Merge branch 'master' into better-remote-err-reporting
This commit is contained in:
commit
194f5af7b2
30 changed files with 856 additions and 6 deletions
|
@ -2,12 +2,12 @@ cdist-type__jail(7)
|
|||
===================
|
||||
Manage FreeBSD jails
|
||||
|
||||
Jake Guffey <jake.guffey--@--eprotex.com>
|
||||
Jake Guffey <jake.guffey--@--jointheirstm.org>
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This type is used on FreeBSD to manage jails.
|
||||
This type is used on FreeBSD to manage jails by calling the appropriate per-version subtype.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
|
@ -112,5 +112,5 @@ SEE ALSO
|
|||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2012 Jake Guffey. Free use of this software is
|
||||
Copyright \(C) 2012,2016 Jake Guffey. Free use of this software is
|
||||
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
||||
|
|
|
@ -37,6 +37,19 @@ jaildir="$(cat "$__object/parameter/jaildir")"
|
|||
|
||||
__directory ${jaildir} --parents
|
||||
|
||||
set -- "$@" "$__object_id" "--state" "$state"
|
||||
cd "$__object/parameter"
|
||||
for property in $(ls .); do
|
||||
set -- "$@" "--$property" "$(cat "$property")"
|
||||
done
|
||||
|
||||
ver="$(cat "$__global/explorer/os_version")"
|
||||
if [ -n "$(echo "$ver" | grep '^10\.' )" ]; then # Version is 10.x
|
||||
__jail_freebsd10 "$@"
|
||||
else
|
||||
__jail_freebsd9 "$@"
|
||||
fi
|
||||
|
||||
# Debug
|
||||
#set +x
|
||||
|
||||
|
|
52
cdist/conf/type/__jail_freebsd10/gencode-local
Executable file
52
cdist/conf/type/__jail_freebsd10/gencode-local
Executable file
|
@ -0,0 +1,52 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# The __jail type creates, configures, and deletes FreeBSD jails for use as
|
||||
# virtual machines.
|
||||
#
|
||||
|
||||
# Debug
|
||||
#exec >&2
|
||||
#set -x
|
||||
|
||||
jaildir="$(cat "$__object/parameter/jaildir")"
|
||||
|
||||
jailbase="$(cat "$__object/parameter/jailbase")"
|
||||
|
||||
state="$(cat "$__object/parameter/state")"
|
||||
|
||||
if [ "$state" = "present" ] && [ -z "$jailbase" ]; then
|
||||
exec >&2
|
||||
echo "jailbase is a REQUIRED parameter when state=present!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
remotebase="${jaildir}/jailbase.tgz"
|
||||
basepresent="$(cat "$__object/explorer/basepresent")"
|
||||
|
||||
if [ "$state" = "present" ]; then
|
||||
if [ "$basepresent" = "NONE" ]; then
|
||||
echo "$__remote_copy" "${jailbase}" "$__target_host:${remotebase}"
|
||||
fi # basepresent=NONE
|
||||
fi # state=present
|
||||
|
||||
# Debug
|
||||
#set +x
|
||||
|
362
cdist/conf/type/__jail_freebsd10/gencode-remote
Executable file
362
cdist/conf/type/__jail_freebsd10/gencode-remote
Executable file
|
@ -0,0 +1,362 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012,2014,2016 Jake Guffey (jake.guffey at jointheirstm.org)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# The __jail_freebsd10 type creates, configures, and deletes FreeBSD
|
||||
# jails for use as virtual machines on FreeBSD 10.x.
|
||||
#
|
||||
|
||||
# Debug
|
||||
#exec >&2
|
||||
#set -x
|
||||
|
||||
if [ -f "$__object/parameter/name" ]; then
|
||||
name="$(cat "$__object/parameter/name")"
|
||||
else
|
||||
name="$__object_id"
|
||||
fi
|
||||
|
||||
state="$(cat "$__object/parameter/state")"
|
||||
|
||||
started="true"
|
||||
# If the user wants the jail gone, it implies it shouldn't be started.
|
||||
[ -f "$__object/parameter/stopped" -o "$state" = "absent" ] && started="false"
|
||||
|
||||
if [ -f "$__object/parameter/ip" ]; then
|
||||
ip="$(cat "$__object/parameter/ip")"
