Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-19 00:30:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1020 from BastilleBSD/master

Browse Source 
rebase
This commit is contained in:
tschettervictor
2025-05-05 09:07:02 -06:00
committed by GitHub
parent c7d29dc98e b440678cc2
commit fb65ec069c
20 changed files with 207 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/shellcheck.yml vendored
View File

@@ -29,7 +29,8 @@ jobs:
# Excluding SC2124: Assigning an array to a string! Check instead if # Excluding SC2124: Assigning an array to a string! Check instead if
# this is a false positive or if there is a better # this is a false positive or if there is a better
# way to do it. # way to do it.
SHELLCHECK_OPTS: -e SC3043 -e SC2154 -e SC3037 -e SC2155 -e SC2124 # Excluding SC2106: This only exits the subshell caused by the (...) group.
SHELLCHECK_OPTS: -e SC3043 -e SC2154 -e SC3037 -e SC2155 -e SC2124 -e SC2106
with: with:
severity: warning severity: warning
scandir: "./usr/local/share/bastille" scandir: "./usr/local/share/bastille"

73
usr/local/bin/bastille
View File

@@ -147,7 +147,8 @@ fi
. /usr/local/share/bastille/common.sh . /usr/local/share/bastille/common.sh
# Handle options # Handle options
PARALLEL_MODE=0 bastille_parallel_mode=0
bastille_process_limit="${bastille_process_limit:-1}"
while [ "$#" -gt 0 ]; do while [ "$#" -gt 0 ]; do
case "${1}" in case "${1}" in
-h|--help|help) -h|--help|help)
@@ -171,10 +172,10 @@ while [ "$#" -gt 0 ]; do
shift 2 shift 2
;; ;;
-p|--parallel) -p|--parallel)
PARALLEL_MODE=1 bastille_parallel_mode=1
PROCESS_LIMIT="${2}" bastille_process_limit="${2}"
if ! echo "${PROCESS_LIMIT}" | grep -Eq "^[0-9]+$"; then if ! echo "${bastille_process_limit}" | grep -Eq "^[0-9]+$"; then
error_exit "Not a valid process limit: ${PROCESS_LIMIT}" error_exit "Not a valid process limit: ${bastille_process_limit}"
else else
shift 2 shift 2
fi fi
@@ -188,6 +189,9 @@ while [ "$#" -gt 0 ]; do
esac esac
done done
# Export parallel and limit
export bastille_process_limit
if [ "$#" -lt 1 ]; then if [ "$#" -lt 1 ]; then
usage usage
else else
@@ -204,10 +208,10 @@ case "${CMD}" in
convert| \ convert| \
create| \ create| \
edit| \ edit| \
etcupdate| \
export| \ export| \
htop| \ htop| \
import| \ import| \
jcp| \
limits| \ limits| \
list| \ list| \
migrate| \ migrate| \
@@ -217,9 +221,10 @@ case "${CMD}" in
rename| \ rename| \
setup| \ setup| \
top| \ top| \
verify| \ update| \
zfs) upgrade| \
if [ "${PARALLEL_MODE}" -eq 1 ]; then verify)
if [ "${bastille_parallel_mode}" -eq 1 ]; then
error_exit "Command does not support parallel mode: ${CMD}" error_exit "Command does not support parallel mode: ${CMD}"
fi fi
;; ;;
@@ -228,7 +233,7 @@ case "${CMD}" in
config| \ config| \
cp| \ cp| \
destroy| \ destroy| \
etcupdate| \ jcp| \
limits| \ limits| \
mount| \ mount| \
pkg| \ pkg| \
@@ -240,45 +245,7 @@ case "${CMD}" in
tags| \ tags| \
template| \ template| \
umount| \ umount| \
update| \ zfs)
upgrade)
# Extract JAILS from command for parallel mode
OPTIONS=""
while [ "$#" -gt 0 ] && [ "${PARALLEL_MODE}" -eq 1 ]; do
case "${1}" in
-d|--delay)
OPTIONS="${OPTIONS} ${1} ${2}"
shift 2
;;
-*)
OPTIONS="${OPTIONS} ${1}"
shift 1
;;
*)
case "${CMD}" in
stop|destroy)
if ! set_target "${1}" "reverse" >/dev/null 2>&1; then
OPTIONS="${OPTIONS} ${1}"
shift 1
else
XARGS_JAILS="${JAILS}"
shift 1
break
fi
;;
*)
if ! set_target "${1}" >/dev/null 2>&1; then
OPTIONS="${OPTIONS} ${1}"
shift 1
else
XARGS_JAILS="${JAILS}"
shift 1
break
fi
;;
esac
esac
done
;; ;;
*) *)
usage usage
@@ -294,12 +261,8 @@ if [ -f "${SCRIPTPATH}" ]; then
umask "${UMASK}" umask "${UMASK}"
: "${SH:=sh}" : "${SH:=sh}"
if [ "${PARALLEL_MODE}" -eq 1 ]; then exec "${SH}" "${SCRIPTPATH}" "$@"
echo "${XARGS_JAILS}" | xargs -P "${PROCESS_LIMIT}" -I {} "${SH}" "${SCRIPTPATH}" ${OPTIONS} {} "$@"
else
exec "${SH}" "${SCRIPTPATH}" "$@"
fi
else else
error_exit "${SCRIPTPATH} not found." error_exit "${SCRIPTPATH} not found."

