From d07d34b4cc84b6288a4e4934a1e1711d760c93cc Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 11 Apr 2025 17:22:24 -0600 Subject: [PATCH 1/5] config: Allow removing config values from jail.conf --- usr/local/share/bastille/config.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index 3218f8bb..fe2cd3bc 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -34,7 +34,7 @@ usage() { - error_notify "Usage: bastille config TARGET [get|set] PROPERTY_NAME NEW_VALUE" + error_notify "Usage: bastille config TARGET [get|set|remove] PROPERTY_NAME NEW_VALUE" cat << EOF Options: @@ -87,9 +87,9 @@ shift 2 set_target "${TARGET}" case "${ACTION}" in - get) + get|remove) if [ "$#" -ne 1 ]; then - error_notify 'Too many parameters for a "get" operation.' + error_notify 'Too many parameters for [get|remove] operation.' usage fi ;; @@ -183,6 +183,12 @@ for _jail in ${JAILS}; do else echo "${_output}" fi + elif [ "${ACTION}" = "remove" ]; then + if [ "$(bastille config ${_jail} get ${PROPERTY})" != "not set" ]; then + sed -i '' "/.*${PROPERTY}.*/d" "${FILE}" + else + error_exit "Value not present in jail.conf: ${PROPERTY}" + fi else # Setting the value. -- cwells if [ -n "${VALUE}" ]; then VALUE=$(echo "${VALUE}" | sed 's/\//\\\//g') @@ -233,7 +239,7 @@ for _jail in ${JAILS}; do done # Only display this message once at the end (not for every jail). -- cwells -if [ "${ACTION}" = 'set' ] && [ -z "${BASTILLE_PROPERTY}" ]; then +if { [ "${ACTION}" = "set" ] || [ "${ACTION}" = "remove" ]; } && [ -z "${BASTILLE_PROPERTY}" ]; then info "A restart is required for the changes to be applied. See 'bastille restart'." fi From 418ee3f3a54883dbaa871f10a4608274d4929822 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 11 Apr 2025 17:26:27 -0600 Subject: [PATCH 2/5] docs: Update config for remove action --- docs/chapters/subcommands/config.rst | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/chapters/subcommands/config.rst b/docs/chapters/subcommands/config.rst index c25dfc0e..88d8610e 100644 --- a/docs/chapters/subcommands/config.rst +++ b/docs/chapters/subcommands/config.rst @@ -1,7 +1,7 @@ config ====== -Get or set properties for targeted jail(s). +Get,set or remove properties from targeted jail(s). Getting a property that *is* defined in jail.conf: @@ -26,10 +26,19 @@ Setting a property: The restart message will appear every time a property is set. +Removing a property: + +.. code-block:: shell + + ishmael ~ # bastille config azkaban remove allow.mlock + A restart is required for the changes to be applied. See 'bastille restart azkaban'. + +The restart message will appear every time a property is removed. + .. code-block:: shell ishmael ~ # bastille config help - Usage: bastille config TARGET [get|set] PROPERTY_NAME NEW_VALUE + Usage: bastille config TARGET [get|set|remove] PROPERTY_NAME [NEW_VALUE] Options: -x | --debug Enable debug mode. From 219673d911de35d6ee41deeeb43411d4580f2b89 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 11 Apr 2025 17:26:53 -0600 Subject: [PATCH 3/5] Update config.sh --- usr/local/share/bastille/config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index fe2cd3bc..4f3a58ab 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -34,7 +34,7 @@ usage() { - error_notify "Usage: bastille config TARGET [get|set|remove] PROPERTY_NAME NEW_VALUE" + error_notify "Usage: bastille config TARGET [get|set|remove] PROPERTY [VALUE]" cat << EOF Options: From ecfa61845e0aa927b5a97d98b6733e6c20d3a294 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 11 Apr 2025 17:27:17 -0600 Subject: [PATCH 4/5] Update config.rst --- docs/chapters/subcommands/config.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/chapters/subcommands/config.rst b/docs/chapters/subcommands/config.rst index 88d8610e..bb06f730 100644 --- a/docs/chapters/subcommands/config.rst +++ b/docs/chapters/subcommands/config.rst @@ -38,7 +38,7 @@ The restart message will appear every time a property is removed. .. code-block:: shell ishmael ~ # bastille config help - Usage: bastille config TARGET [get|set|remove] PROPERTY_NAME [NEW_VALUE] + Usage: bastille config TARGET [get|set|remove] PROPERTY [VALUE] Options: -x | --debug Enable debug mode. From af3245cc5a877f92500301d2e2183943600e3947 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 20 Apr 2025 12:57:43 -0600 Subject: [PATCH 5/5] docs: Reorder boot and priority + minor fixes --- docs/chapters/boot-and-priority.rst | 39 ---------------------- docs/chapters/startup-configuration.rst | 44 +++++++++++++++++++++++++ docs/chapters/subcommands/restart.rst | 2 +- docs/chapters/subcommands/start.rst | 2 +- docs/chapters/subcommands/stop.rst | 1 - docs/chapters/targeting.rst | 16 +++++++++ docs/index.rst | 5 ++- usr/local/share/bastille/restart.sh | 2 +- usr/local/share/bastille/start.sh | 2 +- usr/local/share/bastille/stop.sh | 1 - 10 files changed, 66 insertions(+), 48 deletions(-) delete mode 100644 docs/chapters/boot-and-priority.rst create mode 100644 docs/chapters/startup-configuration.rst diff --git a/docs/chapters/boot-and-priority.rst b/docs/chapters/boot-and-priority.rst deleted file mode 100644 index fff7cb09..00000000 --- a/docs/chapters/boot-and-priority.rst +++ /dev/null @@ -1,39 +0,0 @@ -Boot and Priority -================= - -Boot ----- - -The boot setting controls whether a jail will be started on system startup. If you have enabled bastille -with ``sysrc bastille_enable=YES``, all jails with ``boot=on`` will start on system startup. Any jail(s) -with ``boot=off`` will not be started on system startup. - -You can also use ``bastille start --boot TARGET`` to make Bastille respect the boot setting. If ``-b|--boot`` is not -used, the targeted jail(s) will start, regardless of the boot setting. - -Jails will still shut down on system shutdown, regardless of this setting. - -The ``-b|--boot`` can also be used with the ``stop`` command. Any jails with ``boot=off`` will -not be touched if ``stop`` is called with ``-b|--boot``. Same goes for the ``restart`` command. - -When jails are created with Bastille, the boot setting is set to ``on`` by default. This can be overridden using -the ``--no-boot`` flag. See ``bastille create --no-boot TARGET...``. - -This value can be changed using ``bastille config TARGET boot [on|off]``. - -This value will be shown using ``bastille list all``. - -Priority --------- - -The priority value determines in what order commands are executed if multiple jails are targetted. This also controls -in what order jails are started and stopped on system startup and shutdown. This requires Bastille to be enabled -with ``sysrc bastille_enable=YES``. Jails will start in order starting at the lowest value, and will stop in order starting -at the highest value. So, jails with a priority value of 1 will start first, and stop last. - -When jails are created with Bastille, this value defaults to ``99``, but can be overridden with ``-p|--priority VALUE`` on -creation. See ``bastille create --priority 90 TARGET...``. - -This value can be changed using ``bastille config TARGET priority VALUE``. - -This value will be shown using ``bastille list all``. diff --git a/docs/chapters/startup-configuration.rst b/docs/chapters/startup-configuration.rst new file mode 100644 index 00000000..fbb00e70 --- /dev/null +++ b/docs/chapters/startup-configuration.rst @@ -0,0 +1,44 @@ +Startup Configuration +===================== + +Bastille can start jails on system startup, and stop them on system shutdown. To enable this functionality, we +must first enable Bastille as a service using ``sysrc bastille_enable=YES``. Once you reboot your host, all jails +with ``boot=on`` will be started when the host boots. + +If you have certain jails that must be started before other jails, you can use the priority option. Jails will start +in order starting at the lowest value, and will stop in order starting at the highest value. So, jails with a priority +value of 1 will start first, and stop last. + +See the chapter on targeting for more info. + +Boot +---- + +The boot setting controls whether a jail will be started on system startup. If you have enabled bastille +with ``sysrc bastille_enable=YES``, all jails with ``boot=on`` will start on system startup. Any jail(s) +with ``boot=off`` will not be started on system startup. + +By default, when jails are created with Bastille, the boot setting is set to ``on`` by default. This can be overridden using +the ``--no-boot`` flag. See ``bastille create --no-boot TARGET...``. + +You can also use ``bastille start --boot TARGET`` to make Bastille respect the boot setting. If ``-b|--boot`` is not +used, the targeted jail(s) will start, regardless of the boot setting. + +Jails will still shut down on system shutdown, regardless of this setting. + +The ``-b|--boot`` can also be used with the ``stop`` command. Any jails with ``boot=off`` will +not be touched if ``stop`` is called with ``-b|--boot``. Same goes for the ``restart`` command. + +This value can be changed using ``bastille config TARGET boot [on|off]``. + +This value will be shown using ``bastille list all``. + +Startup Delay +------------- + +Sometimes it is necessary to let a jail start fully before continuing to the next jail. + +We can do this with another sysrc value called ``bastille_startup_delay``. Setting ``bastille_startup_delay=5`` will +tell Bastille to wait 5 seconds