source: src-sh/warden/scripts/backend/createjail.sh @ db49124

releng/10.0
Last change on this file since db49124 was db49124, checked in by Kris Moore <kris@…>, 6 months ago

Fix adding source / ports when creating new jails

  • Property mode set to 100755
File size: 9.6 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17  echo "${HOST}" > ${JMETADIR}/id
18
19  if [ "${IP4}" != "OFF" ] ; then
20    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
21  fi
22  if [ "${IP6}" != "OFF" ] ; then
23    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
24  fi
25
26  if [ "$AUTOSTART" = "YES" ] ; then
27    touch "${JMETADIR}/autostart"
28  fi
29  touch "${JMETADIR}/jail-linux"
30
31  if [ -n "$LINUXARCHIVE_FILE" ] ; then
32    echo "Extracting ${LINUXARCHIVE_FILE}..."
33    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
34    if [ $? -ne 0 ] ; then
35       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
36       warden delete --confirm ${JAILNAME} 2>/dev/null
37       exit 1
38    fi
39  else
40    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
41    if [ $? -ne 0 ] ; then
42       echo "Failed running ${LINUX_JAIL_SCRIPT}"
43       warden delete --confirm ${JAILNAME} 2>/dev/null
44       exit 1
45    fi
46  fi
47 
48  # Create the master.passwd
49  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
50  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
51  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
53  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
54  rm ${JAILDIR}/tmp/passwd
55
56  # Copy resolv.conf
57  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
58
59  # Do some touch-up to make linux happy
60  echo '#!/bin/bash
61cd /etc
62pwconv
63grpconv
64touch /etc/fstab
65touch /etc/mtab
66' > ${JAILDIR}/.fixSH
67  chmod 755 ${JAILDIR}/.fixSH
68  chroot ${JAILDIR} /.fixSH
69  rm ${JAILDIR}/.fixSH
70
71  # If we are auto-starting the jail, do it now
72  if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
73
74  echo "Success! Linux jail created at ${JAILDIR}"
75}
76
77# Load our passed values
78JAILNAME="${1}"
79HOST="${1}"
80
81# Everything else is passed via environmental variables
82
83case "${JAILTYPE}" in
84  linuxjail) LINUXJAIL="YES" ;;
85  pluginjail) PLUGINJAIL="YES" ;;
86  portjail) PORTJAIL="YES" ;;
87  standard) ;;
88esac
89
90# See if we need to create a default template
91# If using a ARCHIVEFILE we can skip this step
92if [ -z "$TEMPLATE" -a -z "$ARCHIVEFILE" ] ; then
93  DEFTEMPLATE="`uname -r | cut -d '-' -f 1-2`-${ARCH}"
94  echo "DEF: $DEFTEMPLATE"
95
96  # If on a plugin jail, lets change the nickname
97  if [ "${PLUGINJAIL}" = "YES"  ] ; then
98    DEFTEMPLATE="${DEFTEMPLATE}-pluginjail"
99  fi
100
101  # See if we need to create a new template for this system
102  isDirZFS "${JDIR}"
103  if [ $? -eq 0 ] ; then
104     TDIR="${JDIR}/.warden-template-$DEFTEMPLATE"
105  else
106     TDIR="${JDIR}/.warden-template-$DEFTEMPLATE.tbz"
107  fi
108  if [ ! -e "$TDIR" ] ; then
109      FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
110
111      FLAGS="-trueos `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
112
113      if [ "${PLUGINJAIL}" = "YES" ] ; then
114         FLAGS="$FLAGS -pluginjail"
115      fi
116      warden template create ${FLAGS}
117      if [ $? -ne 0 ] ; then
