Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-25 06:55:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #578 from bsdlme/master

Browse Source 
Add "tags" subcommand to add /delete / list tags
This commit is contained in:
Christer Edwards
2023-03-23 13:36:35 -06:00
committed by GitHub
parent 7b63059d03 64c3b6045e
commit 5aa98a8dae
34 changed files with 179 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
usr/local/bin/bastille
View File

@@ -32,17 +32,6 @@ PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
. /usr/local/share/bastille/common.sh
## root check first.
bastille_root_check() {
if [ "$(id -u)" -ne 0 ]; then
## permission denied
error_notify "Bastille: Permission Denied"
error_exit "root / sudo / doas required"
fi
}
bastille_root_check
## check for config existance
bastille_conf_check() {
if [ ! -r "/usr/local/etc/bastille/bastille.conf" ]; then
@@ -73,7 +62,7 @@ bastille_perms_check() {
bastille_perms_check
## version
BASTILLE_VERSION="0.9.20220714"
BASTILLE_VERSION=
usage() {
cat << EOF
@@ -110,6 +99,7 @@ Available Commands:
stop Stop a running container.
sysrc Safely edit rc files within targeted container(s).
template Apply file templates to targeted container(s).
tags Add or remove tags to targeted container(s).
top Display and update information about the top(1) cpu processes.
umount Unmount a volume from within the targeted container(s).
update Update container base -pX release.
@@ -141,7 +131,7 @@ help|-h|--help)
bootstrap|create|destroy|export|import|list|rdr|restart|start|update|upgrade|verify)
# Nothing "extra" to do for these commands. -- cwells
;;
clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rename|service|stop|sysrc|template|top|umount|zfs)
clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rename|service|stop|sysrc|tags|template|top|umount|zfs)
# Parse the target and ensure it exists. -- cwells
if [ $# -eq 0 ]; then # No target was given, so show the command's help. -- cwells
PARAMS='help'

BIN
usr/local/man/man8/bastille.8.gz
View File

Binary file not shown.

2
usr/local/share/bastille/bootstrap.sh
View File

@@ -42,6 +42,8 @@ help|-h|--help)
;;
esac
bastille_root_check
#Validate if ZFS is enabled in rc.conf and bastille.conf.
if [ "$(sysrc -n zfs_enable)" = "YES" ] && [ ! "${bastille_zfs_enable}" = "YES" ]; then
warn "ZFS is enabled in rc.conf but not bastille.conf. Do you want to continue? (N|y)"

2
usr/local/share/bastille/clone.sh
View File

@@ -46,6 +46,8 @@ if [ $# -ne 2 ]; then
usage
fi
bastille_root_check
NEWNAME="${1}"
IP="${2}"

2
usr/local/share/bastille/cmd.sh
View File

@@ -46,6 +46,8 @@ if [ $# -eq 0 ]; then
usage
fi
bastille_root_check
COUNT=0
RETURN=0

8
usr/local/share/bastille/common.sh
View File

@@ -33,6 +33,14 @@ COLOR_GREEN=
COLOR_YELLOW=
COLOR_RESET=
bastille_root_check() {
if [ "$(id -u)" -ne 0 ]; then
## permission denied
error_notify "Bastille: Permission Denied"
error_exit "root / sudo / doas required"
fi
}
enable_color() {
. /usr/local/share/bastille/colors.pre.sh
}

2
usr/local/share/bastille/config.sh
View File

@@ -55,6 +55,8 @@ if [ $# -eq 1 ] || [ $# -gt 3 ]; then
usage
fi
bastille_root_check
ACTION=$1
shift

2
usr/local/share/bastille/console.sh
View File

@@ -46,6 +46,8 @@ if [ $# -gt 1 ]; then
usage
fi
bastille_root_check
USER="${1}"
validate_user() {

2
usr/local/share/bastille/convert.sh
View File

@@ -46,6 +46,8 @@ if [ $# -ne 0 ]; then
usage
fi
bastille_root_check
convert_symlinks() {
# Work with the symlinks, revert on first cp error
if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then

2
usr/local/share/bastille/cp.sh
View File

@@ -54,6 +54,8 @@ if [ $# -ne 2 ]; then
usage
fi
bastille_root_check
case "${OPTION}" in
-q|--quiet)
OPTION="-a"

