ruben/ezjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ruben:master
Branches Tags
ruben:master
ruben:freebsd_upgrade_stuff
ruben:RELEASE_3_4_2
ruben:RELEASE_3_3
ruben:RELEASE_3_2_3
ruben:RELEASE_3_2_2
ruben:RELEASE_3_2_1
ruben:RELEASE_3_2
ruben:RELEASE_3_1
ruben:RELEASE_3_0
ruben:RELEASE_2_1
ruben:RELEASE_2_0_1
ruben:RELEASE_2_0
ruben:RELEASE_1_3_1
ruben:RELEASE_1_3
ruben:RELEASE_1_2
ruben:RELEASE_1_1
ruben:RELEASE_1_0
..
compare: ruben:RELEASE_3_3
Branches Tags
ruben:freebsd_upgrade_stuff
ruben:master
ruben:RELEASE_3_4_2
ruben:RELEASE_3_3
ruben:RELEASE_3_2_3
ruben:RELEASE_3_2_2
ruben:RELEASE_3_2_1
ruben:RELEASE_3_2
ruben:RELEASE_3_1
ruben:RELEASE_3_0
ruben:RELEASE_2_1
ruben:RELEASE_2_0_1
ruben:RELEASE_2_0
ruben:RELEASE_1_3_1
ruben:RELEASE_1_3
ruben:RELEASE_1_2
ruben:RELEASE_1_1
ruben:RELEASE_1_0

No commits in common. "master" and "RELEASE_3_3" have entirely different histories.
master ... RELEASE_3_

9 changed files with 285 additions and 363 deletions
Show Stats Expand all files Collapse all files

26
Makefile
View File

@ -3,20 +3,20 @@
# want / as your install location, DO set PREFIX before invoking this Makefile
PREFIX?=/usr/local
DST= ${DESTDIR}${PREFIX}
all:
install:
mkdir -p ${DST}/etc/ezjail/ ${DST}/man/man5/ ${DST}/man/man7 ${DST}/man/man8 ${DST}/etc/rc.d/ ${DST}/bin/ ${DST}/share/examples/ezjail ${DST}/share/zsh/site-functions
cp -R examples/example ${DST}/share/examples/ezjail/
cp -R examples/nullmailer-example ${DST}/share/examples/ezjail/
cp -R share/zsh/site-functions/ ${DST}/share/zsh/site-functions/
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail.conf.sample > ${DST}/etc/ezjail.conf.sample
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail.sh > ${DST}/etc/rc.d/ezjail
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail-admin > ${DST}/bin/ezjail-admin
sed s:EZJAIL_PREFIX:${PREFIX}: man8/ezjail-admin.8 > ${DST}/man/man8/ezjail-admin.8
sed s:EZJAIL_PREFIX:${PREFIX}: man5/ezjail.conf.5 > ${DST}/man/man5/ezjail.conf.5
sed s:EZJAIL_PREFIX:${PREFIX}: man7/ezjail.7 > ${DST}/man/man7/ezjail.7
chmod 755 ${DST}/etc/rc.d/ezjail ${DST}/bin/ezjail-admin
chmod 0440 ${DST}/share/examples/ezjail/example/usr/local/etc/sudoers
mkdir -p ${PREFIX}/etc/ezjail/ ${PREFIX}/man/man5/ ${PREFIX}/man/man7 ${PREFIX}/man/man8 ${PREFIX}/etc/rc.d/ ${PREFIX}/bin/ ${PREFIX}/share/examples/ezjail ${PREFIX}/share/zsh/site-functions
cp -p ezjail.conf.sample ${PREFIX}/etc/
cp -R -p examples/example ${PREFIX}/share/examples/ezjail/
cp -R -p examples/nullmailer-example ${PREFIX}/share/examples/ezjail/
cp -R -p share/zsh/site-functions/ ${PREFIX}/share/zsh/site-functions/
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail.sh > ${PREFIX}/etc/rc.d/ezjail
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail-admin > ${PREFIX}/bin/ezjail-admin
sed s:EZJAIL_PREFIX:${PREFIX}: man8/ezjail-admin.8 > ${PREFIX}/man/man8/ezjail-admin.8
sed s:EZJAIL_PREFIX:${PREFIX}: man5/ezjail.conf.5 > ${PREFIX}/man/man5/ezjail.conf.5
sed s:EZJAIL_PREFIX:${PREFIX}: man7/ezjail.7 > ${PREFIX}/man/man7/ezjail.7
chmod 755 ${PREFIX}/etc/rc.d/ezjail ${PREFIX}/bin/ezjail-admin
chown -R root:wheel ${PREFIX}/man/man8/ezjail-admin.8 ${PREFIX}/man/man5/ezjail.conf.5 ${PREFIX}/man/man7/ezjail.7 ${PREFIX}/share/examples/ezjail/
chmod 0440 ${PREFIX}/share/examples/ezjail/example/usr/local/etc/sudoers

2
examples/example/etc/rc.d/ezjail.flavour.example
View File

@ -54,7 +54,7 @@ flavour_setup() {
# Install all packages previously put to /pkg
# Remove package files afterwards
[ -d /pkg ] && cd /pkg && pkg_add /pkg/*
[ -d /pkg ] && PACKAGESITE=file:// pkg_add -r /pkg/*
rm -rf /pkg
# Postinstall

