Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-17 15:50:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1020 from BastilleBSD/master

Browse Source 
rebase
This commit is contained in:
tschettervictor
2025-05-05 09:07:02 -06:00
committed by GitHub
parent c7d29dc98e b440678cc2
commit fb65ec069c
20 changed files with 207 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/shellcheck.yml vendored
View File

@@ -29,7 +29,8 @@ jobs:
# Excluding SC2124: Assigning an array to a string! Check instead if
# this is a false positive or if there is a better
# way to do it.
SHELLCHECK_OPTS: -e SC3043 -e SC2154 -e SC3037 -e SC2155 -e SC2124
# Excluding SC2106: This only exits the subshell caused by the (...) group.
SHELLCHECK_OPTS: -e SC3043 -e SC2154 -e SC3037 -e SC2155 -e SC2124 -e SC2106
with:
severity: warning
scandir: "./usr/local/share/bastille"

73
usr/local/bin/bastille
View File

@@ -147,7 +147,8 @@ fi
. /usr/local/share/bastille/common.sh
# Handle options
PARALLEL_MODE=0
bastille_parallel_mode=0
bastille_process_limit="${bastille_process_limit:-1}"
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
@@ -171,10 +172,10 @@ while [ "$#" -gt 0 ]; do
shift 2
;;
-p|--parallel)
PARALLEL_MODE=1
PROCESS_LIMIT="${2}"
if ! echo "${PROCESS_LIMIT}" | grep -Eq "^[0-9]+$"; then
error_exit "Not a valid process limit: ${PROCESS_LIMIT}"
bastille_parallel_mode=1
bastille_process_limit="${2}"
if ! echo "${bastille_process_limit}" | grep -Eq "^[0-9]+$"; then
error_exit "Not a valid process limit: ${bastille_process_limit}"
else
shift 2
fi
@@ -188,6 +189,9 @@ while [ "$#" -gt 0 ]; do
esac
done
# Export parallel and limit
export bastille_process_limit
if [ "$#" -lt 1 ]; then
usage
else
@@ -204,10 +208,10 @@ case "${CMD}" in
convert| \
create| \
edit| \
etcupdate| \
export| \
htop| \
import| \
jcp| \
limits| \
list| \
migrate| \
@@ -217,9 +221,10 @@ case "${CMD}" in
rename| \
setup| \
top| \
verify| \
zfs)
if [ "${PARALLEL_MODE}" -eq 1 ]; then
update| \
upgrade| \
verify)
if [ "${bastille_parallel_mode}" -eq 1 ]; then
error_exit "Command does not support parallel mode: ${CMD}"
fi
;;
@@ -228,7 +233,7 @@ case "${CMD}" in
config| \
cp| \
destroy| \
etcupdate| \
jcp| \
limits| \
mount| \
pkg| \
@@ -240,45 +245,7 @@ case "${CMD}" in
tags| \
template| \
umount| \
update| \
upgrade)
# Extract JAILS from command for parallel mode
OPTIONS=""
while [ "$#" -gt 0 ] && [ "${PARALLEL_MODE}" -eq 1 ]; do
case "${1}" in
-d|--delay)
OPTIONS="${OPTIONS} ${1} ${2}"
shift 2
;;
-*)
OPTIONS="${OPTIONS} ${1}"
shift 1
;;
*)
case "${CMD}" in
stop|destroy)
if ! set_target "${1}" "reverse" >/dev/null 2>&1; then
OPTIONS="${OPTIONS} ${1}"
shift 1
else
XARGS_JAILS="${JAILS}"
shift 1
break
fi
;;
*)
if ! set_target "${1}" >/dev/null 2>&1; then
OPTIONS="${OPTIONS} ${1}"
shift 1
else
XARGS_JAILS="${JAILS}"
shift 1
break
fi
;;
esac
esac
done
zfs)
;;
*)
usage
@@ -294,12 +261,8 @@ if [ -f "${SCRIPTPATH}" ]; then
umask "${UMASK}"
: "${SH:=sh}"
if [ "${PARALLEL_MODE}" -eq 1 ]; then
echo "${XARGS_JAILS}" | xargs -P "${PROCESS_LIMIT}" -I {} "${SH}" "${SCRIPTPATH}" ${OPTIONS} {} "$@"
else
exec "${SH}" "${SCRIPTPATH}" "$@"
fi
exec "${SH}" "${SCRIPTPATH}" "$@"
else
error_exit "${SCRIPTPATH} not found."

