source: src-sh/warden/scripts/backend/functions.sh @ 13a6b08

releng/10.0.1releng/10.0.2
Last change on this file since 13a6b08 was 13a6b08, checked in by Kris Moore <kris@…>, 6 months ago

Create the pcbsd.conf.dist file for pkgng repo in warden jails, this gets rid of a warning
when creating jails

  • Property mode set to 100755
File size: 28.3 KB
Line 
1#!/bin/sh
2# Functions / variables for warden
3######################################################################
4# DO NOT EDIT
5
6# Source local functions
7. /usr/local/share/pcbsd/scripts/functions.sh
8
9# Installation directory
10PROGDIR="/usr/local/share/warden"
11
12# Jail location
13JDIR="$(grep ^JDIR: /usr/local/etc/warden.conf | cut -d' ' -f2)"
14export JDIR
15
16# Set arch type
17REALARCH=`uname -m`
18export REALARCH
19if [ -z "$ARCH" ] ; then
20  ARCH="$REALARCH"
21  export ARCH
22fi
23
24# Location of pcbsd.conf file
25PCBSD_ETCCONF="/usr/local/etc/pcbsd.conf"
26
27# Network interface to use
28NIC="$(grep ^NIC: /usr/local/etc/warden.conf | cut -d' ' -f2)"
29export NIC
30
31# Tmp directory
32WTMP="$(grep ^WTMP: /usr/local/etc/warden.conf | cut -d' ' -f2)"
33export WTMP
34
35# FreeBSD release
36FREEBSD_RELEASE="$(grep ^FREEBSD_RELEASE: /usr/local/etc/warden.conf | cut -d' ' -f2)"
37if [ -z "${FREEBSD_RELEASE}" ] ; then
38  FREEBSD_RELEASE="$(uname -r)"
39fi
40export UNAME_r="${FREEBSD_RELEASE}"
41
42# Temp file for dialog responses
43ATMP="/tmp/.wans"
44export ATMP
45
46# Warden Version
47WARDENVER="1.3"
48export WARDENVER
49
50# Dirs to nullfs mount in X jail
51NULLFS_MOUNTS="/tmp /media"
52X11_MOUNTS="/usr/local/lib/X11/icons /usr/local/lib/X11/fonts /usr/local/etc/fonts"
53
54# Clone directory
55CDIR="${JDIR}/clones"
56
57downloadpluginjail() {
58  local _ver="${1}"
59
60  SYSVER=`echo "${_ver}" | sed -E 's|^FreeNAS-(([0-9]+\.){2}[0-9]+).*|\1|'`
61  SYSREL=`echo "${_ver}" | sed -E 's|^FreeNAS-([0-9]+\.){2}[0-9]+-([a-zA-Z0-9]+)-.*|\2|'`
62  SYSARCH=`echo "${_ver}" | sed -E 's#^(.*)(x86|x64)#\2#'`
63
64  SF="http://downloads.sourceforge.net/project/freenas"
65  URL="${SF}/FreeNAS-${SYSVER}/${SYSREL}/${SYSARCH}/plugins"
66
67  PJAIL="FreeNAS-${SYSVER}-${SYSREL}-${SYSARCH}.Plugins_Jail.pbi"
68  PJAILSHA256="${PJAIL}.sha256"
69
70  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
71  cd ${JDIR}
72
73  echo "Fetching jail environment. This may take a while..."
74
75  if [ ! -e "${PJAIL}" ] ; then
76     echo "Downloading ${URL}/${PJAIL} ..."
77     get_file "${URL}/${PJAIL}" "${PJAIL}" 3
78     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail."
79  fi
80
81  if [ ! -e "${PJAILSHA256}" ] ; then
82     echo "Downloading ${URL}/${PJAILSHA256} ..."
83     get_file "${URL}/${PJAILSHA256}" "${PJAILSHA256}" 3
84     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail sha256."
85  fi
86
87  [ "$(sha256 -q ${PJAIL})" != "$(cat ${PJAILSHA256})" ] &&
88    printerror "Error in download data, checksum mismatch. Please try again later."
89
90  # Creating ZFS dataset?
91  isDirZFS "${JDIR}"
92  if [ $? -eq 0 ] ; then
93    local zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
94
95    # Use ZFS base for cloning
96    echo "Creating ZFS ${WORLDCHROOT} dataset..."