2
usr/local/share/bastille/create.sh
View File

@@ -588,6 +588,8 @@ help|-h|--help)
;;
esac
bastille_root_check
if echo "$3" | grep '@'; then
BASTILLE_JAIL_IP=$(echo "$3" | awk -F@ '{print $2}')
BASTILLE_JAIL_INTERFACES=$( echo "$3" | awk -F@ '{print $1}')

2
usr/local/share/bastille/destroy.sh
View File

@@ -210,6 +210,8 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then
usage
fi
bastille_root_check
## check what should we clean
case "${TARGET}" in
*-CURRENT|*-CURRENT-I386|*-CURRENT-i386|*-current)

2
usr/local/share/bastille/edit.sh
View File

@@ -48,6 +48,8 @@ elif [ $# -eq 1 ]; then
TARGET_FILENAME="${1}"
fi
bastille_root_check
if [ -z "${EDITOR}" ]; then
EDITOR=vi
fi

2
usr/local/share/bastille/export.sh
View File

@@ -71,6 +71,8 @@ if [ $# -gt 5 ] || [ $# -lt 1 ]; then
usage
fi
bastille_root_check
zfs_enable_check() {
# Temporarily disable ZFS so we can create a standard backup archive
if [ "${bastille_zfs_enable}" = "YES" ]; then

2
usr/local/share/bastille/htop.sh
View File

@@ -46,6 +46,8 @@ if [ $# -ne 0 ]; then
usage
fi
bastille_root_check
for _jail in ${JAILS}; do
bastille_jail_path=$(/usr/sbin/jls -j "${_jail}" path)
if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then

2
usr/local/share/bastille/import.sh
View File

@@ -59,6 +59,8 @@ if [ $# -gt 3 ] || [ $# -lt 1 ]; then
usage
fi
bastille_root_check
TARGET="${1}"
OPT_FORCE=
USER_IMPORT=

2
usr/local/share/bastille/limits.sh
View File

@@ -55,6 +55,8 @@ if [ $# -ne 2 ]; then
usage
fi
bastille_root_check
OPTION="${1}"
VALUE="${2}"

9
usr/local/share/bastille/list.sh
View File

@@ -35,6 +35,12 @@ usage() {
error_exit "Usage: bastille list [-j|-a] [release [-p]|template|(jail|container)|log|limit|(import|export|backup)]"
}
if [ "$1" = help -o "$1" = "-h" -o "$1" = "--help" ]; then
usage
fi
bastille_root_check
if [ $# -eq 0 ]; then
/usr/sbin/jls -N
fi
@@ -47,9 +53,6 @@ fi
if [ $# -gt 0 ]; then
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
all|-a|--all)
if [ -d "${bastille_jailsdir}" ]; then
DEFAULT_VALUE="-"

2
usr/local/share/bastille/mount.sh
View File

@@ -50,6 +50,8 @@ else
_fstab="$@"
fi
bastille_root_check
## assign needed variables
_hostpath=$(echo "${_fstab}" | awk '{print $1}')
_jailpath=$(echo "${_fstab}" | awk '{print $2}')

2
usr/local/share/bastille/pkg.sh
View File

@@ -45,6 +45,8 @@ if [ $# -lt 1 ]; then
usage
fi
bastille_root_check
errors=0
for _jail in ${JAILS}; do

2
usr/local/share/bastille/rdr.sh
View File

@@ -46,6 +46,8 @@ if [ $# -lt 2 ]; then
usage
fi
bastille_root_check
TARGET="${1}"
JAIL_NAME=""
JAIL_IP=""

2
usr/local/share/bastille/rename.sh
View File

@@ -56,6 +56,8 @@ if [ $# -ne 1 ]; then
usage
fi
bastille_root_check
NEWNAME="${1}"
update_jailconf() {

2
usr/local/share/bastille/service.sh
View File

@@ -45,6 +45,8 @@ if [ $# -lt 1 -o $# -gt 2 ]; then
usage
fi
bastille_root_check
for _jail in ${JAILS}; do
info "[${_jail}]:"
jexec -l "${_jail}" /usr/sbin/service "$@"

2
usr/local/share/bastille/start.sh
View File

@@ -46,6 +46,8 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then
usage
fi
bastille_root_check
TARGET="${1}"
shift

2
usr/local/share/bastille/stop.sh
View File

@@ -46,6 +46,8 @@ if [ $# -ne 0 ]; then
usage
fi
bastille_root_check
for _jail in ${JAILS}; do
## test if running
if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then

2
usr/local/share/bastille/sysrc.sh
View File

@@ -45,6 +45,8 @@ if [ $# -lt 1 ]; then
usage
fi
bastille_root_check
for _jail in ${JAILS}; do
info "[${_jail}]:"
jexec -l "${_jail}" /usr/sbin/sysrc "$@"

104
usr/local/share/bastille/tags.sh Normal file
View File

@@ -0,0 +1,104 @@
#!/bin/sh
#
# Copyright (c) 2018-2023, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
# Ressource limits added by Lars Engels github.com/bsdlme
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# * Neither the name of the copyright holder nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
error_notify "Usage: bastille tags TARGET add tag1[,tag2,...]"
error_notify " bastille tags TARGET delete tag1[,tag2,...]"
error_notify " bastille tags TARGET list [tag]"
echo -e "Example: bastille tags JAILNAME add database,mysql"
echo -e " bastille tags JAILNAME delete mysql"
echo -e " bastille tags ALL list"
echo -e " bastille tags ALL list mysql"
exit 1
}
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
esac
if [ $# -lt 1 -o $# -gt 2 ]; then
usage
fi
bastille_root_check
ACTION="${1}"
TAGS="${2}"
for _jail in ${JAILS}; do
bastille_jail_tags="${bastille_jailsdir}/${_jail}/tags"
case ${ACTION} in
add)
for _tag in $(echo ${TAGS} | tr , ' '); do
echo ${_tag} >> "${bastille_jail_tags}"
tmpfile="$(mktemp)"
sort "${bastille_jail_tags}" | uniq > "${tmpfile}"
mv "${tmpfile}" "${bastille_jail_tags}"
done
;;
del*)
for _tag in $(echo ${TAGS} | tr , ' '); do
[ ! -f "${bastille_jail_tags}" ] && break # skip if no tags file
tmpfile="$(mktemp)"
grep -Ev "^${_tag}\$" "${bastille_jail_tags}" > "${tmpfile}"
mv "${tmpfile}" "${bastille_jail_tags}"
# delete tags file if empty
[ ! -s "${bastille_jail_tags}" ] && rm "${bastille_jail_tags}"
done
;;
list)
if [ -n "${TAGS}" ]; then
[ -n "$(echo ${TAGS} | grep ,)" ] && usage # Only one tag per query
[ ! -f "${bastille_jail_tags}" ] && continue # skip if there is no tags file
grep -qE "^${TAGS}\$" "${bastille_jail_tags}"
if [ $? -eq 0 ]; then
echo "${_jail}"
continue
fi
else
if [ -f "${bastille_jail_tags}" ]; then
echo -n "${_jail}: "
xargs < "${bastille_jail_tags}"
fi
fi
;;
*)
usage
;;
esac
done

2
usr/local/share/bastille/template.sh
View File

@@ -116,6 +116,8 @@ if [ $# -lt 1 ]; then
bastille_usage
fi
bastille_root_check
## global variables
TEMPLATE="${1}"
bastille_template=${bastille_templatesdir}/${TEMPLATE}

2
usr/local/share/bastille/top.sh
View File

@@ -45,6 +45,8 @@ if [ $# -ne 0 ]; then
usage
fi
bastille_root_check
for _jail in ${JAILS}; do
info "[${_jail}]:"
jexec -l "${_jail}" /usr/bin/top

2
usr/local/share/bastille/umount.sh
View File

@@ -46,6 +46,8 @@ if [ $# -ne 1 ]; then
usage
fi
bastille_root_check
MOUNT_PATH=$1
for _jail in ${JAILS}; do

2
usr/local/share/bastille/update.sh
View File

@@ -46,6 +46,8 @@ if [ $# -gt 2 ] || [ $# -lt 1 ]; then
usage
fi
bastille_root_check
TARGET="${1}"
OPTION="${2}"

2
usr/local/share/bastille/upgrade.sh
View File

@@ -46,6 +46,8 @@ if [ $# -gt 3 ] || [ $# -lt 2 ]; then
usage
fi
bastille_root_check
TARGET="$1"
NEWRELEASE="$2"
OPTION="$3"

2
usr/local/share/bastille/verify.sh
View File

@@ -154,6 +154,8 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then
bastille_usage
fi
bastille_root_check
case "$1" in
*-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2)
RELEASE=$1

2
usr/local/share/bastille/zfs.sh
View File

@@ -82,6 +82,8 @@ help|-h|--help)
;;
esac
bastille_root_check
## check ZFS enabled
if [ ! "${bastille_zfs_enable}" = "YES" ]; then
error_exit "ZFS not enabled."