forked from ungleich-public/cdist
Various bugfixes.
Needed to use '|| true' on subshell variable assignments in case of empty return Added default status (started=true or false) Added default devfs rules Replaced <<- HEREDOC usage with << Added escapes where necessary within quoted strings or HEREDOCs
This commit is contained in:
parent
e4a7085978
commit
0515fd8483
4 changed files with 132 additions and 63 deletions
|
@ -21,22 +21,28 @@
|
||||||
# See if the jailbase.tgz or /usr/jail/base dir exists
|
# See if the jailbase.tgz or /usr/jail/base dir exists
|
||||||
#
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
name="base:jailbase.tgz"
|
name="base:jailbase.tgz"
|
||||||
exists=0
|
out=""
|
||||||
|
|
||||||
save_IFS="$IFS"
|
save_IFS="$IFS"
|
||||||
IFS=":"
|
IFS=":"
|
||||||
for cur in $name; do
|
for cur in $name; do
|
||||||
if [ -e "/usr/jail/$cur" ]; then
|
if [ -e "/usr/jail/$cur" ]; then
|
||||||
echo -n "$cur:"
|
out="${out}:${cur}"
|
||||||
let exists="$exists+1" 2>&1 >&-
|
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
IFS="$save_IFS"
|
IFS="$save_IFS"
|
||||||
|
|
||||||
if [ "$exists" -eq "0" ]; then
|
if [ -z "$out" ]; then
|
||||||
echo "NONE"
|
echo "NONE"
|
||||||
else
|
else
|
||||||
echo "$exists"
|
echo "${out}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#set +x
|
||||||
|
|
||||||
|
|
|
@ -21,11 +21,17 @@
|
||||||
# See if the requested jail exists
|
# See if the requested jail exists
|
||||||
#
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
if [ -f "$__object/parameter/name" ]; then
|
if [ -f "$__object/parameter/name" ]; then
|
||||||
name="$(cat "$__object/parameter/name")"
|
name="$(cat "$__object/parameter/name")"
|
||||||
else
|
else
|
||||||
name=$__object_id
|
name=$__object_id
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ -d "/usr/jail/$name" ] && echo "EXISTS"
|
[ -d "/usr/jail/$name" ] && echo "EXISTS" || echo "NOTEXIST"
|
||||||
|
|
||||||
|
#set +x
|
||||||
|
|
||||||
|
|
|
@ -21,12 +21,24 @@
|
||||||
# See if the requested jail is started
|
# See if the requested jail is started
|
||||||
#
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
if [ -f "$__object/parameter/name" ]; then
|
if [ -f "$__object/parameter/name" ]; then
|
||||||
name="$(cat "$__object/parameter/name")"
|
name="$(cat "$__object/parameter/name")"
|
||||||
else
|
else
|
||||||
name=$__object_id
|
name="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
jls_output=$(jls | grep "[ ]\/usr\/jail\/$name\$")
|
jls_output="$(jls | grep "[ ^I]\/usr\/jail\/${name}\$")" || true
|
||||||
[ -n "$jls_output" ] && echo "STARTED"
|
|
||||||
|
if [ -n "${jls_output}" ]; then
|
||||||
|
echo "STARTED"
|
||||||
|
else
|
||||||
|
echo "NOTSTART"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#set +x
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,11 @@ state="$(cat "$__object/parameter/state")"
|
||||||
if [ -f "$__object/parameter/started" ]; then
|
if [ -f "$__object/parameter/started" ]; then
|
||||||
started="$(cat "$__object/parameter/started")"
|
started="$(cat "$__object/parameter/started")"
|
||||||
else
|
else
|
||||||
|
if [ ! "$state" = "present" ]; then
|
||||||
|
started="false"
|
||||||
|
else
|
||||||
started="true"
|
started="true"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f "$__object/parameter/ip" ]; then
|
if [ -f "$__object/parameter/ip" ]; then
|
||||||
|
@ -100,45 +104,71 @@ fi
|
||||||
|
|
||||||
stopJail() {
|
stopJail() {
|
||||||
# Check $status before issuing command
|
# Check $status before issuing command
|
||||||
[ "$status" = "STARTED" ] && echo "/etc/rc.d/jail stop ${name}"
|
if [ "$status" = "STARTED" ]; then
|
||||||
|
echo "/etc/rc.d/jail stop ${name}"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
startJail() {
|
startJail() {
|
||||||
# Check $status before issuing command
|
# Check $status before issuing command
|
||||||
[ ! "$status" = "STARTED" ] && echo "/etc/rc.d/jail start ${name}"
|
if [ "$status" = "NOTSTART" ]; then
|
||||||
|
echo "/etc/rc.d/jail start ${name}"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
deleteJail() {
|
deleteJail() {
|
||||||
|
# Unmount the jail's mountpoints if necessary
|
||||||
|
cat <<EOF
|
||||||
|
output="\$(mount | grep "\/${name}\/dev")" || true
|
||||||
|
if [ -n "\${output}" ]; then # /dev is still mounted...jail still running?