97    tank=`getZFSTank "${JDIR}"`
98    isDirZFS "${WORLDCHROOT}" "1"
99    if [ $? -ne 0 ] ; then
100       zfs create -o mountpoint=/${tank}${zfsp} -p ${tank}${zfsp}
101       if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
102       mkdir -p "${WORLDCHROOT}/.plugins" >/dev/null 2>&1
103    fi
104
105    pbi_add -e --no-checksig -p ${WORLDCHROOT} ${PJAIL}
106    if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
107
108    zfs snapshot ${tank}${zfsp}@clean
109    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
110    rm ${PJAIL}
111  else
112    # Save the chroot tarball
113    mv ${PJAIL} ${WORLDCHROOT}
114  fi
115  rm ${PJAILSHA256}
116};
117
118### Download the chroot
119downloadchroot() {
120  local CHROOT="${1}"
121
122  # XXX If this is PCBSD, pbreg get /PC-BSD/Version
123  SYSVER="$(echo "$(uname -r)" | cut -f1 -d'-')"
124  FBSD_TARBALL="fbsd-release.txz"
125  FBSD_TARBALL_CKSUM="${FBSD_TARBALL}.md5"
126
127  # Set the mirror URL, may be overridden by setting MIRRORURL environment variable
128  if [ -z "${MIRRORURL}" ]; then
129    get_mirror
130    MIRRORURL="$VAL"
131  fi
132
133  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
134  cd ${JDIR}
135
136  echo "Fetching jail environment. This may take a while..."
137  echo "Downloading ${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL} ..."
138
139  if [ ! -e "$FBSD_TARBALL" ] ; then
140     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL}" "$FBSD_TARBALL" 3
141     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
142  fi
143
144  if [ ! -e "$FBSD_TARBALL_CKSUM" ] ; then
145     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL_CKSUM}" "$FBSD_TARBALL_CKSUM" 3
146     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
147  fi
148
149  [ "$(md5 -q ${FBSD_TARBALL})" != "$(cat ${FBSD_TARBALL_CKSUM})" ] &&
150    printerror "Error in download data, checksum mismatch. Please try again later."
151
152  # Creating ZFS dataset?
153  isDirZFS "${JDIR}"
154  if [ $? -eq 0 ] ; then
155    local zfsp=`getZFSRelativePath "${CHROOT}"`
156
157    # Use ZFS base for cloning
158    echo "Creating ZFS ${CHROOT} dataset..."
159    tank=`getZFSTank "${JDIR}"`
160    isDirZFS "${CHROOT}" "1"
161    if [ $? -ne 0 ] ; then
162       zfs create -o mountpoint=/${tank}${zfsp} -p ${tank}${zfsp}
163       if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
164    fi
165
166    tar xvpf ${FBSD_TARBALL} -C ${CHROOT} 2>/dev/null
167    if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
168
169    zfs snapshot ${tank}${zfsp}@clean
170    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
171    rm ${FBSD_TARBALL}
172  else
173    # Save the chroot tarball
174    mv ${FBSD_TARBALL} ${CHROOT}
175  fi
176  rm ${FBSD_TARBALL_CKSUM}
177};
178
179# Check if a directory is mounted
180isDirMounted() {
181  mount | grep -q "on $1 ("
182  return $?
183}
184
185### Mount all needed filesystems for the jail
186mountjailxfs() {
187
188  if [ ! -d "${JDIR}/${1}/" ] ; then
189     exit_err "Invalid jail directory: ${JDIR}/${1}"
190  fi
191
192  # Update the user files on the portjail
193  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
194  for file in ${ETCFILES}; do
195    rm ${JDIR}/${1}/etc/${file} >/dev/null 2>&1
196    cp /etc/${file} ${JDIR}/${1}/etc/${file}
197  done
198
199  for nullfs_mount in ${NULLFS_MOUNTS}; do
200    if [ ! -d "${JDIR}/${1}${nullfs_mount}" ] ; then
201      mkdir -p "${JDIR}/${1}${nullfs_mount}"
202    fi
203    if is_symlinked_mountpoint ${nullfs_mount}; then
204      echo "${nullfs_mount} has symlink as parent, not mounting"
205      continue
206    fi
207
208    # If this is already mounted we can skip for now
209    isDirMounted "${JDIR}/${1}${nullfs_mount}" && continue
210
211    echo "Mounting ${JDIR}/${1}${nullfs_mount}"
212    mount_nullfs ${nullfs_mount} ${JDIR}/${1}${nullfs_mount}
213  done
214
215  # Check and mount /dev
216  isDirMounted "${JDIR}/${1}/dev"
217  if [ $? -ne 0 ] ; then
218    echo "Enabling devfs"
219    mount -t devfs devfs ${JDIR}/${1}/dev
220  fi
221
222  # Add support for linprocfs for ports that need linprocfs to build/run
223  if [  ! -d "${JDIR}/${1}/compat/linux/proc" ]; then
224    mkdir -p ${JDIR}/${1}/compat/linux/proc
225  fi
226  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/proc; then
227    echo "${JDIR}/${1}/compat/linux/proc has symlink as parent, not mounting"
228    return
229  fi
230
231  # If this is already mounted we can skip for now
232  isDirMounted "${JDIR}/${1}/compat/linux/proc"
233  if [ $? -ne 0 ] ; then
234    echo "Enabling linprocfs support."
235    mount -t linprocfs linprocfs ${JDIR}/${1}/compat/linux/proc
236  fi
237
238  # Add support for linsysfs for ports that need linprocfs to build/run
239  if [  ! -d "${JDIR}/${1}/compat/linux/sys" ]; then
240    mkdir -p ${JDIR}/${1}/compat/linux/sys
241  fi
242  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/sys; then
243    echo "${JDIR}/${1}/compat/linux/sys has symlink as parent, not mounting"
244    return
245  fi
246
247  # If this is already mounted we can skip for now
248  isDirMounted "${JDIR}/${1}/compat/linux/sys"
249  if [ $? -ne 0 ] ; then
250    echo "Enabling linsysfs support."
251    mount -t linsysfs linsysfs ${JDIR}/${1}/compat/linux/sys
252  fi
253
254  # Lastly we need to mount /usr/home/* directories
255  for i in `ls -d /usr/home/*`
256  do
257    # If this is already mounted we can skip for now
258    isDirMounted "${JDIR}/${1}${i}" && continue
259    if [ ! -d "${JDIR}/${1}${i}" ] ; then mkdir -p ${JDIR}/${1}${i} ; fi
260    echo "Mounting home: ${i}"
261    mount_nullfs ${i} ${JDIR}/${1}${i}
262  done
263
264}
265
266### Umount all the jail's filesystems
267umountjailxfs() {
268  status="0"
269  # Umount all filesystems that are mounted into the portsjail
270  for mountpoint in $(mount | grep ${JDIR}/${1}/ | cut -d" " -f3); do
271    if [ "$mountpoint" = "${JDIR}/${1}/dev" ] ; then continue ; fi
272    if [ "$mountpoint" = "${JDIR}/${1}/" ] ; then continue ; fi
273    if [ "$mountpoint" = "${JDIR}/${1}" ] ; then continue ; fi
274    echo "Unmounting $mountpoint"
275    umount -f ${mountpoint}
276    if [ $? -ne 0 ] ; then status="1" ; fi
277  done
278  # Now try to umount /dev
279  umount -f ${JDIR}/${1}/dev 2>/dev/null >/dev/null
280  return $status
281}
282
283# Check if PBI scripts are loaded in jail
284checkpbiscripts() {
285  if [ -z "${1}" ] ; then return ; fi
286  if [ ! -e "${1}/usr/local/sbin/pbi_info" ] ; then
287    copypbiscripts "${1}"
288  elif [ "`ls -l /usr/local/sbin/pbi_info | awk '{print $5}'`" != "`ls -l ${1}/usr/local/sbin/pbi_info | awk '{print $5}'`" ] ; then
289    copypbiscripts "${1}"
290  fi
291}
292
293# Copy PBI scripts to jail
294copypbiscripts() {
295  if [ -z "${1}" ] ; then return ; fi
296  mkdir -p ${1}/usr/local/sbin >/dev/null 2>/dev/null
297  cp /usr/local/sbin/pbi* ${1}/usr/local/sbin/
298  chmod 755 ${1}/usr/local/sbin/pbi*
299
300  # Copy rc.d pbid script
301  mkdir -p ${1}/usr/local/etc/rc.d >/dev/null 2>/dev/null
302  cp /usr/local/etc/rc.d/pbid ${1}/usr/local/etc/rc.d/
303
304  # Copy any PBI manpages
305  for man in `find /usr/local/man | grep pbi`
306  do
307    if [ ! -d "${1}`dirname $man`" ] ; then
308      mkdir -p "${1}`dirname $man`"
309    fi
310    cp "${man}" "${1}${man}"
311  done
312}
313
314mkportjail() {
315  if [ -z "${1}" ] ; then return ; fi
316  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
317  for file in ${ETCFILES}; do
318    rm ${1}/etc/${file} >/dev/null 2>&1
319    cp /etc/${file} ${1}/etc/${file}
320  done
321 
322  # Need to symlink /home
323  chroot ${1} ln -fs /usr/home /home
324
325  # Make sure we remove our cleartmp rc.d script, causes issues
326  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
327
328  # Flag this type
329  touch ${JMETADIR}/jail-portjail
330}
331
332mkpluginjail() {
333  if [ -z "${1}" ] ; then return ; fi
334  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
335  for file in ${ETCFILES}; do
336    rm ${1}/etc/${file} >/dev/null 2>&1
337    cp /etc/${file} ${1}/etc/${file}
338  done
339 
340  # Need to symlink /home
341  chroot ${1} ln -fs /usr/home /home
342
343  # Make sure we remove our cleartmp rc.d script, causes issues
344  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
345  # Flag this type
346  touch ${JMETADIR}/jail-pluginjail
347}
348
349mkZFSSnap() {
350  isDirZFS "${1}" "1"
351  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
352  tank=`getZFSTank "$1"`
353  rp=`getZFSRelativePath "$1"`
354  zdate=`date +%Y-%m-%d-%H-%M-%S`
355  zfs snapshot $tank${rp}@$zdate
356}
357
358listZFSSnap() {
359  isDirZFS "${1}" "1"
360  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
361  tank=`getZFSTank "$1"`
362  rp=`getZFSRelativePath "$1"`
363  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}'
364}
365
366listZFSClone() {
367  isDirZFS "${1}" "1"
368  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
369  tank=`getZFSTank "$1"`
370  cdir=`getZFSRelativePath "${CDIR}"` 
371  echo "Clone Directory: ${CDIR}"
372  echo "-----------------------------------"
373  zfs list | grep -w "^${tank}${cdir}/${2}" | awk '{print $5}' | sed "s|${CDIR}/${2}-||g"
374}
375
376rmZFSClone() {
377  CLONEDIR="${CDIR}/${3}-${2}"
378  isDirZFS "${CLONEDIR}" "1"
379  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${CLONEDIR}" ; fi
380  tank=`getZFSTank "${CLONEDIR}"`
381  rp=`getZFSRelativePath "${CLONEDIR}"`
382  zfs destroy ${tank}${rp}
383}
384
385rmZFSSnap() {
386  isDirZFS "${1}" "1"
387  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
388  tank=`getZFSTank "$1"`
389  rp=`getZFSRelativePath "$1"`
390  zfs destroy $tank${rp}@$2
391}
392
393revertZFSSnap() {
394  isDirZFS "${1}" "1"
395  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
396  tank=`getZFSTank "$1"`
397  rp=`getZFSRelativePath "$1"`
398
399  # Make sure this is a valid snapshot
400  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}' | grep -q ${2}
401  if [ $? -ne 0 ] ; then printerror "Invalid ZFS snapshot!" ; fi
402
403  # Check if the jail is running first
404  ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
405  if [ "$?" = "0" ]; then
406    restartJail="YES"
407    # Make sure the jail is stopped
408    ${PROGDIR}/scripts/backend/stopjail.sh "${3}"
409    ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
410    if [ "$?" = "0" ]; then
411      printerror "Could not stop jail... Halting..."
412    fi
413  fi
414
415  # Rollback the snapshot
416  zfs rollback -R -f ${tank}${rp}@$2
417
418  # If it was started, restart the jail now
419  if [ "$restartJail" = "YES" ]; then
420    ${PROGDIR}/scripts/backend/startjail.sh "${3}"
421  fi
422 
423}
424
425cloneZFSSnap() {
426  isDirZFS "${1}" "1"
427  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
428  tank=`getZFSTank "$1"`
429  rp=`getZFSRelativePath "$1"`
430  cdir=`getZFSRelativePath "${CDIR}"`
431
432  # Make sure this is a valid snapshot
433  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}' | grep -q ${2}
434  if [ $? -ne 0 ] ; then printerror "Invalid ZFS snapshot!" ; fi
435
436  if [ -d "${CDIR}/${3}-${2}" ] ; then
437     printerror "This snapshot is already cloned and mounted at: ${CDIR}/${3}-${2}"
438  fi
439
440  # Clone the snapshot
441  zfs clone -p ${tank}${rp}@$2 ${tank}${cdir}/${3}-${2}
442
443  echo "Snapshot cloned and mounted to: ${CDIR}/${3}-${2}"
444}
445
446set_warden_metadir()
447{
448   JMETADIR="${JDIR}/.${JAILNAME}.meta"
449   export JMETADIR
450}
451
452get_ip_and_netmask()
453{
454   JIP=`echo "${1}" | cut -f1 -d'/'`
455   JMASK=`echo "${1}" | cut -f2 -d'/' -s`
456}
457
458get_interface_addresses()
459{
460   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
461}
462
463get_interface_ipv4_addresses()
464{
465   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
466}
467
468get_interface_ipv6_addresses()
469{
470   ifconfig ${1} | grep -w inet6 | awk '{ print $2 }'
471}
472
473get_interface_address()
474{
475   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
476}
477
478get_interface_ipv4_address()
479{
480   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
481}
482
483get_interface_ipv6_address()
484{
485   ifconfig ${1} | grep -w inet6 | head -1 | awk '{ print $2 }'
486}
487
488get_interface_aliases()
489{
490   local _count
491
492   _count=`ifconfig ${1} | grep -w inet | wc -l`
493   _count="$(echo "${_count} - 1" | bc)"
494
495   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
496}
497
498get_interface_ipv4_aliases()
499{
500   local _count
501
502   _count=`ifconfig ${1} | grep -w inet | wc -l`
503   _count="$(echo "${_count} - 1" | bc)"
504
505   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
506}
507
508get_interface_ipv6_aliases()
509{
510   local _count
511
512   _count=`ifconfig ${1} | grep -w inet | wc -l`
513   _count="$(echo "${_count} - 1" | bc)"
514
515   ifconfig ${1} | grep -w inet6 | tail -${_count} | awk '{ print $2 }'
516}
517
518get_default_route()
519{
520   netstat -f inet -nr | grep '^default' | awk '{ print $2 }'
521}
522
523get_default_interface()
524{
525   netstat -f inet -nrW | grep '^default' | awk '{ print $7 }'
526}
527
528get_bridge_interfaces()
529{
530   ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:
531}
532
533get_bridge_members()
534{
535   ifconfig ${1} | grep -w member | awk '{ print $2 }'
536}
537
538get_bridge_interface_by_ipv4_network()
539{
540   local network="${1}"
541   local bridges="$(get_bridge_interfaces)"
542
543   if [ -z "${network}" ]
544   then
545      return 1
546   fi
547
548   for _bridge in ${bridges}
549   do
550      local ips="$(get_interface_ipv4_aliases "${_bridge}")"
551      for _ip in ${ips}
552      do
553         if in_ipv4_network "${_ip}" "${network}"
554         then
555            echo "${_bridge}"
556            return 0
557         fi
558      done
559   done
560
561   return 1
562}
563
564get_bridge_interface_by_ipv6_network()
565{
566   local network="${1}"
567   local bridges="$(get_bridge_interfaces)"
568
569   if [ -z "${network}" ]
570   then
571      return 1
572   fi
573
574   for _bridge in ${bridges}
575   do
576      local ips="$(get_interface_ipv6_aliases "${_bridge}")"
577      for _ip in ${ips}
578      do
579         if in_ipv6_network "${_ip}" "${network}"
580         then
581            echo "${_bridge}"
582            return 0
583         fi
584      done
585   done
586
587   return 1
588}
589
590is_bridge_member()
591{
592   local _bridge="${1}"
593   local _iface="${2}"
594
595   for _member in `get_bridge_members ${_bridge}`
596   do
597      if [ "${_member}" = "${_iface}" ] ; then
598         return 0
599      fi
600   done
601
602   return 1
603}
604
605jail_interfaces_down()
606{
607   local _jid="${1}"
608   local _bridgeif
609   local _epaira
610   local _epairb
611
612   _epairb=`jexec ${_jid} ifconfig -a | grep '^epair' | cut -f1 -d:`
613   if [ -n "${_epairb}" ] ; then
614      _epaira=`echo ${_epairb} | sed -E 's|b$|a|'`
615      _bridgeif=
616
617      for _bridge in `ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:`
618      do
619         for _member in `ifconfig ${_bridge} | grep member | awk '{ print $2 }'`
620         do
621            if [ "${_member}" = "${_epaira}" ] ; then
622               _bridgeif="${_bridge}"
623                break
624            fi
625         done
626         if [ -n "${_bridgeif}" ] ; then
627            break
628         fi
629      done
630
631      jexec ${_jid} ifconfig ${_epairb} down
632      ifconfig ${_epaira} down
633      ifconfig ${_epaira} destroy
634      _count=`ifconfig ${_bridgeif} | grep member | awk '{ print $2 }' | wc -l`
635      if [ "${_count}" -le "1" ] ; then
636         ifconfig ${_bridgeif} destroy
637      fi
638   fi
639}
640
641enable_cron()
642{
643   cronscript="${PROGDIR}/scripts/backend/cronsnap.sh"
644   grep -q "${cronscript}" /etc/crontab
645   if [ $? -eq 0 ] ; then return 0 ; fi
646   echo "2     *        *       *       *        root    ${cronscript}" >> /etc/crontab
647   # Restart cron
648   /etc/rc.d/cron restart >/dev/null 2>/dev/null
649}
650
651fix_old_meta()
652{
653   for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
654   do
655      if [ -e "${i}/xjail" ] ; then
656         touch ${i}/jail-portjail 2>/dev/null
657      fi
658      if [ -e "${i}/linuxjail" ] ; then
659         touch ${i}/jail-linux 2>/dev/null
660      fi
661   done
662}
663
664is_ipv4()
665{
666   local addr="${1}"
667   local res=1
668
669   local ipv4="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
670   if [ "${ipv4}" = "ipv4" ]
671   then
672      res=0
673   fi
674
675   return ${res}
676}
677
678is_ipv6()
679{
680   local addr="${1}"
681   local res=1
682
683   local ipv6="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
684   if [ "${ipv6}" = "ipv6" ]
685   then
686      res=0
687   fi
688
689   return ${res}
690}
691
692in_ipv4_network()
693{
694   local addr="${1}"
695   local network="${2}"
696   local res=1
697
698   local start="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $4 }')"
699   local end="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $6 }')"
700
701   local iaddr="$(/usr/local/bin/sipcalc "${addr}"|awk '/(decimal)/ { print $5 }')"
702   local istart="$(/usr/local/bin/sipcalc "${start}"|awk '/(decimal)/ { print $5 }')"
703   local iend="$(/usr/local/bin/sipcalc "${end}"|awk '/(decimal)/ { print $5 }')"
704
705   if [ "${iaddr}" -ge "${istart}" -a "${iaddr}" -le "${iend}" ]
706   then
707      res=0
708   fi
709
710   return ${res}
711}
712
713ipv6_to_binary()
714{
715   echo ${1}|awk '{
716      split($1, octets, ":");
717      olen = length(octets);
718               
719      bnum = "";
720      for (i = 1;i <= olen;i++) {
721         tbnum = "";
722         dnum = int(sprintf("0x%s", octets[i]));
723         for (;;) {
724            rem = int(dnum % 2);
725            if (rem == 0)
726               tbnum = sprintf("0%s", tbnum);
727            else               
728               tbnum = sprintf("1%s", tbnum);
729            dnum /= 2;
730            if (dnum < 1)
731               break;
732         }
733         bnum = sprintf("%s%016s", bnum, tbnum);
734      }
735      printf("%s", bnum);
736   }'
737}
738
739in_ipv6_network()
740{
741   local addr="${1}"
742   local network="${2}"
743   local mask="$(echo "${network}"|cut -f2 -d'/' -s)"
744   local res=1
745
746   local addr="$(/usr/local/bin/sipcalc "${addr}"|awk \
747      '/^Expanded/ { print $4}')"
748   local start="$(/usr/local/bin/sipcalc "${network}"|egrep \
749      '^Network range'|awk '{ print $4 }')"
750
751   local baddr="$(ipv6_to_binary "${addr}")"
752   local bstart="$(ipv6_to_binary "${start}")"
753
754   local baddrnet="$(echo "${baddr}"|awk -v mask="${mask}" \
755      '{ s = substr($0, 1, mask); printf("%s", s); }')"
756   local bstartnet="$(echo "${bstart}"|awk -v mask="${mask}" \
757      '{ s = substr($0, 1, mask); printf("%s", s); }')"
758
759   if [ "${baddrnet}" = "${bstartnet}" ]
760   then
761      res=0
762   fi
763
764   return ${res}
765}
766
767install_pc_extractoverlay()
768{
769  if [ -z "${1}" ] ; then
770    return 1
771  fi
772
773  mkdir -p ${1}/usr/local/bin
774  mkdir -p ${1}/usr/local/share/pcbsd/conf
775  mkdir -p ${1}/usr/local/share/pcbsd/distfiles
776
777  cp /usr/local/bin/pc-extractoverlay ${1}/usr/local/bin/
778  chmod 755 ${1}/usr/local/bin/pc-extractoverlay
779
780  cp /usr/local/share/pcbsd/conf/server-excludes \
781    ${1}/usr/local/share/pcbsd/conf
782  cp /usr/local/share/pcbsd/distfiles/server-overlay.txz \
783    ${1}/usr/local/share/pcbsd/distfiles
784
785  return 0
786}
787
788make_bootstrap_pkgng_file_standard()
789{
790  local jaildir="${1}"
791  local outfile="${2}"
792
793  local release="$(uname -r | cut -d '-' -f 1-2)"
794  local arch="$(uname -m)"
795
796cat<<__EOF__>"${outfile}"
797#!/bin/sh
798tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
799pkg add pkg.txz
800rm pkg.txz
801
802# Create the pkg.conf file
803echo "PKG_CACHEDIR: /usr/local/tmp
804repos_dir: [
805                \"/usr/local/etc/pkg/repos\"
806           ]" > /usr/local/etc/pkg.conf
807
808# Create the repo dirs
809mkdir -p /usr/local/etc/pkg/repos 2>/dev/null
810mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/trusted 2>/dev/null
811mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/revoked 2>/dev/null
812
813# Save the repo configuration file
814echo "pcbsd: {
815               url: \"http://pkg.cdn.pcbsd.org/${release}/${arch}\",
816               signature_type: \"fingerprints\",
817               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
818               enabled: true
819              }" > /usr/local/etc/pkg/repos/pcbsd.conf
820
821# Save the fingerprint file
822echo "function: sha256
823fingerprint: b2b9e037f938cf20ba68aa85ac88c15889c729a7f6b70c25069774308e760a03" > /usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209
824
825pkg update
826pkg install -y pcbsd-utils
827pc-extractoverlay ports
828
829exit $?
830__EOF__
831
832}
833
834make_bootstrap_pkgng_file_pluginjail()
835{
836
837  local jaildir="${1}"
838  local outfile="${2}"
839
840  local release="$(uname -r | cut -d '-' -f 1-2)"
841  local arch="$(uname -m)"
842
843  get_mirror
844  local mirror="${VAL}"
845
846  cp /usr/local/share/warden/pluginjail-packages "${jaildir}/pluginjail-packages"
847
848cat<<__EOF__>"${outfile}"
849#!/bin/sh
850tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
851pkg add pkg.txz
852rm pkg.txz
853
854mount -t devfs devfs /dev
855
856# Create the pkg.conf file
857echo "PKG_CACHEDIR: /usr/local/tmp
858repos_dir: [
859                \"/usr/local/etc/pkg/repos\"
860           ]" > /usr/local/etc/pkg.conf
861
862# Create the repo dirs
863mkdir -p /usr/local/etc/pkg/repos 2>/dev/null
864mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/trusted 2>/dev/null
865mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/revoked 2>/dev/null
866
867# Save the repo configuration file
868echo "pcbsd: {
869               url: \"http://pkg.cdn.pcbsd.org/${release}/${arch}\",
870               signature_type: \"fingerprints\",
871               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
872               enabled: true
873              }" > /usr/local/etc/pkg/repos/pcbsd.conf
874
875# Create the repo.dist file
876echo "pcbsd: {
877               url: \"http://pkg.cdn.pcbsd.org/VERSION/ARCH\",
878               signature_type: \"fingerprints\",
879               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
880               enabled: true
881              }" > /usr/local/etc/pkg/repos/pcbsd.conf.dist
882
883# Save the fingerprint file
884echo "function: sha256
885fingerprint: b2b9e037f938cf20ba68aa85ac88c15889c729a7f6b70c25069774308e760a03" > /usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209
886
887pkg update
888pkg install -y pcbsd-utils
889__EOF__
890
891echo '
892i=0
893count=`wc -l /pluginjail-packages| awk "{ print $1 }"`
894for p in `cat /pluginjail-packages`
895do
896  pkg install -y ${p}
897  : $(( i += 1 ))
898done
899
900umount devfs
901exit $?
902' >> "${outfile}"
903}
904
905
906bootstrap_pkgng()
907{
908  local jaildir="${1}"
909  local jailtype="${2}"
910  if [ -z "${jailtype}" ] ; then
911    jailtype="standard"
912  fi
913  local release="$(uname -r | cut -d '-' -f 1-2)"
914  local arch="$(uname -m)"
915
916  local ffunc="make_bootstrap_pkgng_file_standard"
917  if [ "${jailtype}" = "pluginjail" ] ; then
918    ffunc="make_bootstrap_pkgng_file_pluginjail"
919  fi
920
921  cd ${jaildir} 
922  echo "Boot-strapping pkgng"
923
924  mkdir -p ${jaildir}/usr/local/etc
925  pubcert="/usr/local/etc/pkg-pubkey.cert"
926
927  cp "${pubcert}" ${jaildir}/usr/local/etc
928  install_pc_extractoverlay "${jaildir}"
929
930  ${ffunc} "${jaildir}" "${jaildir}/bootstrap-pkgng"
931  chmod 755 "${jaildir}/bootstrap-pkgng"
932
933  if [ -e "pkg.txz" ] ; then rm pkg.txz ; fi
934  get_file_from_mirrors "/${release}/${arch}/Latest/pkg.txz" "pkg.txz" "pkg"
935  if [ $? -eq 0 ] ; then
936    chroot ${jaildir} /bootstrap-pkgng
937    if [ $? -eq 0 ] ; then
938      rm -f "${jaildir}/bootstrap-pkgng"
939      rm -f "${jaildir}/pluginjail-packages"
940      chroot ${jaildir} pc-extractoverlay server --sysinit
941      return 0
942    fi
943  fi
944
945  echo "Failed boot-strapping PKGNG, most likely cause is internet connection failure."
946  rm -f "${jaildir}/bootstrap-pkgng"
947  rm -f "${jaildir}/pluginjail-packages"
948  return 1
949}
950
951ipv4_configured()
952{
953   local iface="${1}"
954   local jid="${2}"
955   local jexec=
956
957   if [ -n "${jid}" ] ; then
958      jexec="jexec ${jid}"
959   fi
960
961   ${jexec} ifconfig "${iface}" | grep -qw inet 2>/dev/null
962   return $?
963}
964
965ipv4_address_configured()
966{
967   local iface="${1}"
968   local addr="${2}"
969   local jid="${3}"
970   local jexec= 
971
972   addr="$(echo ${addr}|cut -f1 -d'/')"
973
974   if [ -n "${jid}" ] ; then
975      jexec="jexec ${jid}"
976   fi
977
978   ${jexec} ifconfig "${iface}" | \
979      grep -w inet | \
980      awk '{ print $2 }' | \
981      grep -Ew "^${addr}" >/dev/null 2>&1
982   return $?
983}
984
985ipv6_configured()
986{
987   local iface="${1}"
988   local jid="${2}"
989   local jexec=
990
991   if [ -n "${jid}" ] ; then
992      jexec="jexec ${jid}"
993   fi
994
995   ${jexec} ifconfig "${iface}" | grep -qw inet6 2>/dev/null
996   return $?
997}
998
999ipv6_address_configured()
1000{
1001   local iface="${1}"
1002   local addr="${2}"
1003   local jid="${3}"
1004   local jexec= 
1005
1006   addr="$(echo ${addr}|cut -f1 -d'/')"
1007
1008   if [ -n "${jid}" ] ; then
1009      jexec="jexec ${jid}"
1010   fi
1011
1012   ${jexec} ifconfig "${iface}" | \
1013      grep -w inet6 | \
1014      awk '{ print $2 }' | \
1015      grep -Ew "^${addr}" >/dev/null 2>&1
1016   return $?
1017}
1018
1019get_ipfw_nat_instance()
1020{
1021   local iface="${1}"
1022   local res=1
1023
1024   if [ -z "${iface}" ] ; then
1025      local instance="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'|tail -1`"
1026      if [ -z "${instance}" ] ; then
1027         instance="100"
1028      else               
1029         : $(( instance += 100 )) 
1030      fi
1031      echo "${instance}"
1032      return 0
1033   fi
1034
1035   for ni in `ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'`
1036   do
1037      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1038      if [ "$?" = "0" ] ; then
1039         echo "${ni}"
1040         res=0
1041         break
1042      fi
1043   done
1044
1045   return ${res}
1046}
1047
1048get_ipfw_nat_priority()
1049{
1050   local iface="${1}"
1051   local res=1
1052
1053   if [ -z "${iface}" ] ; then
1054      local priority="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $1 }'|tail -1`"
1055      if [ -z "${priority}" ] ; then
1056         priority=2000
1057      fi
1058      printf "%05d\n" "${priority}"
1059      return 0
1060   fi
1061
1062   local IFS='
1063'
1064   for rule in `ipfw list|egrep '[0-9]+ nat'`
1065   do
1066      local priority="`echo "${rule}"|awk '{ print $1 }'`"
1067      local ni="`echo "${rule}"|awk '{ print $3 }'`"
1068
1069      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1070      if [ "$?" = "0" ] ; then
1071         echo "${priority}"
1072         res=0
1073         break
1074      fi
1075   done
1076
1077   return ${res}
1078}
1079
1080list_templates()
1081{
1082   echo "Jail Templates:"
1083   echo "------------------------------" 
1084   isDirZFS "${JDIR}"
1085   if [ $? -eq 0 ] ; then
1086     for i in `ls -d ${JDIR}/.warden-template* 2>/dev/null`
1087     do
1088        if [ ! -e "$i/bin/sh" ] ; then continue ; fi
1089        NICK=`echo "$i" | sed "s|${JDIR}/.warden-template-||g"`
1090        file "$i/bin/sh" 2>/dev/null | grep -q "64-bit"
1091        if [ $? -eq 0 ] ; then
1092           ARCH="amd64"
1093        else
1094           ARCH="i386"
1095        fi
1096        VER=`file "$i/bin/sh" | cut -d ',' -f 5 | awk '{print $3}'`
1097        if [ -e "$i/etc/rc.conf.pcbsd" ] ; then
1098           TYPE="TrueOS"
1099        else
1100           TYPE="FreeBSD"
1101        fi
1102        echo -e "${NICK} - $TYPE $VER ($ARCH)"
1103     done
1104   else
1105     # UFS, no details for U!
1106     ls ${JDIR}/.warden-template*.tbz | sed "s|${JDIR}/.warden-template-||g" | sed "s|.tbz||g"
1107   fi
1108   exit 0
1109}
1110
1111delete_template()
1112{
1113   tDir="${JDIR}/.warden-template-${1}"
1114   isDirZFS "${JDIR}"
1115   if [ $? -eq 0 ] ; then
1116     isDirZFS "${tDir}" "1"
1117     if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${tDir}" ; fi
1118     tank=`getZFSTank "$tDir"`
1119     rp=`getZFSRelativePath "$tDir"`
1120     zfs destroy -r $tank${rp} 
1121     if [ $? -ne 0 ] ; then
1122       exit_err "Could not remove template, perhaps you have jails still using it?"
1123     fi
1124     rmdir ${tDir}
1125   else
1126     if [ ! -e "${tDir}.tbz" ] ; then
1127       exit_err "No such template: ${1}"
1128     fi
1129     rm ${tDir}.tbz
1130   fi
1131   echo "DONE"
1132
1133   exit 0
1134}
Note: See TracBrowser for help on using the repository browser.