source: src-sh/warden/scripts/backend/createjail.sh @ 58ffcd7

releng/10.0releng/10.0.1releng/10.0.2
Last change on this file since 58ffcd7 was 58ffcd7, checked in by Kris Moore <kris@…>, 6 months ago

Fix trac: #932

Correct an issue boot-strapping pkgng / pcbsd-utils into warden created jails
on 10.x

  • Property mode set to 100755
File size: 9.5 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17
18  if [ "${IP4}" != "OFF" ] ; then
19    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
20  fi
21  if [ "${IP6}" != "OFF" ] ; then
22    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
23  fi
24
25  if [ "$AUTOSTART" = "YES" ] ; then
26    touch "${JMETADIR}/autostart"
27  fi
28  touch "${JMETADIR}/jail-linux"
29
30  if [ -n "$LINUXARCHIVE_FILE" ] ; then
31    echo "Extracting ${LINUXARCHIVE_FILE}..."
32    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
33    if [ $? -ne 0 ] ; then
34       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
35       warden delete --confirm ${JAILNAME} 2>/dev/null
36       exit 1
37    fi
38  else
39    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
40    if [ $? -ne 0 ] ; then
41       echo "Failed running ${LINUX_JAIL_SCRIPT}"
42       warden delete --confirm ${JAILNAME} 2>/dev/null
43       exit 1
44    fi
45  fi
46 
47  # Create the master.passwd
48  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
49  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
50  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
51  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
53  rm ${JAILDIR}/tmp/passwd
54
55  # Copy resolv.conf
56  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
57
58  # Do some touch-up to make linux happy
59  echo '#!/bin/bash
60cd /etc
61pwconv
62grpconv
63touch /etc/fstab
64touch /etc/mtab
65' > ${JAILDIR}/.fixSH
66  chmod 755 ${JAILDIR}/.fixSH
67  chroot ${JAILDIR} /.fixSH
68  rm ${JAILDIR}/.fixSH
69
70  # If we are auto-starting the jail, do it now
71  if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
72
73  echo "Success! Linux jail created at ${JAILDIR}"
74}
75
76# Load our passed values
77JAILNAME="${1}"
78HOST="${1}"
79
80# Everything else is passed via environmental variables
81
82case "${JAILTYPE}" in
83  linuxjail) LINUXJAIL="YES" ;;
84  pluginjail) PLUGINJAIL="YES" ;;
85  portjail) PORTJAIL="YES" ;;
86  standard) ;;
87esac
88
89# See if we need to create a default template
90# If using a ARCHIVEFILE we can skip this step
91if [ -z "$TEMPLATE" -a -z "$ARCHIVEFILE" ] ; then
92  which uname
93  uname -r
94  DEFTEMPLATE="`uname -r | cut -d '-' -f 1-2`-${ARCH}"
95  echo "DEF: $DEFTEMPLATE"
96
97  # If on a plugin jail, lets change the nickname
98  if [ "${PLUGINJAIL}" = "YES"  ] ; then
99    DEFTEMPLATE="${DEFTEMPLATE}-pluginjail"
100  fi
101
102  # See if we need to create a new template for this system
103  isDirZFS "${JDIR}"
104  if [ $? -eq 0 ] ; then
105     TDIR="${JDIR}/.warden-template-$DEFTEMPLATE"
106  else
107     TDIR="${JDIR}/.warden-template-$DEFTEMPLATE.tbz"
108  fi
109  if [ ! -e "$TDIR" ] ; then
110      FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
111
112      FLAGS="-trueos `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
113
114      if [ "${PLUGINJAIL}" = "YES" ] ; then
115         FLAGS="$FLAGS -pluginjail"
116      fi
117      warden template create ${FLAGS}
