||
|
|
||||||
|
NAME
|
||||||
|
----
|
||||||
|
cdist-type__jail_freebsd_10 - Manage FreeBSD jails
|
||||||
|
|
||||||
|
|
||||||
|
DESCRIPTION
|
||||||
|
-----------
|
||||||
|
This type is used on FreeBSD 10.x to manage jails.
|
||||||
|
|
||||||
|
|
||||||
|
REQUIRED PARAMETERS
|
||||||
|
-------------------
|
||||||
|
state::
|
||||||
|
Either "present" or "absent", defaults to "present".
|
||||||
|
|
||||||
|
jailbase::
|
||||||
|
The location of the .tgz archive containing the base fs for your jails.
|
||||||
|
|
||||||
|
|
||||||
|
OPTIONAL PARAMETERS
|
||||||
|
-------------------
|
||||||
|
name::
|
||||||
|
The name of the jail. Default is to use the object_id as the jail name.
|
||||||
|
|
||||||
|
ip::
|
||||||
|
The ifconfig style IP/netmask combination to use for the jail guest. If
|
||||||
|
the state parameter is "present," this parameter is required.
|
||||||
|
|
||||||
|
hostname::
|
||||||
|
The FQDN to use for the jail guest. Defaults to the name parameter.
|
||||||
|
|
||||||
|
interface::
|
||||||
|
The name of the physical interface on the jail server to bind the jail to.
|
||||||
|
Defaults to the first interface found in the output of ifconfig -l.
|
||||||
|
|
||||||
|
devfs-ruleset::
|
||||||
|
The name of the devfs ruleset to associate with the jail. Defaults to
|
||||||
|
"jailrules." This ruleset must be copied to the server via another type.
|
||||||
|
To use this option, devfs-enable must be "true."
|
||||||
|
|
||||||
|
jaildir::
|
||||||
|
The location on the remote server to use for hosting jail filesystems.
|
||||||
|
Defaults to /usr/jail.
|
||||||
|
|
||||||
|
BOOLEAN PARAMETERS
|
||||||
|
------------------
|
||||||
|
stopped::
|
||||||
|
Do not start the jail
|
||||||
|
|
||||||
|
devfs-disable::
|
||||||
|
Whether to disallow devfs mounting within the jail
|
||||||
|
|
||||||
|
onboot::
|
||||||
|
Whether to add the jail to rc.conf's jail_list variable.
|
||||||
|
|
||||||
|
|
||||||
|
CAVEATS
|
||||||
|
-------
|
||||||
|
This type does not currently support modification of jail options. If, for
|
||||||
|
example a jail needs to have its IP address or netmask changed, the jail must
|
||||||
|
be removed then re-added with the correct IP address/netmask or the appropriate
|
||||||
|
modifications to jail.conf need to be made through alternate means.
|
||||||
|
|
||||||
|
MESSAGES
|
||||||
|
--------
|
||||||
|
start::
|
||||||
|
The jail was started
|
||||||
|
stop::
|
||||||
|
The jail was stopped
|
||||||
|
create:
|
||||||
|
The jail was created
|
||||||
|
delete::
|
||||||
|
The jail was deleted
|
||||||
|
onboot::
|
||||||
|
The jail was configured to start on boot
|
||||||
|
|
||||||
|
EXAMPLES
|
||||||
|
--------
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
# Create a jail called www
|
||||||
|
__jail_freebsd_10 www --state present --ip "192.168.1.2" --jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
|
# Remove the jail called www
|
||||||
|
__jail_freebsd_10 www --state absent --jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
|
# The jail www should not be started
|
||||||
|
__jail_freebsd_10 www --state present --stopped \
|
||||||
|
--ip "192.168.1.2 netmask 255.255.255.0" \
|
||||||
|
--jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
|
# Use the name variable explicitly
|
||||||
|
__jail_freebsd_10 thisjail --state present --name www \
|
||||||
|
--ip "192.168.1.2" \
|
||||||
|
--jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
|
# Go nuts
|
||||||
|
__jail_freebsd_10 lotsofoptions --state present --name testjail \
|
||||||
|
--ip "192.168.1.100 netmask 255.255.255.0" \
|
||||||
|
--hostname "testjail.example.com" --interface "em0" \
|
||||||
|
--onboot --jailbase /my/jail/base.tgz --jaildir /jails
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
SEE ALSO
|
||||||
|
--------
|
||||||
|
- cdist-type(7)
|
||||||
|
- cdist-type__jail(7)
|
||||||
|
|
||||||
|
|
||||||
|
COPYING
|
||||||
|
-------
|
||||||
|
