source: src-sh/warden/scripts/backend/functions.sh @ c2b5aad

releng/10.0.1releng/10.0.2releng/10.0.3
Last change on this file since c2b5aad was c2b5aad, checked in by Kris Moore <kris@…>, 7 months ago

Fix a bug in warden doing pkgng bootstrap. Now use the jails "freebsd-version" command
to figure out which release we are boot-strapping for. This means it will only
boot strap on 10.0 and later, but that is the only real repos we have active anyway.

  • Property mode set to 100755
File size: 28.8 KB
Line 
1#!/bin/sh
2# Functions / variables for warden
3######################################################################
4# DO NOT EDIT
5
6# Source local functions
7. /usr/local/share/pcbsd/scripts/functions.sh
8
9# Installation directory
10PROGDIR="/usr/local/share/warden"
11
12# Jail location
13JDIR="$(grep ^JDIR: /usr/local/etc/warden.conf | cut -d' ' -f2)"
14export JDIR
15
16# Set arch type
17REALARCH=`uname -m`
18export REALARCH
19if [ -z "$ARCH" ] ; then
20  ARCH="$REALARCH"
21  export ARCH
22fi
23
24# Location of pcbsd.conf file
25PCBSD_ETCCONF="/usr/local/etc/pcbsd.conf"
26
27# Network interface to use
28NIC="$(grep ^NIC: /usr/local/etc/warden.conf | cut -d' ' -f2)"
29export NIC
30
31# Tmp directory
32WTMP="$(grep ^WTMP: /usr/local/etc/warden.conf | cut -d' ' -f2)"
33export WTMP
34
35# FreeBSD release
36FREEBSD_RELEASE="$(grep ^FREEBSD_RELEASE: /usr/local/etc/warden.conf | cut -d' ' -f2)"
37if [ -z "${FREEBSD_RELEASE}" ] ; then
38  FREEBSD_RELEASE="$(uname -r)"
39fi
40export UNAME_r="${FREEBSD_RELEASE}"
41
42# Temp file for dialog responses
43ATMP="/tmp/.wans"
44export ATMP
45
46# Warden Version
47WARDENVER="1.3"
48export WARDENVER
49
50# Dirs to nullfs mount in X jail
51NULLFS_MOUNTS="/tmp /media"
52X11_MOUNTS="/usr/local/lib/X11/icons /usr/local/lib/X11/fonts /usr/local/etc/fonts"
53
54# Clone directory
55CDIR="${JDIR}/clones"
56
57downloadpluginjail() {
58  local _ver="${1}"
59
60  SYSVER=`echo "${_ver}" | sed -E 's|^FreeNAS-(([0-9]+\.){2}[0-9]+).*|\1|'`
61  SYSREL=`echo "${_ver}" | sed -E 's|^FreeNAS-([0-9]+\.){2}[0-9]+-([a-zA-Z0-9]+)-.*|\2|'`
62  SYSARCH=`echo "${_ver}" | sed -E 's#^(.*)(x86|x64)#\2#'`
63
64  SF="http://downloads.sourceforge.net/project/freenas"
65  URL="${SF}/FreeNAS-${SYSVER}/${SYSREL}/${SYSARCH}/plugins"
66
67  PJAIL="FreeNAS-${SYSVER}-${SYSREL}-${SYSARCH}.Plugins_Jail.pbi"
68  PJAILSHA256="${PJAIL}.sha256"
69
70  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
71  cd ${JDIR}
72
73  echo "Fetching jail environment. This may take a while..."
74
75  if [ ! -e "${PJAIL}" ] ; then
76     echo "Downloading ${URL}/${PJAIL} ..."
77     get_file "${URL}/${PJAIL}" "${PJAIL}" 3
78     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail."
79  fi
80
81  if [ ! -e "${PJAILSHA256}" ] ; then
82     echo "Downloading ${URL}/${PJAILSHA256} ..."
83     get_file "${URL}/${PJAILSHA256}" "${PJAILSHA256}" 3
84     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail sha256."
85  fi
86
87  [ "$(sha256 -q ${PJAIL})" != "$(cat ${PJAILSHA256})" ] &&
88    printerror "Error in download data, checksum mismatch. Please try again later."
89
90  # Creating ZFS dataset?
91  isDirZFS "${JDIR}"
92  if [ $? -eq 0 ] ; then
93    local zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
94
95    # Use ZFS base for cloning
96    echo "Creating ZFS ${WORLDCHROOT} dataset..."