7
usr/local/share/bastille/cmd.sh
View File

@@ -91,6 +91,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
(
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
@@ -123,7 +125,12 @@ for _jail in ${JAILS}; do
RETURN=$(($RETURN+$ERROR_CODE))
fi
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait
# Check when a command is executed in all running jails. (bastille cmd ALL ...)
if [ "${COUNT}" -gt 1 ] && [ "${RETURN}" -gt 0 ]; then

17
usr/local/share/bastille/common.sh
View File

@@ -93,6 +93,23 @@ warn() {
echo -e "${COLOR_YELLOW}$*${COLOR_RESET}"
}
# Parallel mode, don't exceed process limit
bastille_running_jobs() {
_process_limit="${1}"
_running_jobs=$((_running_jobs + 1))
if [ "${_running_jobs}" -ge "${_process_limit}" ]; then
# Wait for at least one process to finish
wait 2>/dev/null || wait
_running_jobs=$((_running_jobs - 1))
fi
}
check_target_exists() {
local _TARGET="${1}"
local _jaillist="$(bastille list jails)"

8
usr/local/share/bastille/config.sh
View File

@@ -116,6 +116,8 @@ print_jail_conf() {
for _jail in ${JAILS}; do
(
# Handle Bastille specific properties
# Currently only 'depend' 'priority' and 'boot'
if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then
@@ -290,7 +292,13 @@ for _jail in ${JAILS}; do
rm "${_tmpfile}"
fi
fi
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait
# Only display this message once at the end (not for every jail). -- cwells
if { [ "${ACTION}" = "set" ] || [ "${ACTION}" = "remove" ]; } && [ -z "${BASTILLE_PROPERTY}" ]; then

7
usr/local/share/bastille/cp.sh
View File

@@ -89,6 +89,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
(
info "\n[${_jail}]:"
host_path="${HOST_PATH}"
@@ -97,5 +99,10 @@ for _jail in ${JAILS}; do
if ! cp "${OPTION}" "${host_path}" "${jail_path}"; then
error_continue "[ERROR]: CP failed: ${host_path} -> ${jail_path}"
fi
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

10
usr/local/share/bastille/destroy.sh
View File

@@ -53,6 +53,8 @@ destroy_jail() {
for _jail in ${JAILS}; do
(
bastille_jail_base="${bastille_jailsdir}/${_jail}"
bastille_jail_log="${bastille_logsdir}/${_jail}_console.log"
@@ -117,8 +119,14 @@ destroy_jail() {
pfctl -a "rdr/${_jail}" -Fn
fi
fi
) &
done
bastille_running_jobs "${bastille_process_limit}"
done
wait
}
destroy_rel() {

10
usr/local/share/bastille/jcp.sh
View File

@@ -91,6 +91,8 @@ set_target "${DEST_TARGET}" && DEST_TARGET="${JAILS}"
for _jail in ${DEST_TARGET}; do
(
if [ "${_jail}" = "${SOURCE_TARGET}" ]; then
continue
else
@@ -105,6 +107,10 @@ for _jail in ${DEST_TARGET}; do
fi
fi
done
echo
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

8
usr/local/share/bastille/limits.sh
View File

@@ -131,6 +131,8 @@ add_cpuset() {
for _jail in ${JAILS}; do
(
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else
@@ -284,4 +286,10 @@ for _jail in ${JAILS}; do
;;
esac
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/mount.sh
View File

@@ -139,6 +139,8 @@ fi
for _jail in ${JAILS}; do
(
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else
@@ -196,4 +198,9 @@ for _jail in ${JAILS}; do
mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}"
echo "Added: ${_fstab_entry}"
done
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

7
usr/local/share/bastille/pkg.sh
View File

@@ -97,6 +97,8 @@ errors=0
for _jail in ${JAILS}; do
(
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
@@ -128,7 +130,12 @@ for _jail in ${JAILS}; do
fi
fi
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait
if [ $errors -ne 0 ]; then
error_exit "[ERROR]: Failed to apply on some jails, please check logs"

