ruben/ezjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introducing a more generic crypto image strategy

Browse Source
This commit is contained in:
erdgeist 2006-04-26 09:31:37 +00:00
parent d6515f359d
commit f96dbd4def
2 changed files with 38 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
ezjail-admin
View File

@ -41,7 +41,10 @@ detach_images () {
# unmount and detach memory disc # unmount and detach memory disc
if [ "${ezjail_imagedevice}" ]; then if [ "${ezjail_imagedevice}" ]; then
umount ${ezjail_rootdir} > /dev/null umount ${ezjail_rootdir} > /dev/null
[ "${ezjail_imagetype}" = "crypto" ] && gbde detach /dev/${ezjail_imagedevice} > /dev/null case ${ezjail_imagetype} in
bde) gbde detach /dev/${ezjail_imagedevice} > /dev/null ;;
eli) ;;
esac
mdconfig -d -u ${ezjail_imagedevice} > /dev/null mdconfig -d -u ${ezjail_imagedevice} > /dev/null
[ "$1" = "success" ] || rm -f ${ezjail_image} [ "$1" = "success" ] || rm -f ${ezjail_image}
fi fi
@ -135,10 +138,10 @@ case "$1" in
######################## ezjail-admin CREATE ######################## ######################## ezjail-admin CREATE ########################
create) create)
shift shift
args=`getopt f:r:s:xic $*` || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-s size] [-xic] jailname jailip" args=`getopt f:r:s:xic:C: $*` || exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip"
# Clean variables, prevent polution # Clean variables, prevent polution
unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imagesize ezjail_device ezjail_config unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config
ezjail_fillme="YES" ezjail_fillme="YES"
set -- ${args} set -- ${args}
@ -147,7 +150,8 @@ create)
-x) ezjail_fillme="NO"; shift;; -x) ezjail_fillme="NO"; shift;;
-r) ezjail_rootdir="$2"; shift 2;; -r) ezjail_rootdir="$2"; shift 2;;
-f) ezjail_flavour="$2"; shift 2;; -f) ezjail_flavour="$2"; shift 2;;
-c) ezjail_imagetype="crypto"; shift;; -c) ezjail_imagetype=$2; shift 2;;
-C) ezjail_imageparams=$2; shift 2;;
-i) ezjail_imagetype=${ezjail_imagetype:-"simple"}; shift;; -i) ezjail_imagetype=${ezjail_imagetype:-"simple"}; shift;;
-s) ezjail_imagesize="$2"; shift 2;; -s) ezjail_imagesize="$2"; shift 2;;
--) shift; break;; --) shift; break;;
@ -156,11 +160,14 @@ create)
ezjail_name=$1; ezjail_ip=$2 ezjail_name=$1; ezjail_ip=$2
# we need at least a name and an ip for new jail # we need at least a name and an ip for new jail
[ "${ezjail_name}" -a "${ezjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-s size] [-xic] jailname jailip" [ "${ezjail_name}" -a "${ezjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip"
# check for sanity of settings concerning the image feature # check for sanity of settings concerning the image feature
[ "${ezjail_imagetype}" -a "${ezjail_fillme}" = "YES" -a ! "${ezjail_imagesize}" ] && exerr "Image jails need an image size." [ "${ezjail_imagetype}" -a "${ezjail_fillme}" = "YES" -a ! "${ezjail_imagesize}" ] && exerr "Image jails need an image size."
# check for a sane image type
case ${ezjail_imagetype} in ""|simple|bde|eli) ;; *) exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip";; esac
# check, whether ezjail-update has been called. existence of # check, whether ezjail-update has been called. existence of
# ezjail_jailbase is our indicator # ezjail_jailbase is our indicator
[ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first." [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first."
@ -180,8 +187,7 @@ create)
# This scenario really will only lead to real troubles in the 'fulljail' # This scenario really will only lead to real troubles in the 'fulljail'
# case, but I should still explain this to the user and not claim that # case, but I should still explain this to the user and not claim that
# "an ezjail would already exist" # "an ezjail would already exist"
[ "${ezjail_hostname}" = "basejail" -o "${ezjail_hostname}" = "newjail" -o "${ezjail_hostname}" = "fulljail" -o "${ezjail_hostname}" = "flavours" -o "${ezjail_hostname}" = "ezjailtemp" ] && \ case ${ezjail_hostname} in basejail|newjail|fulljail|flavous|ezjailtemp) exerr "Error: ezjail needs the ${ezjail_hostname} directory for its own administrative purposes. Please rename the ezjail.";; esac
exerr "Error: ezjail needs the ${ezjail_hostname} directory for its own administrative purposes. Please rename the ezjail."
# jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com # jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com
# so check, whether we might be running into problems # so check, whether we might be running into problems
@ -229,17 +235,22 @@ create)
ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}`
[ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')"
if [ "${ezjail_imagetype}" = "crypto" ]; then case "${ezjail_imagetype}" in
# Initialise crypto image bde)
echo "Initialising crypto device. Enter a new passphrase twice..." # Initialise crypto image
gbde init /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not initialise crypto image." echo "Initialising crypto device. Enter a new passphrase twice..."
gbde init /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not initialise crypto image."
echo "Attaching crypto device. Enter the passphrase..." echo "Attaching crypto device. Enter the passphrase..."
gbde attach /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not attach crypto image." gbde attach /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not attach crypto image."
ezjail_device=${ezjail_imagedevice}.bde ezjail_device=${ezjail_imagedevice}.bde
else ;;
eli)
;;
simple)
ezjail_device=${ezjail_imagedevice} ezjail_device=${ezjail_imagedevice}
fi ;;
esac
# Format memory image # Format memory image
newfs /dev/${ezjail_device} || detach_images || exerr "Error: Could not newfs /dev/${ezjail_device}." newfs /dev/${ezjail_device} || detach_images || exerr "Error: Could not newfs /dev/${ezjail_device}."
@ -371,10 +382,8 @@ list)
echo "--- ----- --------------- ---------------------------- -----------------------------" echo "--- ----- --------------- ---------------------------- -----------------------------"
for ezjail in ${ezjail_list}; do for ezjail in ${ezjail_list}; do
fetchjailinfo ${ezjail%.norun} fetchjailinfo ${ezjail%.norun}
ezjail_state="D" case ${ezjail_imagetype} in simple) ezjail_state="I";; bde) ezjail_state="B";; eli) ezjail_state="E";; *) ezjail_state="D";; esac
[ "${ezjail_imagetype}" = "simple" ] && ezjail_state="I" [ "${ezjail_id}" ] && ezjail_state=${ezjail_state}R || ezjail_state=${ezjail_state}S
[ "${ezjail_imagetype}" = "crypto" ] && ezjail_state="C"
[ "${ezjail_id}" ] && ezjail_state=${ezjail_state}R || ezjail_state=${ezjail_state}S
[ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state=${ezjail_state}N [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state=${ezjail_state}N
printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}" printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}"
@ -489,13 +498,14 @@ install)
# yes and the set -- all # yes and the set -- all
set -- all set -- all
[ -f install.sh ] && yes | . install.sh [ -f install.sh ] && yes | . install.sh
# XXX error checking. [ $? = 0 ] || exerr "Package install script for ${pkg} failed."
rm -rf ${ezjail_jailtemp} rm -rf ${ezjail_jailtemp}
else else
cd ${basejail_reldir}/${basejail_dir}/${pkg} || exerr "Could not cd to ${basejail_dir}." cd ${basejail_reldir}/${basejail_dir}/${pkg} || exerr "Could not cd to ${basejail_dir}."
set -- all set -- all
[ -f install.sh ] && yes | . install.sh [ -f install.sh ] && yes | . install.sh
[ $? = 0 ] || exerr "Package install script for ${pkg} failed."
fi fi
done done