257
ezjail-admin
View File

@ -8,7 +8,6 @@ ezjail_etc="${ezjail_prefix}/etc"
ezjail_share="${ezjail_prefix}/share/ezjail"
ezjail_examples="${ezjail_prefix}/share/examples/ezjail"
ezjail_jailcfgs="${ezjail_etc}/ezjail"
ezjail_snap_date_format="%Y%m%d%H%M"
# read user config
[ -f "${ezjail_etc}/ezjail.conf" ] && . "${ezjail_etc}/ezjail.conf"
@ -33,6 +32,8 @@ ezjail_snap_date_format="%Y%m%d%H%M"
: ${ezjail_exec_start="/bin/sh /etc/rc"}
: ${ezjail_use_zfs="NO"}
: ${ezjail_jailzfs=""}
: ${ezjail_zfs_properties=""}
ezjail_dirlist="bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/src usr/share"
ezjail_basesystem="base"
@ -41,7 +42,7 @@ ezjail_basesystem="base"
case `uname -p` in amd64) ezjail_dirlist="${ezjail_dirlist} usr/lib32"; ezjail_basesystem="${ezjail_basesystem} lib32";; esac
# Synopsis messages
ezjail_usage_ezjailadmin="${ezjail_admin} v3.4.2\nUsage: ${ezjail_admin} [archive|config|console|create|delete|freeze|install|list|restore|snapshot|troubleshoot|update] {params}"
ezjail_usage_ezjailadmin="${ezjail_admin} v3.3\nUsage: ${ezjail_admin} [archive|config|console|create|delete|install|list|restore|update] {params}"
ezjail_usage_install="Usage: ${ezjail_admin} install [-mMpPsS] [-h host] [-r release]"
ezjail_usage_create="Usage: ${ezjail_admin} create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli|zfs] [-C args] [-a archive] [-z parentzfs] jailname jailip"
ezjail_usage_delete="Usage: ${ezjail_admin} delete [-wf] jailname"
@ -50,8 +51,6 @@ ezjail_usage_config="Usage: ${ezjail_admin} config [-r run|norun] [-n newname] [
ezjail_usage_console="Usage: ${ezjail_admin} console [-f] [-e command] jailname"
ezjail_usage_archive="Usage: ${ezjail_admin} archive [-Af] [-a archive] [-d archivedir] jailname [jailname...]"
ezjail_usage_restore="Usage: ${ezjail_admin} restore [-f] [-d archivedir] (archive|jailname)..."
ezjail_usage_freeze="Usage: ${ezjail_admin} freeze jailname newflavour"
ezjail_usage_troubleshoot="Usage: ${ezjail_admin} troubleshoot [jailname...]"
ezjail_usage_list="Usage: ${ezjail_admin} list"
################################
@ -145,7 +144,6 @@ start_stop_jail_by_script () {
shift
for ezjail; do
fetchjailinfo ${ezjail}
case ${ezjail_config} in *.norun) continue;; esac
[ ${ezjail_success_check} "${ezjail_id}" ] || exerr "Error: Could not ${ezjail_action} $@.\n You need to ${ezjail_action} it by hand."
done
}
@ -184,7 +182,6 @@ writejailinfo () {
echo export jail_${ezjail_safename}_parentzfs=\"${ezjail_parentzfs}\"
echo export jail_${ezjail_safename}_parameters=\"${ezjail_parameters}\"
echo export jail_${ezjail_safename}_post_start_script=\"${ezjail_post_start_script}\"
echo export jail_${ezjail_safename}_retention_policy=\"${ezjail_retention_policy}\"
) > "${ezjail_destconf}"
@ -235,10 +232,9 @@ fetchjailinfo () {
eval ezjail_parentzfs=\"\$jail_${ezjail_safename}_parentzfs\"
eval ezjail_parameters=\"\$jail_${ezjail_safename}_parameters\"
eval ezjail_post_start_script=\"\$jail_${ezjail_safename}_post_start_script\"
eval ezjail_retention_policy=\"\$jail_${ezjail_safename}_retention_policy\"
# Pre ezjail-3.3-jails do not have this set
: ${ezjail_parentzfs:=${ezjail_jailzfs}}
: ${ezjail_parentzfs=${ezjail_jailzfs}}
ezjail_softlink=${ezjail_jaildir}/`basename -- "${ezjail_rootdir}"`
ezjail_devicelink="${ezjail_rootdir}.device"
@ -264,7 +260,7 @@ fetchjailinfo () {
fi
[ -f "/var/run/jail_${ezjail_safename}.id" ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return
jls | grep -q -E "^ *${ezjail_id} " || unset ezjail_id
jls | grep -q -E "^ +${ezjail_id} " || unset ezjail_id
}
# fill the base jail - this function is used by install and update
@ -275,7 +271,7 @@ ezjail_splitworld() {
if [ "${ezjail_use_zfs}" = "YES" ]; then
ensure_jailzfs
/sbin/zfs create ${ezjail_jailzfs}/basejail
/sbin/zfs snapshot ${ezjail_jailzfs}/basejail@`date +"%C%y%m%d_%H:%M:%S"`
/sbin/zfs snapshot ${ezjail_jailzfs}/basejail@`date -v -7d +"%C%y%m%d_%H:%M:%S"`
fi
# Remove schg flags from old basejail binaries. The flags
@ -311,7 +307,6 @@ ezjail_splitworld() {
# /etc/make.conf.
if [ -f "${ezjail_examples}/example/etc/make.conf" -a ! -f "${ezjail_jailtemplate}/etc/make.conf" ]; then
cp -p "${ezjail_examples}/example/etc/make.conf" "${ezjail_jailtemplate}/etc/"
mkdir -p ${ezjail_jailtemplate}/var/ports/packages ${ezjail_jailtemplate}/var/ports/distfiles
echo "Note: a non-standard /etc/make.conf was copied to the template jail in order to get the ports collection running inside jails."
fi
@ -437,7 +432,7 @@ ensure_jailzfs() {
_zfs_status=`/sbin/zfs list -H -o name ${ezjail_jailzfs} 2> /dev/null`
[ "${_zfs_status}" = "${ezjail_jailzfs}" ] && return
# if a directory already exists in that place, make sure it is empty, else bump user
# if a directoy already exists in that place, make sure it is empty, else bump user
[ -d "${ezjail_jaildir}" -a -n "`ls -A ${ezjail_jaildir}`" ] && exerr "Error: Can not create zfs at ${ezjail_jaildir}.\n There is a non-empty directory in the way."
# create all parent file systems if necessary
@ -448,81 +443,6 @@ ensure_jailzfs() {
/sbin/zfs create -o mountpoint=${ezjail_jaildir} ${ezjail_zfs_properties} ${ezjail_jailzfs}
}
# implement snapshot retentions
filteroldsnapshots() {
local win repeat bottom in_window snap_id snap_del snap_first first_round_done max_diff
bottom=`date +%s`
unset snap_del first_round_done
snap_id=0
for win in ${ezjail_retention_policy}; do
# split repeat count from window chunk
case ${win} in *x*) repeat=${win%x*}; win=${win#*x};; *) repeat=1;; KEEP) return;; esac
# check for correct value
case ${win} in [0-9]);; [0-9]*[0-9mhdwy]);; *) echo "Unknown window length declaration ${win}"; return ;; esac
# values default to minutes
case ${win} in *h) m=60;; *d) m=1440;; *w) m=10080;; *y) m=525600;; *) m=1;; esac
win=$((${win%[mhdwy]}*m*60))
# innerloop $repeats over windows
while [ $(( repeat-=1 )) -ge 0 ]; do
# Shift bottom of window
bottom=$(( ${bottom} - ${win} ))
unset snap_first
# now loop over parameters
in_window=YES; while [ "${in_window}" ]; do
# When snap_id is required, pop one if possible
if [ "${snap_id}" -eq 0 -a $# -gt 0 ]; then
snap_id=`date -j -f ${ezjail_snap_date_format} $1 +%s`
shift
fi
# is next snapshot before this window? test next window
if [ ${snap_id} -lt ${bottom} ]; then
[ "${first_round_done}" ] || echo /sbin/zfs snapshot -r ${ezjail_zfs}@ez-autosnap-`date +${ezjail_snap_date_format}`
[ "${first_round_done}" ] || /sbin/zfs snapshot -r ${ezjail_zfs}@ez-autosnap-`date +${ezjail_snap_date_format}`
# we remembered the first snapshot in window
# only keep it, if it is newer than the oldest by more than half the window size
if [ "${snap_first}" -a "${snap_del}" -a $(( snap_del - snap_first )) -lt $(( win / 2 )) ]; then
echo /sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_first} +${ezjail_snap_date_format}`
/sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_first} +${ezjail_snap_date_format}`
fi
# Zero marks end of snaps list
[ "${snap_id}" -eq 0 ] && return
unset snap_del in_window
else
if [ "${snap_del}" ]; then
if [ "${snap_first}" ]; then
echo /sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_del} +${ezjail_snap_date_format}`
/sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_del} +${ezjail_snap_date_format}`
else
snap_first="${snap_del}"
fi
fi
snap_del="${snap_id}"
snap_id=0
fi
first_round_done="YES"
done
done
done
# if out of windows, default to delete the remainder of snaps
for snap_del in ${snap_id} $*; do
echo /sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_del} +${ezjail_snap_date_format}`
/sbin/zfs destroy -r ${ezjail_zfs}@ez-autosnap-`date -j -f %s ${snap_del} +${ezjail_snap_date_format}`
done
}
#############################
# End of function definitions
# "
@ -535,7 +455,7 @@ case "$1" in
create)
# Clean variables, prevent pollution
unset ezjail_rootdir ezjail_flavours ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_parentzfs ezjail_device ezjail_devicelink ezjail_config ezjail_attachparams ezjail_exists ezjail_attachblocking ezjail_forceblocking ezjail_sourcedevice ezjail_rootdirempty ezjail_fromarchive ezjail_fromarchive_config
shift; while getopts :f:r:s:xbkic:C:a:A:z: arg; do case ${arg} in
shift; while getopts :f:r:s:xbic:C:a:A:z: arg; do case ${arg} in
x) ezjail_exists="YES";;
r) ezjail_rootdir=${OPTARG};;
f) ezjail_flavours=${OPTARG};;
@ -548,7 +468,6 @@ create)
s) ezjail_imagesize=${OPTARG};;
z) ezjail_imagetype="zfs";
ezjail_parentzfs=${OPTARG};;
k) ezjail_keepsnapshot="YES";; # undocumented
?) exerr ${ezjail_usage_create};;
esac; done; shift $(( ${OPTIND} - 1 ))
@ -746,10 +665,10 @@ create)
# now take a copy of our template jail
if [ "${ezjail_imagetype}" = "zfs" -a "${ezjail_use_zfs}" = "YES" ]; then
# create ZFS filesystem first when using ZFS
/sbin/zfs snapshot ${ezjail_jailzfs}/newjail@_vanilla_newjail_
/sbin/zfs send ${ezjail_jailzfs}/newjail@_vanilla_newjail_ | zfs receive -F ${ezjail_parentzfs}/${ezjail_hostname}
[ -z "${ezjail_keepsnapshot}" ] && /sbin/zfs destroy ${ezjail_parentzfs}/${ezjail_hostname}@_vanilla_newjail_
/sbin/zfs destroy ${ezjail_jailzfs}/newjail@_vanilla_newjail_
/sbin/zfs snapshot ${ezjail_jailzfs}/newjail@_createnewjailtmp
/sbin/zfs send ${ezjail_jailzfs}/newjail@_createnewjailtmp | zfs receive -F ${ezjail_parentzfs}/${ezjail_hostname}
/sbin/zfs destroy ${ezjail_parentzfs}/${ezjail_hostname}@_createnewjailtmp
/sbin/zfs destroy ${ezjail_jailzfs}/newjail@_createnewjailtmp
else
mkdir -p "${ezjail_rootdir}" && cd "${ezjail_jailtemplate}" && find . | cpio -p -v "${ezjail_rootdir}" > /dev/null
fi
@ -925,14 +844,7 @@ delete)
[ "${ezjail_image}" ] && rm -f "${ezjail_image}" "${ezjail_image%.img}.device"
;;
zfs)
if ! /sbin/zfs destroy -r ${ezjail_parentzfs}/${ezjail_hostname}; then
[ "${ezjail_forcestop}" ] || exerr "Error: Could not destroy file system ${ezjail_parentzfs}/${ezjail_hostname} for jail ${ezjail_name}."
echo "Warning: Could not destroy file system ${ezjail_parentzfs}/${ezjail_hostname} for jail ${ezjail_name}."
echo " Sleeping 5 seconds before retrying forcefully."
sleep 5
/sbin/zfs destroy -rf ${ezjail_parentzfs}/${ezjail_hostname} || exerr "Error: Failed to destroy file system."
echo "Success."
fi
/sbin/zfs destroy -r ${ezjail_parentzfs}/${ezjail_hostname}
;;
*)
chflags -R noschg "${ezjail_rootdir}"
@ -1004,12 +916,8 @@ setup|update)
# If ran from cron be kind to freebsds update servers and sleep first
[ -z "$TERM" -o "$TERM" = "dumb" ] && ezjail_urgency="cron" || ezjail_urgency="fetch"
if [ "${ezjail_use_zfs}" = "YES" ]; then
zfs snapshot ${ezjail_jailzfs}/basejail@`date +"%C%y%m%d_%H:%M:%S"`
zfs snapshot ${ezjail_jailzfs}/newjail@`date +"%C%y%m%d_%H:%M:%S"`
fi
env PAGER=/bin/cat freebsd-update -b ${ezjail_jailbase} ${ezjail_urgency} install
env PAGER=/bin/cat freebsd-update -b ${ezjail_jailtemplate} ${ezjail_urgency} install
[ "${ezjail_use_zfs}" = "YES" ] && zfs snapshot ${ezjail_jailzfs}/basejail@`date -v -7d +"%C%y%m%d_%H:%M:%S"`
freebsd-update -b ${ezjail_jailbase} ${ezjail_urgency} install
elif [ "${ezjail_installaction}" = "freebsd-upgrade" ]; then
[ -d "${ezjail_jailbase}" ] || exerr "Error: base jail does not exist.\n You cannot update a base jail until it is created.\n Please run '${ezjail_admin} update' or '${ezjail_admin} install' first."
@ -1020,14 +928,12 @@ setup|update)
# Make the host systems os version our target version
# Users can override this by setting the UNAME_r environment variable
ezjail_osversion_target="`uname -r | sed -E 's,-p[0-9]+,,' | sed -E 's,-SECURITY,-RELEASE,'`"
ezjail_osversion_target="`uname -r`"
# Finally run freebsd-update to upgrade our basejail
for DESTDIR in ${ezjail_jailbase} ${ezjail_jailtemplate}; do
env UNAME_r="${ezjail_osversion_source}" PAGER=/bin/cat freebsd-update -b ${DESTDIR} -r ${ezjail_osversion_target} upgrade
while [ $? -eq 0 ]; do
env UNAME_r="${ezjail_osversion_source}" PAGER=/bin/cat freebsd-update -b ${DESTDIR} -r ${ezjail_osversion_target} install
done
env UNAME_r="${ezjail_osversion_source}" freebsd-update -b ${ezjail_jailbase} -r ${ezjail_osversion_target} upgrade
while [ $? -eq 0 ]; do
env UNAME_r="${ezjail_osversion_source}" freebsd-update -b ${ezjail_jailbase} -r ${ezjail_osversion_target} install
done
# Here we should write the file with the new osversion in case of success
@ -1101,7 +1007,6 @@ install)
# ftp servers normally wont provide non-RELEASE-builds
if [ "${ezjail_proto}" != "file" ]; then
case ${ezjail_release} in *-STABLE) ezjail_release="${ezjail_release%-STABLE}-RELEASE";; esac
case ${ezjail_release} in *-RELEASE-p*) ezjail_release=${ezjail_release%-p*};; esac
if [ "${ezjail_release%-RELEASE}" = "${ezjail_release}" ]; then
echo "Your system is ${ezjail_release}. Normally FTP-servers don't provide non-RELEASE-builds."
[ ${ezjail_release_major} -ge 9 ] && ezjail_installarch="${ezjail_installplatform}/${ezjail_installarch}"
@ -1150,12 +1055,8 @@ install)
# The easy case means, that a local distribution directory has been specified.
if [ ${ezjail_release_major} -ge 9 ]; then
if [ -r "${ezjail_disturi}/${pkg}.txz" ]; then
xzdec ${ezjail_disturi}/${pkg}.txz | tar --unlink -xpJf - -C ${DESTDIR}
else
[ ${pkg} = "lib32" ] || exerr "Error: Can not access package file ${ezjail_disturi}/${pkg}.txz"
echo "Warning: Can not access package file ${ezjail_disturi}/${pkg}.txz, ignored for auto added lib32."
fi
[ -r "${ezjail_disturi}/${pkg}.txz" ] || exerr "Error: Can not access package file ${ezjail_disturi}/${pkg}.txz"
xzdec ${ezjail_disturi}/${pkg}.txz | tar --unlink -xpJf - -C ${DESTDIR}
else
ezjail_makeabsolute ezjail_disturi
cd "${ezjail_disturi}/${pkg}" || exerr "Error: Could not cd to ${ezjail_disturi}/${pkg}."
@ -1204,11 +1105,8 @@ install)
fi
done
# Update to current patch level, split basejail and newjail
if [ "${ezjail_basesystem}" ]; then
env PAGER=/bin/cat freebsd-update -b "${DESTDIR}" fetch install
ezjail_splitworld
fi
# Split basejail and newjail
[ "${ezjail_basesystem}" ] && ezjail_splitworld
# Fill ports, if requested
[ "${ezjail_installports}" ] && ezjail_updateports
@ -1260,81 +1158,7 @@ console)
exec ${_setfib} jexec ${ezjail_id} ${ezjail_default_execute}
;;
######################## ezjail-admin FREEZE ########################
freeze)
shift
[ $# -eq 2 ] || exerr ${ezjail_usage_freeze}
ezjail="$1"
