source: src-sh/warden/scripts/backend/createjail.sh @ fda1ea4

9.2-releasereleng/10.0releng/10.0.1
Last change on this file since fda1ea4 was fda1ea4, checked in by Kris Moore <kris@…>, 12 months ago

Add --template option to warden create, now you can use any old template
for making a new jail :)

  • Property mode set to 100755
File size: 10.1 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17
18  if [ "${IP4}" != "OFF" ] ; then
19    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
20  fi
21  if [ "${IP6}" != "OFF" ] ; then
22    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
23  fi
24
25  if [ "$AUTOSTART" = "YES" ] ; then
26    touch "${JMETADIR}/autostart"
27  fi
28  touch "${JMETADIR}/jail-linux"
29
30  if [ -n "$LINUXARCHIVE_FILE" ] ; then
31    echo "Extracting ${LINUXARCHIVE_FILE}..."
32    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
33    if [ $? -ne 0 ] ; then
34       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
35       warden delete --confirm ${JAILNAME} 2>/dev/null
36       exit 1
37    fi
38  else
39    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
40    if [ $? -ne 0 ] ; then
41       echo "Failed running ${LINUX_JAIL_SCRIPT}"
42       warden delete --confirm ${JAILNAME} 2>/dev/null
43       exit 1
44    fi
45  fi
46 
47  # Create the master.passwd
48  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
49  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
50  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
51  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
53  rm ${JAILDIR}/tmp/passwd
54
55  # Copy resolv.conf
56  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
57
58  # Do some touch-up to make linux happy
59  echo '#!/bin/bash
60cd /etc
61pwconv
62grpconv
63touch /etc/fstab
64touch /etc/mtab
65' > ${JAILDIR}/.fixSH
66  chmod 755 ${JAILDIR}/.fixSH
67  chroot ${JAILDIR} /.fixSH
68  rm ${JAILDIR}/.fixSH
69
70  # If we are auto-starting the jail, do it now
71  if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
72
73  echo "Success! Linux jail created at ${JAILDIR}"
74}
75
76# Load our passed values
77JAILNAME="${1}"
78HOST="${1}"
79
80# Everything else is passed via environmental variables
81
82case "${JAILTYPE}" in
83  portjail) PORTJAIL="YES" ;;
84  pluginjail) PLUGINJAIL="YES" ;;
85  linuxjail) LINUXJAIL="YES" ;;
86  standard) ;;
87esac
88
89# Location of the chroot environment
90isDirZFS "${JDIR}"
91if [ $? -eq 0 ] ; then
92  WORLDCHROOT_PLUGINJAIL="${JDIR}/.warden-pj-chroot-${ARCH}"
93  WORLDCHROOT_STANDARD="${JDIR}/.warden-chroot-${ARCH}"
94else
95  WORLDCHROOT_PLUGINJAIL="${JDIR}/.warden-pj-chroot-${ARCH}.tbz"
96  WORLDCHROOT_STANDARD="${JDIR}/.warden-chroot-${ARCH}.tbz"
97fi
98if [ "${PLUGINJAIL}" = "YES" ] ; then
99  WORLDCHROOT="${WORLDCHROOT_PLUGINJAIL}"
100else
101  WORLDCHROOT="${WORLDCHROOT_STANDARD}"
102fi
103export WORLDCHROOT WORLDCHROOT_PLUGINJAIL WORLDCHROOT_STANDARD
104
105if [ "${IP4}" != "OFF" ] ; then
106  get_ip_and_netmask "${IP4}"
107  IP4="${JIP}"
108  MASK4="${JMASK}"
109  if [ -z "$MASK4" ] ; then MASK4="24"; fi
110fi
111
112if [ "${IP6}" != "OFF" ] ; then
113  get_ip_and_netmask "${IP6}"
114  IP6="${JIP}"
115  MASK6="${JMASK}"
116  if [ -z "$MASK6" ] ; then MASK6="64"; fi
117fi
118
119# See if we are overriding the default archive file
120if [ ! -z "$ARCHIVEFILE" ] ; then
121   WORLDCHROOT="$ARCHIVEFILE"
122fi
123
124if [ -z "$HOST" ] ; then
125   echo "ERROR: Missing hostname!"
126   exit 6
127fi
128
129JAILDIR="${JDIR}/${JAILNAME}"
130set_warden_metadir
131
132if [ -e "${JAILDIR}" ]
133then
134  echo "ERROR: This Jail directory already exists!"
