source: src-sh/warden/scripts/backend/createjail.sh @ 5ae7c8e

releng/10.0.1releng/10.0.2releng/10.0.3releng/10.1
Last change on this file since 5ae7c8e was 5ae7c8e, checked in by Kris Moore <kris@…>, 10 months ago

Fix bugs creating linux jails debian and gentoo via the Warden

This was a result of a merge with some FreeNAS changes which didn't apply to
our version of Warden

  • Property mode set to 100755
File size: 9.6 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17  echo "${HOST}" > ${JMETADIR}/id
18
19  if [ "${IP4}" != "OFF" ] ; then
20    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
21  fi
22  if [ "${IP6}" != "OFF" ] ; then
23    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
24  fi
25
26  if [ "$AUTOSTART" = "YES" ] ; then
27    touch "${JMETADIR}/autostart"
28  fi
29  touch "${JMETADIR}/jail-linux"
30
31  if [ -n "$LINUXARCHIVE_FILE" ] ; then
32    echo "Extracting ${LINUXARCHIVE_FILE}..."
33    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
34    if [ $? -ne 0 ] ; then
35       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
36       warden delete --confirm ${JAILNAME} 2>/dev/null
37       exit 1
38    fi
39  else
40    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
41    if [ $? -ne 0 ] ; then
42       echo "Failed running ${LINUX_JAIL_SCRIPT}"
43       warden delete --confirm ${JAILNAME} 2>/dev/null
44       exit 1
45    fi
46  fi
47 
48  # Create the master.passwd
49  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
50  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
51  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
53  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
54  rm ${JAILDIR}/tmp/passwd
55
56  # Copy resolv.conf
57  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
58
59  # Do some touch-up to make linux happy
60  echo '#!/bin/bash
61cd /etc
62pwconv
63grpconv
64touch /etc/fstab
65touch /etc/mtab
66' > ${JAILDIR}/.fixSH
67  chmod 755 ${JAILDIR}/.fixSH
68  chroot ${JAILDIR} /.fixSH
69  rm ${JAILDIR}/.fixSH
70
71  # If we are auto-starting the jail, do it now
72  if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
73
74  echo "Success! Linux jail created at ${JAILDIR}"
75}
76
77# Load our passed values
78JAILNAME="${1}"
79HOST="${1}"
80
81# Everything else is passed via environmental variables
82
83case "${JAILTYPE}" in
84  linuxjail) LINUXJAIL="YES" ;;
85  pluginjail) PLUGINJAIL="YES" ;;
86  portjail) PORTJAIL="YES" ;;
87  standard) ;;
88esac
89
90# See if we need to create a default template
91# If using a ARCHIVEFILE we can skip this step
92if [ -z "$TEMPLATE" -a -z "$ARCHIVEFILE" ] ; then
93  which uname
94  uname -r
95  DEFTEMPLATE="`uname -r | cut -d '-' -f 1-2`-${ARCH}"
96  echo "DEF: $DEFTEMPLATE"
97
98  # If on a plugin jail, lets change the nickname
99  if [ "${PLUGINJAIL}" = "YES"  ] ; then
100    DEFTEMPLATE="${DEFTEMPLATE}-pluginjail"
101  fi
102
103  # See if we need to create a new template for this system
104  isDirZFS "${JDIR}"
105  if [ $? -eq 0 ] ; then
106     TDIR="${JDIR}/.warden-template-$DEFTEMPLATE"
107  else
108     TDIR="${JDIR}/.warden-template-$DEFTEMPLATE.tbz"
109  fi
110  if [ ! -e "$TDIR" ] ; then
111      FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
112
113      FLAGS="-trueos `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
114
115      if [ "${PLUGINJAIL}" = "YES" ] ; then
116         FLAGS="$FLAGS -pluginjail"
