ruben/ezjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ruben:RELEASE_3_2_2
Branches Tags
ruben:master
ruben:freebsd_upgrade_stuff
ruben:RELEASE_3_4_2
ruben:RELEASE_3_3
ruben:RELEASE_3_2_3
ruben:RELEASE_3_2_2
ruben:RELEASE_3_2_1
ruben:RELEASE_3_2
ruben:RELEASE_3_1
ruben:RELEASE_3_0
ruben:RELEASE_2_1
ruben:RELEASE_2_0_1
ruben:RELEASE_2_0
ruben:RELEASE_1_3_1
ruben:RELEASE_1_3
ruben:RELEASE_1_2
ruben:RELEASE_1_1
ruben:RELEASE_1_0
..
compare: ruben:master
Branches Tags
ruben:freebsd_upgrade_stuff
ruben:master
ruben:RELEASE_3_4_2
ruben:RELEASE_3_3
ruben:RELEASE_3_2_3
ruben:RELEASE_3_2_2
ruben:RELEASE_3_2_1
ruben:RELEASE_3_2
ruben:RELEASE_3_1
ruben:RELEASE_3_0
ruben:RELEASE_2_1
ruben:RELEASE_2_0_1
ruben:RELEASE_2_0
ruben:RELEASE_1_3_1
ruben:RELEASE_1_3
ruben:RELEASE_1_2
ruben:RELEASE_1_1
ruben:RELEASE_1_0

70 Commits
RELEASE_3_ ... master

Author SHA1 Message Date
Dirk Engling
b418a79584 Fix superfluous asteriks in multiplication 2016-06-21 22:44:24 +02:00
Dirk Engling
f4868e803d Fix man page typos 2016-05-02 00:48:16 +02:00
Dirk Engling
75a0fe2cab Typo fixes 2016-05-02 00:43:12 +02:00
Dirk Engling
593ce8e223 Incorporate Makefile patch from port 2015-11-23 04:04:47 +01:00
Dirk Engling
c520f88754 Do not fail on file:/// linked packages, if only the auto added lib32 package is missing 2015-04-15 01:24:31 +02:00
Dirk Engling
777cc292bf Remove mount point prefix from path 2015-04-15 01:10:04 +02:00
Dirk Engling
9353a5e1cb Fix grep syntax in freeze subcommand 2015-04-15 00:27:42 +02:00
Dirk Engling
3674126d9c To allow freezing jail states into flavours, allow keeping vanilla snapshot and add freeze subcommand 2015-04-15 00:11:46 +02:00
Philipp Wuensche
e496f1aec5 Fix bug in the date-string creation reported by kaltheat. 2014-08-04 14:11:39 +02:00
erdgeist
e08fc24c38 Bump version number 2014-06-10 18:29:10 +02:00
erdgeist
faf0f1fbde Handle errors when destroying file systems for zfs jail 2014-06-10 16:56:44 +02:00
Dirk Engling
52e8ea4a16 Fix typo in new trouble shoot command 2014-06-10 13:22:41 +02:00
erdgeist
c657c8d84e Do not preserve users and permissions when copying examples, then we don't need to fix ownership later. Examples only belong to root 2014-06-10 05:17:04 +02:00
erdgeist
8c232a30f4 Document the snapshot command 2014-06-10 02:34:47 +02:00
erdgeist
0601e306e7 highlight TODO 2014-06-10 00:31:05 +02:00
erdgeist
685f8e8d61 add more todo to troubleshoot subcommand 2014-06-10 00:11:54 +02:00
erdgeist
da50e7e2c8 Layout troubleshoot steps 2014-06-09 23:55:13 +02:00
erdgeist
ee32fbf4d8 Do not check for success when starting or stopping jails configured as norun 2014-06-09 23:43:29 +02:00
Dirk Engling
932086bcb7 Add the troubleshoot subcommand 2014-06-09 23:30:46 +02:00
erdgeist
b2bd4f55ca Explain retention policy a little better 2014-06-03 05:09:20 +02:00
erdgeist
33bb63dbb4 Do not substitute DESTDIR in our own substitution. Thanks to bdrewery 2014-04-30 20:14:01 +02:00
erdgeist
c93dfec6f4 Obey DESTDIR in Makefile 2014-04-30 20:05:28 +02:00
Dirk Engling
8798063e84 Lots of spelling fixes in comments and man pages submitted by Paul Ivanov 2013-12-07 03:18:16 +01:00
erdgeist
c95e27fc2f Fix grepping for jid. This did not work for jids over 99999. Thanks to Mathieu Arnold 2013-11-13 16:12:15 +00:00
erdgeist
438b0ed74b Fix a bug where ezjail-admin restore would not use the jail name from the archive when restoring from the archive and not from jail name. Thanks to Ollivier Robert for reporting 2013-10-14 16:44:50 +00:00
erdgeist
4af41642ca Fix invalid control character 2013-10-14 16:29:46 +00:00
erdgeist
4bdf4e4a13 Create /var/ports/packages as promised in our make.conf, thanks to Koslov Sergey 2013-09-25 17:34:04 +00:00
erdgeist
27216be05a Make the ezjail-admin config -r test hack official 2013-09-01 13:36:22 +00:00
erdgeist
b267b62dad Make the test for jail feature official 2013-09-01 13:09:43 +00:00
erdgeist
f502741f81 Details about how image jails are self contained were wrong. Thanks to John Ratliff for pointing that out 2013-08-29 14:19:55 +00:00
erdgeist
a617b105dd Fix man page for startcrypto and stopcrypto, thanks to kaltheat 2013-08-02 15:22:50 +00:00
erdgeist
79007d81e4 make ezjail-admin update -U now also work with patch levels. Thanks to Sebastian Jäschke 2013-07-23 00:00:54 +00:00
erdgeist
ca52d77c09 Fix a missing if. Also drop patch level suffixes when detecting host system version 2013-05-18 16:26:08 +00:00
erdgeist
e836630271 apply freebsd-update on the newjail, as well 2013-05-17 22:36:03 +00:00
erdgeist
fd1df9a99b We don't want the forces freebsd-update pagers in our scripts 2013-05-17 21:14:48 +00:00
erdgeist
cf8fbae481 Use freebsd-update to update to current patch level before splitting the basejail from newjail 2013-05-17 19:59:26 +00:00
erdgeist
721ae5e99d change retention policy so that per window the oldest and the newest snapshot is kept, unless the newer one is not new enough ;) 2013-05-10 19:12:50 +00:00
erdgeist
84db3c9c8a Fix call to pkg_add so that all packages are installed and none is being fetched. Thanks to Dan Langille 2013-05-10 14:54:49 +00:00
erdgeist
0713769a19 Fix error report by passing echo the -n parameter. Thanks to 乃村翼 2013-05-01 18:38:18 +00:00
erdgeist
68253cc7a5 Renamed to _ezjail-admin 2013-04-28 14:18:28 +00:00
erdgeist
6fbd92975f Only work on jails that have been filtered into ezjail_pass for the post-commands 2013-04-26 13:27:41 +00:00
erdgeist
0ddb055c5a Put an example retention policy in sample config 2013-04-24 03:15:58 +00:00
erdgeist
9dcfe49b30 ezsnaps are recursive 2013-04-24 03:06:00 +00:00
erdgeist
377e133248 Remove debug output 2013-04-24 03:03:04 +00:00
erdgeist
76c442babe introduce ezjail-admin snapshot. Experimental 2013-04-24 03:01:19 +00:00
erdgeist
f236990415 Use default, even if variable is null, not unset 2013-04-24 02:59:55 +00:00
erdgeist
c628bd5ca1 Rename ezjail_parentfs to ezjail_parentzfs. Also save the ezjail_parentzfs for new jails so that they can later be removed from the correct pool 2013-04-20 01:16:17 +00:00
erdgeist
40aa45474a Properly close quotes 2013-04-20 00:49:58 +00:00
erdgeist
e38c8e43ef Check for parent filesystem when using an alternative one 2013-04-20 00:34:58 +00:00
erdgeist
11f04b1db0 Actually allow for the parentzfs parameter in getopt 2013-04-20 00:19:16 +00:00
erdgeist
ac059f1154 Adding a license information file, due to recent circumstances :( 2013-04-19 23:54:16 +00:00
erdgeist
8f36c7002b Test for the IP address on local interfaces only, if it is not prefixed by an interface name 2013-04-14 18:40:36 +00:00
erdgeist
c7a82d99e1 document the new jail(8) behaviour regarding the interface prefix on the ip address 2013-04-14 18:32:38 +00:00
erdgeist
0832cfa91d If jail IPs are specified with an interface prefix, drop it for display and test functions 2013-04-14 17:49:55 +00:00
erdgeist
187a3af934 Keep post_start_script jail parameters when rewriting config 2013-04-14 17:38:54 +00:00
erdgeist
712a4cdb54 Farewell CVS for ports. ezjail_portscvsroot is gone. 2013-04-11 16:37:20 +00:00
erdgeist
c8694ac703 Do not attempt to chflags the root directory after it is gone, when wiping is requested on ezjail-admin delete. Thanks to Tom. 2013-04-10 23:29:13 +00:00
erdgeist
92db4874ab Document the new ezjail-admin create -z feature. Also properly attribute the man page authors. 2013-04-10 23:11:58 +00:00
erdgeist
31feb69b9c Allow user to specify another parent zfs or zpool for a new jail. This also implies -c zfs. Thanks to Cryx. 2013-04-10 21:42:56 +00:00
erdgeist
8313cd36ec We now read and dump the jail_JAIL_parameters variable. So user settings dont get lost. Thanks to Vitaliy. 2013-04-01 15:15:06 +00:00
saite
cfb55eaf01 Introduce _post_start_script. 2013-03-28 18:51:14 +00:00
erdgeist
0bbd3a7549 Retry freebsd-update until install fails 2013-03-27 18:42:39 +00:00
erdgeist
2d4d1c759a Handle relative paths in packages better 2013-03-27 18:36:11 +00:00
erdgeist
e7a889bb09 man1 is unused now 2013-03-11 18:20:40 +00:00
erdgeist
01c79bd59d Fixed a bug where ezjail-admin install would indicate a failure after successfully installing the base 2012-11-17 21:58:55 +00:00
erdgeist
2368ae43a7 Cleaned up the code that differentiates between pre 9.0 and post 9.0 distribution layout. 
Now using fetch to remotely fetch the distribution packages for post 9.0 dists.
Using fetch allows to specify protocols other than file:// and ftp://, with ftp:// being the default.
http servers are not yet queried for the distributions provided.
 2012-11-17 21:20:23 +00:00
erdgeist
e99c436bab Got the indent wrong in the last commit. So I missed a 'fi' 2012-11-08 23:15:35 +00:00
erdgeist
a9becec5ff Fix a bug where the host system's release version was not queried in case of file:/// uris 2012-11-08 23:14:17 +00:00
erdgeist
3768472b3a Fixed a problem where reuse of the ezjail_sourcetree variable led to ezjail-admin update not finding source tree. Thanks to Paul Macdonald. 2012-09-20 11:26:45 +00:00
erdgeist
d90ce7e051 Fix a bug, so that we are force starting a single jail only, when console -f is requested. 2012-09-18 16:23:28 +00:00
10 changed files with 558 additions and 381 deletions
Show Stats Expand all files Collapse all files

5
LICENSE Normal file
View File

@ -0,0 +1,5 @@
"THE BEER-WARE LICENSE" (Revision 42):
<erdgeist@erdgeist.org> and the ezjail-community are authors of these files.
As long as you retain this notice you can do whatever you want with this stuff.
If we meet some day, and you think this stuff is worth it, you can buy us a
beer in return. - Dirk Engling for the ezjail-community