|
||||
else
|
||||
# IP is an optional param when $state=absent, but
|
||||
# when $state=present, it's required. Enforce this.
|
||||
if [ "$state" = "present" ]; then
|
||||
exec >&2
|
||||
echo "If --state is 'present,' --ip must be given\!"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/hostname" ]; then
|
||||
hostname="$(cat "$__object/parameter/hostname")"
|
||||
else
|
||||
hostname="$name"
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/devfs-disable" ]; then
|
||||
devfsenable="false"
|
||||
else
|
||||
devfsenable="true"
|
||||
fi
|
||||
|
||||
devfsruleset="$(cat "$__object/parameter/devfs-ruleset")"
|
||||
|
||||
# devfs_ruleset being defined without devfs_enable being true
|
||||
# is pointless. Treat this as an error.
|
||||
if [ -n "$devfsruleset" -a "$devfsenable" = "false" ]; then
|
||||
exec >&2
|
||||
echo "Can't have --devfs-ruleset defined with --devfs-disable"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/onboot" ]; then
|
||||
onboot="true"
|
||||
fi
|
||||
|
||||
jaildir="$(cat "$__object/parameter/jaildir")"
|
||||
|
||||
present="$(cat "$__object/explorer/present")"
|
||||
#present="$(cat "$__type/explorer/present")"
|
||||
status="$(cat "$__object/explorer/status")"
|
||||
|
||||
# Handle ip="addr, addr" format
|
||||
if [ $(expr "${ip}" : ".*, .*") -gt "0" ]; then
|
||||
SAVE_IFS="$IFS"
|
||||
IFS=", "
|
||||
for cur_ip in ${ip}; do
|
||||
# Just get the last IP address for SSH to listen on
|
||||
mgmt_ip=$(echo "${ip}" | cut '-d ' -f1) # In case using "ip netmask" format rather than CIDR
|
||||
done
|
||||
IFS="$SAVE_IFS"
|
||||
else
|
||||
mgmt_ip=$(echo "${ip}" | cut '-d ' -f1) # In case using "ip netmask" format rather than CIDR
|
||||
fi
|
||||
|
||||
stopJail() {
|
||||
# Check $status before issuing command
|
||||
if [ "$status" = "STARTED" ]; then
|
||||
echo "/etc/rc.d/jail stop ${name}"
|
||||
echo "stop" >> "$__messages_out"
|
||||
fi
|
||||
}
|
||||
|
||||
startJail() {
|
||||
# Check $status before issuing command
|
||||
if [ "$status" = "NOTSTART" ]; then
|
||||
echo "/etc/rc.d/jail start ${name}"
|
||||
echo "start" >> "$__messages_out"
|
||||
fi
|
||||
}
|
||||
|
||||
deleteJail() {
|
||||
# Unmount the jail's mountpoints if necessary
|
||||
cat <<EOF
|
||||
output="\$(mount | grep "\/${name}\/dev")" || true
|
||||
if [ -n "\${output}" ]; then # /dev is still mounted...jail still running?
|
||||
/etc/rc.d/jail stop "${name}"
|
||||
fi
|
||||
output="\$(mount | grep "\/rw\/${name}\/")" || true
|
||||
if [ -n "\${output}" ]; then # >=1 rw mount is mounted still
|
||||
for DIR in "${output}"; do
|
||||
umount -F "/etc/fstab.${name}" "\$(echo "${DIR}" | awk '{print $3}')"
|
||||
done
|
||||
fi
|
||||
output="\$(mount | grep "\/${name} (")" || true
|
||||
if [ -n "\${output}" ]; then # ro mount is mounted still