97    tank=`getZFSTank "${JDIR}"`
98    isDirZFS "${WORLDCHROOT}" "1"
99    if [ $? -ne 0 ] ; then
100       zfs create -o mountpoint=/${tank}${zfsp} -p ${tank}${zfsp}
101       if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
102       mkdir -p "${WORLDCHROOT}/.plugins" >/dev/null 2>&1
103    fi
104
105    pbi_add -e --no-checksig -p ${WORLDCHROOT} ${PJAIL}
106    if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
107
108    zfs snapshot ${tank}${zfsp}@clean
109    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
110    rm ${PJAIL}
111  else
112    # Save the chroot tarball
113    mv ${PJAIL} ${WORLDCHROOT}
114  fi
115  rm ${PJAILSHA256}
116};
117
118### Download the chroot
119downloadchroot() {
120  local CHROOT="${1}"
121
122  # XXX If this is PCBSD, pbreg get /PC-BSD/Version
123  SYSVER="$(echo "$(uname -r)" | cut -f1 -d'-')"
124  FBSD_TARBALL="fbsd-release.txz"
125  FBSD_TARBALL_CKSUM="${FBSD_TARBALL}.md5"
126
127  # Set the mirror URL, may be overridden by setting MIRRORURL environment variable
128  if [ -z "${MIRRORURL}" ]; then
129    get_mirror
130    MIRRORURL="$VAL"
131  fi
132
133  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
134  cd ${JDIR}
135
136  echo "Fetching jail environment. This may take a while..."
137  echo "Downloading ${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL} ..."
138
139  if [ ! -e "$FBSD_TARBALL" ] ; then
140     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL}" "$FBSD_TARBALL" 3
141     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
142  fi
143
144  if [ ! -e "$FBSD_TARBALL_CKSUM" ] ; then
145     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL_CKSUM}" "$FBSD_TARBALL_CKSUM" 3
146     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
147  fi
148
149  [ "$(md5 -q ${FBSD_TARBALL})" != "$(cat ${FBSD_TARBALL_CKSUM})" ] &&
150    printerror "Error in download data, checksum mismatch. Please try again later."
151
152  # Creating ZFS dataset?
153  isDirZFS "${JDIR}"
154  if [ $? -eq 0 ] ; then
155    local zfsp=`getZFSRelativePath "${CHROOT}"`
156
157    # Use ZFS base for cloning
158    echo "Creating ZFS ${CHROOT} dataset..."
159    tank=`getZFSTank "${JDIR}"`
160    isDirZFS "${CHROOT}" "1"
161    if [ $? -ne 0 ] ; then
162       zfs create -o mountpoint=/${tank}${zfsp} -p ${tank}${zfsp}
163       if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
164    fi
165
166    tar xvpf ${FBSD_TARBALL} -C ${CHROOT} 2>/dev/null
167    if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
168
169    zfs snapshot ${tank}${zfsp}@clean
170    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
171    rm ${FBSD_TARBALL}
172  else
173    # Save the chroot tarball
174    mv ${FBSD_TARBALL} ${CHROOT}
175  fi
176  rm ${FBSD_TARBALL_CKSUM}
177};
178
179# Check if a directory is mounted
180isDirMounted() {
181  mount | grep -q "on $1 ("
182  return $?
183}
184
185### Mount all needed filesystems for the jail
186mountjailxfs() {
187
188  if [ ! -d "${JDIR}/${1}/" ] ; then
189     exit_err "Invalid jail directory: ${JDIR}/${1}"
190  fi
191
192  # Update the user files on the portjail
193  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
194  for file in ${ETCFILES}; do
195    rm ${JDIR}/${1}/etc/${file} >/dev/null 2>&1
196    cp /etc/${file} ${JDIR}/${1}/etc/${file}
197  done
198
199  for nullfs_mount in ${NULLFS_MOUNTS}; do
200    if [ ! -d "${JDIR}/${1}${nullfs_mount}" ] ; then
201      mkdir -p "${JDIR}/${1}${nullfs_mount}"
202    fi
203    if is_symlinked_mountpoint ${nullfs_mount}; then
204      echo "${nullfs_mount} has symlink as parent, not mounting"
205      continue
206    fi
207
208    # If this is already mounted we can skip for now
209    isDirMounted "${JDIR}/${1}${nullfs_mount}" && continue
210
211    echo "Mounting ${JDIR}/${1}${nullfs_mount}"
212    mount_nullfs ${nullfs_mount} ${JDIR}/${1}${nullfs_mount}
213  done
214
215  # Check and mount /dev
216  isDirMounted "${JDIR}/${1}/dev"
217  if [ $? -ne 0 ] ; then
218    echo "Enabling devfs"
219    mount -t devfs devfs ${JDIR}/${1}/dev
220  fi
221
222  # Add support for linprocfs for ports that need linprocfs to build/run
223  if [  ! -d "${JDIR}/${1}/compat/linux/proc" ]; then
224    mkdir -p ${JDIR}/${1}/compat/linux/proc
225  fi
226  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/proc; then
227    echo "${JDIR}/${1}/compat/linux/proc has symlink as parent, not mounting"
228    return
229  fi
230
231  # If this is already mounted we can skip for now
232  isDirMounted "${JDIR}/${1}/compat/linux/proc"
233  if [ $? -ne 0 ] ; then
234    echo "Enabling linprocfs support."