7
usr/local/share/bastille/cmd.sh
View File

@@ -91,6 +91,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
# Validate jail state # Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}" bastille start "${_jail}"
@@ -123,7 +125,12 @@ for _jail in ${JAILS}; do
RETURN=$(($RETURN+$ERROR_CODE)) RETURN=$(($RETURN+$ERROR_CODE))
fi fi
) &
bastille_running_jobs "${bastille_process_limit}"
done done
wait
# Check when a command is executed in all running jails. (bastille cmd ALL ...) # Check when a command is executed in all running jails. (bastille cmd ALL ...)
if [ "${COUNT}" -gt 1 ] && [ "${RETURN}" -gt 0 ]; then if [ "${COUNT}" -gt 1 ] && [ "${RETURN}" -gt 0 ]; then

17
usr/local/share/bastille/common.sh
View File

@@ -93,6 +93,23 @@ warn() {
echo -e "${COLOR_YELLOW}$*${COLOR_RESET}" echo -e "${COLOR_YELLOW}$*${COLOR_RESET}"
} }
# Parallel mode, don't exceed process limit
bastille_running_jobs() {
_process_limit="${1}"
_running_jobs=$((_running_jobs + 1))
if [ "${_running_jobs}" -ge "${_process_limit}" ]; then
# Wait for at least one process to finish
wait 2>/dev/null || wait
_running_jobs=$((_running_jobs - 1))
fi
}
check_target_exists() { check_target_exists() {
local _TARGET="${1}" local _TARGET="${1}"
local _jaillist="$(bastille list jails)" local _jaillist="$(bastille list jails)"

8
usr/local/share/bastille/config.sh
View File

@@ -116,6 +116,8 @@ print_jail_conf() {
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
# Handle Bastille specific properties # Handle Bastille specific properties
# Currently only 'depend' 'priority' and 'boot' # Currently only 'depend' 'priority' and 'boot'
if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then
@@ -290,7 +292,13 @@ for _jail in ${JAILS}; do
rm "${_tmpfile}" rm "${_tmpfile}"
fi fi
fi fi
) &
bastille_running_jobs "${bastille_process_limit}"
done done
wait
# Only display this message once at the end (not for every jail). -- cwells # Only display this message once at the end (not for every jail). -- cwells
if { [ "${ACTION}" = "set" ] || [ "${ACTION}" = "remove" ]; } && [ -z "${BASTILLE_PROPERTY}" ]; then if { [ "${ACTION}" = "set" ] || [ "${ACTION}" = "remove" ]; } && [ -z "${BASTILLE_PROPERTY}" ]; then

7
usr/local/share/bastille/cp.sh
View File

@@ -89,6 +89,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
info "\n[${_jail}]:" info "\n[${_jail}]:"
host_path="${HOST_PATH}" host_path="${HOST_PATH}"
@@ -97,5 +99,10 @@ for _jail in ${JAILS}; do
if ! cp "${OPTION}" "${host_path}" "${jail_path}"; then if ! cp "${OPTION}" "${host_path}" "${jail_path}"; then
error_continue "[ERROR]: CP failed: ${host_path} -> ${jail_path}" error_continue "[ERROR]: CP failed: ${host_path} -> ${jail_path}"
fi fi
) &
bastille_running_jobs "${bastille_process_limit}"
done done
wait

10
usr/local/share/bastille/destroy.sh
View File

@@ -53,6 +53,8 @@ destroy_jail() {
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
bastille_jail_base="${bastille_jailsdir}/${_jail}" bastille_jail_base="${bastille_jailsdir}/${_jail}"
bastille_jail_log="${bastille_logsdir}/${_jail}_console.log" bastille_jail_log="${bastille_logsdir}/${_jail}_console.log"
@@ -117,8 +119,14 @@ destroy_jail() {
pfctl -a "rdr/${_jail}" -Fn pfctl -a "rdr/${_jail}" -Fn
fi fi
fi fi
) &
done bastille_running_jobs "${bastille_process_limit}"
done
wait
} }
destroy_rel() { destroy_rel() {

10
usr/local/share/bastille/jcp.sh
View File

@@ -91,6 +91,8 @@ set_target "${DEST_TARGET}" && DEST_TARGET="${JAILS}"
for _jail in ${DEST_TARGET}; do for _jail in ${DEST_TARGET}; do
(
if [ "${_jail}" = "${SOURCE_TARGET}" ]; then if [ "${_jail}" = "${SOURCE_TARGET}" ]; then
continue continue
else else
@@ -105,6 +107,10 @@ for _jail in ${DEST_TARGET}; do
fi fi
fi fi
done
echo ) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

8
usr/local/share/bastille/limits.sh
View File

@@ -131,6 +131,8 @@ add_cpuset() {
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}" bastille start "${_jail}"
else else
@@ -284,4 +286,10 @@ for _jail in ${JAILS}; do
;; ;;
esac esac
) &
bastille_running_jobs "${bastille_process_limit}"
done done
wait

9
usr/local/share/bastille/mount.sh
View File

@@ -139,6 +139,8 @@ fi
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}" bastille start "${_jail}"
else else
@@ -196,4 +198,9 @@ for _jail in ${JAILS}; do
mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}" mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}"
echo "Added: ${_fstab_entry}" echo "Added: ${_fstab_entry}"
done ) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

7
usr/local/share/bastille/pkg.sh
View File

@@ -97,6 +97,8 @@ errors=0
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
# Validate jail state # Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}" bastille start "${_jail}"
@@ -128,7 +130,12 @@ for _jail in ${JAILS}; do
fi fi
fi fi
) &
bastille_running_jobs "${bastille_process_limit}"
done done
wait
if [ $errors -ne 0 ]; then if [ $errors -ne 0 ]; then
error_exit "[ERROR]: Failed to apply on some jails, please check logs" error_exit "[ERROR]: Failed to apply on some jails, please check logs"

11
usr/local/share/bastille/restart.sh
View File

@@ -112,10 +112,17 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
# Only restart running jails # Only restart running jails
if check_target_is_running "${_jail}"; then if check_target_is_running "${_jail}"; then
bastille stop ${_stop_options} ${_jail} bastille stop ${_stop_options} ${_jail}
bastille start ${_start_options} ${_jail} bastille start ${_start_options} ${_jail}
fi fi
done ) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/service.sh
View File

@@ -88,6 +88,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
# Validate jail state # Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}" bastille start "${_jail}"
@@ -101,4 +103,9 @@ for _jail in ${JAILS}; do
jexec -l "${_jail}" /usr/sbin/service "$@" jexec -l "${_jail}" /usr/sbin/service "$@"
done ) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

7
usr/local/share/bastille/start.sh
View File

@@ -104,6 +104,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
# Continue if '-b|--boot' is set and 'boot=off' # Continue if '-b|--boot' is set and 'boot=off'
if [ "${BOOT}" -eq 1 ]; then if [ "${BOOT}" -eq 1 ]; then
BOOT_ENABLED="$(sysrc -f ${bastille_jailsdir}/${_jail}/settings.conf -n boot)" BOOT_ENABLED="$(sysrc -f ${bastille_jailsdir}/${_jail}/settings.conf -n boot)"
@@ -208,4 +210,9 @@ for _jail in ${JAILS}; do
# Delay between jail action # Delay between jail action
sleep "${DELAY_TIME}" sleep "${DELAY_TIME}"
) &
bastille_running_jobs "${bastille_process_limit}"
done done
wait

