commit
						af27e9424e
					
				
					 10 changed files with 701 additions and 0 deletions
				
			
		
							
								
								
									
										1
									
								
								conf/type/__jail/.gitignore
									
										
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								conf/type/__jail/.gitignore
									
										
									
									
										vendored
									
									
										Normal file
									
								
							|  | @ -0,0 +1 @@ | ||||||
|  | files/jailbase.tgz | ||||||
							
								
								
									
										54
									
								
								conf/type/__jail/explorer/basepresent
									
										
									
									
									
										Executable file
									
								
							
							
						
						
									
										54
									
								
								conf/type/__jail/explorer/basepresent
									
										
									
									
									
										Executable file
									
								
							|  | @ -0,0 +1,54 @@ | ||||||
|  | #!/bin/sh | ||||||
|  | # | ||||||
|  | # 2012 Jake Guffey (jake.guffey at eprotex.com) | ||||||
|  | # | ||||||
|  | # This file is part of cdist. | ||||||
|  | # | ||||||
|  | # cdist is free software: you can redistribute it and/or modify | ||||||
|  | # it under the terms of the GNU General Public License as published by | ||||||
|  | # the Free Software Foundation, either version 3 of the License, or | ||||||
|  | # (at your option) any later version. | ||||||
|  | # | ||||||
|  | # cdist is distributed in the hope that it will be useful, | ||||||
|  | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
|  | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||||
|  | # GNU General Public License for more details. | ||||||
|  | # | ||||||
|  | # You should have received a copy of the GNU General Public License | ||||||
|  | # along with cdist. If not, see <http://www.gnu.org/licenses/>. | ||||||
|  | # | ||||||
|  | # | ||||||
|  | # See if the jailbase.tgz or $jaildir/base dir exists | ||||||
|  | # | ||||||
|  | 
 | ||||||
|  | # Debug | ||||||
|  | #exec >&2 | ||||||
|  | #set -x | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/jaildir" ]; then | ||||||
|  |    jaildir="$(cat "$__object/parameter/name")" | ||||||
|  | else | ||||||
|  |    jaildir="/usr/jail" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | name="base:jailbase.tgz" | ||||||
|  | out="" | ||||||
|  | 
 | ||||||
|  | save_IFS="$IFS" | ||||||
|  | IFS=":" | ||||||
|  | for cur in $name; do | ||||||
|  |     if [ -e "${jaildir}/$cur" ]; then | ||||||
|  |         out="${out}:${cur}" | ||||||
|  |     fi | ||||||
|  | done | ||||||
|  | IFS="$save_IFS" | ||||||
|  | 
 | ||||||
|  | if [ -z "$out" ]; then | ||||||
|  |     echo "NONE" | ||||||
|  | else | ||||||
|  |     echo "${out}" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | # Debug | ||||||
|  | #set +x | ||||||
|  | 
 | ||||||
							
								
								
									
										43
									
								
								conf/type/__jail/explorer/present
									
										
									
									
									
										Executable file
									
								
							
							
						
						
									
										43
									
								
								conf/type/__jail/explorer/present
									
										
									
									
									
										Executable file
									
								
							|  | @ -0,0 +1,43 @@ | ||||||
|  | #!/bin/sh | ||||||
|  | # | ||||||
|  | # 2012 Jake Guffey (jake.guffey at eprotex.com) | ||||||
|  | # | ||||||
|  | # This file is part of cdist. | ||||||
|  | # | ||||||
|  | # cdist is free software: you can redistribute it and/or modify | ||||||
|  | # it under the terms of the GNU General Public License as published by | ||||||
|  | # the Free Software Foundation, either version 3 of the License, or | ||||||
|  | # (at your option) any later version. | ||||||
|  | # | ||||||
|  | # cdist is distributed in the hope that it will be useful, | ||||||
|  | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
|  | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||||
|  | # GNU General Public License for more details. | ||||||
|  | # | ||||||
|  | # You should have received a copy of the GNU General Public License | ||||||
|  | # along with cdist. If not, see <http://www.gnu.org/licenses/>. | ||||||
|  | # | ||||||
|  | # | ||||||
|  | # See if the requested jail exists | ||||||
|  | # | ||||||
|  | 
 | ||||||
|  | # Debug | ||||||
|  | #exec >&2 | ||||||
|  | #set -x | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/name" ]; then | ||||||
|  |    name="$(cat "$__object/parameter/name")" | ||||||
|  | else | ||||||
|  |    name=$__object_id | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/jaildir" ]; then | ||||||
|  |    jaildir="$(cat "$__object/parameter/name")" | ||||||
|  | else | ||||||
|  |    jaildir="/usr/jail" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | [ -d "${jaildir}/$name" ] && echo "EXISTS" || echo "NOTEXIST" | ||||||
|  | 
 | ||||||
|  | #set +x | ||||||
|  | 
 | ||||||
							
