source: src-sh/warden/scripts/backend/functions.sh

Last change on this file was 698a249, checked in by Kris Moore <kris@…>, 9 days ago

When using warden to create jails, do all ZFS ops relative to the
JAILDIR dataset, this will allow moving JAILDIR around, and fix
issues with odd dataset creation.

This fix implies that your JAILDIR is indeed a mounted ZFS dataset,
but we have assumed that for a while now anyway.

  • Property mode set to 100755
File size: 30.9 KB
RevLine 
[1620346]1#!/bin/sh
2# Functions / variables for warden
3######################################################################
4# DO NOT EDIT
5
6# Source local functions
7. /usr/local/share/pcbsd/scripts/functions.sh
8
9# Installation directory
10PROGDIR="/usr/local/share/warden"
11
12# Jail location
13JDIR="$(grep ^JDIR: /usr/local/etc/warden.conf | cut -d' ' -f2)"
14export JDIR
15
16# Set arch type
17REALARCH=`uname -m`
18export REALARCH
19if [ -z "$ARCH" ] ; then
20  ARCH="$REALARCH"
21  export ARCH
22fi
23
24# Location of pcbsd.conf file
25PCBSD_ETCCONF="/usr/local/etc/pcbsd.conf"
26
27# Network interface to use
28NIC="$(grep ^NIC: /usr/local/etc/warden.conf | cut -d' ' -f2)"
29export NIC
30
31# Tmp directory
32WTMP="$(grep ^WTMP: /usr/local/etc/warden.conf | cut -d' ' -f2)"
33export WTMP
34
[c63ce1b]35# Default IP4 Pool of addresses
36DEFAULT_IP4POOL="$(grep ^IP4POOL: /usr/local/etc/warden.conf | cut -d' ' -f2)"
37if [ -z "$DEFAULT_IP4POOL" ] ; then
[37e71e4f]38   DEFAULT_IP4POOL="192.168.0.220"
[c63ce1b]39fi
40export DEFAULT_IP4POOL
41
[1620346]42# FreeBSD release
43FREEBSD_RELEASE="$(grep ^FREEBSD_RELEASE: /usr/local/etc/warden.conf | cut -d' ' -f2)"
44if [ -z "${FREEBSD_RELEASE}" ] ; then
45  FREEBSD_RELEASE="$(uname -r)"
46fi
47export UNAME_r="${FREEBSD_RELEASE}"
48
49# Temp file for dialog responses
50ATMP="/tmp/.wans"
51export ATMP
52
53# Warden Version
[d2b5358]54WARDENVER="1.4"
[1620346]55export WARDENVER
56
[2c39b15]57# Dirs to nullfs mount in X jail
[f4066f6]58NULLFS_MOUNTS="/tmp /media"
59X11_MOUNTS="/usr/local/lib/X11/icons /usr/local/lib/X11/fonts /usr/local/etc/fonts"
[1620346]60
61# Clone directory
62CDIR="${JDIR}/clones"
63
64downloadpluginjail() {
65  local _ver="${1}"
66
67  SYSVER=`echo "${_ver}" | sed -E 's|^FreeNAS-(([0-9]+\.){2}[0-9]+).*|\1|'`
68  SYSREL=`echo "${_ver}" | sed -E 's|^FreeNAS-([0-9]+\.){2}[0-9]+-([a-zA-Z0-9]+)-.*|\2|'`
69  SYSARCH=`echo "${_ver}" | sed -E 's#^(.*)(x86|x64)#\2#'`
70
71  SF="http://downloads.sourceforge.net/project/freenas"
72  URL="${SF}/FreeNAS-${SYSVER}/${SYSREL}/${SYSARCH}/plugins"
73
74  PJAIL="FreeNAS-${SYSVER}-${SYSREL}-${SYSARCH}.Plugins_Jail.pbi"
75  PJAILSHA256="${PJAIL}.sha256"
76
77  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
78  cd ${JDIR}
79
80  echo "Fetching jail environment. This may take a while..."
81
82  if [ ! -e "${PJAIL}" ] ; then
83     echo "Downloading ${URL}/${PJAIL} ..."
84     get_file "${URL}/${PJAIL}" "${PJAIL}" 3
85     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail."
86  fi
87
88  if [ ! -e "${PJAILSHA256}" ] ; then
89     echo "Downloading ${URL}/${PJAILSHA256} ..."
90     get_file "${URL}/${PJAILSHA256}" "${PJAILSHA256}" 3
91     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail sha256."
92  fi
93
94  [ "$(sha256 -q ${PJAIL})" != "$(cat ${PJAILSHA256})" ] &&
95    printerror "Error in download data, checksum mismatch. Please try again later."
96
[698a249]97  # Get the dataset of the jails mountpoint
98  rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
99  tSubDir=`basename $WORLDCHROOT`
100  nDataSet="${rDataSet}/${tSubDir}"
[1620346]101
[698a249]102  echo "Creating ZFS ${nDataSet} dataset..."
