Merge branch 'master' into better-remote-err-reporting

This commit is contained in:
Darko Poljak 2016-06-22 12:14:47 +02:00
commit 194f5af7b2
30 changed files with 856 additions and 6 deletions

View file

@ -2,12 +2,12 @@ cdist-type__jail(7)
===================
Manage FreeBSD jails
Jake Guffey <jake.guffey--@--eprotex.com>
Jake Guffey <jake.guffey--@--jointheirstm.org>
DESCRIPTION
-----------
This type is used on FreeBSD to manage jails.
This type is used on FreeBSD to manage jails by calling the appropriate per-version subtype.
REQUIRED PARAMETERS
@ -112,5 +112,5 @@ SEE ALSO
COPYING
-------
Copyright \(C) 2012 Jake Guffey. Free use of this software is
Copyright \(C) 2012,2016 Jake Guffey. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -37,6 +37,19 @@ jaildir="$(cat "$__object/parameter/jaildir")"
__directory ${jaildir} --parents
set -- "$@" "$__object_id" "--state" "$state"
cd "$__object/parameter"
for property in $(ls .); do
set -- "$@" "--$property" "$(cat "$property")"
done
ver="$(cat "$__global/explorer/os_version")"
if [ -n "$(echo "$ver" | grep '^10\.' )" ]; then # Version is 10.x
__jail_freebsd10 "$@"
else
__jail_freebsd9 "$@"
fi
# Debug
#set +x

View file

@ -0,0 +1,52 @@
#!/bin/sh
#
# 2012 Jake Guffey (jake.guffey at eprotex.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# The __jail type creates, configures, and deletes FreeBSD jails for use as
# virtual machines.
#
# Debug
#exec >&2
#set -x
jaildir="$(cat "$__object/parameter/jaildir")"
jailbase="$(cat "$__object/parameter/jailbase")"
state="$(cat "$__object/parameter/state")"
if [ "$state" = "present" ] && [ -z "$jailbase" ]; then
exec >&2
echo "jailbase is a REQUIRED parameter when state=present!"
exit 1
fi
remotebase="${jaildir}/jailbase.tgz"
basepresent="$(cat "$__object/explorer/basepresent")"
if [ "$state" = "present" ]; then
if [ "$basepresent" = "NONE" ]; then
echo "$__remote_copy" "${jailbase}" "$__target_host:${remotebase}"
fi # basepresent=NONE
fi # state=present
# Debug
#set +x

