source: src-sh/warden/scripts/backend/createjail.sh

Last change on this file was 2c1653f, checked in by Kris Moore <kris@…>, 5 days ago

Fix a bug creating jails when the user supplies a version via
the --version flag.

Fixes: https://bugs.pcbsd.org/issues/5798

  • Property mode set to 100755
File size: 9.1 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17  echo "${HOST}" > ${JMETADIR}/id
18
19  if [ "${IP4}" != "OFF" ] ; then
20    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
21  fi
22  if [ "${IP6}" != "OFF" ] ; then
23    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
24  fi
25
26  if [ "$AUTOSTART" = "YES" ] ; then
27    touch "${JMETADIR}/autostart"
28  fi
29  touch "${JMETADIR}/jail-linux"
30
31  if [ -n "$LINUXARCHIVE_FILE" ] ; then
32    echo "Extracting ${LINUXARCHIVE_FILE}..."
33    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
34    if [ $? -ne 0 ] ; then
35       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
36       warden delete --confirm ${JAILNAME} 2>/dev/null
37       exit 1
38    fi
39  else
40    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
41    if [ $? -ne 0 ] ; then
42       echo "Failed running ${LINUX_JAIL_SCRIPT}"
43       warden delete --confirm ${JAILNAME} 2>/dev/null
44       exit 1
45    fi
46  fi
47 
48  # Create the master.passwd
49  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
50  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
51  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
53  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
54  rm ${JAILDIR}/tmp/passwd
55
56  # Copy resolv.conf
57  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
58
59  # Do some touch-up to make linux happy
60  echo '#!/bin/bash
61cd /etc
62pwconv
63grpconv
64touch /etc/fstab
65touch /etc/mtab
66' > ${JAILDIR}/.fixSH
67  chmod 755 ${JAILDIR}/.fixSH
68  chroot ${JAILDIR} /.fixSH
69  rm ${JAILDIR}/.fixSH
70
71  # If we are auto-starting the jail, do it now
72  if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
73
74  echo "Success! Linux jail created at ${JAILDIR}"
75}
76
77# Load our passed values
78JAILNAME="${1}"
79HOST="${1}"
80
81# Everything else is passed via environmental variables
82
83case "${JAILTYPE}" in
84  linuxjail) LINUXJAIL="YES" ;;
85  pluginjail) PLUGINJAIL="YES" ;;
86  portjail) PORTJAIL="YES" ;;
87  standard) ;;
88esac
89
90# See if we need to create a default template
91# If using a ARCHIVEFILE we can skip this step
92if [ -z "$TEMPLATE" -a -z "$ARCHIVEFILE" ] ; then
93
94  # Did the user supply their own version to create?
95  if [ -n "$CREATEVERSION" ] ; then
96    DEFTEMPLATE="${CREATEVERSION}-${ARCH}"
97  else
98    DEFTEMPLATE="`uname -r | cut -d '-' -f 1-2`-${ARCH}"
99  fi
100  echo "DEF: $DEFTEMPLATE"
101
102  # If on a plugin jail, lets change the nickname
103  if [ "${PLUGINJAIL}" = "YES"  ] ; then
104    DEFTEMPLATE="${DEFTEMPLATE}-pluginjail"
105  fi
106
107  # See if we need to create a new template for this system
108  TDIR="${JDIR}/.warden-template-$DEFTEMPLATE"
109  if [ ! -e "$TDIR" ] ; then
110      FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
111
112      FLAGS="-trueos `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
113
114      if [ "${PLUGINJAIL}" = "YES" ] ; then
115         FLAGS="$FLAGS -pluginjail"
116      fi
117      warden template create ${FLAGS}
118      if [ $? -ne 0 ] ; then
119        # If we failed, lets try again with FreeBSD dist files
120        FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
121        FLAGS="-fbsd `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
122
123        if [ "${PLUGINJAIL}" = "YES" ] ; then
124          FLAGS="$FLAGS -pluginjail"
125        fi
126        warden template create ${FLAGS}
127        if [ $? -ne 0 ] ; then
128          exit_err "Failed create default template"
129        fi
130      fi
131  fi
132  WORLDCHROOT="${TDIR}"
133elif [ -z "$ARCHIVEFILE" ] ; then
134  # Set WORLDCHROOT to the dir we will clone / file to extract
135  WORLDCHROOT="${JDIR}/.warden-template-$TEMPLATE"
136else 
137   # See if we are overriding the default archive file
138   WORLDCHROOT="$ARCHIVEFILE"
139fi
140
141if [ "${IP4}" != "OFF" ] ; then
142  get_ip_and_netmask "${IP4}"
143  IP4="${JIP}"
144  MASK4="${JMASK}"
145  if [ -z "$MASK4" ] ; then MASK4="24"; fi
146fi
147
148if [ "${IP6}" != "OFF" ] ; then
149  get_ip_and_netmask "${IP6}"
150  IP6="${JIP}"
151  MASK6="${JMASK}"
152  if [ -z "$MASK6" ] ; then MASK6="64"; fi
153fi
154
155if [ -z "$HOST" ] ; then
156   echo "ERROR: Missing hostname!"
157   exit 6
158fi
159
160JAILDIR="${JDIR}/${JAILNAME}"
161set_warden_metadir
162
163if [ -e "${JAILDIR}" ]
164then
165  echo "ERROR: This Jail directory already exists!"
166  exit 5
167fi
168
169# Make sure we don't have a host already with this name
170for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
171do
172  if [ ! -e "${i}/host" ] ; then continue ; fi
173  if [ "`cat ${i}/host`" = "$HOST" ] ; then
174    echo "ERROR: A jail with this hostname already exists!"
175    exit 5
176  fi
177done
178