[4905ba9]103  isDirZFS "${WORLDCHROOT}" "1"
104  if [ $? -ne 0 ] ; then
[698a249]105     zfs create -p ${nDataSet}
[4905ba9]106     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
107     mkdir -p "${WORLDCHROOT}/.plugins" >/dev/null 2>&1
[1620346]108  fi
[4905ba9]109
110  pbi_add -e --no-checksig -p ${WORLDCHROOT} ${PJAIL}
111  if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
112
[698a249]113  zfs snapshot ${nDataSet}@clean
[4905ba9]114  if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
115  rm ${PJAIL}
[1620346]116  rm ${PJAILSHA256}
117};
118
119### Download the chroot
120downloadchroot() {
121  local CHROOT="${1}"
122
123  # XXX If this is PCBSD, pbreg get /PC-BSD/Version
124  SYSVER="$(echo "$(uname -r)" | cut -f1 -d'-')"
125  FBSD_TARBALL="fbsd-release.txz"
126  FBSD_TARBALL_CKSUM="${FBSD_TARBALL}.md5"
127
128  # Set the mirror URL, may be overridden by setting MIRRORURL environment variable
129  if [ -z "${MIRRORURL}" ]; then
130    get_mirror
131    MIRRORURL="$VAL"
132  fi
133
134  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
135  cd ${JDIR}
136
137  echo "Fetching jail environment. This may take a while..."
138  echo "Downloading ${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL} ..."
139
140  if [ ! -e "$FBSD_TARBALL" ] ; then
141     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL}" "$FBSD_TARBALL" 3
142     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
143  fi
144
145  if [ ! -e "$FBSD_TARBALL_CKSUM" ] ; then
146     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL_CKSUM}" "$FBSD_TARBALL_CKSUM" 3
147     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
148  fi
149
150  [ "$(md5 -q ${FBSD_TARBALL})" != "$(cat ${FBSD_TARBALL_CKSUM})" ] &&
151    printerror "Error in download data, checksum mismatch. Please try again later."
152
[698a249]153  # Get the dataset of the jails mountpoint
154  rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
155  tSubDir=`basename $CHROOT`
156  nDataSet="${rDataSet}/${tSubDir}"
[1620346]157
[4905ba9]158  echo "Creating ZFS ${CHROOT} dataset..."
159  isDirZFS "${CHROOT}" "1"
160  if [ $? -ne 0 ] ; then
[698a249]161     zfs create -p ${nDataSet}
[4905ba9]162     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
[1620346]163  fi
[4905ba9]164
165  tar xvpf ${FBSD_TARBALL} -C ${CHROOT} 2>/dev/null
166  if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
167
[698a249]168  zfs snapshot ${nDataSet}@clean
[4905ba9]169  if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
170  rm ${FBSD_TARBALL}
[1620346]171  rm ${FBSD_TARBALL_CKSUM}
172};
173
[f4066f6]174# Check if a directory is mounted
175isDirMounted() {
176  mount | grep -q "on $1 ("
177  return $?
178}
179
[2c39b15]180### Mount all needed filesystems for the jail
181mountjailxfs() {
[1620346]182
[e5240d6]183  if [ ! -d "${JDIR}/${1}/" ] ; then
184     exit_err "Invalid jail directory: ${JDIR}/${1}"
185  fi
186
[29f8f9d]187  # Update the user files on the portjail
188  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
189  for file in ${ETCFILES}; do
190    rm ${JDIR}/${1}/etc/${file} >/dev/null 2>&1
191    cp /etc/${file} ${JDIR}/${1}/etc/${file}
192  done
193
[1620346]194  for nullfs_mount in ${NULLFS_MOUNTS}; do
195    if [ ! -d "${JDIR}/${1}${nullfs_mount}" ] ; then
196      mkdir -p "${JDIR}/${1}${nullfs_mount}"
197    fi
198    if is_symlinked_mountpoint ${nullfs_mount}; then
199      echo "${nullfs_mount} has symlink as parent, not mounting"
200      continue
201    fi
202
[f4066f6]203    # If this is already mounted we can skip for now
204    isDirMounted "${JDIR}/${1}${nullfs_mount}" && continue
205
[1620346]206    echo "Mounting ${JDIR}/${1}${nullfs_mount}"
207    mount_nullfs ${nullfs_mount} ${JDIR}/${1}${nullfs_mount}
208  done
209
[f4066f6]210  # Check and mount /dev
211  isDirMounted "${JDIR}/${1}/dev"
212  if [ $? -ne 0 ] ; then
213    echo "Enabling devfs"
214    mount -t devfs devfs ${JDIR}/${1}/dev
215  fi
216
[1620346]217  # Add support for linprocfs for ports that need linprocfs to build/run
218  if [  ! -d "${JDIR}/${1}/compat/linux/proc" ]; then
219    mkdir -p ${JDIR}/${1}/compat/linux/proc
220  fi
221  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/proc; then
222    echo "${JDIR}/${1}/compat/linux/proc has symlink as parent, not mounting"
223    return
224  fi
[f4066f6]225
226  # If this is already mounted we can skip for now
227  isDirMounted "${JDIR}/${1}/compat/linux/proc"
228  if [ $? -ne 0 ] ; then
229    echo "Enabling linprocfs support."
230    mount -t linprocfs linprocfs ${JDIR}/${1}/compat/linux/proc
231  fi
232
233  # Add support for linsysfs for ports that need linprocfs to build/run
234  if [  ! -d "${JDIR}/${1}/compat/linux/sys" ]; then
235    mkdir -p ${JDIR}/${1}/compat/linux/sys
236  fi
237  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/sys; then
238    echo "${JDIR}/${1}/compat/linux/sys has symlink as parent, not mounting"
239    return
240  fi
241
242  # If this is already mounted we can skip for now
243  isDirMounted "${JDIR}/${1}/compat/linux/sys"
244  if [ $? -ne 0 ] ; then
245    echo "Enabling linsysfs support."