View file

@ -0,0 +1,362 @@
#!/bin/sh
#
# 2012,2014,2016 Jake Guffey (jake.guffey at jointheirstm.org)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# The __jail_freebsd10 type creates, configures, and deletes FreeBSD
# jails for use as virtual machines on FreeBSD 10.x.
#
# Debug
#exec >&2
#set -x
if [ -f "$__object/parameter/name" ]; then
name="$(cat "$__object/parameter/name")"
else
name="$__object_id"
fi
state="$(cat "$__object/parameter/state")"
started="true"
# If the user wants the jail gone, it implies it shouldn't be started.
[ -f "$__object/parameter/stopped" -o "$state" = "absent" ] && started="false"
if [ -f "$__object/parameter/ip" ]; then
ip="$(cat "$__object/parameter/ip")"
else
# IP is an optional param when $state=absent, but
# when $state=present, it's required. Enforce this.
if [ "$state" = "present" ]; then
exec >&2
echo "If --state is 'present,' --ip must be given\!"
exit 1
fi
fi
if [ -f "$__object/parameter/hostname" ]; then
hostname="$(cat "$__object/parameter/hostname")"
else
hostname="$name"
fi
if [ -f "$__object/parameter/devfs-disable" ]; then
devfsenable="false"
else
devfsenable="true"
fi
devfsruleset="$(cat "$__object/parameter/devfs-ruleset")"
# devfs_ruleset being defined without devfs_enable being true
# is pointless. Treat this as an error.
if [ -n "$devfsruleset" -a "$devfsenable" = "false" ]; then
exec >&2
echo "Can't have --devfs-ruleset defined with --devfs-disable"
exit 1
fi
if [ -f "$__object/parameter/onboot" ]; then
onboot="true"
fi
jaildir="$(cat "$__object/parameter/jaildir")"
present="$(cat "$__object/explorer/present")"
#present="$(cat "$__type/explorer/present")"
status="$(cat "$__object/explorer/status")"
# Handle ip="addr, addr" format
if [ $(expr "${ip}" : ".*, .*") -gt "0" ]; then
SAVE_IFS="$IFS"
IFS=", "
for cur_ip in ${ip}; do
# Just get the last IP address for SSH to listen on
mgmt_ip=$(echo "${ip}" | cut '-d ' -f1) # In case using "ip netmask" format rather than CIDR
done
IFS="$SAVE_IFS"
else
mgmt_ip=$(echo "${ip}" | cut '-d ' -f1) # In case using "ip netmask" format rather than CIDR
fi
stopJail() {
# Check $status before issuing command
if [ "$status" = "STARTED" ]; then
echo "/etc/rc.d/jail stop ${name}"
echo "stop" >> "$__messages_out"
fi
}
startJail() {
# Check $status before issuing command
if [ "$status" = "NOTSTART" ]; then
echo "/etc/rc.d/jail start ${name}"
echo "start" >> "$__messages_out"
fi
}
deleteJail() {
# Unmount the jail's mountpoints if necessary
cat <<EOF
output="\$(mount | grep "\/${name}\/dev")" || true
if [ -n "\${output}" ]; then # /dev is still mounted...jail still running?
/etc/rc.d/jail stop "${name}"
fi
output="\$(mount | grep "\/rw\/${name}\/")" || true
if [ -n "\${output}" ]; then # >=1 rw mount is mounted still
for DIR in "${output}"; do
umount -F "/etc/fstab.${name}" "\$(echo "${DIR}" | awk '{print $3}')"
done
fi
output="\$(mount | grep "\/${name} (")" || true
if [ -n "\${output}" ]; then # ro mount is mounted still
umount -F "/etc/fstab.${name}" "\$(echo "${output}" | awk '{print $3}')"
fi
EOF
# Remove the jail's rw mountpoints
echo "rm -rf \"${jaildir}/rw/${name}\""
# Remove the jail directory
echo "rm -rf \"${jaildir}/${name}\""
# Remove the jail's fstab
echo "rm -f \"/etc/fstab.${name}\""
# Remove jail entry from jail.conf
cat <<EOF
sed -i .bak -E -e "/^${name} {\$/,/^}\\\$/d" /etc/jail.conf
if [ -f "/etc/jail.conf.bak" ]; then
rm -f "/etc/jail.conf.bak"
fi
EOF
# Remove " $name " from jail_list if it's there
cat <<EOF
eval \$(grep '^jail_list=' /etc/rc.conf)
for JAIL in \${jail_list}; do
if [ ! "\${JAIL}" = "${name}" ]; then
new_list="\${new_list} \${JAIL}"
fi
done
jail_list="\${new_list}"
sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf
unset jail_list
if [ -f "/etc/rc.conf.bak" ]; then
rm -f /etc/rc.conf.bak
fi
EOF
echo "delete" >> "$__messages_out"
}
createJail() {
# Create the jail directory
cat <<EOF
umask 022
mkdir -p ${jaildir}/${name}
if [ ! -d "${jaildir}/base" ]; then
mkdir "${jaildir}/base"
tar -xzf "${jaildir}/jailbase.tgz" -C "${jaildir}/base"
if [ ! -d "${jaildir}/base/usr/local" ]; then
mkdir -p "${jaildir}/base/usr/local"
fi
if [ ! -d "${jaildir}/base/usr/home" ]; then
mkdir -p "${jaildir}/base/usr/home"
fi
if [ ! -d "${jaildir}/base/home" ]; then
if [ ! -L "${jaildir}/base/home" ]; then
SAVE=\$PWD; cd ${jaildir}/base
ln -s usr/home home
cd \$SAVE; unset SAVE
fi
fi
fi
if [ ! -d "${jaildir}/rw" ]; then
mkdir "${jaildir}/rw"
fi
mkdir -p "${jaildir}/rw/${name}/etc"
cp -r ${jaildir}/base/etc/* "${jaildir}/rw/${name}/etc/"
if [ ! -f "${jaildir}/rw/${name}/etc/resolv.conf" ]; then
cp /etc/resolv.conf "${jaildir}/rw/${name}/etc/"
fi
mkdir "${jaildir}/rw/${name}/local"
mkdir "${jaildir}/rw/${name}/var"
if [ -n "\$(ls ${jaildir}/base/var)" ]; then
cp -r ${jaildir}/base/var/* "${jaildir}/rw/${name}/var/"
fi
chmod 755 "${jaildir}/rw/${name}/var"