11
usr/local/share/bastille/restart.sh
View File

@@ -112,10 +112,17 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
(
# Only restart running jails
if check_target_is_running "${_jail}"; then
bastille stop ${_stop_options} ${_jail}
bastille start ${_start_options} ${_jail}
fi
done
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/service.sh
View File

@@ -88,6 +88,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
(
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
@@ -101,4 +103,9 @@ for _jail in ${JAILS}; do
jexec -l "${_jail}" /usr/sbin/service "$@"
done
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

7
usr/local/share/bastille/start.sh
View File

@@ -104,6 +104,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
(
# Continue if '-b|--boot' is set and 'boot=off'
if [ "${BOOT}" -eq 1 ]; then
BOOT_ENABLED="$(sysrc -f ${bastille_jailsdir}/${_jail}/settings.conf -n boot)"
@@ -208,4 +210,9 @@ for _jail in ${JAILS}; do
# Delay between jail action
sleep "${DELAY_TIME}"
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/stop.sh
View File

@@ -87,6 +87,8 @@ set_target "${TARGET}" "reverse"
for _jail in ${JAILS}; do
(
# Validate that all jails that 'depend' on this one are stopped
for _depend_jail in $(ls --color=never ${bastille_jailsdir} | sed -e 's/\n//g'); do
if ! grep -hoqsw "depend=" ${bastille_jailsdir}/${_depend_jail}/settings.conf; then
@@ -149,4 +151,9 @@ for _jail in ${JAILS}; do
done
fi
done
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/sysrc.sh
View File

@@ -88,6 +88,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
(
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
@@ -101,4 +103,9 @@ for _jail in ${JAILS}; do
jexec -l "${_jail}" /usr/sbin/sysrc "$@"
done
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/tags.sh
View File

@@ -77,6 +77,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
(
bastille_jail_tags="${bastille_jailsdir}/${_jail}/tags"
case ${ACTION} in
add)
@@ -118,4 +120,9 @@ for _jail in ${JAILS}; do
;;
esac
done
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/template.sh
View File

@@ -272,6 +272,8 @@ fi
for _jail in ${JAILS}; do
(
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else
@@ -474,4 +476,9 @@ for _jail in ${JAILS}; do
info "\nTemplate applied: ${TEMPLATE}"
done
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/umount.sh
View File

@@ -88,6 +88,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
(
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
@@ -128,4 +130,9 @@ for _jail in ${JAILS}; do
echo "Unmounted: ${_jailpath}"
done
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

115
usr/local/share/bastille/zfs.sh
View File

@@ -45,65 +45,25 @@ EOF
}
zfs_snapshot() {
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
# shellcheck disable=SC2140
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
done
# shellcheck disable=SC2140
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
}
zfs_destroy_snapshot() {
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
# shellcheck disable=SC2140
zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
done
# shellcheck disable=SC2140
zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
}
zfs_set_value() {
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
zfs "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
done
zfs "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
}
zfs_get_value() {
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
done
zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
}
zfs_disk_usage() {
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
done
zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
}
@@ -147,27 +107,40 @@ if [ -z "${bastille_zfs_zpool}" ]; then
error_exit "[ERROR]: ZFS zpool not defined."
fi
case "${ACTION}" in
set)
ATTRIBUTE="${3}"
zfs_set_value
;;
get)
ATTRIBUTE="${3}"
zfs_get_value
;;
snap|snapshot)
TAG="${3}"
zfs_snapshot
;;
destroy_snap|destroy_snapshot)
TAG="${3}"
zfs_destroy_snapshot
;;
df|usage)
zfs_disk_usage
;;
*)
usage
;;
esac
for _jail in ${JAILS}; do
(
info "\n[${_jail}]:"
case "${ACTION}" in
set)
ATTRIBUTE="${3}"
zfs_set_value
;;
get)
ATTRIBUTE="${3}"
zfs_get_value
;;
snap|snapshot)
TAG="${3}"
zfs_snapshot
;;
destroy_snap|destroy_snapshot)
TAG="${3}"
zfs_destroy_snapshot
;;
df|usage)
zfs_disk_usage
;;
*)
usage
;;
esac
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait