source: src-sh/warden/scripts/backend/createjail.sh @ 9788f38

9.2-releasereleng/10.0releng/10.0.1releng/10.0.2
Last change on this file since 9788f38 was 9788f38, checked in by Kris Moore <kris@…>, 13 months ago

Switch us over to the new PC-BSD CDN

  • Property mode set to 100755
File size: 9.3 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17
18  if [ "${IP4}" != "OFF" ] ; then
19    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
20  fi
21  if [ "${IP6}" != "OFF" ] ; then
22    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
23  fi
24
25  if [ "$AUTOSTART" = "YES" ] ; then
26    touch "${JMETADIR}/autostart"
27  fi
28  touch "${JMETADIR}/jail-linux"
29
30  if [ -n "$LINUXARCHIVE_FILE" ] ; then
31    echo "Extracting ${LINUXARCHIVE_FILE}..."
32    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
33    if [ $? -ne 0 ] ; then
34       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
35       warden delete --confirm ${JAILNAME} 2>/dev/null
36       exit 1
37    fi
38  else
39    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
40    if [ $? -ne 0 ] ; then
41       echo "Failed running ${LINUX_JAIL_SCRIPT}"
42       warden delete --confirm ${JAILNAME} 2>/dev/null
43       exit 1
44    fi
45  fi
46 
47  # Create the master.passwd
48  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
49  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
50  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
51  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
53  rm ${JAILDIR}/tmp/passwd
54
55  # Copy resolv.conf
56  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
57
58  # Do some touch-up to make linux happy
59  echo '#!/bin/bash
60cd /etc
61pwconv
62grpconv
63touch /etc/fstab
64touch /etc/mtab
65' > ${JAILDIR}/.fixSH
66  chmod 755 ${JAILDIR}/.fixSH
67  chroot ${JAILDIR} /.fixSH
68  rm ${JAILDIR}/.fixSH
69
70  # If we are auto-starting the jail, do it now
71  if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
72
73  echo "Success! Linux jail created at ${JAILDIR}"
74}
75
76# Load our passed values
77JAILNAME="${1}"
78HOST="${1}"
79
80# Everything else is passed via environmental variables
81
82case "${JAILTYPE}" in
83  portjail) PORTJAIL="YES" ;;
84  pluginjail) PLUGINJAIL="YES" ;;
85  linuxjail) LINUXJAIL="YES" ;;
86  standard) ;;
87esac
88
89# See if we need to create a default template
90# If using a ARCHIVEFILE we can skip this step
91if [ -z "$TEMPLATE" -a -z "$ARCHIVEFILE" ] ; then
92  DEFTEMPLATE="`uname -r | cut -d '-' -f 1-2`-${ARCH}"
93
94  # If on a plugin jail, lets change the nickname
95  if [ "${PLUGINJAIL}" = "YES"  ] ; then
96    DEFTEMPLATE="${DEFTEMPLATE}-pluginjail"
97  fi
98
99  # See if we need to create a new template for this system
100  isDirZFS "${JDIR}"
101  if [ $? -eq 0 ] ; then
102     TDIR="${JDIR}/.warden-template-$DEFTEMPLATE"
103  else
104     TDIR="${JDIR}/.warden-template-$DEFTEMPLATE.tbz"
105  fi
106  if [ ! -e "$TDIR" ] ; then
107      FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
108
109      uname -r 2>&1 | grep -q "TRUEOS"
110      if [ $? -eq 0 ] ; then
111         FLAGS="-trueos `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
112      else
113         FLAGS="-fbsd `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
114      fi
115
116      if [ "${PLUGINJAIL}" = "YES" ] ; then
117         FLAGS="$FLAGS -pluginjail"
118      fi
119      warden template create ${FLAGS}
120      if [ $? -ne 0 ] ; then
121        exit_err "Failed create default template"
122      fi
123  fi
124  WORLDCHROOT="${TDIR}"
125elif [ -z "$ARCHIVEFILE" ] ; then
126  # Set WORLDCHROOT to the dir we will clone / file to extract
127  WORLDCHROOT="${JDIR}/.warden-template-$TEMPLATE"
128  isDirZFS "${JDIR}"
129  if [ $? -ne 0 ] ; then
130    WORLDCHROOT="${WORLDCHROOT}.tbz"
131  fi
132else 
133   # See if we are overriding the default archive file
134   WORLDCHROOT="$ARCHIVEFILE"
135fi
136
137if [ "${IP4}" != "OFF" ] ; then
138  get_ip_and_netmask "${IP4}"
139  IP4="${JIP}"
140  MASK4="${JMASK}"
141  if [ -z "$MASK4" ] ; then MASK4="24"; fi
142fi
143
144if [ "${IP6}" != "OFF" ] ; then
145  get_ip_and_netmask "${IP6}"
146  IP6="${JIP}"
147  MASK6="${JMASK}"
148  if [ -z "$MASK6" ] ; then MASK6="64"; fi
149fi
150
151if [ -z "$HOST" ] ; then
152   echo "ERROR: Missing hostname!"
