diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index b706ca28..c5f373be 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -29,7 +29,8 @@ jobs: # Excluding SC2124: Assigning an array to a string! Check instead if # this is a false positive or if there is a better # way to do it. - SHELLCHECK_OPTS: -e SC3043 -e SC2154 -e SC3037 -e SC2155 -e SC2124 + # Excluding SC2106: This only exits the subshell caused by the (...) group. + SHELLCHECK_OPTS: -e SC3043 -e SC2154 -e SC3037 -e SC2155 -e SC2124 -e SC2106 with: severity: warning scandir: "./usr/local/share/bastille" diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index bb1c712c..cb97e833 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -147,7 +147,8 @@ fi . /usr/local/share/bastille/common.sh # Handle options -PARALLEL_MODE=0 +bastille_parallel_mode=0 +bastille_process_limit="${bastille_process_limit:-1}" while [ "$#" -gt 0 ]; do case "${1}" in -h|--help|help) @@ -171,10 +172,10 @@ while [ "$#" -gt 0 ]; do shift 2 ;; -p|--parallel) - PARALLEL_MODE=1 - PROCESS_LIMIT="${2}" - if ! echo "${PROCESS_LIMIT}" | grep -Eq "^[0-9]+$"; then - error_exit "Not a valid process limit: ${PROCESS_LIMIT}" + bastille_parallel_mode=1 + bastille_process_limit="${2}" + if ! echo "${bastille_process_limit}" | grep -Eq "^[0-9]+$"; then + error_exit "Not a valid process limit: ${bastille_process_limit}" else shift 2 fi @@ -188,6 +189,9 @@ while [ "$#" -gt 0 ]; do esac done +# Export parallel and limit +export bastille_process_limit + if [ "$#" -lt 1 ]; then usage else @@ -204,10 +208,10 @@ case "${CMD}" in convert| \ create| \ edit| \ + etcupdate| \ export| \ htop| \ import| \ - jcp| \ limits| \ list| \ migrate| \ @@ -217,9 +221,10 @@ case "${CMD}" in rename| \ setup| \ top| \ - verify| \ - zfs) - if [ "${PARALLEL_MODE}" -eq 1 ]; then + update| \ + upgrade| \ + verify) + if [ "${bastille_parallel_mode}" -eq 1 ]; then error_exit "Command does not support parallel mode: ${CMD}" fi ;; @@ -228,7 +233,7 @@ case "${CMD}" in config| \ cp| \ destroy| \ - etcupdate| \ + jcp| \ limits| \ mount| \ pkg| \ @@ -240,45 +245,7 @@ case "${CMD}" in tags| \ template| \ umount| \ - update| \ - upgrade) - # Extract JAILS from command for parallel mode - OPTIONS="" - while [ "$#" -gt 0 ] && [ "${PARALLEL_MODE}" -eq 1 ]; do - case "${1}" in - -d|--delay) - OPTIONS="${OPTIONS} ${1} ${2}" - shift 2 - ;; - -*) - OPTIONS="${OPTIONS} ${1}" - shift 1 - ;; - *) - case "${CMD}" in - stop|destroy) - if ! set_target "${1}" "reverse" >/dev/null 2>&1; then - OPTIONS="${OPTIONS} ${1}" - shift 1 - else - XARGS_JAILS="${JAILS}" - shift 1 - break - fi - ;; - *) - if ! set_target "${1}" >/dev/null 2>&1; then - OPTIONS="${OPTIONS} ${1}" - shift 1 - else - XARGS_JAILS="${JAILS}" - shift 1 - break - fi - ;; - esac - esac - done + zfs) ;; *) usage @@ -294,12 +261,8 @@ if [ -f "${SCRIPTPATH}" ]; then umask "${UMASK}" : "${SH:=sh}" - - if [ "${PARALLEL_MODE}" -eq 1 ]; then - echo "${XARGS_JAILS}" | xargs -P "${PROCESS_LIMIT}" -I {} "${SH}" "${SCRIPTPATH}" ${OPTIONS} {} "$@" - else - exec "${SH}" "${SCRIPTPATH}" "$@" - fi + + exec "${SH}" "${SCRIPTPATH}" "$@" else error_exit "${SCRIPTPATH} not found." diff --git a/usr/local/share/bastille/cmd.sh b/usr/local/share/bastille/cmd.sh index 1dc69d91..914a1f8a 100644 --- a/usr/local/share/bastille/cmd.sh +++ b/usr/local/share/bastille/cmd.sh @@ -91,6 +91,8 @@ set_target "${TARGET}" for _jail in ${JAILS}; do + ( + # Validate jail state check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then bastille start "${_jail}" @@ -123,7 +125,12 @@ for _jail in ${JAILS}; do RETURN=$(($RETURN+$ERROR_CODE)) fi + ) & + + bastille_running_jobs "${bastille_process_limit}" + done +wait # Check when a command is executed in all running