								
								
									
										52
									
								
								conf/type/__jail/explorer/status
									
										
									
									
									
										Executable file
									
								
							
							
						
						
									
										52
									
								
								conf/type/__jail/explorer/status
									
										
									
									
									
										Executable file
									
								
							|  | @ -0,0 +1,52 @@ | ||||||
|  | #!/bin/sh | ||||||
|  | # | ||||||
|  | # 2012 Jake Guffey (jake.guffey at eprotex.com) | ||||||
|  | # | ||||||
|  | # This file is part of cdist. | ||||||
|  | # | ||||||
|  | # cdist is free software: you can redistribute it and/or modify | ||||||
|  | # it under the terms of the GNU General Public License as published by | ||||||
|  | # the Free Software Foundation, either version 3 of the License, or | ||||||
|  | # (at your option) any later version. | ||||||
|  | # | ||||||
|  | # cdist is distributed in the hope that it will be useful, | ||||||
|  | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
|  | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||||
|  | # GNU General Public License for more details. | ||||||
|  | # | ||||||
|  | # You should have received a copy of the GNU General Public License | ||||||
|  | # along with cdist. If not, see <http://www.gnu.org/licenses/>. | ||||||
|  | # | ||||||
|  | # | ||||||
|  | # See if the requested jail is started | ||||||
|  | # | ||||||
|  | 
 | ||||||
|  | # Debug | ||||||
|  | #exec >&2 | ||||||
|  | #set -x | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/name" ]; then | ||||||
|  |    name="$(cat "$__object/parameter/name")" | ||||||
|  | else | ||||||
|  |    name="$__object_id" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/jaildir" ]; then | ||||||
|  |    jaildir="$(cat "$__object/parameter/name")" | ||||||
|  | else | ||||||
|  |    jaildir="/usr/jail" | ||||||
|  | fi | ||||||
|  | # backslash-escaped $jaildir | ||||||
|  | sjaildir="$(echo ${jaildir} | sed 's#/#\\/#g')" | ||||||
|  | 
 | ||||||
|  | jls_output="$(jls | grep "[ ^I]${sjaildir}\/${name}\$")" || true | ||||||
|  | 
 | ||||||
|  | if [ -n "${jls_output}" ]; then | ||||||
|  |    echo "STARTED" | ||||||
|  | else | ||||||
|  |    echo "NOTSTART" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | # Debug | ||||||
|  | #set +x | ||||||
|  | 
 | ||||||
							
								
								
									
										39
									
								
								conf/type/__jail/gencode-local
									
										
									
									
									
										Executable file
									
								
							
							
						
						
									
										39
									
								
								conf/type/__jail/gencode-local
									
										
									
									
									
										Executable file
									
								
							|  | @ -0,0 +1,39 @@ | ||||||
|  | #!/bin/sh | ||||||
|  | # | ||||||
|  | # 2012 Jake Guffey (jake.guffey at eprotex.com) | ||||||
|  | # | ||||||
|  | # This file is part of cdist. | ||||||
|  | # | ||||||
|  | # cdist is free software: you can redistribute it and/or modify | ||||||
|  | # it under the terms of the GNU General Public License as published by | ||||||
|  | # the Free Software Foundation, either version 3 of the License, or | ||||||
|  | # (at your option) any later version. | ||||||
|  | # | ||||||
|  | # cdist is distributed in the hope that it will be useful, | ||||||
|  | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
|  | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||||
|  | # GNU General Public License for more details. | ||||||
|  | # | ||||||
|  | # You should have received a copy of the GNU General Public License | ||||||
|  | # along with cdist. If not, see <http://www.gnu.org/licenses/>. | ||||||
|  | # | ||||||
|  | # | ||||||
|  | # The __jail type creates, configures, and deletes FreeBSD jails for use as | ||||||
|  | #  virtual machines. | ||||||
|  | # | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/jaildir" ]; then | ||||||
|  |    jaildir="$(cat "$__object/parameter/name")" | ||||||
|  | else | ||||||
|  |    jaildir="/usr/jail" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | jailbase="$(cat "$__object/parameter/jailbase")" | ||||||
|  | 
 | ||||||
|  | remotebase="${jaildir}/jailbase.tgz" | ||||||
|  | basepresent="$(cat "$__object/explorer/basepresent")" | ||||||
|  | 
 | ||||||
|  | if [ "$basepresent" = "NONE" ]; then | ||||||
|  |     echo "$__remote_copy" "${jailbase}" "$__target_host:${remotebase}" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
							