135  exit 5
136fi
137
138# Make sure we don't have a host already with this name
139for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
140do
141  if [ ! -e "${i}/host" ] ; then continue ; fi
142  if [ "`cat ${i}/host`" = "$HOST" ] ; then
143    echo "ERROR: A jail with this hostname already exists!"
144    exit 5
145  fi
146done
147
148# Get next unique ID
149META_ID=0
150for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
151do
152  id=`cat ${i}/id`
153  if [ "${id}" -gt "${META_ID}" ] ; then
154    META_ID="${id}"
155  fi
156done
157: $(( META_ID += 1 ))
158
159# Check if we need to download the chroot file
160
161#
162# If this is a pluginjail, we clone a regular freebsd chroot, then we
163# bootstrap packageng, install the required packages that a pluginjail
164# needs, then snapshot it. Once this is done, creating a pluginjail is
165# as easy as doing a zfs clone.
166#
167if [ "${PLUGINJAIL}" = "YES" -a ! -e "${WORLDCHROOT}" -a -z "$TEMPLATE" ] ; then
168  if [ ! -e "${WORLDCHROOT_STANDARD}" ] ; then
169    downloadchroot "${WORLDCHROOT_STANDARD}"
170  fi
171
172  isDirZFS "${JDIR}"
173  if [ $? -eq 0 ] ; then
174    tank=`getZFSTank "$JDIR"`
175    zfsp=`getZFSRelativePath "${WORLDCHROOT_STANDARD}"`
176    clonep="/$(basename ${WORLDCHROOT_PLUGINJAIL})"
177
178    mnt=`getZFSMountpoint ${tank}`
179    pjdir="${mnt}${clonep}"
180
181    zfs clone ${tank}${zfsp}@clean ${tank}${clonep}
182    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS pluginjail clone"; fi
183
184    cp /etc/resolv.conf ${pjdir}/etc/resolv.conf
185
186    bootstrap_pkgng "${pjdir}" "pluginjail"
187
188    zfs snapshot ${tank}${clonep}@clean
189    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS pluginjail snapshot"; fi
190
191  # We're on UFS :-(
192  else
193    downloadchroot "${WORLDCHROOT_STANDARD}"
194
195  fi
196
197elif [ ! -e "${WORLDCHROOT}" -a "${LINUXJAIL}" != "YES" -a -z "$TEMPLATE" ] ; then
198  downloadchroot "${WORLDCHROOT}"
199fi
200
201# If we are setting up a linux jail, lets do it now
202if [ "$LINUXJAIL" = "YES" ] ; then
203   isDirZFS "${JDIR}"
204   if [ $? -eq 0 ] ; then
205     # Create ZFS mount
206     tank=`getZFSTank "$JDIR"`
207     if [ -z "$tank" ] ; then
208       exit_err "Failed getting ZFS dataset for $JDIR..";
209     fi
210     zfs create -o mountpoint=${JAILDIR} -p ${tank}${JAILDIR}
211     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
212   else
213     mkdir -p "${JAILDIR}"
214   fi
215   setup_linux_jail
216   exit 0
217fi
218
219echo "Building new Jail... Please wait..."
220
221# Are we using a jail template to build / clone?
222if [ -n "$TEMPLATE" ] ; then
223   # Reset WORLDCHROOT to the dir we will clone / file to extract
224   WORLDCHROOT="${JDIR}/.warden-template-$TEMPLATE"
225   isDirZFS "${JDIR}"
226   if [ $? -ne 0 ] ; then
227     WORLDCHROOT="${WORLDCHROOT}.tbz"
228   fi
229fi
230
231isDirZFS "${JDIR}"
232if [ $? -eq 0 ] ; then
233   # Create ZFS CLONE
234   tank=`getZFSTank "$JDIR"`
235   zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
236   jailp=`getZFSRelativePath "${JAILDIR}"`
237   zfs clone ${tank}${zfsp}@clean ${tank}${jailp}
238   if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
239else
240   # Running on UFS
241   mkdir -p "${JAILDIR}"
242   echo "Installing world..."
243   if [ -d "${WORLDCHROOT}" ] ; then
244     tar cvf - -C ${WORLDCHROOT} . 2>/dev/null | tar xpvf - -C "${JAILDIR}" 2>/dev/null
245   else
246     tar xvf ${WORLDCHROOT} -C "${JAILDIR}" 2>/dev/null
247   fi
248
249   # If this is a pluginjail on UFS :-( Do things the hard way.
