source: src-sh/warden/scripts/backend/stopjail.sh

Last change on this file was dcad170, checked in by Kris Moore <kris@…>, 6 weeks ago

Update the warden to support jailed ZFS datasets. This can be
enabled by setting "allow.mount.zfs=1" on a jail. If this is
set, the jails ZFS dataset will be set to jailed mode, and
made visible to the jail. The user should also set
"enforce_statfs=0" and "allow.mount=1" on the jails flags as well,
for this to work properly.

Requested vie RedMine?: #6495

  • Property mode set to 100755
File size: 5.5 KB
Line 
1#!/bin/sh
2# Script to stop a jail
3# Args $1 = jail-name
4#######################################################################
5
6# Source our functions
7PROGDIR="/usr/local/share/warden"
8
9# Source our variables
10. ${PROGDIR}/scripts/backend/functions.sh
11
12JAILNAME="${1}"
13if [ "${2}" = "FAST" ]
14then
15  FAST="Y"
16fi
17
18if [ -z "${JAILNAME}" ]
19then
20  echo "ERROR: No jail specified to delete!"
21  exit 5
22fi
23
24if [ -z "${JDIR}" ]
25then
26  echo "ERROR: JDIR is unset!!!!"
27  exit 5
28fi
29
30JAILDIR="${JDIR}/${JAILNAME}"
31
32if [ ! -d "${JAILDIR}" ]
33then
34  echo "ERROR: No jail located at ${JAILDIR}"
35  exit 5
36fi
37
38HOST="`cat ${JMETADIR}/host`"
39
40# Check if we need to enable vnet
41VIMAGEENABLE="NO"
42if [ -e "${JMETADIR}/vnet" ] ; then
43  VIMAGEENABLE="YES"
44fi
45
46IFACE=
47DEFAULT=0
48 
49# Make sure jail uses special interface if specified
50if [ -e "${JMETADIR}/iface" ] ; then
51  IFACE=`cat "${JMETADIR}/iface"`
52fi
53if [ -z "${IFACE}" ] ; then
54  if [ -n "$NIC" ] ; then
55    IFACE="$NIC"
56  else
57    IFACE=`get_default_interface`
58    DEFAULT=1
59  fi
60fi
61if [ -z "${IFACE}" ] ; then
62  echo "ERROR: no interface specified and a default doesn't exist!"
63  exit 6
64fi
65
66# End of error checking, now shutdown this jail
67##################################################################
68
69echo -e "Stopping the jail...\c"
70
71# Get the JailID for this jail
72JID="`jls | grep ${JAILDIR}$ | tr -s " " | cut -d " " -f 2`"
73
74echo -e ".\c"
75
76jFlags=""
77# Grab any additional jail flags
78if [ -e "${JMETADIR}/jail-flags" ] ; then
79  jFlags=`cat ${JMETADIR}/jail-flags`
80fi
81
82# If the user has enabled mounting of ZFS dataset, lets un-export this dataset to the jail
83echo $jFlags | grep -q "allow.mount.zfs=1"
84if [ $? -eq 0 ] ; then
85   # Run the ZFS command to export the dataset
86   jDataSet=`mount | grep "on ${JAILDIR} " | awk '{print $1}'`
87   zfs unjail $JID $jDataSet
88fi
89
90# Check if we need umount x mnts
91if [ -e "${JMETADIR}/jail-portjail" ] ; then umountjailxfs ${JAILNAME} ; fi
92
93if [ "$VIMAGEENABLE" = "YES" ] ; then
94  jail_interfaces_down "${JID}"
95else
96  # Get list of IP4s for this jail
97  if [ -e "${JMETADIR}/ipv4" ] ; then
98    IP4S="`cat ${JMETADIR}/ipv4 | cut -d '/' -f 1`"
99  fi
100  if [ -e "${JMETADIR}/alias-ipv4" ] ; then
101    while read line
102    do
103      IP4S="${IP4S} `echo $line | cut -d '/' -f 1`"
104    done < ${JMETADIR}/alias-ipv4
105  fi
106
107  # Get list of IP6s for this jail
108  if [ -e "${JMETADIR}/ipv6" ] ; then
109    IP6S="`cat ${JMETADIR}/ipv6 | cut -d '/' -f 1`"
110  fi
111  if [ -e "${JMETADIR}/alias-ipv6" ] ; then
112    while read line
113    do
114      IP6S="${IP6S} `echo $line | cut -d '/' -f 1`"
115    done < ${JMETADIR}/alias-ipv6
116  fi
117 
118 
119  # Check if we need to remove the IP aliases from this jail
120  for _ip in $IP4S
121  do 
