source: src-sh/warden/scripts/backend/functions.sh

Last change on this file was 21d3050, checked in by Kris Moore <kris@…>, 5 weeks ago

Fix bugs creating new PBI jails via AppCafe? with pkgng 1.3.X

  • Property mode set to 100755
File size: 31.5 KB
Line 
1#!/bin/sh
2# Functions / variables for warden
3######################################################################
4# DO NOT EDIT
5
6# Source local functions
7. /usr/local/share/pcbsd/scripts/functions.sh
8
9# Installation directory
10PROGDIR="/usr/local/share/warden"
11
12# Jail location
13JDIR="$(grep ^JDIR: /usr/local/etc/warden.conf | cut -d' ' -f2)"
14export JDIR
15
16# Set arch type
17REALARCH=`uname -m`
18export REALARCH
19if [ -z "$ARCH" ] ; then
20  ARCH="$REALARCH"
21  export ARCH
22fi
23
24# Location of pcbsd.conf file
25PCBSD_ETCCONF="/usr/local/etc/pcbsd.conf"
26
27# Network interface to use
28NIC="$(grep ^NIC: /usr/local/etc/warden.conf | cut -d' ' -f2)"
29export NIC
30
31# Tmp directory
32WTMP="$(grep ^WTMP: /usr/local/etc/warden.conf | cut -d' ' -f2)"
33export WTMP
34
35# Default IP4 Pool of addresses
36DEFAULT_IP4POOL="$(grep ^IP4POOL: /usr/local/etc/warden.conf | cut -d' ' -f2)"
37if [ -z "$DEFAULT_IP4POOL" ] ; then
38   DEFAULT_IP4POOL="192.168.0.220"
39fi
40export DEFAULT_IP4POOL
41
42# FreeBSD release
43FREEBSD_RELEASE="$(grep ^FREEBSD_RELEASE: /usr/local/etc/warden.conf | cut -d' ' -f2)"
44if [ -z "${FREEBSD_RELEASE}" ] ; then
45  FREEBSD_RELEASE="$(uname -r)"
46fi
47export UNAME_r="${FREEBSD_RELEASE}"
48
49# Temp file for dialog responses
50ATMP="/tmp/.wans"
51export ATMP
52
53# Warden Version
54WARDENVER="1.4"
55export WARDENVER
56
57# Dirs to nullfs mount in X jail
58NULLFS_MOUNTS="/tmp /media"
59X11_MOUNTS="/usr/local/lib/X11/icons /usr/local/lib/X11/fonts /usr/local/etc/fonts"
60
61# Clone directory
62CDIR="${JDIR}/clones"
63
64downloadpluginjail() {
65  local _ver="${1}"
66
67  SYSVER=`echo "${_ver}" | sed -E 's|^FreeNAS-(([0-9]+\.){2}[0-9]+).*|\1|'`
68  SYSREL=`echo "${_ver}" | sed -E 's|^FreeNAS-([0-9]+\.){2}[0-9]+-([a-zA-Z0-9]+)-.*|\2|'`
69  SYSARCH=`echo "${_ver}" | sed -E 's#^(.*)(x86|x64)#\2#'`
70
71  SF="http://downloads.sourceforge.net/project/freenas"
72  URL="${SF}/FreeNAS-${SYSVER}/${SYSREL}/${SYSARCH}/plugins"
73
74  PJAIL="FreeNAS-${SYSVER}-${SYSREL}-${SYSARCH}.Plugins_Jail.pbi"
75  PJAILSHA256="${PJAIL}.sha256"
76
77  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
78  cd ${JDIR}
79
80  echo "Fetching jail environment. This may take a while..."
81
82  if [ ! -e "${PJAIL}" ] ; then
83     echo "Downloading ${URL}/${PJAIL} ..."
84     get_file "${URL}/${PJAIL}" "${PJAIL}" 3
85     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail."
86  fi
87
88  if [ ! -e "${PJAILSHA256}" ] ; then
89     echo "Downloading ${URL}/${PJAILSHA256} ..."
90     get_file "${URL}/${PJAILSHA256}" "${PJAILSHA256}" 3
91     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail sha256."
92  fi
93
94  [ "$(sha256 -q ${PJAIL})" != "$(cat ${PJAILSHA256})" ] &&
95    printerror "Error in download data, checksum mismatch. Please try again later."
96
97  # Get the dataset of the jails mountpoint
98  rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
99  tSubDir=`basename $WORLDCHROOT`
100  nDataSet="${rDataSet}/${tSubDir}"
101
102  echo "Creating ZFS ${nDataSet} dataset..."
103  isDirZFS "${WORLDCHROOT}" "1"
104  if [ $? -ne 0 ] ; then
105     zfs create -p ${nDataSet}
106     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
107     mkdir -p "${WORLDCHROOT}/.plugins" >/dev/null 2>&1
108  fi
109
110  pbi_add -e --no-checksig -p ${WORLDCHROOT} ${PJAIL}
111  if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
112
113  zfs snapshot ${nDataSet}@clean
114  if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
115  rm ${PJAIL}
116  rm ${PJAILSHA256}
117};
118
119### Download the chroot
120downloadchroot() {
121  local CHROOT="${1}"
122
123  # XXX If this is PCBSD, pbreg get /PC-BSD/Version
124  SYSVER="$(echo "$(uname -r)" | cut -f1 -d'-')"
125  FBSD_TARBALL="fbsd-release.txz"
126  FBSD_TARBALL_CKSUM="${FBSD_TARBALL}.md5"
127
128  # Set the mirror URL, may be overridden by setting MIRRORURL environment variable
129  if [ -z "${MIRRORURL}" ]; then
130    get_mirror
131    MIRRORURL="$VAL"
132  fi
133
134  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
135  cd ${JDIR}
136
137  echo "Fetching jail environment. This may take a while..."
