diff --git a/docs/chapters/subcommands/setup.rst b/docs/chapters/subcommands/setup.rst index 311c617a..40987f98 100644 --- a/docs/chapters/subcommands/setup.rst +++ b/docs/chapters/subcommands/setup.rst @@ -13,12 +13,13 @@ Below is a list of available options that can be used with the ``setup`` command .. code-block:: shell ishmael ~ # bastille setup -h ## display setup help - ishmael ~ # bastille setup -l ## configure loopback interface - ishmael ~ # bastille setup -s ## configure shared interface - ishmael ~ # bastille setup -p ## configure default pf firewall - ishmael ~ # bastille setup -z ## configure ZFS storage - ishmael ~ # bastille setup -v ## configure VNET ishmael ~ # bastille setup -b ## configure bridge interface + ishmael ~ # bastille setup -f ## configure filesystem/structure + ishmael ~ # bastille setup -l ## configure loopback interface + ishmael ~ # bastille setup -p ## configure default pf firewall + ishmael ~ # bastille setup -s ## configure shared interface + ishmael ~ # bastille setup -v ## configure VNET + ishmael ~ # bastille setup -z ## configure ZFS storage ishmael ~ # bastille setup ## configure -l -p and -z The ``-l|loopback`` option will configure a loopback interface called ``bastille0`` that @@ -36,6 +37,9 @@ networking option. The ``-l|loopback`` and ``-s|shared`` options are only for ca is not specified during the ``create`` command. If an interface is specified, these options have no effect. Instead, the specified interface will be used. +The ``-f|--filesystem`` option is to ensure the proper datasets/directories are in place +for using Bastille. This should only have to be run once on a new system. + The ``-s|shared`` option is for cases where you want an actual interface to use with bastille as opposed to a loopback. Jails will be linked to the shared interface on creation. @@ -51,10 +55,10 @@ The ``-v|vnet`` option will configure your system for use with VNET ``-V`` jails The ``-b|bridge`` options will attempt to configure a bridge interface for use with bridged VNET ``-B`` jails. -Running ``bastille setup`` without any options will attempt to auto-configure the ``-l``, ``-p`` and +Running ``bastille setup`` without any options will attempt to auto-configure the ``-f``, ``-l``, ``-p`` and ``-z`` options. .. code-block:: shell ishmael ~ # bastille setup help - Usage: bastille setup [-p|pf|firewall] [-l|loopback] [-s|shared] [-z|zfs|storage] [-v|vnet] [-b|bridge] + Usage: bastille setup [-b|bridge] [-f|--filesystem] [-l|loopback] [-p|pf|firewall] [-s|shared] [-v|vnet] [-z|zfs|storage] diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 25e39ca6..f55c3ad6 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -108,6 +108,18 @@ bootstrap_directories() { chmod 0750 "${bastille_backupsdir}" fi + ## ${bastille_migratedir} + if [ ! -d "${bastille_migratedir}" ]; then + if checkyesno bastille_zfs_enable; then + if [ -n "${bastille_zfs_zpool}" ]; then + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_migratedir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/migrate" + fi + else + mkdir -p "${bastille_migratedir}" + fi + chmod 0750 "${bastille_migratedir}" + fi + ## ${bastille_cachedir} if [ ! -d "${bastille_cachedir}" ]; then if checkyesno bastille_zfs_enable; then @@ -182,19 +194,6 @@ bootstrap_directories() { else mkdir -p "${bastille_releasesdir}/${RELEASE}" fi - - ## ${bastille_migratedir} - if [ ! -d "${bastille_migratedir}" ]; then - if checkyesno bastille_zfs_enable; then - if [ -n "${bastille_zfs_zpool}" ]; then - zfs create ${bastille_zfs_options} -o mountpoint="${bastille_migratedir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/migrate" - fi - else - mkdir -p "${bastille_migratedir}" - fi - chmod 0750 "${bastille_migratedir}" - fi - ## create subsequent releases/XX.X-RELEASE datasets elif [ ! -d "${bastille_releasesdir}/${RELEASE}" ]; then if checkyesno bastille_zfs_enable; then diff --git a/usr/local/share/bastille/migrate.sh b/usr/local/share/bastille/migrate.sh index f5d8b232..a286ec20 100644 --- a/usr/local/share/bastille/migrate.sh +++ b/usr/local/share/bastille/migrate.sh @@ -130,15 +130,9 @@ migrate_create_export() { info "\nPreparing jail for migration..." - # Ensure migrate directory is in place - ## ${bastille_migratedir} - if [ -z "${bastille_migratedir}" ]; then - if ! grep -oq "bastille_migratedir=" "${BASTILLE_CONFIG}"; then - sed -i '' 's|bastille_backupsdir=.*|&\nbastille_migratedir=\"${bastille_prefix}/migrate\" ## default: \"${bastille_prefix}/migrate\"|' ${BASTILLE_CONFIG} - # shellcheck disable=SC1090 - . ${BASTILLE_CONFIG} - fi - fi + # Ensure new migrate directory is created + bastille setup -f + if [ ! -d "${bastille_migratedir}" ]; then if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then diff --git a/usr/local/share/bastille/setup.sh b/usr/local/share/bastille/setup.sh index ecb954ff..453632b3 100644 --- a/usr/local/share/bastille/setup.sh +++ b/usr/local/share/bastille/setup.sh @@ -33,14 +33,128 @@ . /usr/local/share/bastille/common.sh usage() { - error_exit "Usage: bastille setup [-p|pf|firewall] [-l|loopback] [-s|shared] [-z|zfs|storage] [-v|vnet] [-b|bridge]" + error_exit "Usage: bastille setup [-b|bridge] [-f|--filesystem] [-l|loopback] [-p|pf|firewall] [-s|shared] [-v|vnet] [-z|zfs|storage]" } # Check for too many args -if [ $# -gt 1 ]; then +if [ "$#" -gt 1 ]; then usage fi +configure_filesystem() { + + # This is so we dont have to introduce breaking + # changes on new variables added to bastille.conf + + # Ensure migrate directory is in place + ## ${bastille_migratedir} + if [ -z "${bastille_migratedir}" ]; then + if ! grep -oq "bastille_migratedir=" "${BASTILLE_CONFIG}"; then + sed -i '' 's|bastille_backupsdir=.*|&\nbastille_migratedir=\"${bastille_prefix}/migrate\" ## default: \"${bastille_prefix}/migrate\"|' ${BASTILLE_CONFIG} + # shellcheck disable=SC1090 + . ${BASTILLE_CONFIG} + fi + fi + + ## ${bastille_prefix} + if [ ! -d "${bastille_prefix}" ]; then + if checkyesno bastille_zfs_enable; then + if [ -n "${bastille_zfs_zpool}" ]; then + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_prefix}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" + fi + else + mkdir -p "${bastille_prefix}" + fi + chmod 0750 "${bastille_prefix}" + # Make sure the dataset is mounted in the proper place + elif [ -d "${bastille_prefix}" ]; then + if ! zfs list "${bastille_zfs_zpool}/${bastille_zfs_prefix}" >/dev/null; then + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_prefix}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" + elif [ "$(zfs get -H -o value mountpoint ${bastille_zfs_zpool}/${bastille_zfs_prefix})" != "${bastille_prefix}" ]; then + zfs set mountpoint="${bastille_prefix}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}" + fi + fi + + ## ${bastille_backupsdir} + if [ ! -d "${bastille_backupsdir}" ]; then + if checkyesno bastille_zfs_enable; then + if [ -n "${bastille_zfs_zpool}" ]; then + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_backupsdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/backups" + fi + else + mkdir -p "${bastille_backupsdir}" + fi + chmod 0750 "${bastille_backupsdir}" + fi + + ## ${bastille_cachedir} + if [ ! -d "${bastille_cachedir}" ]; then + if checkyesno bastille_zfs_enable; then + if [ -n "${bastille_zfs_zpool}" ]; then + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache" + fi + else + mkdir -p "${bastille_cachedir}" + fi + fi + + ## ${bastille_jailsdir} + if [ ! -d "${bastille_jailsdir}" ]; then + if checkyesno bastille_zfs_enable; then + if [ -n "${bastille_zfs_zpool}" ]; then + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_jailsdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails" + fi + else + mkdir -p "${bastille_jailsdir}" + fi + fi + + ## ${bastille_logsdir} + if [ ! -d "${bastille_logsdir}" ]; then + if checkyesno bastille_zfs_enable; then + if [ -n "${bastille_zfs_zpool}" ]; then + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_logsdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/logs" + fi + else + mkdir -p "${bastille_logsdir}" + fi + fi + + ## ${bastille_templatesdir} + if [ ! -d "${bastille_templatesdir}" ]; then + if checkyesno bastille_zfs_enable; then + if [ -n "${bastille_zfs_zpool}" ]; then + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_templatesdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/templates" + fi + else + mkdir -p "${bastille_templatesdir}" + fi + fi + + ## ${bastille_releasesdir} + if [ ! -d "${bastille_releasesdir}" ]; then + if checkyesno bastille_zfs_enable; then + if [ -n "${bastille_zfs_zpool}" ]; then + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases" + fi + else + mkdir -p "${bastille_releasesdir}" + fi + fi + + ## ${bastille_migratedir} + if [ ! -d "${bastille_migratedir}" ]; then + if checkyesno bastille_zfs_enable; then + if [ -n "${bastille_zfs_zpool}" ]; then + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_migratedir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/migrate" + fi + else + mkdir -p "${bastille_migratedir}" + fi + chmod 0750 "${bastille_migratedir}" + fi +} + # Configure netgraph configure_netgraph() { if [ ! "$(kldstat -m netgraph)" ]; then @@ -236,6 +350,7 @@ configure_zfs() { # Run all base functions (w/o vnet) if no args if [ $# -eq 0 ]; then sysrc bastille_enable=YES + configure_filesystem configure_loopback_interface configure_pf configure_zfs @@ -248,6 +363,9 @@ case "$1" in -h|--help|help) usage ;; + -f|--filesystem) + configure_filesystem + ;; -p|pf|firewall) configure_pf ;; @@ -320,4 +438,4 @@ case "$1" in *) error_exit "[ERROR]: Unknown option: \"${1}\"" ;; -esac +esac \ No newline at end of file