Changeset 17235d6


Ignore:
Timestamp:
04/15/13 13:06:48 (17 months ago)
Author:
Kris Moore <kris@…>
Branches:
master, 9.1-release, 9.2-release, releng/10.0, releng/10.0.1, releng/10.0.2, releng/10.0.3
Children:
8901c47
Parents:
4d2a365
Message:

Merge changes from John Hixson and FreeNAS work

Location:
src-sh/warden
Files:
1 added
5 edited

Legend:

Unmodified
Added
Removed
  • src-sh/warden/bin/warden

    r9bf0d71 r17235d6  
    9292defaultrouter-ipv4: Lets you see the default IPv4 router for this jail 
    9393defaultrouter-ipv6: Lets you see the default IPv6 router for this jail 
    94         flags: Lets you see additional flags to pass to the 'jail' command at startup 
     94             flags: Lets you see additional flags to pass to the 'jail' command at startup 
    9595 
    9696Usage: 
     
    127127defaultrouter-ipv4: Lets you set the default IPv4 router for this jail 
    128128defaultrouter-ipv6: Lets you set the default IPv6 router for this jail 
    129              flags: Lets you set additional flags to pass to the 'jail' command at startup 
     129        flags: Lets you set additional flags to pass to the 'jail' command at startup 
    130130 
    131131Usage: 
     
    806806          ${PROGDIR}/bin/warden-gui ;; 
    807807 
    808     list) require_root  
    809           shift 
    810           ${PROGDIR}/scripts/backend/listjails.sh $* ;; 
     808    list) require_root 
     809        shift 
     810        ${PROGDIR}/scripts/backend/listjails.sh $* ;; 
    811811     
    812812   start) require_root 
     
    10371037         IP4="OFF" 
    10381038         IP6="OFF" 
    1039          SOURCE="NO" 
     1039         SRC="NO" 
    10401040         PORTS="NO" 
    1041          STARTUP="NO" 
     1041         AUTOSTART="NO" 
    10421042         VANILLA="NO" 
    10431043         VERSION= 
     
    10551055                          ;; 
    10561056 
    1057              --src) SOURCE="YES" ;; 
     1057             --src) SRC="YES" ;; 
    10581058             --ports) PORTS="YES" ;; 
    1059              --startauto) STARTUP="YES" ;; 
     1059             --startauto) AUTOSTART="YES" ;; 
    10601060             --vanilla) VANILLA="YES" ;; 
    10611061             --portjail) JAILTYPE="portjail" ;; 
    1062              --pluginjail) JAILTYPE="pluginjail" ;;  
     1062             --pluginjail) JAILTYPE="pluginjail" ; VANILLA="YES" ;;  
    10631063             --linuxjail) JAILTYPE="linuxjail" ; shift 
    10641064                          if [ -z "$1" ] ; then exit_err "No linux setup script specified!"; fi 
     
    11081108          export IP4 
    11091109          export IP6 
    1110           export SOURCE  
     1110          export SRC 
    11111111          export PORTS 
    1112           export STARTUP 
     1112          export AUTOSTART 
    11131113          export JAILTYPE 
    11141114          export ARCHIVE_FILE 
  • src-sh/warden/conf/warden.conf

    r0988d23 r17235d6  
    1111# Location of the jails 
    1212JDIR: /usr/jails 
     13 
     14# FreeBSD release to use 
     15FREEBSD_RELEASE: 9.1-RELEASE 
  • src-sh/warden/scripts/backend/createjail.sh

    r90a056e r17235d6  
    2323  fi 
    2424 
    25   if [ "$STARTUP" = "YES" ] ; then 
     25  if [ "$AUTOSTART" = "YES" ] ; then 
    2626    touch "${JMETADIR}/autostart" 
    2727  fi 
     
    6969 
    7070  # If we are auto-starting the jail, do it now 
    71   if [ "$STARTUP" = "YES" ] ; then warden start ${JAILNAME} ; fi 
     71  if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi 
    7272 
    7373  echo "Success! Linux jail created at ${JAILDIR}" 
     
