Merge pull request #1032 from BastilleBSD/tschettervictor-patch-1

2025-12-26 23:40:38 +01:00 · 2025-05-09 16:20:45 -06:00
parent aadac9ea31 c90c39c778
commit f914bf1a52
6 changed files with 55 additions and 61 deletions
--- a/docs/chapters/migration.rst
+++ b/docs/chapters/migration.rst
@@ -48,6 +48,9 @@ properly.

 You can optionally set ``-d|--destroy`` to have Bastille destroy the old jail on completion.

+You can also set ``-b|--backup`` to retain the archives remotely. They will be copied into
+``${bastille_backupsdir}``.
+
 iocage
 ------

--- a/docs/chapters/subcommands/migrate.rst
+++ b/docs/chapters/subcommands/migrate.rst
@@ -23,6 +23,7 @@ port by supplying it as in ``user@host:port``.

    -a | --auto              Auto mode. Start/stop jail(s) if required.
    -d | --destroy           Destroy local jail after migration.
+    -b | --backup            Retain archives on remote system.
       | --doas              Use 'doas' instead of 'sudo'.
    -p | --password          Use password based authentication.
    -x | --debug             Enable debug mode.
--- a/usr/local/etc/bastille/bastille.conf.sample
+++ b/usr/local/etc/bastille/bastille.conf.sample
@@ -9,7 +9,6 @@ bastille_cachedir="${bastille_prefix}/cache"                          ## default
 bastille_jailsdir="${bastille_prefix}/jails"                          ## default: "${bastille_prefix}/jails"
 bastille_releasesdir="${bastille_prefix}/releases"                    ## default: "${bastille_prefix}/releases"
 bastille_templatesdir="${bastille_prefix}/templates"                  ## default: "${bastille_prefix}/templates"
-bastille_migratedir="${bastille_prefix}/migrate"                      ## default: "${bastille_prefix}/migrate"
 bastille_logsdir="/var/log/bastille"                                  ## default: "/var/log/bastille"

 ## pf configuration path
--- a/usr/local/share/bastille/bootstrap.sh
+++ b/usr/local/share/bastille/bootstrap.sh
@@ -108,18 +108,6 @@ bootstrap_directories() {
        chmod 0750 "${bastille_backupsdir}"
    fi

-    ## ${bastille_migratedir}
-    if [ ! -d "${bastille_migratedir}" ]; then
-        if checkyesno bastille_zfs_enable; then
-            if [ -n "${bastille_zfs_zpool}" ]; then
-                zfs create ${bastille_zfs_options} -o mountpoint="${bastille_migratedir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/migrate"
-            fi
-        else
-            mkdir -p "${bastille_migratedir}"
-        fi
-        chmod 0750 "${bastille_migratedir}"
-    fi
-
    ## ${bastille_cachedir}
    if [ ! -d "${bastille_cachedir}" ]; then
        if checkyesno bastille_zfs_enable; then
@@ -681,4 +669,4 @@ case "${OPTION}" in
        ;;
 esac

-echo
+echo
--- a/usr/local/share/bastille/migrate.sh
+++ b/usr/local/share/bastille/migrate.sh
@@ -44,6 +44,7 @@ usage() {
    Options:

    -a | --auto              Auto mode. Start/stop jail(s) if required.
+    -b | --backup            Retain archives on remote system.
    -d | --destroy           Destroy local jail after migration.
       | --doas              Use 'doas' instead of 'sudo'.
    -p | --password          Use password based authentication.
@@ -55,6 +56,7 @@ EOF

 # Handle options.
 AUTO=0
+OPT_BACKUP=0
 OPT_DESTROY=0
 OPT_PASSWORD=0
 OPT_SU="sudo"
@@ -67,6 +69,10 @@ while [ "$#" -gt 0 ]; do
            AUTO=1
            shift
            ;;
+        -b|--backup)
+            OPT_BACKUP=1
+            shift
+            ;;
        -d|--destroy)
            OPT_DESTROY=1
            shift
@@ -87,6 +93,7 @@ while [ "$#" -gt 0 ]; do
            for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
                case ${_opt} in
                    a) AUTO=1 ;;
+                    b) OPT_BACKUP=1 ;;
                    d) OPT_DESTROY=1 ;;
                    p) OPT_PASSWORD=1 ;;
                    x) enable_debug ;;
@@ -127,13 +134,13 @@ validate_host_status() {
    info "\nChecking remote host status..."