|
||||
umount -F "/etc/fstab.${name}" "\$(echo "${output}" | awk '{print $3}')"
|
||||
fi
|
||||
EOF
|
||||
# Remove the jail's rw mountpoints
|
||||
echo "rm -rf \"${jaildir}/rw/${name}\""
|
||||
# Remove the jail directory
|
||||
echo "rm -rf \"${jaildir}/${name}\""
|
||||
# Remove the jail's fstab
|
||||
echo "rm -f \"/etc/fstab.${name}\""
|
||||
# Remove jail entry from jail.conf
|
||||
cat <<EOF
|
||||
sed -i .bak -E -e "/^${name} {\$/,/^}\\\$/d" /etc/jail.conf
|
||||
if [ -f "/etc/jail.conf.bak" ]; then
|
||||
rm -f "/etc/jail.conf.bak"
|
||||
fi
|
||||
EOF
|
||||
# Remove " $name " from jail_list if it's there
|
||||
cat <<EOF
|
||||
eval \$(grep '^jail_list=' /etc/rc.conf)
|
||||
|
||||
for JAIL in \${jail_list}; do
|
||||
if [ ! "\${JAIL}" = "${name}" ]; then
|
||||
new_list="\${new_list} \${JAIL}"
|
||||
fi
|
||||
done
|
||||
jail_list="\${new_list}"
|
||||
|
||||
sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf
|
||||
unset jail_list
|
||||
if [ -f "/etc/rc.conf.bak" ]; then
|
||||
rm -f /etc/rc.conf.bak
|
||||
fi
|
||||
EOF
|
||||
echo "delete" >> "$__messages_out"
|
||||
}
|
||||
|
||||
createJail() {
|
||||
# Create the jail directory
|
||||
cat <<EOF
|
||||
umask 022
|
||||
mkdir -p ${jaildir}/${name}
|
||||
if [ ! -d "${jaildir}/base" ]; then
|
||||
mkdir "${jaildir}/base"
|
||||
tar -xzf "${jaildir}/jailbase.tgz" -C "${jaildir}/base"
|
||||
if [ ! -d "${jaildir}/base/usr/local" ]; then
|
||||
mkdir -p "${jaildir}/base/usr/local"
|
||||
fi
|
||||
if [ ! -d "${jaildir}/base/usr/home" ]; then
|
||||
mkdir -p "${jaildir}/base/usr/home"
|
||||
fi
|
||||
if [ ! -d "${jaildir}/base/home" ]; then
|
||||
if [ ! -L "${jaildir}/base/home" ]; then
|
||||
SAVE=\$PWD; cd ${jaildir}/base
|
||||
ln -s usr/home home
|
||||
cd \$SAVE; unset SAVE
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if [ ! -d "${jaildir}/rw" ]; then
|
||||
mkdir "${jaildir}/rw"
|
||||
fi
|
||||
mkdir -p "${jaildir}/rw/${name}/etc"
|
||||
cp -r ${jaildir}/base/etc/* "${jaildir}/rw/${name}/etc/"
|
||||
if [ ! -f "${jaildir}/rw/${name}/etc/resolv.conf" ]; then
|
||||
cp /etc/resolv.conf "${jaildir}/rw/${name}/etc/"
|
||||
fi
|
||||
mkdir "${jaildir}/rw/${name}/local"
|
||||
mkdir "${jaildir}/rw/${name}/var"
|
||||
if [ -n "\$(ls ${jaildir}/base/var)" ]; then
|
||||
cp -r ${jaildir}/base/var/* "${jaildir}/rw/${name}/var/"
|
||||
fi
|
||||
chmod 755 "${jaildir}/rw/${name}/var"
|
||||
chmod 755 "${jaildir}/base/var"
|
||||
if [ ! -d "${jaildir}/base/var/db" ]; then
|
||||
mkdir -p "${jaildir}/base/var/db"
|
||||
fi
|
||||
if [ -n "\$(ls ${jaildir}/base/var/db)" ]; then
|
||||
chmod 755 "${jaildir}/rw/${name}/var/db"
|
||||
chmod 755 "${jaildir}/base/var/db"
|
||||
fi
|
||||
mkdir "${jaildir}/rw/${name}/home"
|
||||
if [ -n "\$(ls ${jaildir}/base/usr/home)" ]; then
|
||||