118      if [ $? -ne 0 ] ; then
119        # If we failed, lets try again with FreeBSD dist files
120        FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
121        FLAGS="-fbsd `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
122
123        if [ "${PLUGINJAIL}" = "YES" ] ; then
124          FLAGS="$FLAGS -pluginjail"
125        fi
126        warden template create ${FLAGS}
127        if [ $? -ne 0 ] ; then
128          exit_err "Failed create default template"
129        fi
130      fi
131  fi
132  WORLDCHROOT="${TDIR}"
133elif [ -z "$ARCHIVEFILE" ] ; then
134  # Set WORLDCHROOT to the dir we will clone / file to extract
135  WORLDCHROOT="${JDIR}/.warden-template-$TEMPLATE"
136  isDirZFS "${JDIR}"
137  if [ $? -ne 0 ] ; then
138    WORLDCHROOT="${WORLDCHROOT}.tbz"
139  fi
140else 
141   # See if we are overriding the default archive file
142   WORLDCHROOT="$ARCHIVEFILE"
143fi
144
145if [ "${IP4}" != "OFF" ] ; then
146  get_ip_and_netmask "${IP4}"
147  IP4="${JIP}"
148  MASK4="${JMASK}"
149  if [ -z "$MASK4" ] ; then MASK4="24"; fi
150fi
151
152if [ "${IP6}" != "OFF" ] ; then
153  get_ip_and_netmask "${IP6}"
154  IP6="${JIP}"
155  MASK6="${JMASK}"
156  if [ -z "$MASK6" ] ; then MASK6="64"; fi
157fi
158
159if [ -z "$HOST" ] ; then
160   echo "ERROR: Missing hostname!"
161   exit 6
162fi
163
164JAILDIR="${JDIR}/${JAILNAME}"
165set_warden_metadir
166
167if [ -e "${JAILDIR}" ]
168then
169  echo "ERROR: This Jail directory already exists!"
170  exit 5
171fi
172
173# Make sure we don't have a host already with this name
174for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
175do
176  if [ ! -e "${i}/host" ] ; then continue ; fi
177  if [ "`cat ${i}/host`" = "$HOST" ] ; then
178    echo "ERROR: A jail with this hostname already exists!"
179    exit 5
180  fi
181done
182
183# Get next unique ID
184META_ID=0
185for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
186do
187  id=`cat ${i}/id`
188  if [ "${id}" -gt "${META_ID}" ] ; then
189    META_ID="${id}"
190  fi
191done
192: $(( META_ID += 1 ))
193
194# If we are setting up a linux jail, lets do it now
195if [ "$LINUXJAIL" = "YES" ] ; then
196   isDirZFS "${JDIR}"
197   if [ $? -eq 0 ] ; then
198     # Create ZFS mount
199     tank=`getZFSTank "$JDIR"`
200     if [ -z "$tank" ] ; then
201       exit_err "Failed getting ZFS dataset for $JDIR..";
202     fi
203     zfs create -o mountpoint=${JAILDIR} -p ${tank}${JAILDIR}
204     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
205   else
206     mkdir -p "${JAILDIR}"
207   fi
208   setup_linux_jail
209   exit 0
210fi
211
212echo "Building new Jail... Please wait..."
213
214isDirZFS "${JDIR}"
215if [ $? -eq 0 ] ; then
216   # Create ZFS CLONE
217   tank=`getZFSTank "$JDIR"`
218   zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
219   jailp=`getZFSRelativePath "${JAILDIR}"`
220   zfs clone ${tank}${zfsp}@clean ${tank}${jailp}
221   if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
222else
223   # Running on UFS
224   mkdir -p "${JAILDIR}"
225   echo "Installing world..."
226   if [ -d "${WORLDCHROOT}" ] ; then
227     tar cvf - -C ${WORLDCHROOT} . 2>/dev/null | tar xpvf - -C "${JAILDIR}" 2>/dev/null
228   else
229     tar xvf ${WORLDCHROOT} -C "${JAILDIR}" 2>/dev/null
230   fi
231
232   # If this is a pluginjail on UFS :-( Do things the hard way.
233   if [ "${PLUGINJAIL}" = "YES" ] ; then
234     bootstrap_pkgng "${pjdir}" "pluginjail"
235   fi
236
237   echo "Done"
238fi
239
240mkdir ${JMETADIR}
241echo "${HOST}" > ${JMETADIR}/host
242if [ "${IP4}" != "OFF" ] ; then
243   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
244fi
245if [ "${IP6}" != "OFF" ] ; then
246   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
247fi
248echo "${META_ID}" > ${JMETADIR}/id
249
250if [ "$SOURCE" = "YES" ]
251then
252  echo "Installing source..."
253  mkdir -p "${JAILDIR}/usr/src"
254  cd ${JAILDIR}
255  SYSVER="$(uname -r | cut -d '-' -f 1-2)"
256  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz" "iso"
257  if [ $? -ne 0 ] ; then
258    echo "Error while downloading the freebsd world."
259  else
260    echo "Extracting sources.. May take a while.."
261    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
262    rm src.txz
263    echo "Done"
264  fi
265fi
266
267if [ "$PORTS" = "YES" ]
268then
269  echo "Fetching ports..."
270  mkdir -p "${JAILDIR}/usr/ports"
271  cat /usr/sbin/portsnap | sed 's|! -t 0|-z '1'|g' | /bin/sh -s "fetch" "extract" "update" "-p" "${JAILDIR}/usr/ports" >/dev/null 2>/dev/null
272  if [ $? -eq 0 ] ; then
273    echo "Done"
274  else
275    echo "Failed! Please run \"portsnap fetch extract update\" within the jail."
276  fi
277fi
278
279# Create an empty fstab
280touch "${JAILDIR}/etc/fstab"
281
282# If this isn't a fresh jail, we can skip to not clobber existing setup
283if [ -z "$ARCHIVEFILE" ] ; then
284  # Setup rc.conf
285  echo "portmap_enable=\"NO\"
286sshd_enable=\"YES\"
287sendmail_enable=\"NO\"
288hostname=\"${HOST}\"
289devfs_enable=\"YES\"
290devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
291
292  # Create the host for this device
293cat<<__EOF__>"${JAILDIR}/etc/hosts"
294# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
295#
296# Host Database
297#
298# This file should contain the addresses and aliases for local hosts that
299# share this file.  Replace 'my.domain' below with the domainname of your
300# machine.
301#
302# In the presence of the domain name service or NIS, this file may
303# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
304#
305#
306::1                     localhost localhost.localdomain
307127.0.0.1               localhost localhost.localdomain ${HOST}
308__EOF__
309
310  if [ "${IP4}" != "OFF" ] ; then
311    echo "${IP4}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
312  fi
313  if [ "${IP6}" != "OFF" ] ; then
314    echo "${IP6}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
315    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
316  fi
317
318  # Copy resolv.conf
319  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
320
321fi # End of ARCHIVEFILE check
322
323if [ "$AUTOSTART" = "YES" ] ; then
324  touch "${JMETADIR}/autostart"
325fi
326
327# Allow pinging by default
328echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
329
330# Check if we need to copy the timezone file
331if [ -e "/etc/localtime" ] ; then
332   cp /etc/localtime ${JAILDIR}/etc/localtime
333fi
334
335# Setup TrueOS PKGNG repo / utilities only if on TRUEOS
336if [ "$VANILLA" != "YES" -a -e "${JAILDIR}/etc/rc.conf.pcbsd" ] ; then
337  bootstrap_pkgng "${JAILDIR}"
338  if [ $? -ne 0 ] ; then
339     echo "You can manually re-try by running # warden bspkgng ${JAILNAME}"
340  fi
341fi
342
343# Set the default meta-pkg set
344mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
345echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
346
347# Check if making a portjail
348if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
349
350# Check if making a pluginjail
351if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
352
353# If we are auto-starting the jail, do it now
354if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
355
356echo "Success!"
357echo "Jail created at ${JAILDIR}"
358
359if [ "${PLUGINJAIL}" = "YES" ] ; then
360  mkdir -p "${JAILDIR}/.plugins"
361fi
362
363exit 0
Note: See TracBrowser for help on using the repository browser.