179# Get next unique ID
180META_ID=0
181for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
182do
183  id=`cat ${i}/id`
184  if [ "${id}" -gt "${META_ID}" ] ; then
185    META_ID="${id}"
186  fi
187done
188: $(( META_ID += 1 ))
189
190# If we are setting up a linux jail, lets do it now
191if [ "$LINUXJAIL" = "YES" ] ; then
192   # Get the dataset of the jails mountpoint
193   rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
194   tSubDir=`basename $JAILDIR`
195   nDataSet="${rDataSet}/${tSubDir}"
196
197   zfs create -p ${nDataSet}
198   if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
199   setup_linux_jail
200   exit 0
201fi
202
203echo "Building new Jail... Please wait..."
204
205
206# Get the dataset of the jails mountpoint
207rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
208nSubDir=`basename $JAILDIR`
209nDataSet="${rDataSet}/${nSubDir}"
210oSubDir=`basename $WORLDCHROOT`
211oDataSet="${rDataSet}/${oSubDir}"
212
213# Create ZFS CLONE
214zfs clone ${oDataSet}@clean ${nDataSet}
215if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
216
217mkdir ${JMETADIR}
218echo "${HOST}" > ${JMETADIR}/host
219if [ "${IP4}" != "OFF" ] ; then
220   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
221fi
222if [ "${IP6}" != "OFF" ] ; then
223   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
224fi
225echo "${META_ID}" > ${JMETADIR}/id
226
227if [ "$SOURCE" = "YES" ]
228then
229  echo "Installing source..."
230  mkdir -p "${JAILDIR}/usr/src"
231  cd ${JAILDIR}
232  SYSVER="$(uname -r | cut -d '-' -f 1-2)"
233  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz" "iso"
234  if [ $? -ne 0 ] ; then
235    echo "Error while downloading the freebsd world."
236  else
237    echo "Extracting sources.. May take a while.."
238    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
239    rm src.txz
240    echo "Done"
241  fi
242fi
243
244if [ "$PORTS" = "YES" ]; then
245  echo "Fetching ports..."
246  mkdir -p "${JAILDIR}/usr/ports" 2>/dev/null >/dev/null
247  cat /usr/sbin/portsnap | sed 's|! -t 0|-z '1'|g' | /bin/sh -s -d ${JAILDIR}/var/db/portsnap -p ${JAILDIR}/usr/ports fetch extract update
248  if [ $? -ne 0 ] ; then
249    echo "Error while downloading the ports tree."
250  else
251    echo "Done"
252  fi
253fi
254
255# Create an empty fstab
256touch "${JAILDIR}/etc/fstab"
257
258# If this isn't a fresh jail, we can skip to not clobber existing setup
259if [ -z "$ARCHIVEFILE" ] ; then
260  # Setup rc.conf
261  echo "portmap_enable=\"NO\"
262sshd_enable=\"YES\"
263sendmail_enable=\"NO\"
264hostname=\"${HOST}\"
265devfs_enable=\"YES\"
266devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
267
268  # Create the host for this device
269cat<<__EOF__>"${JAILDIR}/etc/hosts"
270# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
271#
272# Host Database
273#
274# This file should contain the addresses and aliases for local hosts that
275# share this file.  Replace 'my.domain' below with the domainname of your
276# machine.
277#
278# In the presence of the domain name service or NIS, this file may
279# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
280#
281#
282::1                     localhost localhost.localdomain
283127.0.0.1               localhost localhost.localdomain ${HOST}
284__EOF__
285
286  if [ "${IP4}" != "OFF" ] ; then
287    echo "${IP4}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
288  fi
289  if [ "${IP6}" != "OFF" ] ; then
290    echo "${IP6}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
291    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
292  fi
293
294  # Copy resolv.conf
295  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
296
297fi # End of ARCHIVEFILE check
298
299if [ "$AUTOSTART" = "YES" ] ; then
300  touch "${JMETADIR}/autostart"
301fi
302
303# Allow pinging by default
304echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
305
306# Check if we need to copy the timezone file
307if [ -e "/etc/localtime" ] ; then
308   cp /etc/localtime ${JAILDIR}/etc/localtime
309fi
310
311# Setup TrueOS PKGNG repo / utilities only if on TRUEOS
312if [ "$VANILLA" != "YES" -a -e "${JAILDIR}/etc/rc.conf.pcbsd" ] ; then
313  bootstrap_pkgng "${JAILDIR}"
314  if [ $? -ne 0 ] ; then
315     echo "You can manually re-try by running # warden bspkgng ${JAILNAME}"
316  fi
317fi
318
319# Set the default meta-pkg set
320mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
321echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
322
323# Check if making a portjail
324if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
325
326# Check if making a pluginjail
327if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
328
329# If we are auto-starting the jail, do it now
330if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
331
332echo "Success!"
333echo "Jail created at ${JAILDIR}"
334
335if [ "${PLUGINJAIL}" = "YES" ] ; then
336  mkdir -p "${JAILDIR}/.plugins"
337fi
338
339# Send notification of jail changes
340pc-systemflag WARDENUPDATE SUCCESS
341
342exit 0
Note: See TracBrowser for help on using the repository browser.