cp -r ${jaildir}/base/usr/home/* "${jaildir}/rw/${name}/home/"
|
||||
fi
|
||||
mkdir "${jaildir}/rw/${name}/root"
|
||||
if [ -n "\$(ls -A ${jaildir}/base/root)" ]; then
|
||||
cp -r ${jaildir}/base/root/ "${jaildir}/rw/${name}/root/"
|
||||
fi
|
||||
|
||||
EOF
|
||||
echo "create" >> "$__messages_out"
|
||||
|
||||
# Create the ro+rw mountpoint entries in fstab
|
||||
cat <<EOF
|
||||
cat >/etc/fstab.${name} <<END
|
||||
${jaildir}/base ${jaildir}/${name} nullfs ro 0 0
|
||||
${jaildir}/rw/${name}/etc ${jaildir}/${name}/etc nullfs rw 0 0
|
||||
${jaildir}/rw/${name}/local ${jaildir}/${name}/usr/local nullfs rw 0 0
|
||||
${jaildir}/rw/${name}/var ${jaildir}/${name}/var nullfs rw 0 0
|
||||
${jaildir}/rw/${name}/home ${jaildir}/${name}/usr/home nullfs rw 0 0
|
||||
${jaildir}/rw/${name}/root ${jaildir}/${name}/root nullfs rw 0 0
|
||||
END
|
||||
EOF
|
||||
|
||||
# Add the jail configuration to jail.conf
|
||||
cat <<EOF
|
||||
# first check to see whether jail_enable="YES" exists in rc.conf or not and add it
|
||||
# if necessary
|
||||
|
||||
jail_enable="\$(grep '^jail_enable=' /etc/rc.conf | cut -d= -f2)"
|
||||
if [ -z "\$jail_enable" ]; then # no jail_enable line in rc.conf at all
|
||||
echo "jail_enable=\"YES\"" >>/etc/rc.conf
|
||||
elif [ ! "\$(echo \$jail_enable | tr '[a-z]' '[A-Z]' | tr -d '"')" = "YES" ]; then # jail_enable="NO"
|
||||
sed -i '.bak' 's/^jail_enable=.*$/jail_enable="YES"/g' /etc/rc.conf # fix this -^
|
||||
rm -f /etc/rc.conf.bak
|
||||
fi
|
||||
|
||||
jailfile=/etc/jail.conf
|
||||
jailheader="${name} {"
|
||||
|
||||
jaildata="path=\"${jaildir}/${name}\";"
|
||||
|
||||
if [ "$devfsenable" = "true" ]; then
|
||||
jaildata="\$jaildata
|
||||
mount.devfs;"
|
||||
else
|
||||
jaildata="\$jaildata
|
||||
mount.nodevfs;"
|
||||
fi
|
||||
|
||||
jaildata="\$jaildata
|
||||
host.hostname=\"${hostname}\";
|
||||
ip4.addr=\"${ip}\";
|
||||
exec.start=\"/bin/sh /etc/rc\";
|
||||
exec.stop=\"/bin/sh /etc/rc.shutdown\";
|
||||
exec.consolelog=\"/var/log/jail_${name}_console.log\";
|
||||
mount.fstab=\"/etc/fstab.${name}\";
|
||||
allow.mount;
|
||||
exec.clean;
|
||||
allow.set_hostname=0;
|
||||
allow.sysvipc=0;
|
||||
allow.raw_sockets=0;"
|
||||
|
||||
jailtrailer="}"
|
||||
|
||||
if [ "$devfsenable" = "true" ] && [ "${devfsruleset}" = "jailrules" ]; then # The default ruleset is to be used
|
||||
if [ ! -f /etc/devfs.rules ]; then
|
||||
touch /etc/devfs.rules
|
||||
fi
|
||||
if [ -z "\$(grep '\[jailrules=' /etc/devfs.rules)" ]; then # The default ruleset doesn't exist
|
||||
# Get the highest-numbered ruleset
|
||||
highest="\$(sed -n 's/\[.*=\([0-9]*\)\]/\1/pg' /etc/devfs.rules | sort -u | tail -n 1)" || true
|
||||
# increment by 1
|
||||
[ -z "\$highest" ] && highest=10
|
||||
let num="\${highest}+1" 2>&1 >/dev/null # Close the FD==fail...