ezjail_flavour="$2"
fetchjailinfo ${ezjail}
# Check for existence of jail in our records
[ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
# Check if jail is of zfs type
[ ${ezjail_imagetype} = "zfs" ] || exerr "Error: Can only freeze zfs based jails into a flavour.\n ${ezjail_name} is not a zfs jail."
# Check if jail has been snapshotted at create time
/sbin/zfs list -H "${ezjail_parentzfs}/${ezjail_hostname}@_vanilla_newjail_" >/dev/null 2>/dev/null
[ $? -eq 0 ] || exerr "Error: Jail ${ezjail_name} did not keep a snapshot when it was first created.\n Use ezjail-admin create with the -k option to keep a snapshot to diff."
# For now we will not overwrite an existing flavour
[ -e "${ezjail_flavours_dir}/${ezjail_flavour}" ] && exerr "Error: A flavour already exists at ${ezjail_flavours_dir}/${ezjail_flavour}."
# Create the new frozen flavour's dir
mkdir -p "${ezjail_flavours_dir}/${ezjail_flavour}"
# Work relative to jails rootdir
cd "${ezjail_rootdir}"
# Now list all files that have been added or modified
# TODO: This assumes no files have been deleted from when the jail was initially created. Safe assumption for now.
# TODO: This assumes no files have been renamed from when the jail was initially created. Not so sure.
/sbin/zfs diff -H "${ezjail_parentzfs}/${ezjail_hostname}@_vanilla_newjail_" "${ezjail_parentzfs}/${ezjail_hostname}" | \
grep -E "^[M+]" | cut -f 2 | sed -E s:"^${ezjail_rootdir}/?":: | cpio -d -m -p -v "${ezjail_flavours_dir}/${ezjail_flavour}"
;;
######################## ezjail-admin SNAPSHOT ########################
snapshot)
shift
if [ $# -eq 0 ]; then
cd ${ezjail_jailcfgs} && ezjail_list=`ls -A`
else
ezjail_list=$*
fi
for ezjail in ${ezjail_list}; do
fetchjailinfo ${ezjail%.norun}
# Check for existence of jail in our records
[ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
# Snapshots only work with zfs jails
[ "${ezjail_imagetype}" = "zfs" -o -n "${ezjail_zfs_datasets}" ] || continue
[ "${ezjail_imagetype}" = "zfs" ] && ezjail_zfs_datasets="${ezjail_parentzfs}/${ezjail_hostname} ${ezjail_zfs_datasets}"
# Use global retention policy, if none set
: ${ezjail_retention_policy:=${ezjail_default_retention_policy}}
for ezjail_zfs in ${ezjail_zfs_datasets}; do
check_for_zfs_exist ${ezjail_zfs} || continue
zfs_retention_policy=`/sbin/zfs get -H -o value ezjail:autosnap_retention ${ezjail_zfs}`
[ "${zfs_retention_policy}" = "-" ] || ezjail_retention_policy="${zfs_retention_policy}"
if [ -z "${ezjail_retention_policy}" ]; then
/sbin/zfs snapshot -r ${ezjail_zfs}@ez-autosnap-`date +${ezjail_snap_date_format}`
else
snap_list=`/sbin/zfs list -H -t snapshot -o name -S creation -r ${ezjail_zfs} | \
grep ^${ezjail_zfs}@ez-autosnap- | cut -d '@' -f 2 | cut -d '-' -f 3`
filteroldsnapshots ${snap_list}
fi
done
done
;;
######################## ezjail-admin ARCHIVE ########################
######################## ezjail-admin ARCHIVE ########################
archive)
# Clean variables, prevent pollution
unset ezjail_archive ezjail_archive_tag ezjail_force ezjail_archivealljails ezjail_addfiles
@ -1351,7 +1175,7 @@ archive)
[ $# -lt 1 -a -z "${ezjail_archivealljails}" ] && exerr ${ezjail_usage_archive}
# Ensure that archive directory is there
[ "${ezjail_archive}" = "-" ] || mkdir -p "${ezjail_archivedir}" || exerr "Error: Can not create archive directory ${ezjail_archivedir}."
[ "${ezjail_archive}" = "-" ] || mkdir -p "${ezjail_archivedir}" || exerr "Error: Can not create archive directory ${ezjail_archivedir}."
# Will not backup more than one jail per archive
[ "${ezjail_archive}" -a "${ezjail_archivealljails}" ] && exerr "Error: Must not specify an archive location for multiple archives.\n Can not archive multiple jails into one archive."
@ -1384,7 +1208,7 @@ archive)
if [ "${ezjail_imagetype}" -a "${ezjail_imagetype}" != "zfs" -a -z "${ezjail_attached}" ]; then
if [ "${ezjail_attachblocking}" ]; then
echo "Warning: Jail ${ezjail_name} is an image jail and can not be attached automatically."
echo " Use '${ezjail_admin} config -i attach ${ezjail_name}' to attach it first."
echo " Use '${ezjail_admin} config -i attach ${ezjail_name}' to attach it first."
continue
fi
mount_images
@ -1434,7 +1258,7 @@ archive)
[ "${ezjail_imagesize}" ] && detach_images keep
# An error on a jail not running is bad
[ ${ezjail_paxresult} -eq 0 -o "${ezjail_force}" ] || echo -n "Warning: Archiving jail ${ezjail_name} was not completely successful.\n Please refer to the output above for problems the archiving tool encountered.\n You may ignore reports concerning setting access and modification times.\n You might want to check and remove ${ezjail_archive}."
[ ${ezjail_paxresult} -eq 0 -o "${ezjail_force}" ] || echo "Warning: Archiving jail ${ezjail_name} was not completely successful.\n Please refer to the output above for problems the archiving tool encountered.\n You may ignore reports concerning setting access and modification times.\n You might want to check and remove ${ezjail_archive}."
# When archiving a running jail, some errors might occur
[ ${ezjail_paxresult} -eq 0 ] || echo "Warning: Archiving jail ${ezjail_name} was not completely successful. For a running jail this is not unusual."
@ -1506,7 +1330,7 @@ restore)
ezjail_config=`mktemp /tmp/ezjail.prop.XXXXXXXX`
[ $? -ne 0 ] && exerr "Error: Can't create temporary file."
pax -rzn -s:${ezjail_nameprop}:${ezjail_config}: -f ${ezjail_fromarchive} ${ezjail_nameprop}
fetchjailinfo ${ezjail_safename:-${ezjail_nameprop_safename}} ${ezjail_config}
fetchjailinfo ${ezjail_safename} ${ezjail_config}
# Now all parameters are here, invoke ezjail-admin create
[ "${ezjail_rootdir}" -a "${ezjail_ips}" -a "${ezjail_hostname}" ] || exerr "Error: Archive does not contain a valid ezjail properties file.\n Some jails properties are missing."
@ -1636,7 +1460,6 @@ config)
case "${ezjail_setrunnable}" in
run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv "${ezjail_config}" "${ezjail_config%.norun}";;
norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv "${ezjail_config}" "${ezjail_config}.norun";;
test) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && echo "Jail ${ezjail_name} is runnable" || echo "Jail ${ezjail_name} is not runnable";;
esac
[ "${ezjail_imageaction}" -a -z "${ezjail_image}" ] && exerr "Error: Jail ${ezjail_name} not an image jail."
@ -1673,30 +1496,6 @@ config)
;;
esac
;;
######################## ezjail-admin TROUBLESHOOT ########################
troubleshoot)
# XXX TOOD:
# Start with some simple tests, check for basejail
# Check if we are ourself jailed
# Check if all IPv4 addresses are either configured already or in
# interface config line
# Check for duplicate non unique IPv4 addresses
# Check if all necessary file systems for zfs jails are mounted
# For zfs jails check, if zpool is full
# Check if all mount points inside the jails are there
shift
[ $# -gt 0 ] && cd ${ezjail_jailcfgs} && set - `ls -A`
for ezjail; do
fetchjailinfo ${ezjail%.norun}
# Check for existence of jail in our records
[ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
done
;;
*)
exerr "${ezjail_usage_ezjailadmin}"
;;