26
Makefile
View File

@ -3,20 +3,20 @@
# want / as your install location, DO set PREFIX before invoking this Makefile
PREFIX?=/usr/local
DST= ${DESTDIR}${PREFIX}
all:
install:
mkdir -p ${PREFIX}/etc/ezjail/ ${PREFIX}/man/man1/ ${PREFIX}/man/man5/ ${PREFIX}/man/man7 ${PREFIX}/man/man8 ${PREFIX}/etc/rc.d/ ${PREFIX}/bin/ ${PREFIX}/share/examples/ezjail ${PREFIX}/share/zsh/site-functions
cp -p ezjail.conf.sample ${PREFIX}/etc/
cp -R -p examples/example ${PREFIX}/share/examples/ezjail/
cp -R -p examples/nullmailer-example ${PREFIX}/share/examples/ezjail/
cp -R -p share/zsh/site-functions/ ${PREFIX}/share/zsh/site-functions/
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail.sh > ${PREFIX}/etc/rc.d/ezjail
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail-admin > ${PREFIX}/bin/ezjail-admin
sed s:EZJAIL_PREFIX:${PREFIX}: man8/ezjail-admin.8 > ${PREFIX}/man/man8/ezjail-admin.8
sed s:EZJAIL_PREFIX:${PREFIX}: man5/ezjail.conf.5 > ${PREFIX}/man/man5/ezjail.conf.5
sed s:EZJAIL_PREFIX:${PREFIX}: man7/ezjail.7 > ${PREFIX}/man/man7/ezjail.7
chmod 755 ${PREFIX}/etc/rc.d/ezjail ${PREFIX}/bin/ezjail-admin
chown -R root:wheel ${PREFIX}/man/man8/ezjail-admin.8 ${PREFIX}/man/man5/ezjail.conf.5 ${PREFIX}/man/man7/ezjail.7 ${PREFIX}/share/examples/ezjail/
chmod 0440 ${PREFIX}/share/examples/ezjail/example/usr/local/etc/sudoers
mkdir -p ${DST}/etc/ezjail/ ${DST}/man/man5/ ${DST}/man/man7 ${DST}/man/man8 ${DST}/etc/rc.d/ ${DST}/bin/ ${DST}/share/examples/ezjail ${DST}/share/zsh/site-functions
cp -R examples/example ${DST}/share/examples/ezjail/
cp -R examples/nullmailer-example ${DST}/share/examples/ezjail/
cp -R share/zsh/site-functions/ ${DST}/share/zsh/site-functions/
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail.conf.sample > ${DST}/etc/ezjail.conf.sample
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail.sh > ${DST}/etc/rc.d/ezjail
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail-admin > ${DST}/bin/ezjail-admin
sed s:EZJAIL_PREFIX:${PREFIX}: man8/ezjail-admin.8 > ${DST}/man/man8/ezjail-admin.8
sed s:EZJAIL_PREFIX:${PREFIX}: man5/ezjail.conf.5 > ${DST}/man/man5/ezjail.conf.5
sed s:EZJAIL_PREFIX:${PREFIX}: man7/ezjail.7 > ${DST}/man/man7/ezjail.7
chmod 755 ${DST}/etc/rc.d/ezjail ${DST}/bin/ezjail-admin
chmod 0440 ${DST}/share/examples/ezjail/example/usr/local/etc/sudoers

2
examples/example/etc/rc.d/ezjail.flavour.example
View File

@ -54,7 +54,7 @@ flavour_setup() {
# Install all packages previously put to /pkg
# Remove package files afterwards
[ -d /pkg ] && PACKAGESITE=file:// pkg_add -r /pkg/*
[ -d /pkg ] && cd /pkg && pkg_add /pkg/*
rm -rf /pkg
# Postinstall

454
ezjail-admin
View File

@ -8,6 +8,7 @@ ezjail_etc="${ezjail_prefix}/etc"
ezjail_share="${ezjail_prefix}/share/ezjail"
ezjail_examples="${ezjail_prefix}/share/examples/ezjail"
ezjail_jailcfgs="${ezjail_etc}/ezjail"
ezjail_snap_date_format="%Y%m%d%H%M"
# read user config
[ -f "${ezjail_etc}/ezjail.conf" ] && . "${ezjail_etc}/ezjail.conf"
@ -20,7 +21,6 @@ ezjail_jailcfgs="${ezjail_etc}/ezjail"
: ${ezjail_jailtemp="${ezjail_jaildir}/ezjailtemp"}
: ${ezjail_flavours_dir="${ezjail_jaildir}/flavours"}
: ${ezjail_archivedir="${ezjail_jaildir}/ezjail_archives"}
: ${ezjail_portscvsroot="freebsdanoncvs@anoncvs.FreeBSD.org:/home/ncvs"}
: ${ezjail_sourcetree="/usr/src"}
: ${ezjail_uglyperlhack="YES"}
: ${ezjail_default_execute="/usr/bin/login -f root"}
@ -33,8 +33,6 @@ ezjail_jailcfgs="${ezjail_etc}/ezjail"
: ${ezjail_exec_start="/bin/sh /etc/rc"}
: ${ezjail_use_zfs="NO"}
: ${ezjail_jailzfs=""}
: ${ezjail_zfs_properties=""}
ezjail_dirlist="bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/src usr/share"
ezjail_basesystem="base"
@ -43,15 +41,17 @@ ezjail_basesystem="base"
case `uname -p` in amd64) ezjail_dirlist="${ezjail_dirlist} usr/lib32"; ezjail_basesystem="${ezjail_basesystem} lib32";; esac
# Synopsis messages
ezjail_usage_ezjailadmin="${ezjail_admin} v3.2\nUsage: ${ezjail_admin} [archive|config|console|create|delete|install|list|restore|update] {params}"
ezjail_usage_ezjailadmin="${ezjail_admin} v3.4.2\nUsage: ${ezjail_admin} [archive|config|console|create|delete|freeze|install|list|restore|snapshot|troubleshoot|update] {params}"
ezjail_usage_install="Usage: ${ezjail_admin} install [-mMpPsS] [-h host] [-r release]"
ezjail_usage_create="Usage: ${ezjail_admin} create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli|zfs] [-C args] [-a archive] jailname jailip"
ezjail_usage_create="Usage: ${ezjail_admin} create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli|zfs] [-C args] [-a archive] [-z parentzfs] jailname jailip"
ezjail_usage_delete="Usage: ${ezjail_admin} delete [-wf] jailname"
ezjail_usage_update="Usage: ${ezjail_admin} update [-s sourcetree|sourceosversion] [-p] (-b|-i|-u|-U|-P)"
ezjail_usage_config="Usage: ${ezjail_admin} config [-r run|norun] [-n newname] [-c cpuset] [-z zfs-datasets] [-f fib] [-i attach|detach|fsck] jailname"
ezjail_usage_console="Usage: ${ezjail_admin} console [-f] [-e command] jailname"
ezjail_usage_archive="Usage: ${ezjail_admin} archive [-Af] [-a archive] [-d archivedir] jailname [jailname...]"
ezjail_usage_restore="Usage: ${ezjail_admin} restore [-f] [-d archivedir] (archive|jailname)..."
ezjail_usage_freeze="Usage: ${ezjail_admin} freeze jailname newflavour"
ezjail_usage_troubleshoot="Usage: ${ezjail_admin} troubleshoot [jailname...]"
ezjail_usage_list="Usage: ${ezjail_admin} list"
################################
@ -145,6 +145,7 @@ start_stop_jail_by_script () {
shift
for ezjail; do
fetchjailinfo ${ezjail}
case ${ezjail_config} in *.norun) continue;; esac
[ ${ezjail_success_check} "${ezjail_id}" ] || exerr "Error: Could not ${ezjail_action} $@.\n You need to ${ezjail_action} it by hand."
done
}
@ -180,6 +181,10 @@ writejailinfo () {
echo export jail_${ezjail_safename}_zfs_datasets=\"${ezjail_zfs_datasets}\"
echo export jail_${ezjail_safename}_cpuset=\"${ezjail_cpuset}\"
echo export jail_${ezjail_safename}_fib=\"${ezjail_fib}\"
echo export jail_${ezjail_safename}_parentzfs=\"${ezjail_parentzfs}\"
echo export jail_${ezjail_safename}_parameters=\"${ezjail_parameters}\"
echo export jail_${ezjail_safename}_post_start_script=\"${ezjail_post_start_script}\"
echo export jail_${ezjail_safename}_retention_policy=\"${ezjail_retention_policy}\"
) > "${ezjail_destconf}"
@ -227,6 +232,13 @@ fetchjailinfo () {
eval ezjail_zfs_datasets=\"\$jail_${ezjail_safename}_zfs_datasets\"
eval ezjail_cpuset=\"\$jail_${ezjail_safename}_cpuset\"
eval ezjail_fib=\"\$jail_${ezjail_safename}_fib\"
eval ezjail_parentzfs=\"\$jail_${ezjail_safename}_parentzfs\"
eval ezjail_parameters=\"\$jail_${ezjail_safename}_parameters\"
eval ezjail_post_start_script=\"\$jail_${ezjail_safename}_post_start_script\"
eval ezjail_retention_policy=\"\$jail_${ezjail_safename}_retention_policy\"
# Pre ezjail-3.3-jails do not have this set
: ${ezjail_parentzfs:=${ezjail_jailzfs}}
ezjail_softlink=${ezjail_jaildir}/`basename -- "${ezjail_rootdir}"`
ezjail_devicelink="${ezjail_rootdir}.device"
@ -252,7 +264,7 @@ fetchjailinfo () {
fi
[ -f "/var/run/jail_${ezjail_safename}.id" ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return
jls | grep -q -E "^ +${ezjail_id} " || unset ezjail_id
jls | grep -q -E "^ *${ezjail_id} " || unset ezjail_id
}
# fill the base jail - this function is used by install and update
@ -263,7 +275,7 @@ ezjail_splitworld() {
if [ "${ezjail_use_zfs}" = "YES" ]; then
ensure_jailzfs
/sbin/zfs create ${ezjail_jailzfs}/basejail
/sbin/zfs snapshot ${ezjail_jailzfs}/basejail@`date -v -7d +"%C%y%m%d_%H:%M:%S"`
/sbin/zfs snapshot ${ezjail_jailzfs}/basejail@`date +"%C%y%m%d_%H:%M:%S"`
fi
# Remove schg flags from old basejail binaries. The flags
@ -299,6 +311,7 @@ ezjail_splitworld() {
# /etc/make.conf.
if [ -f "${ezjail_examples}/example/etc/make.conf" -a ! -f "${ezjail_jailtemplate}/etc/make.conf" ]; then
cp -p "${ezjail_examples}/example/etc/make.conf" "${ezjail_jailtemplate}/etc/"
mkdir -p ${ezjail_jailtemplate}/var/ports/packages ${ezjail_jailtemplate}/var/ports/distfiles
echo "Note: a non-standard /etc/make.conf was copied to the template jail in order to get the ports collection running inside jails."
fi
@ -310,20 +323,11 @@ ezjail_splitworld() {
# The user may want to have a ports tree in basejail
ezjail_updateports () {
local _portsnap_fetch="fetch"
# if /usr/ports/CVS exists, assume cvs up is safe
# this is legacy
if [ -f "${ezjail_jailbase}/usr/ports/CVS/Root" ]; then
echo -n "Updating ports from "; cat "${ezjail_jailbase}/usr/ports/CVS/Root"
echo "Warning: Upgrading legacy ports copy. Consider removing ${ezjail_jailbase}/usr/ports and use the new portsnap strategy instead."
echo "Gathering local information may take a while."
cd "${ezjail_jailbase}/usr/ports/" && cvs -d "${ezjail_portscvsroot}" up -Pd
else
[ -z "$TERM" -o "$TERM" = "dumb" ] && _portsnap_fetch="cron"
portsnap ${_portsnap_fetch}
[ -d "${ezjail_jailbase}/usr/ports" ] && ezjail_portsnapaction="update"
portsnap -p "${ezjail_jailbase}/usr/ports" ${ezjail_portsnapaction:-"extract"}
fi
[ $? -eq 0 ] || exerr "Error: Updating ports failed."
[ -z "$TERM" -o "$TERM" = "dumb" ] && _portsnap_fetch="cron"
portsnap ${_portsnap_fetch}
[ -d "${ezjail_jailbase}/usr/ports" ] && ezjail_portsnapaction="update"
portsnap -p "${ezjail_jailbase}/usr/ports" ${ezjail_portsnapaction:-"extract"} || exerr "Error: Updating ports failed."
}
# Try to fetch the list of releases the server provides
@ -333,12 +337,12 @@ ezjail_queryftpserver () {
TIFS=${IFS}; IFS=
for ezjail_path in pub/FreeBSD/releases pub/FreeBSD/snapshot pub/FreeBSD releases snapshots pub/FreeBSD-Archive/old-releases NO; do
if [ ${ezjail_path} = "NO" ]; then
echo "Warning: I am having problems querying the ftp server you specified (${ezjail_ftphost})."
echo "Warning: I am having problems querying the ftp server you specified (${ezjail_disturi})."
_ret=1; break
fi
ezjail_ftpresponse=`echo ls | ftp "${ezjail_ftphost}:${ezjail_path}/${ezjail_installarch}/" 2> /dev/null` 2> /dev/null
ezjail_ftpresponse=`echo ls | ftp "${ezjail_disturi}:${ezjail_path}/${ezjail_installarch}/" 2> /dev/null` 2> /dev/null
if [ $? -eq 0 ]; then
echo -e "The ftp server you specified (${ezjail_ftphost}) seems to provide the following builds:\n${ezjail_ftpresponse}"
echo -e "The ftp server you specified (${ezjail_disturi}) seems to provide the following builds:\n${ezjail_ftpresponse}"
_ret=0; break
fi
done
@ -416,8 +420,9 @@ check_for_zpool () {
check_for_zfs_exist () {
# check if the zfs we want to use already exists or not, return 0 if it does and 1 if not
_exit=1
_zfs_status=`/sbin/zfs list -H -o name ${ezjail_jailzfs}/${ezjail_hostname} 2> /dev/null`
[ "${_zfs_status}" = "${ezjail_jailzfs}/${ezjail_hostname}" ] && _exit=0
_to_check=$1
_zfs_status=`/sbin/zfs list -H -o name ${_to_check} 2> /dev/null`
[ "${_zfs_status}" = "${_to_check}" ] && _exit=0
return ${_exit}
}
@ -432,7 +437,7 @@ ensure_jailzfs() {
_zfs_status=`/sbin/zfs list -H -o name ${ezjail_jailzfs} 2> /dev/null`
[ "${_zfs_status}" = "${ezjail_jailzfs}" ] && return
# if a directoy already exists in that place, make sure it is empty, else bump user
# if a directory already exists in that place, make sure it is empty, else bump user
[ -d "${ezjail_jaildir}" -a -n "`ls -A ${ezjail_jaildir}`" ] && exerr "Error: Can not create zfs at ${ezjail_jaildir}.\n There is a non-empty directory in the way."
# create all parent file systems if necessary
@ -443,6 +448,81 @@ ensure_jailzfs() {
/sbin/zfs create -o mountpoint=${ezjail_jaildir} ${ezjail_zfs_properties} ${ezjail_jailzfs}
}
# implement snapshot retentions
filteroldsnapshots() {
local win repeat bottom in_window snap_id snap_del snap_first first_round_done max_diff
bottom=`date +%s`
unset snap_del first_round_done
snap_id=0
for win in ${ezjail_retention_policy}; do
# split repeat count from window chunk
case ${win} in *x*) repeat=${win%x*}; win=${win#*x};; *) repeat=1;; KEEP) return;; esac
# check for correct value
case ${win} in [0-9]);; [0-9]*[0-9mhdwy]);; *) echo "Unknown window length declaration ${win}"; return ;; esac
# values default to minutes
case ${win} in *h) m=60;; *d) m=1440;; *w) m=10080;; *y) m=525600;; *) m=1;; esac
win=$((${win%[mhdwy]}*m*60))
# innerloop $repeats over windows
while [ $(( repeat-=1 )) -ge 0 ]; do
# Shift bottom of window
bottom=$(( ${bottom} - ${win} ))
unset snap_first
# now loop over parameters
in_window=YES; while [ "${in_window}" ]; do
# When snap_id is required, pop one if possible
if [ "${snap_id}" -eq 0 -a $# -gt 0 ]; then
snap_id=`date -j -f ${ezjail_snap_date_format} $1 +%s`
shift
fi
# is next snapshot before this window? test next window
if [ ${snap_id} -lt ${bottom} ]; then
[ "${first_round_done}" ] || echo /sbin/zfs snapshot -r ${ezjail_zfs}@ez-autosnap-`date +${ezjail_snap_date_format}`
[ "${first_round_done}" ] || /sbin/zfs snapshot -r ${ezjail_zfs}@ez-autosnap-`date +${ezjail_snap_date_format}`
# we remembered the first snapshot in window
# only keep it, if it is newer than the oldest by more than half the window size
if [ "${snap_first}" -a "${snap_del}" -a $(( snap_del - snap_first )) -lt $(( win / 2 )) ]; then
echo /sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_first} +${ezjail_snap_date_format}`
/sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_first} +${ezjail_snap_date_format}`
fi
# Zero marks end of snaps list
[ "${snap_id}" -eq 0 ] && return
unset snap_del in_window
else
if [ "${snap_del}" ]; then
if [ "${snap_first}" ]; then
echo /sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_del} +${ezjail_snap_date_format}`
/sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_del} +${ezjail_snap_date_format}`
else
snap_first="${snap_del}"
fi
fi
snap_del="${snap_id}"
snap_id=0
fi
first_round_done="YES"
done
done
done
# if out of windows, default to delete the remainder of snaps
for snap_del in ${snap_id} $*; do
echo /sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_del} +${ezjail_snap_date_format}`
/sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_del} +${ezjail_snap_date_format}`
done
}
#############################
# End of function definitions
# "
@ -454,8 +534,8 @@ case "$1" in
######################## ezjail-admin CREATE ########################
create)
# Clean variables, prevent pollution
unset ezjail_rootdir ezjail_flavours ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_devicelink ezjail_config ezjail_attachparams ezjail_exists ezjail_attachblocking ezjail_forceblocking ezjail_sourcedevice ezjail_rootdirempty ezjail_fromarchive ezjail_fromarchive_config
shift; while getopts :f:r:s:xbic:C:a:A: arg; do case ${arg} in
unset ezjail_rootdir ezjail_flavours ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_parentzfs ezjail_device ezjail_devicelink ezjail_config ezjail_attachparams ezjail_exists ezjail_attachblocking ezjail_forceblocking ezjail_sourcedevice ezjail_rootdirempty ezjail_fromarchive ezjail_fromarchive_config
shift; while getopts :f:r:s:xbkic:C:a:A:z: arg; do case ${arg} in
x) ezjail_exists="YES";;
r) ezjail_rootdir=${OPTARG};;
f) ezjail_flavours=${OPTARG};;
@ -466,6 +546,9 @@ create)
b) ezjail_forceblocking="YES";;
i) : ${ezjail_imagetype="simple"};;
s) ezjail_imagesize=${OPTARG};;
z) ezjail_imagetype="zfs";
ezjail_parentzfs=${OPTARG};;
k) ezjail_keepsnapshot="YES";; # undocumented
?) exerr ${ezjail_usage_create};;
esac; done; shift $(( ${OPTIND} - 1 ))
@ -623,13 +706,16 @@ create)
ezjail_device=${ezjail_imagedevice}
;;
zfs)
: ${ezjail_parentzfs=${ezjail_jailzfs}}
if [ -z "${ezjail_exists}" ]; then
