diff --git a/README.md b/README.md index a8bba1f4..3fd8f922 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ Use "bastille command -h|--help" for more information about a command. ``` -## 0.5-beta +## 0.6-beta This document outlines the basic usage of the Bastille container management framework. This release is still considered beta. @@ -543,40 +543,44 @@ Templates](https://gitlab.com/BastilleBSD-Templates)? Bastille supports a templating system allowing you to apply files, pkgs and execute commands inside the container automatically. -Currently supported template hooks are: `PRE`, `CONFIG`, `PKG`, `SYSRC`, `CMD`. -Planned template hooks include: `FSTAB`, `PF`, `LOG` +Currently supported template hooks are: `INCLUDE`, `PRE`, `FSTAB`, `OVERLAY`, `PKG`, `SYSRC`, `SERVICE`, `CMD`. +Planned template hooks include: `PF`, `LOG` Templates are created in `${bastille_prefix}/templates` and can leverage any of -the template hooks. Simply create a new directory named after the template. eg; +the template hooks. Simply create a new directory in the format project/repo, +ie; `username/base-template` ```shell -mkdir -p /usr/local/bastille/templates/username/base +mkdir -p /usr/local/bastille/templates/username/base-template ``` To leverage a template hook, create an UPPERCASE file in the root of the template directory named after the hook you want to execute. eg; ```shell -echo "zsh vim-console git-lite htop" > /usr/local/bastille/templates/username/base/PKG -echo "/usr/bin/chsh -s /usr/local/bin/zsh" > /usr/local/bastille/templates/username/base/CMD -echo "usr" > /usr/local/bastille/templates/username/base/OVERLAY +echo "zsh vim-console git-lite htop" > /usr/local/bastille/templates/username/base-template/PKG +echo "/usr/bin/chsh -s /usr/local/bin/zsh" > /usr/local/bastille/templates/username/base-template/CMD +echo "usr" > /usr/local/bastille/templates/username/base-template/OVERLAY ``` Template hooks are executed in specific order and require specific syntax to -work as expected. This table outlines those requirements: +work as expected. This table outlines that order and those requirements: -| SUPPORTED | format | example | -|-----------|------------------|----------------------------------------------------------------| -| PRE/CMD | /bin/sh command | /usr/bin/chsh -s /usr/local/bin/zsh | -| OVERLAY | paths (one/line) | etc root usr | -| PKG | port/pkg name(s) | vim-console zsh git-lite tree htop | -| SYSRC | sysrc command(s) | nginx_enable=YES | +| SUPPORTED | format | example | +|-----------|---------------------|------------------------------------------------| +| INCLUDE | template path/URL | http?://TEMPLATE_URL or username/base-template | +| PRE | /bin/sh command | mkdir -p /usr/local/path | +| FSTAB | fstab syntax | /host/path container/path nullfs ro 0 0 | +| PKG | port/pkg name(s) | vim-console zsh git-lite tree htop | +| OVERLAY | paths (one/line) | etc usr | +| SYSRC | sysrc command(s) | nginx_enable=YES | +| SERVICE | service command(s) | nginx restart | +| CMD | /bin/sh command | /usr/bin/chsh -s /usr/local/bin/zsh | | PLANNED | format | example | |---------|------------------|----------------------------------------------------------------| | PF | pf rdr entry | rdr pass inet proto tcp from any to any port 80 -> 10.17.89.80 | | LOG | path | /var/log/nginx/access.log | -| FSTAB | fstab syntax | /path/on/host /path/in/container nullfs ro 0 0 | Note: SYSRC requires NO quotes or that quotes (`"`) be escaped. ie; `\"`) @@ -587,12 +591,12 @@ template directory as "/". An example here may help. Think of `/usr/local/bastille/templates/username/base`, our example template, as the root of our filesystem overlay. If you create an `etc/hosts` or -`etc/resolv.conf` *inside* the base template directory, these can be overlayed +`etc/resolv.conf` inside the base template directory, these can be overlayed into your container. Note: due to the way FreeBSD segregates user-space, the majority of your overlayed template files will be in `usr/local`. The few general -exceptions are the `etc/hosts`, `etc/resolv.conf`, and `etc/rc.conf.local`, etc. +exceptions are the `etc/hosts`, `etc/resolv.conf`, and `etc/rc.conf.local`. After populating `usr/local/` with custom config files that your container will use, be sure to include `usr` in the template OVERLAY definition. eg; diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 5c8cb9f7..cb34f728 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -135,7 +135,58 @@ for _jail in ${JAILS}; do ## FSTAB if [ -s "${bastille_template}/FSTAB" ]; then - echo -e "${COLOR_GREEN}NOT YET IMPLEMENTED.${COLOR_RESET}" + echo -e "${COLOR_GREEN}[${_jail}]:FSTAB -- START${COLOR_RESET}" + while read _fstab; do + ## assign needed variables + _hostpath=$(echo "${_fstab}" | awk '{print $1}') + _jailpath=$(echo "${_fstab}" | awk '{print $2}') + _type=$(echo "${_fstab}" | awk '{print $3}') + _perms=$(echo "${_fstab}" | awk '{print $4}') + _checks=$(echo "${_fstab}" | awk '{print $5" "$6}') + + ## if any variables are empty, bail out + if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "${_perms}" ] || [ -z "${_checks}" ]; then + echo -e "${COLOR_RED}FSTAB format not recognized.${COLOR_RESET}" + echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}" + echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}" + exit 1 + fi + ## if host path doesn't exist or type is not "nullfs" + if [ ! -d "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then + echo -e "${COLOR_RED}Detected invalid host path or incorrect mount type in FSTAB.${COLOR_RESET}" + echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}" + echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}" + exit 1 + fi + ## if mount permissions are not "ro" or "rw" + if [ "${_perms}" != "ro" ] && [ "${_perms}" != "rw" ]; then + echo -e "${COLOR_RED}Detected invalid mount permissions in FSTAB.${COLOR_RESET}" + echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}" + echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}" + exit 1 + fi + ## if check & pass are not "0 0 - 1 1"; bail out + if [ "${_checks}" != "0 0" ] && [ "${_checks}" != "1 0" ] && [ "${_checks}" != "0 1" ] && [ "${_checks}" != "1 1" ]; then + echo -e "${COLOR_RED}Detected invalid fstab options in FSTAB.${COLOR_RESET}" + echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}" + echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}" + exit 1 + fi + + ## aggregate variables into FSTAB entry + _fstab_entry="${_hostpath} ${bastille_jailsdir}/${_jail}/root/${_jailpath} ${_type} ${_perms} ${_checks}" + + ## if entry doesn't exist, add; else show existing entry + if [ ! "$(grep "${_jailpath}" "${bastille_jailsdir}/${_jail}/fstab")" ]; then + echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" + echo "Added: ${_fstab_entry}" + else + echo "$(grep "${_jailpath}" "${bastille_jailsdir}/${_jail}/fstab")" + fi + done < "${bastille_template}/FSTAB" + mount -F "${bastille_jailsdir}/${_jail}/fstab" -a + echo -e "${COLOR_GREEN}[${_jail}]:FSTAB -- END${COLOR_RESET}" + echo fi ## PF