9
ezjail.sh
View File

@ -92,13 +92,17 @@ attach_detach_pre ()
# If this is a crypto jail, try to mount it, remind user, which jail # If this is a crypto jail, try to mount it, remind user, which jail
# this is. In this case, the device to mount is # this is. In this case, the device to mount is
if [ "${ezjail_imagetype}" = "crypto" ]; then case ${ezjail_imagetype} in
crypto|bde)
echo "Attaching gbde device for image jail ${ezjail}..." echo "Attaching gbde device for image jail ${ezjail}..."
gbde attach /dev/${ezjail_device} gbde attach /dev/${ezjail_device}
# Device to mount is not md anymore # Device to mount is not md anymore
ezjail_device=${ezjail_device}.bde ezjail_device=${ezjail_device}.bde
fi ;;
eli)
;;
esac
# relink image device # relink image device
rm -f ${ezjail_root}.device rm -f ${ezjail_root}.device
@ -122,6 +126,7 @@ attach_detach_post () {
# In case of a stop, unmount image devices after stopping jails # In case of a stop, unmount image devices after stopping jails
for md in ${ezjail_mds}; do for md in ${ezjail_mds}; do
[ -e ${md}.bde ] && gbde detach ${md} [ -e ${md}.bde ] && gbde detach ${md}
[ -e ${md}.eli ] && geli detach ${md}
mdconfig -d -u ${md#/dev/} mdconfig -d -u ${md#/dev/}
done done
} }