source: src-sh/warden/scripts/backend/functions.sh @ 6cf118f

9.2-releasereleng/10.0releng/10.0.1releng/10.0.2
Last change on this file since 6cf118f was 6cf118f, checked in by Kris Moore <kris@…>, 11 months ago

When we boot-strap pkgng, make sure to install pcbsd-utils

  • Property mode set to 100755
File size: 27.7 KB
Line 
1#!/bin/sh
2# Functions / variables for warden
3######################################################################
4# DO NOT EDIT
5
6# Source local functions
7. /usr/local/share/pcbsd/scripts/functions.sh
8
9# Installation directory
10PROGDIR="/usr/local/share/warden"
11
12# Jail location
13JDIR="$(grep ^JDIR: /usr/local/etc/warden.conf | cut -d' ' -f2)"
14export JDIR
15
16# Set arch type
17REALARCH=`uname -m`
18export REALARCH
19if [ -z "$ARCH" ] ; then
20  ARCH="$REALARCH"
21  export ARCH
22fi
23
24# Location of pcbsd.conf file
25PCBSD_ETCCONF="/usr/local/etc/pcbsd.conf"
26
27# Network interface to use
28NIC="$(grep ^NIC: /usr/local/etc/warden.conf | cut -d' ' -f2)"
29export NIC
30
31# Tmp directory
32WTMP="$(grep ^WTMP: /usr/local/etc/warden.conf | cut -d' ' -f2)"
33export WTMP
34
35# FreeBSD release
36FREEBSD_RELEASE="$(grep ^FREEBSD_RELEASE: /usr/local/etc/warden.conf | cut -d' ' -f2)"
37if [ -z "${FREEBSD_RELEASE}" ] ; then
38  FREEBSD_RELEASE="$(uname -r)"
39fi
40export UNAME_r="${FREEBSD_RELEASE}"
41
42# Temp file for dialog responses
43ATMP="/tmp/.wans"
44export ATMP
45
46# Warden Version
47WARDENVER="1.3"
48export WARDENVER
49
50# Dirs to nullfs mount in X jail / pbibox
51NULLFS_MOUNTS="/tmp /media"
52X11_MOUNTS="/usr/local/lib/X11/icons /usr/local/lib/X11/fonts /usr/local/etc/fonts"
53
54# Clone directory
55CDIR="${JDIR}/clones"
56
57downloadpluginjail() {
58  local _ver="${1}"
59
60  SYSVER=`echo "${_ver}" | sed -E 's|^FreeNAS-(([0-9]+\.){2}[0-9]+).*|\1|'`
61  SYSREL=`echo "${_ver}" | sed -E 's|^FreeNAS-([0-9]+\.){2}[0-9]+-([a-zA-Z0-9]+)-.*|\2|'`
62  SYSARCH=`echo "${_ver}" | sed -E 's#^(.*)(x86|x64)#\2#'`
63
64  SF="http://downloads.sourceforge.net/project/freenas"
65  URL="${SF}/FreeNAS-${SYSVER}/${SYSREL}/${SYSARCH}/plugins"
66
67  PJAIL="FreeNAS-${SYSVER}-${SYSREL}-${SYSARCH}.Plugins_Jail.pbi"
68  PJAILSHA256="${PJAIL}.sha256"
69
70  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
71  cd ${JDIR}
72
73  echo "Fetching jail environment. This may take a while..."
74
75  if [ ! -e "${PJAIL}" ] ; then
76     echo "Downloading ${URL}/${PJAIL} ..."
77     get_file "${URL}/${PJAIL}" "${PJAIL}" 3
78     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail."
79  fi
80
81  if [ ! -e "${PJAILSHA256}" ] ; then
82     echo "Downloading ${URL}/${PJAILSHA256} ..."
83     get_file "${URL}/${PJAILSHA256}" "${PJAILSHA256}" 3
84     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail sha256."
85  fi
86
87  [ "$(sha256 -q ${PJAIL})" != "$(cat ${PJAILSHA256})" ] &&
88    printerror "Error in download data, checksum mismatch. Please try again later."
89
90  # Creating ZFS dataset?
91  isDirZFS "${JDIR}"
92  if [ $? -eq 0 ] ; then
93    local zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
94
95    # Use ZFS base for cloning
96    echo "Creating ZFS ${WORLDCHROOT} dataset..."
97    tank=`getZFSTank "${JDIR}"`
98    isDirZFS "${WORLDCHROOT}" "1"
99    if [ $? -ne 0 ] ; then
100       zfs create -o mountpoint=/${tank}${zfsp} -p ${tank}${zfsp}
101       if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
102       mkdir -p "${WORLDCHROOT}/.plugins" >/dev/null 2>&1
103    fi
104
105    pbi_add -e --no-checksig -p ${WORLDCHROOT} ${PJAIL}
106    if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
107
108    zfs snapshot ${tank}${zfsp}@clean
109    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
110    rm ${PJAIL}
111  else
112    # Save the chroot tarball
113    mv ${PJAIL} ${WORLDCHROOT}
114  fi
115  rm ${PJAILSHA256}
116};
117
118### Download the chroot
119downloadchroot() {
120  local CHROOT="${1}"
121
122  # XXX If this is PCBSD, pbreg get /PC-BSD/Version
123  SYSVER="$(echo "$(uname -r)" | cut -f1 -d'-')"
124  FBSD_TARBALL="fbsd-release.txz"
125  FBSD_TARBALL_CKSUM="${FBSD_TARBALL}.md5"
126
127  # Set the mirror URL, may be overridden by setting MIRRORURL environment variable
128  if [ -z "${MIRRORURL}" ]; then
129    get_mirror
130    MIRRORURL="$VAL"
131  fi
132
133  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
134  cd ${JDIR}
135
136  echo "Fetching jail environment. This may take a while..."
137  echo "Downloading ${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL} ..."
138
139  if [ ! -e "$FBSD_TARBALL" ] ; then
140     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL}" "$FBSD_TARBALL" 3
141     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
142  fi
143
144  if [ ! -e "$FBSD_TARBALL_CKSUM" ] ; then
145     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL_CKSUM}" "$FBSD_TARBALL_CKSUM" 3
146     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
147  fi
148
149  [ "$(md5 -q ${FBSD_TARBALL})" != "$(cat ${FBSD_TARBALL_CKSUM})" ] &&
150    printerror "Error in download data, checksum mismatch. Please try again later."
151
152  # Creating ZFS dataset?
153  isDirZFS "${JDIR}"
154  if [ $? -eq 0 ] ; then
155    local zfsp=`getZFSRelativePath "${CHROOT}"`
156
157    # Use ZFS base for cloning
158    echo "Creating ZFS ${CHROOT} dataset..."
159    tank=`getZFSTank "${JDIR}"`
160    isDirZFS "${CHROOT}" "1"
161    if [ $? -ne 0 ] ; then
162       zfs create -o mountpoint=/${tank}${zfsp} -p ${tank}${zfsp}
163       if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
164    fi
165
166    tar xvpf ${FBSD_TARBALL} -C ${CHROOT} 2>/dev/null
167    if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
168
169    zfs snapshot ${tank}${zfsp}@clean
170    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
171    rm ${FBSD_TARBALL}
172  else
173    # Save the chroot tarball
174    mv ${FBSD_TARBALL} ${CHROOT}
175  fi
176  rm ${FBSD_TARBALL_CKSUM}
177};
178
179# Check if a directory is mounted
180isDirMounted() {
181  mount | grep -q "on $1 ("
182  return $?
183}
184
185# Mount all the FS needed for a PBI container
186mountpbibox() {
187
188  for nullfs_mount in ${NULLFS_MOUNTS}; do
189    if [ ! -d "${JDIR}/${1}${nullfs_mount}" ] ; then
190      mkdir -p "${JDIR}/${1}${nullfs_mount}"
191    fi
192    if is_symlinked_mountpoint ${nullfs_mount}; then
193      echo "${nullfs_mount} has symlink as parent, not mounting"
194      continue
195    fi
196
197    # If this is already mounted we can skip for now
198    isDirMounted "${JDIR}/${1}${nullfs_mount}" && continue
199
200    echo "Mounting ${JDIR}/${1}${nullfs_mount}"
201    mount_nullfs ${nullfs_mount} ${JDIR}/${1}${nullfs_mount}
202  done
203
204  # Check and mount /dev
205  isDirMounted "${JDIR}/${1}/dev"
206  if [ $? -ne 0 ] ; then
207    echo "Enabling devfs"
208    mount -t devfs devfs ${JDIR}/${1}/dev
209  fi
210
211  # Add support for linprocfs for ports that need linprocfs to build/run
212  if [  ! -d "${JDIR}/${1}/compat/linux/proc" ]; then
213    mkdir -p ${JDIR}/${1}/compat/linux/proc
214  fi
215  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/proc; then
216    echo "${JDIR}/${1}/compat/linux/proc has symlink as parent, not mounting"
217    return
218  fi
219
220  # If this is already mounted we can skip for now
221  isDirMounted "${JDIR}/${1}/compat/linux/proc"
222  if [ $? -ne 0 ] ; then
223    echo "Enabling linprocfs support."
224    mount -t linprocfs linprocfs ${JDIR}/${1}/compat/linux/proc
225  fi
226
227  # Add support for linsysfs for ports that need linprocfs to build/run
228  if [  ! -d "${JDIR}/${1}/compat/linux/sys" ]; then
229    mkdir -p ${JDIR}/${1}/compat/linux/sys
230  fi
231  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/sys; then
232    echo "${JDIR}/${1}/compat/linux/sys has symlink as parent, not mounting"
233    return
234  fi
235
236  # If this is already mounted we can skip for now
237  isDirMounted "${JDIR}/${1}/compat/linux/sys"
238  if [ $? -ne 0 ] ; then
239    echo "Enabling linsysfs support."
240    mount -t linsysfs linsysfs ${JDIR}/${1}/compat/linux/sys
241  fi
242
243  # Lastly we need to mount /usr/home/* directories
244  for i in `ls -d /usr/home/*`
245  do
246    # If this is already mounted we can skip for now
247    isDirMounted "${JDIR}/${1}${i}" && continue
248    if [ ! -d "${JDIR}/${1}${i}" ] ; then mkdir -p ${JDIR}/${1}${i} ; fi
249    echo "Mounting home: ${i}"
250    mount_nullfs ${i} ${JDIR}/${1}${i}
251  done
252
253  # If this is a portjail, we can stop now
254  if [ "$1" = "portjail" ] ; then return ; fi
255
256  # For PBIs lets mount a few extra things
257  for nullfs_mount in ${X11_MOUNTS}; do
258    if [ ! -d "${JDIR}/${1}${nullfs_mount}" ] ; then
259        continue
260    fi
261    if is_symlinked_mountpoint ${nullfs_mount}; then
262      echo "${nullfs_mount} has symlink as parent, not mounting"
263      continue
264    fi
265
266    # If this is already mounted we can skip for now
267    isDirMounted "${JDIR}/${1}${nullfs_mount}" && continue
268
269    echo "Mounting ${JDIR}/${1}${nullfs_mount}"
270    mount_nullfs ${nullfs_mount} ${JDIR}/${1}${nullfs_mount}
271  done
272 
273}
274
275### Mount all needed filesystems for the jail
276mountjailxfs() {
277 
278   # Mount the same mount-points as pbibox
279   mountpbibox "portjail"
280
281}
282
283### Umount all the jail's filesystems
284umountjailxfs() {
285  status="0"
286  # Umount all filesystems that are mounted into the portsjail
287  for mountpoint in $(mount | grep ${JDIR}/${1}/ | cut -d" " -f3); do
288    if [ "$mountpoint" = "${JDIR}/${1}/dev" ] ; then continue ; fi
289    if [ "$mountpoint" = "${JDIR}/${1}/" ] ; then continue ; fi
290    if [ "$mountpoint" = "${JDIR}/${1}" ] ; then continue ; fi
291    echo "Unmounting $mountpoint"
292    umount -f ${mountpoint}
293    if [ $? -ne 0 ] ; then status="1" ; fi
294  done
295  # Now try to umount /dev
296  umount -f ${JDIR}/${1}/dev 2>/dev/null >/dev/null
297  return $status
298}
299
300# Check if PBI scripts are loaded in jail
301checkpbiscripts() {
302  if [ -z "${1}" ] ; then return ; fi
303  if [ ! -e "${1}/usr/local/sbin/pbi_info" ] ; then
304    copypbiscripts "${1}"
305  elif [ "`ls -l /usr/local/sbin/pbi_info | awk '{print $5}'`" != "`ls -l ${1}/usr/local/sbin/pbi_info | awk '{print $5}'`" ] ; then
306    copypbiscripts "${1}"
307  fi
308}
309
310# Copy PBI scripts to jail
311copypbiscripts() {
312  if [ -z "${1}" ] ; then return ; fi
313  mkdir -p ${1}/usr/local/sbin >/dev/null 2>/dev/null
314  cp /usr/local/sbin/pbi* ${1}/usr/local/sbin/
315  chmod 755 ${1}/usr/local/sbin/pbi*
316
317  # Copy rc.d pbid script
318  mkdir -p ${1}/usr/local/etc/rc.d >/dev/null 2>/dev/null
319  cp /usr/local/etc/rc.d/pbid ${1}/usr/local/etc/rc.d/
320
321  # Copy any PBI manpages
322  for man in `find /usr/local/man | grep pbi`
323  do
324    if [ ! -d "${1}`dirname $man`" ] ; then
325      mkdir -p "${1}`dirname $man`"
326    fi
327    cp "${man}" "${1}${man}"
328  done
329}
330
331mkportjail() {
332  if [ -z "${1}" ] ; then return ; fi
333  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
334  for file in ${ETCFILES}; do
335    rm ${1}/etc/${file} >/dev/null 2>&1
336    cp /etc/${file} ${1}/etc/${file}
337  done
338 
339  # Need to symlink /home
340  chroot ${1} ln -fs /usr/home /home
341
342  # Make sure we remove our cleartmp rc.d script, causes issues
343  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
344
345  # Flag this type
346  touch ${JMETADIR}/jail-portjail
347}
348
349mkpbibox() {
350
351  if [ -z "${1}" ] ; then return ; fi
352
353  # KPM - Replace this section with a "mergeuserpw" function
354  # Need to be able to merge user accounts from /home on base system
355  # into the chroot each time we start it
356  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
357  for file in ${ETCFILES}; do
358    rm ${1}/etc/${file} >/dev/null 2>&1
359    cp /etc/${file} ${1}/etc/${file}
360  done
361 
362  # Need to symlink /home
363  chroot ${1} ln -fs /usr/home /home
364
365  # Make sure we remove our cleartmp rc.d script, causes issues
366  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
367
368  # Flag this type
369  touch ${JMETADIR}/jail-pbibox
370
371}
372
373
374mkpluginjail() {
375  if [ -z "${1}" ] ; then return ; fi
376  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
377  for file in ${ETCFILES}; do
378    rm ${1}/etc/${file} >/dev/null 2>&1
379    cp /etc/${file} ${1}/etc/${file}
380  done
381 
382  # Need to symlink /home
383  chroot ${1} ln -fs /usr/home /home
384
385  # Make sure we remove our cleartmp rc.d script, causes issues
386  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
387  # Flag this type
388  touch ${JMETADIR}/jail-pluginjail
389}
390
391mkZFSSnap() {
392  isDirZFS "${1}" "1"
393  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
394  tank=`getZFSTank "$1"`
395  rp=`getZFSRelativePath "$1"`
396  zdate=`date +%Y-%m-%d-%H-%M-%S`
397  zfs snapshot $tank${rp}@$zdate
398}
399
400listZFSSnap() {
401  isDirZFS "${1}" "1"
402  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
403  tank=`getZFSTank "$1"`
404  rp=`getZFSRelativePath "$1"`
405  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}'
406}
407
408listZFSClone() {
409  isDirZFS "${1}" "1"
410  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
411  tank=`getZFSTank "$1"`
412  cdir=`getZFSRelativePath "${CDIR}"` 
413  echo "Clone Directory: ${CDIR}"
414  echo "-----------------------------------"
415  zfs list | grep -w "^${tank}${cdir}/${2}" | awk '{print $5}' | sed "s|${CDIR}/${2}-||g"
416}
417
418rmZFSClone() {
419  CLONEDIR="${CDIR}/${3}-${2}"
420  isDirZFS "${CLONEDIR}" "1"
421  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${CLONEDIR}" ; fi
422  tank=`getZFSTank "${CLONEDIR}"`
423  rp=`getZFSRelativePath "${CLONEDIR}"`
424  zfs destroy ${tank}${rp}
425}
426
427rmZFSSnap() {
428  isDirZFS "${1}" "1"
429  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
430  tank=`getZFSTank "$1"`
431  rp=`getZFSRelativePath "$1"`
432  zfs destroy $tank${rp}@$2
433}
434
435revertZFSSnap() {
436  isDirZFS "${1}" "1"
437  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
438  tank=`getZFSTank "$1"`
439  rp=`getZFSRelativePath "$1"`
440
441  # Make sure this is a valid snapshot
442  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}' | grep -q ${2}
443  if [ $? -ne 0 ] ; then printerror "Invalid ZFS snapshot!" ; fi
444
445  # Check if the jail is running first
446  ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
447  if [ "$?" = "0" ]; then
448    restartJail="YES"
449    # Make sure the jail is stopped
450    ${PROGDIR}/scripts/backend/stopjail.sh "${3}"
451    ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
452    if [ "$?" = "0" ]; then
453      printerror "Could not stop jail... Halting..."
454    fi
455  fi
456
457  # Rollback the snapshot
458  zfs rollback -R -f ${tank}${rp}@$2
459
460  # If it was started, restart the jail now
461  if [ "$restartJail" = "YES" ]; then
462    ${PROGDIR}/scripts/backend/startjail.sh "${3}"
463  fi
464 
465}
466
467cloneZFSSnap() {
468  isDirZFS "${1}" "1"
469  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
470  tank=`getZFSTank "$1"`
471  rp=`getZFSRelativePath "$1"`
472  cdir=`getZFSRelativePath "${CDIR}"`
473
474  # Make sure this is a valid snapshot
475  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}' | grep -q ${2}
476  if [ $? -ne 0 ] ; then printerror "Invalid ZFS snapshot!" ; fi
477
478  if [ -d "${CDIR}/${3}-${2}" ] ; then
479     printerror "This snapshot is already cloned and mounted at: ${CDIR}/${3}-${2}"
480  fi
481
482  # Clone the snapshot
483  zfs clone -p ${tank}${rp}@$2 ${tank}${cdir}/${3}-${2}
484
485  echo "Snapshot cloned and mounted to: ${CDIR}/${3}-${2}"
486}
487
488set_warden_metadir()
489{
490   JMETADIR="${JDIR}/.${JAILNAME}.meta"
491   export JMETADIR
492}
493
494get_ip_and_netmask()
495{
496   JIP=`echo "${1}" | cut -f1 -d'/'`
497   JMASK=`echo "${1}" | cut -f2 -d'/' -s`
498}
499
500get_interface_addresses()
501{
502   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
503}
504
505get_interface_ipv4_addresses()
506{
507   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
508}
509
510get_interface_ipv6_addresses()
511{
512   ifconfig ${1} | grep -w inet6 | awk '{ print $2 }'
513}
514
515get_interface_address()
516{
517   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
518}
519
520get_interface_ipv4_address()
521{
522   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
523}
524
525get_interface_ipv6_address()
526{
527   ifconfig ${1} | grep -w inet6 | head -1 | awk '{ print $2 }'
528}
529
530get_interface_aliases()
531{
532   local _count
533
534   _count=`ifconfig ${1} | grep -w inet | wc -l`
535   _count="$(echo "${_count} - 1" | bc)"
536
537   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
538}
539
540get_interface_ipv4_aliases()
541{
542   local _count
543
544   _count=`ifconfig ${1} | grep -w inet | wc -l`
545   _count="$(echo "${_count} - 1" | bc)"
546
547   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
548}
549
550get_interface_ipv6_aliases()
551{
552   local _count
553
554   _count=`ifconfig ${1} | grep -w inet | wc -l`
555   _count="$(echo "${_count} - 1" | bc)"
556
557   ifconfig ${1} | grep -w inet6 | tail -${_count} | awk '{ print $2 }'
558}
559
560get_default_route()
561{
562   netstat -f inet -nr | grep '^default' | awk '{ print $2 }'
563}
564
565get_default_interface()
566{
567   netstat -f inet -nrW | grep '^default' | awk '{ print $7 }'
568}
569
570get_bridge_interfaces()
571{
572   ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:
573}
574
575get_bridge_members()
576{
577   ifconfig ${1} | grep -w member | awk '{ print $2 }'
578}
579
580get_bridge_interface_by_ipv4_network()
581{
582   local network="${1}"
583   local bridges="$(get_bridge_interfaces)"
584
585   if [ -z "${network}" ]
586   then
587      return 1
588   fi
589
590   for _bridge in ${bridges}
591   do
592      local ips="$(get_interface_ipv4_aliases "${_bridge}")"
593      for _ip in ${ips}
594      do
595         if in_ipv4_network "${_ip}" "${network}"
596         then
597            echo "${_bridge}"
598            return 0
599         fi
600      done
601   done
602
603   return 1
604}
605
606get_bridge_interface_by_ipv6_network()
607{
608   local network="${1}"
609   local bridges="$(get_bridge_interfaces)"
610
611   if [ -z "${network}" ]
612   then
613      return 1
614   fi
615
616   for _bridge in ${bridges}
617   do
618      local ips="$(get_interface_ipv6_aliases "${_bridge}")"
619      for _ip in ${ips}
620      do
621         if in_ipv6_network "${_ip}" "${network}"
622         then
623            echo "${_bridge}"
624            return 0
625         fi
626      done
627   done
628
629   return 1
630}
631
632is_bridge_member()
633{
634   local _bridge="${1}"
635   local _iface="${2}"
636
637   for _member in `get_bridge_members ${_bridge}`
638   do
639      if [ "${_member}" = "${_iface}" ] ; then
640         return 0
641      fi
642   done
643
644   return 1
645}
646
647jail_interfaces_down()
648{
649   local _jid="${1}"
650   local _bridgeif
651   local _epaira
652   local _epairb
653
654   _epairb=`jexec ${_jid} ifconfig -a | grep '^epair' | cut -f1 -d:`
655   if [ -n "${_epairb}" ] ; then
656      _epaira=`echo ${_epairb} | sed -E 's|b$|a|'`
657      _bridgeif=
658
659      for _bridge in `ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:`
660      do
661         for _member in `ifconfig ${_bridge} | grep member | awk '{ print $2 }'`
662         do
663            if [ "${_member}" = "${_epaira}" ] ; then
664               _bridgeif="${_bridge}"
665                break
666            fi
667         done
668         if [ -n "${_bridgeif}" ] ; then
669            break
670         fi
671      done
672
673      jexec ${_jid} ifconfig ${_epairb} down
674      ifconfig ${_epaira} down
675      ifconfig ${_epaira} destroy
676      _count=`ifconfig ${_bridgeif} | grep member | awk '{ print $2 }' | wc -l`
677      if [ "${_count}" -le "1" ] ; then
678         ifconfig ${_bridgeif} destroy
679      fi
680   fi
681}
682
683enable_cron()
684{
685   cronscript="${PROGDIR}/scripts/backend/cronsnap.sh"
686   grep -q "${cronscript}" /etc/crontab
687   if [ $? -eq 0 ] ; then return 0 ; fi
688   echo "2     *        *       *       *        root    ${cronscript}" >> /etc/crontab
689   # Restart cron
690   /etc/rc.d/cron restart >/dev/null 2>/dev/null
691}
692
693fix_old_meta()
694{
695   for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
696   do
697      if [ -e "${i}/xjail" ] ; then
698         touch ${i}/jail-portjail 2>/dev/null
699      fi
700      if [ -e "${i}/linuxjail" ] ; then
701         touch ${i}/jail-linux 2>/dev/null
702      fi
703   done
704}
705
706is_ipv4()
707{
708   local addr="${1}"
709   local res=1
710
711   local ipv4="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
712   if [ "${ipv4}" = "ipv4" ]
713   then
714      res=0
715   fi
716
717   return ${res}
718}
719
720is_ipv6()
721{
722   local addr="${1}"
723   local res=1
724
725   local ipv6="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
726   if [ "${ipv6}" = "ipv6" ]
727   then
728      res=0
729   fi
730
731   return ${res}
732}
733
734in_ipv4_network()
735{
736   local addr="${1}"
737   local network="${2}"
738   local res=1
739
740   local start="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $4 }')"
741   local end="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $6 }')"
742
743   local iaddr="$(/usr/local/bin/sipcalc "${addr}"|awk '/(decimal)/ { print $5 }')"
744   local istart="$(/usr/local/bin/sipcalc "${start}"|awk '/(decimal)/ { print $5 }')"
745   local iend="$(/usr/local/bin/sipcalc "${end}"|awk '/(decimal)/ { print $5 }')"
746
747   if [ "${iaddr}" -ge "${istart}" -a "${iaddr}" -le "${iend}" ]
748   then
749      res=0
750   fi
751
752   return ${res}
753}
754
755ipv6_to_binary()
756{
757   echo ${1}|awk '{
758      split($1, octets, ":");
759      olen = length(octets);
760               
761      bnum = "";
762      for (i = 1;i <= olen;i++) {
763         tbnum = "";
764         dnum = int(sprintf("0x%s", octets[i]));
765         for (;;) {
766            rem = int(dnum % 2);
767            if (rem == 0)
768               tbnum = sprintf("0%s", tbnum);
769            else               
770               tbnum = sprintf("1%s", tbnum);
771            dnum /= 2;
772            if (dnum < 1)
773               break;
774         }
775         bnum = sprintf("%s%016s", bnum, tbnum);
776      }
777      printf("%s", bnum);
778   }'
779}
780
781in_ipv6_network()
782{
783   local addr="${1}"
784   local network="${2}"
785   local mask="$(echo "${network}"|cut -f2 -d'/' -s)"
786   local res=1
787
788   local addr="$(/usr/local/bin/sipcalc "${addr}"|awk \
789      '/^Expanded/ { print $4}')"
790   local start="$(/usr/local/bin/sipcalc "${network}"|egrep \
791      '^Network range'|awk '{ print $4 }')"
792
793   local baddr="$(ipv6_to_binary "${addr}")"
794   local bstart="$(ipv6_to_binary "${start}")"
795
796   local baddrnet="$(echo "${baddr}"|awk -v mask="${mask}" \
797      '{ s = substr($0, 1, mask); printf("%s", s); }')"
798   local bstartnet="$(echo "${bstart}"|awk -v mask="${mask}" \
799      '{ s = substr($0, 1, mask); printf("%s", s); }')"
800
801   if [ "${baddrnet}" = "${bstartnet}" ]
802   then
803      res=0
804   fi
805
806   return ${res}
807}
808
809install_pc_extractoverlay()
810{
811  if [ -z "${1}" ] ; then
812    return 1
813  fi
814
815  mkdir -p ${1}/usr/local/bin
816  mkdir -p ${1}/usr/local/share/pcbsd/conf
817  mkdir -p ${1}/usr/local/share/pcbsd/distfiles
818
819  cp /usr/local/bin/pc-extractoverlay ${1}/usr/local/bin/
820  chmod 755 ${1}/usr/local/bin/pc-extractoverlay
821
822  cp /usr/local/share/pcbsd/conf/server-excludes \
823    ${1}/usr/local/share/pcbsd/conf
824  cp /usr/local/share/pcbsd/distfiles/server-overlay.txz \
825    ${1}/usr/local/share/pcbsd/distfiles
826
827  return 0
828}
829
830make_bootstrap_pkgng_file_standard()
831{
832  local jaildir="${1}"
833  local outfile="${2}"
834
835  local release="$(uname -r | cut -d '-' -f 1-2)"
836  local arch="$(uname -m)"
837
838cat<<__EOF__>"${outfile}"
839#!/bin/sh
840tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
841pkg add pkg.txz
842rm pkg.txz
843
844echo "packagesite: http://pkg.cdn.pcbsd.org/${release}/${arch}" >/usr/local/etc/pkg.conf
845echo "PUBKEY: /usr/local/etc/pkg-pubkey.cert" >>/usr/local/etc/pkg.conf
846echo "PKG_CACHEDIR: /usr/local/tmp" >>/usr/local/etc/pkg.conf
847
848pkg install -y pcbsd-utils
849pc-extractoverlay ports
850
851exit $?
852__EOF__
853}
854
855make_bootstrap_pkgng_file_pluginjail()
856{
857
858  local jaildir="${1}"
859  local outfile="${2}"
860
861  local release="$(uname -r | cut -d '-' -f 1-2)"
862  local arch="$(uname -m)"
863
864  get_mirror
865  local mirror="${VAL}"
866
867  cp /usr/local/share/warden/pluginjail-packages "${jaildir}/pluginjail-packages"
868
869cat<<__EOF__>"${outfile}"
870#!/bin/sh
871tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
872pkg add pkg.txz
873rm pkg.txz
874
875mount -t devfs devfs /dev
876
877echo "packagesite: http://pkg.cdn.pcbsd.org/${release}/${arch}" >/usr/local/etc/pkg.conf
878echo "PUBKEY: /usr/local/etc/pkg-pubkey.cert" >>/usr/local/etc/pkg.conf
879echo "PKG_CACHEDIR: /usr/local/tmp" >>/usr/local/etc/pkg.conf
880pkg install -y pcbsd-utils
881__EOF__
882
883echo '
884i=0
885count=`wc -l /pluginjail-packages| awk "{ print $1 }"`
886for p in `cat /pluginjail-packages`
887do
888  pkg install -y ${p}
889  : $(( i += 1 ))
890done
891
892umount devfs
893exit $?
894' >> "${outfile}"
895}
896
897
898bootstrap_pkgng()
899{
900  local jaildir="${1}"
901  local jailtype="${2}"
902  if [ -z "${jailtype}" ] ; then
903    jailtype="standard"
904  fi
905  local release="$(uname -r | cut -d '-' -f 1-2)"
906  local arch="$(uname -m)"
907
908  local ffunc="make_bootstrap_pkgng_file_standard"
909  if [ "${jailtype}" = "pluginjail" ] ; then
910    ffunc="make_bootstrap_pkgng_file_pluginjail"
911  fi
912
913  cd ${jaildir} 
914  echo "Boot-strapping pkgng"
915
916  mkdir -p ${jaildir}/usr/local/etc
917  pubcert="/usr/local/etc/pkg-pubkey.cert"
918
919  cp "${pubcert}" ${jaildir}/usr/local/etc
920  install_pc_extractoverlay "${jaildir}"
921
922  ${ffunc} "${jaildir}" "${jaildir}/bootstrap-pkgng"
923  chmod 755 "${jaildir}/bootstrap-pkgng"
924
925  if [ -e "pkg.txz" ] ; then rm pkg.txz ; fi
926  get_file_from_mirrors "/${release}/${arch}/Latest/pkg.txz" "pkg.txz" "pkg"
927  if [ $? -eq 0 ] ; then
928    chroot ${jaildir} /bootstrap-pkgng
929    if [ $? -eq 0 ] ; then
930      rm -f "${jaildir}/bootstrap-pkgng"
931      rm -f "${jaildir}/pluginjail-packages"
932      chroot ${jaildir} pc-extractoverlay server --sysinit
933      return 0
934    fi
935  fi
936
937  echo "Failed boot-strapping PKGNG, most likely cause is internet connection failure."
938  rm -f "${jaildir}/bootstrap-pkgng"
939  rm -f "${jaildir}/pluginjail-packages"
940  return 1
941}
942
943ipv4_configured()
944{
945   local iface="${1}"
946   local jid="${2}"
947   local jexec=
948
949   if [ -n "${jid}" ] ; then
950      jexec="jexec ${jid}"
951   fi
952
953   ${jexec} ifconfig "${iface}" | grep -qw inet 2>/dev/null
954   return $?
955}
956
957ipv4_address_configured()
958{
959   local iface="${1}"
960   local addr="${2}"
961   local jid="${3}"
962   local jexec= 
963
964   addr="$(echo ${addr}|cut -f1 -d'/')"
965
966   if [ -n "${jid}" ] ; then
967      jexec="jexec ${jid}"
968   fi
969
970   ${jexec} ifconfig "${iface}" | \
971      grep -w inet | \
972      awk '{ print $2 }' | \
973      grep -Ew "^${addr}" >/dev/null 2>&1
974   return $?
975}
976
977ipv6_configured()
978{
979   local iface="${1}"
980   local jid="${2}"
981   local jexec=
982
983   if [ -n "${jid}" ] ; then
984      jexec="jexec ${jid}"
985   fi
986
987   ${jexec} ifconfig "${iface}" | grep -qw inet6 2>/dev/null
988   return $?
989}
990
991ipv6_address_configured()
992{
993   local iface="${1}"
994   local addr="${2}"
995   local jid="${3}"
996   local jexec= 
997
998   addr="$(echo ${addr}|cut -f1 -d'/')"
999
1000   if [ -n "${jid}" ] ; then
1001      jexec="jexec ${jid}"
1002   fi
1003
1004   ${jexec} ifconfig "${iface}" | \
1005      grep -w inet6 | \
1006      awk '{ print $2 }' | \
1007      grep -Ew "^${addr}" >/dev/null 2>&1
1008   return $?
1009}
1010
1011get_ipfw_nat_instance()
1012{
1013   local iface="${1}"
1014   local res=1
1015
1016   if [ -z "${iface}" ] ; then
1017      local instance="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'|tail -1`"
1018      if [ -z "${instance}" ] ; then
1019         instance="100"
1020      else               
1021         : $(( instance += 100 )) 
1022      fi
1023      echo "${instance}"
1024      return 0
1025   fi
1026
1027   for ni in `ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'`
1028   do
1029      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1030      if [ "$?" = "0" ] ; then
1031         echo "${ni}"
1032         res=0
1033         break
1034      fi
1035   done
1036
1037   return ${res}
1038}
1039
1040get_ipfw_nat_priority()
1041{
1042   local iface="${1}"
1043   local res=1
1044
1045   if [ -z "${iface}" ] ; then
1046      local priority="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $1 }'|tail -1`"
1047      if [ -z "${priority}" ] ; then
1048         priority=2000
1049      fi
1050      printf "%05d\n" "${priority}"
1051      return 0
1052   fi
1053
1054   local IFS='
1055'
1056   for rule in `ipfw list|egrep '[0-9]+ nat'`
1057   do
1058      local priority="`echo "${rule}"|awk '{ print $1 }'`"
1059      local ni="`echo "${rule}"|awk '{ print $3 }'`"
1060
1061      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1062      if [ "$?" = "0" ] ; then
1063         echo "${priority}"
1064         res=0
1065         break
1066      fi
1067   done
1068
1069   return ${res}
1070}
1071
1072list_templates()
1073{
1074   echo "Jail Templates:"
1075   echo "------------------------------" 
1076   isDirZFS "${JDIR}"
1077   if [ $? -eq 0 ] ; then
1078     for i in `ls -d ${JDIR}/.warden-template* 2>/dev/null`
1079     do
1080        if [ ! -e "$i/bin/sh" ] ; then continue ; fi
1081        NICK=`echo "$i" | sed "s|${JDIR}/.warden-template-||g"`
1082        file "$i/bin/sh" 2>/dev/null | grep -q "64-bit"
1083        if [ $? -eq 0 ] ; then
1084           ARCH="amd64"
1085        else
1086           ARCH="i386"
1087        fi
1088        VER=`file "$i/bin/sh" | cut -d ',' -f 5 | awk '{print $3}'`
1089        if [ -e "$i/etc/rc.delay" ] ; then
1090           TYPE="TrueOS"
1091        else
1092           TYPE="FreeBSD"
1093        fi
1094        echo -e "${NICK} - $TYPE $VER ($ARCH)"
1095     done
1096   else
1097     # UFS, no details for U!
1098     ls ${JDIR}/.warden-template*.tbz | sed "s|${JDIR}/.warden-template-||g" | sed "s|.tbz||g"
1099   fi
1100   exit 0
1101}
1102
1103delete_template()
1104{
1105   tDir="${JDIR}/.warden-template-${1}"
1106   isDirZFS "${JDIR}"
1107   if [ $? -eq 0 ] ; then
1108     isDirZFS "${tDir}" "1"
1109     if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${tDir}" ; fi
1110     tank=`getZFSTank "$tDir"`
1111     rp=`getZFSRelativePath "$tDir"`
1112     zfs destroy -r $tank${rp} 
1113     if [ $? -ne 0 ] ; then
1114       exit_err "Could not remove template, perhaps you have jails still using it?"
1115     fi
1116     rmdir ${tDir}
1117   else
1118     if [ ! -e "${tDir}.tbz" ] ; then
1119       exit_err "No such template: ${1}"
1120     fi
1121     rm ${tDir}.tbz
1122   fi
1123   echo "DONE"
1124
1125   exit 0
1126}
Note: See TracBrowser for help on using the repository browser.