235    mount -t linprocfs linprocfs ${JDIR}/${1}/compat/linux/proc
236  fi
237
238  # Add support for linsysfs for ports that need linprocfs to build/run
239  if [  ! -d "${JDIR}/${1}/compat/linux/sys" ]; then
240    mkdir -p ${JDIR}/${1}/compat/linux/sys
241  fi
242  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/sys; then
243    echo "${JDIR}/${1}/compat/linux/sys has symlink as parent, not mounting"
244    return
245  fi
246
247  # If this is already mounted we can skip for now
248  isDirMounted "${JDIR}/${1}/compat/linux/sys"
249  if [ $? -ne 0 ] ; then
250    echo "Enabling linsysfs support."
251    mount -t linsysfs linsysfs ${JDIR}/${1}/compat/linux/sys
252  fi
253
254  # Lastly we need to mount /usr/home/* directories
255  for i in `ls -d /usr/home/*`
256  do
257    # If this is already mounted we can skip for now
258    isDirMounted "${JDIR}/${1}${i}" && continue
259    if [ ! -d "${JDIR}/${1}${i}" ] ; then mkdir -p ${JDIR}/${1}${i} ; fi
260    echo "Mounting home: ${i}"
261    mount_nullfs ${i} ${JDIR}/${1}${i}
262  done
263
264}
265
266### Umount all the jail's filesystems
267umountjailxfs() {
268  status="0"
269  # Umount all filesystems that are mounted into the portsjail
270  for mountpoint in $(mount | grep ${JDIR}/${1}/ | cut -d" " -f3); do
271    if [ "$mountpoint" = "${JDIR}/${1}/dev" ] ; then continue ; fi
272    if [ "$mountpoint" = "${JDIR}/${1}/" ] ; then continue ; fi
273    if [ "$mountpoint" = "${JDIR}/${1}" ] ; then continue ; fi
274    echo "Unmounting $mountpoint"
275    umount -f ${mountpoint}
276    if [ $? -ne 0 ] ; then status="1" ; fi
277  done
278  # Now try to umount /dev
279  umount -f ${JDIR}/${1}/dev 2>/dev/null >/dev/null
280  return $status
281}
282
283# Check if PBI scripts are loaded in jail
284checkpbiscripts() {
285  if [ -z "${1}" ] ; then return ; fi
286  if [ ! -e "${1}/usr/local/sbin/pbi_info" ] ; then
287    copypbiscripts "${1}"
288  elif [ "`ls -l /usr/local/sbin/pbi_info | awk '{print $5}'`" != "`ls -l ${1}/usr/local/sbin/pbi_info | awk '{print $5}'`" ] ; then
289    copypbiscripts "${1}"
290  fi
291}
292
293# Copy PBI scripts to jail
294copypbiscripts() {
295  if [ -z "${1}" ] ; then return ; fi
296  mkdir -p ${1}/usr/local/sbin >/dev/null 2>/dev/null
297  cp /usr/local/sbin/pbi* ${1}/usr/local/sbin/
298  chmod 755 ${1}/usr/local/sbin/pbi*
299
300  # Copy rc.d pbid script
301  mkdir -p ${1}/usr/local/etc/rc.d >/dev/null 2>/dev/null
302  cp /usr/local/etc/rc.d/pbid ${1}/usr/local/etc/rc.d/
303
304  # Copy any PBI manpages
305  for man in `find /usr/local/man | grep pbi`
306  do
307    if [ ! -d "${1}`dirname $man`" ] ; then
308      mkdir -p "${1}`dirname $man`"
309    fi
310    cp "${man}" "${1}${man}"
311  done
312}
313
314mkportjail() {
315  if [ -z "${1}" ] ; then return ; fi
316  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
317  for file in ${ETCFILES}; do
318    rm ${1}/etc/${file} >/dev/null 2>&1
319    cp /etc/${file} ${1}/etc/${file}
320  done
321 
322  # Need to symlink /home
323  chroot ${1} ln -fs /usr/home /home
324
325  # Make sure we remove our cleartmp rc.d script, causes issues
326  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
327
328  # Flag this type
329  touch ${JMETADIR}/jail-portjail
330}
331
332mkpluginjail() {
333  if [ -z "${1}" ] ; then return ; fi
334  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
335  for file in ${ETCFILES}; do
336    rm ${1}/etc/${file} >/dev/null 2>&1
337    cp /etc/${file} ${1}/etc/${file}
338  done
339 
340  # Need to symlink /home
341  chroot ${1} ln -fs /usr/home /home
342
343  # Make sure we remove our cleartmp rc.d script, causes issues
344  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
345  # Flag this type
346  touch ${JMETADIR}/jail-pluginjail
347}
348
349mkZFSSnap() {
350  isDirZFS "${1}" "1"
351  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
352  tank=`getZFSTank "$1"`
353  rp=`getZFSRelativePath "$1"`
354  zdate=`date +%Y-%m-%d-%H-%M-%S`
355  zfs snapshot $tank${rp}@$zdate
356}
357
358listZFSSnap() {
359  isDirZFS "${1}" "1"
360  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
361  tank=`getZFSTank "$1"`
362  rp=`getZFSRelativePath "$1"`