|
||||||
|
/etc/rc.d/jail stop "${name}"
|
||||||
|
fi
|
||||||
|
output="\$(mount | grep "\/rw\/${name}\/")" || true
|
||||||
|
if [ -n "\${output}" ]; then # >=1 rw mount is mounted still
|
||||||
|
for DIR in "${output}"; do
|
||||||
|
umount -F "/etc/fstab.${name}" "\$(echo "${DIR}" | awk '{print $3}')"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
output="\$(mount | grep "\/${name} (")" || true
|
||||||
|
if [ -n "\${output}" ]; then # ro mount is mounted still
|
||||||
|
umount -F "/etc/fstab.${name}" "\$(echo "${output}" | awk '{print $3}')"
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
# Remove the jail's rw mountpoints
|
# Remove the jail's rw mountpoints
|
||||||
echo "rm -rf /usr/jail/rw/${name}"
|
echo "rm -rf \"/usr/jail/rw/${name}\""
|
||||||
# Remove the jail's fstab
|
|
||||||
echo "rm -f /etc/fstab.${name}"
|
|
||||||
# Remove the jail directory
|
# Remove the jail directory
|
||||||
echo "rm -rf /usr/jail/${name}"
|
echo "rm -rf \"/usr/jail/${name}\""
|
||||||
|
# Remove the jail's fstab
|
||||||
|
echo "rm -f \"/etc/fstab.${name}\""
|
||||||
# Remove jail_$name_* lines from rc.conf
|
# Remove jail_$name_* lines from rc.conf
|
||||||
echo <<-EOF
|
cat <<EOF
|
||||||
sed -i '.bak' "/^jail_${name}_/d" /etc/rc.conf
|
sed -i '.bak' "/^jail_${name}_/d" /etc/rc.conf
|
||||||
|
if [ -f "/etc/rc.conf.bak" ]; then
|
||||||
|
rm -f /etc/rc.conf.bak
|
||||||
|
fi
|
||||||
EOF
|
EOF
|
||||||
# Remove " $name " from jail_list if it's there
|
# Remove " $name " from jail_list if it's there
|
||||||
echo <<-EOF
|
cat <<EOF
|
||||||
eval $(grep '^jail_list=' /etc/rc.conf)
|
eval \$(grep '^jail_list=' /etc/rc.conf)
|
||||||
|
|
||||||
for JAIL in ${jail_list}; do
|
for JAIL in \${jail_list}; do
|
||||||
if [ ! "${JAIL}" = "${name}" ]; then
|
if [ ! "\${JAIL}" = "${name}" ]; then
|
||||||
new_list="${new_list} ${JAIL}"
|
new_list="\${new_list} \${JAIL}"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
jail_list="${new_list}"
|
jail_list="\${new_list}"
|
||||||
|
|
||||||
sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"${jail_list}\"/" /etc/rc.conf
|
sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf
|
||||||
unset jail_list
|
unset jail_list
|
||||||
|
if [ -f "/etc/rc.conf.bak" ]; then
|
||||||
rm -f /etc/rc.conf.bak
|
rm -f /etc/rc.conf.bak
|
||||||
|
fi
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
createJail() {
|
createJail() {
|
||||||
# Create the jail directory
|
# Create the jail directory
|
||||||
echo <<-EOF
|
cat <<EOF
|
||||||
mkdir -p ${jaildir}/${name}
|
mkdir -p ${jaildir}/${name}
|
||||||
if [ ! -d "${jaildir}/base" ]; then
|
if [ ! -d "${jaildir}/base" ]; then
|
||||||
mkdir "${jaildir}/base"
|
mkdir "${jaildir}/base"
|
||||||
|
@ -157,73 +187,88 @@ echo <<-EOF
|
||||||
cp -r ${jaildir}/base/etc/* "${jaildir}/rw/${name}/etc/"
|
cp -r ${jaildir}/base/etc/* "${jaildir}/rw/${name}/etc/"
