mirror of
https://github.com/hackacad/bastille.git
synced 2026-01-03 19:23:42 +01:00
Merge branch 'master' into parallel-mode
This commit is contained in:
tschettervictor
GitHub
@@ -32,7 +32,7 @@
|
||||
|
||||
PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
|
||||
|
||||
BASTILLE_VERSION=904f855
|
||||
BASTILLE_VERSION="0.14.20250420"
|
||||
|
||||
## check for config existence
|
||||
bastille_conf_check() {
|
||||
@@ -91,8 +91,8 @@ Available Commands:
|
||||
export Exports a specified container.
|
||||
help Help about any command.
|
||||
htop Interactive process viewer (requires htop).
|
||||
jcp cp(1) files from a jail to jail(s).
|
||||
import Import a specified container.
|
||||
jcp cp(1) files from a jail to jail(s).
|
||||
limits Apply resources limits to targeted container(s). See rctl(8).
|
||||
list List containers (running).
|
||||
mount Mount a volume inside the targeted container(s).
|
||||
@@ -129,16 +129,16 @@ bastille_conf_check
|
||||
bastille_perms_check
|
||||
|
||||
if [ -z "${BASTILLE_CONFIG}" ]; then
|
||||
BASTILLE_CONFIG=/usr/local/etc/bastille/bastille.conf
|
||||
export BASTILLE_CONFIG
|
||||
elif [ -r "${BASTILLE_CONFIG}" ]; then
|
||||
export BASTILLE_CONFIG
|
||||
elif [ -r "/usr/local/etc/bastille/${BASTILLE_CONFIG}" ]; then
|
||||
BASTILLE_CONFIG="/usr/local/etc/bastille/${BASTILLE_CONFIG}"
|
||||
export BASTILLE_CONFIG
|
||||
else
|
||||
echo "Not a valid config file: ${BASTILLE_CONFIG}"
|
||||
exit 1
|
||||
if [ -z "${BASTILLE_CONFIG}" ]; then
|
||||
BASTILLE_CONFIG=/usr/local/etc/bastille/bastille.conf
|
||||
export BASTILLE_CONFIG
|
||||
elif [ -r "/usr/local/etc/bastille/${BASTILLE_CONFIG}" ]; then
|
||||
BASTILLE_CONFIG="/usr/local/etc/bastille/${BASTILLE_CONFIG}"
|
||||
export BASTILLE_CONFIG
|
||||
else
|
||||
echo "Not a valid config file: ${BASTILLE_CONFIG}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Load common.sh after setting BASTILLE_CONFIG
|
||||
@@ -157,10 +157,7 @@ while [ "$#" -gt 0 ]; do
|
||||
;;
|
||||
-c|--config)
|
||||
BASTILLE_CONFIG="${2}"
|
||||
if [ -r "${BASTILLE_CONFIG}" ]; then
|
||||
info "Using custom config: ${BASTILLE_CONFIG}"
|
||||
export BASTILLE_CONFIG
|
||||
elif [ -r "/usr/local/etc/bastille/${BASTILLE_CONFIG}" ]; then
|
||||
if [ -r "/usr/local/etc/bastille/${BASTILLE_CONFIG}" ]; then
|
||||
BASTILLE_CONFIG="/usr/local/etc/bastille/${BASTILLE_CONFIG}"
|
||||
info "Using custom config: ${BASTILLE_CONFIG}"
|
||||
export BASTILLE_CONFIG
|
||||
@@ -207,8 +204,9 @@ case "${CMD}" in
|
||||
edit| \
|
||||
export| \
|
||||
htop| \
|
||||
jcp | \
|
||||
import| \
|
||||
jcp| \
|
||||
limits| \
|
||||
list| \
|
||||
network| \
|
||||
rcp| \
|
||||
|
||||
@@ -112,6 +112,8 @@ validate_ip() {
|
||||
if [ -n "${ip6}" ]; then
|
||||
info "Valid: (${ip6})."
|
||||
IP6_MODE="new"
|
||||
elif { [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; } && [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
|
||||
info "Valid: (${IP})."