								
								
									
										349
									
								
								conf/type/__jail/gencode-remote
									
										
									
									
									
										Executable file
									
								
							
							
						
						
									
										349
									
								
								conf/type/__jail/gencode-remote
									
										
									
									
									
										Executable file
									
								
							|  | @ -0,0 +1,349 @@ | ||||||
|  | #!/bin/sh | ||||||
|  | # | ||||||
|  | # 2012 Jake Guffey (jake.guffey at eprotex.com) | ||||||
|  | # | ||||||
|  | # This file is part of cdist. | ||||||
|  | # | ||||||
|  | # cdist is free software: you can redistribute it and/or modify | ||||||
|  | # it under the terms of the GNU General Public License as published by | ||||||
|  | # the Free Software Foundation, either version 3 of the License, or | ||||||
|  | # (at your option) any later version. | ||||||
|  | # | ||||||
|  | # cdist is distributed in the hope that it will be useful, | ||||||
|  | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
|  | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||||
|  | # GNU General Public License for more details. | ||||||
|  | # | ||||||
|  | # You should have received a copy of the GNU General Public License | ||||||
|  | # along with cdist. If not, see <http://www.gnu.org/licenses/>. | ||||||
|  | # | ||||||
|  | # | ||||||
|  | # The __jail type creates, configures, and deletes FreeBSD jails for use as | ||||||
|  | #  virtual machines. | ||||||
|  | # | ||||||
|  | 
 | ||||||
|  | # Debug | ||||||
|  | #exec >&2 | ||||||
|  | #set -x | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/name" ]; then | ||||||
|  |    name="$(cat "$__object/parameter/name")" | ||||||
|  | else | ||||||
|  |    name="$__object_id" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | state="$(cat "$__object/parameter/state")" | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/started" ]; then | ||||||
|  |    started="$(cat "$__object/parameter/started")" | ||||||
|  | else | ||||||
|  |    if [ ! "$state" = "present" ]; then | ||||||
|  |       started="false" | ||||||
|  |    else | ||||||
|  |       started="true" | ||||||
|  |    fi | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/ip" ]; then | ||||||
|  |    ip="$(cat "$__object/parameter/ip")" | ||||||
|  | else | ||||||
|  | # IP is an optional param when $state=absent, but | ||||||
|  | #    when $state=present, it's required. Enforce this. | ||||||
|  |    if [ "$state" = "present" ]; then | ||||||
|  |       exec >&2 | ||||||
|  |       echo "If --state is 'present,' --ip must be given\!" | ||||||
|  |       exit 1 | ||||||
|  |    fi | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/hostname" ]; then | ||||||
|  |    hostname="$(cat "$__object/parameter/hostname")" | ||||||
|  | else | ||||||
|  |    hostname="$name" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/interface" ]; then | ||||||
|  |    interface="$(cat "$__object/parameter/interface")" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/devfs-enable" ]; then | ||||||
|  |    devfsenable="$(cat "$__object/parameter/devfs-enable")" | ||||||
|  | else | ||||||
|  |    devfsenable="true" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/devfs-ruleset" ]; then | ||||||
|  |    devfsruleset="$(cat "$__object/parameter/devfs-ruleset")" | ||||||
|  | else | ||||||
|  |    devfsruleset="jailrules" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | # devfs_ruleset being defined without devfs_enable being true | ||||||
|  | #     is pointless. Treat this as an error. | ||||||
|  | if [ -n "$devfsruleset" -a "$devfsenable" = "false" ]; then | ||||||
|  |    exec >&2 | ||||||
|  |    echo "Can't have --devfs-ruleset defined without --devfs-enable true." | ||||||
|  |    exit 1 | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/onboot" ]; then | ||||||
|  |    onboot="$(cat "$__object/parameter/onboot")" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/jaildir" ]; then | ||||||
|  |    jaildir="$(cat "$__object/parameter/name")" | ||||||
|  | else | ||||||
|  |    jaildir="/usr/jail" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | present="$(cat "$__object/explorer/present")" | ||||||
|  | status="$(cat "$__object/explorer/status")" | ||||||
|  | 
 | ||||||
|  | # Defining a jail as absent and started at the same time | ||||||
|  | #    makes no sense. Treat this as an error. | ||||||
|  | if [ "$started" = "true" -a "$state" = "absent" ]; then | ||||||
|  |    exec >&2 | ||||||
|  |    echo "Can't have --state absent and --started true together\!" | ||||||
|  |    exit 1 | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | stopJail() { | ||||||
|  | # Check $status before issuing command | ||||||
|  |    if [ "$status" = "STARTED" ]; then | ||||||
|  |       echo "/etc/rc.d/jail stop ${name}" | ||||||
|  |    fi | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | startJail() { | ||||||
|  | # Check $status before issuing command | ||||||
|  |    if [ "$status" = "NOTSTART" ]; then | ||||||
|  |       echo "/etc/rc.d/jail start ${name}" | ||||||
|  |    fi | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | deleteJail() { | ||||||
|  | # Unmount the jail's mountpoints if necessary | ||||||
|  |    cat <<EOF | ||||||
|  |       output="\$(mount | grep "\/${name}\/dev")" || true | ||||||
|  |       if [ -n "\${output}" ]; then # /dev is still mounted...jail still running? | ||||||
|  |          /etc/rc.d/jail stop "${name}" | ||||||
|  |       fi | ||||||
|  |       output="\$(mount | grep "\/rw\/${name}\/")" || true | ||||||
|  |       if [ -n "\${output}" ]; then # >=1 rw mount is mounted still | ||||||
|  |          for DIR in "${output}"; do | ||||||
|  |             umount -F "/etc/fstab.${name}" "\$(echo "${DIR}" | awk '{print $3}')" | ||||||
|  |          done | ||||||
|  |       fi | ||||||
|  |       output="\$(mount | grep "\/${name} (")" || true | ||||||
|  |       if [ -n "\${output}" ]; then # ro mount is mounted still | ||||||
|  |          umount -F "/etc/fstab.${name}" "\$(echo "${output}" | awk '{print $3}')" | ||||||
|  |       fi | ||||||
|  | EOF | ||||||
|  | # Remove the jail's rw mountpoints | ||||||
|  |    echo "rm -rf \"${jaildir}/rw/${name}\"" | ||||||
|  | # Remove the jail directory | ||||||
|  |    echo "rm -rf \"${jaildir}/${name}\"" | ||||||
|  | # Remove the jail's fstab | ||||||
|  |    echo "rm -f \"/etc/fstab.${name}\"" | ||||||
|  | # Remove jail_$name_* lines from rc.conf | ||||||
|  |    cat <<EOF | ||||||
|  |       sed -i '.bak' "/^jail_${name}_/d" /etc/rc.conf | ||||||
|  |       if [ -f "/etc/rc.conf.bak" ]; then | ||||||
|  |          rm -f /etc/rc.conf.bak | ||||||
|  |       fi | ||||||
|  | EOF | ||||||
|  | # Remove " $name " from jail_list if it's there | ||||||
|  |    cat <<EOF | ||||||
|  |       eval \$(grep '^jail_list=' /etc/rc.conf) | ||||||
|  | 
 | ||||||
|  |       for JAIL in \${jail_list}; do | ||||||
|  |          if [ ! "\${JAIL}" = "${name}" ]; then | ||||||
|  |             new_list="\${new_list} \${JAIL}" | ||||||
|  |          fi | ||||||
|  |       done | ||||||
|  |       jail_list="\${new_list}" | ||||||
|  |        | ||||||
|  |       sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf | ||||||
|  |       unset jail_list | ||||||
|  |       if [ -f "/etc/rc.conf.bak" ]; then | ||||||
|  |          rm -f /etc/rc.conf.bak | ||||||
|  |       fi | ||||||
|  | EOF | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | createJail() { | ||||||
|  | # Create the jail directory | ||||||
|  | cat <<EOF | ||||||
|  |    mkdir -p ${jaildir}/${name} | ||||||
|  |    if [ ! -d "${jaildir}/base" ]; then | ||||||
|  |       mkdir "${jaildir}/base" | ||||||
|  |       tar -xzf "${jaildir}/jailbase.tgz" -C "${jaildir}/base" | ||||||
|  |       if [ ! -d "${jaildir}/base/usr/local" ]; then | ||||||
|  |          mkdir -p "${jaildir}/base/usr/local" | ||||||
|  |       fi | ||||||
|  |       if [ ! -d "${jaildir}/base/usr/home" ]; then | ||||||
|  |          mkdir -p "${jaildir}/base/usr/home" | ||||||
|  |       fi | ||||||
|  |    fi | ||||||
|  |    if [ ! -d "${jaildir}/rw" ]; then | ||||||
|  |       mkdir "${jaildir}/rw" | ||||||
|  |    fi | ||||||
|  |    mkdir -p "${jaildir}/rw/${name}/etc" | ||||||
|  |    cp -r ${jaildir}/base/etc/* "${jaildir}/rw/${name}/etc/" | ||||||
|  |    if [ ! -f "${jaildir}/rw/${name}/etc/resolv.conf" ]; then | ||||||
|  |       cp /etc/resolv.conf "${jaildir}/rw/${name}/etc/" | ||||||
|  |    fi | ||||||
|  |    mkdir "${jaildir}/rw/${name}/local" | ||||||
|  |    mkdir "${jaildir}/rw/${name}/var" | ||||||
|  |    if [ -n "\$(ls ${jaildir}/base/var)" ]; then | ||||||
|  |       cp -r ${jaildir}/base/var/* "${jaildir}/rw/${name}/var/" | ||||||
|  |    fi | ||||||
|  |    mkdir "${jaildir}/rw/${name}/home" | ||||||
|  |    if [ -n "\$(ls ${jaildir}/base/usr/home)" ]; then | ||||||
|  |       cp -r ${jaildir}/base/usr/home/* "${jaildir}/rw/${name}/home/" | ||||||
|  |    fi | ||||||
|  |    mkdir "${jaildir}/rw/${name}/root" | ||||||
|  |    if [ -n "\$(ls -A ${jaildir}/base/root)" ]; then | ||||||
|  |       cp -r ${jaildir}/base/root/ "${jaildir}/rw/${name}/root/" | ||||||
|  |    fi | ||||||
|  | 
 | ||||||
|  | EOF | ||||||
|  | 
 | ||||||
|  | # Create the ro+rw mountpoint entries in fstab | ||||||
|  | cat <<EOF | ||||||
|  |    cat >/etc/fstab.${name} <<END | ||||||
|  | ${jaildir}/base			${jaildir}/${name}		nullfs	ro	0 0 | ||||||
|  | ${jaildir}/rw/${name}/etc	${jaildir}/${name}/etc		nullfs	rw	0 0 | ||||||
|  | ${jaildir}/rw/${name}/local	${jaildir}/${name}/usr/local	nullfs	rw	0 0 | ||||||
|  | ${jaildir}/rw/${name}/var		${jaildir}/${name}/var	nullfs	rw	0 0 | ||||||
|  | ${jaildir}/rw/${name}/home	${jaildir}/${name}/usr/home	nullfs	rw	0 0 | ||||||
|  | ${jaildir}/rw/${name}/root	${jaildir}/${name}/root		nullfs	rw	0 0 | ||||||
|  | END | ||||||
|  | EOF | ||||||
|  | 
 | ||||||
|  | # Add the jail_$name_* lines to rc.conf | ||||||
|  | cat <<EOF | ||||||
|  |    # first check to see whether jail_enable="YES" exists in rc.conf or not and add it | ||||||
|  |    #   if necessary | ||||||
|  | 
 | ||||||
|  |    jail_enable="\$(grep '^jail_enable=' /etc/rc.conf | cut -d= -f2)" | ||||||
|  |    if [ -z "\$jail_enable" ]; then	# no jail_enable line in rc.conf at all | ||||||
|  |       echo "jail_enable=\"YES\"" >>/etc/rc.conf | ||||||
|  |    elif [ ! "\$(echo \$jail_enable | tr '[a-z]' '[A-Z]')" = "YES" ]; then	# jail_enable="NO" | ||||||
|  |       sed -i '.bak' 's/^jail_enable=.*$/jail_enable="YES"/g' /etc/rc.conf	# fix this -^ | ||||||
|  |       rm -f /etc/rc.conf.bak | ||||||
|  |    fi | ||||||
|  |    cat >>/etc/rc.conf <<END | ||||||
|  | jail_${name}_rootdir="${jaildir}/${name}" | ||||||
|  | jail_${name}_hostname="${hostname}" | ||||||
|  | jail_${name}_ip="${ip}" | ||||||
|  | jail_${name}_devfs_enable="${devfsenable}" | ||||||
|  | jail_${name}_mount_enable="YES" | ||||||
|  | jail_${name}_fstab="/etc/fstab.${name}" | ||||||
|  | jail_${name}_flags="-n ${name} \\\${jail_flags}" | ||||||
|  | END | ||||||
|  | EOF | ||||||
|  | 
 | ||||||
|  | if [ -n "$interface" ]; then | ||||||
|  |    cat <<EOF | ||||||
|  |    cat >>/etc/rc.conf <<END | ||||||
|  | jail_${name}_interface="${interface}" | ||||||
|  | END | ||||||
|  | EOF | ||||||
|  | else | ||||||
|  |    cat <<EOF | ||||||
|  |    interface=\$(ifconfig -l | cut '-d ' -f1) | ||||||
|  |    cat >>/etc/rc.conf <<END | ||||||
|  | jail_${name}_interface="\${interface}" | ||||||
|  | END | ||||||
|  | EOF | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | if [ "$devfsenable" = "true" ]; then | ||||||
|  |    cat <<EOF | ||||||
|  |    cat >>/etc/rc.conf <<END | ||||||
|  | jail_${name}_devfs_ruleset="${devfsruleset}" | ||||||
|  | END | ||||||
|  |    if [ "${devfsruleset}" = "jailrules" ]; then   # The default ruleset is to be used | ||||||
|  |       if [ ! -f /etc/devfs.rules ]; then | ||||||
|  |          touch /etc/devfs.rules | ||||||
|  |       fi | ||||||
|  |       if [ -z "\$(grep '\[jailrules=' /etc/devfs.rules)" ]; then   # The default ruleset doesn't exist | ||||||
|  |          # Get the highest-numbered ruleset | ||||||
|  | 	 highest="\$(sed -n 's/\[.*=\([0-9]*\)\]/\1/pg' /etc/devfs.rules | sort -u | tail -n 1)" || true | ||||||
|  |          # increment by 1 | ||||||
|  |          let num="\${highest}+1" 2>&- >&- | ||||||
|  |          # add default ruleset | ||||||
|  |          cat >>/etc/devfs.rules <<END | ||||||
|  | 
 | ||||||
|  | [jailrules=\${num}] | ||||||
|  | add include \\\$devfsrules_hide_all | ||||||
|  | add include \\\$devfsrules_unhide_basic | ||||||
|  | add include \\\$devfsrules_unhide_login | ||||||
|  | END | ||||||
|  |       fi | ||||||
|  |    fi | ||||||
|  | EOF | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | # Add $name to jail_list if $onboot=true | ||||||
|  | if [ "$onboot" = "true" ]; then | ||||||
|  | 
 | ||||||
|  |    # first check to see whether jail_enable="YES" exists in rc.conf or not and add it | ||||||
|  |    #   if necessary | ||||||
|  | 
 | ||||||
|  |    cat <<EOF | ||||||
|  |       jail_list="\$(grep '^jail_enable=' /etc/rc.conf | cut -d= -f2)" | ||||||
|  |       if [ -z "\$jail_list" ]; then	# no jail_list line in rc.conf at all | ||||||
|  |          echo "jail_list=\"${name}\"" >>/etc/rc.conf | ||||||
|  |       else | ||||||
|  |          jail_list="\${jail_list} ${name}" | ||||||
|  |          sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf | ||||||
|  |          rm -f /etc/rc.conf.bak | ||||||
|  |       fi | ||||||
|  |       unset jail_list | ||||||
|  | EOF | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | # Add the normal entries into the jail's rc.conf | ||||||
|  | cat <<EOF | ||||||
|  | echo hostname=\"${hostname}\" >"${jaildir}/rw/${name}/etc/rc.conf" | ||||||
|  | echo sshd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf" | ||||||
|  | echo sendmail_enable=\"NONE\" >>"${jaildir}/rw/${name}/etc/rc.conf" | ||||||
|  | echo syslogd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf" | ||||||
|  | echo syslogd_flags=\"-ss\" >>"${jaildir}/rw/${name}/etc/rc.conf" | ||||||
|  | 
 | ||||||
|  | EOF | ||||||
|  | # Configure SSHd's listening address | ||||||
|  | cat <<EOF | ||||||
|  | ip=\$(echo "${ip}" | cut '-d ' -f1) | ||||||
|  | sed -i '.bak' "s/#ListenAddress 0.0.0.0/ListenAddress \${ip}/" "${jaildir}/rw/${name}/etc/ssh/sshd_config" | ||||||
|  | EOF | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | if [ "$present" = "EXISTS" ]; then   # The jail currently exists | ||||||
|  |    if [ "$state" = "present" ]; then   # The jail is supposed to exist | ||||||
|  |       if [ "$started" = "true" ]; then   # The jail is supposed to be started | ||||||
|  |          startJail | ||||||
|  |       else   # The jail is not supposed to be started | ||||||
|  |          stopJail | ||||||
|  |       fi | ||||||
|  |       exit 0 | ||||||
|  |    else   # The jail is not supposed to exist | ||||||
|  |       stopJail | ||||||
|  |       deleteJail | ||||||
|  |       exit 0 | ||||||
|  |    fi | ||||||
|  | else   # The jail does not currently exist | ||||||
|  |    if [ "$state" = "absent" ]; then   # The jail is not supposed to be present | ||||||
|  |       exit 0 | ||||||
|  |    else   # The jail is supposed to exist | ||||||
|  |       createJail | ||||||
|  |       [ "$started" = "true" ] && startJail | ||||||
|  |       exit 0 | ||||||
|  |    fi | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | # Debug | ||||||
|  | #set +x | ||||||
|  | 
 | ||||||
							
								
								
									
										106
									
								
								conf/type/__jail/man.text
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										106
									
								
								conf/type/__jail/man.text
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,106 @@ | ||||||
|  | cdist-type__jail(7) | ||||||
|  | ========================== | ||||||
|  | Jake Guffey <jake.guffey--@--eprotex.com> | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | NAME | ||||||
|  | ---- | ||||||
|  | cdist-type__jail - Manage FreeBSD jails | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | DESCRIPTION | ||||||
|  | ----------- | ||||||
|  | This type is used on FreeBSD to manage jails. | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | REQUIRED PARAMETERS | ||||||
|  | ------------------- | ||||||
|  | state:: | ||||||
|  |    Either "present" or "absent." | ||||||
|  | 
 | ||||||
|  | jailbase:: | ||||||
|  |    The location of the .tgz archive containing the base fs for your jails. | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | OPTIONAL PARAMETERS | ||||||
|  | ------------------- | ||||||
|  | name:: | ||||||
|  |    The name of the jail. Default is to use the object_id as the jail name. | ||||||
|  | 
 | ||||||
|  | started:: | ||||||
|  |    Either "true" or "false." Defaults to true. | ||||||
|  | 
 | ||||||
|  | ip:: | ||||||
|  |    The ifconfig style IP/netmask combination to use for the jail guest. If | ||||||
|  |    the state parameter is "present," this parameter is required. | ||||||
|  | 
 | ||||||
|  | hostname:: | ||||||
|  |    The FQDN to use for the jail guest. Defaults to the name parameter. | ||||||
|  | 
 | ||||||
|  | interface:: | ||||||
|  |    The name of the physical interface on the jail server to bind the jail to. | ||||||
|  |    Defaults to the first interface found in the output of ifconfig -l. | ||||||
|  | 
 | ||||||
|  | devfs-enable:: | ||||||
|  |    Whether to allow devfs mounting within the jail. Must be "true" or "false." | ||||||
|  |    Defaults to true. | ||||||
|  | 
 | ||||||
|  | devfs-ruleset:: | ||||||
|  |    The name of the devfs ruleset to associate with the jail. Defaults to | ||||||
|  |    "jailrules." This ruleset must be copied to the server via another type. | ||||||
|  |    To use this option, devfs-enable must be "true." | ||||||
|  | 
 | ||||||
|  | onboot:: | ||||||
|  |    Whether to add the jail to rc.conf's jail_list variable. Must be either | ||||||
|  |    "true" or "false." Defaults to false. | ||||||
|  | 
 | ||||||
|  | jaildir:: | ||||||
|  |    The location on the remote server to use for hosting jail filesystems. | ||||||
|  |    Defaults to /usr/jail. | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | CAVEATS | ||||||
|  | ------- | ||||||
|  | This type does not currently support modification of jail options. If, for | ||||||
|  | example a jail needs to have its IP address or netmask changed, the jail must | ||||||
|  | be removed then re-added with the correct IP address/netmask or the appropriate | ||||||
|  | line (jail_<name>_ip="...") modified within rc.conf through some alternate | ||||||
|  | means. | ||||||
|  | 
 | ||||||
|  | EXAMPLES | ||||||
|  | -------- | ||||||
|  | 
 | ||||||
|  | -------------------------------------------------------------------------------- | ||||||
|  | # Create a jail called www | ||||||
|  | __jail www --state present --ip "192.168.1.2" --jailbase /my/jail/base.tgz | ||||||
|  | 
 | ||||||
|  | # Remove the jail called www | ||||||
|  | __jail www --state absent --jailbase /my/jail/base.tgz | ||||||
|  | 
 | ||||||
|  | # Ensure that the jail called www is started | ||||||
|  | __jail www --state present --started true \ | ||||||
|  |    --ip "192.168.1.2 netmask 255.255.255.0" \ | ||||||
|  |    --jailbase /my/jail/base.tgz | ||||||
|  | 
 | ||||||
|  | # Use the name variable explicitly | ||||||
|  | __jail thisjail --state present --name www \ | ||||||
|  |    --ip "192.168.1.2" \ | ||||||
|  |    --jailbase /my/jail/base.tgz | ||||||
|  | 
 | ||||||
|  | # Go nuts | ||||||
|  | __jail lotsofoptions --state present --name testjail --started true \ | ||||||
|  |    --ip "192.168.1.100 netmask 255.255.255.0" \ | ||||||
|  |    --hostname "testjail.example.com" --interface "em0" \ | ||||||
|  |    --onboot yes --jailbase /my/jail/base.tgz --jaildir /jails | ||||||
|  | -------------------------------------------------------------------------------- | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | SEE ALSO | ||||||
|  | -------- | ||||||
|  | - cdist-type(7) | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | COPYING | ||||||
|  | ------- | ||||||
|  | Copyright \(C) 2012 Jake Guffey. Free use of this software is | ||||||
|  | granted under the terms of the GNU General Public License version 3 (GPLv3). | ||||||
							
