source: src-sh/warden/scripts/backend/createjail.sh @ 63aed4d

enter/10releng/10.0.3releng/10.1releng/10.1.1releng/10.1.2
Last change on this file since 63aed4d was 63aed4d, checked in by Kris Moore <kris@…>, 13 months ago

When the user requests to create a jail with a ports tree, use
portsnap instead of the older ports.txz from distfiles.

  • Property mode set to 100755
File size: 8.8 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17  echo "${HOST}" > ${JMETADIR}/id
18
19  if [ "${IP4}" != "OFF" ] ; then
20    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
21  fi
22  if [ "${IP6}" != "OFF" ] ; then
23    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
24  fi
25
26  if [ "$AUTOSTART" = "YES" ] ; then
27    touch "${JMETADIR}/autostart"
28  fi
29  touch "${JMETADIR}/jail-linux"
30
31  if [ -n "$LINUXARCHIVE_FILE" ] ; then
32    echo "Extracting ${LINUXARCHIVE_FILE}..."
33    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
34    if [ $? -ne 0 ] ; then
35       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
36       warden delete --confirm ${JAILNAME} 2>/dev/null
37       exit 1
38    fi
39  else
40    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
41    if [ $? -ne 0 ] ; then
42       echo "Failed running ${LINUX_JAIL_SCRIPT}"
43       warden delete --confirm ${JAILNAME} 2>/dev/null
44       exit 1
45    fi
46  fi
47 
48  # Create the master.passwd
49  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
50  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
51  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
53  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
54  rm ${JAILDIR}/tmp/passwd
55
56  # Copy resolv.conf
57  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
58
59  # Do some touch-up to make linux happy
60  echo '#!/bin/bash
61cd /etc
62pwconv
63grpconv
64touch /etc/fstab
65touch /etc/mtab
66' > ${JAILDIR}/.fixSH
67  chmod 755 ${JAILDIR}/.fixSH
68  chroot ${JAILDIR} /.fixSH
69  rm ${JAILDIR}/.fixSH
70
71  # If we are auto-starting the jail, do it now
72  if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
73
74  echo "Success! Linux jail created at ${JAILDIR}"
75}
76
77# Load our passed values
78JAILNAME="${1}"
79HOST="${1}"
80
81# Everything else is passed via environmental variables
82
83case "${JAILTYPE}" in
84  linuxjail) LINUXJAIL="YES" ;;
85  pluginjail) PLUGINJAIL="YES" ;;
86  portjail) PORTJAIL="YES" ;;
87  standard) ;;
88esac
89
90# See if we need to create a default template
91# If using a ARCHIVEFILE we can skip this step
92if [ -z "$TEMPLATE" -a -z "$ARCHIVEFILE" ] ; then
93  DEFTEMPLATE="`uname -r | cut -d '-' -f 1-2`-${ARCH}"
94  echo "DEF: $DEFTEMPLATE"
95
96  # If on a plugin jail, lets change the nickname
97  if [ "${PLUGINJAIL}" = "YES"  ] ; then
98    DEFTEMPLATE="${DEFTEMPLATE}-pluginjail"
99  fi
100
101  # See if we need to create a new template for this system
102  TDIR="${JDIR}/.warden-template-$DEFTEMPLATE"
103  if [ ! -e "$TDIR" ] ; then
104      FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
105
106      FLAGS="-trueos `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
107
108      if [ "${PLUGINJAIL}" = "YES" ] ; then
109         FLAGS="$FLAGS -pluginjail"
110      fi
111      warden template create ${FLAGS}
112      if [ $? -ne 0 ] ; then
113        # If we failed, lets try again with FreeBSD dist files
114        FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
115        FLAGS="-fbsd `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
116
117        if [ "${PLUGINJAIL}" = "YES" ] ; then
118          FLAGS="$FLAGS -pluginjail"
119        fi
120        warden template create ${FLAGS}
121        if [ $? -ne 0 ] ; then
122          exit_err "Failed create default template"
123        fi
124      fi
125  fi
126  WORLDCHROOT="${TDIR}"
127elif [ -z "$ARCHIVEFILE" ] ; then
128  # Set WORLDCHROOT to the dir we will clone / file to extract
129  WORLDCHROOT="${JDIR}/.warden-template-$TEMPLATE"
130else 
131   # See if we are overriding the default archive file
132   WORLDCHROOT="$ARCHIVEFILE"
133fi
134
135if [ "${IP4}" != "OFF" ] ; then
136  get_ip_and_netmask "${IP4}"
137  IP4="${JIP}"
138  MASK4="${JMASK}"
139  if [ -z "$MASK4" ] ; then MASK4="24"; fi
140fi
141
142if [ "${IP6}" != "OFF" ] ; then
143  get_ip_and_netmask "${IP6}"
144  IP6="${JIP}"
145  MASK6="${JMASK}"
146  if [ -z "$MASK6" ] ; then MASK6="64"; fi
147fi
148
149if [ -z "$HOST" ] ; then
150   echo "ERROR: Missing hostname!"
151   exit 6
152fi
153
154JAILDIR="${JDIR}/${JAILNAME}"
155set_warden_metadir
156
157if [ -e "${JAILDIR}" ]
158then
159  echo "ERROR: This Jail directory already exists!"
160  exit 5
161fi
162
163# Make sure we don't have a host already with this name
164for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
165do
166  if [ ! -e "${i}/host" ] ; then continue ; fi
167  if [ "`cat ${i}/host`" = "$HOST" ] ; then
168    echo "ERROR: A jail with this hostname already exists!"
169    exit 5
170  fi
171done
172