117      fi
118      warden template create ${FLAGS}
119      if [ $? -ne 0 ] ; then
120        # If we failed, lets try again with FreeBSD dist files
121        FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
122        FLAGS="-fbsd `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
123
124        if [ "${PLUGINJAIL}" = "YES" ] ; then
125          FLAGS="$FLAGS -pluginjail"
126        fi
127        warden template create ${FLAGS}
128        if [ $? -ne 0 ] ; then
129          exit_err "Failed create default template"
130        fi
131      fi
132  fi
133  WORLDCHROOT="${TDIR}"
134elif [ -z "$ARCHIVEFILE" ] ; then
135  # Set WORLDCHROOT to the dir we will clone / file to extract
136  WORLDCHROOT="${JDIR}/.warden-template-$TEMPLATE"
137  isDirZFS "${JDIR}"
138  if [ $? -ne 0 ] ; then
139    WORLDCHROOT="${WORLDCHROOT}.tbz"
140  fi
141else 
142   # See if we are overriding the default archive file
143   WORLDCHROOT="$ARCHIVEFILE"
144fi
145
146if [ "${IP4}" != "OFF" ] ; then
147  get_ip_and_netmask "${IP4}"
148  IP4="${JIP}"
149  MASK4="${JMASK}"
150  if [ -z "$MASK4" ] ; then MASK4="24"; fi
151fi
152
153if [ "${IP6}" != "OFF" ] ; then
154  get_ip_and_netmask "${IP6}"
155  IP6="${JIP}"
156  MASK6="${JMASK}"
157  if [ -z "$MASK6" ] ; then MASK6="64"; fi
158fi
159
160if [ -z "$HOST" ] ; then
161   echo "ERROR: Missing hostname!"
162   exit 6
163fi
164
165JAILDIR="${JDIR}/${JAILNAME}"
166set_warden_metadir
167
168if [ -e "${JAILDIR}" ]
169then
170  echo "ERROR: This Jail directory already exists!"
171  exit 5
172fi
173
174# Make sure we don't have a host already with this name
175for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
176do
177  if [ ! -e "${i}/host" ] ; then continue ; fi
178  if [ "`cat ${i}/host`" = "$HOST" ] ; then
179    echo "ERROR: A jail with this hostname already exists!"
180    exit 5
181  fi
182done
183
184# Get next unique ID
185META_ID=0
186for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
187do
188  id=`cat ${i}/id`
189  if [ "${id}" -gt "${META_ID}" ] ; then
190    META_ID="${id}"
191  fi
192done
193: $(( META_ID += 1 ))
194
195# If we are setting up a linux jail, lets do it now
196if [ "$LINUXJAIL" = "YES" ] ; then
197   isDirZFS "${JDIR}"
198   if [ $? -eq 0 ] ; then
199     # Create ZFS mount
200     tank=`getZFSTank "$JDIR"`
201     if [ -z "$tank" ] ; then
202       exit_err "Failed getting ZFS dataset for $JDIR..";
203     fi
204     zfs create -o mountpoint=${JAILDIR} -p ${tank}${JAILDIR}
205     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
206   else
207     mkdir -p "${JAILDIR}"
208   fi
209   setup_linux_jail
210   exit 0
211fi
212
213echo "Building new Jail... Please wait..."
214
215isDirZFS "${JDIR}"
216if [ $? -eq 0 ] ; then
217   # Create ZFS CLONE
218   tank=`getZFSTank "$JDIR"`
219   zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
220   jailp=`getZFSRelativePath "${JAILDIR}"`
221   zfs clone ${tank}${zfsp}@clean ${tank}${jailp}
222   if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
223else
224   # Running on UFS
225   mkdir -p "${JAILDIR}"
226   echo "Installing world..."
227   if [ -d "${WORLDCHROOT}" ] ; then
228     tar cvf - -C ${WORLDCHROOT} . 2>/dev/null | tar xpvf - -C "${JAILDIR}" 2>/dev/null
229   else
230     tar xvf ${WORLDCHROOT} -C "${JAILDIR}" 2>/dev/null
231   fi
232
233   # If this is a pluginjail on UFS :-( Do things the hard way.
234   if [ "${PLUGINJAIL}" = "YES" ] ; then
235     bootstrap_pkgng "${pjdir}" "pluginjail"
236   fi
237
238   echo "Done"
239fi
240
241mkdir ${JMETADIR}
242echo "${HOST}" > ${JMETADIR}/host
243if [ "${IP4}" != "OFF" ] ; then
244   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
245fi
246if [ "${IP6}" != "OFF" ] ; then
247   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
248fi
249echo "${META_ID}" > ${JMETADIR}/id
250
251if [ "$SOURCE" = "YES" ]
252then
253  echo "Installing source..."
254  mkdir -p "${JAILDIR}/usr/src"
255  cd ${JAILDIR}
256  SYSVER="$(uname -r | cut -d '-' -f 1-2)"
257  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz" "iso"
258  if [ $? -ne 0 ] ; then
259    echo "Error while downloading the freebsd world."
260  else
261    echo "Extracting sources.. May take a while.."
262    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
263    rm src.txz
264    echo "Done"
265  fi
266fi
267
268if [ "$PORTS" = "YES" ]
269then
270  echo "Fetching ports..."
271  mkdir -p "${JAILDIR}/usr/ports"
272  cat /usr/sbin/portsnap | sed 's|! -t 0|-z '1'|g' | /bin/sh -s "fetch" "extract" "update" "-p" "${JAILDIR}/usr/ports" >/dev/null 2>/dev/null
273  if [ $? -eq 0 ] ; then
274    echo "Done"
275  else
276    echo "Failed! Please run \"portsnap fetch extract update\" within the jail."
277  fi
278fi
279
280# Create an empty fstab
281touch "${JAILDIR}/etc/fstab"
282
283# If this isn't a fresh jail, we can skip to not clobber existing setup
284if [ -z "$ARCHIVEFILE" ] ; then
285  # Setup rc.conf
286  echo "portmap_enable=\"NO\"
287sshd_enable=\"YES\"
288sendmail_enable=\"NO\"
289hostname=\"${HOST}\"
290devfs_enable=\"YES\"
291devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
292
293  # Create the host for this device
294cat<<__EOF__>"${JAILDIR}/etc/hosts"
295# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
296#
297# Host Database
298#
299# This file should contain the addresses and aliases for local hosts that
300# share this file.  Replace 'my.domain' below with the domainname of your
301# machine.
302#
303# In the presence of the domain name service or NIS, this file may
304# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
305#
306#
307::1                     localhost localhost.localdomain
308127.0.0.1               localhost localhost.localdomain ${HOST}
309__EOF__
310
311  if [ "${IP4}" != "OFF" ] ; then
312    echo "${IP4}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
313  fi
314  if [ "${IP6}" != "OFF" ] ; then
315    echo "${IP6}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
316    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
317  fi
318
319  # Copy resolv.conf
320  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
321
322fi # End of ARCHIVEFILE check
323
324if [ "$AUTOSTART" = "YES" ] ; then
325  touch "${JMETADIR}/autostart"
326fi
327
328# Allow pinging by default
329echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
330
331# Check if we need to copy the timezone file
332if [ -e "/etc/localtime" ] ; then
333   cp /etc/localtime ${JAILDIR}/etc/localtime
334fi
335
336# Setup TrueOS PKGNG repo / utilities only if on TRUEOS
337if [ "$VANILLA" != "YES" -a -e "${JAILDIR}/etc/rc.conf.pcbsd" ] ; then
338  bootstrap_pkgng "${JAILDIR}"
339  if [ $? -ne 0 ] ; then
340     echo "You can manually re-try by running # warden bspkgng ${JAILNAME}"
341  fi
342fi
343
344# Set the default meta-pkg set
345mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
346echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
347
348# Check if making a portjail
349if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
350
351# Check if making a pluginjail
352if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
353
354# If we are auto-starting the jail, do it now
355if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
356
357echo "Success!"
358echo "Jail created at ${JAILDIR}"
359
360if [ "${PLUGINJAIL}" = "YES" ] ; then
361  mkdir -p "${JAILDIR}/.plugins"
362fi
363
364exit 0
Note: See TracBrowser for help on using the repository browser.