246    mount -t linsysfs linsysfs ${JDIR}/${1}/compat/linux/sys
247  fi
248
249  # Lastly we need to mount /usr/home/* directories
250  for i in `ls -d /usr/home/*`
251  do
252    # If this is already mounted we can skip for now
253    isDirMounted "${JDIR}/${1}${i}" && continue
254    if [ ! -d "${JDIR}/${1}${i}" ] ; then mkdir -p ${JDIR}/${1}${i} ; fi
255    echo "Mounting home: ${i}"
256    mount_nullfs ${i} ${JDIR}/${1}${i}
257  done
258
[1620346]259}
260
261### Umount all the jail's filesystems
262umountjailxfs() {
263  status="0"
264  # Umount all filesystems that are mounted into the portsjail
265  for mountpoint in $(mount | grep ${JDIR}/${1}/ | cut -d" " -f3); do
266    if [ "$mountpoint" = "${JDIR}/${1}/dev" ] ; then continue ; fi
267    if [ "$mountpoint" = "${JDIR}/${1}/" ] ; then continue ; fi
268    if [ "$mountpoint" = "${JDIR}/${1}" ] ; then continue ; fi
269    echo "Unmounting $mountpoint"
270    umount -f ${mountpoint}
271    if [ $? -ne 0 ] ; then status="1" ; fi
272  done
273  # Now try to umount /dev
274  umount -f ${JDIR}/${1}/dev 2>/dev/null >/dev/null
275  return $status
276}
277
278# Check if PBI scripts are loaded in jail
279checkpbiscripts() {
280  if [ -z "${1}" ] ; then return ; fi
281  if [ ! -e "${1}/usr/local/sbin/pbi_info" ] ; then
282    copypbiscripts "${1}"
283  elif [ "`ls -l /usr/local/sbin/pbi_info | awk '{print $5}'`" != "`ls -l ${1}/usr/local/sbin/pbi_info | awk '{print $5}'`" ] ; then
284    copypbiscripts "${1}"
285  fi
286}
287
288# Copy PBI scripts to jail
289copypbiscripts() {
290  if [ -z "${1}" ] ; then return ; fi
291  mkdir -p ${1}/usr/local/sbin >/dev/null 2>/dev/null
292  cp /usr/local/sbin/pbi* ${1}/usr/local/sbin/
293  chmod 755 ${1}/usr/local/sbin/pbi*
294
295  # Copy rc.d pbid script
296  mkdir -p ${1}/usr/local/etc/rc.d >/dev/null 2>/dev/null
297  cp /usr/local/etc/rc.d/pbid ${1}/usr/local/etc/rc.d/
298
299  # Copy any PBI manpages
300  for man in `find /usr/local/man | grep pbi`
301  do
302    if [ ! -d "${1}`dirname $man`" ] ; then
303      mkdir -p "${1}`dirname $man`"
304    fi
305    cp "${man}" "${1}${man}"
306  done
307}
308
309mkportjail() {
310  if [ -z "${1}" ] ; then return ; fi
311  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
312  for file in ${ETCFILES}; do
313    rm ${1}/etc/${file} >/dev/null 2>&1
314    cp /etc/${file} ${1}/etc/${file}
315  done
316 
317  # Need to symlink /home
318  chroot ${1} ln -fs /usr/home /home
319
320  # Make sure we remove our cleartmp rc.d script, causes issues
321  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
[f4066f6]322
[1620346]323  # Flag this type
324  touch ${JMETADIR}/jail-portjail
325}
326
327mkpluginjail() {
328  if [ -z "${1}" ] ; then return ; fi
329  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
330  for file in ${ETCFILES}; do
331    rm ${1}/etc/${file} >/dev/null 2>&1
332    cp /etc/${file} ${1}/etc/${file}
333  done
334 
335  # Need to symlink /home
336  chroot ${1} ln -fs /usr/home /home
337
338  # Make sure we remove our cleartmp rc.d script, causes issues
339  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
340  # Flag this type
341  touch ${JMETADIR}/jail-pluginjail
342}
343
344mkZFSSnap() {
345  isDirZFS "${1}" "1"
346  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
347  tank=`getZFSTank "$1"`
348  rp=`getZFSRelativePath "$1"`
349  zdate=`date +%Y-%m-%d-%H-%M-%S`
350  zfs snapshot $tank${rp}@$zdate
[cca8f57]351  # Do we have a comment to set?
352  if [ -n "$2" ] ; then
353      zfs set warden:comment="$2" ${tank}${rp}@${zdate}
354  fi
[1620346]355}
356
357listZFSSnap() {
358  isDirZFS "${1}" "1"
359  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
360  tank=`getZFSTank "$1"`
361  rp=`getZFSRelativePath "$1"`
[cca8f57]362
363  echo "Snapshot                                Comment"
364  echo "-----------------------------------------------"
[de73897]365  for i in `zfs list -r -t snapshot ${tank}${rp} 2>/dev/null | cut -d '@' -f 2 | awk '{print $1}'`
[cca8f57]366  do
[de73897]367     comment=`zfs get -o value warden:comment ${tank}${rp}@$i 2>/dev/null| grep -v "VALUE"`
368     lcomment=`zfs get -o value lpreserver:comment ${tank}${rp}@$i 2>/dev/null| grep -v "VALUE"`
369     if [ -z "$comment" -a -n "$lcomment" ] ; then
370       echo "$i         $lcomment"
371     else
372       echo "$i         $comment"
373     fi
[cca8f57]374  done
[1620346]375}
376
377listZFSClone() {
378  isDirZFS "${1}" "1"
379  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
380  tank=`getZFSTank "$1"`
381  cdir=`getZFSRelativePath "${CDIR}"` 
382  echo "Clone Directory: ${CDIR}"
383  echo "-----------------------------------"
384  zfs list | grep -w "^${tank}${cdir}/${2}" | awk '{print $5}' | sed "s|${CDIR}/${2}-||g"
385}
386
387rmZFSSnap() {
388  isDirZFS "${1}" "1"
389  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
[698a249]390
391  # Get the dataset of the jails mountpoint
392  rDataSet=`mount | grep "on ${1} " | awk '{print $1}'`
393  zfs destroy ${rDataSet}@$2
[1620346]394}
395
396revertZFSSnap() {
397  isDirZFS "${1}" "1"
398  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
399  tank=`getZFSTank "$1"`
400  rp=`getZFSRelativePath "$1"`
401
402  # Make sure this is a valid snapshot
403  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}' | grep -q ${2}
404  if [ $? -ne 0 ] ; then printerror "Invalid ZFS snapshot!" ; fi
405
406  # Check if the jail is running first
407  ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
408  if [ "$?" = "0" ]; then
409    restartJail="YES"
410    # Make sure the jail is stopped
411    ${PROGDIR}/scripts/backend/stopjail.sh "${3}"
412    ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
413    if [ "$?" = "0" ]; then
414      printerror "Could not stop jail... Halting..."
415    fi
416  fi
417
418  # Rollback the snapshot
419  zfs rollback -R -f ${tank}${rp}@$2
420
421  # If it was started, restart the jail now
422  if [ "$restartJail" = "YES" ]; then
423    ${PROGDIR}/scripts/backend/startjail.sh "${3}"
424  fi
425 
426}
427
[d2b5358]428cloneZFSDir() {
[1620346]429  isDirZFS "${1}" "1"
430  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
[d2b5358]431
[698a249]432  # Get the dataset of the jails mountpoint
433  rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
434  oSubDir=`basename $1`
435  oDataSet="${rDataSet}/${oSubDir}"
436  nSubDir=`basename $2`
437  nDataSet="${rDataSet}/${nSubDir}"
[1620346]438
[d2b5358]439  zdate=`date +%Y-%m-%d-%H-%M-%S`
440  snapName="preClone-$zdate"
[1620346]441
[d2b5358]442  # Create a temp snapshot we can clone
[698a249]443  zfs snapshot ${oDataSet}@${snapName}
[d2b5358]444  if [ $? -ne 0 ] ; then printerror "Failed creating snapshot!" ; fi
[1620346]445
446  # Clone the snapshot
[698a249]447  zfs clone -p ${oDataSet}@${snapName} ${nDataSet}
[d2b5358]448  if [ $? -ne 0 ] ; then printerror "Failed cloning snapshot!" ; fi
[1620346]449
[d2b5358]450  return 0
[1620346]451}
452
453set_warden_metadir()
454{
455   JMETADIR="${JDIR}/.${JAILNAME}.meta"
456   export JMETADIR
457}
458
459get_ip_and_netmask()
460{
461   JIP=`echo "${1}" | cut -f1 -d'/'`
462   JMASK=`echo "${1}" | cut -f2 -d'/' -s`
463}
464
465get_interface_addresses()
466{
467   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
468}
469
470get_interface_ipv4_addresses()
471{
472   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
473}
474
475get_interface_ipv6_addresses()
476{
477   ifconfig ${1} | grep -w inet6 | awk '{ print $2 }'
478}
479
480get_interface_address()
481{
482   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
483}
484
485get_interface_ipv4_address()
486{
487   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
488}
489
490get_interface_ipv6_address()
491{
492   ifconfig ${1} | grep -w inet6 | head -1 | awk '{ print $2 }'
493}
494
495get_interface_aliases()
496{
497   local _count
498
499   _count=`ifconfig ${1} | grep -w inet | wc -l`
500   _count="$(echo "${_count} - 1" | bc)"
501
502   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
503}
504
505get_interface_ipv4_aliases()
506{
507   local _count
508
509   _count=`ifconfig ${1} | grep -w inet | wc -l`
510   _count="$(echo "${_count} - 1" | bc)"
511
512   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
513}
514
515get_interface_ipv6_aliases()
516{
517   local _count
518
519   _count=`ifconfig ${1} | grep -w inet | wc -l`
520   _count="$(echo "${_count} - 1" | bc)"
521
522   ifconfig ${1} | grep -w inet6 | tail -${_count} | awk '{ print $2 }'
523}
524
525get_default_route()
526{
527   netstat -f inet -nr | grep '^default' | awk '{ print $2 }'
528}
529
530get_default_interface()
531{
532   netstat -f inet -nrW | grep '^default' | awk '{ print $7 }'
533}
534
