source: src-sh/warden/scripts/backend/createjail.sh @ 17235d6

9.1-release9.2-releasereleng/10.0releng/10.0.1releng/10.0.2
Last change on this file since 17235d6 was 17235d6, checked in by Kris Moore <kris@…>, 16 months ago

Merge changes from John Hixson and FreeNAS work

  • Property mode set to 100755
File size: 9.7 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17
18  if [ "${IP4}" != "OFF" ] ; then
19    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
20  fi
21  if [ "${IP6}" != "OFF" ] ; then
22    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
23  fi
24
25  if [ "$AUTOSTART" = "YES" ] ; then
26    touch "${JMETADIR}/autostart"
27  fi
28  touch "${JMETADIR}/jail-linux"
29
30  if [ -n "$LINUXARCHIVE_FILE" ] ; then
31    echo "Extracting ${LINUXARCHIVE_FILE}..."
32    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
33    if [ $? -ne 0 ] ; then
34       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
35       warden delete --confirm ${JAILNAME} 2>/dev/null
36       exit 1
37    fi
38  else
39    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
40    if [ $? -ne 0 ] ; then
41       echo "Failed running ${LINUX_JAIL_SCRIPT}"
42       warden delete --confirm ${JAILNAME} 2>/dev/null
43       exit 1
44    fi
45  fi
46 
47  # Create the master.passwd
48  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
49  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
50  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
51  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
53  rm ${JAILDIR}/tmp/passwd
54
55  # Copy resolv.conf
56  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
57
58  # Do some touch-up to make linux happy
59  echo '#!/bin/bash
60cd /etc
61pwconv
62grpconv
63touch /etc/fstab
64touch /etc/mtab
65' > ${JAILDIR}/.fixSH
66  chmod 755 ${JAILDIR}/.fixSH
67  chroot ${JAILDIR} /.fixSH
68  rm ${JAILDIR}/.fixSH
69
70  # If we are auto-starting the jail, do it now
71  if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
72
73  echo "Success! Linux jail created at ${JAILDIR}"
74}
75
76# Load our passed values
77JAILNAME="${1}"
78HOST="${1}"
79
80# Everything else is passed via environmental variables
81
82case "${JAILTYPE}" in
83  portjail) PORTJAIL="YES" ;;
84  pluginjail) PLUGINJAIL="YES" ;;
85  linuxjail) LINUXJAIL="YES" ;;
86  standard) ;;
87esac
88
89# Location of the chroot environment
90isDirZFS "${JDIR}"
91if [ $? -eq 0 ] ; then
92  WORLDCHROOT_PLUGINJAIL="${JDIR}/.warden-pj-chroot-${ARCH}"
93  WORLDCHROOT_STANDARD="${JDIR}/.warden-chroot-${ARCH}"
94else
95  WORLDCHROOT_PLUGINJAIL="${JDIR}/.warden-pj-chroot-${ARCH}.tbz"
96  WORLDCHROOT_STANDARD="${JDIR}/.warden-chroot-${ARCH}.tbz"
97fi
98if [ "${PLUGINJAIL}" = "YES" ] ; then
99  WORLDCHROOT="${WORLDCHROOT_PLUGINJAIL}"
100else
101  WORLDCHROOT="${WORLDCHROOT_STANDARD}"
102fi
103export WORLDCHROOT WORLDCHROOT_PLUGINJAIL WORLDCHROOT_STANDARD
104
105if [ "${IP4}" != "OFF" ] ; then
106  get_ip_and_netmask "${IP4}"
107  IP4="${JIP}"
108  MASK4="${JMASK}"
109  if [ -z "$MASK4" ] ; then MASK4="24"; fi
110fi
111
112if [ "${IP6}" != "OFF" ] ; then
113  get_ip_and_netmask "${IP6}"
114  IP6="${JIP}"
115  MASK6="${JMASK}"
116  if [ -z "$MASK6" ] ; then MASK6="64"; fi
117fi
118
119# See if we are overriding the default archive file
120if [ ! -z "$ARCHIVEFILE" ] ; then
121   WORLDCHROOT="$ARCHIVEFILE"
122fi
123
124if [ -z "$HOST" ] ; then
125   echo "ERROR: Missing hostname!"