|
||||
else
|
||||
local IFS
|
||||
if echo "${IP}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
|
||||
@@ -195,14 +197,13 @@ update_jailconf_vnet() {
|
||||
# Determine number of interfaces and define a uniq_epair
|
||||
local _if_list="$(grep -Eo 'epair[0-9]+|bastille[0-9]+' ${_jail_conf} | sort -u)"
|
||||
for _if in ${_if_list}; do
|
||||
local _epair_if_count="$( (grep -Eo 'epair[0-9]+' ${bastille_jailsdir}/*/jail.conf; ifconfig | grep -Eo '(e[0-9]+a|epair[0-9]+a)' ) | sort -u | wc -l | awk '{print $1}')"
|
||||
local _bastille_if_count="$(grep -Eo 'bastille[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')"
|
||||
local epair_num_range=$((_epair_if_count + 1))
|
||||
local bastille_num_range=$((_bastille_if_count + 1))
|
||||
# Get number of epairs on the system
|
||||
get_epair_count
|
||||
local _epair_num_range=$((_epair_count + 1))
|
||||
if echo ${_if} | grep -Eoq 'epair[0-9]+'; then
|
||||
# Update bridged VNET config
|
||||
for _num in $(seq 0 "${epair_num_range}"); do
|
||||
if ! grep -Eoq "epair${_num}" ${bastille_jailsdir}/*/jail.conf && ! ifconfig | grep -Eoq "(e${_num}a|epair${_num}a)"; then
|
||||
for _num in $(seq 0 "${_epair_num_range}"); do
|
||||
if ! echo "${_epair_list}" | grep -oqswx "${_num}"; then
|
||||
# Generate new epair name
|
||||
if [ "$(echo -n "e${_num}a_${NEWNAME}" | awk '{print length}')" -lt 16 ]; then
|
||||
local _new_host_epair="e${_num}a_${NEWNAME}"
|
||||
@@ -270,8 +271,8 @@ update_jailconf_vnet() {
|
||||
done
|
||||
elif echo ${_if} | grep -Eoq 'bastille[0-9]+'; then
|
||||
# Update VNET config
|
||||
for _num in $(seq 0 "${bastille_num_range}"); do
|
||||
if ! grep -oq "bastille${_num}" ${bastille_jailsdir}/*/jail.conf; then
|
||||
for _num in $(seq 0 "${_epair_num_range}"); do
|
||||
if ! echo "${_epair_list}" | grep -oqswx "${_num}"; then
|
||||
# Update jail.conf epair name
|
||||
local uniq_epair="bastille${_num}"
|
||||
local _jail_vnet="$(grep ${_if} "${_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")"
|
||||
|
||||
@@ -118,6 +118,16 @@ check_target_is_stopped() {
|
||||
fi
|
||||
}
|
||||
|
||||
get_epair_count() {
|
||||
for _config in /usr/local/etc/bastille/*.conf; do
|
||||
local bastille_jailsdir="$(sysrc -f "${_config}" -n bastille_jailsdir)"
|
||||
_epair_list="$(printf '%s\n%s' "$( (grep -Ehos '(epair[0-9]+|bastille[0-9]+)' ${bastille_jailsdir}/*/jail.conf; ifconfig -g epair | grep -Eos "_bastille[0-9]+$"; ifconfig -g epair | grep -vs 'bastille' | grep -Eos 'e[0-9]+a_') | grep -Eos '[0-9]+')" "${_epair_list}")"
|
||||
done
|
||||
_epair_count=$(printf '%s' "${_epair_list}" | sort -u | wc -l | awk '{print $1}')
|
||||
export _epair_list
|
||||
export _epair_count
|
||||
}
|
||||
|
||||
get_jail_name() {
|
||||
local _JID="${1}"
|
||||
local _jailname="$(jls -j ${_JID} name 2>/dev/null)"
|
||||
@@ -277,17 +287,13 @@ generate_vnet_jail_netblock() {
|
||||
local use_unique_bridge="${2}"
|
||||
local external_interface="${3}"
|
||||
local static_mac="${4}"
|
||||
## determine number of interfaces + 1
|
||||
## iterate num and grep all jail configs
|
||||
## define uniq_epair
|
||||
local _epair_if_count="$( (grep -Eos 'epair[0-9]+' ${bastille_jailsdir}/*/jail.conf; ifconfig | grep -Eo '(e[0-9]+a|epair[0-9]+a)' ) | sort -u | wc -l | awk '{print $1}')"
|
||||
local _bastille_if_count="$(grep -Eos 'bastille[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')"
|
||||
local epair_num_range=$((_epair_if_count + 1))
|
||||
local bastille_num_range=$((_bastille_if_count + 1))
|
||||
# Get number of epairs on the system
|
||||
get_epair_count
|
||||
local _epair_num_range=$((_epair_count + 1))
|
||||
if [ -n "${use_unique_bridge}" ]; then
|
||||
if [ "${_epair_if_count}" -gt 0 ]; then
|
||||
for _num in $(seq 0 "${epair_num_range}"); do
|
||||
if ! grep -Eosq "epair${_num}" ${bastille_jailsdir}/*/jail.conf && ! ifconfig | grep -Eosq "(e${_num}a|epair${_num}a)"; then
|
||||
if [ "${_epair_count}" -gt 0 ]; then
|
||||
for _num in $(seq 0 "${_epair_num_range}"); do
|
||||
if ! echo "${_epair_list}" | grep -oqswx "${_num}"; then
|
||||
if [ "$(echo -n "e${_num}a_${jail_name}" | awk '{print length}')" -lt 16 ]; then
|
||||
local host_epair=e${_num}a_${jail_name}
|
||||
local jail_epair=e${_num}b_${jail_name}
|
||||
@@ -310,9 +316,9 @@ generate_vnet_jail_netblock() {
|
||||
fi
|
||||
fi
|
||||
else
|
||||
if [ "${_bastille_if_count}" -gt 0 ]; then
|
||||
for _num in $(seq 0 "${bastille_num_range}"); do
|
||||
if ! grep -Eosq "bastille${_num}" ${bastille_jailsdir}/*/jail.conf; then
|
||||
if [ "${_epair_count}" -gt 0 ]; then
|
||||
for _num in $(seq 0 "${_epair_num_range}"); do
|
||||
if ! echo "${_epair_list}" | grep -oqswx "${_num}"; then
|
||||
local uniq_epair="bastille${_num}"
|
||||
break
|
||||
fi
|
||||
|
||||
@@ -47,7 +47,7 @@ usage() {
|
||||
-M | --static-mac Generate a static MAC address for jail (VNET only).
|
||||
--no-boot Create jail with boot=off.
|
||||
--no-validate Do not validate the release when creating the jail.
|
||||
-p | --priority VALUE Sets the priority value for jail startup and shutdown.
|
||||
-p | --priority VALUE Set priority value for jail.
|
||||
-T | --thick Creates a thick container, they consume more space as they are self contained and independent.
|
||||
-V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity.
|
||||
-v | --vlan VLANID Creates the jail with specified VLAN ID (VNET only).
|
||||
@@ -92,10 +92,9 @@ validate_ip() {
|
||||
done
|
||||
if ifconfig | grep -qwF "${TEST_IP}"; then
|
||||
warn "Warning: IP address already in use (${TEST_IP})."
|
||||
else
|
||||
ipx_addr="ip4.addr"
|
||||
info "Valid: (${_ip})."
|
||||
fi
|
||||
ipx_addr="ip4.addr"
|
||||
info "Valid: (${_ip})."
|
||||
else
|
||||
error_continue "Invalid: (${_ip})."
|
||||
fi
|
||||
@@ -810,6 +809,17 @@ if [ -n "${NAME}" ]; then
|
||||
validate_name
|
||||
fi
|
||||
|
||||
# Validate interface type
|
||||
if [ -n "${VNET_JAIL}" ] && [ -n "${VNET_JAIL_BRIDGE}" ]; then
|
||||
if ! ifconfig -g bridge | grep -owq "${INTERFACE}"; then
|
||||
error_exit "Interface is not a bridge: ${INTERFACE}"
|
||||
fi
|
||||
elif [ -n "${VNET_JAIL}" ] && [ -z "${VNET_JAIL_BRIDGE}" ]; then
|
||||
if ifconfig -g bridge | grep -owq "${INTERFACE}"; then
|
||||
error_exit "Interface is a bridge: ${INTERFACE}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${LINUX_JAIL}" ] && [ -n "${VALIDATE_RELEASE}" ]; then
|
||||
case "${RELEASE}" in
|
||||
bionic|ubuntu_bionic|ubuntu|ubuntu-bionic)
|
||||
|
||||
@@ -48,16 +48,16 @@ EOF
|
||||
|
||||
destroy_jail() {
|
||||
|
||||
local OPTIONS
|
||||
local OPTIONS
|
||||
|
||||
for _jail in ${JAILS}; do
|
||||
|
||||
|
||||
bastille_jail_base="${bastille_jailsdir}/${_jail}" ## dir
|
||||
bastille_jail_log="${bastille_logsdir}/${_jail}_console.log" ## file
|
||||
|
||||
|
||||
check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
|
||||
bastille stop "${_jail}"
|
||||
else
|
||||
else
|
||||
error_notify "Jail is running."
|
||||
error_continue "Use [-a|--auto] to auto-stop the jail."
|
||||
fi
|
||||
@@ -77,8 +77,12 @@ destroy_jail() {
|
||||
if [ "${FORCE}" = "1" ]; then
|
||||
OPTIONS="-rf"
|
||||
fi
|
||||
## remove jail zfs dataset recursively
|
||||
zfs destroy "${OPTIONS}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
|
||||
# Remove jail zfs dataset recursively, or abort if error thus precerving jail content.
|
||||
# This will deal with the common "cannot unmount 'XYZ': pool or dataset is busy"
|
||||
# unless the force option is defined by the user, otherwise will have a partially deleted jail.
|
||||
if ! zfs destroy "${OPTIONS}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"; then
|
||||
error_exit "Jail dataset(s) appears to be busy, exiting."
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
@@ -86,7 +90,7 @@ destroy_jail() {
|
||||
if [ -d "${bastille_jail_base}" ]; then
|
||||
## removing all flags
|
||||
chflags -R noschg "${bastille_jail_base}"
|
||||
|
||||
|
||||
## remove jail base
|
||||
rm -rf "${bastille_jail_base}"
|
||||
fi
|
||||
@@ -110,7 +114,7 @@ destroy_jail() {
|
||||
pfctl -a "rdr/${_jail}" -Fn
|
||||
fi
|
||||
fi
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
destroy_rel() {
|
||||
@@ -198,18 +202,18 @@ destroy_rel() {
|
||||
}
|
||||
|
||||
# Handle options.
|
||||
AUTO=0
|
||||
FORCE=0
|
||||
NO_CACHE=0
|
||||
AUTO="0"
|
||||
FORCE="0"
|
||||
NO_CACHE="0"
|
||||
while [ "$#" -gt 0 ]; do
|
||||
case "${1}" in
|
||||
-h|--help|help)
|
||||
usage
|
||||
;;
|
||||
-h|--help|help)
|
||||
usage
|
||||
;;
|
||||
-a|--auto)
|
||||
AUTO=1
|
||||
shift
|
||||
;;
|
||||
AUTO=1
|
||||
shift
|
||||
;;
|
||||
-c|--no-cache)
|
||||
NO_CACHE=1
|
||||
shift
|
||||
@@ -226,10 +230,10 @@ while [ "$#" -gt 0 ]; do
|
||||
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
|
||||
case ${_opt} in
|
||||
a) AUTO=1 ;;
|
||||
c) NO_CACHE=1 ;;
|
||||
c) NO_CACHE=1 ;;
|
||||
f) FORCE=1 ;;
|
||||
x) enable_debug ;;
|
||||
*) error_exit "Unknown Option: \"${1}\"" ;;
|
||||
*) error_exit "Unknown Option: \"${1}\"" ;;
|
||||
esac
|
||||
done
|
||||
shift
|
||||
|
||||
@@ -94,6 +94,6 @@ fi
|
||||
|
||||
if [ ! -x "${bastille_jailsdir}/${TARGET}/root/usr/local/bin/htop" ]; then
|
||||
error_notify "htop not found on ${TARGET}."
|
||||
elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then
|
||||
elif [ -x "${bastille_jailsdir}/${TARGET}/root/usr/local/bin/htop" ]; then
|
||||
jexec -l ${TARGET} /usr/local/bin/htop
|
||||
fi
|
||||
|
||||
@@ -119,10 +119,11 @@ list_all(){
|
||||
else
|
||||
JAIL_STATE=$(if [ "$(sed -n "/^${JAIL_NAME} {$/,/^}$/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | awk '$0 ~ /^'${JAIL_NAME}' \{|\}/ { printf "%s",$0 }')" = "${JAIL_NAME} {}" ]; then echo "Down"; else echo "n/a"; fi)
|
||||
if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)" ]; then
|
||||
JAIL_IP=$(grep -E "^ifconfig_vnet.*inet.*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -o "inet.*" | awk '{print $2}' | sed -E 's#/[0-9]+$##g')
|
||||
JAIL_IP=$(grep -E "^ifconfig_vnet.*inet.*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -o "inet.*" | awk '{print $2}' | sed -E 's#/[0-9]+.*##g')
|
||||
else
|
||||
JAIL_IP=$(sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | sed "s/\// /g" | awk '{ print $1 }')
|
||||
fi
|
||||
JAIL_IP=$(bastille config ${JAIL_NAME} get ip4.addr | sed 's/,/\n/g')
|
||||
if [ "${JAIL_IP}" = "not set" ]; then JAIL_IP=$(bastille config ${JAIL_NAME} get ip6.addr | sed 's/,/\n/g'); fi
|
||||
fi
|
||||
JAIL_HOSTNAME=$(sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)
|
||||
if [ -f "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf" ]; then JAIL_PORTS=$(awk '$1 ~ /^[tcp|udp]/ { printf "%s/%s:%s,",$1,$2,$3 }' "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf" 2> /dev/null | sed "s/,$//"); else JAIL_PORTS=""; fi
|
||||
JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)
|
||||
@@ -164,14 +165,14 @@ list_all(){
|
||||
# 10.10.10.11
|
||||
# 10.10.10.12
|
||||
FIRST_IP="$(echo "${JAIL_IP}" | head -n 1)"
|
||||
if echo "${FIRST_IP}" | grep -q "|"; then FIRST_IP=$(echo ${FIRST_IP} | awk -F"|" '{print $2}'); fi
|
||||
if echo "${FIRST_IP}" | grep -q "|"; then FIRST_IP=$(echo ${FIRST_IP} | awk -F"|" '{print $2}' | sed 's#/.*##g'); fi
|
||||
printf " ${JID}%*s${BOOT}%*s${PRIORITY}%*s${JAIL_STATE}%*s${FIRST_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((4 - ${#BOOT} + ${SPACER}))" "" "$((4 - ${#PRIORITY} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#FIRST_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" ""
|
||||
for IP in $(echo "${JAIL_IP}" | tail -n +2); do
|
||||
if echo "${IP}" | grep -q "|"; then IP=$(echo ${IP} | awk -F"|" '{print $2}'); fi
|
||||
printf "%*s%*s%*s%*s ${IP}\n" "$((${MAX_LENGTH_JID} + ${SPACER}))" "" "$((4 + ${SPACER}))" "" "$((4 + ${SPACER}))" "" "$((5 + ${SPACER}))" ""
|
||||
done
|
||||
else
|
||||
if echo "${JAIL_IP}" | grep -q "|"; then JAIL_IP="$(echo ${JAIL_IP} | awk -F"|" '{print $2}')"; fi
|
||||
if echo "${JAIL_IP}" | grep -q "|"; then JAIL_IP="$(echo ${JAIL_IP} | awk -F"|" '{print $2}' | sed 's#/.*##g')"; fi
|
||||
printf " ${JID}%*s${BOOT}%*s${PRIORITY}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((4 - ${#BOOT} + ${SPACER}))" "" "$((4 - ${#PRIORITY} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" ""
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-3-Clause
|
||||
#
|
||||
# Copyright (c) 2018-2025, Christer Edwards <christer.edwards@gmail.com>
|
||||
# All rights reserved.
|
||||
#
|
||||
@@ -231,16 +233,15 @@ add_interface() {
|
||||
local _ip="${3}"
|
||||
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
|
||||
local _jail_rc_config="${bastille_jailsdir}/${_jailname}/root/etc/rc.conf"
|
||||
local _epair_if_count="$( (grep -Eos 'epair[0-9]+' ${bastille_jailsdir}/*/jail.conf; ifconfig | grep -Eo '(e[0-9]+a|epair[0-9]+a)' ) | sort -u | wc -l | awk '{print $1}')"
|
||||
local _bastille_if_count="$(grep -Eos 'bastille[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')"
|
||||
# Get number of epairs on the system
|
||||
get_epair_count
|
||||