between starting each jail. + +You can also use ``bastille start -d|--delay 5 all`` or ``bastille restart -d|--delay 5 all`` to achieve the same thing. \ No newline at end of file diff --git a/docs/chapters/subcommands/restart.rst b/docs/chapters/subcommands/restart.rst index fe78b3ae..3f3e5cdf 100644 --- a/docs/chapters/subcommands/restart.rst +++ b/docs/chapters/subcommands/restart.rst @@ -19,6 +19,6 @@ Restart jail(s). Options: -b | --boot Respect jail boot setting. - -d | --delay VALUE Time (seconds) to wait after starting/stopping jail(s). + -d | --delay VALUE Time (seconds) to wait after starting each jail. -v | --verbose Print every action on jail start. -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/start.rst b/docs/chapters/subcommands/start.rst index 54be65bc..fa673cd1 100644 --- a/docs/chapters/subcommands/start.rst +++ b/docs/chapters/subcommands/start.rst @@ -16,6 +16,6 @@ Start jail(s). Options: -b | --boot Respect jail boot setting. - -d | --delay VALUE Time (seconds) to wait after starting jail(s). + -d | --delay VALUE Time (seconds) to wait after starting each jail. -v | --verbose Print every action on jail start. -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/stop.rst b/docs/chapters/subcommands/stop.rst index 4a9ff050..1b993718 100644 --- a/docs/chapters/subcommands/stop.rst +++ b/docs/chapters/subcommands/stop.rst @@ -16,6 +16,5 @@ Stop jail(s). Options: -b | --boot Respect jail boot setting. - -d | --delay VALUE Time (seconds) to wait after stopping jail(s). -v | --verbose Print every action on jail stop. -x | --debug Enable debug mode. diff --git a/docs/chapters/targeting.rst b/docs/chapters/targeting.rst index ed1b770e..ae1a4e19 100644 --- a/docs/chapters/targeting.rst +++ b/docs/chapters/targeting.rst @@ -66,3 +66,19 @@ Examples: Releases +-----------+--------------+--------------+-------------------------------------------------------------+ | verify | 12.4-RELEASE | --- | verify 12.4-RELEASE release | +-----------+--------------+--------------+-------------------------------------------------------------+ + +Priority +-------- + +The priority value determines in what order commands are executed if multiple jails are targetted, including the ALL target. + +It also controls in what order jails are started and stopped on system startup and shutdown. This requires Bastille to be enabled +with ``sysrc bastille_enable=YES``. Jails will start in order starting at the lowest value, and will stop in order starting +at the highest value. So, jails with a priority value of 1 will start first, and stop last. + +When jails are created with Bastille, this value defaults to ``99``, but can be overridden with ``-p|--priority VALUE`` on +creation. See ``bastille create --priority 90 TARGET...``. + +This value can be changed using ``bastille config TARGET priority VALUE``. + +This value will be shown using ``bastille list all``. \ No newline at end of file diff --git a/docs/index.rst b/docs/index.rst index 29611ede..96367100 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -14,11 +14,10 @@ https://docs.bastillebsd.org. chapters/installation chapters/gettingstarted chapters/configuration - chapters/boot-and-priority - chapters/upgrading + chapters/targeting + chapters/startup-configuration chapters/networking chapters/usage - chapters/targeting chapters/upgrading chapters/subcommands/index chapters/template diff --git a/usr/local/share/bastille/restart.sh b/usr/local/share/bastille/restart.sh index 895313f5..789a5cf3 100644 --- a/usr/local/share/bastille/restart.sh +++ b/usr/local/share/bastille/restart.sh @@ -36,7 +36,7 @@ usage() { Options: -b | --boot Respect jail boot setting. - -d | --delay VALUE Time (seconds) to wait after starting/stopping jail(s). + -d | --delay VALUE Time (seconds) to wait after starting each jail. -v | --verbose Print every action on jail start. -x | --debug Enable debug mode. diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index 93413eb2..8514bba8 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -38,7 +38,7 @@ usage() { Options: -b | --boot Respect jail boot setting. - -d | --delay VALUE Time (seconds) to wait after starting jail(s). + -d | --delay VALUE Time (seconds) to wait after starting each jail. -v | --verbose Print every action on jail start. -x | --debug Enable debug mode. diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index fa84d00b..e4728f8a 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -38,7 +38,6 @@ usage() { Options: -b | --boot Respect jail boot setting. - -d | --delay VALUE Time (seconds) to wait after stopping jail(s). -v | --verbose Print every action on jail stop. -x | --debug Enable debug mode.