153   exit 6
154fi
155
156JAILDIR="${JDIR}/${JAILNAME}"
157set_warden_metadir
158
159if [ -e "${JAILDIR}" ]
160then
161  echo "ERROR: This Jail directory already exists!"
162  exit 5
163fi
164
165# Make sure we don't have a host already with this name
166for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
167do
168  if [ ! -e "${i}/host" ] ; then continue ; fi
169  if [ "`cat ${i}/host`" = "$HOST" ] ; then
170    echo "ERROR: A jail with this hostname already exists!"
171    exit 5
172  fi
173done
174
175# Get next unique ID
176META_ID=0
177for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
178do
179  id=`cat ${i}/id`
180  if [ "${id}" -gt "${META_ID}" ] ; then
181    META_ID="${id}"
182  fi
183done
184: $(( META_ID += 1 ))
185
186# If we are setting up a linux jail, lets do it now
187if [ "$LINUXJAIL" = "YES" ] ; then
188   isDirZFS "${JDIR}"
189   if [ $? -eq 0 ] ; then
190     # Create ZFS mount
191     tank=`getZFSTank "$JDIR"`
192     if [ -z "$tank" ] ; then
193       exit_err "Failed getting ZFS dataset for $JDIR..";
194     fi
195     zfs create -o mountpoint=${JAILDIR} -p ${tank}${JAILDIR}
196     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
197   else
198     mkdir -p "${JAILDIR}"
199   fi
200   setup_linux_jail
201   exit 0
202fi
203
204echo "Building new Jail... Please wait..."
205
206isDirZFS "${JDIR}"
207if [ $? -eq 0 ] ; then
208   # Create ZFS CLONE
209   tank=`getZFSTank "$JDIR"`
210   zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
211   jailp=`getZFSRelativePath "${JAILDIR}"`
212   zfs clone ${tank}${zfsp}@clean ${tank}${jailp}
213   if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
214else
215   # Running on UFS
216   mkdir -p "${JAILDIR}"
217   echo "Installing world..."
218   if [ -d "${WORLDCHROOT}" ] ; then
219     tar cvf - -C ${WORLDCHROOT} . 2>/dev/null | tar xpvf - -C "${JAILDIR}" 2>/dev/null
220   else
221     tar xvf ${WORLDCHROOT} -C "${JAILDIR}" 2>/dev/null
222   fi
223
224   # If this is a pluginjail on UFS :-( Do things the hard way.
225   if [ "${PLUGINJAIL}" = "YES" ] ; then
226     bootstrap_pkgng "${pjdir}" "pluginjail"
227   fi
228
229   echo "Done"
230fi
231
232mkdir ${JMETADIR}
233echo "${HOST}" > ${JMETADIR}/host
234if [ "${IP4}" != "OFF" ] ; then
235   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
236fi
237if [ "${IP6}" != "OFF" ] ; then
238   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
239fi
240echo "${META_ID}" > ${JMETADIR}/id
241
242if [ "$SOURCE" = "YES" ]
243then
244  echo "Installing source..."
