Merge remote-tracking branch 'upstream/master'
This commit is contained in:
@@ -292,6 +292,37 @@ bootstrapping templates from GitHub or GitLab.
|
|||||||
See `bastille update` to ensure your bootstrapped releases include the latest
|
See `bastille update` to ensure your bootstrapped releases include the latest
|
||||||
patches.
|
patches.
|
||||||
|
|
||||||
|
**Ubuntu Linux [new since 0.9]**
|
||||||
|
|
||||||
|
The bootstrap process for Linux containers is very different from the *BSD process.
|
||||||
|
You will need the package debootstrap and some kernel modules for that.
|
||||||
|
But don't worry, Bastille will do that for that for you.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
ishmael ~ # bastille bootstrap focal
|
||||||
|
sysrc: unknown variable 'linprocfs_load'
|
||||||
|
sysrc: unknown variable 'linsysfs_load'
|
||||||
|
sysrc: unknown variable 'tmpfs_load'
|
||||||
|
linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)
|
||||||
|
#y
|
||||||
|
Loading modules
|
||||||
|
Persisting modules
|
||||||
|
linux_enable: -> YES
|
||||||
|
linprocfs_load: -> YES
|
||||||
|
linsysfs_load: -> YES
|
||||||
|
tmpfs_load: -> YES
|
||||||
|
Debootstrap not found. Should it be installed? (N|y)
|
||||||
|
#y
|
||||||
|
FreeBSD repository is up to date.
|
||||||
|
All repositories are up to date.
|
||||||
|
Checking integrity... done (0 conflicting)
|
||||||
|
The following 1 package(s) will be affected (of 0 checked):
|
||||||
|
|
||||||
|
New packages to be INSTALLED:
|
||||||
|
debootstrap: 1.0.123_4
|
||||||
|
[...]
|
||||||
|
```
|
||||||
|
As of 0.9.20210714 Bastille supports Ubuntu 18.04 (bionic) and Ubuntu 20.04 (focal).
|
||||||
|
|
||||||
bastille create
|
bastille create
|
||||||
---------------
|
---------------
|
||||||
@@ -381,6 +412,15 @@ shared base container is a "thin").
|
|||||||
ishmael ~ # bastille create -T folsom 12.0-RELEASE 10.17.89.10
|
ishmael ~ # bastille create -T folsom 12.0-RELEASE 10.17.89.10
|
||||||
```
|
```
|
||||||
|
|
||||||
|
**Linux**
|
||||||
|
```shell
|
||||||
|
ishmael ~ # bastille create folsom focal 10.17.89.10
|
||||||
|
```
|
||||||
|
|
||||||
|
Systemd is not supported due to the missing boot process.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
I recommend using private (rfc1918) ip address ranges for your containers.
|
I recommend using private (rfc1918) ip address ranges for your containers.
|
||||||
These ranges include:
|
These ranges include:
|
||||||
|
|
||||||
|
|||||||
@@ -429,11 +429,88 @@ http?://*/*/*)
|
|||||||
BASTILLE_TEMPLATE_REPO=$(echo "${1}" | awk -F / '{ print $5 }')
|
BASTILLE_TEMPLATE_REPO=$(echo "${1}" | awk -F / '{ print $5 }')
|
||||||
bootstrap_template
|
bootstrap_template
|
||||||
;;
|
;;
|
||||||
|
#adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad
|
||||||
|
ubuntu_bionic|bionic|ubuntu-bionic)
|
||||||
|
#check and install OS dependencies @hackacad
|
||||||
|
if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then
|
||||||
|
warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)"
|
||||||
|
read answer
|
||||||
|
case $answer in
|
||||||
|
no|No|n|N|"")
|
||||||
|
error_exit "Exiting."
|
||||||
|
;;
|
||||||
|
yes|Yes|y|Y)
|
||||||
|
info "Loading modules"
|
||||||
|
kldload linux linux64 linprocfs linsysfs tmpfs
|
||||||
|
info "Persisting modules"
|
||||||
|
sysrc linux_enable=YES
|
||||||
|
sysrc -f /boot/loader.conf linprocfs_load=YES
|
||||||
|
sysrc -f /boot/loader.conf linsysfs_load=YES
|
||||||
|
sysrc -f /boot/loader.conf tmpfs_load=YES
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
if which -s debootstrap; then
|
||||||
|
debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804
|
||||||
|
else
|
||||||
|
warn "Debootstrap not found. Should it be installed? (N|y)"
|
||||||
|
read answer
|
||||||
|
case $answer in
|
||||||
|
no|No|n|N|"")
|
||||||
|
error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail."
|
||||||
|
;;
|
||||||
|
yes|Yes|y|Y)
|
||||||
|
pkg install -y debootstrap
|
||||||
|
debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Ubuntu_1804/etc/apt/apt.conf.d/00aptitude
|
||||||
|
;;
|
||||||
|
ubuntu_focal|focal|ubuntu-focal)
|
||||||
|
#check and install OS dependencies @hackacad
|
||||||
|
#ToDo: add function 'linux_pre' for sysrc etc.