    8787esac 
    8888 
    89 if [ -z "${VERSION}" -a -e "/etc/version" ] ; then VERSION=`cat /etc/version`; fi 
    90  
    9189# Location of the chroot environment 
    9290isDirZFS "${JDIR}" 
    9391if [ $? -eq 0 ] ; then 
    94   if [ "${PLUGINJAIL}" = "YES" ] ; then 
    95     WORLDCHROOT="${JDIR}/.warden-pj-chroot-${ARCH}" 
    96   else 
    97     WORLDCHROOT="${JDIR}/.warden-chroot-${ARCH}" 
    98   fi 
    99   export WORLDCHROOT 
     92  WORLDCHROOT_PLUGINJAIL="${JDIR}/.warden-pj-chroot-${ARCH}" 
     93  WORLDCHROOT_STANDARD="${JDIR}/.warden-chroot-${ARCH}" 
    10094else 
    101   if [ "${PLUGINJAIL}" = "YES" ] ; then 
    102     WORLDCHROOT="${JDIR}/.warden-pj-chroot-${ARCH}.tbz" 
    103   else 
    104     WORLDCHROOT="${JDIR}/.warden-chroot-${ARCH}.tbz" 
    105   fi 
    106   export WORLDCHROOT 
    107 fi 
     95  WORLDCHROOT_PLUGINJAIL="${JDIR}/.warden-pj-chroot-${ARCH}.tbz" 
     96  WORLDCHROOT_STANDARD="${JDIR}/.warden-chroot-${ARCH}.tbz" 
     97fi 
     98if [ "${PLUGINJAIL}" = "YES" ] ; then 
     99  WORLDCHROOT="${WORLDCHROOT_PLUGINJAIL}" 
     100else 
     101  WORLDCHROOT="${WORLDCHROOT_STANDARD}" 
     102fi 
     103export WORLDCHROOT WORLDCHROOT_PLUGINJAIL WORLDCHROOT_STANDARD 
    108104 
    109105if [ "${IP4}" != "OFF" ] ; then 
     
    118114  IP6="${JIP}" 
    119115  MASK6="${JMASK}" 
    120   if [ -z "$MASK4" ] ; then MASK6="64"; fi 
     116  if [ -z "$MASK6" ] ; then MASK6="64"; fi 
    121117fi 
    122118 
     
    126122fi 
    127123 
    128 if [ -z "${HOST}" -o -z "$SOURCE" -o -z "${PORTS}" -o -z "${STARTUP}" ]  
    129 then 
    130   if [ -z "$HOST" ] ; then 
    131      echo "ERROR: Missing hostname!" 
    132   else 
    133      echo "ERROR: Missing required data!" 
    134   fi 
    135  
    136   exit 6 
     124if [ -z "$HOST" ] ; then 
     125   echo "ERROR: Missing hostname!" 
     126   exit 6 
    137127fi 
    138128 
     
    168158 
    169159# Check if we need to download the chroot file 
     160 
     161# 
     162# If this is a pluginjail, we clone a regular freebsd chroot, then we 
     163# bootstrap packageng, install the required packages that a pluginjail 
     164# needs, then snapshot it. Once this is done, creating a pluginjail is 
     165# as easy as doing a zfs clone. 
     166# 
    170167if [ "${PLUGINJAIL}" = "YES" -a ! -e "${WORLDCHROOT}" ] ; then 
    171   downloadpluginjail "${VERSION}" 
     168  if [ ! -e "${WORLDCHROOT_STANDARD}" ] ; then 
     169    downloadchroot "${WORLDCHROOT_STANDARD}" 
     170  fi 
     171 
     172  isDirZFS "${JDIR}" 
     173  if [ $? -eq 0 ] ; then 
     174    tank=`getZFSTank "$JDIR"` 
     175    zfsp=`getZFSRelativePath "${WORLDCHROOT_STANDARD}"` 
     176    clonep="/$(basename ${WORLDCHROOT_PLUGINJAIL})" 
     177 
     178    mnt=`getZFSMountpoint ${tank}` 
     179    pjdir="${mnt}${clonep}" 
     180 
     181    zfs clone ${tank}${zfsp}@clean ${tank}${clonep} 
     182    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS pluginjail clone"; fi 
     183 
     184    cp /etc/resolv.conf ${pjdir}/etc/resolv.conf 
     185 
     186    bootstrap_pkgng "${pjdir}" "pluginjail" 
     187 
     188    zfs snapshot ${tank}${clonep}@clean 
     189    if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS pluginjail snapshot"; fi 
     190 
     191  # We're on UFS :-( 
     192  else 
     193    downloadchroot "${WORLDCHROOT_STANDARD}" 
     194 
     195  fi 
    172196 
    173197elif [ ! -e "${WORLDCHROOT}" -a "${LINUXJAIL}" != "YES" ] ; then 
    174   downloadchroot 
     198  downloadchroot "${WORLDCHROOT}" 
    175199fi 
    176200 
     
    212236     tar xvf ${WORLDCHROOT} -C "${JAILDIR}" 2>/dev/null 
    213237   fi 
     238 
     239   # If this is a pluginjail on UFS :-( Do things the hard way. 
     240   if [ "${PLUGINJAIL}" = "YES" ] ; then 
     241     bootstrap_pkgng "${pjdir}" "pluginjail" 
     242   fi 
     243 
    214244   echo "Done" 
    215245fi 
     
    286316 
    287317  if [ "${IP4}" != "OFF" ] ; then 
    288     echo "${IP4}                        ${HOST}" > "${JAILDIR}/etc/hosts" 
     318    echo "${IP4}                        ${HOST}" >> "${JAILDIR}/etc/hosts" 
    289319  fi 
    290320  if [ "${IP6}" != "OFF" ] ; then 
    291     echo "${IP6}                        ${HOST}" > "${JAILDIR}/etc/hosts" 
     321    echo "${IP6}                        ${HOST}" >> "${JAILDIR}/etc/hosts" 
    292322    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config 
    293323  fi 
     
    298328fi # End of ARCHIVEFILE check 
    299329 
    300 if [ "$STARTUP" = "YES" ] ; then 
     330if [ "$AUTOSTART" = "YES" ] ; then 
    301331  touch "${JMETADIR}/autostart" 
    302332fi 
     
    314344  bootstrap_pkgng "${JAILDIR}" 
    315345  if [ $? -ne 0 ] ; then 
    316      echo "You can manually re-try by running # warden bspkgng ${IP}" 
     346     echo "You can manually re-try by running # warden bspkgng ${JAILNAME}" 
    317347  fi 
    318348fi 
     
    332362 
    333363# If we are auto-starting the jail, do it now 
    334 if [ "$STARTUP" = "YES" ] ; then warden start ${JAILNAME} ; fi 
     364if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi 
    335365 
    336366echo "Success!" 
  • src-sh/warden/scripts/backend/functions.sh

    r60738f3 r17235d6  
    3232WTMP="$(grep ^WTMP: /usr/local/etc/warden.conf | cut -d' ' -f2)" 
    3333export WTMP 
     34 
     35# FreeBSD release 
     36FREEBSD_RELEASE="$(grep ^FREEBSD_RELEASE: /usr/local/etc/warden.conf | cut -d' ' -f2)" 
     37if [ -z "${FREEBSD_RELEASE}" ] ; then 
     38  FREEBSD_RELEASE="$(uname -r)" 
     39fi 
     40export UNAME_r="${FREEBSD_RELEASE}" 
    3441 
    3542# Temp file for dialog responses 
     
    110117### Download the chroot 
    111118downloadchroot() { 
     119  local CHROOT="${1}" 
     120 
    112121  # XXX If this is PCBSD, pbreg get /PC-BSD/Version 
    113   SYSVER=`uname -r | cut -f1 -d'-'` 
    114   FBSD_TARBALL="fbsd-release.tbz" 
     122  SYSVER="$(echo "$(uname -r)" | cut -f1 -d'-')" 
     123  FBSD_TARBALL="fbsd-release.txz" 
    115124  FBSD_TARBALL_CKSUM="${FBSD_TARBALL}.md5" 
    116125 
     
    143152  isDirZFS "${JDIR}" 
    144153  if [ $? -eq 0 ] ; then 
    145     local zfsp=`getZFSRelativePath "${WORLDCHROOT}"` 
     154    local zfsp=`getZFSRelativePath "${CHROOT}"` 
    146155 
    147156    # Use ZFS base for cloning 
    148     echo "Creating ZFS ${WORLDCHROOT} dataset..." 
     157    echo "Creating ZFS ${CHROOT} dataset..." 
    149158    tank=`getZFSTank "${JDIR}"` 
    150     isDirZFS "${WORLDCHROOT}" "1" 
     159    isDirZFS "${CHROOT}" "1" 
    151160    if [ $? -ne 0 ] ; then 
    152161       zfs create -o mountpoint=/${tank}${zfsp} -p ${tank}${zfsp} 
     
    154163    fi 
    155164 
    156     tar xvpf ${FBSD_TARBALL} -C ${WORLDCHROOT} 2>/dev/null 
     165    tar xvpf ${FBSD_TARBALL} -C ${CHROOT} 2>/dev/null 
    157166    if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi 
    158167 
     
    162171  else 
    163172    # Save the chroot tarball 
    164     mv ${FBSD_TARBALL} ${WORLDCHROOT} 
     173    mv ${FBSD_TARBALL} ${CHROOT} 
    165174  fi 
    166175  rm ${FBSD_TARBALL_CKSUM} 
     
    695704} 
    696705 
     706install_pc_extractoverlay() 
     707{ 
     708  if [ -z "${1}" ] ; then 
     709    return 1  
     710  fi  
     711 
     712  mkdir -p ${1}/usr/local/bin 
     713  mkdir -p ${1}/usr/local/share/pcbsd/conf 
     714  mkdir -p ${1}/usr/local/share/pcbsd/distfiles 
     715 
     716  cp /usr/local/bin/pc-extractoverlay ${1}/usr/local/bin/ 
     717  chmod 755 ${1}/usr/local/bin/pc-extractoverlay 
     718 
     719  cp /usr/local/share/pcbsd/conf/server-excludes \ 
     720    ${1}/usr/local/share/pcbsd/conf 
     721  cp /usr/local/share/pcbsd/distfiles/server-overlay.txz \ 
     722    ${1}/usr/local/share/pcbsd/distfiles 
     723 
     724  return 0 
     725} 
     726 
     727make_bootstrap_pkgng_file_standard() 
     728{ 
     729  local jaildir="${1}" 
     730  local outfile="${2}" 
     731 
     732  local release="$(uname -r)" 
     733  local arch="$(uname -m)" 
     734 
     735  get_mirror 
     736  local mirror="${VAL}" 
     737 
     738cat<<__EOF__>"${outfile}" 
     739#!/bin/sh 
     740tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null 
     741pkg add pkg.txz 
     742rm pkg.txz 
     743 
     744echo "packagesite: ${mirror}/packages/${release}/${arch}" >/usr/local/etc/pkg.conf 
     745echo "HTTP_MIRROR: http" >>/usr/local/etc/pkg.conf 
     746echo "PUBKEY: /usr/local/etc/pkg-pubkey.cert" >>/usr/local/etc/pkg.conf 
     747echo "PKG_CACHEDIR: /usr/local/tmp" >>/usr/local/etc/pkg.conf 
     748pkg install -y pcbsd-utils 
     749exit $? 
     750__EOF__ 
     751} 
     752 
     753make_bootstrap_pkgng_file_pluginjail() 
     754{ 
     755 
     756  local jaildir="${1}" 
     757  local outfile="${2}" 
     758 
     759  local release="$(uname -r)" 
     760  local arch="$(uname -m)" 
     761 
     762  get_mirror 
     763  local mirror="${VAL}" 
     764 
     765  cp /usr/local/share/warden/pluginjail-packages "${jaildir}/pluginjail-packages" 
     766 
     767cat<<__EOF__>"${outfile}" 
     768#!/bin/sh 
     769tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null 
     770pkg add pkg.txz 
     771rm pkg.txz 
     772 
     773mount -t devfs devfs /dev 
     774 
     775echo "packagesite: ${mirror}/packages/${release}/${arch}" >/usr/local/etc/pkg.conf 
     776echo "HTTP_MIRROR: http" >>/usr/local/etc/pkg.conf 
     777echo "PUBKEY: /usr/local/etc/pkg-pubkey.cert" >>/usr/local/etc/pkg.conf 
     778echo "PKG_CACHEDIR: /usr/local/tmp" >>/usr/local/etc/pkg.conf 
     779pkg install -y pcbsd-utils 
     780__EOF__ 
     781 
     782echo ' 
     783i=0 
     784count=`wc -l /pluginjail-packages| awk "{ print $1 }"` 
     785for p in `cat /pluginjail-packages` 
     786do 
     787  pkg install -y ${p} 