126   exit 6
127fi
128
129JAILDIR="${JDIR}/${JAILNAME}"
130set_warden_metadir
131
132if [ -e "${JAILDIR}" ]
133then
134  echo "ERROR: This Jail directory already exists!"
135  exit 5
136fi
137
138# Make sure we don't have a host already with this name
139for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
140do
141  if [ ! -e "${i}/host" ] ; then continue ; fi
142  if [ "`cat ${i}/host`" = "$HOST" ] ; then
143    echo "ERROR: A jail with this hostname already exists!"
144    exit 5
145  fi
146done
147
148# Get next unique ID
149META_ID=0
150for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
151do
152  id=`cat ${i}/id`
153  if [ "${id}" -gt "${META_ID}" ] ; then
154    META_ID="${id}"
155  fi
156done
157: $(( META_ID += 1 ))
158
159# Check if we need to download the chroot file
160
161#
162# If this is a pluginjail, we clone a regular freebsd chroot, then we
163# bootstrap packageng, install the required packages that a pluginjail
164# needs, then snapshot it. Once this is done, creating a pluginjail is
165# as easy as doing a zfs clone.
166#
167if [ "${PLUGINJAIL}" = "YES" -a ! -e "${WORLDCHROOT}" ] ; then
168  if [ ! -e "${WORLDCHROOT_STANDARD}" ] ; then
169    downloadchroot "${WORLDCHROOT_STANDARD}"
170  fi
171
172  isDirZFS "${JDIR}"
173  if [ $? -eq 0 ] ; then
174    tank=`getZFSTank "$JDIR"`
175    zfsp=`getZFSRelativePath "${WORLDCHROOT_STANDARD}"`
176    clonep="/$(basename ${WORLDCHROOT_PLUGINJAIL})"
177
178    mnt=`getZFSMountpoint ${tank}`
179    pjdir="${mnt}${clonep}"
180
181    zfs clone ${tank}${zfsp}@clean ${tank}${clonep}
182    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS pluginjail clone"; fi
183
184    cp /etc/resolv.conf ${pjdir}/etc/resolv.conf
185
186    bootstrap_pkgng "${pjdir}" "pluginjail"
187
188    zfs snapshot ${tank}${clonep}@clean
189    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS pluginjail snapshot"; fi
190
191  # We're on UFS :-(
192  else
193    downloadchroot "${WORLDCHROOT_STANDARD}"
194
195  fi
196
197elif [ ! -e "${WORLDCHROOT}" -a "${LINUXJAIL}" != "YES" ] ; then
198  downloadchroot "${WORLDCHROOT}"
199fi
200
201# If we are setting up a linux jail, lets do it now
202if [ "$LINUXJAIL" = "YES" ] ; then
203   isDirZFS "${JDIR}"
204   if [ $? -eq 0 ] ; then
205     # Create ZFS mount
206     tank=`getZFSTank "$JDIR"`
207     if [ -z "$tank" ] ; then
208       exit_err "Failed getting ZFS dataset for $JDIR..";
209     fi
210     zfs create -o mountpoint=${JAILDIR} -p ${tank}${JAILDIR}
211     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
212   else
213     mkdir -p "${JAILDIR}"
214   fi
215   setup_linux_jail
216   exit 0
217fi
218
219echo "Building new Jail... Please wait..."
220
221isDirZFS "${JDIR}"
222if [ $? -eq 0 ] ; then
223   # Create ZFS CLONE
224   tank=`getZFSTank "$JDIR"`
225   zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
226   jailp=`getZFSRelativePath "${JAILDIR}"`
227   zfs clone ${tank}${zfsp}@clean ${tank}${jailp}
228   if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
229else
230   # Running on UFS
231   mkdir -p "${JAILDIR}"
232   echo "Installing world..."
233   if [ -d "${WORLDCHROOT}" ] ; then
234     tar cvf - -C ${WORLDCHROOT} . 2>/dev/null | tar xpvf - -C "${JAILDIR}" 2>/dev/null
235   else
236     tar xvf ${WORLDCHROOT} -C "${JAILDIR}" 2>/dev/null
237   fi
238
239   # If this is a pluginjail on UFS :-( Do things the hard way.