138  echo "Downloading ${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL} ..."
139
140  if [ ! -e "$FBSD_TARBALL" ] ; then
141     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL}" "$FBSD_TARBALL" 3
142     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
143  fi
144
145  if [ ! -e "$FBSD_TARBALL_CKSUM" ] ; then
146     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL_CKSUM}" "$FBSD_TARBALL_CKSUM" 3
147     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
148  fi
149
150  [ "$(md5 -q ${FBSD_TARBALL})" != "$(cat ${FBSD_TARBALL_CKSUM})" ] &&
151    printerror "Error in download data, checksum mismatch. Please try again later."
152
153  # Get the dataset of the jails mountpoint
154  rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
155  tSubDir=`basename $CHROOT`
156  nDataSet="${rDataSet}/${tSubDir}"
157
158  echo "Creating ZFS ${CHROOT} dataset..."
159  isDirZFS "${CHROOT}" "1"
160  if [ $? -ne 0 ] ; then
161     zfs create -p ${nDataSet}
162     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
163  fi
164
165  tar xvpf ${FBSD_TARBALL} -C ${CHROOT} 2>/dev/null
166  if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
167
168  zfs snapshot ${nDataSet}@clean
169  if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
170  rm ${FBSD_TARBALL}
171  rm ${FBSD_TARBALL_CKSUM}
172};
173
174# Check if a directory is mounted
175isDirMounted() {
176  mount | grep -q "on $1 ("
177  return $?
178}
179
180### Mount all needed filesystems for the jail
181mountjailxfs() {
182
183  if [ ! -d "${JDIR}/${1}/" ] ; then
184     exit_err "Invalid jail directory: ${JDIR}/${1}"
185  fi
186
187  # Update the user files on the portjail
188  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
189  for file in ${ETCFILES}; do
190    rm ${JDIR}/${1}/etc/${file} >/dev/null 2>&1
191    cp /etc/${file} ${JDIR}/${1}/etc/${file}
192  done
193
194  for nullfs_mount in ${NULLFS_MOUNTS}; do
195    if [ ! -d "${JDIR}/${1}${nullfs_mount}" ] ; then
196      mkdir -p "${JDIR}/${1}${nullfs_mount}"
197    fi
198    if is_symlinked_mountpoint ${nullfs_mount}; then
199      echo "${nullfs_mount} has symlink as parent, not mounting"
200      continue
201    fi
202
203    # If this is already mounted we can skip for now
204    isDirMounted "${JDIR}/${1}${nullfs_mount}" && continue
205
206    echo "Mounting ${JDIR}/${1}${nullfs_mount}"
207    mount_nullfs ${nullfs_mount} ${JDIR}/${1}${nullfs_mount}
208  done
209
210  # Check and mount /dev
211  isDirMounted "${JDIR}/${1}/dev"
212  if [ $? -ne 0 ] ; then
213    echo "Enabling devfs"
214    mount -t devfs devfs ${JDIR}/${1}/dev
215  fi
216
217  # Add support for linprocfs for ports that need linprocfs to build/run
218  if [  ! -d "${JDIR}/${1}/compat/linux/proc" ]; then
219    mkdir -p ${JDIR}/${1}/compat/linux/proc
220  fi
221  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/proc; then
222    echo "${JDIR}/${1}/compat/linux/proc has symlink as parent, not mounting"
223    return
224  fi
225
226  # If this is already mounted we can skip for now
227  isDirMounted "${JDIR}/${1}/compat/linux/proc"
228  if [ $? -ne 0 ] ; then
229    echo "Enabling linprocfs support."
230    mount -t linprocfs linprocfs ${JDIR}/${1}/compat/linux/proc
231  fi
232
233  # Add support for linsysfs for ports that need linprocfs to build/run
234  if [  ! -d "${JDIR}/${1}/compat/linux/sys" ]; then
235    mkdir -p ${JDIR}/${1}/compat/linux/sys
236  fi
237  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/sys; then
238    echo "${JDIR}/${1}/compat/linux/sys has symlink as parent, not mounting"
239    return
240  fi
241
242  # If this is already mounted we can skip for now
243  isDirMounted "${JDIR}/${1}/compat/linux/sys"
244  if [ $? -ne 0 ] ; then
245    echo "Enabling linsysfs support."