jails. (bastille cmd ALL ...) if [ "${COUNT}" -gt 1 ] && [ "${RETURN}" -gt 0 ]; then diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index ee3eb387..21dcf6f8 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -93,6 +93,23 @@ warn() { echo -e "${COLOR_YELLOW}$*${COLOR_RESET}" } +# Parallel mode, don't exceed process limit +bastille_running_jobs() { + + _process_limit="${1}" + _running_jobs=$((_running_jobs + 1)) + + if [ "${_running_jobs}" -ge "${_process_limit}" ]; then + + # Wait for at least one process to finish + wait 2>/dev/null || wait + + _running_jobs=$((_running_jobs - 1)) + + fi + +} + check_target_exists() { local _TARGET="${1}" local _jaillist="$(bastille list jails)" diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index d8c8b7c7..642c1036 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -116,6 +116,8 @@ print_jail_conf() { for _jail in ${JAILS}; do + ( + # Handle Bastille specific properties # Currently only 'depend' 'priority' and 'boot' if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then @@ -290,7 +292,13 @@ for _jail in ${JAILS}; do rm "${_tmpfile}" fi fi + + ) & + + bastille_running_jobs "${bastille_process_limit}" + done +wait # Only display this message once at the end (not for every jail). -- cwells if { [ "${ACTION}" = "set" ] || [ "${ACTION}" = "remove" ]; } && [ -z "${BASTILLE_PROPERTY}" ]; then diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index 5c2f47df..10d4760e 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -89,6 +89,8 @@ set_target "${TARGET}" for _jail in ${JAILS}; do + ( + info "\n[${_jail}]:" host_path="${HOST_PATH}" @@ -97,5 +99,10 @@ for _jail in ${JAILS}; do if ! cp "${OPTION}" "${host_path}" "${jail_path}"; then error_continue "[ERROR]: CP failed: ${host_path} -> ${jail_path}" fi + + ) & + + bastille_running_jobs "${bastille_process_limit}" done +wait diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index bb73ddd5..2f506b27 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -53,6 +53,8 @@ destroy_jail() { for _jail in ${JAILS}; do + ( + bastille_jail_base="${bastille_jailsdir}/${_jail}" bastille_jail_log="${bastille_logsdir}/${_jail}_console.log" @@ -117,8 +119,14 @@ destroy_jail() { pfctl -a "rdr/${_jail}" -Fn fi fi + + ) & - done + bastille_running_jobs "${bastille_process_limit}" + +done +wait + } destroy_rel() { diff --git a/usr/local/share/bastille/jcp.sh b/usr/local/share/bastille/jcp.sh index fbc3e829..0e2c736a 100644 --- a/usr/local/share/bastille/jcp.sh +++ b/usr/local/share/bastille/jcp.sh @@ -91,6 +91,8 @@ set_target "${DEST_TARGET}" && DEST_TARGET="${JAILS}" for _jail in ${DEST_TARGET}; do + ( + if [ "${_jail}" = "${SOURCE_TARGET}" ]; then continue else @@ -105,6 +107,10 @@ for _jail in ${DEST_TARGET}; do fi fi -done -echo \ No newline at end of file + ) & + + bastille_running_jobs "${bastille_process_limit}" + +done +wait \ No newline at end of file diff --git a/usr/local/share/bastille/limits.sh b/usr/local/share/bastille/limits.sh index 0d12032f..e841b9e7 100644 --- a/usr/local/share/bastille/limits.sh +++ b/usr/local/share/bastille/limits.sh @@ -131,6 +131,8 @@ add_cpuset() { for _jail in ${JAILS}; do + ( + check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then bastille start "${_jail}" else @@ -284,4 +286,10 @@ for _jail in ${JAILS}; do ;; esac + + ) & + + bastille_running_jobs "${bastille_process_limit}" + done +wait diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index d412a00c..32394b5c 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -139,6 +139,8 @@ fi for _jail in ${JAILS}; do + ( + check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then bastille start "${_jail}" else @@ -196,4 +198,9 @@ for _jail in ${JAILS}; do mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}" echo "Added: ${_fstab_entry}" -done \ No newline at end of file + ) & + + bastille_running_jobs "${bastille_process_limit}" + +done +wait \ No newline at end of file diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index b6918c8c..d73b6857 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -97,6 +97,8 @@ errors=0 for _jail in ${JAILS}; do + ( + # Validate jail state check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then bastille start "${_jail}" @@ -128,7 +130,12 @@ for _jail in ${JAILS}; do fi fi + ) & + + bastille_running_jobs "${bastille_process_limit}" + done +wait if [ $errors -ne 0 ]; then error_exit "[ERROR]: Failed to apply on some jails, please check logs" diff --git a/usr/local/share/bastille/restart.sh b/usr/local/share/bastille/restart.sh index a812b440..dc1aed1b 100644 --- a/usr/local/share/bastille/restart.sh +++ b/usr/local/share/bastille/restart.sh @@ -112,10 +112,17 @@ set_target "${TARGET}" for _jail in ${JAILS}; do + ( + # Only restart running jails if check_target_is_running "${_jail}"; then bastille stop ${_stop_options} ${_jail} bastille start ${_start_options} ${_jail} fi - -done \ No newline at end of file + + ) & + + bastille_running_jobs "${bastille_process_limit}" + +done +wait \ No newline at end of file diff --git a/usr/local/share/bastille/service.sh b/usr/local/share/bastille/service.sh index 710b12f1..364dec5f 100644 --- a/usr/local/share/bastille/service.sh +++ b/usr/local/share/bastille/service.sh @@ -88,6 +88,8 @@ set_target "${TARGET}" for _jail in ${JAILS}; do + ( + # Validate jail state check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then bastille start "${_jail}" @@ -101,4 +103,9 @@ for _jail in ${JAILS}; do jexec -l "${_jail}" /usr/sbin/service "$@" -done \ No newline at end of file + ) & + + bastille_running_jobs "${bastille_process_limit}" + +done +wait \ No newline at end of file diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index 9170ffd3..9226560c 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -104,6 +104,8 @@ set_target "${TARGET}" for _jail in ${JAILS}; do + ( + # Continue if '-b|--boot' is set and 'boot=off' if [ "${BOOT}" -eq 1 ]; then BOOT_ENABLED="$(sysrc -f ${bastille_jailsdir}/${_jail}/settings.conf -n boot)" @@ -208,4 +210,9 @@ for _jail in ${JAILS}; do # Delay between jail action sleep "${DELAY_TIME}" + ) & + + bastille_running_jobs "${bastille_process_limit}" + done +wait diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 721ec137..9d1329f8 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -87,6 +87,8 @@ set_target "${TARGET}" "reverse" for _jail in ${JAILS}; do + ( + # Validate that all jails that 'depend' on this one are stopped for _depend_jail in $(ls --color=never ${bastille_jailsdir} | sed -e 's/\n//g'); do if ! grep -hoqsw "depend=" ${bastille_jailsdir}/${_depend_jail}/settings.conf; then @@ -149,4 +151,9 @@ for _jail in ${JAILS}; do done fi -done \ No newline at end of file + ) & + + bastille_running_jobs "${bastille_process_limit}" + +done +wait \ No newline at end of file diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index 727080b6..ac679e7b 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -88,6 +88,8 @@ set_target "${TARGET}" for _jail in ${JAILS}; do + ( + # Validate jail state check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then bastille start "${_jail}" @@ -101,4 +103,9 @@ for _jail in ${JAILS}; do jexec -l "${_jail}" /usr/sbin/sysrc "$@" -done \ No newline at end of file + ) & + + bastille_running_jobs "${bastille_process_limit}" + +done +wait \ No newline at end of file diff --git a/usr/local/share/bastille/tags.sh b/usr/local/share/bastille/tags.sh index 5aa0b757..28ef556b 100644 --- a/usr/local/share/bastille/tags.sh +++ b/usr/local/share/bastille/tags.sh @@ -77,6 +77,8 @@ set_target "${TARGET}" for _jail in ${JAILS}; do + ( + bastille_jail_tags="${bastille_jailsdir}/${_jail}/tags" case ${ACTION} in add) @@ -118,4 +120,9 @@ for _jail in ${JAILS}; do ;; esac -done \ No newline at end of file + ) & + + bastille_running_jobs "${bastille_process_limit}" + +done +wait \ No newline at end of file diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 8b9a7e0e..de6c0491 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -272,6 +272,8 @@ fi for _jail in ${JAILS}; do + ( + check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then bastille start "${_jail}" else @@ -474,4 +476,9 @@ for _jail in ${JAILS}; do info "\nTemplate applied: ${TEMPLATE}" -done \ No newline at end of file + ) & + + bastille_running_jobs "${bastille_process_limit}" + +done +wait \ No newline at end of file diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index 7b56da38..37d8d082 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -88,6 +88,8 @@ set_target "${TARGET}" for _jail in ${JAILS}; do + ( + # Validate jail state check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then bastille start "${_jail}" @@ -128,4 +130,9 @@ for _jail in ${JAILS}; do echo "Unmounted: ${_jailpath}" -done \ No newline at end of file + ) & + + bastille_running_jobs "${bastille_process_limit}" + +done +wait \ No newline at end of file diff --git a/usr/local/share/bastille/zfs.sh b/usr/local/share/bastille/zfs.sh index fb0aa707..bddd675a 100644 --- a/usr/local/share/bastille/zfs.sh +++ b/usr/local/share/bastille/zfs.sh @@ -45,65 +45,25 @@ EOF } zfs_snapshot() { - - for _jail in ${JAILS}; do - - info "\n[${_jail}]:" - - # shellcheck disable=SC2140 - zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}" - - done - + # shellcheck disable=SC2140 + zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}" } zfs_destroy_snapshot() { - - for _jail in ${JAILS}; do - - info "\n[${_jail}]:" - - # shellcheck disable=SC2140 - zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}" - - done - + # shellcheck disable=SC2140 + zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}" } zfs_set_value() { - - for _jail in ${JAILS}; do - - info "\n[${_jail}]:" - - zfs "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}" - - done - + zfs "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}" } zfs_get_value() { - - for _jail in ${JAILS}; do - - info "\n[${_jail}]:" - - zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}" - - done - + zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}" } zfs_disk_usage() { - - for _jail in ${JAILS}; do - - info "\n[${_jail}]:" - - zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}" - - done - + zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}" } @@ -147,27 +107,40 @@ if [ -z "${bastille_zfs_zpool}" ]; then error_exit "[ERROR]: ZFS zpool not defined." fi -case "${ACTION}" in - set) - ATTRIBUTE="${3}" - zfs_set_value - ;; - get) - ATTRIBUTE="${3}" - zfs_get_value - ;; - snap|snapshot) - TAG="${3}" - zfs_snapshot - ;; - destroy_snap|destroy_snapshot) - TAG="${3}" - zfs_destroy_snapshot - ;; - df|usage) - zfs_disk_usage - ;; - *) - usage - ;; -esac \ No newline at end of file +for _jail in ${JAILS}; do + + ( + + info "\n[${_jail}]:" + + case "${ACTION}" in + set) + ATTRIBUTE="${3}" + zfs_set_value + ;; + get) + ATTRIBUTE="${3}" + zfs_get_value + ;; + snap|snapshot) + TAG="${3}" + zfs_snapshot + ;; + destroy_snap|destroy_snapshot) + TAG="${3}" + zfs_destroy_snapshot + ;; + df|usage) + zfs_disk_usage + ;; + *) + usage + ;; + esac + + ) & + + bastille_running_jobs "${bastille_process_limit}" + +done +wait \ No newline at end of file