     788  : $(( i += 1 )) 
     789done 
     790 
     791umount devfs 
     792exit $? 
     793' >> "${outfile}" 
     794} 
     795 
     796 
    697797bootstrap_pkgng() 
    698798{ 
    699   cd ${1}  
    700   SYSVER="$(uname -r)" 
     799  local jaildir="${1}" 
     800  local jailtype="${2}" 
     801  if [ -z "${jailtype}" ] ; then 
     802    jailtype="standard" 
     803  fi 
     804  local release="$(uname -r)" 
     805  local arch="$(uname -m)" 
     806 
     807  local ffunc="make_bootstrap_pkgng_file_standard" 
     808  if [ "${jailtype}" = "pluginjail" ] ; then 
     809    ffunc="make_bootstrap_pkgng_file_pluginjail" 
     810  fi 
     811 
     812  cd ${jaildir}  
    701813  echo "Boot-strapping pkgng" 
    702   mkdir -p ${1}/usr/local/etc 
    703   cp /usr/local/etc/pkg-pubkey.cert ${1}/usr/local/etc/ 
    704   if [ $? -ne 0 ] ; then 
    705      echo "Failed copying /usr/local/etc/pkg-pubkey.cert" 
    706   fi 
    707  
    708   echo '#!/bin/sh 
    709   tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null 
    710   pkg add pkg.txz 
    711   rm pkg.txz 
    712   ARCH=$(uname -m) 
    713   REL=$(uname -r) 
    714   echo "packagesite: http://ftp.pcbsd.org/pub/mirror/packages/$REL/$ARCH" >/usr/local/etc/pkg.conf 
    715   echo "PUBKEY: /usr/local/etc/pkg-pubkey.cert" >>/usr/local/etc/pkg.conf 
    716   echo "PKG_CACHEDIR: /usr/local/tmp" >>/usr/local/etc/pkg.conf 
    717   pkg install -y pcbsd-utils 
    718   exit $? 
    719 ' > ${1}/bootstrap-pkgng 
    720   chmod 755 ${1}/bootstrap-pkgng 
     814 
     815  mkdir -p ${jaildir}/usr/local/etc 
     816  pubcert="/usr/local/etc/pkg-pubkey.cert" 
     817 
     818  cp "${pubcert}" ${jaildir}/usr/local/etc 
     819  install_pc_extractoverlay "${jaildir}" 
     820 
     821  ${ffunc} "${jaildir}" "${jaildir}/bootstrap-pkgng" 
     822  chmod 755 "${jaildir}/bootstrap-pkgng" 
    721823 
    722824  if [ -e "pkg.txz" ] ; then rm pkg.txz ; fi 
    723   get_file_from_mirrors "/packages/${SYSVER}/${ARCH}/Latest/pkg.txz" "pkg.txz" 
     825  get_file_from_mirrors "/packages/${release}/${arch}/Latest/pkg.txz" "pkg.txz" 
    724826  if [ $? -eq 0 ] ; then 
    725     chroot ${1} /bootstrap-pkgng 
     827    chroot ${jaildir} /bootstrap-pkgng 
    726828    if [ $? -eq 0 ] ; then 
    727       rm ${1}/bootstrap-pkgng 
    728       chroot ${1} pc-extractoverlay server --sysinit 
     829      rm -f "${jaildir}/bootstrap-pkgng" 
     830      rm -f "${jaildir}/pluginjail-packages" 
     831      chroot ${jaildir} pc-extractoverlay server --sysinit 
    729832      return 0 
    730833    fi 
    731834  fi 
     835 
    732836  echo "Failed boot-strapping PKGNG, most likely cause is internet connection failure." 
    733   rm ${1}/bootstrap-pkgng 
     837  rm -f "${jaildir}/bootstrap-pkgng" 
     838  rm -f "${jaildir}/pluginjail-packages" 
    734839  return 1 
    735840} 
     