535get_bridge_interfaces()
536{
537   ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:
538}
539
540get_bridge_members()
541{
542   ifconfig ${1} | grep -w member | awk '{ print $2 }'
543}
544
545get_bridge_interface_by_ipv4_network()
546{
547   local network="${1}"
548   local bridges="$(get_bridge_interfaces)"
549
550   if [ -z "${network}" ]
551   then
552      return 1
553   fi
554
555   for _bridge in ${bridges}
556   do
557      local ips="$(get_interface_ipv4_aliases "${_bridge}")"
558      for _ip in ${ips}
559      do
560         if in_ipv4_network "${_ip}" "${network}"
561         then
562            echo "${_bridge}"
563            return 0
564         fi
565      done
566   done
567
568   return 1
569}
570
571get_bridge_interface_by_ipv6_network()
572{
573   local network="${1}"
574   local bridges="$(get_bridge_interfaces)"
575
576   if [ -z "${network}" ]
577   then
578      return 1
579   fi
580
581   for _bridge in ${bridges}
582   do
583      local ips="$(get_interface_ipv6_aliases "${_bridge}")"
584      for _ip in ${ips}
585      do
586         if in_ipv6_network "${_ip}" "${network}"
587         then
588            echo "${_bridge}"
589            return 0
590         fi
591      done
592   done
593
594   return 1
595}
596
597is_bridge_member()
598{
599   local _bridge="${1}"
600   local _iface="${2}"
601
602   for _member in `get_bridge_members ${_bridge}`
603   do
604      if [ "${_member}" = "${_iface}" ] ; then
605         return 0
606      fi
607   done
608
609   return 1
610}
611
612jail_interfaces_down()
613{
614   local _jid="${1}"
615   local _bridgeif
616   local _epaira
617   local _epairb
618
619   _epairb=`jexec ${_jid} ifconfig -a | grep '^epair' | cut -f1 -d:`
620   if [ -n "${_epairb}" ] ; then
621      _epaira=`echo ${_epairb} | sed -E 's|b$|a|'`
622      _bridgeif=
623
624      for _bridge in `ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:`
625      do
626         for _member in `ifconfig ${_bridge} | grep member | awk '{ print $2 }'`
627         do
628            if [ "${_member}" = "${_epaira}" ] ; then
629               _bridgeif="${_bridge}"
630                break
631            fi
632         done
633         if [ -n "${_bridgeif}" ] ; then
634            break
635         fi
636      done
637
638      jexec ${_jid} ifconfig ${_epairb} down
639      ifconfig ${_epaira} down
640      ifconfig ${_epaira} destroy
641      _count=`ifconfig ${_bridgeif} | grep member | awk '{ print $2 }' | wc -l`
[2a7010e]642      if [ "${_count}" -lt "1" ] ; then
[1620346]643         ifconfig ${_bridgeif} destroy
644      fi
645   fi
646}
647
648enable_cron()
649{
650   cronscript="${PROGDIR}/scripts/backend/cronsnap.sh"
651   grep -q "${cronscript}" /etc/crontab
652   if [ $? -eq 0 ] ; then return 0 ; fi
653   echo "2     *        *       *       *        root    ${cronscript}" >> /etc/crontab
654   # Restart cron
655   /etc/rc.d/cron restart >/dev/null 2>/dev/null
656}
657
658fix_old_meta()
659{
660   for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
661   do
662      if [ -e "${i}/xjail" ] ; then
663         touch ${i}/jail-portjail 2>/dev/null
664      fi
665      if [ -e "${i}/linuxjail" ] ; then
666         touch ${i}/jail-linux 2>/dev/null
667      fi
668   done
669}
670
671is_ipv4()
672{
673   local addr="${1}"
674   local res=1
675
676   local ipv4="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
677   if [ "${ipv4}" = "ipv4" ]
678   then
679      res=0
680   fi
681
682   return ${res}
683}
684
685is_ipv6()
686{
687   local addr="${1}"
688   local res=1
689
690   local ipv6="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
691   if [ "${ipv6}" = "ipv6" ]
692   then
693      res=0
694   fi
695
696   return ${res}
697}
698
699in_ipv4_network()
700{
701   local addr="${1}"
702   local network="${2}"
703   local res=1
704
705   local start="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $4 }')"
706   local end="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $6 }')"
707
708   local iaddr="$(/usr/local/bin/sipcalc "${addr}"|awk '/(decimal)/ { print $5 }')"
709   local istart="$(/usr/local/bin/sipcalc "${start}"|awk '/(decimal)/ { print $5 }')"
710   local iend="$(/usr/local/bin/sipcalc "${end}"|awk '/(decimal)/ { print $5 }')"
711
712   if [ "${iaddr}" -ge "${istart}" -a "${iaddr}" -le "${iend}" ]
713   then
714      res=0
715   fi
716
717   return ${res}
718}
719
720ipv6_to_binary()
721{
722   echo ${1}|awk '{
723      split($1, octets, ":");
724      olen = length(octets);
725               
726      bnum = "";
727      for (i = 1;i <= olen;i++) {
728         tbnum = "";
729         dnum = int(sprintf("0x%s", octets[i]));
730         for (;;) {
731            rem = int(dnum % 2);
732            if (rem == 0)
733               tbnum = sprintf("0%s", tbnum);
734            else               
735               tbnum = sprintf("1%s", tbnum);
736            dnum /= 2;
737            if (dnum < 1)
738               break;
739         }
740         bnum = sprintf("%s%016s", bnum, tbnum);
741      }
742      printf("%s", bnum);
743   }'
744}
745
746in_ipv6_network()
747{
748   local addr="${1}"
749   local network="${2}"
750   local mask="$(echo "${network}"|cut -f2 -d'/' -s)"
751   local res=1
752