11
ezjail.conf.sample
View File

@ -55,17 +55,8 @@
# ezjail_use_zfs_for_jails="YES"
# The name of the ZFS ezjail should create jails on, it will be mounted at the ezjail_jaildir
# ezjail_jailzfs="tank/ezjail"
# ezjail_jailzfs="tank/ezjail"
# ADVANCED, be very careful!
# ezjail_zfs_properties="-o compression=lzjb -o atime=off"
# ezjail_zfs_jail_properties="-o dedup=on"
# For auto snapshots this is the default policy to keep old snapshots. In each window there
# will be guaranteed to be one or two snapshots only
# If this variable is not set, no snapshots will be removed by ezjail-admin snapshot
# Example policy for a database jail with rollbackable snapshots starting with four snapshots
# in the last hour and up to an annual snapshot for 1000 years. Beware of the load caused by
# destroying snapshots.
# ezjail_default_retention_policy="4x15m 3x1h 2x2h 4h 12h 6x1d 7x1w 11x4w 1000x1y"

4
ezjail.sh
View File

@ -89,7 +89,7 @@ do_cmd()
# Cannot auto mount blocking jails without interrupting boot process
[ "${ezjail_fromrc}" -a "${action}" = "start" -a "${ezjail_blocking}" ] && echo -n " ...skipping blocking jail ${ezjail}" && continue
# Explicitly do only run blocking crypto jails when *crypto is requested
# Explicitely do only run blocking crypto jails when *crypto is requested
[ "${action%crypto}" = "${action}" -o "${ezjail_blocking}" ] || continue
# Try to attach (crypto) devices
@ -105,7 +105,7 @@ do_cmd()
# Configure settings that need to be done after the jail has been started
if [ "${action%crypto}" = "start" -o "${action}" = "restart" ]; then
for ezjail in ${ezjail_pass}; do
for ezjail in ${ezjail_list}; do
ezjail_safename=`echo -n "${ezjail}" | tr -c '[:alnum:]' _`
# Get the JID of the jail
[ -f "/var/run/jail_${ezjail_safename}.id" ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return

19
man5/ezjail.conf.5
View File

@ -1,4 +1,4 @@
.Dd December 5, 2013
.Dd January 15, 2011
.Dt EZJAIL.CONF 5 USD
.Os FreeBSD
.Sh NAME
@ -94,7 +94,7 @@ Controls whether
.Pa /etc/fstab. Ar hostname
should be executed at jail startup time.
.br
Default:
Default:
.Em YES .
.It ezjail_devfs_enable (bool)
Controls whether newly created jails are given a working
@ -157,7 +157,7 @@ Default:
.It ezjail_imagetype (one of simple, bde, eli, zfs)
Type of jail to create when creating a jail with the
.Fl i
flag without specifying the type explicitly.
flag without specifying the type explicitely.
.br
Default:
.Em simple
@ -165,7 +165,7 @@ Default:
.Sh ZFS OPTIONS
.Bl -tag -width option
.It ezjail_use_zfs (bool)
Set to YES, if ezjail should manage basejail and newjail in a separate
Set to YES, if ezjail should manage basejail and newjail in a seperate
ZFS-datasets.
.br
Default:
@ -184,7 +184,7 @@ Default:
The name of the parent ZFS-dataset which ezjail will use to create
jails on. It will be mounted in
.Em ezjail_jaildir .
Setting this will automatically enable ezjail managing jails in separate
Setting this will automaticly enable ezjail managing jails in seperate
ZFS-datasets.
.br
Default:
@ -196,15 +196,6 @@ for details. ADVANCED, be very careful!
.br
Default:
.Em none .
.It ezjail_default_retention_policy (str)
Policy for the
.Cm ezjail-admin snapshot
subcommand to keep older snapshots. See
.Xr ezjail-admin 1
for details.
.br
Default:
.Em none .
.El
.Sh FILES
EZJAIL_PREFIX/etc/ezjail.conf