250   if [ "${PLUGINJAIL}" = "YES" ] ; then
251     bootstrap_pkgng "${pjdir}" "pluginjail"
252   fi
253
254   echo "Done"
255fi
256
257mkdir ${JMETADIR}
258echo "${HOST}" > ${JMETADIR}/host
259if [ "${IP4}" != "OFF" ] ; then
260   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
261fi
262if [ "${IP6}" != "OFF" ] ; then
263   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
264fi
265echo "${META_ID}" > ${JMETADIR}/id
266
267if [ "$SOURCE" = "YES" ]
268then
269  echo "Installing source..."
270  mkdir -p "${JAILDIR}/usr/src"
271  cd ${JAILDIR}
272  SYSVER="$(uname -r | cut -d '-' -f 1-2)"
273  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz"
274  if [ $? -ne 0 ] ; then
275    echo "Error while downloading the freebsd world."
276  else
277    echo "Extracting sources.. May take a while.."
278    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
279    rm src.txz
280    echo "Done"
281  fi
282fi
283
284if [ "$PORTS" = "YES" ]
285then
286  echo "Fetching ports..."
287  mkdir -p "${JAILDIR}/usr/ports"
288  cat /usr/sbin/portsnap | sed 's|! -t 0|-z '1'|g' | /bin/sh -s "fetch" "extract" "update" "-p" "${JAILDIR}/usr/ports" >/dev/null 2>/dev/null
289  if [ $? -eq 0 ] ; then
290    echo "Done"
291  else
292    echo "Failed! Please run \"portsnap fetch extract update\" within the jail."
293  fi
294fi
295
296# Create an empty fstab
297touch "${JAILDIR}/etc/fstab"
298
299# If this isn't a fresh jail, we can skip to not clobber existing setup
300if [ -z "$ARCHIVEFILE" ] ; then
301  # Setup rc.conf
302  echo "portmap_enable=\"NO\"
303sshd_enable=\"YES\"
304sendmail_enable=\"NO\"
305hostname=\"${HOST}\"
306devfs_enable=\"YES\"
307devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
308
309  # Create the host for this device
310cat<<__EOF__>"${JAILDIR}/etc/hosts"
311# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
312#
313# Host Database
314#
315# This file should contain the addresses and aliases for local hosts that
316# share this file.  Replace 'my.domain' below with the domainname of your
317# machine.
318#
319# In the presence of the domain name service or NIS, this file may
320# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
321#
322#
323::1                     localhost localhost.localdomain
324127.0.0.1               localhost localhost.localdomain ${HOST}
325__EOF__
326
327  if [ "${IP4}" != "OFF" ] ; then
328    echo "${IP4}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
329  fi
330  if [ "${IP6}" != "OFF" ] ; then
331    echo "${IP6}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
332    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
333  fi
334
335  # Copy resolv.conf
336  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
337
338fi # End of ARCHIVEFILE check
339
340if [ "$AUTOSTART" = "YES" ] ; then
341  touch "${JMETADIR}/autostart"
342fi
343
344# Allow pinging by default
345echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
346
347# Check if we need to copy the timezone file
348if [ -e "/etc/localtime" ] ; then
349   cp /etc/localtime ${JAILDIR}/etc/localtime
350fi
351
352# Setup TrueOS PKGNG repo / utilities only if on TRUEOS
353if [ "$VANILLA" != "YES" -a -e "${JAILDIR}/etc/rc.delay" ] ; then
354  bootstrap_pkgng "${JAILDIR}"
355  if [ $? -ne 0 ] ; then
356     echo "You can manually re-try by running # warden bspkgng ${JAILNAME}"
357  fi
358fi
359
360# Set the default meta-pkg set
361mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
362echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
363
364# Copy over the pbid scripts
365checkpbiscripts "${JAILDIR}"
366
367# Check if making a portjail
368if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
369
370# Check if making a pluginjail
371if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
372
373# If we are auto-starting the jail, do it now
374if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
375
376echo "Success!"
377echo "Jail created at ${JAILDIR}"
378
379if [ "${PLUGINJAIL}" = "YES" ] ; then
380  mkdir -p "${JAILDIR}/.plugins"
381fi
382
383exit 0
Note: See TracBrowser for help on using the repository browser.