source: src-sh/warden/scripts/backend/functions.sh @ 2a7010e

releng/10.0.3releng/10.1releng/10.1.1releng/10.1.2
Last change on this file since 2a7010e was 2a7010e, checked in by clinta <github@…>, 10 months ago

Bridge is destroyed when it still contains members

Noticed this issue on my FreeBSD system, running warden from sysutils/pcbsd-utils. The IP for my host is on bridge0 and I noticed that when I stopped the last warden jail my bridge0 would be deleted, but I still need it and it has my physical interface as a member so the member count is equal to 1 after the epair device is deleted.

  • Property mode set to 100755
File size: 30.9 KB
Line 
1#!/bin/sh
2# Functions / variables for warden
3######################################################################
4# DO NOT EDIT
5
6# Source local functions
7. /usr/local/share/pcbsd/scripts/functions.sh
8
9# Installation directory
10PROGDIR="/usr/local/share/warden"
11
12# Jail location
13JDIR="$(grep ^JDIR: /usr/local/etc/warden.conf | cut -d' ' -f2)"
14export JDIR
15
16# Set arch type
17REALARCH=`uname -m`
18export REALARCH
19if [ -z "$ARCH" ] ; then
20  ARCH="$REALARCH"
21  export ARCH
22fi
23
24# Location of pcbsd.conf file
25PCBSD_ETCCONF="/usr/local/etc/pcbsd.conf"
26
27# Network interface to use
28NIC="$(grep ^NIC: /usr/local/etc/warden.conf | cut -d' ' -f2)"
29export NIC
30
31# Tmp directory
32WTMP="$(grep ^WTMP: /usr/local/etc/warden.conf | cut -d' ' -f2)"
33export WTMP
34
35# Default IP4 Pool of addresses
36DEFAULT_IP4POOL="$(grep ^IP4POOL: /usr/local/etc/warden.conf | cut -d' ' -f2)"
37if [ -z "$DEFAULT_IP4POOL" ] ; then
38   DEFAULT_IP4POOL="192.168.0.220"
39fi
40export DEFAULT_IP4POOL
41
42# FreeBSD release
43FREEBSD_RELEASE="$(grep ^FREEBSD_RELEASE: /usr/local/etc/warden.conf | cut -d' ' -f2)"
44if [ -z "${FREEBSD_RELEASE}" ] ; then
45  FREEBSD_RELEASE="$(uname -r)"
46fi
47export UNAME_r="${FREEBSD_RELEASE}"
48
49# Temp file for dialog responses
50ATMP="/tmp/.wans"
51export ATMP
52
53# Warden Version
54WARDENVER="1.4"
55export WARDENVER
56
57# Dirs to nullfs mount in X jail
58NULLFS_MOUNTS="/tmp /media"
59X11_MOUNTS="/usr/local/lib/X11/icons /usr/local/lib/X11/fonts /usr/local/etc/fonts"
60
61# Clone directory
62CDIR="${JDIR}/clones"
63
64downloadpluginjail() {
65  local _ver="${1}"
66
67  SYSVER=`echo "${_ver}" | sed -E 's|^FreeNAS-(([0-9]+\.){2}[0-9]+).*|\1|'`
68  SYSREL=`echo "${_ver}" | sed -E 's|^FreeNAS-([0-9]+\.){2}[0-9]+-([a-zA-Z0-9]+)-.*|\2|'`
69  SYSARCH=`echo "${_ver}" | sed -E 's#^(.*)(x86|x64)#\2#'`
70
71  SF="http://downloads.sourceforge.net/project/freenas"
72  URL="${SF}/FreeNAS-${SYSVER}/${SYSREL}/${SYSARCH}/plugins"
73
74  PJAIL="FreeNAS-${SYSVER}-${SYSREL}-${SYSARCH}.Plugins_Jail.pbi"
75  PJAILSHA256="${PJAIL}.sha256"
76
77  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
78  cd ${JDIR}
79
80  echo "Fetching jail environment. This may take a while..."
81
82  if [ ! -e "${PJAIL}" ] ; then
83     echo "Downloading ${URL}/${PJAIL} ..."
84     get_file "${URL}/${PJAIL}" "${PJAIL}" 3
85     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail."
86  fi
87
88  if [ ! -e "${PJAILSHA256}" ] ; then
89     echo "Downloading ${URL}/${PJAILSHA256} ..."
90     get_file "${URL}/${PJAILSHA256}" "${PJAILSHA256}" 3
91     [ $? -ne 0 ] && printerror "Error while downloading the pluginjail sha256."
92  fi
93
94  [ "$(sha256 -q ${PJAIL})" != "$(cat ${PJAILSHA256})" ] &&
95    printerror "Error in download data, checksum mismatch. Please try again later."
96
97  local zfsp=`getZFSRelativePath "${WORLDCHROOT}"`
98
99  # Use ZFS base for cloning
100  echo "Creating ZFS ${WORLDCHROOT} dataset..."
