source: src-sh/warden/scripts/backend/createjail.sh @ 77fd45f

9.2-releasereleng/10.0releng/10.0.1releng/10.0.2releng/10.0.3releng/10.1
Last change on this file since 77fd45f was 77fd45f, checked in by Kris Moore <kris@…>, 18 months ago

Be more agnostic to uname -r output, so we can use 9-STABLE
or 10-CURRENT as our tags

  • Property mode set to 100755
File size: 9.2 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17
18  if [ "${IP4}" != "OFF" ] ; then
19    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
20  fi
21  if [ "${IP6}" != "OFF" ] ; then
22    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
23  fi
24
25  if [ "$AUTOSTART" = "YES" ] ; then
26    touch "${JMETADIR}/autostart"
27  fi
28  touch "${JMETADIR}/jail-linux"
29
30  if [ -n "$LINUXARCHIVE_FILE" ] ; then
31    echo "Extracting ${LINUXARCHIVE_FILE}..."
32    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
33    if [ $? -ne 0 ] ; then
34       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
35       warden delete --confirm ${JAILNAME} 2>/dev/null
36       exit 1
37    fi
38  else
39    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
40    if [ $? -ne 0 ] ; then
41       echo "Failed running ${LINUX_JAIL_SCRIPT}"
42       warden delete --confirm ${JAILNAME} 2>/dev/null
43       exit 1
44    fi
45  fi
46 
47  # Create the master.passwd
48  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
49  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
50  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
51  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
53  rm ${JAILDIR}/tmp/passwd
54
55  # Copy resolv.conf
56  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
57
58  # Do some touch-up to make linux happy
59  echo '#!/bin/bash
60cd /etc
61pwconv
62grpconv
63touch /etc/fstab
64touch /etc/mtab
65' > ${JAILDIR}/.fixSH
66  chmod 755 ${JAILDIR}/.fixSH
67  chroot ${JAILDIR} /.fixSH
68  rm ${JAILDIR}/.fixSH
69
70  # If we are auto-starting the jail, do it now
71  if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
72
73  echo "Success! Linux jail created at ${JAILDIR}"
74}
75
76# Load our passed values
77JAILNAME="${1}"
78HOST="${1}"
79
80# Everything else is passed via environmental variables
81
82case "${JAILTYPE}" in
83  portjail) PORTJAIL="YES" ;;
84  pluginjail) PLUGINJAIL="YES" ;;
85  linuxjail) LINUXJAIL="YES" ;;
86  standard) ;;
87esac
88
89# See if we need to create a default template
90# If using a ARCHIVEFILE we can skip this step
91if [ -z "$TEMPLATE" -a -z "$ARCHIVEFILE" ] ; then
92  DEFTEMPLATE="`uname -r | cut -d '-' -f 1-2`-${ARCH}"
93
94  # If on a plugin jail, lets change the nickname
95  if [ "${PLUGINJAIL}" = "YES"  ] ; then
96    DEFTEMPLATE="${DEFTEMPLATE}-pluginjail"
97  fi
98
99  # See if we need to create a new template for this system
100  isDirZFS "${JDIR}"
101  if [ $? -eq 0 ] ; then
102     TDIR="${JDIR}/.warden-template-$DEFTEMPLATE"
103  else
104     TDIR="${JDIR}/.warden-template-$DEFTEMPLATE.tbz"
105  fi
106  if [ ! -e "$TDIR" ] ; then
107      FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
108
109      FLAGS="-trueos `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
110
111      if [ "${PLUGINJAIL}" = "YES" ] ; then
112         FLAGS="$FLAGS -pluginjail"
113      fi
114      warden template create ${FLAGS}
115      if [ $? -ne 0 ] ; then
116        exit_err "Failed create default template"
117      fi
118  fi
119  WORLDCHROOT="${TDIR}"
120elif [ -z "$ARCHIVEFILE" ] ; then
121  # Set WORLDCHROOT to the dir we will clone / file to extract
122  WORLDCHROOT="${JDIR}/.warden-template-$TEMPLATE"
123  isDirZFS "${JDIR}"
124  if [ $? -ne 0 ] ; then
125    WORLDCHROOT="${WORLDCHROOT}.tbz"
126  fi
127else 
128   # See if we are overriding the default archive file
129   WORLDCHROOT="$ARCHIVEFILE"
130fi
131
132if [ "${IP4}" != "OFF" ] ; then
133  get_ip_and_netmask "${IP4}"
134  IP4="${JIP}"
135  MASK4="${JMASK}"
136  if [ -z "$MASK4" ] ; then MASK4="24"; fi
137fi
138
139if [ "${IP6}" != "OFF" ] ; then
140  get_ip_and_netmask "${IP6}"
141  IP6="${JIP}"
142  MASK6="${JMASK}"
143  if [ -z "$MASK6" ] ; then MASK6="64"; fi
144fi
145
146if [ -z "$HOST" ] ; then
147   echo "ERROR: Missing hostname!"