    746851 
    747852   ${jexec} ifconfig "${iface}" | grep -qw inet 2>/dev/null 
     853   return $? 
     854} 
     855 
     856ipv4_address_configured() 
     857{ 
     858   local iface="${1}" 
     859   local addr="${2}" 
     860   local jid="${3}" 
     861   local jexec=  
     862 
     863   addr="$(echo ${addr}|cut -f1 -d'/')" 
     864 
     865   if [ -n "${jid}" ] ; then 
     866      jexec="jexec ${jid}" 
     867   fi 
     868 
     869   ${jexec} ifconfig "${iface}" | \ 
     870      grep -w inet | \ 
     871      awk '{ print $2 }' | \ 
     872      grep -Ew "^${addr}" >/dev/null 2>&1 
     873   return $? 
    748874} 
    749875 
     
    759885 
    760886   ${jexec} ifconfig "${iface}" | grep -qw inet6 2>/dev/null 
    761 } 
     887   return $? 
     888} 
     889 
     890ipv6_address_configured() 
     891{ 
     892   local iface="${1}" 
     893   local addr="${2}" 
     894   local jid="${3}" 
     895   local jexec=  
     896 
     897   addr="$(echo ${addr}|cut -f1 -d'/')" 
     898 
     899   if [ -n "${jid}" ] ; then 
     900      jexec="jexec ${jid}" 
     901   fi 
     902 
     903   ${jexec} ifconfig "${iface}" | \ 
     904      grep -w inet6 | \ 
     905      awk '{ print $2 }' | \ 
     906      grep -Ew "^${addr}" >/dev/null 2>&1 
     907   return $? 
     908} 
     909 
     910get_ipfw_nat_instance() 
     911{ 
     912   local iface="${1}" 
     913   local res=1 
     914 
     915   if [ -z "${iface}" ] ; then 
     916      local instance="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'|tail -1`" 
     917      if [ -z "${instance}" ] ; then 
     918         instance="100" 
     919      else                 
     920         : $(( instance += 100 ))  
     921      fi 
     922      echo "${instance}" 
     923      return 0 
     924   fi 
     925 
     926   for ni in `ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'` 
     927   do 
     928      ipfw nat "${ni}" show config|egrep -qw "${iface}" 
     929      if [ "$?" = "0" ] ; then 
     930         echo "${ni}" 
     931         res=0 
     932         break 
     933      fi 
     934   done 
     935 
     936   return ${res} 
     937} 
     938 
     939get_ipfw_nat_priority() 
     940{ 
     941   local iface="${1}" 
     942   local res=1 
     943 
     944   if [ -z "${iface}" ] ; then 
     945      local priority="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $1 }'|tail -1`" 
     946      if [ -z "${priority}" ] ; then 
     947         priority=2000 
     948      fi 
     949      printf "%05d\n" "${priority}" 
     950      return 0 
     951   fi 
     952 
     953   local IFS=' 
     954' 
     955   for rule in `ipfw list|egrep '[0-9]+ nat'` 
     956   do 
     957      local priority="`echo "${rule}"|awk '{ print $1 }'`" 
     958      local ni="`echo "${rule}"|awk '{ print $3 }'`" 
     959 
     960      ipfw nat "${ni}" show config|egrep -qw "${iface}" 
     961      if [ "$?" = "0" ] ; then 
     962         echo "${priority}" 
     963         res=0 
     964         break 
     965      fi 
     966   done 
     967 
     968   return ${res} 
     969} 
     970 
  • src-sh/warden/scripts/backend/startjail.sh

    r0988d23 r17235d6  
    208208   if ! ipv4_configured "${BRIDGE}" ; then 
    209209      ifconfig ${BRIDGE} inet "${BRIDGEIP4}" 
    210    else 
     210 
     211   elif ! ipv4_address_configured "${BRIDGE}" "${BRIDGEIP4}" ; then 
    211212      ifconfig ${BRIDGE} inet alias "${BRIDGEIP4}" 
    212213   fi 
     
    215216   for _ip in ${BRIDGEIPS4} 
    216217   do 
    217       ifconfig ${BRIDGE} inet alias "${_ip}" 
     218      if ! ipv4_address_configured "${BRIDGE}" "${_ip}" ; then 
     219         ifconfig ${BRIDGE} inet alias "${_ip}" 
     220      fi  
    218221   done 
    219222fi 
     
    222225   if ! ipv6_configured "${BRIDGE}" ; then 
    223226      ifconfig ${BRIDGE} inet6 "${BRIDGEIP6}" 
    224    else 
     227 
     228   elif ! ipv6_address_configured "${BRIDGE}" "${BRIDGEIP6}" ; then 
    225229      ifconfig ${BRIDGE} inet6 alias "${BRIDGEIP6}" 
    226230   fi 
     
    229233   for _ip in ${BRIDGEIPS6} 
    230234   do 
    231       ifconfig ${BRIDGE} inet6 alias "${_ip}" 
     235      if ! ipv6_address_configured "${BRIDGE}" "${_ip}" ; then 
     236         ifconfig ${BRIDGE} inet6 alias "${_ip}" 
     237      fi 
    232238   done 
    233239fi 
     