118        # If we failed, lets try again with FreeBSD dist files
119        FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
120        FLAGS="-fbsd `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
121
122        if [ "${PLUGINJAIL}" = "YES" ] ; then
123          FLAGS="$FLAGS -pluginjail"
124        fi
125        warden template create ${FLAGS}
126        if [ $? -ne 0 ] ; then
127          exit_err "Failed create default template"
128        fi
129      fi
130  fi
131  WORLDCHROOT="${TDIR}"
132elif [ -z "$ARCHIVEFILE" ] ; then
133  # Set WORLDCHROOT to the dir we will clone / file to extract
134  WORLDCHROOT="${JDIR}/.warden-template-$TEMPLATE"
135  isDirZFS "${JDIR}"
136  if [ $? -ne 0 ] ; then
137    WORLDCHROOT="${WORLDCHROOT}.tbz"
138  fi
139else 
140   # See if we are overriding the default archive file
141   WORLDCHROOT="$ARCHIVEFILE"
142fi
143
144if [ "${IP4}" != "OFF" ] ; then
145  get_ip_and_netmask "${IP4}"
146  IP4="${JIP}"
147  MASK4="${JMASK}"
148  if [ -z "$MASK4" ] ; then MASK4="24"; fi
149fi
150
151if [ "${IP6}" != "OFF" ] ; then
152  get_ip_and_netmask "${IP6}"
153  IP6="${JIP}"
154  MASK6="${JMASK}"
155  if [ -z "$MASK6" ] ; then MASK6="64"; fi
156fi
157
158if [ -z "$HOST" ] ; then
159   echo "ERROR: Missing hostname!"
160   exit 6
161fi
162
163JAILDIR="${JDIR}/${JAILNAME}"
164set_warden_metadir
165
166if [ -e "${JAILDIR}" ]
167then
168  echo "ERROR: This Jail directory already exists!"
169  exit 5
170fi
171
172# Make sure we don't have a host already with this name
173for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
174do
175  if [ ! -e "${i}/host" ] ; then continue ; fi
176  if [ "`cat ${i}/host`" = "$HOST" ] ; then
177    echo "ERROR: A jail with this hostname already exists!"
178    exit 5
179  fi
180done
181
182# Get next unique ID
183META_ID=0
184for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
185do
186  id=`cat ${i}/id`
187  if [ "${id}" -gt "${META_ID}" ] ; then
188    META_ID="${id}"
189  fi
190done
191: $(( META_ID += 1 ))
192
193# If we are setting up a linux jail, lets do it now
194if [ "$LINUXJAIL" = "YES" ] ; then
195   isDirZFS "${JDIR}"
196   if [ $? -eq 0 ] ; then
197     # Create ZFS mount
198     tank=`getZFSTank "$JDIR"`
199     if [ -z "$tank" ] ; then
200       exit_err "Failed getting ZFS dataset for $JDIR..";
201     fi
202     zfs create -o mountpoint=${JAILDIR} -p ${tank}${JAILDIR}
203     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
204   else
205     mkdir -p "${JAILDIR}"
206   fi
207   setup_linux_jail
208   exit 0
209fi
210
211echo "Building new Jail... Please wait..."
212
213isDirZFS "${JDIR}"
214if [ $? -eq 0 ] ; then
215   # Create ZFS CLONE
216   tank=`getZFSTank "$JDIR"`
217   zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
218   jailp=`getZFSRelativePath "${JAILDIR}"`
219   zfs clone ${tank}${zfsp}@clean ${tank}${jailp}
220   if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
221else
222   # Running on UFS
223   mkdir -p "${JAILDIR}"
224   echo "Installing world..."
225   if [ -d "${WORLDCHROOT}" ] ; then
226     tar cvf - -C ${WORLDCHROOT} . 2>/dev/null | tar xpvf - -C "${JAILDIR}" 2>/dev/null
227   else
228     tar xvf ${WORLDCHROOT} -C "${JAILDIR}" 2>/dev/null
229   fi
230
231   # If this is a pluginjail on UFS :-( Do things the hard way.