753   local addr="$(/usr/local/bin/sipcalc "${addr}"|awk \
754      '/^Expanded/ { print $4}')"
755   local start="$(/usr/local/bin/sipcalc "${network}"|egrep \
756      '^Network range'|awk '{ print $4 }')"
757
758   local baddr="$(ipv6_to_binary "${addr}")"
759   local bstart="$(ipv6_to_binary "${start}")"
760
761   local baddrnet="$(echo "${baddr}"|awk -v mask="${mask}" \
762      '{ s = substr($0, 1, mask); printf("%s", s); }')"
763   local bstartnet="$(echo "${bstart}"|awk -v mask="${mask}" \
764      '{ s = substr($0, 1, mask); printf("%s", s); }')"
765
766   if [ "${baddrnet}" = "${bstartnet}" ]
767   then
768      res=0
769   fi
770
771   return ${res}
772}
773
774install_pc_extractoverlay()
775{
776  if [ -z "${1}" ] ; then
777    return 1
778  fi
779
780  mkdir -p ${1}/usr/local/bin
781  mkdir -p ${1}/usr/local/share/pcbsd/conf
782  mkdir -p ${1}/usr/local/share/pcbsd/distfiles
783
784  cp /usr/local/bin/pc-extractoverlay ${1}/usr/local/bin/
785  chmod 755 ${1}/usr/local/bin/pc-extractoverlay
786
787  cp /usr/local/share/pcbsd/conf/server-excludes \
788    ${1}/usr/local/share/pcbsd/conf
789  cp /usr/local/share/pcbsd/distfiles/server-overlay.txz \
790    ${1}/usr/local/share/pcbsd/distfiles
791
792  return 0
793}
794
795make_bootstrap_pkgng_file_standard()
796{
797  local jaildir="${1}"
798  local outfile="${2}"
799
[c2b5aad]800  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
801     echo "Missing /bin/freebsd-version in jail.."
802     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
803     return 1
804  fi
805
806  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1-2`"
[1620346]807  local arch="$(uname -m)"
808
809cat<<__EOF__>"${outfile}"
810#!/bin/sh
811tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
812pkg add pkg.txz
813rm pkg.txz
814
[d6345ef]815# Create the pkg.conf file
816echo "PKG_CACHEDIR: /usr/local/tmp
817repos_dir: [
818                \"/usr/local/etc/pkg/repos\"
819           ]" > /usr/local/etc/pkg.conf
820
821# Create the repo dirs
822mkdir -p /usr/local/etc/pkg/repos 2>/dev/null
823mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/trusted 2>/dev/null
824mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/revoked 2>/dev/null
825
826# Save the repo configuration file
827echo "pcbsd: {
828               url: \"http://pkg.cdn.pcbsd.org/${release}/${arch}\",
829               signature_type: \"fingerprints\",
830               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
831               enabled: true
832              }" > /usr/local/etc/pkg/repos/pcbsd.conf
833
834# Save the fingerprint file
835echo "function: sha256
836fingerprint: b2b9e037f938cf20ba68aa85ac88c15889c729a7f6b70c25069774308e760a03" > /usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209
837
838pkg update
[6cf118f]839pkg install -y pcbsd-utils
840pc-extractoverlay ports
841
[1620346]842exit $?
843__EOF__
[d6345ef]844
[1620346]845}
846
847make_bootstrap_pkgng_file_pluginjail()
848{
849
850  local jaildir="${1}"
851  local outfile="${2}"
852
[c2b5aad]853  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
854     echo "Missing /bin/freebsd-version in jail.."
855     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
856     return 0
857  fi
858
859  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1-2`"
[1620346]860  local arch="$(uname -m)"
861
862  get_mirror
863  local mirror="${VAL}"
864
865  cp /usr/local/share/warden/pluginjail-packages "${jaildir}/pluginjail-packages"
866
867cat<<__EOF__>"${outfile}"
868#!/bin/sh
869tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
870pkg add pkg.txz
871rm pkg.txz
872
873mount -t devfs devfs /dev
874
[d6345ef]875# Create the pkg.conf file
876echo "PKG_CACHEDIR: /usr/local/tmp
877repos_dir: [
878                \"/usr/local/etc/pkg/repos\"
879           ]" > /usr/local/etc/pkg.conf
880
881# Create the repo dirs
882mkdir -p /usr/local/etc/pkg/repos 2>/dev/null
883mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/trusted 2>/dev/null
884mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/revoked 2>/dev/null
885
886# Save the repo configuration file
887echo "pcbsd: {
888               url: \"http://pkg.cdn.pcbsd.org/${release}/${arch}\",
889               signature_type: \"fingerprints\",
890               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
891               enabled: true
892              }" > /usr/local/etc/pkg/repos/pcbsd.conf
893
[13a6b08]894# Create the repo.dist file
895echo "pcbsd: {
896               url: \"http://pkg.cdn.pcbsd.org/VERSION/ARCH\",
897               signature_type: \"fingerprints\",
898               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
899               enabled: true
900              }" > /usr/local/etc/pkg/repos/pcbsd.conf.dist
901
[d6345ef]902# Save the fingerprint file
903echo "function: sha256
904fingerprint: b2b9e037f938cf20ba68aa85ac88c15889c729a7f6b70c25069774308e760a03" > /usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209
905
906pkg update
[1620346]907pkg install -y pcbsd-utils
908__EOF__
909
910echo '
911i=0
912count=`wc -l /pluginjail-packages| awk "{ print $1 }"`
913for p in `cat /pluginjail-packages`
914do
915  pkg install -y ${p}
916  : $(( i += 1 ))
917done
918
919umount devfs
920exit $?