9
usr/local/share/bastille/stop.sh
View File

@@ -87,6 +87,8 @@ set_target "${TARGET}" "reverse"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
# Validate that all jails that 'depend' on this one are stopped # Validate that all jails that 'depend' on this one are stopped
for _depend_jail in $(ls --color=never ${bastille_jailsdir} | sed -e 's/\n//g'); do for _depend_jail in $(ls --color=never ${bastille_jailsdir} | sed -e 's/\n//g'); do
if ! grep -hoqsw "depend=" ${bastille_jailsdir}/${_depend_jail}/settings.conf; then if ! grep -hoqsw "depend=" ${bastille_jailsdir}/${_depend_jail}/settings.conf; then
@@ -149,4 +151,9 @@ for _jail in ${JAILS}; do
done done
fi fi
done ) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/sysrc.sh
View File

@@ -88,6 +88,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
# Validate jail state # Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}" bastille start "${_jail}"
@@ -101,4 +103,9 @@ for _jail in ${JAILS}; do
jexec -l "${_jail}" /usr/sbin/sysrc "$@" jexec -l "${_jail}" /usr/sbin/sysrc "$@"
done ) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/tags.sh
View File

@@ -77,6 +77,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
bastille_jail_tags="${bastille_jailsdir}/${_jail}/tags" bastille_jail_tags="${bastille_jailsdir}/${_jail}/tags"
case ${ACTION} in case ${ACTION} in
add) add)
@@ -118,4 +120,9 @@ for _jail in ${JAILS}; do
;; ;;
esac esac
done ) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/template.sh
View File

@@ -272,6 +272,8 @@ fi
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}" bastille start "${_jail}"
else else
@@ -474,4 +476,9 @@ for _jail in ${JAILS}; do
info "\nTemplate applied: ${TEMPLATE}" info "\nTemplate applied: ${TEMPLATE}"
done ) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

9
usr/local/share/bastille/umount.sh
View File

@@ -88,6 +88,8 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
(
# Validate jail state # Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}" bastille start "${_jail}"
@@ -128,4 +130,9 @@ for _jail in ${JAILS}; do
echo "Unmounted: ${_jailpath}" echo "Unmounted: ${_jailpath}"
done ) &
bastille_running_jobs "${bastille_process_limit}"
done
wait

115
usr/local/share/bastille/zfs.sh
View File

@@ -45,65 +45,25 @@ EOF
} }
zfs_snapshot() { zfs_snapshot() {
# shellcheck disable=SC2140
for _jail in ${JAILS}; do zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
info "\n[${_jail}]:"
# shellcheck disable=SC2140
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
done
} }
zfs_destroy_snapshot() { zfs_destroy_snapshot() {
# shellcheck disable=SC2140
for _jail in ${JAILS}; do zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
info "\n[${_jail}]:"
# shellcheck disable=SC2140
zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
done
} }
zfs_set_value() { zfs_set_value() {
zfs "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
zfs "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
done
} }
zfs_get_value() { zfs_get_value() {
zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
done
} }
zfs_disk_usage() { zfs_disk_usage() {
zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
done
} }
@@ -147,27 +107,40 @@ if [ -z "${bastille_zfs_zpool}" ]; then
error_exit "[ERROR]: ZFS zpool not defined." error_exit "[ERROR]: ZFS zpool not defined."
fi fi
case "${ACTION}" in for _jail in ${JAILS}; do
set)
ATTRIBUTE="${3}" (
zfs_set_value
;; info "\n[${_jail}]:"
get)
ATTRIBUTE="${3}" case "${ACTION}" in
zfs_get_value set)
;; ATTRIBUTE="${3}"
snap|snapshot) zfs_set_value
TAG="${3}" ;;
zfs_snapshot get)
;; ATTRIBUTE="${3}"
destroy_snap|destroy_snapshot) zfs_get_value
TAG="${3}" ;;
zfs_destroy_snapshot snap|snapshot)
;; TAG="${3}"
df|usage) zfs_snapshot
zfs_disk_usage ;;
;; destroy_snap|destroy_snapshot)
*) TAG="${3}"
usage zfs_destroy_snapshot
;; ;;
esac df|usage)
zfs_disk_usage
;;
*)
usage
;;
esac
) &
bastille_running_jobs "${bastille_process_limit}"
done
wait