101  tank=`getZFSTank "${JDIR}"`
102  isDirZFS "${WORLDCHROOT}" "1"
103  if [ $? -ne 0 ] ; then
104     zfs create -o mountpoint=/${tank}${zfsp} -p ${tank}${zfsp}
105     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
106     mkdir -p "${WORLDCHROOT}/.plugins" >/dev/null 2>&1
107  fi
108
109  pbi_add -e --no-checksig -p ${WORLDCHROOT} ${PJAIL}
110  if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
111
112  zfs snapshot ${tank}${zfsp}@clean
113  if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
114  rm ${PJAIL}
115  rm ${PJAILSHA256}
116};
117
118### Download the chroot
119downloadchroot() {
120  local CHROOT="${1}"
121
122  # XXX If this is PCBSD, pbreg get /PC-BSD/Version
123  SYSVER="$(echo "$(uname -r)" | cut -f1 -d'-')"
124  FBSD_TARBALL="fbsd-release.txz"
125  FBSD_TARBALL_CKSUM="${FBSD_TARBALL}.md5"
126
127  # Set the mirror URL, may be overridden by setting MIRRORURL environment variable
128  if [ -z "${MIRRORURL}" ]; then
129    get_mirror
130    MIRRORURL="$VAL"
131  fi
132
133  if [ ! -d "${JDIR}" ] ; then mkdir -p "${JDIR}" ; fi
134  cd ${JDIR}
135
136  echo "Fetching jail environment. This may take a while..."
137  echo "Downloading ${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL} ..."
138
139  if [ ! -e "$FBSD_TARBALL" ] ; then
140     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL}" "$FBSD_TARBALL" 3
141     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
142  fi
143
144  if [ ! -e "$FBSD_TARBALL_CKSUM" ] ; then
145     get_file "${MIRRORURL}/${SYSVER}/${ARCH}/netinstall/${FBSD_TARBALL_CKSUM}" "$FBSD_TARBALL_CKSUM" 3
146     [ $? -ne 0 ] && printerror "Error while downloading the portsjail."
147  fi
148
149  [ "$(md5 -q ${FBSD_TARBALL})" != "$(cat ${FBSD_TARBALL_CKSUM})" ] &&
150    printerror "Error in download data, checksum mismatch. Please try again later."
151
152  local zfsp=`getZFSRelativePath "${CHROOT}"`
153
154  # Use ZFS base for cloning
155  echo "Creating ZFS ${CHROOT} dataset..."
156  tank=`getZFSTank "${JDIR}"`
157  isDirZFS "${CHROOT}" "1"
158  if [ $? -ne 0 ] ; then
159     zfs create -o mountpoint=/${tank}${zfsp} -p ${tank}${zfsp}
160     if [ $? -ne 0 ] ; then exit_err "Failed creating ZFS base dataset"; fi
161  fi
162
163  tar xvpf ${FBSD_TARBALL} -C ${CHROOT} 2>/dev/null
164  if [ $? -ne 0 ] ; then exit_err "Failed extracting ZFS chroot environment"; fi
165
166  zfs snapshot ${tank}${zfsp}@clean
167  if [ $? -ne 0 ] ; then exit_err "Failed creating clean ZFS base snapshot"; fi
168  rm ${FBSD_TARBALL}
169  rm ${FBSD_TARBALL_CKSUM}
170};
171
172# Check if a directory is mounted
173isDirMounted() {
174  mount | grep -q "on $1 ("
175  return $?
176}
177
178### Mount all needed filesystems for the jail
179mountjailxfs() {
180
181  if [ ! -d "${JDIR}/${1}/" ] ; then
182     exit_err "Invalid jail directory: ${JDIR}/${1}"
183  fi
184
185  # Update the user files on the portjail
186  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
187  for file in ${ETCFILES}; do
188    rm ${JDIR}/${1}/etc/${file} >/dev/null 2>&1
189    cp /etc/${file} ${JDIR}/${1}/etc/${file}
190  done
191
192  for nullfs_mount in ${NULLFS_MOUNTS}; do
193    if [ ! -d "${JDIR}/${1}${nullfs_mount}" ] ; then
194      mkdir -p "${JDIR}/${1}${nullfs_mount}"
195    fi
196    if is_symlinked_mountpoint ${nullfs_mount}; then
197      echo "${nullfs_mount} has symlink as parent, not mounting"
198      continue
199    fi
200
201    # If this is already mounted we can skip for now
202    isDirMounted "${JDIR}/${1}${nullfs_mount}" && continue
203
204    echo "Mounting ${JDIR}/${1}${nullfs_mount}"
205    mount_nullfs ${nullfs_mount} ${JDIR}/${1}${nullfs_mount}
206  done
207
208  # Check and mount /dev
209  isDirMounted "${JDIR}/${1}/dev"
210  if [ $? -ne 0 ] ; then
211    echo "Enabling devfs"
212    mount -t devfs devfs ${JDIR}/${1}/dev
213  fi
214
215  # Add support for linprocfs for ports that need linprocfs to build/run
216  if [  ! -d "${JDIR}/${1}/compat/linux/proc" ]; then
217    mkdir -p ${JDIR}/${1}/compat/linux/proc
218  fi
219  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/proc; then
220    echo "${JDIR}/${1}/compat/linux/proc has symlink as parent, not mounting"
221    return
222  fi
223
224  # If this is already mounted we can skip for now
225  isDirMounted "${JDIR}/${1}/compat/linux/proc"
226  if [ $? -ne 0 ] ; then
227    echo "Enabling linprocfs support."
228    mount -t linprocfs linprocfs ${JDIR}/${1}/compat/linux/proc
229  fi
230
231  # Add support for linsysfs for ports that need linprocfs to build/run
232  if [  ! -d "${JDIR}/${1}/compat/linux/sys" ]; then
233    mkdir -p ${JDIR}/${1}/compat/linux/sys
234  fi
235  if is_symlinked_mountpoint ${JDIR}/${1}/compat/linux/sys; then
236    echo "${JDIR}/${1}/compat/linux/sys has symlink as parent, not mounting"
237    return
238  fi
239
240  # If this is already mounted we can skip for now
241  isDirMounted "${JDIR}/${1}/compat/linux/sys"
242  if [ $? -ne 0 ] ; then
243    echo "Enabling linsysfs support."
