source: src-sh/warden/scripts/backend/functions.sh @ 29f8f9d

9.2-releasereleng/10.0releng/10.0.1releng/10.0.2releng/10.0.3releng/10.1
Last change on this file since 29f8f9d was 29f8f9d, checked in by Kris Moore <kris@…>, 15 months ago

Fix a typo

  • Property mode set to 100755
File size: 28.0 KB
Line 
1#!/bin/sh
2# Functions / variables for warden
3######################################################################
4# DO NOT EDIT
5
6# Source local functions
7. /usr/local/share/pcbsd/scripts/functions.sh
8
9# Installation directory
10PROGDIR="/usr/local/share/warden"
11
12# Jail location
13JDIR="$(grep ^JDIR: /usr/local/etc/warden.conf | cut -d' ' -f2)"
14export JDIR
15
16# Set arch type
17REALARCH=`uname -m`
18export REALARCH
19if [ -z "$ARCH" ] ; then
20  ARCH="$REALARCH"
21  export ARCH
22fi
23
24# Location of pcbsd.conf file
25PCBSD_ETCCONF="/usr/local/etc/pcbsd.conf"
26
27# Network interface to use
28NIC="$(grep ^NIC: /usr/local/etc/warden.conf | cut -d' ' -f2)"
29export NIC
30
31# Tmp directory
32WTMP="$(grep ^WTMP: /usr/local/etc/warden.conf | cut -d' ' -f2)"
33export WTMP
34
35# FreeBSD release
36FREEBSD_RELEASE="$(grep ^FREEBSD_RELEASE: /usr/local/etc/warden.conf | cut -d' ' -f2)"
37if [ -z "${FREEBSD_RELEASE}" ] ; then
38  FREEBSD_RELEASE="$(uname -r)"
39fi
40export UNAME_r="${FREEBSD_RELEASE}"
41
42# Temp file for dialog responses
43ATMP="/tmp/.wans"
44export ATMP
45
46# Warden Version
47WARDENVER="1.3"
48export WARDENVER
49
50# Dirs to nullfs mount in X jail / pbibox
51NULLFS_MOUNTS="/tmp /media"
52X11_MOUNTS="/usr/local/lib/X11/icons /usr/local/lib/X11/fonts /usr/local/etc/fonts"
53
54# Clone directory
55CDIR="${JDIR}/clones"
56
57downloadpluginjail() {
58  local _ver="${1}"
59
60  SYSVER=`echo "${_ver}" | sed -E 's|^FreeNAS-(([0-9]+\.){2}[0-9]+).*|\1|'`
61  SYSREL=`echo "${_ver}" | sed -E 's|^FreeNAS-([0-9]+\.){2}[0-9]+-([a-zA-Z0-9]+)-.*|\2|'`
62  SYSARCH=`echo "${_ver}" | sed -E 's#^(.*)(x86|x64)#\2#'`
63
64  SF="http://downloads.sourceforge.net/project/freenas"
65  URL="${SF}/FreeNAS-${SYSVER}/${SYSREL}/${SYSARCH}/plugins"
66
67  PJAIL="FreeNAS-${SYSVER}-${SYSREL}-${SYSARCH}.Plugins_Jail.pbi"
68  PJAILSHA256="${PJAIL}.sha256"
69
70  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
71  cd ${JDIR}
72
73  echo "Fetching jail environment. This may take a while..."
74
75  if [ ! -e "${PJAIL}" ] ; then
76     echo "Downloading ${URL}/${PJAIL} ..."
77     get_file "${URL}/${PJAIL}" "${PJAIL}" 3
78     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail."
79  fi
80
81  if [ ! -e "${PJAILSHA256}" ] ; then
82     echo "Downloading ${URL}/${PJAILSHA256} ..."
83     get_file "${URL}/${PJAILSHA256}" "${PJAILSHA256}" 3
84     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail sha256."
85  fi
86
87  [ "$(sha256 -q ${PJAIL})" != "$(cat ${PJAILSHA256})" ] &&
88    printerror "Error in download data, checksum mismatch. Please try again later."
89
90  # Creating ZFS dataset?
91  isDirZFS "${JDIR}"
92  if [ $? -eq 0 ] ; then
93    local zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
94
95    # Use ZFS base for cloning
96    echo "Creating ZFS ${WORLDCHROOT} dataset..."
97    tank=`getZFSTank "${JDIR}"`
98    isDirZFS "${WORLDCHROOT}" "1"
99    if [ $? -ne 0 ] ; then
100       zfs create -o mountpoint=/${tank}${zfsp} -p ${tank}${zfsp}
101       if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
102       mkdir -p "${WORLDCHROOT}/.plugins" >/dev/null 2>&1
103    fi
104
105    pbi_add -e --no-checksig -p ${WORLDCHROOT} ${PJAIL}
106    if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
107
108    zfs snapshot ${tank}${zfsp}@clean
109    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
110    rm ${PJAIL}
111  else
112    # Save the chroot tarball
113    mv ${PJAIL} ${WORLDCHROOT}
114  fi
115  rm ${PJAILSHA256}
116};
117
118### Download the chroot
119downloadchroot() {
120  local CHROOT="${1}"
121
122  # XXX If this is PCBSD, pbreg get /PC-BSD/Version
123  SYSVER="$(echo "$(uname -r)" | cut -f1 -d'-')"
124  FBSD_TARBALL="fbsd-release.txz"
125  FBSD_TARBALL_CKSUM="${FBSD_TARBALL}.md5"
126
127  # Set the mirror URL, may be overridden by setting MIRRORURL environment variable
128  if [ -z "${MIRRORURL}" ]; then
129    get_mirror
130    MIRRORURL="$VAL"
131  fi
132
133  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
134  cd ${JDIR}
135
136  echo "Fetching jail environment. This may take a while..."
137  echo "Downloading ${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL} ..."
138
139  if [ ! -e "$FBSD_TARBALL" ] ; then
140     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL}" "$FBSD_TARBALL" 3
141     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
142  fi
143
144  if [ ! -e "$FBSD_TARBALL_CKSUM" ] ; then
145     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL_CKSUM}" "$FBSD_TARBALL_CKSUM" 3
146     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
147  fi
148
149  [ "$(md5 -q ${FBSD_TARBALL})" != "$(cat ${FBSD_TARBALL_CKSUM})" ] &&
150    printerror "Error in download data, checksum mismatch. Please try again later."
151
152  # Creating ZFS dataset?
153  isDirZFS "${JDIR}"
154  if [ $? -eq 0 ] ; then
155    local zfsp=`getZFSRelativePath "${CHROOT}"`
156
157    # Use ZFS base for cloning
158    echo "Creating ZFS ${CHROOT} dataset..."
159    tank=`getZFSTank "${JDIR}"`
160    isDirZFS "${CHROOT}" "1"
161    if [ $? -ne 0 ] ; then
162       zfs create -o mountpoint=/${tank}${zfsp} -p ${tank}${zfsp}
163       if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
164    fi
165
166    tar xvpf ${FBSD_TARBALL} -C ${CHROOT} 2>/dev/null
167    if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
168
169    zfs snapshot ${tank}${zfsp}@clean
170    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
171    rm ${FBSD_TARBALL}
172  else
173    # Save the chroot tarball
174    mv ${FBSD_TARBALL} ${CHROOT}
175  fi
176  rm ${FBSD_TARBALL_CKSUM}
177};
178
179# Check if a directory is mounted
180isDirMounted() {
181  mount | grep -q "on $1 ("
182  return $?
183}
184
185# Mount all the FS needed for a PBI container
186mountpbibox() {
187
188  # Update the user files on the portjail
189  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
190  for file in ${ETCFILES}; do
191    rm ${JDIR}/${1}/etc/${file} >/dev/null 2>&1
192    cp /etc/${file} ${JDIR}/${1}/etc/${file}
193  done
194
195  for nullfs_mount in ${NULLFS_MOUNTS}; do
196    if [ ! -d "${JDIR}/${1}${nullfs_mount}" ] ; then
197      mkdir -p "${JDIR}/${1}${nullfs_mount}"
198    fi
199    if is_symlinked_mountpoint ${nullfs_mount}; then
200      echo "${nullfs_mount} has symlink as parent, not mounting"
201      continue
202    fi
203
204    # If this is already mounted we can skip for now
205    isDirMounted "${JDIR}/${1}${nullfs_mount}" && continue
206
207    echo "Mounting ${JDIR}/${1}${nullfs_mount}"
208    mount_nullfs ${nullfs_mount} ${JDIR}/${1}${nullfs_mount}
209  done
210
211  # Check and mount /dev
212  isDirMounted "${JDIR}/${1}/dev"
213  if [ $? -ne 0 ] ; then
214    echo "Enabling devfs"
215    mount -t devfs devfs ${JDIR}/${1}/dev
216  fi
217
218  # Add support for linprocfs for ports that need linprocfs to build/run
219  if [  ! -d "${JDIR}/${1}/compat/linux/proc" ]; then
220    mkdir -p ${JDIR}/${1}/compat/linux/proc
221  fi
222  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/proc; then
223    echo "${JDIR}/${1}/compat/linux/proc has symlink as parent, not mounting"
224    return
225  fi
226
227  # If this is already mounted we can skip for now
228  isDirMounted "${JDIR}/${1}/compat/linux/proc"
229  if [ $? -ne 0 ] ; then
230    echo "Enabling linprocfs support."
231    mount -t linprocfs linprocfs ${JDIR}/${1}/compat/linux/proc
232  fi
233
234  # Add support for linsysfs for ports that need linprocfs to build/run
235  if [  ! -d "${JDIR}/${1}/compat/linux/sys" ]; then
236    mkdir -p ${JDIR}/${1}/compat/linux/sys
237  fi
238  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/sys; then
239    echo "${JDIR}/${1}/compat/linux/sys has symlink as parent, not mounting"
240    return
241  fi
242
243  # If this is already mounted we can skip for now
244  isDirMounted "${JDIR}/${1}/compat/linux/sys"
245  if [ $? -ne 0 ] ; then
246    echo "Enabling linsysfs support."
247    mount -t linsysfs linsysfs ${JDIR}/${1}/compat/linux/sys
248  fi
249
250  # Lastly we need to mount /usr/home/* directories
251  for i in `ls -d /usr/home/*`
252  do
253    # If this is already mounted we can skip for now
254    isDirMounted "${JDIR}/${1}${i}" && continue
255    if [ ! -d "${JDIR}/${1}${i}" ] ; then mkdir -p ${JDIR}/${1}${i} ; fi
256    echo "Mounting home: ${i}"
257    mount_nullfs ${i} ${JDIR}/${1}${i}
258  done
259
260  # If this is a portjail, we can stop now
261  if [ "$1" = "portjail" ] ; then return ; fi
262
263  # For PBIs lets mount a few extra things
264  for nullfs_mount in ${X11_MOUNTS}; do
265    if [ ! -d "${JDIR}/${1}${nullfs_mount}" ] ; then
266        continue
267    fi
268    if is_symlinked_mountpoint ${nullfs_mount}; then
269      echo "${nullfs_mount} has symlink as parent, not mounting"
270      continue
271    fi
272
273    # If this is already mounted we can skip for now
274    isDirMounted "${JDIR}/${1}${nullfs_mount}" && continue
275
276    echo "Mounting ${JDIR}/${1}${nullfs_mount}"
277    mount_nullfs ${nullfs_mount} ${JDIR}/${1}${nullfs_mount}
278  done
279 
280}
281
282### Mount all needed filesystems for the jail
283mountjailxfs() {
284 
285   # Mount the same mount-points as pbibox
286   mountpbibox "portjail"
287
288}
289
290### Umount all the jail's filesystems
291umountjailxfs() {
292  status="0"
293  # Umount all filesystems that are mounted into the portsjail
294  for mountpoint in $(mount | grep ${JDIR}/${1}/ | cut -d" " -f3); do
295    if [ "$mountpoint" = "${JDIR}/${1}/dev" ] ; then continue ; fi
296    if [ "$mountpoint" = "${JDIR}/${1}/" ] ; then continue ; fi
297    if [ "$mountpoint" = "${JDIR}/${1}" ] ; then continue ; fi
298    echo "Unmounting $mountpoint"
299    umount -f ${mountpoint}
300    if [ $? -ne 0 ] ; then status="1" ; fi
301  done
302  # Now try to umount /dev
303  umount -f ${JDIR}/${1}/dev 2>/dev/null >/dev/null
304  return $status
305}
306
307# Check if PBI scripts are loaded in jail
308checkpbiscripts() {
309  if [ -z "${1}" ] ; then return ; fi
310  if [ ! -e "${1}/usr/local/sbin/pbi_info" ] ; then
311    copypbiscripts "${1}"
312  elif [ "`ls -l /usr/local/sbin/pbi_info | awk '{print $5}'`" != "`ls -l ${1}/usr/local/sbin/pbi_info | awk '{print $5}'`" ] ; then
313    copypbiscripts "${1}"
314  fi
315}
316
317# Copy PBI scripts to jail
318copypbiscripts() {
319  if [ -z "${1}" ] ; then return ; fi
320  mkdir -p ${1}/usr/local/sbin >/dev/null 2>/dev/null
321  cp /usr/local/sbin/pbi* ${1}/usr/local/sbin/
322  chmod 755 ${1}/usr/local/sbin/pbi*
323
324  # Copy rc.d pbid script
325  mkdir -p ${1}/usr/local/etc/rc.d >/dev/null 2>/dev/null
326  cp /usr/local/etc/rc.d/pbid ${1}/usr/local/etc/rc.d/
327
328  # Copy any PBI manpages
329  for man in `find /usr/local/man | grep pbi`
330  do
331    if [ ! -d "${1}`dirname $man`" ] ; then
332      mkdir -p "${1}`dirname $man`"
333    fi
334    cp "${man}" "${1}${man}"
335  done
336}
337
338mkportjail() {
339  if [ -z "${1}" ] ; then return ; fi
340  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
341  for file in ${ETCFILES}; do
342    rm ${1}/etc/${file} >/dev/null 2>&1
343    cp /etc/${file} ${1}/etc/${file}
344  done
345 
346  # Need to symlink /home
347  chroot ${1} ln -fs /usr/home /home
348
349  # Make sure we remove our cleartmp rc.d script, causes issues
350  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
351
352  # Flag this type
353  touch ${JMETADIR}/jail-portjail
354}
355
356mkpbibox() {
357
358  if [ -z "${1}" ] ; then return ; fi
359
360  # KPM - Replace this section with a "mergeuserpw" function
361  # Need to be able to merge user accounts from /home on base system
362  # into the chroot each time we start it
363  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
364  for file in ${ETCFILES}; do
365    rm ${1}/etc/${file} >/dev/null 2>&1
366    cp /etc/${file} ${1}/etc/${file}
367  done
368 
369  # Need to symlink /home
370  chroot ${1} ln -fs /usr/home /home
371
372  # Make sure we remove our cleartmp rc.d script, causes issues
373  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
374
375  # Flag this type
376  touch ${JMETADIR}/jail-pbibox
377
378}
379
380
381mkpluginjail() {
382  if [ -z "${1}" ] ; then return ; fi
383  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
384  for file in ${ETCFILES}; do
385    rm ${1}/etc/${file} >/dev/null 2>&1
386    cp /etc/${file} ${1}/etc/${file}
387  done
388 
389  # Need to symlink /home
390  chroot ${1} ln -fs /usr/home /home
391
392  # Make sure we remove our cleartmp rc.d script, causes issues
393  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
394  # Flag this type
395  touch ${JMETADIR}/jail-pluginjail
396}
397
398mkZFSSnap() {
399  isDirZFS "${1}" "1"
400  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
401  tank=`getZFSTank "$1"`
402  rp=`getZFSRelativePath "$1"`
403  zdate=`date +%Y-%m-%d-%H-%M-%S`
404  zfs snapshot $tank${rp}@$zdate
405}
406
407listZFSSnap() {
408  isDirZFS "${1}" "1"
409  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
410  tank=`getZFSTank "$1"`
411  rp=`getZFSRelativePath "$1"`
412  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}'
413}
414
415listZFSClone() {
416  isDirZFS "${1}" "1"
417  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
418  tank=`getZFSTank "$1"`
419  cdir=`getZFSRelativePath "${CDIR}"` 
420  echo "Clone Directory: ${CDIR}"
421  echo "-----------------------------------"
422  zfs list | grep -w "^${tank}${cdir}/${2}" | awk '{print $5}' | sed "s|${CDIR}/${2}-||g"
423}
424
425rmZFSClone() {
426  CLONEDIR="${CDIR}/${3}-${2}"
427  isDirZFS "${CLONEDIR}" "1"
428  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${CLONEDIR}" ; fi
429  tank=`getZFSTank "${CLONEDIR}"`
430  rp=`getZFSRelativePath "${CLONEDIR}"`
431  zfs destroy ${tank}${rp}
432}
433
434rmZFSSnap() {
435  isDirZFS "${1}" "1"
436  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
437  tank=`getZFSTank "$1"`
438  rp=`getZFSRelativePath "$1"`
439  zfs destroy $tank${rp}@$2
440}
441
442revertZFSSnap() {
443  isDirZFS "${1}" "1"
444  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
445  tank=`getZFSTank "$1"`
446  rp=`getZFSRelativePath "$1"`
447
448  # Make sure this is a valid snapshot
449  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}' | grep -q ${2}
450  if [ $? -ne 0 ] ; then printerror "Invalid ZFS snapshot!" ; fi
451
452  # Check if the jail is running first
453  ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
454  if [ "$?" = "0" ]; then
455    restartJail="YES"
456    # Make sure the jail is stopped
457    ${PROGDIR}/scripts/backend/stopjail.sh "${3}"
458    ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
459    if [ "$?" = "0" ]; then
460      printerror "Could not stop jail... Halting..."
461    fi
462  fi
463
464  # Rollback the snapshot
465  zfs rollback -R -f ${tank}${rp}@$2
466
467  # If it was started, restart the jail now
468  if [ "$restartJail" = "YES" ]; then
469    ${PROGDIR}/scripts/backend/startjail.sh "${3}"
470  fi
471 
472}
473
474cloneZFSSnap() {
475  isDirZFS "${1}" "1"
476  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
477  tank=`getZFSTank "$1"`
478  rp=`getZFSRelativePath "$1"`
479  cdir=`getZFSRelativePath "${CDIR}"`
480
481  # Make sure this is a valid snapshot
482  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}' | grep -q ${2}
483  if [ $? -ne 0 ] ; then printerror "Invalid ZFS snapshot!" ; fi
484
485  if [ -d "${CDIR}/${3}-${2}" ] ; then
486     printerror "This snapshot is already cloned and mounted at: ${CDIR}/${3}-${2}"
487  fi
488
489  # Clone the snapshot
490  zfs clone -p ${tank}${rp}@$2 ${tank}${cdir}/${3}-${2}
491
492  echo "Snapshot cloned and mounted to: ${CDIR}/${3}-${2}"
493}
494
495set_warden_metadir()
496{
497   JMETADIR="${JDIR}/.${JAILNAME}.meta"
498   export JMETADIR
499}
500
501get_ip_and_netmask()
502{
503   JIP=`echo "${1}" | cut -f1 -d'/'`
504   JMASK=`echo "${1}" | cut -f2 -d'/' -s`
505}
506
507get_interface_addresses()
508{
509   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
510}
511
512get_interface_ipv4_addresses()
513{
514   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
515}
516
517get_interface_ipv6_addresses()
518{
519   ifconfig ${1} | grep -w inet6 | awk '{ print $2 }'
520}
521
522get_interface_address()
523{
524   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
525}
526
527get_interface_ipv4_address()
528{
529   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
530}
531
532get_interface_ipv6_address()
533{
534   ifconfig ${1} | grep -w inet6 | head -1 | awk '{ print $2 }'
535}
536
537get_interface_aliases()
538{
539   local _count
540
541   _count=`ifconfig ${1} | grep -w inet | wc -l`
542   _count="$(echo "${_count} - 1" | bc)"
543
544   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
545}
546
547get_interface_ipv4_aliases()
548{
549   local _count
550
551   _count=`ifconfig ${1} | grep -w inet | wc -l`
552   _count="$(echo "${_count} - 1" | bc)"
553
554   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
555}
556
557get_interface_ipv6_aliases()
558{
559   local _count
560
561   _count=`ifconfig ${1} | grep -w inet | wc -l`
562   _count="$(echo "${_count} - 1" | bc)"
563
564   ifconfig ${1} | grep -w inet6 | tail -${_count} | awk '{ print $2 }'
565}
566
567get_default_route()
568{
569   netstat -f inet -nr | grep '^default' | awk '{ print $2 }'
570}
571
572get_default_interface()
573{
574   netstat -f inet -nrW | grep '^default' | awk '{ print $7 }'
575}
576
577get_bridge_interfaces()
578{
579   ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:
580}
581
582get_bridge_members()
583{
584   ifconfig ${1} | grep -w member | awk '{ print $2 }'
585}
586
587get_bridge_interface_by_ipv4_network()
588{
589   local network="${1}"
590   local bridges="$(get_bridge_interfaces)"
591
592   if [ -z "${network}" ]
593   then
594      return 1
595   fi
596
597   for _bridge in ${bridges}
598   do
599      local ips="$(get_interface_ipv4_aliases "${_bridge}")"
600      for _ip in ${ips}
601      do
602         if in_ipv4_network "${_ip}" "${network}"
603         then
604            echo "${_bridge}"
605            return 0
606         fi
607      done
608   done
609
610   return 1
611}
612
613get_bridge_interface_by_ipv6_network()
614{
615   local network="${1}"
616   local bridges="$(get_bridge_interfaces)"
617
618   if [ -z "${network}" ]
619   then
620      return 1
621   fi
622
623   for _bridge in ${bridges}
624   do
625      local ips="$(get_interface_ipv6_aliases "${_bridge}")"
626      for _ip in ${ips}
627      do
628         if in_ipv6_network "${_ip}" "${network}"
629         then
630            echo "${_bridge}"
631            return 0
632         fi
633      done
634   done
635
636   return 1
637}
638
639is_bridge_member()
640{
641   local _bridge="${1}"
642   local _iface="${2}"
643
644   for _member in `get_bridge_members ${_bridge}`
645   do
646      if [ "${_member}" = "${_iface}" ] ; then
647         return 0
648      fi
649   done
650
651   return 1
652}
653
654jail_interfaces_down()
655{
656   local _jid="${1}"
657   local _bridgeif
658   local _epaira
659   local _epairb
660
661   _epairb=`jexec ${_jid} ifconfig -a | grep '^epair' | cut -f1 -d:`
662   if [ -n "${_epairb}" ] ; then
663      _epaira=`echo ${_epairb} | sed -E 's|b$|a|'`
664      _bridgeif=
665
666      for _bridge in `ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:`
667      do
668         for _member in `ifconfig ${_bridge} | grep member | awk '{ print $2 }'`
669         do
670            if [ "${_member}" = "${_epaira}" ] ; then
671               _bridgeif="${_bridge}"
672                break
673            fi
674         done
675         if [ -n "${_bridgeif}" ] ; then
676            break
677         fi
678      done
679
680      jexec ${_jid} ifconfig ${_epairb} down
681      ifconfig ${_epaira} down
682      ifconfig ${_epaira} destroy
683      _count=`ifconfig ${_bridgeif} | grep member | awk '{ print $2 }' | wc -l`
684      if [ "${_count}" -le "1" ] ; then
685         ifconfig ${_bridgeif} destroy
686      fi
687   fi
688}
689
690enable_cron()
691{
692   cronscript="${PROGDIR}/scripts/backend/cronsnap.sh"
693   grep -q "${cronscript}" /etc/crontab
694   if [ $? -eq 0 ] ; then return 0 ; fi
695   echo "2     *        *       *       *        root    ${cronscript}" >> /etc/crontab
696   # Restart cron
697   /etc/rc.d/cron restart >/dev/null 2>/dev/null
698}
699
700fix_old_meta()
701{
702   for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
703   do
704      if [ -e "${i}/xjail" ] ; then
705         touch ${i}/jail-portjail 2>/dev/null
706      fi
707      if [ -e "${i}/linuxjail" ] ; then
708         touch ${i}/jail-linux 2>/dev/null
709      fi
710   done
711}
712
713is_ipv4()
714{
715   local addr="${1}"
716   local res=1
717
718   local ipv4="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
719   if [ "${ipv4}" = "ipv4" ]
720   then
721      res=0
722   fi
723
724   return ${res}
725}
726
727is_ipv6()
728{
729   local addr="${1}"
730   local res=1
731
732   local ipv6="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
733   if [ "${ipv6}" = "ipv6" ]
734   then
735      res=0
736   fi
737
738   return ${res}
739}
740
741in_ipv4_network()
742{
743   local addr="${1}"
744   local network="${2}"
745   local res=1
746
747   local start="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $4 }')"
748   local end="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $6 }')"
749
750   local iaddr="$(/usr/local/bin/sipcalc "${addr}"|awk '/(decimal)/ { print $5 }')"
751   local istart="$(/usr/local/bin/sipcalc "${start}"|awk '/(decimal)/ { print $5 }')"
752   local iend="$(/usr/local/bin/sipcalc "${end}"|awk '/(decimal)/ { print $5 }')"
753
754   if [ "${iaddr}" -ge "${istart}" -a "${iaddr}" -le "${iend}" ]
755   then
756      res=0
757   fi
758
759   return ${res}
760}
761
762ipv6_to_binary()
763{
764   echo ${1}|awk '{
765      split($1, octets, ":");
766      olen = length(octets);
767               
768      bnum = "";
769      for (i = 1;i <= olen;i++) {
770         tbnum = "";
771         dnum = int(sprintf("0x%s", octets[i]));
772         for (;;) {
773            rem = int(dnum % 2);
774            if (rem == 0)
775               tbnum = sprintf("0%s", tbnum);
776            else               
777               tbnum = sprintf("1%s", tbnum);
778            dnum /= 2;
779            if (dnum < 1)
780               break;
781         }
782         bnum = sprintf("%s%016s", bnum, tbnum);
783      }
784      printf("%s", bnum);
785   }'
786}
787
788in_ipv6_network()
789{
790   local addr="${1}"
791   local network="${2}"
792   local mask="$(echo "${network}"|cut -f2 -d'/' -s)"
793   local res=1
794
795   local addr="$(/usr/local/bin/sipcalc "${addr}"|awk \
796      '/^Expanded/ { print $4}')"
797   local start="$(/usr/local/bin/sipcalc "${network}"|egrep \
798      '^Network range'|awk '{ print $4 }')"
799
800   local baddr="$(ipv6_to_binary "${addr}")"
801   local bstart="$(ipv6_to_binary "${start}")"
802
803   local baddrnet="$(echo "${baddr}"|awk -v mask="${mask}" \
804      '{ s = substr($0, 1, mask); printf("%s", s); }')"
805   local bstartnet="$(echo "${bstart}"|awk -v mask="${mask}" \
806      '{ s = substr($0, 1, mask); printf("%s", s); }')"
807
808   if [ "${baddrnet}" = "${bstartnet}" ]
809   then
810      res=0
811   fi
812
813   return ${res}
814}
815
816install_pc_extractoverlay()
817{
818  if [ -z "${1}" ] ; then
819    return 1
820  fi
821
822  mkdir -p ${1}/usr/local/bin
823  mkdir -p ${1}/usr/local/share/pcbsd/conf
824  mkdir -p ${1}/usr/local/share/pcbsd/distfiles
825
826  cp /usr/local/bin/pc-extractoverlay ${1}/usr/local/bin/
827  chmod 755 ${1}/usr/local/bin/pc-extractoverlay
828
829  cp /usr/local/share/pcbsd/conf/server-excludes \
830    ${1}/usr/local/share/pcbsd/conf
831  cp /usr/local/share/pcbsd/distfiles/server-overlay.txz \
832    ${1}/usr/local/share/pcbsd/distfiles
833
834  return 0
835}
836
837make_bootstrap_pkgng_file_standard()
838{
839  local jaildir="${1}"
840  local outfile="${2}"
841
842  local release="$(uname -r | cut -d '-' -f 1-2)"
843  local arch="$(uname -m)"
844
845cat<<__EOF__>"${outfile}"
846#!/bin/sh
847tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
848pkg add pkg.txz
849rm pkg.txz
850
851echo "packagesite: http://pkg.cdn.pcbsd.org/${release}/${arch}" >/usr/local/etc/pkg.conf
852echo "PUBKEY: /usr/local/etc/pkg-pubkey.cert" >>/usr/local/etc/pkg.conf
853echo "PKG_CACHEDIR: /usr/local/tmp" >>/usr/local/etc/pkg.conf
854
855pkg install -y pcbsd-utils
856pc-extractoverlay ports
857
858exit $?
859__EOF__
860}
861
862make_bootstrap_pkgng_file_pluginjail()
863{
864
865  local jaildir="${1}"
866  local outfile="${2}"
867
868  local release="$(uname -r | cut -d '-' -f 1-2)"
869  local arch="$(uname -m)"
870
871  get_mirror
872  local mirror="${VAL}"
873
874  cp /usr/local/share/warden/pluginjail-packages "${jaildir}/pluginjail-packages"
875
876cat<<__EOF__>"${outfile}"
877#!/bin/sh
878tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
879pkg add pkg.txz
880rm pkg.txz
881
882mount -t devfs devfs /dev
883
884echo "packagesite: http://pkg.cdn.pcbsd.org/${release}/${arch}" >/usr/local/etc/pkg.conf
885echo "PUBKEY: /usr/local/etc/pkg-pubkey.cert" >>/usr/local/etc/pkg.conf
886echo "PKG_CACHEDIR: /usr/local/tmp" >>/usr/local/etc/pkg.conf
887pkg install -y pcbsd-utils
888__EOF__
889
890echo '
891i=0
892count=`wc -l /pluginjail-packages| awk "{ print $1 }"`
893for p in `cat /pluginjail-packages`
894do
895  pkg install -y ${p}
896  : $(( i += 1 ))
897done
898
899umount devfs
900exit $?
901' >> "${outfile}"
902}
903
904
905bootstrap_pkgng()
906{
907  local jaildir="${1}"
908  local jailtype="${2}"
909  if [ -z "${jailtype}" ] ; then
910    jailtype="standard"
911  fi
912  local release="$(uname -r | cut -d '-' -f 1-2)"
913  local arch="$(uname -m)"
914
915  local ffunc="make_bootstrap_pkgng_file_standard"
916  if [ "${jailtype}" = "pluginjail" ] ; then
917    ffunc="make_bootstrap_pkgng_file_pluginjail"
918  fi
919
920  cd ${jaildir} 
921  echo "Boot-strapping pkgng"
922
923  mkdir -p ${jaildir}/usr/local/etc
924  pubcert="/usr/local/etc/pkg-pubkey.cert"
925
926  cp "${pubcert}" ${jaildir}/usr/local/etc
927  install_pc_extractoverlay "${jaildir}"
928
929  ${ffunc} "${jaildir}" "${jaildir}/bootstrap-pkgng"
930  chmod 755 "${jaildir}/bootstrap-pkgng"
931
932  if [ -e "pkg.txz" ] ; then rm pkg.txz ; fi
933  get_file_from_mirrors "/${release}/${arch}/Latest/pkg.txz" "pkg.txz" "pkg"
934  if [ $? -eq 0 ] ; then
935    chroot ${jaildir} /bootstrap-pkgng
936    if [ $? -eq 0 ] ; then
937      rm -f "${jaildir}/bootstrap-pkgng"
938      rm -f "${jaildir}/pluginjail-packages"
939      chroot ${jaildir} pc-extractoverlay server --sysinit
940      return 0
941    fi
942  fi
943
944  echo "Failed boot-strapping PKGNG, most likely cause is internet connection failure."
945  rm -f "${jaildir}/bootstrap-pkgng"
946  rm -f "${jaildir}/pluginjail-packages"
947  return 1
948}
949
950ipv4_configured()
951{
952   local iface="${1}"
953   local jid="${2}"
954   local jexec=
955
956   if [ -n "${jid}" ] ; then
957      jexec="jexec ${jid}"
958   fi
959
960   ${jexec} ifconfig "${iface}" | grep -qw inet 2>/dev/null
961   return $?
962}
963
964ipv4_address_configured()
965{
966   local iface="${1}"
967   local addr="${2}"
968   local jid="${3}"
969   local jexec= 
970
971   addr="$(echo ${addr}|cut -f1 -d'/')"
972
973   if [ -n "${jid}" ] ; then
974      jexec="jexec ${jid}"
975   fi
976
977   ${jexec} ifconfig "${iface}" | \
978      grep -w inet | \
979      awk '{ print $2 }' | \
980      grep -Ew "^${addr}" >/dev/null 2>&1
981   return $?
982}
983
984ipv6_configured()
985{
986   local iface="${1}"
987   local jid="${2}"
988   local jexec=
989
990   if [ -n "${jid}" ] ; then
991      jexec="jexec ${jid}"
992   fi
993
994   ${jexec} ifconfig "${iface}" | grep -qw inet6 2>/dev/null
995   return $?
996}
997
998ipv6_address_configured()
999{
1000   local iface="${1}"
1001   local addr="${2}"
1002   local jid="${3}"
1003   local jexec= 
1004
1005   addr="$(echo ${addr}|cut -f1 -d'/')"
1006
1007   if [ -n "${jid}" ] ; then
1008      jexec="jexec ${jid}"
1009   fi
1010
1011   ${jexec} ifconfig "${iface}" | \
1012      grep -w inet6 | \
1013      awk '{ print $2 }' | \
1014      grep -Ew "^${addr}" >/dev/null 2>&1
1015   return $?
1016}
1017
1018get_ipfw_nat_instance()
1019{
1020   local iface="${1}"
1021   local res=1
1022
1023   if [ -z "${iface}" ] ; then
1024      local instance="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'|tail -1`"
1025      if [ -z "${instance}" ] ; then
1026         instance="100"
1027      else               
1028         : $(( instance += 100 )) 
1029      fi
1030      echo "${instance}"
1031      return 0
1032   fi
1033
1034   for ni in `ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'`
1035   do
1036      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1037      if [ "$?" = "0" ] ; then
1038         echo "${ni}"
1039         res=0
1040         break
1041      fi
1042   done
1043
1044   return ${res}
1045}
1046
1047get_ipfw_nat_priority()
1048{
1049   local iface="${1}"
1050   local res=1
1051
1052   if [ -z "${iface}" ] ; then
1053      local priority="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $1 }'|tail -1`"
1054      if [ -z "${priority}" ] ; then
1055         priority=2000
1056      fi
1057      printf "%05d\n" "${priority}"
1058      return 0
1059   fi
1060
1061   local IFS='
1062'
1063   for rule in `ipfw list|egrep '[0-9]+ nat'`
1064   do
1065      local priority="`echo "${rule}"|awk '{ print $1 }'`"
1066      local ni="`echo "${rule}"|awk '{ print $3 }'`"
1067
1068      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1069      if [ "$?" = "0" ] ; then
1070         echo "${priority}"
1071         res=0
1072         break
1073      fi
1074   done
1075
1076   return ${res}
1077}
1078
1079list_templates()
1080{
1081   echo "Jail Templates:"
1082   echo "------------------------------" 
1083   isDirZFS "${JDIR}"
1084   if [ $? -eq 0 ] ; then
1085     for i in `ls -d ${JDIR}/.warden-template* 2>/dev/null`
1086     do
1087        if [ ! -e "$i/bin/sh" ] ; then continue ; fi
1088        NICK=`echo "$i" | sed "s|${JDIR}/.warden-template-||g"`
1089        file "$i/bin/sh" 2>/dev/null | grep -q "64-bit"
1090        if [ $? -eq 0 ] ; then
1091           ARCH="amd64"
1092        else
1093           ARCH="i386"
1094        fi
1095        VER=`file "$i/bin/sh" | cut -d ',' -f 5 | awk '{print $3}'`
1096        if [ -e "$i/etc/rc.delay" ] ; then
1097           TYPE="TrueOS"
1098        else
1099           TYPE="FreeBSD"
1100        fi
1101        echo -e "${NICK} - $TYPE $VER ($ARCH)"
1102     done
1103   else
1104     # UFS, no details for U!
1105     ls ${JDIR}/.warden-template*.tbz | sed "s|${JDIR}/.warden-template-||g" | sed "s|.tbz||g"
1106   fi
1107   exit 0
1108}
1109
1110delete_template()
1111{
1112   tDir="${JDIR}/.warden-template-${1}"
1113   isDirZFS "${JDIR}"
1114   if [ $? -eq 0 ] ; then
1115     isDirZFS "${tDir}" "1"
1116     if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${tDir}" ; fi
1117     tank=`getZFSTank "$tDir"`
1118     rp=`getZFSRelativePath "$tDir"`
1119     zfs destroy -r $tank${rp} 
1120     if [ $? -ne 0 ] ; then
1121       exit_err "Could not remove template, perhaps you have jails still using it?"
1122     fi
1123     rmdir ${tDir}
1124   else
1125     if [ ! -e "${tDir}.tbz" ] ; then
1126       exit_err "No such template: ${1}"
1127     fi
1128     rm ${tDir}.tbz
1129   fi
1130   echo "DONE"
1131
1132   exit 0
1133}
Note: See TracBrowser for help on using the repository browser.