245  mkdir -p "${JAILDIR}/usr/src"
246  cd ${JAILDIR}
247  SYSVER="$(uname -r | cut -d '-' -f 1-2)"
248  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz" "iso"
249  if [ $? -ne 0 ] ; then
250    echo "Error while downloading the freebsd world."
251  else
252    echo "Extracting sources.. May take a while.."
253    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
254    rm src.txz
255    echo "Done"
256  fi
257fi
258
259if [ "$PORTS" = "YES" ]
260then
261  echo "Fetching ports..."
262  mkdir -p "${JAILDIR}/usr/ports"
263  cat /usr/sbin/portsnap | sed 's|! -t 0|-z '1'|g' | /bin/sh -s "fetch" "extract" "update" "-p" "${JAILDIR}/usr/ports" >/dev/null 2>/dev/null
264  if [ $? -eq 0 ] ; then
265    echo "Done"
266  else
267    echo "Failed! Please run \"portsnap fetch extract update\" within the jail."
268  fi
269fi
270
271# Create an empty fstab
272touch "${JAILDIR}/etc/fstab"
273
274# If this isn't a fresh jail, we can skip to not clobber existing setup
275if [ -z "$ARCHIVEFILE" ] ; then
276  # Setup rc.conf
277  echo "portmap_enable=\"NO\"
278sshd_enable=\"YES\"
279sendmail_enable=\"NO\"
280hostname=\"${HOST}\"
281devfs_enable=\"YES\"
282devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
283
284  # Create the host for this device
285cat<<__EOF__>"${JAILDIR}/etc/hosts"
286# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
287#
288# Host Database
289#
290# This file should contain the addresses and aliases for local hosts that
291# share this file.  Replace 'my.domain' below with the domainname of your
292# machine.
293#
294# In the presence of the domain name service or NIS, this file may
295# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
296#
297#
298::1                     localhost localhost.localdomain
299127.0.0.1               localhost localhost.localdomain ${HOST}
300__EOF__
301
302  if [ "${IP4}" != "OFF" ] ; then
303    echo "${IP4}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
304  fi
305  if [ "${IP6}" != "OFF" ] ; then
306    echo "${IP6}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
307    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
308  fi
309
310  # Copy resolv.conf
311  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
312
313fi # End of ARCHIVEFILE check
314
315if [ "$AUTOSTART" = "YES" ] ; then
316  touch "${JMETADIR}/autostart"
317fi
318
319# Allow pinging by default
320echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
321
322# Check if we need to copy the timezone file
323if [ -e "/etc/localtime" ] ; then
324   cp /etc/localtime ${JAILDIR}/etc/localtime
325fi
326
327# Setup TrueOS PKGNG repo / utilities only if on TRUEOS
328if [ "$VANILLA" != "YES" -a -e "${JAILDIR}/etc/rc.delay" ] ; then
329  bootstrap_pkgng "${JAILDIR}"
330  if [ $? -ne 0 ] ; then
331     echo "You can manually re-try by running # warden bspkgng ${JAILNAME}"
332  fi
333fi
334
335# Set the default meta-pkg set
336mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
337echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
338
339# Copy over the pbid scripts
340checkpbiscripts "${JAILDIR}"
341
342# Check if making a portjail
343if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
344
345# Check if making a pluginjail
346if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
347
348# If we are auto-starting the jail, do it now
349if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
350
351echo "Success!"
352echo "Jail created at ${JAILDIR}"
353
354if [ "${PLUGINJAIL}" = "YES" ] ; then
355  mkdir -p "${JAILDIR}/.plugins"
356fi
357
358exit 0
Note: See TracBrowser for help on using the repository browser.