source: src-sh/warden/scripts/backend/createjail.sh @ 8470ab3

9.1-release9.2-releasereleng/10.0releng/10.0.1releng/10.0.2
Last change on this file since 8470ab3 was 8470ab3, checked in by Kris Moore <kris@…>, 15 months ago

Don't try to read a file which may not exist

  • Property mode set to 100755
File size: 8.6 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17
18  if [ "${IP4}" != "OFF" ] ; then
19    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
20  fi
21  if [ "${IP6}" != "OFF" ] ; then
22    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
23  fi
24
25  if [ "$STARTUP" = "YES" ] ; then
26    touch "${JMETADIR}/autostart"
27  fi
28  touch "${JMETADIR}/jail-linux"
29
30  if [ -n "$LINUXARCHIVE_FILE" ] ; then
31    echo "Extracting ${LINUXARCHIVE_FILE}..."
32    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
33    if [ $? -ne 0 ] ; then
34       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
35       warden delete --confirm ${JAILNAME} 2>/dev/null
36       exit 1
37    fi
38  else
39    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
40    if [ $? -ne 0 ] ; then
41       echo "Failed running ${LINUX_JAIL_SCRIPT}"
42       warden delete --confirm ${JAILNAME} 2>/dev/null
43       exit 1
44    fi
45  fi
46 
47  # Create the master.passwd
48  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
49  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
50  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
51  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
53  rm ${JAILDIR}/tmp/passwd
54
55  # Copy resolv.conf
56  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
57
58  # Do some touch-up to make linux happy
59  echo '#!/bin/bash
60cd /etc
61pwconv
62grpconv
63touch /etc/fstab
64touch /etc/mtab
65' > ${JAILDIR}/.fixSH
66  chmod 755 ${JAILDIR}/.fixSH
67  chroot ${JAILDIR} /.fixSH
68  rm ${JAILDIR}/.fixSH
69
70  # If we are auto-starting the jail, do it now
71  if [ "$STARTUP" = "YES" ] ; then warden start ${JAILNAME} ; fi
72
73  echo "Success! Linux jail created at ${JAILDIR}"
74}
75
76# Load our passed values
77JAILNAME="${1}"
78HOST="${1}"
79
80# Everything else is passed via environmental variables
81
82case "${JAILTYPE}" in
83  portjail) PORTJAIL="YES" ;;
84  pluginjail) PLUGINJAIL="YES" ;;
85  linuxjail) LINUXJAIL="YES" ;;
86  standard) ;;
87esac
88
89if [ -z "${VERSION}" -a -e "/etc/version" ] ; then VERSION=`cat /etc/version`; fi
90
91# Location of the chroot environment
92isDirZFS "${JDIR}"
93if [ $? -eq 0 ] ; then
94  if [ "${PLUGINJAIL}" = "YES" ] ; then
95    WORLDCHROOT="${JDIR}/.warden-pj-chroot-${ARCH}"
96  else
97    WORLDCHROOT="${JDIR}/.warden-chroot-${ARCH}"
98  fi
99  export WORLDCHROOT
100else
101  if [ "${PLUGINJAIL}" = "YES" ] ; then
102    WORLDCHROOT="${JDIR}/.warden-pj-chroot-${ARCH}.tbz"
103  else
104    WORLDCHROOT="${JDIR}/.warden-chroot-${ARCH}.tbz"
105  fi
106  export WORLDCHROOT
107fi
108
109if [ "${IP4}" != "OFF" ] ; then
110  get_ip_and_netmask "${IP4}"
111  IP4="${JIP}"
112  MASK4="${JMASK}"
113fi
114
115if [ "${IP6}" != "OFF" ] ; then
116  get_ip_and_netmask "${IP6}"
117  IP6="${JIP}"
118  MASK6="${JMASK}"
119fi
120
121# See if we are overriding the default archive file
122if [ ! -z "$ARCHIVEFILE" ] ; then
123   WORLDCHROOT="$ARCHIVEFILE"
124fi
125
126if [ -z "${HOST}" -o -z "$SOURCE" -o -z "${PORTS}" -o -z "${STARTUP}" ] 
127then
128  if [ -z "$HOST" ] ; then
129     echo "ERROR: Missing hostname!"
130  else
131     echo "ERROR: Missing required data!"
132  fi
133
134  exit 6
135fi
136
137JAILDIR="${JDIR}/${JAILNAME}"
138set_warden_metadir
139
140if [ -e "${JAILDIR}" ]
141then
142  echo "ERROR: This Jail directory already exists!"
143  exit 5
144fi
145
146# Make sure we don't have a host already with this name
147for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
148do
149  if [ ! -e "${i}/host" ] ; then continue ; fi
150  if [ "`cat ${i}/host`" = "$HOST" ] ; then
151    echo "ERROR: A jail with this hostname already exists!"
152    exit 5
153  fi
154done
155
156# Get next unique ID
157META_ID=0
158for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
159do
160  id=`cat ${i}/id`
161  if [ "${id}" -gt "${META_ID}" ] ; then
162    META_ID="${id}"
163  fi
164done
165: $(( META_ID += 1 ))
166
167# Check if we need to download the chroot file
168if [ "${PLUGINJAIL}" = "YES" -a ! -e "${WORLDCHROOT}" ] ; then
169  downloadpluginjail "${VERSION}"
170
171elif [ ! -e "${WORLDCHROOT}" -a "${LINUXJAIL}" != "YES" ] ; then
172  downloadchroot
173fi
174
175# If we are setting up a linux jail, lets do it now
176if [ "$LINUXJAIL" = "YES" ] ; then
177   isDirZFS "${JDIR}"
178   if [ $? -eq 0 ] ; then
179     # Create ZFS mount
180     tank=`getZFSTank "$JDIR"`
181     if [ -z "$tank" ] ; then
182       exit_err "Failed getting ZFS dataset for $JDIR..";
183     fi