921' >> "${outfile}"
922}
923
924
925bootstrap_pkgng()
926{
927  local jaildir="${1}"
928  local jailtype="${2}"
929  if [ -z "${jailtype}" ] ; then
930    jailtype="standard"
931  fi
[c2b5aad]932
933  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
934     echo "Missing /bin/freebsd-version in jail.."
935     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
936     return 1
937  fi
938
939  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1-2`"
[1620346]940  local arch="$(uname -m)"
941
942  local ffunc="make_bootstrap_pkgng_file_standard"
943  if [ "${jailtype}" = "pluginjail" ] ; then
944    ffunc="make_bootstrap_pkgng_file_pluginjail"
945  fi
946
947  cd ${jaildir} 
948  echo "Boot-strapping pkgng"
949
950  mkdir -p ${jaildir}/usr/local/etc
951
952
953  ${ffunc} "${jaildir}" "${jaildir}/bootstrap-pkgng"
954  chmod 755 "${jaildir}/bootstrap-pkgng"
955
956  if [ -e "pkg.txz" ] ; then rm pkg.txz ; fi
[9788f38]957  get_file_from_mirrors "/${release}/${arch}/Latest/pkg.txz" "pkg.txz" "pkg"
[1620346]958  if [ $? -eq 0 ] ; then
959    chroot ${jaildir} /bootstrap-pkgng
960    if [ $? -eq 0 ] ; then
961      rm -f "${jaildir}/bootstrap-pkgng"
962      rm -f "${jaildir}/pluginjail-packages"
963      chroot ${jaildir} pc-extractoverlay server --sysinit
964      return 0
965    fi
966  fi
967
968  echo "Failed boot-strapping PKGNG, most likely cause is internet connection failure."
969  rm -f "${jaildir}/bootstrap-pkgng"
970  rm -f "${jaildir}/pluginjail-packages"
971  return 1
972}
973
974ipv4_configured()
975{
976   local iface="${1}"
977   local jid="${2}"
978   local jexec=
979
980   if [ -n "${jid}" ] ; then
981      jexec="jexec ${jid}"
982   fi
983
984   ${jexec} ifconfig "${iface}" | grep -qw inet 2>/dev/null
985   return $?
986}
987
988ipv4_address_configured()
989{
990   local iface="${1}"
991   local addr="${2}"
992   local jid="${3}"
993   local jexec= 
994
995   addr="$(echo ${addr}|cut -f1 -d'/')"
996
997   if [ -n "${jid}" ] ; then
998      jexec="jexec ${jid}"
999   fi
1000
1001   ${jexec} ifconfig "${iface}" | \
1002      grep -w inet | \
1003      awk '{ print $2 }' | \
1004      grep -Ew "^${addr}" >/dev/null 2>&1
1005   return $?
1006}
1007
1008ipv6_configured()
1009{
1010   local iface="${1}"
1011   local jid="${2}"
1012   local jexec=
1013
1014   if [ -n "${jid}" ] ; then
1015      jexec="jexec ${jid}"
1016   fi
1017
1018   ${jexec} ifconfig "${iface}" | grep -qw inet6 2>/dev/null
1019   return $?
1020}
1021
1022ipv6_address_configured()
1023{
1024   local iface="${1}"
1025   local addr="${2}"
1026   local jid="${3}"
1027   local jexec= 
1028
1029   addr="$(echo ${addr}|cut -f1 -d'/')"
1030
1031   if [ -n "${jid}" ] ; then
1032      jexec="jexec ${jid}"
1033   fi
1034
1035   ${jexec} ifconfig "${iface}" | \
1036      grep -w inet6 | \
1037      awk '{ print $2 }' | \
1038      grep -Ew "^${addr}" >/dev/null 2>&1
1039   return $?