246    mount -t linsysfs linsysfs ${JDIR}/${1}/compat/linux/sys
247  fi
248
249  # Lastly we need to mount /usr/home/* directories
250  for i in `ls -d /usr/home/*`
251  do
252    # If this is already mounted we can skip for now
253    isDirMounted "${JDIR}/${1}${i}" && continue
254    if [ ! -d "${JDIR}/${1}${i}" ] ; then mkdir -p ${JDIR}/${1}${i} ; fi
255    echo "Mounting home: ${i}"
256    mount_nullfs ${i} ${JDIR}/${1}${i}
257  done
258
259}
260
261### Umount all the jail's filesystems
262umountjailxfs() {
263  status="0"
264  # Umount all filesystems that are mounted into the portsjail
265  for mountpoint in $(mount | grep ${JDIR}/${1}/ | cut -d" " -f3); do
266    if [ "$mountpoint" = "${JDIR}/${1}/dev" ] ; then continue ; fi
267    if [ "$mountpoint" = "${JDIR}/${1}/" ] ; then continue ; fi
268    if [ "$mountpoint" = "${JDIR}/${1}" ] ; then continue ; fi
269    echo "Unmounting $mountpoint"
270    umount -f ${mountpoint}
271    if [ $? -ne 0 ] ; then status="1" ; fi
272  done
273  # Now try to umount /dev
274  umount -f ${JDIR}/${1}/dev 2>/dev/null >/dev/null
275  return $status
276}
277
278# Check if PBI scripts are loaded in jail
279checkpbiscripts() {
280  if [ -z "${1}" ] ; then return ; fi
281  if [ ! -e "${1}/usr/local/sbin/pbi_info" ] ; then
282    copypbiscripts "${1}"
283  elif [ "`ls -l /usr/local/sbin/pbi_info | awk '{print $5}'`" != "`ls -l ${1}/usr/local/sbin/pbi_info | awk '{print $5}'`" ] ; then
284    copypbiscripts "${1}"
285  fi
286}
287
288# Copy PBI scripts to jail
289copypbiscripts() {
290  if [ -z "${1}" ] ; then return ; fi
291  mkdir -p ${1}/usr/local/sbin >/dev/null 2>/dev/null
292  cp /usr/local/sbin/pbi* ${1}/usr/local/sbin/
293  chmod 755 ${1}/usr/local/sbin/pbi*
294
295  # Copy rc.d pbid script
296  mkdir -p ${1}/usr/local/etc/rc.d >/dev/null 2>/dev/null
297  cp /usr/local/etc/rc.d/pbid ${1}/usr/local/etc/rc.d/
298
299  # Copy any PBI manpages
300  for man in `find /usr/local/man | grep pbi`
301  do
302    if [ ! -d "${1}`dirname $man`" ] ; then
303      mkdir -p "${1}`dirname $man`"
304    fi
305    cp "${man}" "${1}${man}"
306  done
307}
308
309mkportjail() {
310  if [ -z "${1}" ] ; then return ; fi
311  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
312  for file in ${ETCFILES}; do
313    rm ${1}/etc/${file} >/dev/null 2>&1
314    cp /etc/${file} ${1}/etc/${file}
315  done
316 
317  # Need to symlink /home
318  chroot ${1} ln -fs /usr/home /home
319
320  # Make sure we remove our cleartmp rc.d script, causes issues
321  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
322
323  # Flag this type
324  touch ${JMETADIR}/jail-portjail
325}
326
327mkpluginjail() {
328  if [ -z "${1}" ] ; then return ; fi
329  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
330  for file in ${ETCFILES}; do
331    rm ${1}/etc/${file} >/dev/null 2>&1
332    cp /etc/${file} ${1}/etc/${file}
333  done
334 
335  # Need to symlink /home
336  chroot ${1} ln -fs /usr/home /home
337
338  # Make sure we remove our cleartmp rc.d script, causes issues
339  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
340  # Flag this type
341  touch ${JMETADIR}/jail-pluginjail
342}
343
344mkZFSSnap() {
345  isDirZFS "${1}" "1"
346  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
347  tank=`getZFSTank "$1"`
348  rp=`getZFSRelativePath "$1"`
349  zdate=`date +%Y-%m-%d-%H-%M-%S`
350  zfs snapshot $tank${rp}@$zdate
351  # Do we have a comment to set?
352  if [ -n "$2" ] ; then
353      zfs set warden:comment="$2" ${tank}${rp}@${zdate}
354  fi
355}
356
357listZFSSnap() {
358  isDirZFS "${1}" "1"
359  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
360  tank=`getZFSTank "$1"`
361  rp=`getZFSRelativePath "$1"`
362
363  echo "Snapshot                                Comment"
364  echo "-----------------------------------------------"
365  for i in `zfs list -r -t snapshot ${tank}${rp} 2>/dev/null | cut -d '@' -f 2 | awk '{print $1}'`
366  do
367     comment=`zfs get -o value warden:comment ${tank}${rp}@$i 2>/dev/null| grep -v "VALUE"`
368     lcomment=`zfs get -o value lpreserver:comment ${tank}${rp}@$i 2>/dev/null| grep -v "VALUE"`
369     if [ -z "$comment" -a -n "$lcomment" ] ; then
370       echo "$i         $lcomment"
371     else
372       echo "$i         $comment"
373     fi
374  done
375}
376
377listZFSClone() {
378  isDirZFS "${1}" "1"
379  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
380  tank=`getZFSTank "$1"`
381  cdir=`getZFSRelativePath "${CDIR}"` 
382  echo "Clone Directory: ${CDIR}"
383  echo "-----------------------------------"
384  zfs list | grep -w "^${tank}${cdir}/${2}" | awk '{print $5}' | sed "s|${CDIR}/${2}-||g"
385}
386
387rmZFSSnap() {
388  isDirZFS "${1}" "1"
389  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
390
391  # Get the dataset of the jails mountpoint
392  rDataSet=`mount | grep "on ${1} " | awk '{print $1}'`
393  zfs destroy ${rDataSet}@$2
394}
395
396revertZFSSnap() {
397  isDirZFS "${1}" "1"
398  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
399  tank=`getZFSTank "$1"`
400  rp=`getZFSRelativePath "$1"`
401
402  # Make sure this is a valid snapshot
403  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}' | grep -q ${2}
404  if [ $? -ne 0 ] ; then printerror "Invalid ZFS snapshot!" ; fi
405
406  # Check if the jail is running first
407  ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
408  if [ "$?" = "0" ]; then
409    restartJail="YES"
410    # Make sure the jail is stopped
411    ${PROGDIR}/scripts/backend/stopjail.sh "${3}"
412    ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
413    if [ "$?" = "0" ]; then
414      printerror "Could not stop jail... Halting..."
