source: src-sh/warden/scripts/backend/createjail.sh @ 90a056e

9.1-release9.2-releasereleng/10.0releng/10.0.1releng/10.0.2releng/10.0.3releng/10.1
Last change on this file since 90a056e was 90a056e, checked in by Kris Moore <kris@…>, 21 months ago

When user doesn't supply a netmask, let us set a default

  • Property mode set to 100755
File size: 8.7 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17
18  if [ "${IP4}" != "OFF" ] ; then
19    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
20  fi
21  if [ "${IP6}" != "OFF" ] ; then
22    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
23  fi
24
25  if [ "$STARTUP" = "YES" ] ; then
26    touch "${JMETADIR}/autostart"
27  fi
28  touch "${JMETADIR}/jail-linux"
29
30  if [ -n "$LINUXARCHIVE_FILE" ] ; then
31    echo "Extracting ${LINUXARCHIVE_FILE}..."
32    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
33    if [ $? -ne 0 ] ; then
34       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
35       warden delete --confirm ${JAILNAME} 2>/dev/null
36       exit 1
37    fi
38  else
39    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
40    if [ $? -ne 0 ] ; then
41       echo "Failed running ${LINUX_JAIL_SCRIPT}"
42       warden delete --confirm ${JAILNAME} 2>/dev/null
43       exit 1
44    fi
45  fi
46 
47  # Create the master.passwd
48  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
49  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
50  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
51  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
53  rm ${JAILDIR}/tmp/passwd
54
55  # Copy resolv.conf
56  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
57
58  # Do some touch-up to make linux happy
59  echo '#!/bin/bash
60cd /etc
61pwconv
62grpconv
63touch /etc/fstab
64touch /etc/mtab
65' > ${JAILDIR}/.fixSH
66  chmod 755 ${JAILDIR}/.fixSH
67  chroot ${JAILDIR} /.fixSH
68  rm ${JAILDIR}/.fixSH
69
70  # If we are auto-starting the jail, do it now
71  if [ "$STARTUP" = "YES" ] ; then warden start ${JAILNAME} ; fi
72
73  echo "Success! Linux jail created at ${JAILDIR}"
74}
75
76# Load our passed values
77JAILNAME="${1}"
78HOST="${1}"
79
80# Everything else is passed via environmental variables
81
82case "${JAILTYPE}" in
83  portjail) PORTJAIL="YES" ;;
84  pluginjail) PLUGINJAIL="YES" ;;
85  linuxjail) LINUXJAIL="YES" ;;
86  standard) ;;
87esac
88
89if [ -z "${VERSION}" -a -e "/etc/version" ] ; then VERSION=`cat /etc/version`; fi
90
91# Location of the chroot environment
92isDirZFS "${JDIR}"
93if [ $? -eq 0 ] ; then
94  if [ "${PLUGINJAIL}" = "YES" ] ; then
95    WORLDCHROOT="${JDIR}/.warden-pj-chroot-${ARCH}"
96  else
97    WORLDCHROOT="${JDIR}/.warden-chroot-${ARCH}"
98  fi
99  export WORLDCHROOT
100else
101  if [ "${PLUGINJAIL}" = "YES" ] ; then
102    WORLDCHROOT="${JDIR}/.warden-pj-chroot-${ARCH}.tbz"
103  else
104    WORLDCHROOT="${JDIR}/.warden-chroot-${ARCH}.tbz"
105  fi
106  export WORLDCHROOT
107fi
108
109if [ "${IP4}" != "OFF" ] ; then
110  get_ip_and_netmask "${IP4}"
111  IP4="${JIP}"
112  MASK4="${JMASK}"
113  if [ -z "$MASK4" ] ; then MASK4="24"; fi
114fi
115
116if [ "${IP6}" != "OFF" ] ; then
117  get_ip_and_netmask "${IP6}"
118  IP6="${JIP}"
119  MASK6="${JMASK}"
120  if [ -z "$MASK4" ] ; then MASK6="64"; fi
121fi
122
123# See if we are overriding the default archive file
124if [ ! -z "$ARCHIVEFILE" ] ; then
125   WORLDCHROOT="$ARCHIVEFILE"
126fi
127
128if [ -z "${HOST}" -o -z "$SOURCE" -o -z "${PORTS}" -o -z "${STARTUP}" ] 
129then
130  if [ -z "$HOST" ] ; then
131     echo "ERROR: Missing hostname!"
132  else
133     echo "ERROR: Missing required data!"
134  fi
135
136  exit 6
137fi
138
139JAILDIR="${JDIR}/${JAILNAME}"
140set_warden_metadir
141
142if [ -e "${JAILDIR}" ]
143then
144  echo "ERROR: This Jail directory already exists!"
145  exit 5
146fi
147
148# Make sure we don't have a host already with this name
149for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
150do
151  if [ ! -e "${i}/host" ] ; then continue ; fi
152  if [ "`cat ${i}/host`" = "$HOST" ] ; then
153    echo "ERROR: A jail with this hostname already exists!"
154    exit 5
155  fi
156done
157
158# Get next unique ID
159META_ID=0
160for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
161do
162  id=`cat ${i}/id`
163  if [ "${id}" -gt "${META_ID}" ] ; then
164    META_ID="${id}"
165  fi
166done
167: $(( META_ID += 1 ))
168
169# Check if we need to download the chroot file
170if [ "${PLUGINJAIL}" = "YES" -a ! -e "${WORLDCHROOT}" ] ; then
171  downloadpluginjail "${VERSION}"
172
173elif [ ! -e "${WORLDCHROOT}" -a "${LINUXJAIL}" != "YES" ] ; then
174  downloadchroot
175fi
176
177# If we are setting up a linux jail, lets do it now
178if [ "$LINUXJAIL" = "YES" ] ; then
179   isDirZFS "${JDIR}"
180   if [ $? -eq 0 ] ; then
181     # Create ZFS mount
182     tank=`getZFSTank "$JDIR"`
183     if [ -z "$tank" ] ; then