|
||||
# add default ruleset
|
||||
cat >>/etc/devfs.rules <<END
|
||||
|
||||
[jailrules=\${num}]
|
||||
add include \\\$devfsrules_hide_all
|
||||
add include \\\$devfsrules_unhide_basic
|
||||
add include \\\$devfsrules_unhide_login
|
||||
END
|
||||
fi
|
||||
devfsruleset_num=\$(grep "\[${devfsruleset}=" /etc/devfs.rules | sed -n 's/\[.*=\([0-9]*\)\]/\1/pg')
|
||||
if [ -n "\$devfsruleset_num" ]; then
|
||||
jaildata="\$jaildata
|
||||
devfs_ruleset=\"\${devfsruleset_num}\";"
|
||||
fi
|
||||
fi
|
||||
|
||||
EOF
|
||||
|
||||
echo "printf \"%s\\n%s\n%s\n\" \"\$jailheader\" \"\$jaildata\" \"\$jailtrailer\" >>\"\$jailfile\""
|
||||
|
||||
# Add $name to jail_list if $onboot=yes
|
||||
if [ "$onboot" = "yes" ]; then
|
||||
|
||||
# first check to see whether jail_enable="YES" exists in rc.conf or not and add it
|
||||
# if necessary
|
||||
|
||||
cat <<EOF
|
||||
eval "\$(grep '^jail_list=' /etc/rc.conf)"
|
||||
if [ -z "\$jail_list" ]; then # no jail_list line in rc.conf at all
|
||||
echo "jail_list=\"${name}\"" >>/etc/rc.conf
|
||||
else
|
||||
jail_list="\${jail_list} ${name}"
|
||||
sed -i '.bak' "s/^jail_list=\".*\"/jail_list=\"\${jail_list}\"/" /etc/rc.conf
|
||||
rm -f /etc/rc.conf.bak
|
||||
fi
|
||||
unset jail_list
|
||||
EOF
|
||||
echo "onboot" >> "$__messages_out"
|
||||
fi
|
||||
|
||||
# Add the normal entries into the jail's rc.conf
|
||||
cat <<EOF
|
||||
echo hostname=\"${hostname}\" >"${jaildir}/rw/${name}/etc/rc.conf"
|
||||
echo sshd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
|
||||
echo sendmail_enable=\"NONE\" >>"${jaildir}/rw/${name}/etc/rc.conf"
|
||||
echo syslogd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
|
||||
echo syslogd_flags=\"-ss\" >>"${jaildir}/rw/${name}/etc/rc.conf"
|
||||
|
||||
EOF
|
||||
# Configure SSHd's listening address
|
||||
cat <<EOF
|
||||
mgmt_ip="$(echo "$mgmt_ip" | sed -E -e 's#/[0-9]*$##g')"
|
||||
sed -E -i '.bak' -e "s/#?ListenAddress 0.0.0.0/ListenAddress \${mgmt_ip}/" "${jaildir}/rw/${name}/etc/ssh/sshd_config"
|
||||
EOF
|
||||
}
|
||||
|
||||
if [ "$present" = "EXISTS" ]; then # The jail currently exists
|
||||
if [ "$state" = "present" ]; then # The jail is supposed to exist
|
||||
if [ "$started" = "true" ]; then # The jail is supposed to be started
|
||||
startJail
|
||||
else # The jail is not supposed to be started
|
||||
stopJail
|
||||
fi
|
||||
exit 0
|
||||
else # The jail is not supposed to exist
|
||||
stopJail
|
||||
deleteJail
|
||||
exit 0
|
||||
fi
|
||||
else # The jail does not currently exist
|
||||
if [ "$state" = "absent" ]; then # The jail is not supposed to be present
|
||||
exit 0
|
||||
else # The jail is supposed to exist
|
||||
createJail
|
||||
[ "$started" = "true" ] && startJail
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
115
cdist/conf/type/__jail_freebsd10/man.rst
Normal file
115
cdist/conf/type/__jail_freebsd10/man.rst
Normal file
|
@ -0,0 +1,115 @@
|
|||
cdist-type__jail_freebsd10(7)
|
||||
=============================
|
||||
Manage FreeBSD jails
|
||||
|
||||
Jake Guffey <jake.guffey--@--jointheirstm.org>
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This type is used on FreeBSD >= 10.0 to manage jails.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state
|
||||
Either "present" or "absent", defaults to "present".
|
||||
|
||||
jailbase
|
||||
The location of the .tgz archive containing the base fs for your jails.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
name
|
||||
The name of the jail. Default is to use the object_id as the jail name.
|
||||
|
||||
ip
|
||||
The ifconfig style IP/netmask combination to use for the jail guest. If
|
||||
the state parameter is "present," this parameter is required.
|
||||
|
||||
hostname
|
||||
The FQDN to use for the jail guest. Defaults to the name parameter.
|
||||
|
||||
interface
|
||||
The name of the physical interface on the jail server to bind the jail to.
|
||||
Defaults to the first interface found in the output of ifconfig -l.
|
||||
|
||||
devfs-ruleset
|
||||
The name of the devfs ruleset to associate with the jail. Defaults to
|
||||
"jailrules." This ruleset must be copied to the server via another type.
|
||||
To use this option, devfs-enable must be "true."
|
||||
|
||||
jaildir
|
||||
The location on the remote server to use for hosting jail filesystems.
|
||||
Defaults to /usr/jail.
