source: src-sh/warden/scripts/backend/createjail.sh @ 698a249

enter/10releng/10.0.3releng/10.1releng/10.1.1releng/10.1.2releng/10.2
Last change on this file since 698a249 was 698a249, checked in by Kris Moore <kris@…>, 14 months ago

When using warden to create jails, do all ZFS ops relative to the
JAILDIR dataset, this will allow moving JAILDIR around, and fix
issues with odd dataset creation.

This fix implies that your JAILDIR is indeed a mounted ZFS dataset,
but we have assumed that for a while now anyway.

  • Property mode set to 100755
File size: 8.9 KB
Line 
1#!/bin/sh
2# Script to create a new jail based on given flags
3#####################################################################
4
5# Source our functions
6PROGDIR="/usr/local/share/warden"
7
8# Source our variables
9. ${PROGDIR}/scripts/backend/functions.sh
10
11setup_linux_jail()
12{
13  echo "Setting up linux jail..."
14
15  mkdir -p ${JMETADIR}
16  echo "${HOST}" > ${JMETADIR}/host
17  echo "${HOST}" > ${JMETADIR}/id
18
19  if [ "${IP4}" != "OFF" ] ; then
20    echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
21  fi
22  if [ "${IP6}" != "OFF" ] ; then
23    echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
24  fi
25
26  if [ "$AUTOSTART" = "YES" ] ; then
27    touch "${JMETADIR}/autostart"
28  fi
29  touch "${JMETADIR}/jail-linux"
30
31  if [ -n "$LINUXARCHIVE_FILE" ] ; then
32    echo "Extracting ${LINUXARCHIVE_FILE}..."
33    tar xvf ${LINUXARCHIVE_FILE} -C "${JAILDIR}" 2>/dev/null
34    if [ $? -ne 0 ] ; then
35       echo "Failed Extracting ${LINUXARCHIVE_FILE}"
36       warden delete --confirm ${JAILNAME} 2>/dev/null
37       exit 1
38    fi
39  else
40    sh ${LINUX_JAIL_SCRIPT} "${JAILDIR}" "${IP}" "${JMETADIR}"
41    if [ $? -ne 0 ] ; then
42       echo "Failed running ${LINUX_JAIL_SCRIPT}"
43       warden delete --confirm ${JAILNAME} 2>/dev/null
44       exit 1
45    fi
46  fi
47 
48  # Create the master.passwd
49  echo "root::0:0::0:0:Charlie &:/root:/bin/bash" > ${JAILDIR}/etc/master.passwd
50  pwd_mkdb -d ${JAILDIR}/tmp -p ${JAILDIR}/etc/master.passwd 2>/dev/null
51  mv ${JAILDIR}/tmp/master.passwd ${JAILDIR}/etc/
52  mv ${JAILDIR}/tmp/pwd.db ${JAILDIR}/etc/
53  mv ${JAILDIR}/tmp/spwd.db ${JAILDIR}/etc/
54  rm ${JAILDIR}/tmp/passwd
55
56  # Copy resolv.conf
57  cp /etc/resolv.conf ${JAILDIR}/etc/resolv.conf
58
59  # Do some touch-up to make linux happy
60  echo '#!/bin/bash
61cd /etc
62pwconv
63grpconv
64touch /etc/fstab
65touch /etc/mtab
66' > ${JAILDIR}/.fixSH
67  chmod 755 ${JAILDIR}/.fixSH
68  chroot ${JAILDIR} /.fixSH
69  rm ${JAILDIR}/.fixSH
70
71  # If we are auto-starting the jail, do it now
72  if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
73
74  echo "Success! Linux jail created at ${JAILDIR}"
75}
76
77# Load our passed values
78JAILNAME="${1}"
79HOST="${1}"
80
81# Everything else is passed via environmental variables
82
83case "${JAILTYPE}" in
84  linuxjail) LINUXJAIL="YES" ;;
85  pluginjail) PLUGINJAIL="YES" ;;
86  portjail) PORTJAIL="YES" ;;
87  standard) ;;
88esac
89
90# See if we need to create a default template
91# If using a ARCHIVEFILE we can skip this step
92if [ -z "$TEMPLATE" -a -z "$ARCHIVEFILE" ] ; then
93  DEFTEMPLATE="`uname -r | cut -d '-' -f 1-2`-${ARCH}"
94  echo "DEF: $DEFTEMPLATE"
95
96  # If on a plugin jail, lets change the nickname
97  if [ "${PLUGINJAIL}" = "YES"  ] ; then
98    DEFTEMPLATE="${DEFTEMPLATE}-pluginjail"
99  fi
100
101  # See if we need to create a new template for this system
102  TDIR="${JDIR}/.warden-template-$DEFTEMPLATE"
103  if [ ! -e "$TDIR" ] ; then
104      FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
105