    # Host uptime
-    if ! nc -z ${_host} ${_port} >/dev/null 2>/dev/null; then
+    if ! nc -w 1 -z ${_host} ${_port} >/dev/null 2>/dev/null; then
        error_exit "[ERROR]: Host appears to be down"
    fi

    # Host SSH check
    if [ "${OPT_PASSWORD}" -eq 1 ]; then
-        if ! ${_sshpass_cmd} ssh -p ${_port} ${_user}@${_host}exit >/dev/null 2>/dev/null; then
+        if ! ${_sshpass_cmd} ssh -p ${_port} ${_user}@${_host} exit >/dev/null 2>/dev/null; then
            error_notify "[ERROR]: Could not establish ssh connection to host."
            error_notify "Please make sure the remote host supports password based authentication"
            error_exit "and you are using the correct password for user: '${_user}'"
@@ -154,9 +161,17 @@ migrate_cleanup() {
    local _host="${3}"
    local _port="${4}"

+    # Backup archives on remote system
+    if [ "${OPT_BACKUP}" -eq 1 ]; then
+
+        _remote_bastille_backupsdir="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_backupsdir)"
+
+        ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} cp "${_remote_bastille_migratedir}/*" "${_remote_bastille_backupsdir}"
+    fi
+
    # Remove archive files from local and remote system
-    ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} rm -f "${_remote_bastille_migratedir}/${_jail}_*.*"
-    rm -f ${bastille_migratedir}/${_jail}_*.*
+    ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} rm -fr "${_remote_bastille_migratedir}"
+    rm -fr ${_local_bastille_migratedir}
 }

 migrate_create_export() {
@@ -168,15 +183,15 @@ migrate_create_export() {

    info "\nPreparing jail for migration..."

-    # Ensure new migrate directory is created
-    bastille setup -f
-    ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} bastille setup -f
+    # Ensure /tmp/bastille-migrate has 777 perms
+    chmod 777 ${_local_bastille_migratedir}
+    ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} chmod 777 ${_remote_bastille_migratedir}

    # --xz for ZFS, otherwise --txz
    if checkyesno bastille_zfs_enable; then
-        bastille export --xz ${_jail} ${bastille_migratedir}
+        bastille export --xz ${_jail} ${_local_bastille_migratedir}
    else
-        bastille export --txz ${_jail} ${_bastille_migratedir}
+        bastille export --txz ${_jail} ${_local_bastille_migratedir}
    fi
 }

@@ -187,10 +202,16 @@ migrate_jail() {
    local _host="${3}"
    local _port="${4}"

-    local _remote_bastille_zfs_enable="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_zfs_enable)"
-    local _remote_bastille_jailsdir="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_jailsdir)"
-    local _remote_bastille_migratedir="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_migratedir)"
-    local _remote_jail_list="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} bastille list jails)"
+    _local_bastille_migratedir="$(mktemp -d /tmp/bastille-migrate-${_jail})"
+    _remote_bastille_zfs_enable="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_zfs_enable)"
+    _remote_bastille_jailsdir="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_jailsdir)"
+    _remote_bastille_migratedir="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} mktemp -d /tmp/bastille-migrate-${_jail})"
+    _remote_jail_list="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} bastille list jails)"
+
+    if [ -z "${_local_bastille_migratedir}" ] || [ -z "${_remote_bastille_migratedir}" ]; then
+        error_notify "[ERROR]: Could not create /tmp/bastille-migrate."
+        error_continue "Ensure it doesn't exist locally or remotely."
+    fi

    # Verify jail does not exist remotely
    if echo "${_remote_jail_list}" | grep -Eoqw "${_jail}"; then
@@ -208,17 +229,17 @@ migrate_jail() {

            info "\nAttempting to migrate jail to remote system..."