244    mount -t linsysfs linsysfs ${JDIR}/${1}/compat/linux/sys
245  fi
246
247  # Lastly we need to mount /usr/home/* directories
248  for i in `ls -d /usr/home/*`
249  do
250    # If this is already mounted we can skip for now
251    isDirMounted "${JDIR}/${1}${i}" && continue
252    if [ ! -d "${JDIR}/${1}${i}" ] ; then mkdir -p ${JDIR}/${1}${i} ; fi
253    echo "Mounting home: ${i}"
254    mount_nullfs ${i} ${JDIR}/${1}${i}
255  done
256
257}
258
259### Umount all the jail's filesystems
260umountjailxfs() {
261  status="0"
262  # Umount all filesystems that are mounted into the portsjail
263  for mountpoint in $(mount | grep ${JDIR}/${1}/ | cut -d" " -f3); do
264    if [ "$mountpoint" = "${JDIR}/${1}/dev" ] ; then continue ; fi
265    if [ "$mountpoint" = "${JDIR}/${1}/" ] ; then continue ; fi
266    if [ "$mountpoint" = "${JDIR}/${1}" ] ; then continue ; fi
267    echo "Unmounting $mountpoint"
268    umount -f ${mountpoint}
269    if [ $? -ne 0 ] ; then status="1" ; fi
270  done
271  # Now try to umount /dev
272  umount -f ${JDIR}/${1}/dev 2>/dev/null >/dev/null
273  return $status
274}
275
276# Check if PBI scripts are loaded in jail
277checkpbiscripts() {
278  if [ -z "${1}" ] ; then return ; fi
279  if [ ! -e "${1}/usr/local/sbin/pbi_info" ] ; then
280    copypbiscripts "${1}"
281  elif [ "`ls -l /usr/local/sbin/pbi_info | awk '{print $5}'`" != "`ls -l ${1}/usr/local/sbin/pbi_info | awk '{print $5}'`" ] ; then
282    copypbiscripts "${1}"
283  fi
284}
285
286# Copy PBI scripts to jail
287copypbiscripts() {
288  if [ -z "${1}" ] ; then return ; fi
289  mkdir -p ${1}/usr/local/sbin >/dev/null 2>/dev/null
290  cp /usr/local/sbin/pbi* ${1}/usr/local/sbin/
291  chmod 755 ${1}/usr/local/sbin/pbi*
292
293  # Copy rc.d pbid script
294  mkdir -p ${1}/usr/local/etc/rc.d >/dev/null 2>/dev/null
295  cp /usr/local/etc/rc.d/pbid ${1}/usr/local/etc/rc.d/
296
297  # Copy any PBI manpages
298  for man in `find /usr/local/man | grep pbi`
299  do
300    if [ ! -d "${1}`dirname $man`" ] ; then
301      mkdir -p "${1}`dirname $man`"
302    fi
303    cp "${man}" "${1}${man}"
304  done
305}
306
307mkportjail() {
308  if [ -z "${1}" ] ; then return ; fi
309  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
310  for file in ${ETCFILES}; do
311    rm ${1}/etc/${file} >/dev/null 2>&1
312    cp /etc/${file} ${1}/etc/${file}
313  done
314 
315  # Need to symlink /home
316  chroot ${1} ln -fs /usr/home /home
317
318  # Make sure we remove our cleartmp rc.d script, causes issues
319  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
320
321  # Flag this type
322  touch ${JMETADIR}/jail-portjail
323}
324
325mkpluginjail() {
326  if [ -z "${1}" ] ; then return ; fi
327  ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
328  for file in ${ETCFILES}; do
329    rm ${1}/etc/${file} >/dev/null 2>&1
330    cp /etc/${file} ${1}/etc/${file}
331  done
332 
333  # Need to symlink /home
334  chroot ${1} ln -fs /usr/home /home
335
336  # Make sure we remove our cleartmp rc.d script, causes issues
337  [ -e "${1}/etc/rc.d/cleartmp" ] && rm ${1}/etc/rc.d/cleartmp
338  # Flag this type
339  touch ${JMETADIR}/jail-pluginjail
340}
341
342mkZFSSnap() {
343  isDirZFS "${1}" "1"
344  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
345  tank=`getZFSTank "$1"`
346  rp=`getZFSRelativePath "$1"`
347  zdate=`date +%Y-%m-%d-%H-%M-%S`
348  zfs snapshot $tank${rp}@$zdate
349  # Do we have a comment to set?