106      FLAGS="-trueos `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
107
108      if [ "${PLUGINJAIL}" = "YES" ] ; then
109         FLAGS="$FLAGS -pluginjail"
110      fi
111      warden template create ${FLAGS}
112      if [ $? -ne 0 ] ; then
113        # If we failed, lets try again with FreeBSD dist files
114        FLAGS="-arch $ARCH -nick $DEFTEMPLATE"
115        FLAGS="-fbsd `uname -r | cut -d '-' -f 1-2` $FLAGS" ; export FLAGS
116
117        if [ "${PLUGINJAIL}" = "YES" ] ; then
118          FLAGS="$FLAGS -pluginjail"
119        fi
120        warden template create ${FLAGS}
121        if [ $? -ne 0 ] ; then
122          exit_err "Failed create default template"
123        fi
124      fi
125  fi
126  WORLDCHROOT="${TDIR}"
127elif [ -z "$ARCHIVEFILE" ] ; then
128  # Set WORLDCHROOT to the dir we will clone / file to extract
129  WORLDCHROOT="${JDIR}/.warden-template-$TEMPLATE"
130else 
131   # See if we are overriding the default archive file
132   WORLDCHROOT="$ARCHIVEFILE"
133fi
134
135if [ "${IP4}" != "OFF" ] ; then
136  get_ip_and_netmask "${IP4}"
137  IP4="${JIP}"
138  MASK4="${JMASK}"
139  if [ -z "$MASK4" ] ; then MASK4="24"; fi
140fi
141
142if [ "${IP6}" != "OFF" ] ; then
143  get_ip_and_netmask "${IP6}"
144  IP6="${JIP}"
145  MASK6="${JMASK}"
146  if [ -z "$MASK6" ] ; then MASK6="64"; fi
147fi
148
149if [ -z "$HOST" ] ; then
150   echo "ERROR: Missing hostname!"
151   exit 6
152fi
153
154JAILDIR="${JDIR}/${JAILNAME}"
155set_warden_metadir
156
157if [ -e "${JAILDIR}" ]
158then
159  echo "ERROR: This Jail directory already exists!"
160  exit 5
161fi
162
163# Make sure we don't have a host already with this name
164for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
165do
166  if [ ! -e "${i}/host" ] ; then continue ; fi
167  if [ "`cat ${i}/host`" = "$HOST" ] ; then
168    echo "ERROR: A jail with this hostname already exists!"
169    exit 5
170  fi
171done
172
173# Get next unique ID
174META_ID=0
175for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
176do
177  id=`cat ${i}/id`
178  if [ "${id}" -gt "${META_ID}" ] ; then
179    META_ID="${id}"
180  fi
181done
182: $(( META_ID += 1 ))
183
184# If we are setting up a linux jail, lets do it now
185if [ "$LINUXJAIL" = "YES" ] ; then
186   # Get the dataset of the jails mountpoint
187   rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
188   tSubDir=`basename $JAILDIR`
189   nDataSet="${rDataSet}/${tSubDir}"
190
191   zfs create -p ${nDataSet}
192   if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS dataset"; fi
193   setup_linux_jail
194   exit 0
195fi
196
197echo "Building new Jail... Please wait..."
198
199
200# Get the dataset of the jails mountpoint
201rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
202nSubDir=`basename $JAILDIR`
203nDataSet="${rDataSet}/${nSubDir}"
204oSubDir=`basename $WORLDCHROOT`
205oDataSet="${rDataSet}/${oSubDir}"
206
207# Create ZFS CLONE
208zfs clone ${oDataSet}@clean ${nDataSet}
209if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base clone"; fi
210
211mkdir ${JMETADIR}
212echo "${HOST}" > ${JMETADIR}/host
213if [ "${IP4}" != "OFF" ] ; then
214   echo "${IP4}/${MASK4}" > ${JMETADIR}/ipv4
215fi
216if [ "${IP6}" != "OFF" ] ; then
217   echo "${IP6}/${MASK6}" > ${JMETADIR}/ipv6
218fi
219echo "${META_ID}" > ${JMETADIR}/id
220
221if [ "$SOURCE" = "YES" ]
222then
223  echo "Installing source..."
224  mkdir -p "${JAILDIR}/usr/src"
225  cd ${JAILDIR}
226  SYSVER="$(uname -r | cut -d '-' -f 1-2)"
227  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/src.txz" "src.txz" "iso"
228  if [ $? -ne 0 ] ; then
229    echo "Error while downloading the freebsd world."
230  else
231    echo "Extracting sources.. May take a while.."
232    tar xvf src.txz -C "${JAILDIR}" 2>/dev/null
233    rm src.txz
234    echo "Done"
235  fi
236fi
237
238if [ "$PORTS" = "YES" ]
239then
240  echo "Fetching ports..."
241  mkdir -p "${JAILDIR}/usr/ports"
242  cd ${JAILDIR}
243  SYSVER="$(uname -r | cut -d '-' -f 1-2)"
244  get_file_from_mirrors "/${SYSVER}/${ARCH}/dist/ports.txz" "ports.txz" "iso"
245  if [ $? -ne 0 ] ; then
246    echo "Error while downloading the ports tree."
247  else
248    echo "Extracting ports.. May take a while.."
249    tar xvf ports.txz -C "${JAILDIR}" 2>/dev/null
250    rm ports.txz
251    echo "Done"
252  fi
253fi
254
255# Create an empty fstab
256touch "${JAILDIR}/etc/fstab"
257
258# If this isn't a fresh jail, we can skip to not clobber existing setup
259if [ -z "$ARCHIVEFILE" ] ; then
260  # Setup rc.conf
261  echo "portmap_enable=\"NO\"
262sshd_enable=\"YES\"
263sendmail_enable=\"NO\"
264hostname=\"${HOST}\"
265devfs_enable=\"YES\"
266devfs_system_ruleset=\"devfsrules_common\"" > "${JAILDIR}/etc/rc.conf"
267
268  # Create the host for this device
269cat<<__EOF__>"${JAILDIR}/etc/hosts"
270# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
271#
272# Host Database
273#
274# This file should contain the addresses and aliases for local hosts that
275# share this file.  Replace 'my.domain' below with the domainname of your
276# machine.
277#
278# In the presence of the domain name service or NIS, this file may
279# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
280#
281#
282::1                     localhost localhost.localdomain
283127.0.0.1               localhost localhost.localdomain ${HOST}
284__EOF__
285
286  if [ "${IP4}" != "OFF" ] ; then
287    echo "${IP4}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
288  fi
289  if [ "${IP6}" != "OFF" ] ; then
290    echo "${IP6}                        ${HOST}" >> "${JAILDIR}/etc/hosts"
291    sed -i '' "s|#ListenAddress ::|ListenAddress ${IP6}|g" ${JAILDIR}/etc/ssh/sshd_config
292  fi
293
294  # Copy resolv.conf
295  cp /etc/resolv.conf "${JAILDIR}/etc/resolv.conf"
296
297fi # End of ARCHIVEFILE check
298
299if [ "$AUTOSTART" = "YES" ] ; then
300  touch "${JMETADIR}/autostart"
301fi
302
303# Allow pinging by default
304echo "allow.raw_sockets=true" > ${JMETADIR}/jail-flags
305
306# Check if we need to copy the timezone file
307if [ -e "/etc/localtime" ] ; then
308   cp /etc/localtime ${JAILDIR}/etc/localtime
309fi
310
311# Setup TrueOS PKGNG repo / utilities only if on TRUEOS
312if [ "$VANILLA" != "YES" -a -e "${JAILDIR}/etc/rc.conf.pcbsd" ] ; then
313  bootstrap_pkgng "${JAILDIR}"
314  if [ $? -ne 0 ] ; then
315     echo "You can manually re-try by running # warden bspkgng ${JAILNAME}"
316  fi
317fi
318
319# Set the default meta-pkg set
320mkdir -p ${JAILDIR}/usr/local/etc >/dev/null 2>/dev/null
321echo "PCBSD_METAPKGSET: warden" > ${JAILDIR}/usr/local/etc/pcbsd.conf
322
323# Check if making a portjail
324if [ "$PORTJAIL" = "YES" ] ; then mkportjail "${JAILDIR}" ; fi
325
326# Check if making a pluginjail
327if [ "$PLUGINJAIL" = "YES" ] ; then mkpluginjail "${JAILDIR}" ; fi
328
329# If we are auto-starting the jail, do it now
330if [ "$AUTOSTART" = "YES" ] ; then warden start ${JAILNAME} ; fi
331
332echo "Success!"
333echo "Jail created at ${JAILDIR}"
334
335if [ "${PLUGINJAIL}" = "YES" ] ; then
336  mkdir -p "${JAILDIR}/.plugins"
337fi
338
339exit 0
Note: See TracBrowser for help on using the repository browser.