66
man7/ezjail.7
View File

@ -1,4 +1,4 @@
.Dd December 5, 2013
.Dd January 15, 2011
.Dt EZJAIL 7 USD
.Os
.Sh NAME
@ -130,7 +130,12 @@ There are two advantages to image jails. The amount of disk space
allocated to the jail is limited, while normal jails have no bound on
the amount of disk space they use. On the other hand, the space
dedicated to the jail is no longer available to the host, even if the
jail doesn't use all its allocated space.
jail doesn't use all its allocated space. In addition, image jails
contain a full copy of the basejail. This makes them portable between
hosts running the same FreeBSD version as the image was created with.
Of course, the jail now needs to be updated independently from all
other jails, and there is no longer any sharing of common files
between the jails.
.Pp
Image jails may also be encrypted using
.Xr bde 4
@ -145,7 +150,7 @@ filesystem. See
.Sx Jail Creation Examples
for details.
.Pp
Also, ezjail can be configured to install its basejail and the accompanying
Also, ezjail can be configured to install its basejail and the accompaning
template for all new jails into its own filesystem. Set the
.Dq Li $ezjail_use_zfs
variable in your
@ -221,7 +226,7 @@ that specifies whether the filesystems in
are carried out. Set by ezjail to
.Dq Li YES ,
set to
.Dq Li NO
.Qd Li NO
at your own risk.
.It jail_JAILNAME_devfs_enable
A boolean specifying whether to mount a
@ -262,7 +267,7 @@ The parameters to pass to the tool used to decrypt file-based,
encrypted jails. Initialized from the
.Fl C
option when creating such a jail, or the empty string.
.It ezjail_JAILNAME_attachblocking
.Ir ezjail_JAILNAME_attachblocking
.Dq Li YES
if the jail requires interaction with the administrator when starting
(typically, encrypted jails that needs a password to be decrypted).
@ -327,7 +332,7 @@ addition, the jail is configured so that on its first boot, the file
.Pa ezjail.flavour
is executed.
.Pp
As part of the install sub-command, the flavour base directory
As part of the install sub-command, the flavour base directory
was created as
.Pa /usr/jails/flavours
and populated with an single flavour named
@ -348,7 +353,7 @@ configuration, creating classes of jails for development or testing
favourite web development framework), pre-creating local users, and so
on.
.Ss Updating the Base Jail
We already mentioned how easy it is to update jails, since only one
We already mentionned how easy it is to update jails, since only one
copy needs to be updated. Ezjail only handles updating the base
system; updating the ports is left to the administrator (but see
.Dq Li ports-mgmt/jailaudit
@ -361,7 +366,7 @@ binary packages. If a base jail already exists, the
command installs the world in a temporary directory before moving it
to the basejail, thus leaving intact all installed libraries. After
making sure all software running in the jails is linked with the new
libraries, you may want to remove the old library versions. It is
librairies, you may want to remove the old library versions. It is
often a good idea to update the jails when a new kernel is installed
in the host, using the same sources.
.Ss Starting Jails
@ -409,37 +414,6 @@ rc.d/ezjail can be used to start and stop jails by prepending
Refer to
.Xr rc 8
for details.
.Ss Snapshots and retention policies
Jails residing in their own zfs and their corresponding zfs data sets can be
automatically snapshot by the
.Cm ezjail-admin snapshot
subcommand. Taking snapshots of all jails before a major update is considered
best practise. However, when taking snapshots regularly, the amount of disc
space used can be considerable.
.Pp
Therefore ezjail allows you to set retention policies that describe how many
of your snapshots you want to keep for one or all jails or a particular zfs. See
the description of the snapshot command in
.Xr ezjail-admin 5
for details.
.Pp
A retention policy consists of one or multiple windows for which ezjail guarantees
to keep at least one and at most two snapshots. A simple example:
.D1 $ezjail_default_retention_policy="1d 2w 1y"
will ensure ONE snapshot for the last day, for the last two weeks before that day and
then for one snapshot in the year before the two-week window. Valid multipliers are
(m)inutes, (h)ours, (d)ays, (w)eeks and (y)ears.
.Pp
Windows can be repeated by prepending them with a number and the letter x:
.D1 $ezjail_test_com_retention_policy="24x1h 6x1d 3x1w 11x4w KEEP"
will set the retention policy for jail test.com to keep hourly snapshots for one
day, then daily snapshots for the rest of the week, weekly snapshots for the rest of
the month, monthly snapshots for the rest of the year.
.Pp
The magic keyword KEEP at the end of the list will make ezjail not delete snapshots
older than the oldest window. It is your responsibility to keep the list in an order
that makes keeping snapshots possible, i.e. not placing one-hour-windows after
one-year-windows.
.Ss Remarks & Tips
Jails can be either accessed from the network, for instance by using
.Xr ssh 1 ,
@ -464,7 +438,7 @@ knobs for allowing a jail to access raw sockets, see the
man page for details.
.Pp
Once your jail has network access, then all your normal application
install functions are available, right from the jails console. In
install functions are availabe, right from the jails console. In
particular, if the ports collection was installed, it can be used as
if from the host system. A modified
.Pa make.conf
@ -489,7 +463,7 @@ in
.Pa rc.conf .
It is possible to set this variable to
.Dq Li NO
if the administrator wants to temporarily disable ezjail, or if she doesn't
if the administrator wants to temporarily ezjail, or if she doesn't
want the jails to be automatically started on boot.
.Pp
The ezjail system may be reset to a pristine state by removing all its
@ -524,7 +498,7 @@ will be asked for the release to install. Neither the man pages nor
the source nor the ports tree are installed. Note that the FreeBSD FTP
server is sometimes so busy the download times out. Use the
.Fl h Ar host
option to specify a less loaded server, or the
option to specify a less loaded server, or the
.Dq Li $ezjail_ftphost
option in
.Xr ezjail.conf 8 .
@ -580,7 +554,7 @@ macdef getdir
mreget $i/*
.Ed
.Pp
Then issue this command on the command line. If the FTP download
Then issue this command on the command line. If the FTP download
times out re-issue the FTP command again to resume where it left off.
.Bd -literal -offset indent
mkdir /usr/8.0-RELEASE
@ -649,7 +623,7 @@ Create a new jail, placing it in directory
instead of deriving the directory name of the jail from its host name.
The jail will be created with the flavour
.Ar example .
This jail will be given two IP addresses; this is possible only since
This jail will be given two IP addressses; this is possible only since
FreeBSD 7.2.
.It Nm Cm create Fl i Fl s Ar 600M sandbox2 10.0.10.4
This creates a new file-based jail having a file size of 600 megabytes
@ -697,7 +671,7 @@ address 10.0.10.6 as an alias on the device em1 before starting the jail.
Interesting additional tools include:
.Dq Li ports-mgmt/jailaudit .
.Sh AUTHOR
.An Dirk Engling
.An Dirk Engling
.Aq erdgeist@erdgeist.org .
.Pp
The man page is based on a draft by
@ -705,4 +679,4 @@ The man page is based on a draft by
.Aq joeb1@a1poweruser.com
and was rewritten by
.An Frederic Perrin
.Aq frederic.perrin@resel.fr .
.Aq frederic.perrin@resel.fr .

69
man8/ezjail-admin.8
View File

@ -1,9 +1,9 @@
.Dd December 5, 2013
.Dd January 15, 2011
.Dt EZJAIL-ADMIN 8 USD
.Os FreeBSD
.Sh NAME
.Nm ezjail-admin
.Nd Administrate ezjail environment
.Nd Administrate ezjail environment
.Sh SYNOPSIS
.Nm Cm install
.Op Fl mMpPsS
@ -28,10 +28,10 @@
.Nm
.Cm list
.Nm
.Cm start | stop | restart | startcrypto | stopcrypto Ar jailname...
.Cm start | stop | restart | cryptostart Ar jailname...
.Nm
.Cm config
.Op Fl r Ar run | norun | test
.Op Fl r Ar run | norun
.Op Fl n Ar newname
.Op Fl i Ar attach | detach | fsck
.Op Fl z Ar newdataset
@ -54,9 +54,6 @@
.Op Fl d Ar archivedir
.Ar archive | jailname...
.Nm
.Cm snapshot
.Ar [jailname...]
.Nm
.Cm update
.Op Fl s Ar sourcetree | sourceosversion
.Op Fl p
@ -115,7 +112,7 @@ utility to fetch and extract a FreeBSD ports tree from
.Pa make.conf
containing reasonable values to function in the jailed environment is added to
the new jail template so all jails created from the new jail template will
have a working ports environment. See the appendix
have a working ports environment. See the appendix
.%B Using Portsnap
in the
.%B FreeBSD Handbook
@ -130,9 +127,9 @@ default host
is used. Variable:
.Dq Li $ezjail_ftphost .
.Pp
It is possible to install from the
It is possible to install from the
.Li disc1
CD-ROM, or an extracted -RELEASE directory, by specifying the
CDRom, or an extracted -RELEASE directory, by specifying the
.Ar host
argument as
.Pa file://path/to/source .
@ -149,7 +146,7 @@ see the
sub-command for this.
.El
.Ss Nm Cm create
Create a new jail inside ezjail's scope. It either copies the new jail
Create a new jail inside ezjail's scope. It either copies the new jail
directory tree template or an ezjail archive directory tree to new jail root
directory,
.Pa /usr/jails/ Ns Ar jailname
@ -157,7 +154,7 @@ by default. Jailname and IP address are mandatory parameters.
.Pp
When a new jail is created, a corresponding new
.Pa /etc/fstab. Ns Ar jailname
file is also created, with a
file is also created, with a
.Xr nullfs 5
mount giving access to the base jail from the new jail.
.Pp
@ -342,7 +339,7 @@ interactively enter a passphrase. The jail is then not automatically started
at boot time.
.El
.Ss Nm Cm console
Attach your console to the selected jail. You are logged in as root by
Attach your console to the selected jail. You are logged in as root by
default.
.Pp
The following options are available:
@ -354,7 +351,7 @@ Use
.Ar command
instead of the default
.Dq /usr/bin/login -f root .
login command. A one time change to use a different user can be
loogin command. A one time change to use a different user can be
accomplished by using
.Fl e Qq Li /usr/bin/login -f user .
Variable:
@ -395,7 +392,8 @@ If present, the third letter,
means that the jail is not automatically started.
.Pp
The following columns are the JID (when it is running), the IP addresses, the name and the full path directory name of the jail.
.Ss Nm Cm start | restart | stop | startcrypto | stopcrypto Op Ar jailname ...
.Ss Nm Cm start | restart | stop | startcrypto Op Ar jailname ...
.Pp
This is a shortcut to the
.Xr rc 8
.Cm ezjail
@ -409,7 +407,7 @@ Note that, if ezjail is not enabled in
.Xr rc.conf 5
with
.Dq Li ezjail_enable= Ns Qq Li YES ,
nothing happens.
nothing happens.
.Pp
Since starting crypto image jails requires interaction with the administrator, they are not run at
boot time. Use
@ -421,10 +419,8 @@ the jail is restarted.
.Pp
The following options are available:
.Bl -tag -width indent
.It Fl r Cm run | norun | test
.It Fl r Cm run | norun
Set the jail to be automatically started or not on boot.
.sp
Note that the test parameter can be used to check if an ezjail exists, in this case the script will return with an exit code of zero and the runnable state on standard out. A non-zero exit code will be returned if the jail does not exist.
.It Fl n Ar newname
Rename the jail. Unless a custom root directory was given with the
.Fl r
@ -455,6 +451,7 @@ the selected jail as well as
The
.Pa /usr/jails/ Ns Ar jailname
directory is not deleted.
.Pp
.Bl -tag -width indent
.It Fl f
Stop the jail before deleting it.
@ -519,30 +516,6 @@ where it was archived. Be default,
will refuse to restore an archive if the archived host system's hostname,
its FreeBSD version or CPU architecture do not match the current host.
.El
.Ss Nm Cm snapshot [jailname...]
Takes zfs snapshots of some or all (zfs) ezjails and their zfs datasets and
optionally destroys older snapshots according to a configured retention
policy.
.Pp
The zfs snapshots will be named @ez-autosnap- with the date appended in format
“%Y%m%d%H%M”. List all auto snapshots with
.Dq Li /sbin/zfs list -H -t snapshot | grep @ez-autosnap- .
.Pp
You can set (and override in that order) the retention policy globally in your
.Dq Li $ezjail_default_retention_policy
.Xr ezjail.conf 5
variable, set them per jail in its config file with their
.Dq Li $ezjail_retention_policy
variable or set a User property with the name
.Dq Li ezjail:autosnap_retention
on the respective file systems.
.Pp
The policy is described by a pattern of space separated
.Dq Li repeat x window
entries with the algorithm guaranteeing at least one and at most two snapshots
in each of the windows, if mathematically possible. See
.Xr ezjail 7
for details.
.Ss Nm Cm update
Updates ezjail's basejail, or in the
.Fl b
@ -555,7 +528,7 @@ Exactly one of the following operand must be specified:
.It Fl b
Build a world from source and install it as the (updated) basejail.
.Dq make buildworld ; make installworld
by default using the sources located at
by default using the sources located at
.Pa /usr/src
(but see the
.Fl s
@ -572,7 +545,7 @@ recommended to update the basejail along with the host system.
.It Fl u
Use
.Xr freebsd-update 8
to update the basejail. Note that as
to update the basejail. Note that as
.Xr freebsd-update 8
uses
.Dq Li uname -r
@ -587,7 +560,7 @@ you may pass freebsd-update's call to
.Dq uname -r
via the
.Pa UNAME_r
environment variable. Since there currently is no way of inferring the
environment variable. Since there currently is no way of infering the
osversion currently installed in the basejail, you need to remember the
original osversion and pass it to this script using the
.Fl s
@ -647,7 +620,7 @@ filesystem is taken first.
.Xr procfs 5 ,
.Xr portsnap 8 .
.Sh AUTHOR
.An Dirk Engling
.An Dirk Engling
.Aq erdgeist@erdgeist.org .
.Pp
The man page is based on a draft by
@ -655,4 +628,4 @@ The man page is based on a draft by
.Aq joeb1@a1poweruser.com
and was rewritten by
.An Frederic Perrin
.Aq frederic.perrin@resel.fr .
.Aq frederic.perrin@resel.fr .

194
share/zsh/site-functions/ezjail-admin Normal file
View File

@ -0,0 +1,194 @@
#compdef ezjail-admin
# zsh completion for ezjail -- http://erdgeist.org/arts/software/ezjail/
# This file is under the Beerware license, like ezjail itself
# Heavily based on http://zsh.sf.net/Guide/zshguide06.html#l177
# Frédéric Perrin, April 2011.
_ezjail () {
local cmd
if (( CURRENT > 2)); then
cmd=${words[2]}
# Set the context for the subcommand.
curcontext="${curcontext%:*:*}:ezjail-$cmd"
# Narrow the range of words we are looking at to exclude `ezjail-admin'
(( CURRENT-- ))
shift words
# Run the completion for the subcommand
(( $+functions[_ezjail_cmd_$cmd] )) && _ezjail_cmd_$cmd
else
_values : \
"archive[create a backup of one or several jails]" \
"config[manage specific jails]" \
"console[attach your console to a running jail]" \
"create[installs a new jail inside ezjail\'s scope]" \
"cryptostart[start the encrypted jails]" \
"delete[removes a jail from ezjail\'s config]" \
"install[create the basejail from binary packages]" \
"list[list all jails]" \
"restart[restart a running jail]" \
"restore[create new ezjails from archived versions]" \
"start[start a jail]" \
"stop[stop a running jail]" \
"update[create or update the basejail from source]"
fi
}
_ezjail_cmd_archive () {
_arguments -s : \
"-d[destination directory]:destination dir:_files -/" \
"-a[archive name]:archive name:" \
"-f[archive the jail even if it is running]" \
- archiveall \
"-A[archive all jails]" \
- somejails \
"*:jail:_ezjail_mostly_stopped_jails"
}
_ezjail_cmd_config () {
_arguments -s : \
"-r[run the jail on host boot]:run:(run norun)" \
"-n[new jail name]:new name:" \
"-c[jail cpuset]:cpu list:" \
"-z[ZFS dataset to attach]:zfs dataset:" \
"-f[jail FIB number]:fib number:" \
"-i[operate on image]:imageaction:(attach detach fsck)" \
"*:jailname:_ezjail_jails"
}
_ezjail_cmd_console () {
_arguments -s : \
"-e[execute command in jail]:execute:" \
"-f[start the jail if it isn't running]" \
"*:jailname:_ezjail_mostly_running_jails"
}
_ezjail_cmd_create () {
_arguments -s : \
"-f[flavour for the new jail]:flavour:_ezjail_flavours" \
"-x[jail exists, only update the config]" \
"-r[name of the root dir]:dir:" \
"-a[restore from archive]:archive:_files" \
"-A[restore config from archive]:configarchive:_files" \
"-c[image type]:imagetype:(bde eli zfs)" \
"-C[image parameters]:imageparams:" \
"-b[jail start will be synchronous]" \
"-i[file-based jail]" \
"-s[size of the jail]:jailsize:" \
":jail name:" \
":comma-separated IP addresses:"
}
_ezjail_cmd_cryptostart () {
_ezjail_stopped_jails
}
_ezjail_cmd_delete () {
_arguments -s : \
"-w[wipe the jail root]" \
"-f[proceed even if the jail is running]" \
"*:jail:_ezjail_mostly_stopped_jails"
}
_ezjail_cmd_install () {
_arguments : \
- newjail \
"-r[FreeBSD release]:release:(8.0-RELEASE 8-STABLE 9-STABLE)" \
"-h[host for fetching packages]:remote host:" \
"-m[include man pages]" \
"-s[include the /usr/src tree]" \
"-p[include the ports tree]" \
- pimpjail \
"-M[install man pages over an existing basejail]" \
"-S[install the /usr/src tree over an existing basejail]" \
"-P[install the ports tree over an existing basejail]" \
}
_ezjail_cmd_list () {}
_ezjail_cmd_restart () {
_ezjail_running_jails
}
_ezjail_cmd_restore () {
_arguments -s : \
"-f[restore over an existing jail]" \
"-d[archive directory]:archivedir:_files -/" \
"*::_files" \
"*::_ezjail_jails"
}
_ezjail_cmd_start () {
_ezjail_stopped_jails
}
_ezjail_cmd_stop () {
_ezjail_running_jails
}
_ezjail_cmd_update () {
_arguments -s : \
"-p[also update the ports tree]" \
"-s[source tree]:source tree:_files -/" \
"-P[update only the ports tree]" \
"-b[perform a make buildworld]" \
"-i[perform only a make installworld]" \
"-u[use freebsd-update to update]" \
"-U[use freebsd-update to upgrade]"
}
_ezjail_flavours () {
local flavourdir
local etcjailconf="/usr/local/etc/ezjail.conf"
flavourdir=$( . $etcjailconf ; ezjail_flavours_dir=${ezjail_flavours_dir:-${ezjail_jaildir}/flavours}; echo $ezjail_flavours_dir )
_files -W $flavourdir
}
_ezjail_list_jails () {
local jailcfgs="/usr/local/etc/ezjail"
local state=$1
local ret=1
local j
# Those names have already been passed through "tr -c '[alnum]' _" by ezjail
for j in $jailcfgs/*(:t) ; do
case $state in
running) [[ -f /var/run/jail_${j}.id ]] && compadd $j && ret=0 ;;
stopped) [[ -f /var/run/jail_${j}.id ]] || compadd $j && ret=0 ;;
*) compadd $j && ret=0 ;;
esac
done
return $ret
}
_ezjail_jails () {
_ezjail_list_jails all
}
_ezjail_running_jails () {
_ezjail_list_jails running
}
_ezjail_stopped_jails () {
_ezjail_list_jails stopped
}
# Some commands (console...) should be run with running jails,
# unless -f is given, in which case we can operate on all jails
_ezjail_mostly_running_jails () {
local wanted_jails=_ezjail_running_jails
(( ${words[(I)-*f]} )) && wanted_jails=_ezjail_jails
$wanted_jails
}
_ezjail_mostly_stopped_jails () {
local wanted_jails=_ezjail_stopped_jails
(( ${words[(I)-*f]} )) && wanted_jails=_ezjail_jails
$wanted_jails
}
_ezjail "$@"
# -*- mode: shell-script -*-