Merge pull request #1019 from BastilleBSD/migrate

Implement jail migration to remote system

docs/chapters/migration.rst

@@ -1,7 +1,50 @@
-=========
 Migration
 =========
 
+Bastille
+--------
+
+Bastille supports migrations to a remote system using the ``migrate`` subcommand.
+
+Prerequisites
+^^^^^^^^^^^^^
+
+There are a couple of things that need to be in place before running the ``migrate`` command.
+
+First, you must have bastille configured both locally and remotely to use the same filesystem
+configuration. ZFS on both, or UFS on both.
+
+Second, you must create a user on the remote system that will be used to migrate the jail. The user
+must be able to log in via SSH using either key-based authentication, or password based authentication.
+The user also needs ``sudo`` permissions on the remote system. This user should then be given as the
+``USER`` arg in the ``migrate`` command.
+
+If you are using key-based auth, the keys should be stored in the default location at ``$HOME/.ssh/id_rsa``,
+where ``$HOME`` is the users home directory. This is the default location for ssh keys, and where Bastille
+will try to load them from.
+
+If you want to use password based authentication, simply run ``bastille migrate -p TARGET USER HOST``. This
+will prompt you to enter the password for the remote system, which Bastille will then use during the migration
+process.
+
+Migration
+^^^^^^^^^
+
+To migrate a jail (or multiple jails) we can simply run
+``bastille migrate TARGET USER HOST``. This will export the jail(s), send them to the
+remote system, and import them.
+
+The ``migrate`` sub-command includes the ``-a|--auto`` option, which will auto-stop the old jail,
+migrate it, and attempt to start the migrated jail on the remote system after importing it. See the
+warning below about auto-starting the migrated jail.
+
+WARNING: Every system is unique, has different interfaces, bridges, and network configurations.
+It is possible, with the right configuration, for jails to start and work normally. But for some
+systems, it will be necessary to edit the ``jail.conf`` file of the migrated jail to get it working
+properly.
+
+You can optionally set ``-d|--destroy`` to have Bastille destroy the old jail on completion.
+
 iocage
 ------
 

docs/chapters/subcommands/migrate.rst

@@ -0,0 +1,19 @@
+migrate
+=======
+
+The ``migrate`` sub-command allows migrating the  targeted jail(s) to
+another remote system. See the chapter on Migration.
+
+This sub-command supports multiple targets.
+
+.. code-block:: shell
+
+  ishmael ~ # bastille migrate help
+  Usage: bastille migrate [option(s)] TARGET USER HOST
+
+    Options:
+
+    -a | --auto              Auto mode. Start/stop jail(s) if required.
+    -d | --destroy           Destroy local jail after migration.
+    -p | --password          Use password based authentication.
+    -x | --debug             Enable debug mode.

docs/chapters/subcommands/setup.rst

@@ -13,12 +13,13 @@ Below is a list of available options that can be used with the ``setup`` command
 .. code-block:: shell
 
   ishmael ~ # bastille setup -h        ## display setup help
-  ishmael ~ # bastille setup -l        ## configure loopback interface
-  ishmael ~ # bastille setup -s        ## configure shared interface
-  ishmael ~ # bastille setup -p        ## configure default pf firewall
-  ishmael ~ # bastille setup -z        ## configure ZFS storage
-  ishmael ~ # bastille setup -v        ## configure VNET
   ishmael ~ # bastille setup -b        ## configure bridge interface
+  ishmael ~ # bastille setup -f        ## configure filesystem/structure
+  ishmael ~ # bastille setup -l        ## configure loopback interface
+  ishmael ~ # bastille setup -p        ## configure default pf firewall
+  ishmael ~ # bastille setup -s        ## configure shared interface
+  ishmael ~ # bastille setup -v        ## configure VNET
+  ishmael ~ # bastille setup -z        ## configure ZFS storage
   ishmael ~ # bastille setup           ## configure -l -p and -z
 
 The ``-l|loopback`` option will configure a loopback interface called ``bastille0`` that
@@ -36,6 +37,9 @@ networking option. The ``-l|loopback`` and ``-s|shared`` options are only for ca
 is not specified during the ``create`` command. If an interface is specified, these options have no effect. 
 Instead, the specified interface will be used.
 
+The ``-f|--filesystem`` option is to ensure the proper datasets/directories are in place
+for using Bastille. This should only have to be run once on a new system.
+
 The ``-s|shared`` option is for cases where you want an actual interface to use with bastille as
 opposed to a loopback. Jails will be linked to the shared interface on creation.
 
@@ -51,10 +55,10 @@ The ``-v|vnet`` option will configure your system for use with VNET ``-V`` jails
 The ``-b|bridge`` options will attempt to configure a bridge interface for use with bridged VNET
 ``-B`` jails.
 