Copyright \(C) 2012-2016 Jake Guffey. Free use of this software is
|
||||||
|
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
3
cdist/conf/type/__jail_freebsd10/parameter/boolean
Normal file
3
cdist/conf/type/__jail_freebsd10/parameter/boolean
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
onboot
|
||||||
|
stopped
|
||||||
|
devfs-disable
|
|
@ -0,0 +1 @@
|
||||||
|
jailrules
|
|
@ -0,0 +1 @@
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/jail
|
1
cdist/conf/type/__jail_freebsd10/parameter/default/state
Normal file
1
cdist/conf/type/__jail_freebsd10/parameter/default/state
Normal file
|
@ -0,0 +1 @@
|
||||||
|
present
|
8
cdist/conf/type/__jail_freebsd10/parameter/optional
Normal file
8
cdist/conf/type/__jail_freebsd10/parameter/optional
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
name
|
||||||
|
ip
|
||||||
|
hostname
|
||||||
|
interface
|
||||||
|
devfs-ruleset
|
||||||
|
jaildir
|
||||||
|
jailbase
|
||||||
|
state
|
54
cdist/conf/type/__jail_freebsd9/explorer/basepresent
Executable file
54
cdist/conf/type/__jail_freebsd9/explorer/basepresent
Executable file
|
@ -0,0 +1,54 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# See if the jailbase.tgz or $jaildir/base dir exists
|
||||||
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/jaildir" ]; then
|
||||||
|
jaildir="$(cat "$__object/parameter/jaildir")"
|
||||||
|
else
|
||||||
|
jaildir="/usr/jail"
|
||||||
|
fi
|
||||||
|
|
||||||
|
name="base:jailbase.tgz"
|
||||||
|
out=""
|
||||||
|
|
||||||
|
save_IFS="$IFS"
|
||||||
|
IFS=":"
|
||||||
|
for cur in $name; do
|
||||||
|
if [ -e "${jaildir}/$cur" ]; then
|
||||||
|
out="${out}:${cur}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
IFS="$save_IFS"
|
||||||
|
|
||||||
|
if [ -z "$out" ]; then
|
||||||
|
echo "NONE"
|
||||||
|
else
|
||||||
|
echo "${out}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#set +x
|
||||||
|
|
43
cdist/conf/type/__jail_freebsd9/explorer/present
Executable file
43
cdist/conf/type/__jail_freebsd9/explorer/present
Executable file
|
@ -0,0 +1,43 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# See if the requested jail exists
|
||||||
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/name" ]; then
|
||||||
|
name="$(cat "$__object/parameter/name")"
|
||||||
|
else
|
||||||
|
name=$__object_id
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/jaildir" ]; then
|
||||||
|
jaildir="$(cat "$__object/parameter/jaildir")"
|
||||||
|
else
|
||||||
|
jaildir="/usr/jail"
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ -d "${jaildir}/$name" ] && echo "EXISTS" || echo "NOTEXIST"
|
||||||
|
|
||||||
|
#set +x
|
||||||
|
|
52
cdist/conf/type/__jail_freebsd9/explorer/status
Executable file
52
cdist/conf/type/__jail_freebsd9/explorer/status
Executable file
|
@ -0,0 +1,52 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# See if the requested jail is started
|
||||||
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/name" ]; then
|
||||||
|
name="$(cat "$__object/parameter/name")"
|
||||||
|
else
|
||||||
|
name="$__object_id"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/jaildir" ]; then
|
||||||
|
jaildir="$(cat "$__object/parameter/jaildir")"
|
||||||
|
else
|
||||||
|
jaildir="/usr/jail"
|
||||||
|
fi
|
||||||
|
# backslash-escaped $jaildir
|
||||||
|
sjaildir="$(echo ${jaildir} | sed 's#/#\\/#g')"
|
||||||
|
|
||||||
|
jls_output="$(jls | grep "[ ]${sjaildir}\/${name}\$")" || true
|
||||||
|
|
||||||
|
if [ -n "${jls_output}" ]; then
|
||||||
|
echo "STARTED"
|
||||||
|
else
|
||||||
|
echo "NOTSTART"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#set +x
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# 2012,2014 Jake Guffey (jake.guffey at eprotex.com)
|
# 2012,2014,2016 Jake Guffey (jake.guffey at jointheirstm.org)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -18,8 +18,8 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# The __jail type creates, configures, and deletes FreeBSD jails for use as
|
# The __jail_freebsd9 type creates, configures, and deletes FreeBSD jails
|
||||||
# virtual machines.
|
# for use as virtual machines on FreeBSD 9.x and before.
|
||||||
#
|
#
|
||||||
|
|
||||||
# Debug
|
# Debug
|
||||||
|
@ -354,3 +354,4 @@ else # The jail does not currently exist
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
120
cdist/conf/type/__jail_freebsd9/man.text
Normal file
120
cdist/conf/type/__jail_freebsd9/man.text
Normal file
|
@ -0,0 +1,120 @@
|
||||||
|
cdist-type__jail_freebsd9(7)
|
||||||
|
============================
|
||||||
|
Jake Guffey <jake.guffey--@--jointheirstm.org>
|
||||||
|
|
||||||
|
|
||||||
|
NAME
|
||||||
|
----
|
||||||
|
cdist-type__jail_freebsd9 - Manage FreeBSD jails
|
||||||
|
|
||||||
|
|
||||||
|
DESCRIPTION
|
||||||
|
-----------
|
||||||
|
This type is used on FreeBSD 9.x and before to manage jails.
|
||||||
|
|
||||||
|
|
||||||
|
REQUIRED PARAMETERS
|
||||||
|
-------------------
|
||||||
|
state::
|
||||||
|
Either "present" or "absent", defaults to "present".
|
||||||
|
|
||||||
|
jailbase::
|
||||||
|
The location of the .tgz archive containing the base fs for your jails.
|
||||||
|
|
||||||
|
|
||||||
|
OPTIONAL PARAMETERS
|
||||||
|
-------------------
|
||||||
|
name::
|
||||||
|
The name of the jail. Default is to use the object_id as the jail name.
|
||||||
|
|
||||||
|
ip::
|
||||||
|
The ifconfig style IP/netmask combination to use for the jail guest. If
|
||||||
|
the state parameter is "present," this parameter is required.
|
||||||
|
|
||||||
|
hostname::
|
||||||
|
The FQDN to use for the jail guest. Defaults to the name parameter.
|
||||||
|
|
||||||
|
interface::
|
||||||
|
The name of the physical interface on the jail server to bind the jail to.
|
||||||
|
Defaults to the first interface found in the output of ifconfig -l.
|
||||||
|
|
||||||
|
devfs-ruleset::
|
||||||
|
The name of the devfs ruleset to associate with the jail. Defaults to
|
||||||
|
"jailrules." This ruleset must be copied to the server via another type.
|
||||||
|
To use this option, devfs-enable must be "true."
|
||||||
|
|
||||||
|
jaildir::
|
||||||
|
The location on the remote server to use for hosting jail filesystems.
|
||||||
|
Defaults to /usr/jail.
|
||||||
|
|
||||||
|
BOOLEAN PARAMETERS
|
||||||
|
------------------
|
||||||
|
stopped::
|
||||||
|
Do not start the jail
|
||||||
|
|
||||||
|
devfs-disable::
|
||||||
|
Whether to disallow devfs mounting within the jail
|
||||||
|
|
||||||
|
onboot::
|
||||||
|
Whether to add the jail to rc.conf's jail_list variable.