232   if [ "${PLUGINJAIL}" = "YES" ] ; then
233     bootstrap_pkgng "${pjdir}" "pluginjail"
234   fi
235
236   echo "Done"
237fi
238
239mkdir ${JMETADIR}
240echo "${HOST}" > ${JMETADIR}/host
241if [ "${IP4}" != "OFF" ] ; then
242   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
243fi
244if [ "${IP6}" != "OFF" ] ; then
245   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
246fi
247echo "${META_ID}" > ${JMETADIR}/id
248
249if [ "$SOURCE" = "YES" ]
250then
251  echo "Installing source..."
252  mkdir -p "${JAILDIR}/usr/src"
253  cd ${JAILDIR}
254  SYSVER="$(uname -r | cut -d '-' -f 1-2)"
255  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz" "iso"
256  if [ $? -ne 0 ] ; then
257    echo "Error while downloading the freebsd world."
258  else
259    echo "Extracting sources.. May take a while.."
260    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
261    rm src.txz
262    echo "Done"
263  fi
264fi
265
266if [ "$PORTS" = "YES" ]
267then
268  echo "Fetching ports..."
269  mkdir -p "${JAILDIR}/usr/ports"
270  cd ${JAILDIR}
271  SYSVER="$(uname -r | cut -d '-' -f 1-2)"
272  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/ports.txz" "ports.txz" "iso"
273  if [ $? -ne 0 ] ; then
274    echo "Error while downloading the ports tree."
275  else
276    echo "Extracting ports.. May take a while.."
277    tar xvf ports.txz -C "${JAILDIR}" 2>/dev/null
278    rm ports.txz
279    echo "Done"
280  fi
281fi
282
283# Create an empty fstab
284touch "${JAILDIR}/etc/fstab"
285
286# If this isn't a fresh jail, we can skip to not clobber existing setup
287if [ -z "$ARCHIVEFILE" ] ; then
288  # Setup rc.conf
289  echo "portmap_enable=\"NO\"
290sshd_enable=\"YES\"
291sendmail_enable=\"NO\"
292hostname=\"${HOST}\"
293devfs_enable=\"YES\"
294devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
295
296  # Create the host for this device
297cat<<__EOF__>"${JAILDIR}/etc/hosts"
298# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
299#
300# Host Database
301#
302# This file should contain the addresses and aliases for local hosts that
303# share this file.  Replace 'my.domain' below with the domainname of your
304# machine.
305#
306# In the presence of the domain name service or NIS, this file may
307# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
308#
309#
310::1                     localhost localhost.localdomain
311127.0.0.1               localhost localhost.localdomain ${HOST}
312__EOF__
313
314  if [ "${IP4}" != "OFF" ] ; then
315    echo "${IP4}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
316  fi
317  if [ "${IP6}" != "OFF" ] ; then
318    echo "${IP6}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
319    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
320  fi
321
322  # Copy resolv.conf
323  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
324
325fi # End of ARCHIVEFILE check
326
327if [ "$AUTOSTART" = "YES" ] ; then
328  touch "${JMETADIR}/autostart"
329fi
330
331# Allow pinging by default
332echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
333
334# Check if we need to copy the timezone file
335if [ -e "/etc/localtime" ] ; then
336   cp /etc/localtime ${JAILDIR}/etc/localtime
337fi
338
339# Setup TrueOS PKGNG repo / utilities only if on TRUEOS
340if [ "$VANILLA" != "YES" -a -e "${JAILDIR}/etc/rc.conf.pcbsd" ] ; then
341  bootstrap_pkgng "${JAILDIR}"
342  if [ $? -ne 0 ] ; then
343     echo "You can manually re-try by running # warden bspkgng ${JAILNAME}"
344  fi
345fi
346
347# Set the default meta-pkg set
348mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
349echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
350
351# Check if making a portjail
352if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
353
354# Check if making a pluginjail
355if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
356
357# If we are auto-starting the jail, do it now
358if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
359
360echo "Success!"
361echo "Jail created at ${JAILDIR}"
362
363if [ "${PLUGINJAIL}" = "YES" ] ; then
364  mkdir -p "${JAILDIR}/.plugins"
365fi
366
367exit 0
Note: See TracBrowser for help on using the repository browser.