chmod 755 "${jaildir}/base/var"
if [ ! -d "${jaildir}/base/var/db" ]; then
mkdir -p "${jaildir}/base/var/db"
fi
if [ -n "\$(ls ${jaildir}/base/var/db)" ]; then
chmod 755 "${jaildir}/rw/${name}/var/db"
chmod 755 "${jaildir}/base/var/db"
fi
mkdir "${jaildir}/rw/${name}/home"
if [ -n "\$(ls ${jaildir}/base/usr/home)" ]; then
cp -r ${jaildir}/base/usr/home/* "${jaildir}/rw/${name}/home/"
fi
mkdir "${jaildir}/rw/${name}/root"
if [ -n "\$(ls -A ${jaildir}/base/root)" ]; then
cp -r ${jaildir}/base/root/ "${jaildir}/rw/${name}/root/"
fi
EOF
echo "create" >> "$__messages_out"
# Create the ro+rw mountpoint entries in fstab
cat <<EOF
cat >/etc/fstab.${name} <<END
${jaildir}/base ${jaildir}/${name} nullfs ro 0 0
${jaildir}/rw/${name}/etc ${jaildir}/${name}/etc nullfs rw 0 0
${jaildir}/rw/${name}/local ${jaildir}/${name}/usr/local nullfs rw 0 0
${jaildir}/rw/${name}/var ${jaildir}/${name}/var nullfs rw 0 0
${jaildir}/rw/${name}/home ${jaildir}/${name}/usr/home nullfs rw 0 0
${jaildir}/rw/${name}/root ${jaildir}/${name}/root nullfs rw 0 0
END
EOF
# Add the jail configuration to jail.conf
cat <<EOF
# first check to see whether jail_enable="YES" exists in rc.conf or not and add it
# if necessary
jail_enable="\$(grep '^jail_enable=' /etc/rc.conf | cut -d= -f2)"
if [ -z "\$jail_enable" ]; then # no jail_enable line in rc.conf at all
echo "jail_enable=\"YES\"" >>/etc/rc.conf
elif [ ! "\$(echo \$jail_enable | tr '[a-z]' '[A-Z]' | tr -d '"')" = "YES" ]; then # jail_enable="NO"
sed -i '.bak' 's/^jail_enable=.*$/jail_enable="YES"/g' /etc/rc.conf # fix this -^
rm -f /etc/rc.conf.bak
fi
jailfile=/etc/jail.conf
jailheader="${name} {"
jaildata="path=\"${jaildir}/${name}\";"
if [ "$devfsenable" = "true" ]; then
jaildata="\$jaildata
mount.devfs;"
else
jaildata="\$jaildata
mount.nodevfs;"
fi
jaildata="\$jaildata
host.hostname=\"${hostname}\";
ip4.addr=\"${ip}\";
exec.start=\"/bin/sh /etc/rc\";
exec.stop=\"/bin/sh /etc/rc.shutdown\";
exec.consolelog=\"/var/log/jail_${name}_console.log\";
mount.fstab=\"/etc/fstab.${name}\";
allow.mount;
exec.clean;
allow.set_hostname=0;
allow.sysvipc=0;
allow.raw_sockets=0;"
jailtrailer="}"
if [ "$devfsenable" = "true" ] && [ "${devfsruleset}" = "jailrules" ]; then # The default ruleset is to be used
if [ ! -f /etc/devfs.rules ]; then
touch /etc/devfs.rules
fi
if [ -z "\$(grep '\[jailrules=' /etc/devfs.rules)" ]; then # The default ruleset doesn't exist
# Get the highest-numbered ruleset
highest="\$(sed -n 's/\[.*=\([0-9]*\)\]/\1/pg' /etc/devfs.rules | sort -u | tail -n 1)" || true
# increment by 1
[ -z "\$highest" ] && highest=10
let num="\${highest}+1" 2>&1 >/dev/null # Close the FD==fail...
# add default ruleset
cat >>/etc/devfs.rules <<END
[jailrules=\${num}]
add include \\\$devfsrules_hide_all
add include \\\$devfsrules_unhide_basic
add include \\\$devfsrules_unhide_login
END
fi
devfsruleset_num=\$(grep "\[${devfsruleset}=" /etc/devfs.rules | sed -n 's/\[.*=\([0-9]*\)\]/\1/pg')
if [ -n "\$devfsruleset_num" ]; then
jaildata="\$jaildata
devfs_ruleset=\"\${devfsruleset_num}\";"
fi
fi
EOF
echo "printf \"%s\\n%s\n%s\n\" \"\$jailheader\" \"\$jaildata\" \"\$jailtrailer\" >>\"\$jailfile\""
# Add $name to jail_list if $onboot=yes
if [ "$onboot" = "yes" ]; then
# first check to see whether jail_enable="YES" exists in rc.conf or not and add it
# if necessary
cat <<EOF
eval "\$(grep '^jail_list=' /etc/rc.conf)"
if [ -z "\$jail_list" ]; then # no jail_list line in rc.conf at all
echo "jail_list=\"${name}\"" >>/etc/rc.conf
else
jail_list="\${jail_list} ${name}"
sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf
rm -f /etc/rc.conf.bak
fi
unset jail_list
EOF
echo "onboot" >> "$__messages_out"
fi
# Add the normal entries into the jail's rc.conf
cat <<EOF
echo hostname=\"${hostname}\" >"${jaildir}/rw/${name}/etc/rc.conf"
echo sshd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
echo sendmail_enable=\"NONE\" >>"${jaildir}/rw/${name}/etc/rc.conf"
echo syslogd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
echo syslogd_flags=\"-ss\" >>"${jaildir}/rw/${name}/etc/rc.conf"
EOF
# Configure SSHd's listening address
cat <<EOF
mgmt_ip="$(echo "$mgmt_ip" | sed -E -e 's#/[0-9]*$##g')"
sed -E -i '.bak' -e "s/#?ListenAddress 0.0.0.0/ListenAddress \${mgmt_ip}/" "${jaildir}/rw/${name}/etc/ssh/sshd_config"
EOF
}
if [ "$present" = "EXISTS" ]; then # The jail currently exists
if [ "$state" = "present" ]; then # The jail is supposed to exist
if [ "$started" = "true" ]; then # The jail is supposed to be started
startJail
else # The jail is not supposed to be started
stopJail
fi
exit 0
else # The jail is not supposed to exist
stopJail
deleteJail
exit 0
fi
else # The jail does not currently exist
if [ "$state" = "absent" ]; then # The jail is not supposed to be present
exit 0
else # The jail is supposed to exist
createJail
[ "$started" = "true" ] && startJail
exit 0
fi
fi