-Running ``bastille setup`` without any options will attempt to auto-configure the ``-l``, ``-p`` and
+Running ``bastille setup`` without any options will attempt to auto-configure the ``-f``, ``-l``, ``-p`` and
 ``-z`` options.
 
 .. code-block:: shell
 
   ishmael ~ # bastille setup help
-  Usage: bastille setup [-p|pf|firewall] [-l|loopback] [-s|shared] [-z|zfs|storage] [-v|vnet] [-b|bridge]
+  Usage: bastille setup [-b|bridge] [-f|--filesystem] [-l|loopback] [-p|pf|firewall] [-s|shared] [-v|vnet] [-z|zfs|storage]

docs/chapters/usage.rst

@@ -8,46 +8,49 @@ Usage
     containerized applications on FreeBSD.
 
   Usage:
-    bastille command TARGET [args]
+    bastille command [options(s)] TARGET [option(s)] [args]
 
   Available Commands:
-    bootstrap   Bootstrap a FreeBSD release for container base.
-    clone       Clone an existing container.
-    cmd         Execute arbitrary command on targeted container(s).
-    config      Get or set a config value for the targeted container(s).
-    console     Console into a running container.
-    convert     Convert a Thin container into a Thick container.
-    cp          cp(1) files from host or container to host or targeted container(s).
-    create      Create a new thin container or a thick container if -T|--thick option specified.
-    destroy     Destroy a stopped container or a FreeBSD release.
-    edit        Edit container configuration files (advanced).
-    export      Exports a specified container.
+    bootstrap   Bootstrap a release for jail base.
+    clone       Clone an existing jail.
+    cmd         Execute arbitrary command on targeted jail(s).
+    config      Get, set or remove a config value for the targeted jail(s).
+    console     Console into a jail.
+    convert     Convert thin jail to thick jail, or convert a jail to a custom release.
+    cp          cp(1) files from host to targeted jail(s).
+    create      Create a jail.
+    destroy     Destroy a jail or release.
+    edit        Edit jail configuration files (advanced).
+    export      Export a jail.
     help        Help about any command.
     htop        Interactive process viewer (requires htop).
-    import      Import a specified container.
-    jcp         cp(1) files from a jail to targeted jail(s).
-    limits      Apply resources limits to targeted container(s). See rctl(8).
-    list        List containers (running).
-    mount       Mount a volume inside the targeted container(s).
-    pkg         Manipulate binary packages within targeted container(s). See pkg(8).
+    import      Import a jail.
+    jcp         cp(1) files from a jail to jail(s).
+    limits      Apply resources limits to targeted jail(s). See rctl(8) and cpuset(1).
+    list        List jails, releases, templates and more...
+    migrate     Migrate targeted jail(s) to a remote system.
+    mount       Mount a volume inside targeted jail(s).
+    network     Add or remove interfaces from targeted jail(s).
+    pkg         Manipulate binary packages within targeted jail(s). See pkg(8).
     rcp         cp(1) files from a jail to host.
-    rdr         Redirect host port to container port.
-    rename      Rename a container.
-    restart     Restart a running container.
-    service     Manage services within targeted container(s).
-    setup       Attempt to auto-configure network, firewall and storage on new installs.
-    start       Start a stopped container.
-    stop        Stop a running container.
-    sysrc       Safely edit rc files within targeted container(s).
-    tags        Add or remove tags to targeted container(s).
-    template    Apply file templates to targeted container(s).
+    rdr         Redirect host port to jail port.
+    rename      Rename a jail.
+    restart     Restart a running jail.
+    service     Manage services within targeted jail(s).
+    setup       Attempt to auto-configure network, firewall and storage and more...
+    start       Start a stopped jail.
+    stop        Stop a running jail.
+    sysrc       Safely edit rc files within targeted jail(s).
+    tags        Add or remove tags to targeted jail(s).
+    template    Apply file templates to targeted jail(s).
     top         Display and update information about the top(1) cpu processes.
-    umount      Unmount a volume from within the targeted container(s).
-    update      Update container base -pX release.
-    upgrade     Upgrade container release to X.Y-RELEASE.
+    umount      Unmount a volume from targeted jail(s).
+    update      Update jail base -pX release.
+    upgrade     Upgrade jail release to X.Y-RELEASE.
     verify      Compare release against a "known good" index.
     zfs         Manage (get|set) ZFS attributes on targeted container(s).
 
   Use "bastille -v|--version" for version information.
   Use "bastille command -h|--help" for more information about a command.
-  Use "bastille [-c|--config FILE] command" to specify a non-default config file.
+  Use "bastille -c|--config config.conf command" to specify a non-default config file.
+  Use "bastille -p|--parallel VALUE command" to run bastille in parallel mode.