350  if [ -n "$2" ] ; then
351      zfs set warden:comment="$2" ${tank}${rp}@${zdate}
352  fi
353}
354
355listZFSSnap() {
356  isDirZFS "${1}" "1"
357  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
358  tank=`getZFSTank "$1"`
359  rp=`getZFSRelativePath "$1"`
360
361  echo "Snapshot                                Comment"
362  echo "-----------------------------------------------"
363  for i in `zfs list -r -t snapshot ${tank}${rp} 2>/dev/null | cut -d '@' -f 2 | awk '{print $1}'`
364  do
365     comment=`zfs get -o value warden:comment ${tank}${rp}@$i 2>/dev/null| grep -v "VALUE"`
366     lcomment=`zfs get -o value lpreserver:comment ${tank}${rp}@$i 2>/dev/null| grep -v "VALUE"`
367     if [ -z "$comment" -a -n "$lcomment" ] ; then
368       echo "$i         $lcomment"
369     else
370       echo "$i         $comment"
371     fi
372  done
373}
374
375listZFSClone() {
376  isDirZFS "${1}" "1"
377  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
378  tank=`getZFSTank "$1"`
379  cdir=`getZFSRelativePath "${CDIR}"` 
380  echo "Clone Directory: ${CDIR}"
381  echo "-----------------------------------"
382  zfs list | grep -w "^${tank}${cdir}/${2}" | awk '{print $5}' | sed "s|${CDIR}/${2}-||g"
383}
384
385rmZFSClone() {
386  CLONEDIR="${CDIR}/${3}-${2}"
387  isDirZFS "${CLONEDIR}" "1"
388  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${CLONEDIR}" ; fi
389  tank=`getZFSTank "${CLONEDIR}"`
390  rp=`getZFSRelativePath "${CLONEDIR}"`
391  zfs destroy ${tank}${rp}
392}
393
394rmZFSSnap() {
395  isDirZFS "${1}" "1"
396  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
397  tank=`getZFSTank "$1"`
398  rp=`getZFSRelativePath "$1"`
399  zfs destroy $tank${rp}@$2
400}
401
402revertZFSSnap() {
403  isDirZFS "${1}" "1"
404  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
405  tank=`getZFSTank "$1"`
406  rp=`getZFSRelativePath "$1"`
407
408  # Make sure this is a valid snapshot
409  zfs list -t snapshot | grep -w "^${tank}${rp}" | cut -d '@' -f 2 | awk '{print $1}' | grep -q ${2}
410  if [ $? -ne 0 ] ; then printerror "Invalid ZFS snapshot!" ; fi
411
412  # Check if the jail is running first
413  ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
414  if [ "$?" = "0" ]; then
415    restartJail="YES"
416    # Make sure the jail is stopped
417    ${PROGDIR}/scripts/backend/stopjail.sh "${3}"
418    ${PROGDIR}/scripts/backend/checkstatus.sh "${3}"
419    if [ "$?" = "0" ]; then
420      printerror "Could not stop jail... Halting..."
421    fi
422  fi
423
424  # Rollback the snapshot
425  zfs rollback -R -f ${tank}${rp}@$2
426
427  # If it was started, restart the jail now
428  if [ "$restartJail" = "YES" ]; then
429    ${PROGDIR}/scripts/backend/startjail.sh "${3}"
430  fi
431 
432}
433
434cloneZFSDir() {
435  isDirZFS "${1}" "1"
436  if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${1}" ; fi
437
438  tank=`getZFSTank "$1"`
439  rp=`getZFSRelativePath "$1"`
440  newrp=`getZFSRelativePath "$2"`
441
442  zdate=`date +%Y-%m-%d-%H-%M-%S`
443  snapName="preClone-$zdate"
444
445  # Create a temp snapshot we can clone
446  zfs snapshot $tank${rp}@${snapName}
447  if [ $? -ne 0 ] ; then printerror "Failed creating snapshot!" ; fi
448
449  # Clone the snapshot
450  zfs clone -p ${tank}${rp}@${snapName} ${tank}${newrp}
451  if [ $? -ne 0 ] ; then printerror "Failed cloning snapshot!" ; fi
452
453  return 0
454}
455
456set_warden_metadir()
457{
458   JMETADIR="${JDIR}/.${JAILNAME}.meta"
459   export JMETADIR
460}
461
462get_ip_and_netmask()
463{
464   JIP=`echo "${1}" | cut -f1 -d'/'`
465   JMASK=`echo "${1}" | cut -f2 -d'/' -s`
466}
467
468get_interface_addresses()
469{
470   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
471}
472
473get_interface_ipv4_addresses()
474{
475   ifconfig ${1} | grep -w inet | awk '{ print $2 }'
476}
477
478get_interface_ipv6_addresses()
479{
480   ifconfig ${1} | grep -w inet6 | awk '{ print $2 }'
481}
482
483get_interface_address()
484{
485   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
486}
487
488get_interface_ipv4_address()
489{
490   ifconfig ${1} | grep -w inet | head -1 | awk '{ print $2 }'
491}
492
493get_interface_ipv6_address()
494{
495   ifconfig ${1} | grep -w inet6 | head -1 | awk '{ print $2 }'
496}
497
498get_interface_aliases()
499{
500   local _count
501
502   _count=`ifconfig ${1} | grep -w inet | wc -l`
503   _count="$(echo "${_count} - 1" | bc)"
504
505   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
506}
507
508get_interface_ipv4_aliases()
509{
510   local _count
511
512   _count=`ifconfig ${1} | grep -w inet | wc -l`
513   _count="$(echo "${_count} - 1" | bc)"
514
515   ifconfig ${1} | grep -w inet | tail -${_count} | awk '{ print $2 }'
516}
517
518get_interface_ipv6_aliases()
519{
520   local _count
521
522   _count=`ifconfig ${1} | grep -w inet | wc -l`
523   _count="$(echo "${_count} - 1" | bc)"
524
525   ifconfig ${1} | grep -w inet6 | tail -${_count} | awk '{ print $2 }'
526}
527
528get_default_route()
529{
530   netstat -f inet -nr | grep '^default' | awk '{ print $2 }'
531}
532
533get_default_interface()
534{
535   netstat -f inet -nrW | grep '^default' | awk '{ print $7 }'
536}
537
538get_bridge_interfaces()
539{