363  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}'
364}
365
366listZFSClone() {
367  isDirZFS "${1}" "1"
368  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
369  tank=`getZFSTank "$1"`
370  cdir=`getZFSRelativePath "${CDIR}"` 
371  echo "Clone Directory: ${CDIR}"
372  echo "-----------------------------------"
373  zfs list | grep -w "^${tank}${cdir}/${2}" | awk '{print $5}' | sed "s|${CDIR}/${2}-||g"
374}
375
376rmZFSClone() {
377  CLONEDIR="${CDIR}/${3}-${2}"
378  isDirZFS "${CLONEDIR}" "1"
379  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${CLONEDIR}" ; fi
380  tank=`getZFSTank "${CLONEDIR}"`
381  rp=`getZFSRelativePath "${CLONEDIR}"`
382  zfs destroy ${tank}${rp}
383}
384
385rmZFSSnap() {
386  isDirZFS "${1}" "1"
387  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
388  tank=`getZFSTank "$1"`
389  rp=`getZFSRelativePath "$1"`
390  zfs destroy $tank${rp}@$2
391}
392
393revertZFSSnap() {
394  isDirZFS "${1}" "1"
395  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
396  tank=`getZFSTank "$1"`
397  rp=`getZFSRelativePath "$1"`
398
399  # Make sure this is a valid snapshot
400  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}' | grep -q ${2}
401  if [ $? -ne 0 ] ; then printerror "Invalid ZFS snapshot!" ; fi
402
403  # Check if the jail is running first
404  ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
405  if [ "$?" = "0" ]; then
406    restartJail="YES"
407    # Make sure the jail is stopped
408    ${PROGDIR}/scripts/backend/stopjail.sh "${3}"
409    ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
410    if [ "$?" = "0" ]; then
411      printerror "Could not stop jail... Halting..."
412    fi
413  fi
414
415  # Rollback the snapshot
416  zfs rollback -R -f ${tank}${rp}@$2
417
418  # If it was started, restart the jail now
419  if [ "$restartJail" = "YES" ]; then
420    ${PROGDIR}/scripts/backend/startjail.sh "${3}"
421  fi
422 
423}
424
425cloneZFSSnap() {
426  isDirZFS "${1}" "1"
427  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
428  tank=`getZFSTank "$1"`
429  rp=`getZFSRelativePath "$1"`
430  cdir=`getZFSRelativePath "${CDIR}"`
431
432  # Make sure this is a valid snapshot
433  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}' | grep -q ${2}
434  if [ $? -ne 0 ] ; then printerror "Invalid ZFS snapshot!" ; fi
435
436  if [ -d "${CDIR}/${3}-${2}" ] ; then
437     printerror "This snapshot is already cloned and mounted at: ${CDIR}/${3}-${2}"
438  fi
439
440  # Clone the snapshot
441  zfs clone -p ${tank}${rp}@$2 ${tank}${cdir}/${3}-${2}
442
443  echo "Snapshot cloned and mounted to: ${CDIR}/${3}-${2}"
444}
445
446set_warden_metadir()
447{
448   JMETADIR="${JDIR}/.${JAILNAME}.meta"
449   export JMETADIR
450}
451
452get_ip_and_netmask()
453{
454   JIP=`echo "${1}" | cut -f1 -d'/'`
455   JMASK=`echo "${1}" | cut -f2 -d'/' -s`
456}
457
458get_interface_addresses()
459{
460   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
461}
462
463get_interface_ipv4_addresses()
464{
465   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
466}
467
468get_interface_ipv6_addresses()
469{
470   ifconfig ${1} | grep -w inet6 | awk '{ print $2 }'
471}
472
473get_interface_address()
474{
475   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
476}
477
478get_interface_ipv4_address()
479{
480   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
481}
482
483get_interface_ipv6_address()
484{
485   ifconfig ${1} | grep -w inet6 | head -1 | awk '{ print $2 }'
486}
487
488get_interface_aliases()
489{
490   local _count
491
492   _count=`ifconfig ${1} | grep -w inet | wc -l`
493   _count="$(echo "${_count} - 1" | bc)"
494
495   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
496}
497
498get_interface_ipv4_aliases()
499{
500   local _count
501
502   _count=`ifconfig ${1} | grep -w inet | wc -l`
503   _count="$(echo "${_count} - 1" | bc)"
504
505   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
506}
507
508get_interface_ipv6_aliases()
509{
510   local _count
511
512   _count=`ifconfig ${1} | grep -w inet | wc -l`
513   _count="$(echo "${_count} - 1" | bc)"
514
515   ifconfig ${1} | grep -w inet6 | tail -${_count} | awk '{ print $2 }'
516}
517
518get_default_route()
519{
520   netstat -f inet -nr | grep '^default' | awk '{ print $2 }'
521}
522
523get_default_interface()
524{
525   netstat -f inet -nrW | grep '^default' | awk '{ print $7 }'
526}
527
528get_bridge_interfaces()
529{
530   ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:
531}
532
533get_bridge_members()
534{
535   ifconfig ${1} | grep -w member | awk '{ print $2 }'
536}
537
538get_bridge_interface_by_ipv4_network()
539{
540   local network="${1}"
541   local bridges="$(get_bridge_interfaces)"
542
543   if [ -z "${network}" ]
544   then
545      return 1
546   fi
547
548   for _bridge in ${bridges}
549   do
550      local ips="$(get_interface_ipv4_aliases "${_bridge}")"
551      for _ip in ${ips}
552      do
553         if in_ipv4_network "${_ip}" "${network}"
554         then
555            echo "${_bridge}"
556            return 0
557         fi
558      done
559   done
560
561   return 1
562}
563
564get_bridge_interface_by_ipv6_network()
565{
566   local network="${1}"
567   local bridges="$(get_bridge_interfaces)"
568
569   if [ -z "${network}" ]
570   then
571      return 1
572   fi
573
574   for _bridge in ${bridges}
575   do
576      local ips="$(get_interface_ipv6_aliases "${_bridge}")"
577      for _ip in ${ips}
578      do
579         if in_ipv6_network "${_ip}" "${network}"
580         then
581            echo "${_bridge}"
582            return 0
583         fi
584      done
585   done
586
587   return 1
588}
589
590is_bridge_member()
591{
592   local _bridge="${1}"
593   local _iface="${2}"
594
595   for _member in `get_bridge_members ${_bridge}`
596   do
597      if [ "${_member}" = "${_iface}" ] ; then
598         return 0
599      fi
600   done
601
602   return 1
603}
604
605jail_interfaces_down()
606{
607   local _jid="${1}"
608   local _bridgeif
609   local _epaira
610   local _epairb
611
612   _epairb=`jexec ${_jid} ifconfig -a | grep '^epair' | cut -f1 -d:`
613   if [ -n "${_epairb}" ] ; then
614      _epaira=`echo ${_epairb} | sed -E 's|b$|a|'`
615      _bridgeif=
616
617      for _bridge in `ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:`
618      do
619         for _member in `ifconfig ${_bridge} | grep member | awk '{ print $2 }'`
620         do
621            if [ "${_member}" = "${_epaira}" ] ; then
622               _bridgeif="${_bridge}"
623                break
624            fi
625         done
626         if [ -n "${_bridgeif}" ] ; then
627            break
628         fi
629      done
630
631      jexec ${_jid} ifconfig ${_epairb} down
632      ifconfig ${_epaira} down
633      ifconfig ${_epaira} destroy
634      _count=`ifconfig ${_bridgeif} | grep member | awk '{ print $2 }' | wc -l`
635      if [ "${_count}" -le "1" ] ; then
636         ifconfig ${_bridgeif} destroy
637      fi
638   fi
639}
640
641enable_cron()
642{
643   cronscript="${PROGDIR}/scripts/backend/cronsnap.sh"
644   grep -q "${cronscript}" /etc/crontab
645   if [ $? -eq 0 ] ; then return 0 ; fi
646   echo "2     *        *       *       *        root    ${cronscript}" >> /etc/crontab
647   # Restart cron
648   /etc/rc.d/cron restart >/dev/null 2>/dev/null
649}
650
651fix_old_meta()
652{
653   for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
654   do
655      if [ -e "${i}/xjail" ] ; then
656         touch ${i}/jail-portjail 2>/dev/null
657      fi
658      if [ -e "${i}/linuxjail" ] ; then
659         touch ${i}/jail-linux 2>/dev/null
660      fi
661   done
662}
663
664is_ipv4()
665{
666   local addr="${1}"
667   local res=1
668
669   local ipv4="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
670   if [ "${ipv4}" = "ipv4" ]
671   then
672      res=0
673   fi
674
675   return ${res}
676}
677
678is_ipv6()
679{
680   local addr="${1}"
681   local res=1
682
683   local ipv6="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
684   if [ "${ipv6}" = "ipv6" ]
685   then
686      res=0
687   fi
688
689   return ${res}
690}
691
692in_ipv4_network()
693{
694   local addr="${1}"
695   local network="${2}"
696   local res=1
697
698   local start="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $4 }')"
699   local end="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $6 }')"
700
701   local iaddr="$(/usr/local/bin/sipcalc "${addr}"|awk '/(decimal)/ { print $5 }')"
702   local istart="$(/usr/local/bin/sipcalc "${start}"|awk '/(decimal)/ { print $5 }')"
703   local iend="$(/usr/local/bin/sipcalc "${end}"|awk '/(decimal)/ { print $5 }')"
704
705   if [ "${iaddr}" -ge "${istart}" -a "${iaddr}" -le "${iend}" ]
706   then
707      res=0
708   fi
709
710   return ${res}
711}
712
713ipv6_to_binary()
714{
715   echo ${1}|awk '{
716      split($1, octets, ":");
717      olen = length(octets);
718               
719      bnum = "";
720      for (i = 1;i <= olen;i++) {
721         tbnum = "";
722         dnum = int(sprintf("0x%s", octets[i]));
723         for (;;) {
724            rem = int(dnum % 2);
725            if (rem == 0)
726               tbnum = sprintf("0%s", tbnum);
727            else               
728               tbnum = sprintf("1%s", tbnum);
729            dnum /= 2;
730            if (dnum < 1)
731               break;
732         }
733         bnum = sprintf("%s%016s", bnum, tbnum);
734      }
735      printf("%s", bnum);
736   }'
737}
738
739in_ipv6_network()
740{
741   local addr="${1}"
742   local network="${2}"
743   local mask="$(echo "${network}"|cut -f2 -d'/' -s)"
744   local res=1
745
746   local addr="$(/usr/local/bin/sipcalc "${addr}"|awk \
747      '/^Expanded/ { print $4}')"
748   local start="$(/usr/local/bin/sipcalc "${network}"|egrep \
749      '^Network range'|awk '{ print $4 }')"
750
751   local baddr="$(ipv6_to_binary "${addr}")"
752   local bstart="$(ipv6_to_binary "${start}")"
753
754   local baddrnet="$(echo "${baddr}"|awk -v mask="${mask}" \
755      '{ s = substr($0, 1, mask); printf("%s", s); }')"
756   local bstartnet="$(echo "${bstart}"|awk -v mask="${mask}" \
757      '{ s = substr($0, 1, mask); printf("%s", s); }')"
758
759   if [ "${baddrnet}" = "${bstartnet}" ]
760   then
761      res=0
762   fi
763
764   return ${res}
765}
766
767install_pc_extractoverlay()
768{
769  if [ -z "${1}" ] ; then
770    return 1
771  fi
772
773  mkdir -p ${1}/usr/local/bin
774  mkdir -p ${1}/usr/local/share/pcbsd/conf
775  mkdir -p ${1}/usr/local/share/pcbsd/distfiles
776
777  cp /usr/local/bin/pc-extractoverlay ${1}/usr/local/bin/
778  chmod 755 ${1}/usr/local/bin/pc-extractoverlay
779
780  cp /usr/local/share/pcbsd/conf/server-excludes \
781    ${1}/usr/local/share/pcbsd/conf
782  cp /usr/local/share/pcbsd/distfiles/server-overlay.txz \
783    ${1}/usr/local/share/pcbsd/distfiles
784
785  return 0
786}
787
788make_bootstrap_pkgng_file_standard()
789{
790  local jaildir="${1}"
791  local outfile="${2}"
792
793  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
794     echo "Missing /bin/freebsd-version in jail.."
795     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
796     return 1
797  fi
798
799  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1-2`"
800  local arch="$(uname -m)"
801
802cat<<__EOF__>"${outfile}"
803#!/bin/sh
804tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
805pkg add pkg.txz
806rm pkg.txz
807
808# Create the pkg.conf file
809echo "PKG_CACHEDIR: /usr/local/tmp
810repos_dir: [
811                \"/usr/local/etc/pkg/repos\"
812           ]" > /usr/local/etc/pkg.conf
813
814# Create the repo dirs
815mkdir -p /usr/local/etc/pkg/repos 2>/dev/null
816mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/trusted 2>/dev/null
817mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/revoked 2>/dev/null
818
819# Save the repo configuration file
820echo "pcbsd: {
821               url: \"http://pkg.cdn.pcbsd.org/${release}/${arch}\",
822               signature_type: \"fingerprints\",
823               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
824               enabled: true
825              }" > /usr/local/etc/pkg/repos/pcbsd.conf
826
827# Save the fingerprint file
828echo "function: sha256
829fingerprint: b2b9e037f938cf20ba68aa85ac88c15889c729a7f6b70c25069774308e760a03" > /usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209
830
831pkg update
832pkg install -y pcbsd-utils
833pc-extractoverlay ports
834
835exit $?