    261267   ipv4_configured ${EPAIRB} ${JID} 
    262268   if [ "$?" = "0" ] ; then 
    263       jexec ${JID} ifconfig ${EPAIRB} inet alias ${ip4} 
     269      if ! ipv4_address_configured "${EPAIRB}" "${ip4}" "${JID}" ; then 
     270         jexec ${JID} ifconfig ${EPAIRB} inet alias ${ip4} 
     271      fi 
    264272   else 
    265273      jexec ${JID} ifconfig ${EPAIRB} inet ${ip4} 
     
    275283   ipv6_configured ${EPAIRB} ${JID} 
    276284   if [ "$?" = "0" ] ; then 
    277       jexec ${JID} ifconfig ${EPAIRB} inet6 alias ${ip6} 
     285      if ! ipv6_address_configured "${EPAIRB}" "${ip6}" "${JID}" ; then 
     286         jexec ${JID} ifconfig ${EPAIRB} inet6 alias ${ip6} 
     287      fi 
    278288   else 
    279289      jexec ${JID} ifconfig ${EPAIRB} inet6 ${ip6} 
     
    316326# with VIMAGE. 
    317327# 
    318 sysctl net.inet.ip.forwarding=1 
    319 sysctl net.inet6.ip6.forwarding=1 
    320  
    321 tmp_rcconf=`mktemp /tmp/.wdn.XXXXXX` 
    322  
    323 egrep -v '^(firewall_(enable|type)|natd_(enable|interface|flags))' \ 
    324    /etc/rc.conf >> "${tmp_rcconf}" 
    325 cat<<__EOF__>>"${tmp_rcconf}" 
     328ip_forwarding=`sysctl -n net.inet.ip.forwarding` 
     329if [ "${ip_forwarding}" = "0" ] ; then 
     330   sysctl net.inet.ip.forwarding=1 
     331fi 
     332 
     333ip6_forwarding=`sysctl -n net.inet6.ip6.forwarding` 
     334if [ "${ip6_forwarding}" = "0" ] ; then 
     335   sysctl net.inet6.ip6.forwarding=1 
     336fi 
     337 
     338firewall_enable=`egrep '^firewall_enable' /etc/rc.conf|cut -f2 -d'='|sed 's|"||g'` 
     339firewall_type=`egrep '^firewall_type' /etc/rc.conf|cut -f2 -d'='|sed 's|"||g'` 
     340 
     341if [ "${firewall_enable}" != "YES" -o "${firewall_type}" != "open" ] ; then 
     342   tmp_rcconf=`mktemp /tmp/.wdn.XXXXXX` 
     343   egrep -v '^firewall_(enable|type)' /etc/rc.conf >> "${tmp_rcconf}" 
     344 
     345   cat<<__EOF__>>"${tmp_rcconf}" 
    326346firewall_enable="YES" 
    327347firewall_type="open" 
    328 natd_enable="YES" 
    329 natd_interface="${IFACE}" 
    330 natd_flags="-dynamic -m" 
    331348__EOF__ 
    332 if [ -s "${tmp_rcconf}" ] ; then 
    333    cp /etc/rc.conf /var/tmp/rc.conf.bak 
    334    mv "${tmp_rcconf}" /etc/rc.conf 
    335    if [ "$?" != "0" ] ; then 
    336       mv /var/tmp/rc.conf.bak /etc/rc.conf 
    337    fi 
    338 fi 
    339  
    340 ipfw list | grep -Eq '^00500 divert' 2>/dev/null 
    341 if [ "$?" != "0" ] ; then 
    342    /etc/rc.d/ipfw restart 
    343    ipfw -q add 00050 divert 8668 ip4 from any to any via ${IFACE} 
     349 
     350   if [ -s "${tmp_rcconf}" ] ; then 
     351      cp /etc/rc.conf /var/tmp/rc.conf.bak 
     352      mv "${tmp_rcconf}" /etc/rc.conf 
     353      if [ "$?" != "0" ] ; then 
     354         mv /var/tmp/rc.conf.bak /etc/rc.conf 
     355      fi 
     356   fi 
     357   /etc/rc.d/ipfw forcerestart 
     358fi 
     359 
     360instance=`get_ipfw_nat_instance "${IFACE}"` 
     361if [ -z "${instance}" ] ; then 
     362echo "NAT IS NULL" 
     363   priority=`get_ipfw_nat_priority` 
     364   instance=`get_ipfw_nat_instance` 
     365 
     366   ipfw "${priority}" add nat "${instance}" all from any to any 
     367   ipfw nat "${instance}" config if "${IFACE}" reset 
    344368fi 
    345369 
Note: See TracChangeset for help on using the changeset viewer.