|
||||||
mkdir "${jaildir}/rw/${name}/local"
|
mkdir "${jaildir}/rw/${name}/local"
|
||||||
mkdir "${jaildir}/rw/${name}/db"
|
mkdir "${jaildir}/rw/${name}/db"
|
||||||
if [ -d "${jaildir}/base/var/db" ]; then
|
if [ -n "\$(ls ${jaildir}/base/var/db)" ]; then
|
||||||
cp -r ${jaildir}/base/var/db/* "${jaildir}/rw/${name}/db/"
|
cp -r ${jaildir}/base/var/db/* "${jaildir}/rw/${name}/db/"
|
||||||
fi
|
fi
|
||||||
mkdir "${jaildir}/rw/${name}/home"
|
mkdir "${jaildir}/rw/${name}/home"
|
||||||
if [ -d "${jaildir}/base/usr/home" ]; then
|
if [ -n "\$(ls ${jaildir}/base/usr/home)" ]; then
|
||||||
cp -r ${jaildir}/base/usr/home/* "${jaildir}/rw/${name}/home/"
|
cp -r ${jaildir}/base/usr/home/* "${jaildir}/rw/${name}/home/"
|
||||||
fi
|
fi
|
||||||
mkdir "${jaildir}/rw/${name}/tmp"
|
mkdir "${jaildir}/rw/${name}/tmp"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Create the ro+rw mountpoint entries in fstab
|
# Create the ro+rw mountpoint entries in fstab
|
||||||
echo <<-EOF
|
cat <<EOF
|
||||||
echo >/etc/fstab.${name} <<-END
|
cat >/etc/fstab.${name} <<END
|
||||||
/usr/jail/base /usr/jail/${name} nullfs ro 0 0
|
/usr/jail/base /usr/jail/${name} nullfs ro 0 0
|
||||||
/usr/jail/rw/${name}/etc /usr/jail/${name}/etc nullfs rw 0 0
|
/usr/jail/rw/${name}/etc /usr/jail/${name}/etc nullfs rw 0 0
|
||||||
/usr/jail/rw/${name}/local /usr/jail/${name}/usr/local nullfs rw 0 0
|
/usr/jail/rw/${name}/local /usr/jail/${name}/usr/local nullfs rw 0 0
|
||||||
/usr/jail/rw/${name}/db /usr/jail/${name}/var/db nullfs rw 0 0
|
/usr/jail/rw/${name}/db /usr/jail/${name}/var/db nullfs rw 0 0
|
||||||
/usr/jail/rw/${name}/home /usr/jail/${name}/usr/home nullfs rw 0 0
|
/usr/jail/rw/${name}/home /usr/jail/${name}/usr/home nullfs rw 0 0
|
||||||
/usr/jail/rw/${name}/tmp /usr/jail/${name}/var/tmp nullfs rw 0 0
|
/usr/jail/rw/${name}/tmp /usr/jail/${name}/var/tmp nullfs rw 0 0
|
||||||
END
|
END
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Add the jail_$name_* lines to rc.conf
|
# Add the jail_$name_* lines to rc.conf
|
||||||
echo <<-EOF
|
cat <<EOF
|
||||||
echo >>/etc/rc.conf <<-END
|
cat >>/etc/rc.conf <<END
|
||||||
jail_${name}_rootdir="${jaildir}/${name}"
|
jail_${name}_rootdir="${jaildir}/${name}"
|
||||||
jail_${name}_hostname="${hostname}"
|
jail_${name}_hostname="${hostname}"
|
||||||
jail_${name}_ip="${ip}"
|
jail_${name}_ip="${ip}"
|
||||||
jail_${name}_devfs_enable="${devfsenable}"
|
jail_${name}_devfs_enable="${devfsenable}"
|
||||||
jail_${name}_mount_enable="YES"
|
jail_${name}_mount_enable="YES"
|
||||||
jail_${name}_fstab="/etc/fstab.$name"
|
jail_${name}_fstab="/etc/fstab.$name"
|
||||||
END
|
END
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
if [ -n "$interface" ]; then
|
if [ -n "$interface" ]; then
|
||||||
echo <<-EOF
|
cat <<EOF
|
||||||
echo >>/etc/rc.conf <<-END
|
cat >>/etc/rc.conf <<END