836__EOF__
837
838}
839
840make_bootstrap_pkgng_file_pluginjail()
841{
842
843  local jaildir="${1}"
844  local outfile="${2}"
845
846  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
847     echo "Missing /bin/freebsd-version in jail.."
848     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
849     return 0
850  fi
851
852  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1-2`"
853  local arch="$(uname -m)"
854
855  get_mirror
856  local mirror="${VAL}"
857
858  cp /usr/local/share/warden/pluginjail-packages "${jaildir}/pluginjail-packages"
859
860cat<<__EOF__>"${outfile}"
861#!/bin/sh
862tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
863pkg add pkg.txz
864rm pkg.txz
865
866mount -t devfs devfs /dev
867
868# Create the pkg.conf file
869echo "PKG_CACHEDIR: /usr/local/tmp
870repos_dir: [
871                \"/usr/local/etc/pkg/repos\"
872           ]" > /usr/local/etc/pkg.conf
873
874# Create the repo dirs
875mkdir -p /usr/local/etc/pkg/repos 2>/dev/null
876mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/trusted 2>/dev/null
877mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/revoked 2>/dev/null
878
879# Save the repo configuration file
880echo "pcbsd: {
881               url: \"http://pkg.cdn.pcbsd.org/${release}/${arch}\",
882               signature_type: \"fingerprints\",
883               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
884               enabled: true
885              }" > /usr/local/etc/pkg/repos/pcbsd.conf
886
887# Create the repo.dist file
888echo "pcbsd: {
889               url: \"http://pkg.cdn.pcbsd.org/VERSION/ARCH\",
890               signature_type: \"fingerprints\",
891               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
892               enabled: true
893              }" > /usr/local/etc/pkg/repos/pcbsd.conf.dist
894
895# Save the fingerprint file
896echo "function: sha256
897fingerprint: b2b9e037f938cf20ba68aa85ac88c15889c729a7f6b70c25069774308e760a03" > /usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209
898
899pkg update
900pkg install -y pcbsd-utils
901__EOF__
902
903echo '
904i=0
905count=`wc -l /pluginjail-packages| awk "{ print $1 }"`
906for p in `cat /pluginjail-packages`
907do
908  pkg install -y ${p}
909  : $(( i += 1 ))
910done
911
912umount devfs
913exit $?
914' >> "${outfile}"
915}
916
917
918bootstrap_pkgng()
919{
920  local jaildir="${1}"
921  local jailtype="${2}"
922  if [ -z "${jailtype}" ] ; then
923    jailtype="standard"
924  fi
925
926  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
927     echo "Missing /bin/freebsd-version in jail.."
928     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
929     return 1
930  fi
931
932  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1-2`"
933  local arch="$(uname -m)"
934
935  local ffunc="make_bootstrap_pkgng_file_standard"
936  if [ "${jailtype}" = "pluginjail" ] ; then
937    ffunc="make_bootstrap_pkgng_file_pluginjail"
938  fi
939
940  cd ${jaildir} 
941  echo "Boot-strapping pkgng"
942
943  mkdir -p ${jaildir}/usr/local/etc
944
945
946  ${ffunc} "${jaildir}" "${jaildir}/bootstrap-pkgng"
947  chmod 755 "${jaildir}/bootstrap-pkgng"
948
949  if [ -e "pkg.txz" ] ; then rm pkg.txz ; fi
950  get_file_from_mirrors "/${release}/${arch}/Latest/pkg.txz" "pkg.txz" "pkg"
951  if [ $? -eq 0 ] ; then
952    chroot ${jaildir} /bootstrap-pkgng
953    if [ $? -eq 0 ] ; then
954      rm -f "${jaildir}/bootstrap-pkgng"
955      rm -f "${jaildir}/pluginjail-packages"
956      chroot ${jaildir} pc-extractoverlay server --sysinit
957      return 0
958    fi
959  fi
960
961  echo "Failed boot-strapping PKGNG, most likely cause is internet connection failure."
962  rm -f "${jaildir}/bootstrap-pkgng"
963  rm -f "${jaildir}/pluginjail-packages"
964  return 1
965}
966
967ipv4_configured()
968{
969   local iface="${1}"
970   local jid="${2}"
971   local jexec=
972
973   if [ -n "${jid}" ] ; then
974      jexec="jexec ${jid}"
975   fi
976
977   ${jexec} ifconfig "${iface}" | grep -qw inet 2>/dev/null
978   return $?
979}
980
981ipv4_address_configured()
982{
983   local iface="${1}"
984   local addr="${2}"
985   local jid="${3}"
986   local jexec= 
987
988   addr="$(echo ${addr}|cut -f1 -d'/')"
989
990   if [ -n "${jid}" ] ; then
991      jexec="jexec ${jid}"
992   fi
993
994   ${jexec} ifconfig "${iface}" | \
995      grep -w inet | \
996      awk '{ print $2 }' | \
997      grep -Ew "^${addr}" >/dev/null 2>&1
998   return $?
999}
1000
1001ipv6_configured()
1002{
1003   local iface="${1}"
1004   local jid="${2}"
1005   local jexec=
1006
1007   if [ -n "${jid}" ] ; then
1008      jexec="jexec ${jid}"
1009   fi
1010
1011   ${jexec} ifconfig "${iface}" | grep -qw inet6 2>/dev/null
1012   return $?
1013}
1014
1015ipv6_address_configured()
1016{
1017   local iface="${1}"
1018   local addr="${2}"
1019   local jid="${3}"
1020   local jexec= 
1021
1022   addr="$(echo ${addr}|cut -f1 -d'/')"
1023
1024   if [ -n "${jid}" ] ; then
1025      jexec="jexec ${jid}"
1026   fi
1027
1028   ${jexec} ifconfig "${iface}" | \
1029      grep -w inet6 | \
1030      awk '{ print $2 }' | \
1031      grep -Ew "^${addr}" >/dev/null 2>&1
1032   return $?
1033}
1034
1035get_ipfw_nat_instance()
1036{
1037   local iface="${1}"
1038   local res=1
1039
1040   if [ -z "${iface}" ] ; then
1041      local instance="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'|tail -1`"
1042      if [ -z "${instance}" ] ; then
1043         instance="100"
1044      else               
1045         : $(( instance += 100 )) 
1046      fi
1047      echo "${instance}"
1048      return 0
1049   fi
1050
1051   for ni in `ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'`
1052   do
1053      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1054      if [ "$?" = "0" ] ; then
1055         echo "${ni}"
1056         res=0
1057         break
1058      fi
1059   done
1060
1061   return ${res}
1062}
1063
1064get_ipfw_nat_priority()
1065{
1066   local iface="${1}"
1067   local res=1
1068
1069   if [ -z "${iface}" ] ; then
1070      local priority="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $1 }'|tail -1`"
1071      if [ -z "${priority}" ] ; then
1072         priority=2000
1073      fi
1074      printf "%05d\n" "${priority}"
1075      return 0
1076   fi
1077
1078   local IFS='
1079'
1080   for rule in `ipfw list|egrep '[0-9]+ nat'`
1081   do
1082      local priority="`echo "${rule}"|awk '{ print $1 }'`"
1083      local ni="`echo "${rule}"|awk '{ print $3 }'`"
1084
1085      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1086      if [ "$?" = "0" ] ; then
1087         echo "${priority}"
1088         res=0
1089         break
1090      fi
1091   done
1092
1093   return ${res}
1094}
1095
1096list_templates()
1097{
1098   echo "Jail Templates:"
1099   echo "------------------------------" 
1100   isDirZFS "${JDIR}"
1101   if [ $? -eq 0 ] ; then
1102     for i in `ls -d ${JDIR}/.warden-template* 2>/dev/null`
1103     do
1104        if [ ! -e "$i/bin/sh" ] ; then continue ; fi
1105        NICK=`echo "$i" | sed "s|${JDIR}/.warden-template-||g"`
1106        file "$i/bin/sh" 2>/dev/null | grep -q "64-bit"
1107        if [ $? -eq 0 ] ; then
1108           ARCH="amd64"
1109        else
1110           ARCH="i386"
1111        fi
1112        VER=`file "$i/bin/sh" | cut -d ',' -f 5 | awk '{print $3}'`
1113        if [ -e "$i/etc/rc.conf.pcbsd" ] ; then
1114           TYPE="TrueOS"
1115        else
1116           TYPE="FreeBSD"
1117        fi
1118        echo -e "${NICK} - $TYPE $VER ($ARCH)"
1119     done
1120   else
1121     # UFS, no details for U!
1122     ls ${JDIR}/.warden-template*.tbz | sed "s|${JDIR}/.warden-template-||g" | sed "s|.tbz||g"
1123   fi
1124   exit 0
1125}
1126
1127delete_template()
1128{
1129   tDir="${JDIR}/.warden-template-${1}"
1130   isDirZFS "${JDIR}"
1131   if [ $? -eq 0 ] ; then
1132     isDirZFS "${tDir}" "1"
1133     if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${tDir}" ; fi
1134     tank=`getZFSTank "$tDir"`
1135     rp=`getZFSRelativePath "$tDir"`
1136     zfs destroy -r $tank${rp} 
1137     if [ $? -ne 0 ] ; then
1138       exit_err "Could not remove template, perhaps you have jails still using it?"
1139     fi
1140     rmdir ${tDir}
1141   else
1142     if [ ! -e "${tDir}.tbz" ] ; then
1143       exit_err "No such template: ${1}"
1144     fi
1145     rm ${tDir}.tbz
1146   fi
1147   echo "DONE"
1148
1149   exit 0
1150}
Note: See TracBrowser for help on using the repository browser.