View file

@ -0,0 +1,115 @@
cdist-type__jail_freebsd10(7)
=============================
Manage FreeBSD jails
Jake Guffey <jake.guffey--@--jointheirstm.org>
DESCRIPTION
-----------
This type is used on FreeBSD >= 10.0 to manage jails.
REQUIRED PARAMETERS
-------------------
state
Either "present" or "absent", defaults to "present".
jailbase
The location of the .tgz archive containing the base fs for your jails.
OPTIONAL PARAMETERS
-------------------
name
The name of the jail. Default is to use the object_id as the jail name.
ip
The ifconfig style IP/netmask combination to use for the jail guest. If
the state parameter is "present," this parameter is required.
hostname
The FQDN to use for the jail guest. Defaults to the name parameter.
interface
The name of the physical interface on the jail server to bind the jail to.
Defaults to the first interface found in the output of ifconfig -l.
devfs-ruleset
The name of the devfs ruleset to associate with the jail. Defaults to
"jailrules." This ruleset must be copied to the server via another type.
To use this option, devfs-enable must be "true."
jaildir
The location on the remote server to use for hosting jail filesystems.
Defaults to /usr/jail.
BOOLEAN PARAMETERS
------------------
stopped
Do not start the jail
devfs-disable
Whether to disallow devfs mounting within the jail
onboot
Whether to add the jail to rc.conf's jail_list variable.
CAVEATS
-------
This type does not currently support modification of jail options. If, for
example a jail needs to have its IP address or netmask changed, the jail must
be removed then re-added with the correct IP address/netmask or the appropriate
modifications to jail.conf need to be made through alternate means.
MESSAGES
--------
start
The jail was started
stop
The jail was stopped
create:
The jail was created
delete
The jail was deleted
onboot
The jail was configured to start on boot
EXAMPLES
--------
.. code-block:: sh
# Create a jail called www
__jail_freebsd10 www --state present --ip "192.168.1.2" --jailbase /my/jail/base.tgz
# Remove the jail called www
__jail_freebsd10 www --state absent --jailbase /my/jail/base.tgz
# The jail www should not be started
__jail_freebsd10 www --state present --stopped \
--ip "192.168.1.2 netmask 255.255.255.0" \
--jailbase /my/jail/base.tgz
# Use the name variable explicitly
__jail_freebsd10 thisjail --state present --name www \
--ip "192.168.1.2" \
--jailbase /my/jail/base.tgz
# Go nuts
__jail_freebsd10 lotsofoptions --state present --name testjail \
--ip "192.168.1.100 netmask 255.255.255.0" \
--hostname "testjail.example.com" --interface "em0" \
--onboot --jailbase /my/jail/base.tgz --jaildir /jails
SEE ALSO
--------
- `cdist-type(7) <cdist-type.html>`_
COPYING
-------
Copyright \(C) 2012-2016 Jake Guffey. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1,3 @@
onboot
stopped
devfs-disable