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
stopped
|
||||
Do not start the jail
|
||||
|
||||
devfs-disable
|
||||
Whether to disallow devfs mounting within the jail
|
||||
|
||||
onboot
|
||||
Whether to add the jail to rc.conf's jail_list variable.
|
||||
|
||||
|
||||
CAVEATS
|
||||
-------
|
||||
This type does not currently support modification of jail options. If, for
|
||||
example a jail needs to have its IP address or netmask changed, the jail must
|
||||
be removed then re-added with the correct IP address/netmask or the appropriate
|
||||
modifications to jail.conf need to be made through alternate means.
|
||||
|
||||
MESSAGES
|
||||
--------
|
||||
start
|
||||
The jail was started
|
||||
stop
|
||||
The jail was stopped
|
||||
create:
|
||||
The jail was created
|
||||
delete
|
||||
The jail was deleted
|
||||
onboot
|
||||
The jail was configured to start on boot
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
# Create a jail called www
|
||||
__jail_freebsd10 www --state present --ip "192.168.1.2" --jailbase /my/jail/base.tgz
|
||||
|
||||
# Remove the jail called www
|
||||
__jail_freebsd10 www --state absent --jailbase /my/jail/base.tgz
|
||||
|
||||
# The jail www should not be started
|
||||
__jail_freebsd10 www --state present --stopped \
|
||||
--ip "192.168.1.2 netmask 255.255.255.0" \
|
||||
--jailbase /my/jail/base.tgz
|
||||
|
||||
# Use the name variable explicitly
|
||||
__jail_freebsd10 thisjail --state present --name www \
|
||||
--ip "192.168.1.2" \
|
||||
--jailbase /my/jail/base.tgz
|
||||
|
||||
# Go nuts
|
||||
__jail_freebsd10 lotsofoptions --state present --name testjail \
|
||||
--ip "192.168.1.100 netmask 255.255.255.0" \
|
||||
--hostname "testjail.example.com" --interface "em0" \
|
||||
--onboot --jailbase /my/jail/base.tgz --jaildir /jails
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- `cdist-type(7) <cdist-type.html>`_
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2012-2016 Jake Guffey. Free use of this software is
|
||||
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
3
cdist/conf/type/__jail_freebsd10/parameter/boolean
Normal file
3
cdist/conf/type/__jail_freebsd10/parameter/boolean
Normal file
|
@ -0,0 +1,3 @@
|
|||
onboot
|
||||
stopped
|
||||
devfs-disable
|
|
@ -0,0 +1 @@
|
|||
jailrules
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
/usr/jail
|
1
cdist/conf/type/__jail_freebsd10/parameter/default/state
Normal file
1
cdist/conf/type/__jail_freebsd10/parameter/default/state
Normal file
|
@ -0,0 +1 @@
|
|||
present
|
8
cdist/conf/type/__jail_freebsd10/parameter/optional
Normal file
8
cdist/conf/type/__jail_freebsd10/parameter/optional
Normal file
|
@ -0,0 +1,8 @@
|
|||
name
|
||||
ip
|
||||
hostname
|
||||
interface
|
||||
devfs-ruleset
|
||||
jaildir
|
||||
jailbase
|
||||
state
|
54
cdist/conf/type/__jail_freebsd9/explorer/basepresent
Executable file
54
cdist/conf/type/__jail_freebsd9/explorer/basepresent
Executable file
|
@ -0,0 +1,54 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# See if the jailbase.tgz or $jaildir/base dir exists
|
||||
#
|
||||
|
||||
# Debug
|
||||
#exec >&2
|
||||
#set -x
|
||||
|
||||
if [ -f "$__object/parameter/jaildir" ]; then
|
||||
jaildir="$(cat "$__object/parameter/jaildir")"
|
||||
else
|
||||
jaildir="/usr/jail"
|
||||
fi
|
||||
|
||||
name="base:jailbase.tgz"
|
||||
out=""
|
||||
|
||||
save_IFS="$IFS"
|
||||
IFS=":"
|
||||
for cur in $name; do
|
||||
if [ -e "${jaildir}/$cur" ]; then
|
||||
out="${out}:${cur}"
|
||||
fi
|
||||
done
|
||||
IFS="$save_IFS"
|
||||
|
||||
if [ -z "$out" ]; then
|
||||
echo "NONE"
|
||||
else
|
||||
echo "${out}"
|
||||
fi
|
||||
|
||||
# Debug
|
||||
#set +x
|
||||
|
43
cdist/conf/type/__jail_freebsd9/explorer/present
Executable file
43
cdist/conf/type/__jail_freebsd9/explorer/present