[ "${ezjail_imagesize}" ] && ezjail_zfs_jail_properties="${ezjail_zfs_jail_properties} -o quota=${ezjail_imagesize}"
[ -d "${ezjail_jaildir}/${ezjail_hostname}" ] && exerr "Error: Could not create jail root mount point ${ezjail_rootdir}"
/sbin/zfs create -o mountpoint=${ezjail_rootdir} ${ezjail_zfs_jail_properties} ${ezjail_jailzfs}/${ezjail_hostname}
check_for_zfs_exist "${ezjail_parentzfs}" || exerr "Error: The parent zfs dataset does not exist.\n Use 'zfs create -p ${ezjail_parentzfs}' to create it."
/sbin/zfs create -o mountpoint=${ezjail_rootdir} ${ezjail_zfs_jail_properties} ${ezjail_parentzfs}/${ezjail_hostname}
else
check_for_zfs_exist || exerr "Error: The existing destination is not a ZFS filesystem."
check_for_zfs_exist "${ezjail_parentzfs}/${ezjail_hostname}" || exerr "Error: The existing destination is not a ZFS filesystem."
fi
;;
@ -660,10 +746,10 @@ create)
# now take a copy of our template jail
if [ "${ezjail_imagetype}" = "zfs" -a "${ezjail_use_zfs}" = "YES" ]; then
# create ZFS filesystem first when using ZFS
/sbin/zfs snapshot ${ezjail_jailzfs}/newjail@_createnewjailtmp
/sbin/zfs send ${ezjail_jailzfs}/newjail@_createnewjailtmp | zfs receive -F ${ezjail_jailzfs}/${ezjail_hostname}
/sbin/zfs destroy ${ezjail_jailzfs}/${ezjail_hostname}@_createnewjailtmp
/sbin/zfs destroy ${ezjail_jailzfs}/newjail@_createnewjailtmp
/sbin/zfs snapshot ${ezjail_jailzfs}/newjail@_vanilla_newjail_
/sbin/zfs send ${ezjail_jailzfs}/newjail@_vanilla_newjail_ | zfs receive -F ${ezjail_parentzfs}/${ezjail_hostname}
[ -z "${ezjail_keepsnapshot}" ] && /sbin/zfs destroy ${ezjail_parentzfs}/${ezjail_hostname}@_vanilla_newjail_
/sbin/zfs destroy ${ezjail_jailzfs}/newjail@_vanilla_newjail_
else
mkdir -p "${ezjail_rootdir}" && cd "${ezjail_jailtemplate}" && find . | cpio -p -v "${ezjail_rootdir}" > /dev/null
fi
@ -735,11 +821,19 @@ EOF
#
TIFS=${IFS}; IFS=,
for ezjail_ip in ${ezjail_ips}; do
case ${ezjail_ip} in *.*.*.*) _ping=ping;; *) _ping=ping6;; esac
# check, whether IP is configured on a local interface, warn if it isnt
${_ping} -S ${ezjail_ip} -q -c 1 localhost >/dev/null 2>/dev/null
[ $? -eq 0 ] || echo "Warning: IP ${ezjail_ip} not configured on a local interface."
for ezjail_ip_in in ${ezjail_ips}; do
# From 9.0 IP addresses can be prefixed by their interface, for now ignore
# the prefix
ezjail_ip="${ezjail_ip_in#*|}"
# If the IP address is not automatically configured, test if it is configured
# on a local interface
if [ "${ezjail_ip}" = "${ezjail_ip_in}" ]; then
case ${ezjail_ip} in *.*.*.*) _ping=ping;; *) _ping=ping6;; esac
# check, whether IP is configured on a local interface, warn if it isnt
${_ping} -S ${ezjail_ip} -q -c 1 localhost >/dev/null 2>/dev/null
[ $? -eq 0 ] || echo "Warning: IP ${ezjail_ip} not configured on a local interface."
fi
# check, whether some host system services do listen on the Jails IP
IFS=_
@ -831,10 +925,20 @@ delete)
[ "${ezjail_image}" ] && rm -f "${ezjail_image}" "${ezjail_image%.img}.device"
;;
zfs)
/sbin/zfs destroy -r ${ezjail_jailzfs}/${ezjail_hostname}
if ! /sbin/zfs destroy -r ${ezjail_parentzfs}/${ezjail_hostname}; then
[ "${ezjail_forcestop}" ] || exerr "Error: Could not destroy file system ${ezjail_parentzfs}/${ezjail_hostname} for jail ${ezjail_name}."
echo "Warning: Could not destroy file system ${ezjail_parentzfs}/${ezjail_hostname} for jail ${ezjail_name}."
echo " Sleeping 5 seconds before retrying forcefully."
sleep 5
/sbin/zfs destroy -rf ${ezjail_parentzfs}/${ezjail_hostname} || exerr "Error: Failed to destroy file system."
echo "Success."
fi
;;
*)
chflags -R noschg "${ezjail_rootdir}"
;;
esac
chflags -R noschg "${ezjail_rootdir}"; rm -rf "${ezjail_rootdir}"
rm -rf "${ezjail_rootdir}"
fi
;;
@ -860,7 +964,7 @@ list)
TIFS=${IFS}; IFS=,; unset _multiline
for ezjail_ip in ${ezjail_ips:="-"}; do
if [ -z "${_multiline}" ]; then
printf "%-3s %-4s %-15s %-30s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}"
printf "%-3s %-4s %-15s %-30s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip#*|}" "${ezjail_hostname}" "${ezjail_rootdir}"
_multiline=yes
else
printf " %-4s %s\\n" "${ezjail_id:-N/A}" "${ezjail_ip}"
@ -873,14 +977,14 @@ list)
######################## ezjail-admin UPDATE ########################
setup|update)
# Clean variables, prevent pollution
unset ezjail_provideports ezjail_installaction ezjail_osversion_source ezjail_osversion_destination ezjail_sourcetree
unset ezjail_provideports ezjail_installaction ezjail_osversion_source ezjail_osversion_destination ezjail_source
shift; while getopts :biuUpPs: arg; do case ${arg} in
b) ezjail_installaction="buildworld installworld";;
i) ezjail_installaction="installworld";;
u) ezjail_installaction="freebsd-update";;
U) ezjail_installaction="freebsd-upgrade";;
s) ezjail_sourcetree=${OPTARG};;
s) ezjail_source=${OPTARG};;
P) ezjail_provideports="YES"; ezjail_installaction="none";;
p) ezjail_provideports="YES";;
?) exerr ${ezjail_usage_update};;
@ -900,25 +1004,37 @@ setup|update)
# If ran from cron be kind to freebsds update servers and sleep first
[ -z "$TERM" -o "$TERM" = "dumb" ] && ezjail_urgency="cron" || ezjail_urgency="fetch"
[ "${ezjail_use_zfs}" = "YES" ] && zfs snapshot ${ezjail_jailzfs}/basejail@`date -v -7d +"%C%y%m%d_%H:%M:%S"`
freebsd-update -b ${ezjail_jailbase} ${ezjail_urgency} install
if [ "${ezjail_use_zfs}" = "YES" ]; then
zfs snapshot ${ezjail_jailzfs}/basejail@`date +"%C%y%m%d_%H:%M:%S"`
zfs snapshot ${ezjail_jailzfs}/newjail@`date +"%C%y%m%d_%H:%M:%S"`
fi
env PAGER=/bin/cat freebsd-update -b ${ezjail_jailbase} ${ezjail_urgency} install
env PAGER=/bin/cat freebsd-update -b ${ezjail_jailtemplate} ${ezjail_urgency} install
elif [ "${ezjail_installaction}" = "freebsd-upgrade" ]; then
[ -d "${ezjail_jailbase}" ] || exerr "Error: base jail does not exist.\n You cannot update a base jail until it is created.\n Please run '${ezjail_admin} update' or '${ezjail_admin} install' first."
[ -z "${ezjail_sourcetree}" ] && exerr "Error: Can not (yet automatically) infer the basejail's osversion.\n Please run ${ezjail_admin} update -U -s X.X-RELEASE, with X.X-RELEASE being to osversion currently installed in the basejail in need of an upgrade."
[ -z "${ezjail_source}" ] && exerr "Error: Can not (yet automatically) infer the basejail's osversion.\n Please run ${ezjail_admin} update -U -s X.X-RELEASE, with X.X-RELEASE being to osversion currently installed in the basejail in need of an upgrade."
# That would be the part where we try to lookup the osversion from a file in the basejail
ezjail_osversion_source="${ezjail_sourcetree}"
ezjail_osversion_source="${ezjail_source}"
# Make the host systems os version our target version
# Users can override this by setting the UNAME_r environment variable
ezjail_osversion_target="`uname -r`"
ezjail_osversion_target="`uname -r | sed -E 's,-p[0-9]+,,' | sed -E 's,-SECURITY,-RELEASE,'`"
# Finally run freebsd-update to upgrade our basejail
env UNAME_r="${ezjail_osversion_source}" freebsd-update -b ${ezjail_jailbase} -r ${ezjail_osversion_target} upgrade install
for DESTDIR in ${ezjail_jailbase} ${ezjail_jailtemplate}; do
env UNAME_r="${ezjail_osversion_source}" PAGER=/bin/cat freebsd-update -b ${DESTDIR} -r ${ezjail_osversion_target} upgrade
while [ $? -eq 0 ]; do
env UNAME_r="${ezjail_osversion_source}" PAGER=/bin/cat freebsd-update -b ${DESTDIR} -r ${ezjail_osversion_target} install
done
done
# Here we should write the file with the new osversion in case of success
else
# If user gave a source tree on command line, use that
[ "${ezjail_source}" ] && ezjail_sourcetree="${ezjail_source}"
# Bump the user for some of the most common errors
[ -d "${ezjail_sourcetree}" ] || exerr "Error: Cannot find your copy of the FreeBSD source tree in ${ezjail_sourcetree}.\n Consider using '${ezjail_admin} install' to create the base jail from an ftp server."
[ -e "${ezjail_sourcetree}/Makefile" ] || exerr "Error: Your source tree in ${ezjail_sourcetree} seems to be incomplete (Makefile is missing)."
@ -949,7 +1065,7 @@ setup|update)
######################## ezjail-admin INSTALL ########################
install)
# Clean variables, prevent pollution
unset ezjail_release ezjail_installmanpages ezjail_installports ezjail_installsources ezjail_dir ezjail_reldir ezjail_ftpserverqueried
unset ezjail_release ezjail_installmanpages ezjail_installports ezjail_installsources ezjail_dir ezjail_ftpserverqueried ezjail_proto ezjail_disturi
shift; while getopts :mMpPsSh:r: arg; do case ${arg} in
m) ezjail_installmanpages=" manpages";;
@ -968,42 +1084,48 @@ install)
ezjail_installarch=`uname -p`
ezjail_installplatform=`uname -m`
: ${ezjail_ftphost="ftp.freebsd.org"}
ezjail_ftphost=${ezjail_ftphost#ftp://}
ezjail_dir=${ezjail_ftphost#file://}
[ "${ezjail_dir%%[!/]*}" ] || ezjail_reldir=`pwd -P`
ezjail_proto=${ezjail_ftphost%%://*}
[ "${ezjail_proto}" = "${ezjail_ftphost}" ] && ezjail_proto=ftp
ezjail_disturi=${ezjail_ftphost#*://}
[ "`sysctl -n kern.securelevel`" -gt 0 ] && exerr "Error: You are running in a secure level higher than 0.\n ${ezjail_admin} will not install correctly.\n Please reboot into a lower secure level."
# Check for basejail when not installing base jail
[ "${ezjail_basesystem}" -o -d "${ezjail_jailbase}" ] || exerr "Error: The basejail does not exist.\n You cannot install distribution packages before creating ezjails environment.\n Please run '${ezjail_admin} update' or '${ezjail_admin} install' using lower case parameters first."
# ftp servers normally wont provide non-RELEASE-builds
if [ -z "${ezjail_release}" -a "${ezjail_dir}" = "${ezjail_ftphost}" ]; then
if [ -z "${ezjail_release}" ]; then
# if no release version is requested, use the host system's
ezjail_release=`uname -r`
ezjail_release_major=${ezjail_release%%.*}
case ${ezjail_release} in *-STABLE) ezjail_release="${ezjail_release%-STABLE}-RELEASE";; esac
if [ "${ezjail_release%-RELEASE}" = "${ezjail_release}" ]; then
echo "Your system is ${ezjail_release}. Normally FTP-servers don't provide non-RELEASE-builds."
[ ${ezjail_release_major} -ge 9 ] && ezjail_installarch="${ezjail_installplatform}/${ezjail_installarch}"
ezjail_queryftpserver || echo "... I'll continue anyway."
echo -n "Release [ ${ezjail_release} ]: "
read ezjail_releasetmp
[ "${ezjail_releasetmp}" ] && ezjail_release=${ezjail_releasetmp}
ezjail_installarch=`uname -p`
# ftp servers normally wont provide non-RELEASE-builds
if [ "${ezjail_proto}" != "file" ]; then
case ${ezjail_release} in *-STABLE) ezjail_release="${ezjail_release%-STABLE}-RELEASE";; esac
case ${ezjail_release} in *-RELEASE-p*) ezjail_release=${ezjail_release%-p*};; esac
if [ "${ezjail_release%-RELEASE}" = "${ezjail_release}" ]; then
echo "Your system is ${ezjail_release}. Normally FTP-servers don't provide non-RELEASE-builds."
[ ${ezjail_release_major} -ge 9 ] && ezjail_installarch="${ezjail_installplatform}/${ezjail_installarch}"
[ "${ezjail_proto}" != "ftp" ] || ezjail_queryftpserver || echo "... I'll continue anyway."
echo -n "Release to fetch [ ${ezjail_release} ]: "
read ezjail_releasetmp
[ "${ezjail_releasetmp}" ] && ezjail_release=${ezjail_releasetmp}
ezjail_installarch=`uname -p`
fi
fi
fi
# From 9.0 releases come with a new layout
# It is now a single archive ${pkg}.txz instead of a list of archive parts under ${pkg}/*
# man pages come with the base
# We can use fetch to connect to the ftp host, allowing the use of proxies. We needed ftp
# in pre-9.0-releases to make ${pkg}/* work.
# We assume for now that jail's platform is supposed to be that of the host. That may change later.
ezjail_release_major=${ezjail_release%%.*}
[ "${ezjail_release_major}" -eq "${ezjail_release_major}" ] 2>/dev/null || exerr ${ezjail_release} does not look like a valid FreeBSD version descriptor
if [ ${ezjail_release_major} -ge 9 -a -n "${ezjail_installmanpages}" ]; then
echo "Note: From FreeBSD 9.0 man pages are part of the base package"
unset ezjail_installmanpages
fi
[ ${ezjail_release_major} -ge 9 ] && ezjail_installarch="${ezjail_installplatform}/${ezjail_installarch}"
[ ${ezjail_release_major} -ge 9 ] && ezjail_pkgsuffix=".txz" || ezjail_pkgsuffix="/*"
# Normally fulljail should be renamed by past ezjail-admin commands.
# However those may have failed
@ -1020,54 +1142,73 @@ install)
# for post-install man/src installations
[ "${ezjail_basesystem}" ] && DESTDIR="${ezjail_jailfull}" || DESTDIR="${ezjail_jailbase}"
ezjail_makeabsolute ezjail_jailtemp
rm -rf "${ezjail_jailtemp}"
for pkg in ${ezjail_basesystem} ${ezjail_installmanpages} ${ezjail_installsources}; do
# The first case means, that a remote host has been specified.
if [ "${ezjail_dir}" = "${ezjail_ftphost}" ]; then
if [ "${ezjail_proto}" = "file" ]; then
# The easy case means, that a local distribution directory has been specified.
if [ ${ezjail_release_major} -ge 9 ]; then
if [ -r "${ezjail_disturi}/${pkg}.txz" ]; then