540   ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:
541}
542
543get_bridge_members()
544{
545   ifconfig ${1} | grep -w member | awk '{ print $2 }'
546}
547
548get_bridge_interface_by_ipv4_network()
549{
550   local network="${1}"
551   local bridges="$(get_bridge_interfaces)"
552
553   if [ -z "${network}" ]
554   then
555      return 1
556   fi
557
558   for _bridge in ${bridges}
559   do
560      local ips="$(get_interface_ipv4_aliases "${_bridge}")"
561      for _ip in ${ips}
562      do
563         if in_ipv4_network "${_ip}" "${network}"
564         then
565            echo "${_bridge}"
566            return 0
567         fi
568      done
569   done
570
571   return 1
572}
573
574get_bridge_interface_by_ipv6_network()
575{
576   local network="${1}"
577   local bridges="$(get_bridge_interfaces)"
578
579   if [ -z "${network}" ]
580   then
581      return 1
582   fi
583
584   for _bridge in ${bridges}
585   do
586      local ips="$(get_interface_ipv6_aliases "${_bridge}")"
587      for _ip in ${ips}
588      do
589         if in_ipv6_network "${_ip}" "${network}"
590         then
591            echo "${_bridge}"
592            return 0
593         fi
594      done
595   done
596
597   return 1
598}
599
600is_bridge_member()
601{
602   local _bridge="${1}"
603   local _iface="${2}"
604
605   for _member in `get_bridge_members ${_bridge}`
606   do
607      if [ "${_member}" = "${_iface}" ] ; then
608         return 0
609      fi
610   done
611
612   return 1
613}
614
615jail_interfaces_down()
616{
617   local _jid="${1}"
618   local _bridgeif
619   local _epaira
620   local _epairb
621
622   _epairb=`jexec ${_jid} ifconfig -a | grep '^epair' | cut -f1 -d:`
623   if [ -n "${_epairb}" ] ; then
624      _epaira=`echo ${_epairb} | sed -E 's|b$|a|'`
625      _bridgeif=
626
627      for _bridge in `ifconfig -a | grep -E '^bridge[0-9]+' | cut -f1 -d:`
628      do
629         for _member in `ifconfig ${_bridge} | grep member | awk '{ print $2 }'`
630         do
631            if [ "${_member}" = "${_epaira}" ] ; then
632               _bridgeif="${_bridge}"
633                break
634            fi
635         done
636         if [ -n "${_bridgeif}" ] ; then
637            break
638         fi
639      done
640
641      jexec ${_jid} ifconfig ${_epairb} down
642      ifconfig ${_epaira} down
643      ifconfig ${_epaira} destroy
644      _count=`ifconfig ${_bridgeif} | grep member | awk '{ print $2 }' | wc -l`
645      if [ "${_count}" -lt "1" ] ; then
646         ifconfig ${_bridgeif} destroy
647      fi
648   fi
649}
650
651enable_cron()
652{
653   cronscript="${PROGDIR}/scripts/backend/cronsnap.sh"
654   grep -q "${cronscript}" /etc/crontab
655   if [ $? -eq 0 ] ; then return 0 ; fi
656   echo "2     *        *       *       *        root    ${cronscript}" >> /etc/crontab
657   # Restart cron
658   /etc/rc.d/cron restart >/dev/null 2>/dev/null
659}
660
661fix_old_meta()
662{
663   for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
664   do
665      if [ -e "${i}/xjail" ] ; then
666         touch ${i}/jail-portjail 2>/dev/null
667      fi
668      if [ -e "${i}/linuxjail" ] ; then
669         touch ${i}/jail-linux 2>/dev/null
670      fi
671   done
672}
673
674is_ipv4()
675{
676   local addr="${1}"
677   local res=1
678
679   local ipv4="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
680   if [ "${ipv4}" = "ipv4" ]
681   then
682      res=0
683   fi
684
685   return ${res}
686}
687
688is_ipv6()
689{
690   local addr="${1}"
691   local res=1
692
693   local ipv6="$(/usr/local/bin/sipcalc "${addr}"|head -1|cut -f2 -d'['|awk '{ print $1 }')"
694   if [ "${ipv6}" = "ipv6" ]
695   then
696      res=0
697   fi
698
699   return ${res}
700}
701
702in_ipv4_network()
703{
704   local addr="${1}"
705   local network="${2}"
706   local res=1
707
708   local start="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $4 }')"
709   local end="$(/usr/local/bin/sipcalc "${network}"|awk '/^Usable/ { print $6 }')"
710
711   local iaddr="$(/usr/local/bin/sipcalc "${addr}"|awk '/(decimal)/ { print $5 }')"
712   local istart="$(/usr/local/bin/sipcalc "${start}"|awk '/(decimal)/ { print $5 }')"
713   local iend="$(/usr/local/bin/sipcalc "${end}"|awk '/(decimal)/ { print $5 }')"
714
715   if [ "${iaddr}" -ge "${istart}" -a "${iaddr}" -le "${iend}" ]
716   then
717      res=0
718   fi
719
720   return ${res}
721}
722
723ipv6_to_binary()
724{
725   echo ${1}|awk '{
726      split($1, octets, ":");
727      olen = length(octets);
728               
729      bnum = "";
730      for (i = 1;i <= olen;i++) {
731         tbnum = "";
732         dnum = int(sprintf("0x%s", octets[i]));
733         for (;;) {
734            rem = int(dnum % 2);
735            if (rem == 0)
736               tbnum = sprintf("0%s", tbnum);
737            else               
738               tbnum = sprintf("1%s", tbnum);
739            dnum /= 2;
740            if (dnum < 1)
741               break;
742         }
743         bnum = sprintf("%s%016s", bnum, tbnum);
744      }
745      printf("%s", bnum);
746   }'
747}
748
749in_ipv6_network()
750{
751   local addr="${1}"
752   local network="${2}"
753   local mask="$(echo "${network}"|cut -f2 -d'/' -s)"
754   local res=1
755
756   local addr="$(/usr/local/bin/sipcalc "${addr}"|awk \
757      '/^Expanded/ { print $4}')"
758   local start="$(/usr/local/bin/sipcalc "${network}"|egrep \
759      '^Network range'|awk '{ print $4 }')"
760
761   local baddr="$(ipv6_to_binary "${addr}")"
762   local bstart="$(ipv6_to_binary "${start}")"
763
764   local baddrnet="$(echo "${baddr}"|awk -v mask="${mask}" \
765      '{ s = substr($0, 1, mask); printf("%s", s); }')"
766   local bstartnet="$(echo "${bstart}"|awk -v mask="${mask}" \
767      '{ s = substr($0, 1, mask); printf("%s", s); }')"
768
769   if [ "${baddrnet}" = "${bstartnet}" ]
770   then
771      res=0
772   fi
773
774   return ${res}
775}
776
777install_pc_extractoverlay()
778{
779  if [ -z "${1}" ] ; then
780    return 1
781  fi
782
783  mkdir -p ${1}/usr/local/bin
784  mkdir -p ${1}/usr/local/share/pcbsd/conf
785  mkdir -p ${1}/usr/local/share/pcbsd/distfiles
786
787  cp /usr/local/bin/pc-extractoverlay ${1}/usr/local/bin/
788  chmod 755 ${1}/usr/local/bin/pc-extractoverlay
789
790  cp /usr/local/share/pcbsd/conf/server-excludes \
791    ${1}/usr/local/share/pcbsd/conf
792  cp /usr/local/share/pcbsd/distfiles/server-overlay.txz \
793    ${1}/usr/local/share/pcbsd/distfiles
794
795  return 0
796}
797
798make_bootstrap_pkgng_file_standard()
799{
800  local jaildir="${1}"
801  local outfile="${2}"
802
803  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
804     echo "Missing /bin/freebsd-version in jail.."
805     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
806     return 1
807  fi
808
809  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1-2`"
810  local arch="$(uname -m)"
811
812cat<<__EOF__>"${outfile}"
813#!/bin/sh
814tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
815pkg add pkg.txz
816rm pkg.txz
817
818# Create the pkg.conf file
819echo "PKG_CACHEDIR: /usr/local/tmp
820repos_dir: [
821                \"/usr/local/etc/pkg/repos\"
822           ]" > /usr/local/etc/pkg.conf
823
824# Create the repo dirs
825mkdir -p /usr/local/etc/pkg/repos 2>/dev/null
826mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/trusted 2>/dev/null
827mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/revoked 2>/dev/null
828
829# Save the repo configuration file
830echo "pcbsd: {
831               url: \"http://pkg.cdn.pcbsd.org/${release}/${arch}\",
832               signature_type: \"fingerprints\",
833               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
834               enabled: true
835              }" > /usr/local/etc/pkg/repos/pcbsd.conf
836
837# Save the fingerprint file
838echo "function: sha256
839fingerprint: b2b9e037f938cf20ba68aa85ac88c15889c729a7f6b70c25069774308e760a03" > /usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209
840
841pkg update
842pkg install -y pcbsd-utils
843pc-extractoverlay ports
844
845exit $?
846__EOF__
847
848}
849
850make_bootstrap_pkgng_file_pluginjail()
851{
852
853  local jaildir="${1}"
854  local outfile="${2}"
855
856  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
857     echo "Missing /bin/freebsd-version in jail.."
858     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
859     return 0
860  fi
861
862  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1-2`"
863  local arch="$(uname -m)"
864
865  get_mirror
866  local mirror="${VAL}"
867
868  cp /usr/local/share/warden/pluginjail-packages "${jaildir}/pluginjail-packages"
869
870cat<<__EOF__>"${outfile}"
871#!/bin/sh
872tar xvf pkg.txz --exclude +MANIFEST --exclude +MTREE_DIRS 2>/dev/null
873pkg add pkg.txz
874rm pkg.txz
875
876mount -t devfs devfs /dev
877
878# Create the pkg.conf file
879echo "PKG_CACHEDIR: /usr/local/tmp
880repos_dir: [
881                \"/usr/local/etc/pkg/repos\"
882           ]" > /usr/local/etc/pkg.conf
883
884# Create the repo dirs
885mkdir -p /usr/local/etc/pkg/repos 2>/dev/null
886mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/trusted 2>/dev/null
887mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/revoked 2>/dev/null
888
889# Save the repo configuration file
890echo "pcbsd: {
891               url: \"http://pkg.cdn.pcbsd.org/${release}/${arch}\",
892               signature_type: \"fingerprints\",
893               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
894               enabled: true
895              }" > /usr/local/etc/pkg/repos/pcbsd.conf
896
897# Create the repo.dist file
898echo "pcbsd: {
899               url: \"http://pkg.cdn.pcbsd.org/VERSION/ARCH\",
900               signature_type: \"fingerprints\",
901               fingerprints: \"/usr/local/etc/pkg/fingerprints/pcbsd\",
902               enabled: true
903              }" > /usr/local/etc/pkg/repos/pcbsd.conf.dist
904
905# Save the fingerprint file
906echo "function: sha256
907fingerprint: b2b9e037f938cf20ba68aa85ac88c15889c729a7f6b70c25069774308e760a03" > /usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209
908
909pkg update
910pkg install -y pcbsd-utils
911__EOF__
912
913echo '
914i=0
915count=`wc -l /pluginjail-packages| awk "{ print $1 }"`
916for p in `cat /pluginjail-packages`
917do
918  pkg install -y ${p}
919  : $(( i += 1 ))
920done
921
922umount devfs
923exit $?
924' >> "${outfile}"
925}
926
927
928bootstrap_pkgng()
929{
930  local jaildir="${1}"
931  local jailtype="${2}"
932  if [ -z "${jailtype}" ] ; then
933    jailtype="standard"
934  fi
935
936  if [ ! -e "${jaildir}/bin/freebsd-version" ] ; then
937     echo "Missing /bin/freebsd-version in jail.."
938     echo "PKG bootstrap can only be done on 10.0 and higher, skipping..."
939     return 1
940  fi
941
942  local release="`${jaildir}/bin/freebsd-version | cut -d '-' -f 1-2`"
943  local arch="$(uname -m)"
944
945  local ffunc="make_bootstrap_pkgng_file_standard"
946  if [ "${jailtype}" = "pluginjail" ] ; then
947    ffunc="make_bootstrap_pkgng_file_pluginjail"
948  fi
949
950  cd ${jaildir} 
951  echo "Boot-strapping pkgng"
952
953  mkdir -p ${jaildir}/usr/local/etc
954
955
956  ${ffunc} "${jaildir}" "${jaildir}/bootstrap-pkgng"
957  chmod 755 "${jaildir}/bootstrap-pkgng"
958
959  if [ -e "pkg.txz" ] ; then rm pkg.txz ; fi
960  get_file_from_mirrors "/${release}/${arch}/Latest/pkg.txz" "pkg.txz" "pkg"
961  if [ $? -eq 0 ] ; then
962    chroot ${jaildir} /bootstrap-pkgng
963    if [ $? -eq 0 ] ; then
964      rm -f "${jaildir}/bootstrap-pkgng"
965      rm -f "${jaildir}/pluginjail-packages"
966      chroot ${jaildir} pc-extractoverlay server --sysinit
967      return 0
968    fi
969  fi
970
971  echo "Failed boot-strapping PKGNG, most likely cause is internet connection failure."
972  rm -f "${jaildir}/bootstrap-pkgng"
973  rm -f "${jaildir}/pluginjail-packages"
974  return 1
975}
976
977ipv4_configured()
978{
979   local iface="${1}"
980   local jid="${2}"
981   local jexec=
982
983   if [ -n "${jid}" ] ; then
984      jexec="jexec ${jid}"
985   fi
986
987   ${jexec} ifconfig "${iface}" | grep -qw inet 2>/dev/null
988   return $?
989}
990
991ipv4_address_configured()
992{
993   local iface="${1}"
994   local addr="${2}"
995   local jid="${3}"
996   local jexec= 
997
998   addr="$(echo ${addr}|cut -f1 -d'/')"
999
1000   if [ -n "${jid}" ] ; then
1001      jexec="jexec ${jid}"
1002   fi
1003
1004   ${jexec} ifconfig "${iface}" | \
1005      grep -w inet | \
1006      awk '{ print $2 }' | \
1007      grep -Ew "^${addr}" >/dev/null 2>&1
1008   return $?
1009}
1010
1011ipv6_configured()
1012{
1013   local iface="${1}"
1014   local jid="${2}"
1015   local jexec=
1016
1017   if [ -n "${jid}" ] ; then
1018      jexec="jexec ${jid}"
1019   fi
1020
1021   ${jexec} ifconfig "${iface}" | grep -qw inet6 2>/dev/null
1022   return $?
1023}
1024
1025ipv6_address_configured()
1026{
1027   local iface="${1}"
1028   local addr="${2}"
1029   local jid="${3}"
1030   local jexec= 
1031
1032   addr="$(echo ${addr}|cut -f1 -d'/')"
1033
1034   if [ -n "${jid}" ] ; then
1035      jexec="jexec ${jid}"
1036   fi
1037
1038   ${jexec} ifconfig "${iface}" | \
1039      grep -w inet6 | \
1040      awk '{ print $2 }' | \
1041      grep -Ew "^${addr}" >/dev/null 2>&1
1042   return $?