173# Get next unique ID
174META_ID=0
175for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
176do
177  id=`cat ${i}/id`
178  if [ "${id}" -gt "${META_ID}" ] ; then
179    META_ID="${id}"
180  fi
181done
182: $(( META_ID += 1 ))
183
184# If we are setting up a linux jail, lets do it now
185if [ "$LINUXJAIL" = "YES" ] ; then
186   # Get the dataset of the jails mountpoint
187   rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
188   tSubDir=`basename $JAILDIR`
189   nDataSet="${rDataSet}/${tSubDir}"
190
191   zfs create -p ${nDataSet}
192   if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
193   setup_linux_jail
194   exit 0
195fi
196
197echo "Building new Jail... Please wait..."
198
199
200# Get the dataset of the jails mountpoint
201rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
202nSubDir=`basename $JAILDIR`
203nDataSet="${rDataSet}/${nSubDir}"
204oSubDir=`basename $WORLDCHROOT`
205oDataSet="${rDataSet}/${oSubDir}"
206
207# Create ZFS CLONE
208zfs clone ${oDataSet}@clean ${nDataSet}
209if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
210
211mkdir ${JMETADIR}
212echo "${HOST}" > ${JMETADIR}/host
213if [ "${IP4}" != "OFF" ] ; then
214   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
215fi
216if [ "${IP6}" != "OFF" ] ; then
217   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
218fi
219echo "${META_ID}" > ${JMETADIR}/id
220
221if [ "$SOURCE" = "YES" ]
222then
223  echo "Installing source..."
224  mkdir -p "${JAILDIR}/usr/src"
225  cd ${JAILDIR}
226  SYSVER="$(uname -r | cut -d '-' -f 1-2)"
227  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz" "iso"
228  if [ $? -ne 0 ] ; then
229    echo "Error while downloading the freebsd world."
230  else
231    echo "Extracting sources.. May take a while.."
232    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
233    rm src.txz
234    echo "Done"
235  fi
236fi
237
238if [ "$PORTS" = "YES" ]; then
239  echo "Fetching ports..."
240  mkdir -p "${JAILDIR}/usr/ports" 2>/dev/null >/dev/null
241  cat /usr/sbin/portsnap | sed 's|! -t 0|-z '1'|g' | /bin/sh -s -d ${JAILDIR}/var/db/portsnap -p ${JAILDIR}/usr/ports fetch extract update
242  if [ $? -ne 0 ] ; then
243    echo "Error while downloading the ports tree."
244  else
245    echo "Done"
246  fi
247fi
248
249# Create an empty fstab
250touch "${JAILDIR}/etc/fstab"
251
252# If this isn't a fresh jail, we can skip to not clobber existing setup
253if [ -z "$ARCHIVEFILE" ] ; then
254  # Setup rc.conf
255  echo "portmap_enable=\"NO\"
256sshd_enable=\"YES\"
257sendmail_enable=\"NO\"
258hostname=\"${HOST}\"
259devfs_enable=\"YES\"
260devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
261
262  # Create the host for this device
263cat<<__EOF__>"${JAILDIR}/etc/hosts"
264# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
265#
266# Host Database
267#
268# This file should contain the addresses and aliases for local hosts that
269# share this file.  Replace 'my.domain' below with the domainname of your
270# machine.
271#
272# In the presence of the domain name service or NIS, this file may
273# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
274#
275#
276::1                     localhost localhost.localdomain
277127.0.0.1               localhost localhost.localdomain ${HOST}
278__EOF__
279
280  if [ "${IP4}" != "OFF" ] ; then
281    echo "${IP4}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
282  fi
283  if [ "${IP6}" != "OFF" ] ; then
284    echo "${IP6}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
285    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
286  fi
287
288  # Copy resolv.conf
289  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
290
291fi # End of ARCHIVEFILE check
292
293if [ "$AUTOSTART" = "YES" ] ; then
294  touch "${JMETADIR}/autostart"
295fi
296
297# Allow pinging by default
298echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
299
300# Check if we need to copy the timezone file
301if [ -e "/etc/localtime" ] ; then
302   cp /etc/localtime ${JAILDIR}/etc/localtime
303fi
304
305# Setup TrueOS PKGNG repo / utilities only if on TRUEOS
306if [ "$VANILLA" != "YES" -a -e "${JAILDIR}/etc/rc.conf.pcbsd" ] ; then
307  bootstrap_pkgng "${JAILDIR}"
308  if [ $? -ne 0 ] ; then
309     echo "You can manually re-try by running # warden bspkgng ${JAILNAME}"
310  fi
311fi
312
313# Set the default meta-pkg set
314mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
315echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
316
317# Check if making a portjail
318if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
319
320# Check if making a pluginjail
321if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
322
323# If we are auto-starting the jail, do it now
324if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
325
326echo "Success!"
327echo "Jail created at ${JAILDIR}"
328
329if [ "${PLUGINJAIL}" = "YES" ] ; then
330  mkdir -p "${JAILDIR}/.plugins"
331fi
332
333exit 0
Note: See TracBrowser for help on using the repository browser.