diff --git a/docs/chapters/subcommands/setup.rst b/docs/chapters/subcommands/setup.rst index a67c6571..96a927cc 100644 --- a/docs/chapters/subcommands/setup.rst +++ b/docs/chapters/subcommands/setup.rst @@ -14,7 +14,6 @@ Below is a list of available options that can be used with the ``setup`` command ishmael ~ # bastille setup -h Usage: bastille setup [option(s)] [bridge] - [filesystem] [loopback] [pf|firewall] [shared] @@ -41,9 +40,6 @@ networking option. The ``loopback`` and ``shared`` options are only for cases wh is not specified during the ``create`` command. If an interface is specified, these options have no effect. Instead, the specified interface will be used. -The ``filesystem`` option is to ensure the proper datasets/directories are in place -for using Bastille. This should only have to be run once on a new system. - The ``shared`` option is for cases where you want an actual interface to use with bastille as opposed to a loopback. Jails will be linked to the shared interface on creation. diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 062c79a1..4aff1089 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -81,7 +81,7 @@ bootstrap_directories() { if [ ! -d "${bastille_prefix}" ]; then if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_prefix}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_prefix_mountpoint}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" fi else mkdir -p "${bastille_prefix}" @@ -90,9 +90,9 @@ bootstrap_directories() { # Make sure the dataset is mounted in the proper place elif [ -d "${bastille_prefix}" ] && checkyesno bastille_zfs_enable; then if ! zfs list "${bastille_zfs_zpool}/${bastille_zfs_prefix}" >/dev/null; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_prefix}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_prefix_mountpoint}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" elif [ "$(zfs get -H -o value mountpoint ${bastille_zfs_zpool}/${bastille_zfs_prefix})" != "${bastille_prefix}" ]; then - zfs set mountpoint="${bastille_prefix}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" + zfs set mountpoint="${bastille_prefix_mountpoint}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" fi fi @@ -100,7 +100,7 @@ bootstrap_directories() { if [ ! -d "${bastille_backupsdir}" ]; then if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_backupsdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/backups" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_backupsdir_mountpoint}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/backups" fi else mkdir -p "${bastille_backupsdir}" @@ -112,10 +112,10 @@ bootstrap_directories() { if [ ! -d "${bastille_cachedir}" ]; then if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir_mountpoint}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache" # Don't create unused/stale cache/RELEASE directory on Linux jails creation. if [ -z "${NOCACHEDIR}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache/${RELEASE}" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir_mountpoint}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache/${RELEASE}" fi fi else @@ -131,7 +131,7 @@ bootstrap_directories() { if [ -z "${NOCACHEDIR}" ]; then if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache/${RELEASE}" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir_mountpoint}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache/${RELEASE}" fi else mkdir -p "${bastille_cachedir}/${RELEASE}" @@ -143,7 +143,7 @@ bootstrap_directories() { if [ ! -d "${bastille_jailsdir}" ]; then if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_jailsdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_jailsdir_mountpoint}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails" fi else mkdir -p "${bastille_jailsdir}" @@ -154,7 +154,7 @@ bootstrap_directories() { if [ ! -d "${bastille_logsdir}" ]; then if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_logsdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/logs" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_logsdir_mountpoint}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/logs" fi else mkdir -p "${bastille_logsdir}" @@ -165,7 +165,7 @@ bootstrap_directories() { if [ ! -d "${bastille_templatesdir}" ]; then if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_templatesdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/templates" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_templatesdir_mountpoint}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/templates" fi else mkdir -p "${bastille_templatesdir}" @@ -176,8 +176,8 @@ bootstrap_directories() { if [ ! -d "${bastille_releasesdir}" ]; then if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases" - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir_mountpoint}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir_mountpoint}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}" fi else mkdir -p "${bastille_releasesdir}/${RELEASE}" @@ -186,7 +186,7 @@ bootstrap_directories() { elif [ ! -d "${bastille_releasesdir}/${RELEASE}" ]; then if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}" + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir_mountpoint}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}" fi else mkdir -p "${bastille_releasesdir}/${RELEASE}" diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 3ba0c84e..467103f6 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -295,6 +295,34 @@ set_target_single() { export JAILS } +set_zfs_mountpoints() { + + # We have to do this if ALTROOT is enabled/present + local _altroot="$(zpool get -Ho value altroot ${bastille_zfs_zpool})" + + if [ "${_altroot}" != "-" ]; then + + # Set mountpoints to *dir* + bastille_prefix_mountpoint="${bastille_prefix}" + bastille_backupsdir_mountpoint="${bastille_backupsdir}" + bastille_cachedir_mountpoint="${bastille_cachedir}" + bastille_jailsdir_mountpoint="${bastille_jailsdir}" + bastille_releasesdir_mountpoint="${bastille_releasesdir}" + bastille_templatesdir_mountpoint="${bastille_templatesdir}" + bastille_logsdir_mountpoint="${bastille_logsdir}" + + # Set *dir* to include ALTROOT + bastille_prefix="${_altroot}${bastille_prefix}" + bastille_backupsdir="${_altroot}${bastille_backupsdir}" + bastille_cachedir="${_altroot}${bastille_cachedir}" + bastille_jailsdir="${_altroot}${bastille_jailsdir}" + bastille_releasesdir="${_altroot}${bastille_releasesdir}" + bastille_templatesdir="${_altroot}${bastille_templatesdir}" + bastille_logsdir="${_altroot}${bastille_logsdir}" + + fi +} + target_all_jails() { local _JAILS="$(bastille list jails)" JAILS="" @@ -504,4 +532,4 @@ checkyesno() { return 1 ;; esac -} +} \ No newline at end of file diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 9d004840..ce6d795f 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -137,12 +137,13 @@ validate_archive() { } update_zfsmount() { + # Update the mountpoint property on the received ZFS data stream OLD_ZFS_MOUNTPOINT=$(zfs get -H mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" | awk '{print $3}') NEW_ZFS_MOUNTPOINT="${bastille_jailsdir}/${TARGET_TRIM}/root" if [ "${NEW_ZFS_MOUNTPOINT}" != "${OLD_ZFS_MOUNTPOINT}" ]; then info "\nUpdating ZFS mountpoint..." - zfs set mountpoint="${bastille_jailsdir}/${TARGET_TRIM}/root" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" + zfs set mountpoint="${bastille_jailsdir_mountpoint}/${TARGET_TRIM}/root" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" fi # Mount new container ZFS datasets diff --git a/usr/local/share/bastille/setup.sh b/usr/local/share/bastille/setup.sh index 5bf8fb1e..7bcd84dc 100644 --- a/usr/local/share/bastille/setup.sh +++ b/usr/local/share/bastille/setup.sh @@ -34,7 +34,6 @@ usage() { error_notify "Usage: bastille setup [option(s)] [bridge]" - error_notify " [filesystem]" error_notify " [loopback]" error_notify " [pf|firewall]" error_notify " [shared]" @@ -91,98 +90,6 @@ OPT_CONFIG="${1}" bastille_root_check -configure_filesystem() { - - # This is so we dont have to introduce breaking - # changes on new variables added to bastille.conf - - ## ${bastille_prefix} - if [ ! -d "${bastille_prefix}" ]; then - if checkyesno bastille_zfs_enable; then - if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_prefix}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" - fi - else - mkdir -p "${bastille_prefix}" - fi - chmod 0750 "${bastille_prefix}" - # Make sure the dataset is mounted in the proper place - elif [ -d "${bastille_prefix}" ] && checkyesno bastille_zfs_enable; then - if ! zfs list "${bastille_zfs_zpool}/${bastille_zfs_prefix}" >/dev/null; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_prefix}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" - elif [ "$(zfs get -H -o value mountpoint ${bastille_zfs_zpool}/${bastille_zfs_prefix})" != "${bastille_prefix}" ]; then - zfs set mountpoint="${bastille_prefix}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" - fi - fi - - ## ${bastille_backupsdir} - if [ ! -d "${bastille_backupsdir}" ]; then - if checkyesno bastille_zfs_enable; then - if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_backupsdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/backups" - fi - else - mkdir -p "${bastille_backupsdir}" - fi - chmod 0750 "${bastille_backupsdir}" - fi - - ## ${bastille_cachedir} - if [ ! -d "${bastille_cachedir}" ]; then - if checkyesno bastille_zfs_enable; then - if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache" - fi - else - mkdir -p "${bastille_cachedir}" - fi - fi - - ## ${bastille_jailsdir} - if [ ! -d "${bastille_jailsdir}" ]; then - if checkyesno bastille_zfs_enable; then - if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_jailsdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails" - fi - else - mkdir -p "${bastille_jailsdir}" - fi - fi - - ## ${bastille_logsdir} - if [ ! -d "${bastille_logsdir}" ]; then - if checkyesno bastille_zfs_enable; then - if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_logsdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/logs" - fi - else - mkdir -p "${bastille_logsdir}" - fi - fi - - ## ${bastille_templatesdir} - if [ ! -d "${bastille_templatesdir}" ]; then - if checkyesno bastille_zfs_enable; then - if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_templatesdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/templates" - fi - else - mkdir -p "${bastille_templatesdir}" - fi - fi - - ## ${bastille_releasesdir} - if [ ! -d "${bastille_releasesdir}" ]; then - if checkyesno bastille_zfs_enable; then - if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases" - fi - else - mkdir -p "${bastille_releasesdir}" - fi - fi -} - # Configure netgraph configure_netgraph() { if [ ! "$(kldstat -m netgraph)" ]; then @@ -389,7 +296,6 @@ configure_storage() { # Run all base functions (w/o vnet) if no args if [ $# -eq 0 ]; then sysrc bastille_enable=YES - configure_filesystem configure_storage configure_loopback_interface configure_pf @@ -398,9 +304,6 @@ if [ $# -eq 0 ]; then fi case "${OPT_CONFIG}" in - filesystem) - configure_filesystem - ;; pf|firewall) configure_pf ;;