1040}
1041
1042get_ipfw_nat_instance()
1043{
1044   local iface="${1}"
1045   local res=1
1046
1047   if [ -z "${iface}" ] ; then
1048      local instance="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'|tail -1`"
1049      if [ -z "${instance}" ] ; then
1050         instance="100"
1051      else               
1052         : $(( instance += 100 )) 
1053      fi
1054      echo "${instance}"
1055      return 0
1056   fi
1057
1058   for ni in `ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'`
1059   do
1060      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1061      if [ "$?" = "0" ] ; then
1062         echo "${ni}"
1063         res=0
1064         break
1065      fi
1066   done
1067
1068   return ${res}
1069}
1070
1071get_ipfw_nat_priority()
1072{
1073   local iface="${1}"
1074   local res=1
1075
1076   if [ -z "${iface}" ] ; then
1077      local priority="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $1 }'|tail -1`"
1078      if [ -z "${priority}" ] ; then
1079         priority=2000
1080      fi
1081      printf "%05d\n" "${priority}"
1082      return 0
1083   fi
1084
1085   local IFS='
1086'
1087   for rule in `ipfw list|egrep '[0-9]+ nat'`
1088   do
1089      local priority="`echo "${rule}"|awk '{ print $1 }'`"
1090      local ni="`echo "${rule}"|awk '{ print $3 }'`"
1091
1092      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1093      if [ "$?" = "0" ] ; then
1094         echo "${priority}"
1095         res=0
1096         break
1097      fi
1098   done
1099
1100   return ${res}
1101}
1102
[101a6c2]1103list_templates()
1104{
1105   echo "Jail Templates:"
1106   echo "------------------------------" 
[4905ba9]1107   for i in `ls -d ${JDIR}/.warden-template* 2>/dev/null`
1108   do
1109     if [ ! -e "$i/bin/sh" ] ; then continue ; fi
1110     NICK=`echo "$i" | sed "s|${JDIR}/.warden-template-||g"`
1111     file "$i/bin/sh" 2>/dev/null | grep -q "64-bit"
1112     if [ $? -eq 0 ] ; then
1113        ARCH="amd64"
1114     else
1115        ARCH="i386"
1116     fi
1117     VER=`file "$i/bin/sh" | cut -d ',' -f 5 | awk '{print $3}'`
1118     if [ -e "$i/etc/rc.conf.pcbsd" ] ; then
1119        TYPE="TrueOS"
1120     else
1121        TYPE="FreeBSD"
1122     fi
1123     echo -e "${NICK} - $TYPE $VER ($ARCH)"
1124  done
1125  exit 0
[101a6c2]1126}
1127
1128delete_template()
1129{
[283f63e]1130   tDir="${JDIR}/.warden-template-${1}"
[4905ba9]1131   isDirZFS "${tDir}" "1"
1132   if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${tDir}" ; fi
[698a249]1133
1134   # Get the dataset of the jails mountpoint
1135   rDataSet=`mount | grep "on ${tDir} " | awk '{print $1}'`
1136
1137   zfs destroy -r ${rDataSet}
[4905ba9]1138   if [ $? -ne 0 ] ; then
1139     exit_err "Could not remove template, perhaps you have jails still using it?"
[283f63e]1140   fi
[4905ba9]1141   rmdir ${tDir}
[f70de07]1142   echo "DONE"
[101a6c2]1143
[283f63e]1144   exit 0
[101a6c2]1145}
[d2b5358]1146
1147get_ip_host_flags()
1148{
1149         IP4="OFF"
1150         IP6="OFF"
1151         HOST="OFF"
1152         for i in "$@"
1153         do
1154           # Check if we have a new IPv4 address for this import
1155           echo "${i}" | grep '\-\-ipv4=' >/dev/null 2>/dev/null
1156           if [ "$?" = "0" ]; then
1157              tmp="`echo ${i} | cut -d '=' -f 2`"
1158              IP4="`echo ${tmp} | cut -d '/' -f 1 -s`"
1159              MASK4="`echo ${tmp} | cut -d '/' -f 2 -s`"
1160
1161              #Sanity check on the IP
1162              if ! is_ipv4 "${IP4}" ; then
1163                 exit_err "Invalid IPv4 address: $IP4"
1164              fi
1165
1166              for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
1167              do
1168                if [ "`cat ${i}/ipv4 2>/dev/null`" = "${IP4}/${MASK4}" ] ; then
1169                  exit_err "A jail with this IPv4 address already exists!"
1170                fi
1171              done
1172           fi
1173
1174           # Check if we have a new IPv6 address for this import
1175           echo "${i}" | grep '\-\-ipv6=' >/dev/null 2>/dev/null
1176           if [ "$?" = "0" ]; then
1177              tmp="`echo ${i} | cut -d '=' -f 2`"
1178              IP6="`echo ${tmp} | cut -d '/' -f 1 -s`"
1179              MASK6="`echo ${tmp} | cut -d '/' -f 2 -s`"
1180
1181              #Sanity check on the IP
1182              if ! is_ipv6 "${IP6}" ; then
1183                 exit_err "Invalid IPv6 address!"
1184              fi
1185
1186              for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
1187              do
1188                _ipv6=`cat ${i}/ipv6 2>/dev/null | tr a-z A-Z`
1189                _nipv6="`echo ${IP6}|tr a-z A-Z`/${MASK6}"
1190
1191                if [ "${_ipv6}" = "${_nipv6}" ] ; then
1192                  exit_err "A jail with this IPv6 address already exists!"
1193                fi
1194              done
1195           fi
1196
1197           # Check if we have a new hostname for this jail
1198           echo ${i} | grep '\-\-host=' >/dev/null 2>/dev/null
1199           if [ "$?" = "0" ]; then
1200              HOST="`echo ${i} | cut -d '=' -f 2`"
1201           fi
1202
1203         done
1204
1205}
[4905ba9]1206
1207zfs_prog_check() {
1208
1209   isDirZFS "${JDIR}"
1210   if [ $? -ne 0 ] ; then
1211      echo "WARNING: JDIR is NOT set to a ZFS managed dataset.."
1212      echo "Please change JDIR in /usr/local/etc/warden.conf to a ZFS dataset!"
1213   fi
1214
1215}
Note: See TracBrowser for help on using the repository browser.