-            local _file="$(find "${bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${_jail}_.*\.xz$" | head -n1)"
-            local _file_sha256="$(echo ${_file} | sed 's/\..*/.sha256/')"
+            _file="$(find "${_local_bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${_jail}_.*\.xz$" | head -n1)"
+            _file_sha256="$(echo ${_file} | sed 's/\..*/.sha256/')"

            # Send sha256
-            if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${bastille_migratedir}/${_file_sha256} ${_user}@${_host}:${_remote_bastille_migratedir}; then
+            if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file_sha256} ${_user}@${_host}:${_remote_bastille_migratedir}; then
                migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
                error_exit "[ERROR]: Failed to send jail to remote system."
            fi

            # Send jail export
-            if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${bastille_migratedir}/${_file} ${_user}@${_host}:${_remote_bastille_migratedir}; then
+            if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file} ${_user}@${_host}:${_remote_bastille_migratedir}; then
                migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
                error_exit "[ERROR]: Failed to send jail to remote system."
            fi
@@ -233,17 +254,17 @@ migrate_jail() {

            migrate_create_export "${_jail}" "${_user}" "${_host}" "${_port}"

-            local _file="$(find "${bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${_jail}_.*\.txz$" | head -n1)"
-            local _file_sha256="$(echo ${_file} | sed 's/\..*/.sha256/')"
+            _file="$(find "${_local_bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${_jail}_.*\.txz$" | head -n1)"
+            _file_sha256="$(echo ${_file} | sed 's/\..*/.sha256/')"

            # Send sha256
-            if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${bastille_migratedir}/${_file_sha256} ${_user}@${_host}:${_remote_bastille_migratedir}; then
+            if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file_sha256} ${_user}@${_host}:${_remote_bastille_migratedir}; then
                migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
                error_exit "[ERROR]: Failed to migrate jail to remote system."
            fi

            # Send jail export
-            if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${bastille_migratedir}/${_file} ${_user}@${_host}:${_remote_bastille_migratedir}; then
+            if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file} ${_user}@${_host}:${_remote_bastille_migratedir}; then
                migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
                error_exit "[ERROR]: Failed to migrate jail to remote system."
            fi
@@ -293,10 +314,14 @@ fi
 if [ "${OPT_PASSWORD}" -eq 1 ]; then
    _opt_ssh_key=
 else
-    _migrate_user="$(${OPT_SU} -u ${USER} whoami)"
-    _migrate_user_home="$(getent passwd ${_migrate_user} | cut -d: -f6)"
+    _migrate_user_home="$(getent passwd ${USER} | cut -d: -f6)"
    _migrate_user_ssh_key="${_migrate_user_home}/.ssh/id_rsa"
    _opt_ssh_key="-i ${_migrate_user_ssh_key}"
+
+    # Exit if no keys found
+    if [ -z "${_migrate_user_home}" ] || [ -z "${_migrate_user_ssh_key}" ]; then
+        error_exit "[ERROR]: Could not find keys for user: ${USER}"
+    fi
 fi

 # Validate host uptime
@@ -326,4 +351,4 @@ for _jail in ${JAILS}; do
    bastille_running_jobs "${bastille_process_limit}"

 done
-wait
+wait
--- a/usr/local/share/bastille/setup.sh
+++ b/usr/local/share/bastille/setup.sh
@@ -46,16 +46,6 @@ configure_filesystem() {
    # This is so we dont have to introduce breaking
    # changes on new variables added to bastille.conf

-    # Ensure migrate directory is in place
-    ## ${bastille_migratedir}
-    if [ -z "${bastille_migratedir}" ]; then
-        if ! grep -oq "bastille_migratedir=" "${BASTILLE_CONFIG}"; then
-            sed -i '' 's|bastille_backupsdir=.*|&\nbastille_migratedir=\"${bastille_prefix}/migrate\"                      ## default: \"${bastille_prefix}/migrate\"|' ${BASTILLE_CONFIG}
-            # shellcheck disable=SC1090
-            . ${BASTILLE_CONFIG}
-        fi
-    fi
-
    ## ${bastille_prefix}
    if [ ! -d "${bastille_prefix}" ]; then
        if checkyesno bastille_zfs_enable; then
@@ -141,18 +131,6 @@ configure_filesystem() {
            mkdir -p "${bastille_releasesdir}"
        fi
    fi
-
-    ## ${bastille_migratedir}
-    if [ ! -d "${bastille_migratedir}" ]; then
-        if checkyesno bastille_zfs_enable; then
-            if [ -n "${bastille_zfs_zpool}" ]; then
-                zfs create ${bastille_zfs_options} -o mountpoint="${bastille_migratedir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/migrate"
-            fi
-        else
-            mkdir -p "${bastille_migratedir}"
-        fi
-        chmod 0750 "${bastille_migratedir}"
-    fi
 }

 # Configure netgraph
@@ -438,4 +416,4 @@ case "$1" in
    *)
        error_exit "[ERROR]: Unknown option: \"${1}\""
        ;;
-esac
+esac