Executable file
|
@ -0,0 +1,43 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# See if the requested jail exists
|
||||
#
|
||||
|
||||
# Debug
|
||||
#exec >&2
|
||||
#set -x
|
||||
|
||||
if [ -f "$__object/parameter/name" ]; then
|
||||
name="$(cat "$__object/parameter/name")"
|
||||
else
|
||||
name=$__object_id
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/jaildir" ]; then
|
||||
jaildir="$(cat "$__object/parameter/jaildir")"
|
||||
else
|
||||
jaildir="/usr/jail"
|
||||
fi
|
||||
|
||||
[ -d "${jaildir}/$name" ] && echo "EXISTS" || echo "NOTEXIST"
|
||||
|
||||
#set +x
|
||||
|
52
cdist/conf/type/__jail_freebsd9/explorer/status
Executable file
52
cdist/conf/type/__jail_freebsd9/explorer/status
Executable file
|
@ -0,0 +1,52 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# See if the requested jail is started
|
||||
#
|
||||
|
||||
# Debug
|
||||
#exec >&2
|
||||
#set -x
|
||||
|
||||
if [ -f "$__object/parameter/name" ]; then
|
||||
name="$(cat "$__object/parameter/name")"
|
||||
else
|
||||
name="$__object_id"
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/jaildir" ]; then
|
||||
jaildir="$(cat "$__object/parameter/jaildir")"
|
||||
else
|
||||
jaildir="/usr/jail"
|
||||
fi
|
||||
# backslash-escaped $jaildir
|
||||
sjaildir="$(echo ${jaildir} | sed 's#/#\\/#g')"
|
||||
|
||||
jls_output="$(jls | grep "[ ]${sjaildir}\/${name}\$")" || true
|
||||
|
||||
if [ -n "${jls_output}" ]; then
|
||||
echo "STARTED"
|
||||
else
|
||||
echo "NOTSTART"
|
||||
fi
|
||||
|
||||
# Debug
|
||||
#set +x
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012,2014 Jake Guffey (jake.guffey at eprotex.com)
|
||||
# 2012,2014,2016 Jake Guffey (jake.guffey at jointheirstm.org)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -18,8 +18,8 @@
|
|||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# The __jail type creates, configures, and deletes FreeBSD jails for use as
|
||||
# virtual machines.
|
||||
# The __jail_freebsd9 type creates, configures, and deletes FreeBSD jails
|
||||
# for use as virtual machines on FreeBSD 9.x and before.
|
||||
#
|
||||
|
||||
# Debug
|
||||
|
@ -354,3 +354,4 @@ else # The jail does not currently exist
|
|||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
116
cdist/conf/type/__jail_freebsd9/man.rst
Normal file
116
cdist/conf/type/__jail_freebsd9/man.rst
Normal file
|
@ -0,0 +1,116 @@
|
|||
cdist-type__jail_freebsd9(7)
|
||||
============================
|
||||
Manage FreeBSD jails
|
||||
|
||||
Jake Guffey <jake.guffey--@--eprotex.com>
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This type is used on FreeBSD <= 9.x to manage jails.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state
|
||||
Either "present" or "absent", defaults to "present".
|
||||
|
||||
jailbase
|
||||
The location of the .tgz archive containing the base fs for your jails.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
name
|
||||
The name of the jail. Default is to use the object_id as the jail name.
|
||||
|
||||
ip
|
||||
The ifconfig style IP/netmask combination to use for the jail guest. If
|
||||
the state parameter is "present," this parameter is required.
|
||||
|
||||
hostname
|
||||
The FQDN to use for the jail guest. Defaults to the name parameter.
|
||||
|
||||
interface
|
||||
The name of the physical interface on the jail server to bind the jail to.
|
||||
Defaults to the first interface found in the output of ifconfig -l.
|
||||
|
||||
devfs-ruleset
|
||||
The name of the devfs ruleset to associate with the jail. Defaults to
|
||||
"jailrules." This ruleset must be copied to the server via another type.
|
||||
To use this option, devfs-enable must be "true."
|
||||
|
||||
jaildir
|
||||
The location on the remote server to use for hosting jail filesystems.
|
||||
Defaults to /usr/jail.