								
								
									
										46
									
								
								conf/type/__jail/manifest
									
										
									
									
									
										Executable file
									
								
							
							
						
						
									
										46
									
								
								conf/type/__jail/manifest
									
										
									
									
									
										Executable file
									
								
							|  | @ -0,0 +1,46 @@ | ||||||
|  | #!/bin/sh | ||||||
|  | # | ||||||
|  | # 2012 Jake Guffey (jake.guffey at eprotex.com) | ||||||
|  | # | ||||||
|  | # This file is part of cdist. | ||||||
|  | # | ||||||
|  | # cdist is free software: you can redistribute it and/or modify | ||||||
|  | # it under the terms of the GNU General Public License as published by | ||||||
|  | # the Free Software Foundation, either version 3 of the License, or | ||||||
|  | # (at your option) any later version. | ||||||
|  | # | ||||||
|  | # cdist is distributed in the hope that it will be useful, | ||||||
|  | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
|  | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||||
|  | # GNU General Public License for more details. | ||||||
|  | # | ||||||
|  | # You should have received a copy of the GNU General Public License | ||||||
|  | # along with cdist. If not, see <http://www.gnu.org/licenses/>. | ||||||
|  | # | ||||||
|  | # | ||||||
|  | # The __jail type creates, configures, and deletes FreeBSD jails for use as | ||||||
|  | #  virtual machines. | ||||||
|  | # | ||||||
|  | 
 | ||||||
|  | # Debug | ||||||
|  | #exec >&2 | ||||||
|  | #set -x | ||||||
|  | 
 | ||||||
|  | # Can only be used on FreeBSD | ||||||
|  | os="$(cat "$__global/explorer/os")" | ||||||
|  | if [ ! "$os" = "freebsd" ]; then | ||||||
|  | 	echo "__jail can only be used on FreeBSD targets!" >&2 | ||||||
|  | 	exit 1 | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | if [ -f "$__object/parameter/jaildir" ]; then | ||||||
|  |    jaildir="$(cat "$__object/parameter/name")" | ||||||
|  | else | ||||||
|  |    jaildir="/usr/jail" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | __directory ${jaildir} --parents yes | ||||||
|  | 
 | ||||||
|  | # Debug | ||||||
|  | #set +x | ||||||
|  | 
 | ||||||
							
								
								
									
										9
									
								
								conf/type/__jail/parameter/optional
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								conf/type/__jail/parameter/optional
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,9 @@ | ||||||
|  | name | ||||||
|  | started | ||||||
|  | ip | ||||||
|  | hostname | ||||||
|  | interface | ||||||
|  | devfs-enable | ||||||
|  | devfs-ruleset | ||||||
|  | onboot | ||||||
|  | jaildir | ||||||
							
								
								
									
										2
									
								
								conf/type/__jail/parameter/required
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								conf/type/__jail/parameter/required
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,2 @@ | ||||||
|  | state | ||||||
|  | jailbase | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue