fix for recent EOL support patch

Merge pull request #638 from BastilleBSD/create_matrix
support combining options for bastille create
2023-11-25 17:06:05 -07:00 · 2023-11-24 16:42:40 -07:00 · 2023-11-24 16:41:25 -07:00 · 2023-11-24 16:28:31 -07:00 · 2023-11-24 16:04:21 -07:00 · 2023-11-21 13:22:44 -07:00
3 changed files with 95 additions and 26 deletions
--- a/usr/local/etc/rc.d/bastille
+++ b/usr/local/etc/rc.d/bastille
@@ -8,10 +8,19 @@

 # Add the following to /etc/rc.conf[.local] to enable this service
 #
-# bastille_enable (bool):          Set to NO by default.
-#               Set it to YES to enable bastille.
-# bastille_list (string):        Set to "ALL" by default.
-#               Space separated list of jails to start.
+# bastille_enable (bool): Set to "NO" by default.
+#               Set it to "YES" to enable bastille.
+# bastille_conf (bool):   Set to "/usr/local/etc/bastille/bastille.conf" by default.
+#               Path to bastile.conf file. Used if bastille_rcorder="YES".
+# bastille_list (string): Set to "ALL" by default.
+#               Space separated list of jails to start or "ALL" to start all
+#               jails.
+# bastille_rcorder (bool):       Set to "NO" by default.
+#               Set it to "YES" to start all jails in order, defined by
+#               rcorder(8). It starts all jails, except jails with "KEYWORD:
+#               nostart" in jail.conf. Value of bastille_list is ignored in this
+#               case, requires correct path to bastile.conf in bastille_conf
+#               var.
 #

 . /etc/rc.subr
@@ -19,24 +28,36 @@
 name=bastille
 rcvar=${name}_enable

-: ${bastille_enable:=NO}
+: ${bastille_enable:="NO"}
+: ${bastille_conf:="/usr/local/etc/bastille/bastille.conf"}
 : ${bastille_list:="ALL"}
+: ${bastille_rcorder:="NO"}

 command=/usr/local/bin/${name}
 start_cmd="bastille_start"
 stop_cmd="bastille_stop"
 restart_cmd="bastille_stop && bastille_start"

+rcordered_list() {
+    local _jailsdir
+    _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir)
+    bastille_ordered_list=$(rcorder -s nostart ${_jailsdir}/*/jail.conf | xargs dirname | xargs basename | tr "\n" " ")
+}
+
 bastille_start()
 {
-    if [ -z "${bastille_list}" ]; then
-        echo "bastille_list is undefined"
-        return 1
-    fi
-
    local _jail

-    for _jail in ${bastille_list}; do
+    if checkyesno bastille_rcorder; then
+        rcordered_list
+    elif [ -z "${bastille_list}" ]; then
+        echo "bastille_list is undefined"
+        return 1
+    else
+        bastille_ordered_list=${bastille_list}
+    fi
+
+    for _jail in ${bastille_ordered_list}; do
        echo "Starting Bastille Container: ${_jail}"
        ${command} start ${_jail}
    done
@@ -44,16 +65,20 @@ bastille_start()

 bastille_stop()
 {
-    if [ -z "${bastille_list}" ]; then
+    local _jail _revlist
+
+    if checkyesno bastille_rcorder; then
+        rcordered_list
+    elif [ -z "${bastille_list}" ]; then
        echo "bastille_list is undefined"
        return 1
+    else
+        bastille_ordered_list=${bastille_list}
    fi

-    local _jail
-
    ## reverse order of list for shutdown ## fixes #389
-    bastille_revlist=$(echo "${bastille_list}" | awk '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }')
-    for _jail in ${bastille_revlist}; do
+    _revlist=$(echo "${bastille_ordered_list}" | awk '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }')
+    for _jail in ${_revlist}; do
        echo "Stopping Bastille Container: ${_jail}"
        ${command} stop ${_jail}
    done
--- a/usr/local/share/bastille/bootstrap.sh
+++ b/usr/local/share/bastille/bootstrap.sh
@@ -474,9 +474,9 @@ if [ -n "${OPTION}" ] && [ "${OPTION}" != "${HW_MACHINE}" ] && [ "${OPTION}" !=
 fi

 ## allow override bootstrap URLs via environment variables
-[ -n ${BASTILLE_URL_FREEBSD} ] && bastille_url_freebsd="${BASTILLE_URL_FREEBSD}"
-[ -n ${BASTILLE_URL_HARDENEDBSD} ] && bastille_url_hardenedbsd="${BASTILLE_URL_HARDENEDBSD}"
-[ -n ${BASTILLE_URL_MIDNIGHTBSD} ] && bastille_url_midnightbsd="${BASTILLE_URL_MIDNIGHTBSD}"
+[ -n "${BASTILLE_URL_FREEBSD}" ] && bastille_url_freebsd="${BASTILLE_URL_FREEBSD}"
+[ -n "${BASTILLE_URL_HARDENEDBSD}" ] && bastille_url_hardenedbsd="${BASTILLE_URL_HARDENEDBSD}"
+[ -n "${BASTILLE_URL_MIDNIGHTBSD}" ] && bastille_url_midnightbsd="${BASTILLE_URL_MIDNIGHTBSD}"

 ## Filter sane release names
 case "${1}" in
--- a/usr/local/share/bastille/create.sh
+++ b/usr/local/share/bastille/create.sh
@@ -607,36 +607,80 @@ LINUX_JAIL=""
 # Handle and parse options
 while [ $# -gt 0 ]; do
    case "${1}" in
-        -E|--empty|empty)
+        -E|--empty)
            EMPTY_JAIL="1"
            shift
            ;;
-        -L|--linux|linux)
+        -L|--linux)
            LINUX_JAIL="1"
            shift
            ;;
-        -T|--thick|thick)
+        -T|--thick)
            THICK_JAIL="1"
            shift
            ;;
-        -V|--vnet|vnet)
+        -V|--vnet)
            VNET_JAIL="1"
            shift
            ;;
-        -B|--bridge|bridge)
+        -B|--bridge)
            VNET_JAIL="1"
            VNET_JAIL_BRIDGE="1"
            shift
            ;;
-        -C|--clone|clone)
+        -C|--clone)
            CLONE_JAIL="1"
            shift
            ;;
+        -CV|-VC|--clone-vnet)
+            CLONE_JAIL="1"
+            VNET_JAIL="1"
+            shift
+            ;;
+        -CB|-BC|--clone-bridge)
+            CLONE_JAIL="1"
+            VNET_JAIL="1"
+            VNET_JAIL_BRIDGE="1"
+            shift
+            ;;
+        -TV|-VT|--thick-vnet)
+            THICK_JAIL="1"
+            VNET_JAIL="1"
+            shift
+            ;;
+        -TB|-BT|--thick-bridge)
+            THICK_JAIL="1"
+            VNET_JAIL="1"
+            VNET_JAIL_BRIDGE="1"
+            shift
+            ;;
+        -EB|-BE|--empty-bridge)
+            EMPTY_JAIL="1"
+            VNET_JAIL="1"
+            VNET_JAIL_BRIDGE="1"
+            shift
+            ;;
+        -EV|-VE|--empty-vnet)
+            EMPTY_JAIL="1"
+            VNET_JAIL="1"
+            shift
+            ;;
+        -LV|-VL|--linux-vnet)
+            LINUX_JAIL="1"
+            VNET_JAIL="1"
+            shift
+            ;;
+        -LB|-BL|--linux-bridge)
+            LINUX_JAIL="1"
+            VNET_JAIL="1"
+            VNET_JAIL_BRIDGE="1"
+            shift
+            ;;
        -*|--*)
            error_notify "Unknown Option."
            usage
            ;;
-       *)
+        *)
            break
            ;;
    esac
Author	SHA1	Message	Date
Christer Edwards	b30a7484bb	fix for recent EOL support patch	2023-11-25 17:06:05 -07:00
Christer Edwards	b05493bc8e	Merge pull request #638 from BastilleBSD/create_matrix support combining options for bastille create	2023-11-24 16:42:40 -07:00
Christer Edwards	97a0e692d9	standardize options in create matrix	2023-11-24 16:41:25 -07:00
Christer Edwards	3df39078bf	support combining options for bastille create	2023-11-24 16:28:31 -07:00
Christer Edwards	620ad465d6	Merge pull request #637 from BastilleBSD/20231125_prep update documentation for 14.0-RELEASE	2023-11-24 16:04:21 -07:00
Christer Edwards	c2b17f346d	Merge pull request #635 from BastilleBSD/readthedocs fix more readthedocs build info	2023-11-21 13:22:44 -07:00
Christer Edwards	d0ff97057e	Merge pull request #634 from BastilleBSD/readthedocs fix readthedocs build info	2023-11-21 13:13:22 -07:00
Christer Edwards	c8b3fb3bc1	Merge pull request #633 from BastilleBSD/eol_patch initial support & docs to bootstrap EOL releases	2023-11-20 16:21:31 -07:00
Christer Edwards	51f9003016	Merge pull request #629 from dsh2dsh/rcordered rcorder(8)-ed startup script	2023-11-20 15:15:13 -07:00
Christer Edwards	2de0766b54	Merge pull request #632 from BastilleBSD/osrelease_patch add osrelease to jail.conf for new jails	2023-11-19 14:41:11 -07:00
Denis Shaposhnikov	a38403b028	rcorder(8)-ed startup script With ```sh bastille_enable="YES" bastille_rcorder="YES" ``` in `/etc/rc.conf`, the script will the script will start all jails, except jails with "KEYWORD: nostart" in jail.conf. Example of `jail.conf` with `KEYWORD: nostart`: ``` jailname { ... } ``` `PROVIDE:` is optional. Actually all `rcorder(8)` labels are optional, but we can use it to build jail dependencies. For instance, if we have jail `db` and jails `alfa` and `zeta`, we can configure it so both jails require jail `db`: `alfa/jail.conf`: ``` alfa { ... } ``` `zeta/jail.conf`: ``` zeta { ... } ``` `db/jail.conf`: ``` db { ... } ``` With this configuration jail `db` will start first and stop last.	2023-11-11 19:35:56 +01:00