xzdec ${ezjail_disturi}/${pkg}.txz | tar --unlink -xpJf - -C ${DESTDIR}
else
[ ${pkg} = "lib32" ] || exerr "Error: Can not access package file ${ezjail_disturi}/${pkg}.txz"
echo "Warning: Can not access package file ${ezjail_disturi}/${pkg}.txz, ignored for auto added lib32."
fi
else
ezjail_makeabsolute ezjail_disturi
cd "${ezjail_disturi}/${pkg}" || exerr "Error: Could not cd to ${ezjail_disturi}/${pkg}."
[ "${pkg}" = "base" ] && echo "Ignore the next question, ezjail answers it for you."
set -- all
[ -f install.sh ] && yes | . install.sh
[ $? -eq 0 ] || exerr "Error: Package install script for ${pkg} failed."
fi
else
# The hard case means, we have to fetch the distribution files from a remote server
# Create and try to access temp dir
mkdir -p "${ezjail_jailtemp}" || exerr "Error: Could not create temporary base jail directory ${ezjail_jailtemp}."
cd "${ezjail_jailtemp}" || exerr "Error: Could not cd to ${ezjail_jailtemp}."
# Try all paths as stolen from sysinstall, break on success.
for ezjail_path in pub/FreeBSD/releases pub/FreeBSD/snapshot pub/FreeBSD releases snapshots pub/FreeBSD-Archive/old-releases NO; do
# Once we tried all paths, we give up and nudge the user
if [ "${ezjail_path}" = "NO" ]; then
echo -e "\nCould not fetch ${pkg} from ${ezjail_ftphost}.\n Maybe your release (${ezjail_release}) is specified incorrectly or the host ${ezjail_ftphost} does not provide that release build.\n Use the -r option to specify an existing release or the -h option to specify an alternative ftp server." >&2
[ "${ezjail_ftpserverqueried}" ] || ezjail_queryftpserver
echo -e "\nCould not fetch ${pkg} from ${ezjail_proto}://${ezjail_disturi}.\n Maybe your release (${ezjail_release}) is specified incorrectly or the host ${ezjail_disturi} does not provide that release build.\n Use the -r option to specify an existing release or the -h option to specify an alternative ftp server." >&2
[ "${ezjail_proto}" = "ftp" -a -z "${ezjail_ftpserverqueried}" ] && ezjail_queryftpserver
exit 1
fi
ftp "${ezjail_ftphost}:${ezjail_path}/${ezjail_installarch}/${ezjail_release}/${pkg}${ezjail_pkgsuffix}" && break
# Fetching and extraction distributions has become much easier from 9.0
if [ ${ezjail_release_major} -ge 9 ]; then
fetch "${ezjail_proto}://${ezjail_disturi}/${ezjail_path}/${ezjail_installplatform}/${ezjail_installarch}/${ezjail_release}/${pkg}.txz" || continue
xzdec ${pkg}.txz | tar --unlink -xpJf - -C ${DESTDIR}
_res=$?
else
[ "${ezjail_proto}" = "ftp" ] || echo "Warning: Ignoring ${ezjail_proto} protocol on FreeBSD pre 9.0"
ftp ${ezjail_disturi}:${ezjail_path}/${ezjail_installarch}/${ezjail_release}/${pkg}/* || continue
# These actions are really ugly: sources want $1 to contain the set
# of sources to install, base asks the user if he is sure, hence the
# yes and the set -- all
[ "${pkg}" = "base" ] && echo "Ignore the next question, ezjail answers it for you."
set -- all
[ -f install.sh ] && yes | . install.sh
_res=$?
fi
rm -rf "${ezjail_jailtemp}"
[ ${_res} -eq 0 ] || exerr "Error: Package install script for ${pkg} failed."
break
done
if [ ${ezjail_release_major} -ge 9 ]; then
xzdec ${pkg}.txz | tar --unlink -xpJf - -C ${DESTDIR}
else
# These actions are really ugly: sources want $1 to contain the set
# of sources to install, base asks the user if he is sure, hence the
# yes and the set -- all
[ "${pkg}" = "base" ] && echo "Ignore the next question, ezjail answers it for you."
set -- all
[ -f install.sh ] && yes | . install.sh
[ $? -eq 0 ] || exerr "Error: Package install script for ${pkg} failed."
fi
rm -rf "${ezjail_jailtemp}"
else
if [ ${ezjail_release_major} -ge 9 ]; then
[ -r "${ezjail_reldir}/${ezjail_dir}/${pkg}.txz" ] || exerr "Error: Can not access package file ${ezjail_reldir}/${ezjail_dir}/${pkg}.txz"
xzdec ${ezjail_reldir}/${ezjail_dir}/${pkg}.txz | tar --unlink -xpJf - -C ${DESTDIR}
else
cd "${ezjail_reldir}/${ezjail_dir}/${pkg}" || exerr "Error: Could not cd to ${ezjail_dir}."
[ "${pkg}" = "base" ] && echo "Ignore the next question, ezjail answers it for you."
set -- all
[ -f install.sh ] && yes | . install.sh
[ $? -eq 0 ] || exerr "Error: Package install script for ${pkg} failed."
fi
fi
done
# Split basejail and newjail
[ "${ezjail_basesystem}" ] && ezjail_splitworld
# Update to current patch level, split basejail and newjail
if [ "${ezjail_basesystem}" ]; then
env PAGER=/bin/cat freebsd-update -b "${DESTDIR}" fetch install
ezjail_splitworld
fi
# Fill ports, if requested
[ "${ezjail_installports}" ] && ezjail_updateports
@ -1104,7 +1245,7 @@ console)
[ "${ezjail_forcestart}" ] || exerr "Error: Jail ${ezjail_name} appears not to be running\n Start it first, or use '${ezjail_admin} console -f ${ezjail_name}' to force start."
# This one will also exerr on failure
start_stop_jail_by_script onestart
start_stop_jail_by_script onestart ${ezjail_name}
fi
# use the jails FIB if there is one
@ -1119,7 +1260,81 @@ console)
exec ${_setfib} jexec ${ezjail_id} ${ezjail_default_execute}
;;
######################## ezjail-admin ARCHIVE ########################
######################## ezjail-admin FREEZE ########################
freeze)
shift
[ $# -eq 2 ] || exerr ${ezjail_usage_freeze}
ezjail="$1"
ezjail_flavour="$2"
fetchjailinfo ${ezjail}
# Check for existence of jail in our records
[ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
# Check if jail is of zfs type
[ ${ezjail_imagetype} = "zfs" ] || exerr "Error: Can only freeze zfs based jails into a flavour.\n ${ezjail_name} is not a zfs jail."
# Check if jail has been snapshotted at create time
/sbin/zfs list -H "${ezjail_parentzfs}/${ezjail_hostname}@_vanilla_newjail_" >/dev/null 2>/dev/null
[ $? -eq 0 ] || exerr "Error: Jail ${ezjail_name} did not keep a snapshot when it was first created.\n Use ezjail-admin create with the -k option to keep a snapshot to diff."
# For now we will not overwrite an existing flavour
[ -e "${ezjail_flavours_dir}/${ezjail_flavour}" ] && exerr "Error: A flavour already exists at ${ezjail_flavours_dir}/${ezjail_flavour}."
# Create the new frozen flavour's dir
mkdir -p "${ezjail_flavours_dir}/${ezjail_flavour}"
# Work relative to jails rootdir
cd "${ezjail_rootdir}"
# Now list all files that have been added or modified
# TODO: This assumes no files have been deleted from when the jail was initially created. Safe assumption for now.
# TODO: This assumes no files have been renamed from when the jail was initially created. Not so sure.
/sbin/zfs diff -H "${ezjail_parentzfs}/${ezjail_hostname}@_vanilla_newjail_" "${ezjail_parentzfs}/${ezjail_hostname}" | \
grep -E "^[M+]" | cut -f 2 | sed -E s:"^${ezjail_rootdir}/?":: | cpio -d -m -p -v "${ezjail_flavours_dir}/${ezjail_flavour}"
;;
######################## ezjail-admin SNAPSHOT ########################
snapshot)
shift
if [ $# -eq 0 ]; then
cd ${ezjail_jailcfgs} && ezjail_list=`ls -A`
else
ezjail_list=$*
fi
for ezjail in ${ezjail_list}; do
fetchjailinfo ${ezjail%.norun}
# Check for existence of jail in our records
[ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
# Snapshots only work with zfs jails
[ "${ezjail_imagetype}" = "zfs" -o -n "${ezjail_zfs_datasets}" ] || continue
[ "${ezjail_imagetype}" = "zfs" ] && ezjail_zfs_datasets="${ezjail_parentzfs}/${ezjail_hostname} ${ezjail_zfs_datasets}"
# Use global retention policy, if none set
: ${ezjail_retention_policy:=${ezjail_default_retention_policy}}
for ezjail_zfs in ${ezjail_zfs_datasets}; do
check_for_zfs_exist ${ezjail_zfs} || continue
zfs_retention_policy=`/sbin/zfs get -H -o value ezjail:autosnap_retention ${ezjail_zfs}`
[ "${zfs_retention_policy}" = "-" ] || ezjail_retention_policy="${zfs_retention_policy}"
if [ -z "${ezjail_retention_policy}" ]; then
/sbin/zfs snapshot -r ${ezjail_zfs}@ez-autosnap-`date +${ezjail_snap_date_format}`
else
snap_list=`/sbin/zfs list -H -t snapshot -o name -S creation -r ${ezjail_zfs} | \
grep ^${ezjail_zfs}@ez-autosnap- | cut -d '@' -f 2 | cut -d '-' -f 3`
filteroldsnapshots ${snap_list}
fi
done
done
;;
######################## ezjail-admin ARCHIVE ########################
archive)
# Clean variables, prevent pollution
unset ezjail_archive ezjail_archive_tag ezjail_force ezjail_archivealljails ezjail_addfiles
@ -1136,7 +1351,7 @@ archive)
[ $# -lt 1 -a -z "${ezjail_archivealljails}" ] && exerr ${ezjail_usage_archive}
# Ensure that archive directory is there
[ "${ezjail_archive}" = "-" ] || mkdir -p "${ezjail_archivedir}" || exerr "Error: Can not create archive directory ${ezjail_archivedir}."
[ "${ezjail_archive}" = "-" ] || mkdir -p "${ezjail_archivedir}" || exerr "Error: Can not create archive directory ${ezjail_archivedir}."
# Will not backup more than one jail per archive
[ "${ezjail_archive}" -a "${ezjail_archivealljails}" ] && exerr "Error: Must not specify an archive location for multiple archives.\n Can not archive multiple jails into one archive."
@ -1169,7 +1384,7 @@ archive)
if [ "${ezjail_imagetype}" -a "${ezjail_imagetype}" != "zfs" -a -z "${ezjail_attached}" ]; then
if [ "${ezjail_attachblocking}" ]; then
echo "Warning: Jail ${ezjail_name} is an image jail and can not be attached automatically."
echo " Use '${ezjail_admin} config -i attach ${ezjail_name}' to attach it first."
echo " Use '${ezjail_admin} config -i attach ${ezjail_name}' to attach it first."
continue
fi
mount_images
@ -1219,7 +1434,7 @@ archive)
[ "${ezjail_imagesize}" ] && detach_images keep
# An error on a jail not running is bad
[ ${ezjail_paxresult} -eq 0 -o "${ezjail_force}" ] || echo "Warning: Archiving jail ${ezjail_name} was not completely successful.\n Please refer to the output above for problems the archiving tool encountered.\n You may ignore reports concerning setting access and modification times.\n You might want to check and remove ${ezjail_archive}."
[ ${ezjail_paxresult} -eq 0 -o "${ezjail_force}" ] || echo -n "Warning: Archiving jail ${ezjail_name} was not completely successful.\n Please refer to the output above for problems the archiving tool encountered.\n You may ignore reports concerning setting access and modification times.\n You might want to check and remove ${ezjail_archive}."
# When archiving a running jail, some errors might occur
[ ${ezjail_paxresult} -eq 0 ] || echo "Warning: Archiving jail ${ezjail_name} was not completely successful. For a running jail this is not unusual."
@ -1291,7 +1506,7 @@ restore)
ezjail_config=`mktemp /tmp/ezjail.prop.XXXXXXXX`
[ $? -ne 0 ] && exerr "Error: Can't create temporary file."
pax -rzn -s:${ezjail_nameprop}:${ezjail_config}: -f ${ezjail_fromarchive} ${ezjail_nameprop}
fetchjailinfo ${ezjail_safename} ${ezjail_config}
fetchjailinfo ${ezjail_safename:-${ezjail_nameprop_safename}} ${ezjail_config}
# Now all parameters are here, invoke ezjail-admin create
[ "${ezjail_rootdir}" -a "${ezjail_ips}" -a "${ezjail_hostname}" ] || exerr "Error: Archive does not contain a valid ezjail properties file.\n Some jails properties are missing."
@ -1395,7 +1610,7 @@ config)
fi
# rename the filesystem, remounting is done by ZFS
[ "${ezjail_imagetype}" = "zfs" ] && /sbin/zfs rename ${ezjail_jailzfs}/${ezjail_old_hostname} ${ezjail_jailzfs}/${ezjail_hostname} && /sbin/zfs set mountpoint=${ezjail_rootdir} ${ezjail_jailzfs}/${ezjail_hostname} && rmdir ${ezjail_old_rootdir}
[ "${ezjail_imagetype}" = "zfs" ] && /sbin/zfs rename ${ezjail_parentzfs}/${ezjail_old_hostname} ${ezjail_parentzfs}/${ezjail_hostname} && /sbin/zfs set mountpoint=${ezjail_rootdir} ${ezjail_parentzfs}/${ezjail_hostname} && rmdir ${ezjail_old_rootdir}
# rename fstab
rm -f "/etc/fstab.${ezjail_old_safename}"
@ -1421,6 +1636,7 @@ config)
case "${ezjail_setrunnable}" in
run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv "${ezjail_config}" "${ezjail_config%.norun}";;
norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv "${ezjail_config}" "${ezjail_config}.norun";;
test) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && echo "Jail ${ezjail_name} is runnable" || echo "Jail ${ezjail_name} is not runnable";;
esac
[ "${ezjail_imageaction}" -a -z "${ezjail_image}" ] && exerr "Error: Jail ${ezjail_name} not an image jail."
@ -1457,6 +1673,30 @@ config)
;;
esac
;;
######################## ezjail-admin TROUBLESHOOT ########################
troubleshoot)
# XXX TOOD:
# Start with some simple tests, check for basejail
# Check if we are ourself jailed
# Check if all IPv4 addresses are either configured already or in
# interface config line
# Check for duplicate non unique IPv4 addresses
# Check if all necessary file systems for zfs jails are mounted
# For zfs jails check, if zpool is full
# Check if all mount points inside the jails are there
shift
[ $# -gt 0 ] && cd ${ezjail_jailcfgs} && set - `ls -A`
for ezjail; do
fetchjailinfo ${ezjail%.norun}
# Check for existence of jail in our records
[ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
done
;;
*)
exerr "${ezjail_usage_ezjailadmin}"
;;