|
||||||
|
|
||||||
|
|
||||||
|
CAVEATS
|
||||||
|
-------
|
||||||
|
This type does not currently support modification of jail options. If, for
|
||||||
|
example a jail needs to have its IP address or netmask changed, the jail must
|
||||||
|
be removed then re-added with the correct IP address/netmask or the appropriate
|
||||||
|
line (jail_<name>_ip="...") modified within rc.conf through some alternate
|
||||||
|
means.
|
||||||
|
|
||||||
|
MESSAGES
|
||||||
|
--------
|
||||||
|
start::
|
||||||
|
The jail was started
|
||||||
|
stop::
|
||||||
|
The jail was stopped
|
||||||
|
create:
|
||||||
|
The jail was created
|
||||||
|
delete::
|
||||||
|
The jail was deleted
|
||||||
|
onboot::
|
||||||
|
The jail was configured to start on boot
|
||||||
|
|
||||||
|
EXAMPLES
|
||||||
|
--------
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
# Create a jail called www
|
||||||
|
__jail_freebsd9 www --state present --ip "192.168.1.2" --jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
|
# Remove the jail called www
|
||||||
|
__jail_freebsd9 www --state absent --jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
|
# The jail www should not be started
|
||||||
|
__jail_freebsd9 www --state present --stopped \
|
||||||
|
--ip "192.168.1.2 netmask 255.255.255.0" \
|
||||||
|
--jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
|
# Use the name variable explicitly
|
||||||
|
__jail_freebsd9 thisjail --state present --name www \
|
||||||
|
--ip "192.168.1.2" \
|
||||||
|
--jailbase /my/jail/base.tgz
|
||||||
|
|
||||||
|
# Go nuts
|
||||||
|
__jail_freebsd9 lotsofoptions --state present --name testjail \
|
||||||
|
--ip "192.168.1.100 netmask 255.255.255.0" \
|
||||||
|
--hostname "testjail.example.com" --interface "em0" \
|
||||||
|
--onboot --jailbase /my/jail/base.tgz --jaildir /jails
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
SEE ALSO
|
||||||
|
--------
|
||||||
|
- cdist-type(7)
|
||||||
|
- cdist-type__jail
|
||||||
|
|
||||||
|
|
||||||
|
COPYING
|
||||||
|
-------
|
||||||
|
Copyright \(C) 2012-2016 Jake Guffey. Free use of this software is
|
||||||
|
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
3
cdist/conf/type/__jail_freebsd9/parameter/boolean
Normal file
3
cdist/conf/type/__jail_freebsd9/parameter/boolean
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
onboot
|
||||||
|
stopped
|
||||||
|
devfs-disable
|
|
@ -0,0 +1 @@
|
||||||
|
jailrules
|
|
@ -0,0 +1 @@
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/jail
|
1
cdist/conf/type/__jail_freebsd9/parameter/default/state
Normal file
1
cdist/conf/type/__jail_freebsd9/parameter/default/state
Normal file
|
@ -0,0 +1 @@
|
||||||
|
present
|
8
cdist/conf/type/__jail_freebsd9/parameter/optional
Normal file
8
cdist/conf/type/__jail_freebsd9/parameter/optional
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
name
|
||||||
|
ip
|
||||||
|
hostname
|
||||||
|
interface
|
||||||
|
devfs-ruleset
|
||||||
|
jaildir
|
||||||
|
jailbase
|
||||||
|
state
|
1
cdist/conf/type/__package/parameter/boolean
Normal file
1
cdist/conf/type/__package/parameter/boolean
Normal file
|
@ -0,0 +1 @@
|
||||||
|
upgrade
|
|
@ -4,3 +4,4 @@ type
|
||||||
pkgsite
|
pkgsite
|
||||||
state
|
state
|
||||||
ptype
|
ptype
|
||||||
|
repo
|
||||||
|
|
Loading…
Reference in a new issue