|
||||||
|
if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then
|
||||||
|
warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)"
|
||||||
|
read answer
|
||||||
|
case $answer in
|
||||||
|
no|No|n|N|"")
|
||||||
|
error_exit "Exiting."
|
||||||
|
;;
|
||||||
|
yes|Yes|y|Y)
|
||||||
|
info "Loading modules"
|
||||||
|
kldload linux linux64 linprocfs linsysfs tmpfs
|
||||||
|
info "Persisting modules"
|
||||||
|
sysrc linux_enable=YES
|
||||||
|
sysrc -f /boot/loader.conf linprocfs_load=YES
|
||||||
|
sysrc -f /boot/loader.conf linsysfs_load=YES
|
||||||
|
sysrc -f /boot/loader.conf tmpfs_load=YES
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
if which -s debootstrap; then
|
||||||
|
debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004
|
||||||
|
else
|
||||||
|
warn "Debootstrap not found. Should it be installed? (N|y)"
|
||||||
|
read answer
|
||||||
|
case $answer in
|
||||||
|
no|No|n|N|"")
|
||||||
|
error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail."
|
||||||
|
;;
|
||||||
|
yes|Yes|y|Y)
|
||||||
|
pkg install -y debootstrap
|
||||||
|
debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
usage
|
usage
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
case "${OPTION}" in
|
case "${OPTION}" in
|
||||||
update)
|
update)
|
||||||
bastille update "${RELEASE}"
|
bastille update "${RELEASE}"
|
||||||
|
|||||||
@@ -53,7 +53,7 @@ validate_user() {
|
|||||||
USER_SHELL="$(jexec -l "${_jail}" getent passwd "${USER}" | cut -d: -f7)"
|
USER_SHELL="$(jexec -l "${_jail}" getent passwd "${USER}" | cut -d: -f7)"
|
||||||
if [ -n "${USER_SHELL}" ]; then
|
if [ -n "${USER_SHELL}" ]; then
|
||||||
if jexec -l "${_jail}" grep -qwF "${USER_SHELL}" /etc/shells; then
|
if jexec -l "${_jail}" grep -qwF "${USER_SHELL}" /etc/shells; then
|
||||||
jexec -l "${_jail}" /usr/bin/login -f "${USER}"
|
jexec -l "${_jail}" $LOGIN -f "${USER}"
|
||||||
else
|
else
|
||||||
echo "Invalid shell for user ${USER}"
|
echo "Invalid shell for user ${USER}"
|
||||||
fi
|
fi
|
||||||
@@ -76,11 +76,12 @@ check_fib() {
|
|||||||
|
|
||||||
for _jail in ${JAILS}; do
|
for _jail in ${JAILS}; do
|
||||||
info "[${_jail}]:"
|
info "[${_jail}]:"
|
||||||
|
LOGIN="$(jexec -l "${_jail}" which login)"
|
||||||
if [ -n "${USER}" ]; then
|
if [ -n "${USER}" ]; then
|
||||||
validate_user
|
validate_user
|
||||||
else
|
else
|
||||||
check_fib
|
LOGIN="$(jexec -l "${_jail}" which login)"
|
||||||
${_setfib} jexec -l "${_jail}" /usr/bin/login -f root
|
${_setfib} jexec -l "${_jail}" $LOGIN -f root
|
||||||
fi
|
fi
|
||||||
echo
|
echo
|
||||||
done
|
done
|
||||||
|
|||||||
@@ -158,7 +158,7 @@ if [ $# -gt 0 ]; then
|
|||||||
rctl -h jail:
|
rctl -h jail:
|
||||||
;;
|
;;
|
||||||
import|imports|export|exports|backup|backups)
|
import|imports|export|exports|backup|backups)
|
||||||
ls "${bastille_backupsdir}" | grep -Ev "*.sha256"
|
ls "${bastille_backupsdir}" | grep -v ".sha256$"
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
|||||||
@@ -0,0 +1,14 @@
|
|||||||
|
PRE mkdir -p home
|
||||||
|
PRE mkdir -p tmp
|
||||||
|
|
||||||
|
|
||||||
|
FSTAB devfs root/dev devfs rw 0 0
|
||||||
|
FSTAB tmpfs dev/shm tmpfs rw,size=1g,mode=1777 0 0
|
||||||
|
FSTAB fdescfs dev/fd fdescfs rw,linrdlnk 0 0
|
||||||
|
FSTAB linprocfs proc linprocfs rw 0 0
|
||||||
|
FSTAB linsysfs sys linsysfs rw 0 0
|
||||||
|
FSTAB /tmp tmp nullfs rw 0 0
|
||||||
|
FSTAB /home home nullfs rw 0 0
|
||||||
|
|
||||||
|
CMD mkdir etc/apt/apt.conf.d/00aptitude
|
||||||
|
CMD echo "APT::Cache-Start 251658240;" > etc/apt/apt.conf.d/00aptitude
|
||||||
Reference in New Issue
Block a user