240   if [ "${PLUGINJAIL}" = "YES" ] ; then
241     bootstrap_pkgng "${pjdir}" "pluginjail"
242   fi
243
244   echo "Done"
245fi
246
247mkdir ${JMETADIR}
248echo "${HOST}" > ${JMETADIR}/host
249if [ "${IP4}" != "OFF" ] ; then
250   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
251fi
252if [ "${IP6}" != "OFF" ] ; then
253   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
254fi
255echo "${META_ID}" > ${JMETADIR}/id
256
257if [ "$SOURCE" = "YES" ]
258then
259  echo "Installing source..."
260  mkdir -p "${JAILDIR}/usr/src"
261  cd ${JAILDIR}
262  SYSVER="$(uname -r)"
263  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz"
264  if [ $? -ne 0 ] ; then
265    echo "Error while downloading the freebsd world."
266  else
267    echo "Extracting sources.. May take a while.."
268    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
269    rm src.txz
270    echo "Done"
271  fi
272fi
273
274if [ "$PORTS" = "YES" ]
275then
276  echo "Fetching ports..."
277  mkdir -p "${JAILDIR}/usr/ports"
278  cat /usr/sbin/portsnap | sed 's|! -t 0|-z '1'|g' | /bin/sh -s "fetch" "extract" "update" "-p" "${JAILDIR}/usr/ports" >/dev/null 2>/dev/null
279  if [ $? -eq 0 ] ; then
280    echo "Done"
281  else
282    echo "Failed! Please run \"portsnap fetch extract update\" within the jail."
283  fi
284fi
285
286# Create an empty fstab
287touch "${JAILDIR}/etc/fstab"
288
289# If this isn't a fresh jail, we can skip to not clobber existing setup
290if [ -z "$ARCHIVEFILE" ] ; then
291  # Setup rc.conf
292  echo "portmap_enable=\"NO\"
293sshd_enable=\"YES\"
294sendmail_enable=\"NO\"
295hostname=\"${HOST}\"
296devfs_enable=\"YES\"
297devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
298
299  # Create the host for this device
300cat<<__EOF__>"${JAILDIR}/etc/hosts"
301# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
302#
303# Host Database
304#
305# This file should contain the addresses and aliases for local hosts that
306# share this file.  Replace 'my.domain' below with the domainname of your
307# machine.
308#
309# In the presence of the domain name service or NIS, this file may
310# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
311#
312#
313::1                     localhost localhost.localdomain
314127.0.0.1               localhost localhost.localdomain ${HOST}
315__EOF__
316
317  if [ "${IP4}" != "OFF" ] ; then
318    echo "${IP4}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
319  fi
320  if [ "${IP6}" != "OFF" ] ; then
321    echo "${IP6}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
322    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
323  fi
324
325  # Copy resolv.conf
326  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
327
328fi # End of ARCHIVEFILE check
329
330if [ "$AUTOSTART" = "YES" ] ; then
331  touch "${JMETADIR}/autostart"
332fi
333
334# Allow pinging by default
335echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
336
337# Check if we need to copy the timezone file
338if [ -e "/etc/localtime" ] ; then
339   cp /etc/localtime ${JAILDIR}/etc/localtime
340fi
341
342# Setup PC-BSD PKGNG repo / utilities
343if [ "$VANILLA" != "YES" ] ; then
344  bootstrap_pkgng "${JAILDIR}"
345  if [ $? -ne 0 ] ; then
346     echo "You can manually re-try by running # warden bspkgng ${JAILNAME}"
347  fi
348fi
349
350# Set the default meta-pkg set
351mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
352echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
353
354# Copy over the pbid scripts
355checkpbiscripts "${JAILDIR}"
356
357# Check if making a portjail
358if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
359
360# Check if making a pluginjail
361if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
362
363# If we are auto-starting the jail, do it now
364if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
365
366echo "Success!"
367echo "Jail created at ${JAILDIR}"
368
369if [ "${PLUGINJAIL}" = "YES" ] ; then
370  mkdir -p "${JAILDIR}/.plugins"
371fi
372
373exit 0
Note: See TracBrowser for help on using the repository browser.