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
stopped
|
||||
Do not start the jail
|
||||
|
||||
devfs-disable
|
||||
Whether to disallow devfs mounting within the jail
|
||||
|
||||
onboot
|
||||
Whether to add the jail to rc.conf's jail_list variable.
|
||||
|
||||
|
||||
CAVEATS
|
||||
-------
|
||||
This type does not currently support modification of jail options. If, for
|
||||
example a jail needs to have its IP address or netmask changed, the jail must
|
||||
be removed then re-added with the correct IP address/netmask or the appropriate
|
||||
line (jail_<name>_ip="...") modified within rc.conf through some alternate
|
||||
means.
|
||||
|
||||
MESSAGES
|
||||
--------
|
||||
start
|
||||
The jail was started
|
||||
stop
|
||||
The jail was stopped
|
||||
create:
|
||||
The jail was created
|
||||
delete
|
||||
The jail was deleted
|
||||
onboot
|
||||
The jail was configured to start on boot
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
# Create a jail called www
|
||||
__jail_freebsd9 www --state present --ip "192.168.1.2" --jailbase /my/jail/base.tgz
|
||||
|
||||
# Remove the jail called www
|
||||
__jail_freebsd9 www --state absent --jailbase /my/jail/base.tgz
|
||||
|
||||
# The jail www should not be started
|
||||
__jail_freebsd9 www --state present --stopped \
|
||||
--ip "192.168.1.2 netmask 255.255.255.0" \
|
||||
--jailbase /my/jail/base.tgz
|
||||
|
||||
# Use the name variable explicitly
|
||||
__jail_freebsd9 thisjail --state present --name www \
|
||||
--ip "192.168.1.2" \
|
||||
--jailbase /my/jail/base.tgz
|
||||
|
||||
# Go nuts
|
||||
__jail_freebsd9 lotsofoptions --state present --name testjail \
|
||||
--ip "192.168.1.100 netmask 255.255.255.0" \
|
||||
--hostname "testjail.example.com" --interface "em0" \
|
||||
--onboot --jailbase /my/jail/base.tgz --jaildir /jails
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- `cdist-type(7) <cdist-type.html>`_
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2012-2016 Jake Guffey. Free use of this software is
|
||||
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
3
cdist/conf/type/__jail_freebsd9/parameter/boolean
Normal file
3
cdist/conf/type/__jail_freebsd9/parameter/boolean
Normal file
|
@ -0,0 +1,3 @@
|
|||
onboot
|
||||
stopped
|
||||
devfs-disable
|
|
@ -0,0 +1 @@
|
|||
jailrules
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
/usr/jail
|
1
cdist/conf/type/__jail_freebsd9/parameter/default/state
Normal file
1
cdist/conf/type/__jail_freebsd9/parameter/default/state
Normal file
|
@ -0,0 +1 @@
|
|||
present
|
8
cdist/conf/type/__jail_freebsd9/parameter/optional
Normal file
8
cdist/conf/type/__jail_freebsd9/parameter/optional
Normal file
|
@ -0,0 +1,8 @@
|
|||
name
|
||||
ip
|
||||
hostname
|
||||
interface
|
||||
devfs-ruleset
|
||||
jaildir
|
||||
jailbase
|
||||
state
|
1
cdist/conf/type/__package/parameter/boolean
Normal file
1
cdist/conf/type/__package/parameter/boolean
Normal file
|
@ -0,0 +1 @@
|
|||
upgrade
|
|
@ -4,3 +4,4 @@ type
|
|||
pkgsite
|
||||
state
|
||||
ptype
|
||||
repo
|
||||
|
|
7
docs/2016-06-06.org
Normal file
7
docs/2016-06-06.org
Normal file
|
@ -0,0 +1,7 @@
|
|||
* Enhance cdist speed
|
||||
** Start separate server with own option
|
||||
** Reconfigure normal sshd with appropriate options
|
||||
** Start various own daemons
|
||||
** Use custom multiplexing protocol
|
||||
** Support native Python code
|
||||
*** Use manifest.py instead of manifest if available
|
|
@ -3,6 +3,9 @@ Changelog
|
|||
|
||||
next:
|
||||
* Core: Improve error reporting for local and remote run command (Darko Poljak)
|
||||
* New type: __jail_freebsd9: Handle jail management on FreeBSD <= 9.X (Jake Guffey)
|
||||
* New type: __jail_freebsd10: Handle jail management on FreeBSD >= 10.0 (Jake Guffey)
|
||||
* Type __jail: Dynamically select the correct jail subtype based on target host OS (Jake Guffey)
|
||||
|
||||
4.1.0: 2016-05-27
|
||||
* Documentation: Migrate to reStructuredText format and sphinx (Darko Poljak)
|
||||
|
|
Loading…
Reference in a new issue