184     zfs create -o mountpoint=${JAILDIR} -p ${tank}${JAILDIR}
185     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
186   else
187     mkdir -p "${JAILDIR}"
188   fi
189   setup_linux_jail
190   exit 0
191fi
192
193echo "Building new Jail... Please wait..."
194
195isDirZFS "${JDIR}"
196if [ $? -eq 0 ] ; then
197   # Create ZFS CLONE
198   tank=`getZFSTank "$JDIR"`
199   zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
200   jailp=`getZFSRelativePath "${JAILDIR}"`
201   zfs clone ${tank}${zfsp}@clean ${tank}${jailp}
202   if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
203else
204   # Running on UFS
205   mkdir -p "${JAILDIR}"
206   echo "Installing world..."
207   if [ -d "${WORLDCHROOT}" ] ; then
208     tar cvf - -C ${WORLDCHROOT} . 2>/dev/null | tar xpvf - -C "${JAILDIR}" 2>/dev/null
209   else
210     tar xvf ${WORLDCHROOT} -C "${JAILDIR}" 2>/dev/null
211   fi
212   echo "Done"
213fi
214
215mkdir ${JMETADIR}
216echo "${HOST}" > ${JMETADIR}/host
217if [ "${IP4}" != "OFF" ] ; then
218   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
219fi
220if [ "${IP6}" != "OFF" ] ; then
221   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
222fi
223echo "${META_ID}" > ${JMETADIR}/id
224
225if [ "$SOURCE" = "YES" ]
226then
227  echo "Installing source..."
228  mkdir -p "${JAILDIR}/usr/src"
229  cd ${JAILDIR}
230  SYSVER="$(uname -r)"
231  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz"
232  if [ $? -ne 0 ] ; then
233    echo "Error while downloading the freebsd world."
234  else
235    echo "Extracting sources.. May take a while.."
236    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
237    rm src.txz
238    echo "Done"
239  fi
240fi
241
242if [ "$PORTS" = "YES" ]
243then
244  echo "Fetching ports..."
245  mkdir -p "${JAILDIR}/usr/ports"
246  cat /usr/sbin/portsnap | sed 's|! -t 0|-z '1'|g' | /bin/sh -s "fetch" "extract" "update" "-p" "${JAILDIR}/usr/ports" >/dev/null 2>/dev/null
247  if [ $? -eq 0 ] ; then
248    echo "Done"
249  else
250    echo "Failed! Please run \"portsnap fetch extract update\" within the jail."
251  fi
252fi
253
254# Create an empty fstab
255touch "${JAILDIR}/etc/fstab"
256
257# If this isn't a fresh jail, we can skip to not clobber existing setup
258if [ -z "$ARCHIVEFILE" ] ; then
259  # Setup rc.conf
260  echo "portmap_enable=\"NO\"
261sshd_enable=\"YES\"
262sendmail_enable=\"NO\"
263hostname=\"${HOST}\"
264devfs_enable=\"YES\"
265devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
266
267  # Create the host for this device
268cat<<__EOF__>"${JAILDIR}/etc/hosts"
269# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
270#
271# Host Database
272#
273# This file should contain the addresses and aliases for local hosts that
274# share this file.  Replace 'my.domain' below with the domainname of your
275# machine.
276#
277# In the presence of the domain name service or NIS, this file may
278# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
279#
280#
281::1                     localhost localhost.localdomain
282127.0.0.1               localhost localhost.localdomain ${HOST}
283__EOF__
284
285  if [ "${IP4}" != "OFF" ] ; then
286    echo "${IP4}                        ${HOST}" > "${JAILDIR}/etc/hosts"
287  fi
288  if [ "${IP6}" != "OFF" ] ; then
289    echo "${IP6}                        ${HOST}" > "${JAILDIR}/etc/hosts"
290    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
291  fi
292
293  # Copy resolv.conf
294  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
295
296fi # End of ARCHIVEFILE check
297
298if [ "$STARTUP" = "YES" ] ; then
299  touch "${JMETADIR}/autostart"
300fi
301
302# Allow pinging by default
303echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
304
305# Check if we need to copy the timezone file
306if [ -e "/etc/localtime" ] ; then
307   cp /etc/localtime ${JAILDIR}/etc/localtime
308fi
309
310# Setup PC-BSD PKGNG repo / utilities
311if [ "$VANILLA" != "YES" ] ; then
312  bootstrap_pkgng "${JAILDIR}"
313  if [ $? -ne 0 ] ; then
314     echo "You can manually re-try by running # warden bspkgng ${IP}"
315  fi
316fi
317
318# Set the default meta-pkg set
319mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
320echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
321
322# Copy over the pbid scripts
323checkpbiscripts "${JAILDIR}"
324
325# Check if making a portjail
326if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
327
328# Check if making a pluginjail
329if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
330
331# If we are auto-starting the jail, do it now
332if [ "$STARTUP" = "YES" ] ; then warden start ${JAILNAME} ; fi
333
334echo "Success!"
335echo "Jail created at ${JAILDIR}"
336
337if [ "${PLUGINJAIL}" = "YES" ] ; then
338  mkdir -p "${JAILDIR}/.plugins"
339fi
340
341exit 0
Note: See TracBrowser for help on using the repository browser.