View file

@ -0,0 +1 @@
jailrules

View file

@ -0,0 +1 @@

View file

@ -0,0 +1 @@
/usr/jail

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,8 @@
name
ip
hostname
interface
devfs-ruleset
jaildir
jailbase
state

View file

@ -0,0 +1,54 @@
#!/bin/sh
#
# 2012 Jake Guffey (jake.guffey at eprotex.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# See if the jailbase.tgz or $jaildir/base dir exists
#
# Debug
#exec >&2
#set -x
if [ -f "$__object/parameter/jaildir" ]; then
jaildir="$(cat "$__object/parameter/jaildir")"
else
jaildir="/usr/jail"
fi
name="base:jailbase.tgz"
out=""
save_IFS="$IFS"
IFS=":"
for cur in $name; do
if [ -e "${jaildir}/$cur" ]; then
out="${out}:${cur}"
fi
done
IFS="$save_IFS"
if [ -z "$out" ]; then
echo "NONE"
else
echo "${out}"
fi
# Debug
#set +x

View file

@ -0,0 +1,43 @@
#!/bin/sh
#
# 2012 Jake Guffey (jake.guffey at eprotex.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# See if the requested jail exists
#
# Debug
#exec >&2
#set -x
if [ -f "$__object/parameter/name" ]; then
name="$(cat "$__object/parameter/name")"
else
name=$__object_id
fi
if [ -f "$__object/parameter/jaildir" ]; then
jaildir="$(cat "$__object/parameter/jaildir")"
else
jaildir="/usr/jail"
fi
[ -d "${jaildir}/$name" ] && echo "EXISTS" || echo "NOTEXIST"
#set +x

View file

@ -0,0 +1,52 @@
#!/bin/sh
#
# 2012 Jake Guffey (jake.guffey at eprotex.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# See if the requested jail is started
#
# Debug
#exec >&2
#set -x
if [ -f "$__object/parameter/name" ]; then
name="$(cat "$__object/parameter/name")"
else
name="$__object_id"
fi
if [ -f "$__object/parameter/jaildir" ]; then
jaildir="$(cat "$__object/parameter/jaildir")"
else
jaildir="/usr/jail"
fi
# backslash-escaped $jaildir
sjaildir="$(echo ${jaildir} | sed 's#/#\\/#g')"
jls_output="$(jls | grep "[ ]${sjaildir}\/${name}\$")" || true
if [ -n "${jls_output}" ]; then
echo "STARTED"
else
echo "NOTSTART"
fi
# Debug
#set +x

View file

@ -1,6 +1,6 @@
#!/bin/sh
#
# 2012,2014 Jake Guffey (jake.guffey at eprotex.com)
# 2012,2014,2016 Jake Guffey (jake.guffey at jointheirstm.org)
#
# This file is part of cdist.
#
@ -18,8 +18,8 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# The __jail type creates, configures, and deletes FreeBSD jails for use as
# virtual machines.
# The __jail_freebsd9 type creates, configures, and deletes FreeBSD jails
# for use as virtual machines on FreeBSD 9.x and before.
#
# Debug
@ -354,3 +354,4 @@ else # The jail does not currently exist
exit 0
fi
fi

