BastilleBSD/bastille
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

several fixes

Browse Source
This commit is contained in:
Bike Dude
2020-03-06 23:12:09 +01:00
parent c03d43af09
commit ed90760f68
1 changed files with 69 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
usr/local/share/bastille/clone.sh
View File

@@ -48,7 +48,7 @@ help|-h|--help)
;; ;;
esac esac
if ! [ $# == 3 ]; then if [ $# -ne 3 ]; then
usage usage
fi fi
@@ -70,7 +70,7 @@ validate_ip() {
if echo "${IP}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then if echo "${IP}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
TEST_IP=$(echo "${IP}" | cut -d / -f1) TEST_IP=$(echo "${IP}" | cut -d / -f1)
IFS=. IFS=.
set "${TEST_IP}" set ${TEST_IP}
for quad in 1 2 3 4; do for quad in 1 2 3 4; do
if eval [ \$$quad -gt 255 ]; then if eval [ \$$quad -gt 255 ]; then
echo "Invalid: (${TEST_IP})" echo "Invalid: (${TEST_IP})"
@@ -89,27 +89,51 @@ validate_ip() {
fi fi
} }
generate_jailconf() { update_jailconf() {
rm "${bastille_jailsdir}/${NEWNAME}/jail.conf" # Update jail.conf
cat << EOF > "${bastille_jailsdir}/${NEWNAME}/jail.conf" JAIL_CONFIG="${bastille_jailsdir}/${NEWNAME}/jail.conf"
${NEWNAME} { if [ -f "${JAIL_CONFIG}" ]; then
devfs_ruleset = 4; if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${JAIL_CONFIG}"; then
enforce_statfs = 2; sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}"
exec.clean; sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}"
exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log; sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}"
exec.start = '/bin/sh /etc/rc'; sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}"
exec.stop = '/bin/sh /etc/rc.shutdown'; sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}"
host.hostname = ${NEWNAME}; sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}"
mount.devfs; fi
mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab; fi
path = ${bastille_jailsdir}/${NEWNAME}/root;
securelevel = 2;
interface = ${bastille_jail_interface}; if grep -qw "vnet;" "${JAIL_CONFIG}"; then
${IPX_ADDR} = ${IP}; update_jailconf_vnet
ip6 = ${IP6_MODE}; fi
} }
EOF
update_jailconf_vnet() {
bastille_jail_rc_conf="${bastille_jailsdir}/${NEWNAME}/root/etc/rc.conf"
# Determine number of containers and define an uniq_epair
local list_jails_num=$(bastille list jails | wc -l | awk '{print $1}')
local num_range=$(expr "${list_jails_num}" + 1)
jail_list=$(bastille list jail)
for _num in $(seq 0 "${num_range}"); do
if [ -n "${jail_list}" ]; then
if ! grep -q "e0b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then
uniq_epair="bastille${_num}"
sed -i '' "s|vnet.interface = e0b_bastille.*;|vnet.interface = e0b_${uniq_epair};|" "${JAIL_CONFIG}"
break
fi
fi
done
# Rename interface to new uniq_epair
sed -i '' "s|ifconfig_e0b_bastille.*_name|ifconfig_e0b_${uniq_epair}_name|" "${bastille_jail_rc_conf}"
# If 0.0.0.0 set DHCP, else set static IP address
if [ "${IP}" == "0.0.0.0" ]; then
sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="DHCP"
else
sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="inet ${IP}"
fi
} }
update_fstab() { update_fstab() {
@@ -137,13 +161,19 @@ clone_jail() {
if [ -n "${bastille_zfs_zpool}" ]; then if [ -n "${bastille_zfs_zpool}" ]; then
# Rename ZFS dataset and mount points accordingly # Rename ZFS dataset and mount points accordingly
DATE=$(date +%F-%H%M%S) DATE=$(date +%F-%H%M%S)
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@cloned_$DATE" zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_clone_${DATE}"
zfs send -R "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@cloned_$DATE" | zfs recv "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NEWNAME}" zfs send -R "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_clone_${DATE}" | zfs recv "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NEWNAME}"
zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@cloned_$DATE" zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_clone_${DATE}"
fi fi
else else
# Just clone the jail directory # Just clone the jail directory
cp -R "${bastille_jailsdir}/${TARGET}" "${bastille_jailsdir}/${NEWNAME}" # Check if container is running
if [ -n "$(jls name | awk "/^${TARGET}$/")" ]; then
error_notify "${COLOR_RED}${TARGET} is running, See 'bastille stop ${TARGET}'.${COLOR_RESET}"
fi
# Perform container file copy(archive mode)
cp -a "${bastille_jailsdir}/${TARGET}" "${bastille_jailsdir}/${NEWNAME}"
fi fi
else else
error_notify "${COLOR_RED}${NEWNAME} already exists.${COLOR_RESET}" error_notify "${COLOR_RED}${NEWNAME} already exists.${COLOR_RESET}"
@@ -153,10 +183,23 @@ clone_jail() {
fi fi
# Generate jail configuration files # Generate jail configuration files
generate_jailconf update_jailconf
update_fstab update_fstab
# Display the exist status
if [ "$?" -ne 0 ]; then
error_notify "${COLOR_RED}An error has occurred while attempting to clone '${TARGET}'.${COLOR_RESET}"
else
echo -e "${COLOR_GREEN}Cloned '${TARGET}' to '${NEWNAME}' successfully.${COLOR_RESET}"
fi
} }
## don't allow for dots(.) in container names
if echo "${NEWNAME}" | grep -q "[.]"; then
echo -e "${COLOR_RED}Container names may not contain a dot(.)!${COLOR_RESET}"
exit 1
fi
## check if ip address is valid ## check if ip address is valid
if [ -n "${IP}" ]; then if [ -n "${IP}" ]; then
validate_ip validate_ip