415    fi
416  fi
417
418  # Rollback the snapshot
419  zfs rollback -R -f ${tank}${rp}@$2
420
421  # If it was started, restart the jail now
422  if [ "$restartJail" = "YES" ]; then
423    ${PROGDIR}/scripts/backend/startjail.sh "${3}"
424  fi
425 
426}
427
428cloneZFSDir() {
429  isDirZFS "${1}" "1"
430  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
431
432  # Get the dataset of the jails mountpoint
433  rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
434  oSubDir=`basename $1`
435  oDataSet="${rDataSet}/${oSubDir}"
436  nSubDir=`basename $2`
437  nDataSet="${rDataSet}/${nSubDir}"
438
439  zdate=`date +%Y-%m-%d-%H-%M-%S`
440  snapName="preClone-$zdate"
441
442  # Create a temp snapshot we can clone
443  zfs snapshot ${oDataSet}@${snapName}
444  if [ $? -ne 0 ] ; then printerror "Failed creating snapshot!" ; fi
445
446  # Clone the snapshot
447  zfs clone -p ${oDataSet}@${snapName} ${nDataSet}
448  if [ $? -ne 0 ] ; then printerror "Failed cloning snapshot!" ; fi
449
450  return 0
451}
452
453set_warden_metadir()
454{
455   JMETADIR="${JDIR}/.${JAILNAME}.meta"
456   export JMETADIR
457}
458
459get_ip_and_netmask()
460{
461   JIP=`echo "${1}" | cut -f1 -d'/'`
462   JMASK=`echo "${1}" | cut -f2 -d'/' -s`
463}
464
465get_interface_addresses()
466{
467   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
468}
469
470get_interface_ipv4_addresses()
471{
472   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
473}
474
475get_interface_ipv6_addresses()
476{
477   ifconfig ${1} | grep -w inet6 | awk '{ print $2 }'
478}
479
480get_interface_address()
481{
482   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
483}
484
485get_interface_ipv4_address()
486{
487   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
488}
489
490get_interface_ipv6_address()
491{
492   ifconfig ${1} | grep -w inet6 | head -1 | awk '{ print $2 }'
493}
494
495get_interface_aliases()
496{
497   local _count
498
499   _count=`ifconfig ${1} | grep -w inet | wc -l`
500   _count="$(echo "${_count} - 1" | bc)"
501
502   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
503}
504
505get_interface_ipv4_aliases()
506{
507   local _count
508
509   _count=`ifconfig ${1} | grep -w inet | wc -l`
510   _count="$(echo "${_count} - 1" | bc)"
511
512   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
513}
514
515get_interface_ipv6_aliases()
516{
517   local _count
518
519   _count=`ifconfig ${1} | grep -w inet | wc -l`
520   _count="$(echo "${_count} - 1" | bc)"
521
522   ifconfig ${1} | grep -w inet6 | tail -${_count} | awk '{ print $2 }'
523}
524
525get_default_route()
526{
527   netstat -f inet -nr | grep '^default' | awk '{ print $2 }'
528}
529
530get_default_interface()
531{
532   netstat -f inet -nrW | grep '^default' | awk '{ print $7 }'
533}
534
535get_bridge_interfaces()
536{
537   ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:
538}
539
540get_bridge_members()
541{
542   ifconfig ${1} | grep -w member | awk '{ print $2 }'
543}
544
545get_bridge_interface_by_ipv4_network()
546{
547   local network="${1}"
548   local bridges="$(get_bridge_interfaces)"
549
550   if [ -z "${network}" ]
551   then
552      return 1
553   fi
554
555   for _bridge in ${bridges}
556   do
557      local ips="$(get_interface_ipv4_aliases "${_bridge}")"
558      for _ip in ${ips}
559      do
560         if in_ipv4_network "${_ip}" "${network}"
561         then
562            echo "${_bridge}"
563            return 0
564         fi
565      done
566   done
567
568   return 1
569}
570
571get_bridge_interface_by_ipv6_network()
572{
573   local network="${1}"
574   local bridges="$(get_bridge_interfaces)"
575
576   if [ -z "${network}" ]
577   then
578      return 1
579   fi
580
581   for _bridge in ${bridges}
582   do
583      local ips="$(get_interface_ipv6_aliases "${_bridge}")"
584      for _ip in ${ips}
585      do
586         if in_ipv6_network "${_ip}" "${network}"
587         then
588            echo "${_bridge}"
589            return 0
590         fi
591      done
592   done
593
594   return 1
595}
596
597is_bridge_member()
598{
599   local _bridge="${1}"
600   local _iface="${2}"
601
602   for _member in `get_bridge_members ${_bridge}`
603   do
604      if [ "${_member}" = "${_iface}" ] ; then
605         return 0
606      fi
607   done
608
609   return 1
610}
611
612jail_interfaces_down()
613{
614   local _jid="${1}"
615   local _bridgeif
616   local _epaira
617   local _epairb
618
619   _epairb=`jexec ${_jid} ifconfig -a | grep '^epair' | cut -f1 -d:`
620   if [ -n "${_epairb}" ] ; then
621      _epaira=`echo ${_epairb} | sed -E 's|b$|a|'`
622      _bridgeif=
623
624      for _bridge in `ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:`
625      do