148   exit 6
149fi
150
151JAILDIR="${JDIR}/${JAILNAME}"
152set_warden_metadir
153
154if [ -e "${JAILDIR}" ]
155then
156  echo "ERROR: This Jail directory already exists!"
157  exit 5
158fi
159
160# Make sure we don't have a host already with this name
161for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
162do
163  if [ ! -e "${i}/host" ] ; then continue ; fi
164  if [ "`cat ${i}/host`" = "$HOST" ] ; then
165    echo "ERROR: A jail with this hostname already exists!"
166    exit 5
167  fi
168done
169
170# Get next unique ID
171META_ID=0
172for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
173do
174  id=`cat ${i}/id`
175  if [ "${id}" -gt "${META_ID}" ] ; then
176    META_ID="${id}"
177  fi
178done
179: $(( META_ID += 1 ))
180
181# If we are setting up a linux jail, lets do it now
182if [ "$LINUXJAIL" = "YES" ] ; then
183   isDirZFS "${JDIR}"
184   if [ $? -eq 0 ] ; then
185     # Create ZFS mount
186     tank=`getZFSTank "$JDIR"`
187     if [ -z "$tank" ] ; then
188       exit_err "Failed getting ZFS dataset for $JDIR..";
189     fi
190     zfs create -o mountpoint=${JAILDIR} -p ${tank}${JAILDIR}
191     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
192   else
193     mkdir -p "${JAILDIR}"
194   fi
195   setup_linux_jail
196   exit 0
197fi
198
199echo "Building new Jail... Please wait..."
200
201isDirZFS "${JDIR}"
202if [ $? -eq 0 ] ; then
203   # Create ZFS CLONE
204   tank=`getZFSTank "$JDIR"`
205   zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
206   jailp=`getZFSRelativePath "${JAILDIR}"`
207   zfs clone ${tank}${zfsp}@clean ${tank}${jailp}
208   if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
209else
210   # Running on UFS
211   mkdir -p "${JAILDIR}"
212   echo "Installing world..."
213   if [ -d "${WORLDCHROOT}" ] ; then
214     tar cvf - -C ${WORLDCHROOT} . 2>/dev/null | tar xpvf - -C "${JAILDIR}" 2>/dev/null
215   else
216     tar xvf ${WORLDCHROOT} -C "${JAILDIR}" 2>/dev/null
217   fi
218
219   # If this is a pluginjail on UFS :-( Do things the hard way.
220   if [ "${PLUGINJAIL}" = "YES" ] ; then
221     bootstrap_pkgng "${pjdir}" "pluginjail"
222   fi
223
224   echo "Done"
225fi
226
227mkdir ${JMETADIR}
228echo "${HOST}" > ${JMETADIR}/host
229if [ "${IP4}" != "OFF" ] ; then
230   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
231fi
232if [ "${IP6}" != "OFF" ] ; then
233   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
234fi
235echo "${META_ID}" > ${JMETADIR}/id
236
237if [ "$SOURCE" = "YES" ]
238then
239  echo "Installing source..."