1043}
1044
1045get_ipfw_nat_instance()
1046{
1047   local iface="${1}"
1048   local res=1
1049
1050   if [ -z "${iface}" ] ; then
1051      local instance="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'|tail -1`"
1052      if [ -z "${instance}" ] ; then
1053         instance="100"
1054      else               
1055         : $(( instance += 100 )) 
1056      fi
1057      echo "${instance}"
1058      return 0
1059   fi
1060
1061   for ni in `ipfw list|egrep '[0-9]+ nat'|awk '{ print $3 }'`
1062   do
1063      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1064      if [ "$?" = "0" ] ; then
1065         echo "${ni}"
1066         res=0
1067         break
1068      fi
1069   done
1070
1071   return ${res}
1072}
1073
1074get_ipfw_nat_priority()
1075{
1076   local iface="${1}"
1077   local res=1
1078
1079   if [ -z "${iface}" ] ; then
1080      local priority="`ipfw list|egrep '[0-9]+ nat'|awk '{ print $1 }'|tail -1`"
1081      if [ -z "${priority}" ] ; then
1082         priority=2000
1083      fi
1084      printf "%05d\n" "${priority}"
1085      return 0
1086   fi
1087
1088   local IFS='
1089'
1090   for rule in `ipfw list|egrep '[0-9]+ nat'`
1091   do
1092      local priority="`echo "${rule}"|awk '{ print $1 }'`"
1093      local ni="`echo "${rule}"|awk '{ print $3 }'`"
1094
1095      ipfw nat "${ni}" show config|egrep -qw "${iface}"
1096      if [ "$?" = "0" ] ; then
1097         echo "${priority}"
1098         res=0
1099         break
1100      fi
1101   done
1102
1103   return ${res}
1104}
1105
1106list_templates()
1107{
1108   echo "Jail Templates:"
1109   echo "------------------------------" 
1110   for i in `ls -d ${JDIR}/.warden-template* 2>/dev/null`
1111   do
1112     if [ ! -e "$i/bin/sh" ] ; then continue ; fi
1113     NICK=`echo "$i" | sed "s|${JDIR}/.warden-template-||g"`
1114     file "$i/bin/sh" 2>/dev/null | grep -q "64-bit"
1115     if [ $? -eq 0 ] ; then
1116        ARCH="amd64"
1117     else
1118        ARCH="i386"
1119     fi
1120     VER=`file "$i/bin/sh" | cut -d ',' -f 5 | awk '{print $3}'`
1121     if [ -e "$i/etc/rc.conf.pcbsd" ] ; then
1122        TYPE="TrueOS"
1123     else
1124        TYPE="FreeBSD"
1125     fi
1126     echo -e "${NICK} - $TYPE $VER ($ARCH)"
1127  done
1128  exit 0
1129}
1130
1131delete_template()
1132{
1133   tDir="${JDIR}/.warden-template-${1}"
1134   isDirZFS "${tDir}" "1"
1135   if [ $? -ne 0 ] ; then printerror "Not a ZFS volume: ${tDir}" ; fi
1136   tank=`getZFSTank "$tDir"`
1137   rp=`getZFSRelativePath "$tDir"`
1138   zfs destroy -r $tank${rp} 
1139   if [ $? -ne 0 ] ; then
1140     exit_err "Could not remove template, perhaps you have jails still using it?"
1141   fi
1142   rmdir ${tDir}
1143   echo "DONE"
1144
1145   exit 0
1146}
1147
1148get_ip_host_flags()
1149{
1150         IP4="OFF"
1151         IP6="OFF"
1152         HOST="OFF"
1153         for i in "$@"
1154         do
1155           # Check if we have a new IPv4 address for this import
1156           echo "${i}" | grep '\-\-ipv4=' >/dev/null 2>/dev/null
1157           if [ "$?" = "0" ]; then
1158              tmp="`echo ${i} | cut -d '=' -f 2`"
1159              IP4="`echo ${tmp} | cut -d '/' -f 1 -s`"
1160              MASK4="`echo ${tmp} | cut -d '/' -f 2 -s`"
1161
1162              #Sanity check on the IP
1163              if ! is_ipv4 "${IP4}" ; then
1164                 exit_err "Invalid IPv4 address: $IP4"
1165              fi
1166
1167              for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
1168              do
1169                if [ "`cat ${i}/ipv4 2>/dev/null`" = "${IP4}/${MASK4}" ] ; then
1170                  exit_err "A jail with this IPv4 address already exists!"
1171                fi
1172              done
1173           fi
1174
1175           # Check if we have a new IPv6 address for this import
1176           echo "${i}" | grep '\-\-ipv6=' >/dev/null 2>/dev/null
1177           if [ "$?" = "0" ]; then
1178              tmp="`echo ${i} | cut -d '=' -f 2`"
1179              IP6="`echo ${tmp} | cut -d '/' -f 1 -s`"
1180              MASK6="`echo ${tmp} | cut -d '/' -f 2 -s`"
1181
1182              #Sanity check on the IP
1183              if ! is_ipv6 "${IP6}" ; then
1184                 exit_err "Invalid IPv6 address!"
1185              fi
1186
1187              for i in `ls -d ${JDIR}/.*.meta 2>/dev/null`
1188              do
1189                _ipv6=`cat ${i}/ipv6 2>/dev/null | tr a-z A-Z`
1190                _nipv6="`echo ${IP6}|tr a-z A-Z`/${MASK6}"
1191
1192                if [ "${_ipv6}" = "${_nipv6}" ] ; then
1193                  exit_err "A jail with this IPv6 address already exists!"
1194                fi
1195              done
1196           fi
1197
1198           # Check if we have a new hostname for this jail
1199           echo ${i} | grep '\-\-host=' >/dev/null 2>/dev/null
1200           if [ "$?" = "0" ]; then
1201              HOST="`echo ${i} | cut -d '=' -f 2`"
1202           fi
1203
1204         done
1205
1206}
1207
1208zfs_prog_check() {
1209
1210   isDirZFS "${JDIR}"
1211   if [ $? -ne 0 ] ; then
1212      echo "WARNING: JDIR is NOT set to a ZFS managed dataset.."
1213      echo "Please change JDIR in /usr/local/etc/warden.conf to a ZFS dataset!"
1214   fi
1215
1216}
Note: See TracBrowser for help on using the repository browser.