local _vnet_if_count="$(grep -Eo 'vnet[1-9]+' ${_jail_rc_config} | sort -u | wc -l | awk '{print $1}')"
|
||||
local _if_vnet="vnet$((_vnet_if_count + 1))"
|
||||
local epair_num_range=$((_epair_if_count + 1))
|
||||
local bastille_num_range=$((_bastille_if_count + 1))
|
||||
local _epair_num_range=$((_epair_count + 1))
|
||||
if [ "${BRIDGE}" -eq 1 ]; then
|
||||
if [ "${_epair_if_count}" -gt 0 ]; then
|
||||
for _num in $(seq 0 "${epair_num_range}"); do
|
||||
if ! grep -Eosq "epair${_num}" ${bastille_jailsdir}/*/jail.conf && ! ifconfig | grep -Eosq "(e${_num}a|epair${_num}a)"; then
|
||||
if [ "${_epair_count}" -gt 0 ]; then
|
||||
for _num in $(seq 0 "${_epair_num_range}"); do
|
||||
if ! echo "${_epair_list}" | grep -oqswx "${_num}"; then
|
||||
if [ "$(echo -n "e${_num}a_${jail_name}" | awk '{print length}')" -lt 16 ]; then
|
||||
local host_epair=e${_num}a_${_jailname}
|
||||
local jail_epair=e${_num}b_${_jailname}
|
||||
@@ -312,8 +313,8 @@ EOF
|
||||
echo "Added interface: \"${_if}\""
|
||||
|
||||
elif [ "${VNET}" -eq 1 ]; then
|
||||
for _num in $(seq 0 "${bastille_num_range}"); do
|
||||
if ! grep -Eq "bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then
|
||||
for _num in $(seq 0 "${_epair_num_range}"); do
|
||||
if ! echo "${_epair_list}" | grep -oqswx "${_num}"; then
|
||||
local bastille_epair="bastille${_num}"
|
||||
break
|
||||
fi
|
||||
|
||||
@@ -36,7 +36,7 @@ usage() {
|
||||
Options:
|
||||
|
||||
-b | --boot Respect jail boot setting.
|
||||
-d | --delay VALUE Time to wait between starting/stopping each jail.
|
||||
-d | --delay VALUE Time (seconds) to wait after starting/stopping jail(s).
|
||||
-v | --verbose Print every action on jail start.
|
||||
-x | --debug Enable debug mode.
|
||||
|
||||
|
||||
@@ -117,11 +117,11 @@ configure_zfs() {
|
||||
bastille_zroot=$(zpool list | grep -v NAME | awk '{print $1}')
|
||||
if [ "$(echo "${bastille_zroot}" | wc -l)" -gt 1 ]; then
|
||||
error_notify "Error: Multiple ZFS pools available:\n${bastille_zroot}"
|
||||
error_notify "Set desired pool using \"sysrc -f ${bastille_config} bastille_zfs_zpool=ZPOOL_NAME\""
|
||||
error_exit "Don't forget to also enable ZFS using \"sysrc -f ${bastille_config} bastille_zfs_enable=YES\""
|
||||
error_notify "Set desired pool using \"sysrc -f ${BASTILLE_CONFIG} bastille_zfs_zpool=ZPOOL_NAME\""
|
||||
error_exit "Don't forget to also enable ZFS using \"sysrc -f ${BASTILLE_CONFIG} bastille_zfs_enable=YES\""
|
||||
fi
|
||||
sysrc -f "${bastille_config}" bastille_zfs_enable=YES
|
||||
sysrc -f "${bastille_config}" bastille_zfs_zpool="${bastille_zroot}"
|
||||
sysrc -f "${BASTILLE_CONFIG}" bastille_zfs_enable=YES
|
||||
sysrc -f "${BASTILLE_CONFIG}" bastille_zfs_zpool="${bastille_zroot}"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -141,11 +141,6 @@ help|-h|--help)
|
||||
pf|firewall)
|
||||
configure_pf
|
||||
;;
|
||||
bastille0)
|
||||
# TODO remove in future release 0.13
|
||||
warn "'bastille setup bastille0' will be deprecated in the next 0.13 version."
|
||||
configure_network
|
||||
;;
|
||||
network|loopback)
|
||||
configure_network
|
||||
;;
|
||||
|
||||
@@ -38,7 +38,7 @@ usage() {
|
||||
Options:
|
||||
|
||||
-b | --boot Respect jail boot setting.
|
||||
-d | --delay VALUE Time to wait between starting each jail.
|
||||
-d | --delay VALUE Time (seconds) to wait after starting jail(s).
|
||||
-v | --verbose Print every action on jail start.
|
||||
-x | --debug Enable debug mode.
|
||||
|
||||
|
||||
@@ -38,7 +38,7 @@ usage() {
|
||||
Options:
|
||||
|
||||
-b | --boot Respect jail boot setting.
|
||||
-d | --delay VALUE Time to wait between stopping each jail.
|
||||
-d | --delay VALUE Time (seconds) to wait after stopping jail(s).
|
||||
-v | --verbose Print every action on jail stop.
|
||||
-x | --debug Enable debug mode.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user