626         for _member in `ifconfig ${_bridge} | grep member | awk '{ print $2 }'`
627         do
628            if [ "${_member}" = "${_epaira}" ] ; then
629               _bridgeif="${_bridge}"
630                break
631            fi
632         done
633         if [ -n "${_bridgeif}" ] ; then
634            break
635         fi
636      done
637
638      jexec ${_jid} ifconfig ${_epairb} down
639      ifconfig ${_epaira} down
640      ifconfig ${_epaira} destroy
641      _count=`ifconfig ${_bridgeif} | grep member | awk '{ print $2 }' | wc -l`
642      if [ "${_count}" -lt "1" ] ; then
643         ifconfig ${_bridgeif} destroy
644      fi
645   fi
646}
647
648enable_cron()
649{
650   cronscript="${PROGDIR}/scripts/backend/cronsnap.sh"
651   grep -q "${cronscript}" /etc/crontab
652   if [ $? -eq 0 ] ; then return 0 ; fi
653   echo "2     *        *       *       *        root    ${cronscript}" >> /etc/crontab
654   # Restart cron
655   /etc/rc.d/cron restart >/dev/null 2>/dev/null
656}
657
658fix_old_meta()
659{
660   for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
661   do
662      if [ -e "${i}/xjail" ] ; then
663         touch ${i}/jail-portjail 2>/dev/null
664      fi
665      if [ -e "${i}/linuxjail" ] ; then
666         touch ${i}/jail-linux 2>/dev/null
667      fi
668   done
669}
670
671is_ipv4()
672{
673   local addr="${1}"
674   local res=1
675
676   local ipv4="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
677   if [ "${ipv4}" = "ipv4" ]
678   then
679      res=0
680   fi
681
682   return ${res}
683}
684
685is_ipv6()
686{
687   local addr="${1}"
688   local res=1
689
690   local ipv6="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
691   if [ "${ipv6}" = "ipv6" ]
692   then
693      res=0
694   fi
695
696   return ${res}
697}
698
699in_ipv4_network()
700{
701   local addr="${1}"
702   local network="${2}"
703   local res=1
704
705   local start="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $4 }')"
706   local end="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $6 }')"
707
708   local iaddr="$(/usr/local/bin/sipcalc "${addr}"|awk '/(decimal)/ { print $5 }')"
709   local istart="$(/usr/local/bin/sipcalc "${start}"|awk '/(decimal)/ { print $5 }')"
710   local iend="$(/usr/local/bin/sipcalc "${end}"|awk '/(decimal)/ { print $5 }')"
711
712   if [ "${iaddr}" -ge "${istart}" -a "${iaddr}" -le "${iend}" ]
713   then
714      res=0
715   fi
716
717   return ${res}
718}
719
720ipv6_to_binary()
721{
722   echo ${1}|awk '{
723      split($1, octets, ":");
724      olen = length(octets);
725               
726      bnum = "";
727      for (i = 1;i <= olen;i++) {
728         tbnum = "";
729         dnum = int(sprintf("0x%s", octets[i]));
730         for (;;) {
731            rem = int(dnum % 2);
732            if (rem == 0)
733               tbnum = sprintf("0%s", tbnum);
734            else               
735               tbnum = sprintf("1%s", tbnum);
736            dnum /= 2;
737            if (dnum < 1)
738               break;
739         }
740         bnum = sprintf("%s%016s", bnum, tbnum);
741      }
742      printf("%s", bnum);
743   }'
744}
745
746in_ipv6_network()
747{
748   local addr="${1}"
749   local network="${2}"
750   local mask="$(echo "${network}"|cut -f2 -d'/' -s)"
751   local res=1
752
753   local addr="$(/usr/local/bin/sipcalc "${addr}"|awk \
754      '/^Expanded/ { print $4}')"
755   local start="$(/usr/local/bin/sipcalc "${network}"|egrep \
756      '^Network range'|awk '{ print $4 }')"
757
758   local baddr="$(ipv6_to_binary "${addr}")"
759   local bstart="$(ipv6_to_binary "${start}")"
760
761   local baddrnet="$(echo "${baddr}"|awk -v mask="${mask}" \
762      '{ s = substr($0, 1, mask); printf("%s", s); }')"
763   local bstartnet="$(echo "${bstart}"|awk -v mask="${mask}" \
764      '{ s = substr($0, 1, mask); printf("%s", s); }')"
765
766   if [ "${baddrnet}" = "${bstartnet}" ]
767   then
768      res=0
769   fi
770
771   return ${res}
772}
773
774install_pc_extractoverlay()
775{
776  if [ -z "${1}" ] ; then
777    return 1
778  fi
779
780  mkdir -p ${1}/usr/local/bin
781  mkdir -p ${1}/usr/local/share/pcbsd/conf
782  mkdir -p ${1}/usr/local/share/pcbsd/distfiles
783
784  cp /usr/local/bin/pc-extractoverlay ${1}/usr/local/bin/
785  chmod 755 ${1}/usr/local/bin/pc-extractoverlay
786
787  cp /usr/local/share/pcbsd/conf/server-excludes \
788    ${1}/usr/local/share/pcbsd/conf
789  cp /usr/local/share/pcbsd/distfiles/server-overlay.txz \
790    ${1}/usr/local/share/pcbsd/distfiles
791
792  return 0
793}
794
795make_bootstrap_pkgng_file_standard()
796{
797  local jaildir="${1}"
798  local outfile="${2}"
799
800  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
801     echo "Missing /bin/freebsd-version in jail.."
802     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
803     return 1
804  fi
805
806  # Setup the repo to use the XX.0-RELEASE pkgng branch
807  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1 |  cut -d '.' -f 1`.0-RELEASE"
808  local arch="$(uname -m)"
809
810cat<<__EOF__>"${outfile}"
811#!/bin/sh
812tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
813pkg add pkg.txz
814rm pkg.txz
815
816# Create the pkg.conf file
817echo "PKG_CACHEDIR: /usr/local/tmp
818REPOS_DIR: [
819                \"/usr/local/etc/pkg/repos\"
820           ]" > /usr/local/etc/pkg.conf
821
822# Create the repo dirs
823mkdir -p /usr/local/etc/pkg/repos 2>/dev/null
824mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/trusted 2>/dev/null
825mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/revoked 2>/dev/null
826
827# Save the repo configuration file
828echo "pcbsd-major: {
829               url: \"http://pkg.cdn.pcbsd.org/${release}/${arch}\",
830               signature_type: \"fingerprints\",
831               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
832               enabled: true
833              }" > /usr/local/etc/pkg/repos/pcbsd.conf
834
835# Create the repo.dist file
836echo "pcbsd: {
837               url: \"http://pkg.cdn.pcbsd.org/VERSION/ARCH\",
838               signature_type: \"fingerprints\",
839               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
840               enabled: true
841              }" > /usr/local/etc/pkg/repos/pcbsd.conf.dist
842
843# Save the fingerprint file
844echo "function: sha256
845fingerprint: b2b9e037f938cf20ba68aa85ac88c15889c729a7f6b70c25069774308e760a03" > /usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209
846
847pkg update -f
848pkg install -y pcbsd-utils
849pc-extractoverlay ports
850
851# Update the pkgng repo config
852pc-updatemanager syncconf
853
854exit $?
855__EOF__
856
857}
858
859make_bootstrap_pkgng_file_pluginjail()
860{
861
862  local jaildir="${1}"
863  local outfile="${2}"
864
865  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
866     echo "Missing /bin/freebsd-version in jail.."
867     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
868     return 0
869  fi
870
871  # Setup the repo to use the XX.0-RELEASE pkgng branch
872  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1 |  cut -d '.' -f 1`.0-RELEASE"
873  local arch="$(uname -m)"
874
875  get_mirror
876  local mirror="${VAL}"
877
878  cp /usr/local/share/warden/pluginjail-packages "${jaildir}/pluginjail-packages"
879
880cat<<__EOF__>"${outfile}"
881#!/bin/sh
882tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
883pkg add pkg.txz
884rm pkg.txz
885
886mount -t devfs devfs /dev
887
888# Create the pkg.conf file
889echo "PKG_CACHEDIR: /usr/local/tmp
890REPOS_DIR: [
891                \"/usr/local/etc/pkg/repos\"
892           ]" > /usr/local/etc/pkg.conf
893
894# Create the repo dirs
895mkdir -p /usr/local/etc/pkg/repos 2>/dev/null
896mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/trusted 2>/dev/null
897mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/revoked 2>/dev/null
898
899# Save the repo configuration file
900echo "pcbsd-major: {
901               url: \"http://pkg.cdn.pcbsd.org/${release}/${arch}\",
902               signature_type: \"fingerprints\",
903               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
904               enabled: true
905              }" > /usr/local/etc/pkg/repos/pcbsd.conf
906
907# Create the repo.dist file
908echo "pcbsd: {
909               url: \"http://pkg.cdn.pcbsd.org/VERSION/ARCH\",
910               signature_type: \"fingerprints\",
911               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
912               enabled: true
913              }" > /usr/local/etc/pkg/repos/pcbsd.conf.dist
914
915# Save the fingerprint file
916echo "function: sha256
917fingerprint: b2b9e037f938cf20ba68aa85ac88c15889c729a7f6b70c25069774308e760a03" > /usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209
918
919pkg update -f
920pkg install -y pcbsd-utils
921
922# Update the pkgng repo config
923pc-updatemanager syncconf
924
925__EOF__
926
927echo '
928i=0
929count=`wc -l /pluginjail-packages| awk "{ print $1 }"`
930for p in `cat /pluginjail-packages`
931do
932  pkg install -y ${p}
933  : $(( i += 1 ))
934done
935
936umount devfs
937exit $?
938' >> "${outfile}"
939}
940
941
942bootstrap_pkgng()
943{
944  local jaildir="${1}"
945  local jailtype="${2}"
946  if [ -z "${jailtype}" ] ; then
947    jailtype="standard"
948  fi
949
950  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
951     echo "Missing /bin/freebsd-version in jail.."
952     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
953     return 1
954  fi
955
956  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1 |  cut -d '.' -f 1`.0-RELEASE"
957  local arch="$(uname -m)"
958
959  local ffunc="make_bootstrap_pkgng_file_standard"
960  if [ "${jailtype}" = "pluginjail" ] ; then
961    ffunc="make_bootstrap_pkgng_file_pluginjail"
962  fi
963
964  cd ${jaildir} 
965  echo "Boot-strapping pkgng"
966
967  mkdir -p ${jaildir}/usr/local/etc
968
969
970  ${ffunc} "${jaildir}" "${jaildir}/bootstrap-pkgng"
971  chmod 755 "${jaildir}/bootstrap-pkgng"
972
973  if [ -e "pkg.txz" ] ; then rm pkg.txz ; fi
974  get_file_from_mirrors "/${release}/${arch}/Latest/pkg.txz" "pkg.txz" "pkg"
975  if [ $? -eq 0 ] ; then
976    chroot ${jaildir} /bootstrap-pkgng
977    if [ $? -eq 0 ] ; then
978      rm -f "${jaildir}/bootstrap-pkgng"
979      rm -f "${jaildir}/pluginjail-packages"
980      chroot ${jaildir} pc-extractoverlay server --sysinit
981      return 0
982    fi
983  fi
984
985  echo "Failed boot-strapping PKGNG, most likely cause is internet connection failure."
986  rm -f "${jaildir}/bootstrap-pkgng"
987  rm -f "${jaildir}/pluginjail-packages"
988  return 1
989}
990
991ipv4_configured()
992{
993   local iface="${1}"
994   local jid="${2}"
995   local jexec=
996
997   if [ -n "${jid}" ] ; then
998      jexec="jexec ${jid}"
999   fi
1000
1001   ${jexec} ifconfig "${iface}" | grep -qw inet 2>/dev/null
1002   return $?
1003}
1004
1005ipv4_address_configured()
1006{
1007   local iface="${1}"
1008   local addr="${2}"
1009   local jid="${3}"
1010   local jexec= 
1011
1012   addr="$(echo ${addr}|cut -f1 -d'/')"
1013
1014   if [ -n "${jid}" ] ; then
1015      jexec="jexec ${jid}"
1016   fi
1017
1018   ${jexec} ifconfig "${iface}" | \
1019      grep -w inet | \
1020      awk '{ print $2 }' | \
1021      grep -Ew "^${addr}" >/dev/null 2>&1
1022   return $?
1023}
1024
1025ipv6_configured()
1026{
1027   local iface="${1}"
1028   local jid="${2}"
1029   local jexec=
1030
1031   if [ -n "${jid}" ] ; then
1032      jexec="jexec ${jid}"
1033   fi
1034
1035   ${jexec} ifconfig "${iface}" | grep -qw inet6 2>/dev/null
1036   return $?
1037}
1038
1039ipv6_address_configured()
1040{
1041   local iface="${1}"
1042   local addr="${2}"
1043   local jid="${3}"
1044   local jexec= 
1045
1046   addr="$(echo ${addr}|cut -f1 -d'/')"
1047
1048   if [ -n "${jid}" ] ; then
1049      jexec="jexec ${jid}"
1050   fi
1051
1052   ${jexec} ifconfig "${iface}" | \
1053      grep -w inet6 | \
1054      awk '{ print $2 }' | \
1055      grep -Ew "^${addr}" >/dev/null 2>&1
1056   return $?
1057}
1058
1059get_ipfw_nat_instance()
1060{
1061   local iface="${1}"
1062   local res=1
1063
1064   if [ -z "${iface}" ] ; then
1065      local instance="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'|tail -1`"
1066      if [ -z "${instance}" ] ; then
1067         instance="100"
1068      else               
1069         : $(( instance += 100 )) 
1070      fi
1071      echo "${instance}"
1072      return 0
1073   fi
1074
1075   for ni in `ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'`
1076   do
1077      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1078      if [ "$?" = "0" ] ; then
1079         echo "${ni}"
1080         res=0
1081         break
1082      fi
1083   done
1084
1085   return ${res}
1086}
1087
1088get_ipfw_nat_priority()
1089{
1090   local iface="${1}"
1091   local res=1
1092
1093   if [ -z "${iface}" ] ; then
1094      local priority="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $1 }'|tail -1`"
1095      if [ -z "${priority}" ] ; then
1096         priority=2000
1097      fi
1098      printf "%05d\n" "${priority}"
1099      return 0
1100   fi
1101
1102   local IFS='
1103'
1104   for rule in `ipfw list|egrep '[0-9]+ nat'`
1105   do
1106      local priority="`echo "${rule}"|awk '{ print $1 }'`"
1107      local ni="`echo "${rule}"|awk '{ print $3 }'`"
1108
1109      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1110      if [ "$?" = "0" ] ; then
1111         echo "${priority}"
1112         res=0
1113         break
1114      fi
1115   done
1116
1117   return ${res}
1118}
1119
1120list_templates()
1121{
1122   echo "Jail Templates:"
1123   echo "------------------------------" 
1124   for i in `ls -d ${JDIR}/.warden-template* 2>/dev/null`
1125   do
1126     if [ ! -e "$i/bin/sh" ] ; then continue ; fi
1127     NICK=`echo "$i" | sed "s|${JDIR}/.warden-template-||g"`
1128     file "$i/bin/sh" 2>/dev/null | grep -q "64-bit"
1129     if [ $? -eq 0 ] ; then
1130        ARCH="amd64"
1131     else
1132        ARCH="i386"
1133     fi
1134     VER=`file "$i/bin/sh" | cut -d ',' -f 5 | awk '{print $3}'`
1135     if [ -e "$i/etc/rc.conf.pcbsd" ] ; then
1136        TYPE="TrueOS"
1137     else
1138        TYPE="FreeBSD"
1139     fi
1140     echo -e "${NICK} - $TYPE $VER ($ARCH)"
1141  done
1142  exit 0
1143}
1144
1145delete_template()
1146{
1147   tDir="${JDIR}/.warden-template-${1}"
1148   isDirZFS "${tDir}" "1"
1149   if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${tDir}" ; fi
1150
1151   # Get the dataset of the jails mountpoint
1152   rDataSet=`mount | grep "on ${tDir} " | awk '{print $1}'`
1153
1154   zfs destroy -r ${rDataSet}
1155   if [ $? -ne 0 ] ; then
1156     exit_err "Could not remove template, perhaps you have jails still using it?"
1157   fi
1158   rmdir ${tDir}
1159   echo "DONE"
1160
1161   exit 0
1162}
1163
1164get_ip_host_flags()
1165{
1166         IP4="OFF"
1167         IP6="OFF"
1168         HOST="OFF"
1169         for i in "$@"
1170         do
1171           # Check if we have a new IPv4 address for this import
1172           echo "${i}" | grep '\-\-ipv4=' >/dev/null 2>/dev/null
1173           if [ "$?" = "0" ]; then
1174              tmp="`echo ${i} | cut -d '=' -f 2`"
1175              IP4="`echo ${tmp} | cut -d '/' -f 1 -s`"
1176              MASK4="`echo ${tmp} | cut -d '/' -f 2 -s`"
1177
1178              #Sanity check on the IP
1179              if ! is_ipv4 "${IP4}" ; then
1180                 exit_err "Invalid IPv4 address: $IP4"
1181              fi
1182
1183              for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
1184              do
1185                if [ "`cat ${i}/ipv4 2>/dev/null`" = "${IP4}/${MASK4}" ] ; then
1186                  exit_err "A jail with this IPv4 address already exists!"
1187                fi
1188              done
1189           fi
1190
1191           # Check if we have a new IPv6 address for this import
1192           echo "${i}" | grep '\-\-ipv6=' >/dev/null 2>/dev/null
1193           if [ "$?" = "0" ]; then
1194              tmp="`echo ${i} | cut -d '=' -f 2`"
1195              IP6="`echo ${tmp} | cut -d '/' -f 1 -s`"
1196              MASK6="`echo ${tmp} | cut -d '/' -f 2 -s`"
1197
1198              #Sanity check on the IP
1199              if ! is_ipv6 "${IP6}" ; then
1200                 exit_err "Invalid IPv6 address!"
1201              fi
1202
1203              for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
1204              do
1205                _ipv6=`cat ${i}/ipv6 2>/dev/null | tr a-z A-Z`
1206                _nipv6="`echo ${IP6}|tr a-z A-Z`/${MASK6}"
1207
1208                if [ "${_ipv6}" = "${_nipv6}" ] ; then
1209                  exit_err "A jail with this IPv6 address already exists!"
1210                fi
1211              done
1212           fi
1213
1214           # Check if we have a new hostname for this jail
1215           echo ${i} | grep '\-\-host=' >/dev/null 2>/dev/null
1216           if [ "$?" = "0" ]; then
1217              HOST="`echo ${i} | cut -d '=' -f 2`"
1218           fi
1219
1220         done
1221
1222}
1223
1224zfs_prog_check() {
1225
1226   isDirZFS "${JDIR}"
1227   if [ $? -ne 0 ] ; then
1228      echo "WARNING: JDIR is NOT set to a ZFS managed dataset.."
1229      echo "Please change JDIR in /usr/local/etc/warden.conf to a ZFS dataset!"
1230   fi
1231
1232}
Note: See TracBrowser for help on using the repository browser.