|
||||||
jail_${name}_interface="${interface}"
|
jail_${name}_interface="${interface}"
|
||||||
END
|
END
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$devfsenable" = "true" ]; then
|
if [ "$devfsenable" = "true" ]; then
|
||||||
echo <<-EOF
|
cat <<EOF
|
||||||
echo >>/etc/rc.conf <<-END
|
cat >>/etc/rc.conf <<END
|
||||||
jail_${name}_devfs_ruleset="$devfsruleset"
|
jail_${name}_devfs_ruleset="${devfsruleset}"
|
||||||
END
|
END
|
||||||
|
if [ "${devfsruleset}" = "jailrules" ]; then # The default ruleset is to be used
|
||||||
|
if [ -z "\$(grep '\[jailrules=' /etc/devfs.rules)" ]; then # The default ruleset doesn't exist
|
||||||
|
# Get the highest-numbered ruleset
|
||||||
|
highest="\$(sed -n 's/\[.*=\([0-9]*\)\]/\1/pg' /etc/devfs.rules | sort -u | tail -n 1)" || true
|
||||||
|
# increment by 1
|
||||||
|
let num="\${highest}+1" 2>&- >&-
|
||||||
|
# add default ruleset
|
||||||
|
cat >>/etc/devfs.rules <<END
|
||||||
|
|
||||||
|
[jailrules=\${num}]
|
||||||
|
add include \\\$devfsrules_hide_all
|
||||||
|
add include \\\$devfsrules_unhide_basic
|
||||||
|
add include \\\$devfsrules_unhide_login
|
||||||
|
END
|
||||||
|
fi
|
||||||
|
fi
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Add $name to jail_list if $onboot=true
|
# Add $name to jail_list if $onboot=true
|
||||||
if [ "$onboot" = "true" ]; then
|
if [ "$onboot" = "true" ]; then
|
||||||
echo <<-EOF
|
cat <<EOF
|
||||||
eval $(grep '^jail_list=' /etc/rc.conf)
|
eval \$(grep '^jail_list=' /etc/rc.conf)
|
||||||
jail_list="${jail_list} ${name}"
|
jail_list="\${jail_list} ${name}"
|
||||||
sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"${jail_list}\"/" /etc/rc.conf
|
sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf
|
||||||
unset jail_list
|
unset jail_list
|
||||||
rm -f /etc/rc.conf.bak
|
rm -f /etc/rc.conf.bak
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Add the normal entries into the jail's rc.conf
|
# Add the normal entries into the jail's rc.conf
|
||||||
echo "echo hostname=\"${hostname}\"" >>"${jaildir}/rw/${name}/etc/rc.conf"
|
echo "echo hostname=\"${hostname}\" >>\"${jaildir}/rw/${name}/etc/rc.conf\""
|
||||||
echo 'echo sendmail_enable=\"NONE\"' >>"${jaildir}/rw/${name}/etc/rc.conf"
|
echo "echo sendmail_enable=\"NONE\" >>\"${jaildir}/rw/${name}/etc/rc.conf\""
|
||||||
echo 'echo syslogd_enable=\"YES\"' >>"${jaildir}/rw/${name}/etc/rc.conf"
|
echo "echo syslogd_enable=\"YES\" >>\"${jaildir}/rw/${name}/etc/rc.conf\""
|
||||||
echo 'echo syslogd_flags=\"-ss\"' >>"${jaildir}/rw/${name}/etc/rc.conf"
|
echo "echo syslogd_flags=\"-ss\" >>\"${jaildir}/rw/${name}/etc/rc.conf\""
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if [ "$present" = "EXISTS" ]; then # The jail currently exists
|
if [ "$present" = "EXISTS" ]; then # The jail currently exists
|
||||||
|
|
Loading…
Reference in a new issue