240  mkdir -p "${JAILDIR}/usr/src"
241  cd ${JAILDIR}
242  SYSVER="$(uname -r | cut -d '-' -f 1-2)"
243  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz" "iso"
244  if [ $? -ne 0 ] ; then
245    echo "Error while downloading the freebsd world."
246  else
247    echo "Extracting sources.. May take a while.."
248    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
249    rm src.txz
250    echo "Done"
251  fi
252fi
253
254if [ "$PORTS" = "YES" ]
255then
256  echo "Fetching ports..."
257  mkdir -p "${JAILDIR}/usr/ports"
258  cat /usr/sbin/portsnap | sed 's|! -t 0|-z '1'|g' | /bin/sh -s "fetch" "extract" "update" "-p" "${JAILDIR}/usr/ports" >/dev/null 2>/dev/null
259  if [ $? -eq 0 ] ; then
260    echo "Done"
261  else
262    echo "Failed! Please run \"portsnap fetch extract update\" within the jail."
263  fi
264fi
265
266# Create an empty fstab
267touch "${JAILDIR}/etc/fstab"
268
269# If this isn't a fresh jail, we can skip to not clobber existing setup
270if [ -z "$ARCHIVEFILE" ] ; then
271  # Setup rc.conf
272  echo "portmap_enable=\"NO\"
273sshd_enable=\"YES\"
274sendmail_enable=\"NO\"
275hostname=\"${HOST}\"
276devfs_enable=\"YES\"
277devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
278
279  # Create the host for this device
280cat<<__EOF__>"${JAILDIR}/etc/hosts"
281# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
282#
283# Host Database
284#
285# This file should contain the addresses and aliases for local hosts that
286# share this file.  Replace 'my.domain' below with the domainname of your
287# machine.
288#
289# In the presence of the domain name service or NIS, this file may
290# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
291#
292#
293::1                     localhost localhost.localdomain
294127.0.0.1               localhost localhost.localdomain ${HOST}
295__EOF__
296
297  if [ "${IP4}" != "OFF" ] ; then
298    echo "${IP4}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
299  fi
300  if [ "${IP6}" != "OFF" ] ; then
301    echo "${IP6}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
302    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
303  fi
304
305  # Copy resolv.conf
306  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
307
308fi # End of ARCHIVEFILE check
309
310if [ "$AUTOSTART" = "YES" ] ; then
311  touch "${JMETADIR}/autostart"
312fi
313
314# Allow pinging by default
315echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
316
317# Check if we need to copy the timezone file
318if [ -e "/etc/localtime" ] ; then
319   cp /etc/localtime ${JAILDIR}/etc/localtime
320fi
321
322# Setup TrueOS PKGNG repo / utilities only if on TRUEOS
323if [ "$VANILLA" != "YES" -a -e "${JAILDIR}/etc/rc.delay" ] ; then
324  bootstrap_pkgng "${JAILDIR}"
325  if [ $? -ne 0 ] ; then
326     echo "You can manually re-try by running # warden bspkgng ${JAILNAME}"
327  fi
328fi
329
330# Set the default meta-pkg set
331mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
332echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
333
334# Copy over the pbid scripts
335checkpbiscripts "${JAILDIR}"
336
337# Check if making a portjail
338if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
339
340# Check if making a pluginjail
341if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
342
343# If we are auto-starting the jail, do it now
344if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
345
346echo "Success!"
347echo "Jail created at ${JAILDIR}"
348
349if [ "${PLUGINJAIL}" = "YES" ] ; then
350  mkdir -p "${JAILDIR}/.plugins"
351fi
352
353exit 0
Note: See TracBrowser for help on using the repository browser.