22
ezjail.conf.sample
View File

@ -6,7 +6,7 @@
# Location of jail root directories
#
# Note: If you have spread your jails to multiple locations, use softlinks
# Note: If you have spread your jails to multiple locations, use softlinks
# to collect them in this directory
# ezjail_jaildir=/usr/jails
@ -19,10 +19,6 @@
# Location of your copy of FreeBSD's source tree
# ezjail_sourcetree=/usr/src
# In case you want to provide a copy of ports tree in base jail, set this to
# a cvsroot near you
# ezjail_portscvsroot=freebsdanoncvs@anoncvs.FreeBSD.org:/home/ncvs
# This is where the install sub command defaults to fetch its packages from
# ezjail_ftphost=ftp.freebsd.org
@ -41,7 +37,7 @@
# Default options for newly created jails
#
# Note: Be VERY careful about disabling ezjail_mount_enable. Mounting
# Note: Be VERY careful about disabling ezjail_mount_enable. Mounting
# basejail via nullfs depends on this. You will have to find other
# ways to provide your jail with essential system files
# ezjail_mount_enable="YES"
@ -50,12 +46,26 @@
# ezjail_procfs_enable="YES"
# ezjail_fdescfs_enable="YES"
# ZFS options
# Setting this to YES will start to manage the basejail and newjail in ZFS
# ezjail_use_zfs="YES"
# Setting this to YES will manage ALL new jails in their own zfs
# ezjail_use_zfs_for_jails="YES"
# The name of the ZFS ezjail should create jails on, it will be mounted at the ezjail_jaildir
# ezjail_jailzfs="tank/ezjail"
# ADVANCED, be very careful!
# ezjail_zfs_properties="-o compression=lzjb -o atime=off"
# ezjail_zfs_jail_properties="-o dedup=on"
# For auto snapshots this is the default policy to keep old snapshots. In each window there
# will be guaranteed to be one or two snapshots only
# If this variable is not set, no snapshots will be removed by ezjail-admin snapshot
# Example policy for a database jail with rollbackable snapshots starting with four snapshots
# in the last hour and up to an annual snapshot for 1000 years. Beware of the load caused by
# destroying snapshots.
# ezjail_default_retention_policy="4x15m 3x1h 2x2h 4h 12h 6x1d 7x1w 11x4w 1000x1y"

8
ezjail.sh
View File

@ -89,7 +89,7 @@ do_cmd()
# Cannot auto mount blocking jails without interrupting boot process
[ "${ezjail_fromrc}" -a "${action}" = "start" -a "${ezjail_blocking}" ] && echo -n " ...skipping blocking jail ${ezjail}" && continue
# Explicitely do only run blocking crypto jails when *crypto is requested
# Explicitly do only run blocking crypto jails when *crypto is requested
[ "${action%crypto}" = "${action}" -o "${ezjail_blocking}" ] || continue
# Try to attach (crypto) devices
@ -105,13 +105,14 @@ do_cmd()
# Configure settings that need to be done after the jail has been started
if [ "${action%crypto}" = "start" -o "${action}" = "restart" ]; then
for ezjail in ${ezjail_list}; do
for ezjail in ${ezjail_pass}; do
ezjail_safename=`echo -n "${ezjail}" | tr -c '[:alnum:]' _`
# Get the JID of the jail
[ -f "/var/run/jail_${ezjail_safename}.id" ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return
eval ezjail_zfs_datasets=\"\$jail_${ezjail_safename}_zfs_datasets\"
eval ezjail_cpuset=\"\$jail_${ezjail_safename}_cpuset\"
eval ezjail_post_start_script=\"\$jail_${ezjail_safename}_post_start_script\"
# Attach ZFS-datasets to the jail
for zfs in ${ezjail_zfs_datasets}; do
@ -120,6 +121,9 @@ do_cmd()
# Configure processor sets for the jail via cpuset(1)
[ -z "${ezjail_cpuset}" ] || /usr/bin/cpuset -l ${ezjail_cpuset} -j ${ezjail_id} || echo -n "Error: The defined cpuset is malformed"
# Run post start script
[ -z "${ezjail_post_start_script}" ] || "${ezjail_post_start_script}" ${ezjail_id} "${ezjail}" || echo -n "Error: Post Start Script failed"
done
fi

31
man5/ezjail.conf.5
View File

@ -1,4 +1,4 @@
.Dd January 15, 2011
.Dd December 5, 2013
.Dt EZJAIL.CONF 5 USD
.Os FreeBSD
.Sh NAME
@ -56,11 +56,6 @@ Location of the flavours, where each directory is a different flavour.
.br
Default:
.Em ${ezjail_jaildir}/flavours .
.It ezjail_portscvsroot (str)
CVS root to use when checking out or updating the ports tree in base jail.
.br
Default:
.Em :pserver:anoncvs@anoncvs.FreeBSD.org:/home/ncvs .
.It ezjail_ftphost (str)
This is where the install subcommand defaults to fetch its packages from.
.br
@ -99,7 +94,7 @@ Controls whether
.Pa /etc/fstab. Ar hostname
should be executed at jail startup time.
.br
Default:
Default:
.Em YES .
.It ezjail_devfs_enable (bool)
Controls whether newly created jails are given a working
@ -162,7 +157,7 @@ Default:
.It ezjail_imagetype (one of simple, bde, eli, zfs)
Type of jail to create when creating a jail with the
.Fl i
flag without specifying the type explicitely.
flag without specifying the type explicitly.
.br
Default:
.Em simple
@ -170,7 +165,7 @@ Default:
.Sh ZFS OPTIONS
.Bl -tag -width option
.It ezjail_use_zfs (bool)
Set to YES, if ezjail should manage basejail and newjail in a seperate
Set to YES, if ezjail should manage basejail and newjail in a separate
ZFS-datasets.
.br
Default:
@ -189,7 +184,7 @@ Default:
The name of the parent ZFS-dataset which ezjail will use to create
jails on. It will be mounted in
.Em ezjail_jaildir .
Setting this will automaticly enable ezjail managing jails in seperate
Setting this will automatically enable ezjail managing jails in separate
ZFS-datasets.
.br
Default:
@ -201,6 +196,15 @@ for details. ADVANCED, be very careful!
.br
Default:
.Em none .
.It ezjail_default_retention_policy (str)
Policy for the
.Cm ezjail-admin snapshot
subcommand to keep older snapshots. See
.Xr ezjail-admin 1
for details.
.br
Default:
.Em none .
.El
.Sh FILES
EZJAIL_PREFIX/etc/ezjail.conf
@ -216,3 +220,10 @@ EZJAIL_PREFIX/etc/rc.d/ezjail.sh
.Sh AUTHOR
Dirk Engling
.Aq erdgeist@erdgeist.org .
.Pp
The man page is based on a draft by
.An JoeB
.Aq joeb1@a1poweruser.com
and was rewritten by
.An Frederic Perrin
.Aq frederic.perrin@resel.fr .

94
man7/ezjail.7
View File

@ -1,4 +1,4 @@
.Dd January 15, 2011
.Dd December 5, 2013
.Dt EZJAIL 7 USD
.Os
.Sh NAME
@ -130,12 +130,7 @@ There are two advantages to image jails. The amount of disk space
allocated to the jail is limited, while normal jails have no bound on
the amount of disk space they use. On the other hand, the space
dedicated to the jail is no longer available to the host, even if the
jail doesn't use all its allocated space. In addition, image jails
contain a full copy of the basejail. This makes them portable between
hosts running the same FreeBSD version as the image was created with.
Of course, the jail now needs to be updated independently from all
other jails, and there is no longer any sharing of common files
between the jails.
jail doesn't use all its allocated space.
.Pp
Image jails may also be encrypted using
.Xr bde 4
@ -150,7 +145,7 @@ filesystem. See
.Sx Jail Creation Examples
for details.
.Pp
Also, ezjail can be configured to install its basejail and the accompaning
Also, ezjail can be configured to install its basejail and the accompanying
template for all new jails into its own filesystem. Set the
.Dq Li $ezjail_use_zfs
variable in your
@ -193,8 +188,16 @@ are handled by ezjail, replacing JAILNAME with the actual name of the jail:
The hostname of the jail. Defaults to the name of the jail, unless
special characters needed to be stripped.
.It jail_JAILNAME_ip
The IP addresses the jail is allowed to use. Since FreeBSD 7.2,
The IP addresses the jail is allowed to use.
.Pp
Since FreeBSD 7.2,
several IP addresses may be given, separated by commas.
.Pp
Since FreeBSD 9.0
each IP address can be prefixed by an interface name followed by the pipe
symbol. It will then automatically be configured on that interface when the
jail is started and removed from the interface when the jail stops. (You
will probably have to escape the pipe symbol, though.)
.It jail_JAILNAME_rootdir
The directory holding the jail files (the directory used as a mount
point for file-based jails). Defaults to the jail name inside
@ -218,7 +221,7 @@ that specifies whether the filesystems in
are carried out. Set by ezjail to
.Dq Li YES ,
set to
.Qd Li NO
.Dq Li NO
at your own risk.
.It jail_JAILNAME_devfs_enable
A boolean specifying whether to mount a
@ -259,7 +262,7 @@ The parameters to pass to the tool used to decrypt file-based,
encrypted jails. Initialized from the
.Fl C
option when creating such a jail, or the empty string.
.Ir ezjail_JAILNAME_attachblocking
.It ezjail_JAILNAME_attachblocking
.Dq Li YES
if the jail requires interaction with the administrator when starting
(typically, encrypted jails that needs a password to be decrypted).
@ -284,6 +287,14 @@ The network view to give to the jail (see
when starting it. Taken from the
.Fl f
option when configuring the jail; the empty string otherwise.
.It ezjail_JAILNAME_parameters
The parameter set to be configured to the jail (see
.Xr jail 8 )
when starting it. You need to configure this by hand.
.It ezjail_JAILNAME_post_start_script
The path to a script that will be executed after the jail
successfully was created. The script receives two parameters,
the jid and the jail name. You need to configure this by hand.
.El
.Pp
In addition to these
@ -316,7 +327,7 @@ addition, the jail is configured so that on its first boot, the file
.Pa ezjail.flavour
is executed.
.Pp
As part of the install sub-command, the flavour base directory
As part of the install sub-command, the flavour base directory
was created as
.Pa /usr/jails/flavours
and populated with an single flavour named
@ -337,7 +348,7 @@ configuration, creating classes of jails for development or testing
favourite web development framework), pre-creating local users, and so
on.
.Ss Updating the Base Jail
We already mentionned how easy it is to update jails, since only one
We already mentioned how easy it is to update jails, since only one
copy needs to be updated. Ezjail only handles updating the base
system; updating the ports is left to the administrator (but see
.Dq Li ports-mgmt/jailaudit
@ -350,7 +361,7 @@ binary packages. If a base jail already exists, the
command installs the world in a temporary directory before moving it
to the basejail, thus leaving intact all installed libraries. After
making sure all software running in the jails is linked with the new
librairies, you may want to remove the old library versions. It is
libraries, you may want to remove the old library versions. It is
often a good idea to update the jails when a new kernel is installed
in the host, using the same sources.
.Ss Starting Jails
@ -398,6 +409,37 @@ rc.d/ezjail can be used to start and stop jails by prepending
Refer to
.Xr rc 8
for details.
.Ss Snapshots and retention policies
Jails residing in their own zfs and their corresponding zfs data sets can be
automatically snapshot by the
.Cm ezjail-admin snapshot
subcommand. Taking snapshots of all jails before a major update is considered
best practise. However, when taking snapshots regularly, the amount of disc
space used can be considerable.
.Pp
Therefore ezjail allows you to set retention policies that describe how many
of your snapshots you want to keep for one or all jails or a particular zfs. See
the description of the snapshot command in
.Xr ezjail-admin 5
for details.
.Pp
A retention policy consists of one or multiple windows for which ezjail guarantees
to keep at least one and at most two snapshots. A simple example:
.D1 $ezjail_default_retention_policy="1d 2w 1y"
will ensure ONE snapshot for the last day, for the last two weeks before that day and
then for one snapshot in the year before the two-week window. Valid multipliers are
(m)inutes, (h)ours, (d)ays, (w)eeks and (y)ears.
.Pp
Windows can be repeated by prepending them with a number and the letter x:
.D1 $ezjail_test_com_retention_policy="24x1h 6x1d 3x1w 11x4w KEEP"
will set the retention policy for jail test.com to keep hourly snapshots for one
day, then daily snapshots for the rest of the week, weekly snapshots for the rest of
the month, monthly snapshots for the rest of the year.
.Pp
The magic keyword KEEP at the end of the list will make ezjail not delete snapshots
older than the oldest window. It is your responsibility to keep the list in an order
that makes keeping snapshots possible, i.e. not placing one-hour-windows after
one-year-windows.
.Ss Remarks & Tips
Jails can be either accessed from the network, for instance by using
.Xr ssh 1 ,
@ -422,7 +464,7 @@ knobs for allowing a jail to access raw sockets, see the
man page for details.
.Pp
Once your jail has network access, then all your normal application
install functions are availabe, right from the jails console. In
install functions are available, right from the jails console. In
particular, if the ports collection was installed, it can be used as
if from the host system. A modified
.Pa make.conf
@ -447,7 +489,7 @@ in
.Pa rc.conf .
It is possible to set this variable to
.Dq Li NO
if the administrator wants to temporarily ezjail, or if she doesn't
if the administrator wants to temporarily disable ezjail, or if she doesn't
want the jails to be automatically started on boot.
.Pp
The ezjail system may be reset to a pristine state by removing all its
@ -482,7 +524,7 @@ will be asked for the release to install. Neither the man pages nor
the source nor the ports tree are installed. Note that the FreeBSD FTP
server is sometimes so busy the download times out. Use the
.Fl h Ar host
option to specify a less loaded server, or the
option to specify a less loaded server, or the
.Dq Li $ezjail_ftphost
option in
.Xr ezjail.conf 8 .
@ -538,7 +580,7 @@ macdef getdir
mreget $i/*
.Ed
.Pp
Then issue this command on the command line. If the FTP download
Then issue this command on the command line. If the FTP download
times out re-issue the FTP command again to resume where it left off.
.Bd -literal -offset indent
mkdir /usr/8.0-RELEASE
@ -607,7 +649,7 @@ Create a new jail, placing it in directory
instead of deriving the directory name of the jail from its host name.
The jail will be created with the flavour
.Ar example .
This jail will be given two IP addressses; this is possible only since
This jail will be given two IP addresses; this is possible only since
FreeBSD 7.2.
.It Nm Cm create Fl i Fl s Ar 600M sandbox2 10.0.10.4
This creates a new file-based jail having a file size of 600 megabytes
@ -625,12 +667,13 @@ Remember this passphrase, you will be asked for the passphrase every time
you want to start this jail. As they require administrator interaction,
jails backed by an encrypted file are not automatically started when the
system boots.
.It Nm Cm create Fl c Ar zfs Fl s Ar 1G sandbox4 10.0.10.6
.It Nm Cm create Fl c Ar zfs Fl s Ar 1G sandbox4 em1\[rs]|10.0.10.6
This creates a new zfs filesystem based jail with a default quota of 1
gigabyte using lzjb compression. It uses the parent ZFS filesystem configured
in the
.Dq Li $ezjail_jailzfs
variable to create the filesystem in.
variable to create the filesystem in. The jail command will add the ip
address 10.0.10.6 as an alias on the device em1 before starting the jail.
.El
.Sh FILES
.Pa EZJAIL_PREFIX/bin/ezjail-admin
@ -654,5 +697,12 @@ variable to create the filesystem in.
Interesting additional tools include:
.Dq Li ports-mgmt/jailaudit .
.Sh AUTHOR
.An Dirk Engling
.An Dirk Engling
.Aq erdgeist@erdgeist.org .
.Pp
The man page is based on a draft by
.An JoeB
.Aq joeb1@a1poweruser.com
and was rewritten by
.An Frederic Perrin
.Aq frederic.perrin@resel.fr .