184       exit_err "Failed getting ZFS dataset for $JDIR..";
185     fi
186     zfs create -o mountpoint=${JAILDIR} -p ${tank}${JAILDIR}
187     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
188   else
189     mkdir -p "${JAILDIR}"
190   fi
191   setup_linux_jail
192   exit 0
193fi
194
195echo "Building new Jail... Please wait..."
196
197isDirZFS "${JDIR}"
198if [ $? -eq 0 ] ; then
199   # Create ZFS CLONE
200   tank=`getZFSTank "$JDIR"`
201   zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
202   jailp=`getZFSRelativePath "${JAILDIR}"`
203   zfs clone ${tank}${zfsp}@clean ${tank}${jailp}
204   if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
205else
206   # Running on UFS
207   mkdir -p "${JAILDIR}"
208   echo "Installing world..."
209   if [ -d "${WORLDCHROOT}" ] ; then
210     tar cvf - -C ${WORLDCHROOT} . 2>/dev/null | tar xpvf - -C "${JAILDIR}" 2>/dev/null
211   else
212     tar xvf ${WORLDCHROOT} -C "${JAILDIR}" 2>/dev/null
213   fi
214   echo "Done"
215fi
216
217mkdir ${JMETADIR}
218echo "${HOST}" > ${JMETADIR}/host
219if [ "${IP4}" != "OFF" ] ; then
220   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
221fi
222if [ "${IP6}" != "OFF" ] ; then
223   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
224fi
225echo "${META_ID}" > ${JMETADIR}/id
226
227if [ "$SOURCE" = "YES" ]
228then
229  echo "Installing source..."
230  mkdir -p "${JAILDIR}/usr/src"
231  cd ${JAILDIR}
232  SYSVER="$(uname -r)"
233  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz"
234  if [ $? -ne 0 ] ; then
235    echo "Error while downloading the freebsd world."
236  else
237    echo "Extracting sources.. May take a while.."
238    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
239    rm src.txz
240    echo "Done"
241  fi
242fi
243
244if [ "$PORTS" = "YES" ]
245then
246  echo "Fetching ports..."
247  mkdir -p "${JAILDIR}/usr/ports"
248  cat /usr/sbin/portsnap | sed 's|! -t 0|-z '1'|g' | /bin/sh -s "fetch" "extract" "update" "-p" "${JAILDIR}/usr/ports" >/dev/null 2>/dev/null
249  if [ $? -eq 0 ] ; then
250    echo "Done"
251  else
252    echo "Failed! Please run \"portsnap fetch extract update\" within the jail."
253  fi
254fi
255
256# Create an empty fstab
257touch "${JAILDIR}/etc/fstab"
258
259# If this isn't a fresh jail, we can skip to not clobber existing setup
260if [ -z "$ARCHIVEFILE" ] ; then
261  # Setup rc.conf
262  echo "portmap_enable=\"NO\"
263sshd_enable=\"YES\"
264sendmail_enable=\"NO\"
265hostname=\"${HOST}\"
266devfs_enable=\"YES\"
267devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
268
269  # Create the host for this device
270cat<<__EOF__>"${JAILDIR}/etc/hosts"
271# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
272#
273# Host Database
274#
275# This file should contain the addresses and aliases for local hosts that
276# share this file.  Replace 'my.domain' below with the domainname of your
277# machine.
278#
279# In the presence of the domain name service or NIS, this file may
280# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
281#
282#
283::1                     localhost localhost.localdomain
284127.0.0.1               localhost localhost.localdomain ${HOST}
285__EOF__
286
287  if [ "${IP4}" != "OFF" ] ; then
288    echo "${IP4}                        ${HOST}" > "${JAILDIR}/etc/hosts"
289  fi
290  if [ "${IP6}" != "OFF" ] ; then
291    echo "${IP6}                        ${HOST}" > "${JAILDIR}/etc/hosts"
292    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
293  fi
294
295  # Copy resolv.conf
296  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
297
298fi # End of ARCHIVEFILE check
299
300if [ "$STARTUP" = "YES" ] ; then
301  touch "${JMETADIR}/autostart"
302fi
303
304# Allow pinging by default
305echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
306
307# Check if we need to copy the timezone file
308if [ -e "/etc/localtime" ] ; then
309   cp /etc/localtime ${JAILDIR}/etc/localtime
310fi
311
312# Setup PC-BSD PKGNG repo / utilities
313if [ "$VANILLA" != "YES" ] ; then
314  bootstrap_pkgng "${JAILDIR}"
315  if [ $? -ne 0 ] ; then
316     echo "You can manually re-try by running # warden bspkgng ${IP}"
317  fi
318fi
319
320# Set the default meta-pkg set
321mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
322echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
323
324# Copy over the pbid scripts
325checkpbiscripts "${JAILDIR}"
326
327# Check if making a portjail
328if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
329
330# Check if making a pluginjail
331if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
332
333# If we are auto-starting the jail, do it now
334if [ "$STARTUP" = "YES" ] ; then warden start ${JAILNAME} ; fi
335
336echo "Success!"
337echo "Jail created at ${JAILDIR}"
338
339if [ "${PLUGINJAIL}" = "YES" ] ; then
340  mkdir -p "${JAILDIR}/.plugins"
341fi
342
343exit 0
Note: See TracBrowser for help on using the repository browser.