View file

@ -0,0 +1,116 @@
cdist-type__jail_freebsd9(7)
============================
Manage FreeBSD jails
Jake Guffey <jake.guffey--@--eprotex.com>
DESCRIPTION
-----------
This type is used on FreeBSD <= 9.x to manage jails.
REQUIRED PARAMETERS
-------------------
state
Either "present" or "absent", defaults to "present".
jailbase
The location of the .tgz archive containing the base fs for your jails.
OPTIONAL PARAMETERS
-------------------
name
The name of the jail. Default is to use the object_id as the jail name.
ip
The ifconfig style IP/netmask combination to use for the jail guest. If
the state parameter is "present," this parameter is required.
hostname
The FQDN to use for the jail guest. Defaults to the name parameter.
interface
The name of the physical interface on the jail server to bind the jail to.
Defaults to the first interface found in the output of ifconfig -l.
devfs-ruleset
The name of the devfs ruleset to associate with the jail. Defaults to
"jailrules." This ruleset must be copied to the server via another type.
To use this option, devfs-enable must be "true."
jaildir
The location on the remote server to use for hosting jail filesystems.
Defaults to /usr/jail.
BOOLEAN PARAMETERS
------------------
stopped
Do not start the jail
devfs-disable
Whether to disallow devfs mounting within the jail
onboot
Whether to add the jail to rc.conf's jail_list variable.
CAVEATS
-------
This type does not currently support modification of jail options. If, for
example a jail needs to have its IP address or netmask changed, the jail must
be removed then re-added with the correct IP address/netmask or the appropriate
line (jail_<name>_ip="...") modified within rc.conf through some alternate
means.
MESSAGES
--------
start
The jail was started
stop
The jail was stopped
create:
The jail was created
delete
The jail was deleted
onboot
The jail was configured to start on boot
EXAMPLES
--------
.. code-block:: sh
# Create a jail called www
__jail_freebsd9 www --state present --ip "192.168.1.2" --jailbase /my/jail/base.tgz
# Remove the jail called www
__jail_freebsd9 www --state absent --jailbase /my/jail/base.tgz
# The jail www should not be started
__jail_freebsd9 www --state present --stopped \
--ip "192.168.1.2 netmask 255.255.255.0" \
--jailbase /my/jail/base.tgz
# Use the name variable explicitly
__jail_freebsd9 thisjail --state present --name www \
--ip "192.168.1.2" \
--jailbase /my/jail/base.tgz
# Go nuts
__jail_freebsd9 lotsofoptions --state present --name testjail \
--ip "192.168.1.100 netmask 255.255.255.0" \
--hostname "testjail.example.com" --interface "em0" \
--onboot --jailbase /my/jail/base.tgz --jaildir /jails
SEE ALSO
--------
- `cdist-type(7) <cdist-type.html>`_
COPYING
-------
Copyright \(C) 2012-2016 Jake Guffey. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1,3 @@
onboot
stopped
devfs-disable

View file

@ -0,0 +1 @@
jailrules

View file

@ -0,0 +1 @@

View file

@ -0,0 +1 @@
/usr/jail

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,8 @@
name
ip
hostname
interface
devfs-ruleset
jaildir
jailbase
state

View file

@ -0,0 +1 @@
upgrade

View file

@ -4,3 +4,4 @@ type
pkgsite
state
ptype
repo

7
docs/2016-06-06.org Normal file
View file

@ -0,0 +1,7 @@
* Enhance cdist speed
** Start separate server with own option
** Reconfigure normal sshd with appropriate options
** Start various own daemons
** Use custom multiplexing protocol
** Support native Python code
*** Use manifest.py instead of manifest if available

View file

@ -3,6 +3,9 @@ Changelog
next:
* Core: Improve error reporting for local and remote run command (Darko Poljak)
* New type: __jail_freebsd9: Handle jail management on FreeBSD <= 9.X (Jake Guffey)
* New type: __jail_freebsd10: Handle jail management on FreeBSD >= 10.0 (Jake Guffey)
* Type __jail: Dynamically select the correct jail subtype based on target host OS (Jake Guffey)
4.1.0: 2016-05-27
* Documentation: Migrate to reStructuredText format and sphinx (Darko Poljak)