122    # See if active alias
123    ifconfig $IFACE | grep -q "${_ip}"
124    if [ $? -ne 0 ] ; then continue ; fi
125
126    ifconfig $IFACE inet -alias ${_ip}
127  done
128
129  for _ip in $IP6S
130  do 
131    # See if active alias
132    ifconfig $IFACE | grep -q "${_ip}"
133    if [ $? -ne 0 ] ; then continue ; fi
134
135    ifconfig $IFACE inet6 ${_ip} delete
136  done
137fi
138
139if [ -e "${JMETADIR}/jail-linux" ] ; then LINUXJAIL="YES" ; fi
140
141# Check for user-supplied mounts
142if [ -e "${JMETADIR}/fstab" ] ; then
143   echo "Unmounting user-supplied file-systems"
144   cp ${JMETADIR}/fstab /tmp/.wardenfstab.$$
145   sed -i '' "s|%%JAILDIR%%|${JAILDIR}|g" /tmp/.wardenfstab.$$
146   umount -a -F /tmp/.wardenfstab.$$
147   rm /tmp/.wardenfstab.$$
148fi
149
150if [ "$LINUXJAIL" = "YES" ] ; then
151  # If we have a custom stop script
152  if [ -e "${JMETADIR}/jail-stop" ] ; then
153    sCmd=`cat ${JMETADIR}/jail-stop`
154    echo "Stopping jail with: ${sCmd}"
155    if [ -n "${JID}" ] ; then
156      jexec ${JID} ${sCmd} 2>&1
157    fi
158  else
159    # Check for different init styles
160    if [ -e "${JAILDIR}/etc/init.d/rc" ] ; then
161      if [ -n "${JID}" ] ; then
162        jexec ${JID} /bin/sh /etc/init.d/rc 0 2>&1
163      fi
164    elif [ -e "${JAILDIR}/etc/rc" ] ; then
165      if [ -n "${JID}" ] ; then
166        jexec ${JID} /bin/sh /etc/rc 0 2>&1
167      fi
168    fi
169  fi
170  sleep 3
171
172  umount -f ${JAILDIR}/sys 2>/dev/null
173  umount -f ${JAILDIR}/dev/fd 2>/dev/null
174  umount -f ${JAILDIR}/dev 2>/dev/null
175  umount -f ${JAILDIR}/lib/init/rw 2>/dev/null
176else
177  # If we have a custom stop script
178  if [ -e "${JMETADIR}/jail-stop" ] ; then
179    if [ -n "${JID}" ] ; then
180      sCmd=`cat ${JMETADIR}/jail-stop`
181      echo "Stopping jail with: ${sCmd}"
182      jexec ${JID} ${sCmd} 2>&1
183    fi
184  else
185    if [ -n "${JID}" ] ; then
186      echo "Stopping jail with: /etc/rc.shutdown"
187      jexec ${JID} /bin/sh /etc/rc.shutdown >/dev/null 2>/dev/null
188    fi
189  fi
190fi
191
192umount -f ${JAILDIR}/dev >/dev/null 2>/dev/null
193
194echo -e ".\c"
195
196# Skip the time consuming portion if we are shutting down
197if [ "$FAST" != "Y" ]
198then
199
200# We asked nicely, so now kill the jail for sure
201killall -j ${JID} -TERM 2>/dev/null
202sleep 1
203killall -j ${JID} -KILL 2>/dev/null
204
205echo -e ".\c"
206
207# Check if we need to unmount the devfs in jail
208mount | grep "${JAILDIR}/dev" >/dev/null 2>/dev/null
209if [ "$?" = "0" ]
210then
211  # Setup a 60 second timer to try and umount devfs, since takes a bit
212  SEC="0"
213  while
214   i=1
215  do
216   sleep 2
217
218   # Try to unmount dev
219   umount -f "${JAILDIR}/dev" 2>/dev/null
220   if [ "$?" = "0" ]
221   then
222      break
223   fi
224
225   SEC="`expr $SEC + 2`"
226   echo -e ".\c"
227
228   if [ ${SEC} -gt 60 ]
229   then
230      break
231   fi
232
233  done
234fi
235
236# Check if we need to unmount any extra dirs
237mount | grep "${JAILDIR}/proc" >/dev/null 2>/dev/null
238if [ "$?" = "0" ]; then
239  umount -f "${JAILDIR}/proc"
240fi
241
242if [ -e "${JMETADIR}/jail-portjail" ] ; then
243  umountjailxfs
244fi
245
246fi # End of FAST check
247
248echo -e ".\c"
249
250if [ -n "${JID}" ] ; then
251  jail -r ${JID}
252fi
253
254echo -e "Done"
255
256# Send notification of jail changes
257pc-systemflag WARDENUPDATE SUCCESS
Note: See TracBrowser for help on using the repository browser.