103
man8/ezjail-admin.8
View File

@ -1,9 +1,9 @@
.Dd January 15, 2011
.Dd December 5, 2013
.Dt EZJAIL-ADMIN 8 USD
.Os FreeBSD
.Sh NAME
.Nm ezjail-admin
.Nd Administrate ezjail environment
.Nd Administrate ezjail environment
.Sh SYNOPSIS
.Nm Cm install
.Op Fl mMpPsS
@ -16,6 +16,7 @@
.Op Fl r Ar jailroot
.Op Fl a Ar archive
.Op Fl c Ar jailtype Fl s Ar imagesize Op Fl C Ar attachargs
.Op Fl z Ar parentzfs
.Bk -words
.Ar jailname ipaddress Ns Op Ar ,ipaddress2,...
.Ek
@ -27,10 +28,10 @@
.Nm
.Cm list
.Nm
.Cm start | stop | restart | cryptostart Ar jailname...
.Cm start | stop | restart | startcrypto | stopcrypto Ar jailname...
.Nm
.Cm config
.Op Fl r Ar run | norun
.Op Fl r Ar run | norun | test
.Op Fl n Ar newname
.Op Fl i Ar attach | detach | fsck
.Op Fl z Ar newdataset
@ -53,6 +54,9 @@
.Op Fl d Ar archivedir
.Ar archive | jailname...
.Nm
.Cm snapshot
.Ar [jailname...]
.Nm
.Cm update
.Op Fl s Ar sourcetree | sourceosversion
.Op Fl p
@ -111,7 +115,7 @@ utility to fetch and extract a FreeBSD ports tree from
.Pa make.conf
containing reasonable values to function in the jailed environment is added to
the new jail template so all jails created from the new jail template will
have a working ports environment. See the appendix
have a working ports environment. See the appendix
.%B Using Portsnap
in the
.%B FreeBSD Handbook
@ -126,9 +130,9 @@ default host
is used. Variable:
.Dq Li $ezjail_ftphost .
.Pp
It is possible to install from the
It is possible to install from the
.Li disc1
CDRom, or an extracted -RELEASE directory, by specifying the
CD-ROM, or an extracted -RELEASE directory, by specifying the
.Ar host
argument as
.Pa file://path/to/source .
@ -145,7 +149,7 @@ see the
sub-command for this.
.El
.Ss Nm Cm create
Create a new jail inside ezjail's scope. It either copies the new jail
Create a new jail inside ezjail's scope. It either copies the new jail
directory tree template or an ezjail archive directory tree to new jail root
directory,
.Pa /usr/jails/ Ns Ar jailname
@ -153,7 +157,7 @@ by default. Jailname and IP address are mandatory parameters.
.Pp
When a new jail is created, a corresponding new
.Pa /etc/fstab. Ns Ar jailname
file is also created, with a
file is also created, with a
.Xr nullfs 5
mount giving access to the base jail from the new jail.
.Pp
@ -183,13 +187,15 @@ assign several several IPv4 or IPv6 addresses to a jail, by separating them
with commas. Previous versions of FreeBSD allowed only a single IPv4 address
per jail.
.Pp
The addresses of the jail are not configured on the host.
From FreeBSD 9.0 the ipaddresses may be prefixed with an interface name, followed
by the pipe symbol. It will then automatically be configured as an alias on that
interface when the jail starts. Else
.Nm
will display a warning if the requested address is not found on any interface,
and the jail will probably not start.
.Pp
It is common to bind jails to loopback addresses, so they provide services
visible to other jails only.
visible to other jails only.
.El
.Pp
The following options are available:
@ -276,20 +282,34 @@ jail is backed with a
.Xr zfs 8
filesystem, whose initial quota is given with the
.Fl s
option. The filesystem is created in the
option. The filesystem by default
(see the
.Fl z
option) is created in the
.Dq Li $ezjail_jailzfs
parent filesystem and by default compressed using the lzjb method, as set in
parent filesystem and compressed using the lzjb method, as set in
the
.Dq Li ezjail_zfs_jail_properies
variable, both values configured in
.Xr ezjail.conf 5
.Xr ezjail.conf 5 .
.Pp
In each case, the
.Fl s
flag is mandatory when creating such a jail. An empty directory (without the
flag is mandatory when creating a file backed jail (i.e. any image that is
not zfs backed). An empty directory (without the
.Pa .img
suffix in the case of file-based jails) will be created and used as a mount
point when running the jail.
.It Fl z Ar parentzfs
Normally zfs jails are created in a child of the same zfs, ezjail keeps its
working directories in, as configured in the
.Dq Li ezjail_jailzfs
variable set in
.Xr ezjail.conf 5 .
Use this option to override this default.
.Pp
This option implies
.Fl c Ar zfs .
.It Fl s Ar imagesize
Allocate this size to the jail. Without an unit, the size is in bytes. The
valid suffix values are b/B for blocks (i. e. 512 bytes), k/K for kilobytes,
@ -322,7 +342,7 @@ interactively enter a passphrase. The jail is then not automatically started
at boot time.
.El
.Ss Nm Cm console
Attach your console to the selected jail. You are logged in as root by
Attach your console to the selected jail. You are logged in as root by
default.
.Pp
The following options are available:
@ -334,7 +354,7 @@ Use
.Ar command
instead of the default
.Dq /usr/bin/login -f root .
loogin command. A one time change to use a different user can be
login command. A one time change to use a different user can be
accomplished by using
.Fl e Qq Li /usr/bin/login -f user .
Variable:
@ -375,8 +395,7 @@ If present, the third letter,
means that the jail is not automatically started.
.Pp
The following columns are the JID (when it is running), the IP addresses, the name and the full path directory name of the jail.
.Ss Nm Cm start | restart | stop | startcrypto Op Ar jailname ...
.Pp
.Ss Nm Cm start | restart | stop | startcrypto | stopcrypto Op Ar jailname ...
This is a shortcut to the
.Xr rc 8
.Cm ezjail
@ -390,7 +409,7 @@ Note that, if ezjail is not enabled in
.Xr rc.conf 5
with
.Dq Li ezjail_enable= Ns Qq Li YES ,
nothing happens.
nothing happens.
.Pp
Since starting crypto image jails requires interaction with the administrator, they are not run at
boot time. Use
@ -402,8 +421,10 @@ the jail is restarted.
.Pp
The following options are available:
.Bl -tag -width indent
.It Fl r Cm run | norun
.It Fl r Cm run | norun | test
Set the jail to be automatically started or not on boot.
.sp
Note that the test parameter can be used to check if an ezjail exists, in this case the script will return with an exit code of zero and the runnable state on standard out. A non-zero exit code will be returned if the jail does not exist.
.It Fl n Ar newname
Rename the jail. Unless a custom root directory was given with the
.Fl r
@ -434,7 +455,6 @@ the selected jail as well as
The
.Pa /usr/jails/ Ns Ar jailname
directory is not deleted.
.Pp
.Bl -tag -width indent
.It Fl f
Stop the jail before deleting it.
@ -499,6 +519,30 @@ where it was archived. Be default,
will refuse to restore an archive if the archived host system's hostname,
its FreeBSD version or CPU architecture do not match the current host.
.El
.Ss Nm Cm snapshot [jailname...]
Takes zfs snapshots of some or all (zfs) ezjails and their zfs datasets and
optionally destroys older snapshots according to a configured retention
policy.
.Pp
The zfs snapshots will be named @ez-autosnap- with the date appended in format
“%Y%m%d%H%M”. List all auto snapshots with
.Dq Li /sbin/zfs list -H -t snapshot | grep @ez-autosnap- .
.Pp
You can set (and override in that order) the retention policy globally in your
.Dq Li $ezjail_default_retention_policy
.Xr ezjail.conf 5
variable, set them per jail in its config file with their
.Dq Li $ezjail_retention_policy
variable or set a User property with the name
.Dq Li ezjail:autosnap_retention
on the respective file systems.
.Pp
The policy is described by a pattern of space separated
.Dq Li repeat x window
entries with the algorithm guaranteeing at least one and at most two snapshots
in each of the windows, if mathematically possible. See
.Xr ezjail 7
for details.
.Ss Nm Cm update
Updates ezjail's basejail, or in the
.Fl b
@ -511,7 +555,7 @@ Exactly one of the following operand must be specified:
.It Fl b
Build a world from source and install it as the (updated) basejail.
.Dq make buildworld ; make installworld
by default using the sources located at
by default using the sources located at
.Pa /usr/src
(but see the
.Fl s
@ -528,7 +572,7 @@ recommended to update the basejail along with the host system.
.It Fl u
Use
.Xr freebsd-update 8
to update the basejail. Note that as
to update the basejail. Note that as
.Xr freebsd-update 8
uses
.Dq Li uname -r
@ -543,7 +587,7 @@ you may pass freebsd-update's call to
.Dq uname -r
via the
.Pa UNAME_r
environment variable. Since there currently is no way of infering the
environment variable. Since there currently is no way of inferring the
osversion currently installed in the basejail, you need to remember the
original osversion and pass it to this script using the
.Fl s
@ -603,5 +647,12 @@ filesystem is taken first.
.Xr procfs 5 ,
.Xr portsnap 8 .
.Sh AUTHOR
.An Dirk Engling
.An Dirk Engling
.Aq erdgeist@erdgeist.org .
.Pp
The man page is based on a draft by
.An JoeB
.Aq joeb1@a1poweruser.com
and was rewritten by
.An Frederic Perrin
.Aq frederic.perrin@resel.fr .

194
share/zsh/site-functions/ezjail-admin
View File

@ -1,194 +0,0 @@
#compdef ezjail-admin
# zsh completion for ezjail -- http://erdgeist.org/arts/software/ezjail/
# This file is under the Beerware license, like ezjail itself
# Heavily based on http://zsh.sf.net/Guide/zshguide06.html#l177
# Frédéric Perrin, April 2011.
_ezjail () {
local cmd
if (( CURRENT > 2)); then
cmd=${words[2]}
# Set the context for the subcommand.
curcontext="${curcontext%:*:*}:ezjail-$cmd"
# Narrow the range of words we are looking at to exclude `ezjail-admin'
(( CURRENT-- ))
shift words
# Run the completion for the subcommand
(( $+functions[_ezjail_cmd_$cmd] )) && _ezjail_cmd_$cmd
else
_values : \
"archive[create a backup of one or several jails]" \
"config[manage specific jails]" \
"console[attach your console to a running jail]" \
"create[installs a new jail inside ezjail\'s scope]" \
"cryptostart[start the encrypted jails]" \
"delete[removes a jail from ezjail\'s config]" \
"install[create the basejail from binary packages]" \
"list[list all jails]" \
"restart[restart a running jail]" \
"restore[create new ezjails from archived versions]" \
"start[start a jail]" \
"stop[stop a running jail]" \
"update[create or update the basejail from source]"
fi
}
_ezjail_cmd_archive () {
_arguments -s : \
"-d[destination directory]:destination dir:_files -/" \
"-a[archive name]:archive name:" \
"-f[archive the jail even if it is running]" \
- archiveall \
"-A[archive all jails]" \
- somejails \
"*:jail:_ezjail_mostly_stopped_jails"
}
_ezjail_cmd_config () {
_arguments -s : \
"-r[run the jail on host boot]:run:(run norun)" \
"-n[new jail name]:new name:" \
"-c[jail cpuset]:cpu list:" \
"-z[ZFS dataset to attach]:zfs dataset:" \
"-f[jail FIB number]:fib number:" \
"-i[operate on image]:imageaction:(attach detach fsck)" \
"*:jailname:_ezjail_jails"
}
_ezjail_cmd_console () {
_arguments -s : \
"-e[execute command in jail]:execute:" \
"-f[start the jail if it isn't running]" \
"*:jailname:_ezjail_mostly_running_jails"
}
_ezjail_cmd_create () {
_arguments -s : \
"-f[flavour for the new jail]:flavour:_ezjail_flavours" \
"-x[jail exists, only update the config]" \
"-r[name of the root dir]:dir:" \
"-a[restore from archive]:archive:_files" \
"-A[restore config from archive]:configarchive:_files" \
"-c[image type]:imagetype:(bde eli zfs)" \
"-C[image parameters]:imageparams:" \
"-b[jail start will be synchronous]" \
"-i[file-based jail]" \
"-s[size of the jail]:jailsize:" \
":jail name:" \
":comma-separated IP addresses:"
}
_ezjail_cmd_cryptostart () {
_ezjail_stopped_jails
}
_ezjail_cmd_delete () {
_arguments -s : \
"-w[wipe the jail root]" \
"-f[proceed even if the jail is running]" \
"*:jail:_ezjail_mostly_stopped_jails"
}
_ezjail_cmd_install () {
_arguments : \
- newjail \
"-r[FreeBSD release]:release:(8.0-RELEASE 8-STABLE 9-STABLE)" \
"-h[host for fetching packages]:remote host:" \
"-m[include man pages]" \
"-s[include the /usr/src tree]" \
"-p[include the ports tree]" \
- pimpjail \
"-M[install man pages over an existing basejail]" \
"-S[install the /usr/src tree over an existing basejail]" \
"-P[install the ports tree over an existing basejail]" \
}
_ezjail_cmd_list () {}
_ezjail_cmd_restart () {
_ezjail_running_jails
}
_ezjail_cmd_restore () {
_arguments -s : \
"-f[restore over an existing jail]" \
"-d[archive directory]:archivedir:_files -/" \
"*::_files" \
"*::_ezjail_jails"
}
_ezjail_cmd_start () {
_ezjail_stopped_jails
}
_ezjail_cmd_stop () {
_ezjail_running_jails
}
_ezjail_cmd_update () {
_arguments -s : \
"-p[also update the ports tree]" \
"-s[source tree]:source tree:_files -/" \
"-P[update only the ports tree]" \
"-b[perform a make buildworld]" \
"-i[perform only a make installworld]" \
"-u[use freebsd-update to update]" \
"-U[use freebsd-update to upgrade]"
}
_ezjail_flavours () {
local flavourdir
local etcjailconf="/usr/local/etc/ezjail.conf"
flavourdir=$( . $etcjailconf ; ezjail_flavours_dir=${ezjail_flavours_dir:-${ezjail_jaildir}/flavours}; echo $ezjail_flavours_dir )
_files -W $flavourdir
}
_ezjail_list_jails () {
local jailcfgs="/usr/local/etc/ezjail"
local state=$1
local ret=1
local j
# Those names have already been passed through "tr -c '[alnum]' _" by ezjail
for j in $jailcfgs/*(:t) ; do
case $state in
running) [[ -f /var/run/jail_${j}.id ]] && compadd $j && ret=0 ;;
stopped) [[ -f /var/run/jail_${j}.id ]] || compadd $j && ret=0 ;;
*) compadd $j && ret=0 ;;
esac
done
return $ret
}
_ezjail_jails () {
_ezjail_list_jails all
}
_ezjail_running_jails () {
_ezjail_list_jails running
}
_ezjail_stopped_jails () {
_ezjail_list_jails stopped
}
# Some commands (console...) should be run with running jails,
# unless -f is given, in which case we can operate on all jails
_ezjail_mostly_running_jails () {
local wanted_jails=_ezjail_running_jails
(( ${words[(I)-*f]} )) && wanted_jails=_ezjail_jails
$wanted_jails
}
_ezjail_mostly_stopped_jails () {
local wanted_jails=_ezjail_stopped_jails
(( ${words[(I)-*f]} )) && wanted_jails=_ezjail_jails
$wanted_jails
}
_ezjail "$@"
# -*- mode: shell-script -*-