Browse Source

add jails env, pf_vars, fstab

master
Jörg Thalheim 6 years ago
parent
commit
de798d18cc
  1. 32
      jails.json
  2. 22
      pf_vars.conf
  3. 130
      scripts/jail
  4. 4
      scripts/jail_conf
  5. 2
      templates/jail_env.erb
  6. 14
      templates/pf.erb

32
jails.json

@ -2,13 +2,13 @@
"settings": {
"ip4_subnet": "192.168.67.0/24",
"ip6_subnet": "2a03:b0c0:2:d0:1::/80",
"flavor": "default"
},
"default_jail_conf": {
"fstab": [
"flavor": "default",
"default_fstab": [
"/usr/jails/basejail /usr/jails/%{name}/basejail nullfs ro 0 0",
"/data/pkg /usr/jails/%{name} nullfs ro 0 0"
]
},
"default_jail_conf": {
"exec_start": "/bin/sh /etc/rc",
"exec_stop": null,
"hostname": "%{name}",
@ -32,16 +32,28 @@
},
"jails": {
"dns": {
"ip4": ["192.168.67.2"],
"ip6": ["2a03:b0c0:2:d0::2a5:f002/128"]
"ip4": [
"192.168.67.2"
],
"ip6": [
"2a03:b0c0:2:d0::2a5:f002/128"
]
},
"dn42": {
"ip4": ["192.168.67.4"],
"ip6": ["2a03:b0c0:2:d0:1::3"]
"ip4": [
"192.168.67.4"
],
"ip6": [
"2a03:b0c0:2:d0:1::3"
]
},
"mail": {
"ip4": ["192.168.67.1"],
"ip6": ["2a03:b0c0:2:d0:1::1"]
"ip4": [
"192.168.67.1"
],
"ip6": [
"2a03:b0c0:2:d0:1::1"
]
}
}
}

22
pf_vars.conf

@ -1,6 +1,16 @@
ipv4_dns="192.168.67.2"
ipv6_dns="2a03:b0c0:2:d0::2a5:f002/128"
ipv4_dn42="192.168.67.4"
ipv6_dn42="2a03:b0c0:2:d0:1::3"
ipv4_mail="192.168.67.1"
ipv6_mail="2a03:b0c0:2:d0:1::1"
# THIS FILE WAS GENERATED, CHANGES WILL BE OVERWRITTEN
dns_ip4="{192.168.67.2}"
dns_ip4_0="192.168.67.2"
dns_ip6="{2a03:b0c0:2:d0::2a5:f002/128}"
dns_ip6_0="2a03:b0c0:2:d0::2a5:f002/128"
dn42_ip4="{192.168.67.4}"
dn42_ip4_0="192.168.67.4"
dn42_ip6="{2a03:b0c0:2:d0:1::3}"
dn42_ip6_0="2a03:b0c0:2:d0:1::3"
mail_ip4="{192.168.67.1}"
mail_ip4_0="192.168.67.1"
mail_ip6="{2a03:b0c0:2:d0:1::1}"
mail_ip6_0="2a03:b0c0:2:d0:1::1"

130
scripts/jail

@ -23,25 +23,26 @@ end
ROOT_PATH = Pathname.new(File.expand_path("../.." ,__FILE__))
EZJAIL_CONFIG_PATH = Pathname.new("/usr/local/etc/ezjail/")
DEFAULT_IP4_SUBNET = "192.168.10.0/24"
DEFAULT_IP6_SUBNET = "fd7d:aed0:18aa::/48"
class Jail
def initialize(name, properties={})
@name = name
@properties = properties
end
attr_accessor :name
attr_accessor :name, :properties
def ip4; extract_ip["ip4"]; end
def ip6; extract_ip["ip6"]; end
def ip4
extract_ip("ip4")
end
def ip6
extract_ip("ip6")
end
private
def extract_ip(type)
ips = @properties[ip] || []
ips.map do |addr| extract_ip(addr)
ips = @properties[type] || []
ips.map do |addr|
# example: em0|192.168.67.0 -> 192.168.67.0
spec =~ /\|?([^|]+)$/
addr =~ /\|?([^|]+)$/
$1
end
end
@ -55,21 +56,23 @@ class JailRegistry < Registry
ip4 = next_address("ip4")
ip6 = next_address("ip6")
data["jails"][name] = {
"ip4" => ip4,
"ip6" => ip6
"ip4" => [ip4],
"ip6" => [ip6]
}
ipconfig = "#{ip4},#{ip6}"
flavour = []
if data["settings"]["flavour"]
flavour = ["-f", data["settings"]["flavour"]]
if settings["flavour"]
flavour = ["-f", settings["flavour"]]
end
sh("ezjail-admin", "create", *flavour, name, ipconfig)
end
def env(name)
jail_data = data[name] or die("no jail with name #{name} found")
templ = Template.new(ROOT_PATH.join("templates/jail.erb"))
puts(templ.render(name: name, properties: jail_properties(jail_data)))
jail_data = data["jails"][name] or die("no jail with name #{name} found")
jail_data = default_jail_conf.merge(jail_data)
templ = Template.new(ROOT_PATH.join("templates/jail_env.erb"))
properties = jail_properties(name, jail_data)
puts(templ.render(name: name, properties: properties))
end
def update_pf_vars
@ -81,49 +84,106 @@ class JailRegistry < Registry
def update_config_symlinks
conf_path = ROOT_PATH.join("scripts/jail_conf")
jails.each do |name|
path = EZJAIL_CONFIG_PATH.join(name)
FileUtils.ln_sf(conf_path, path)
FileUtils.mkdir_p(EZJAIL_CONFIG_PATH)
jails.each do |jail|
FileUtils.ln_sf(conf_path, EZJAIL_CONFIG_PATH.join(jail.name))
end
end
def update_fstabs
templ = Template.new(ROOT_PATH.join("templates/fstab.erb"))
atomic_write(path, templ.render(jails: jails))
jails.each do |jail|
fstab = settings["fstab"].dup
fstab.concat(jail.properties["fstab"] || [])
fstab.map! do |entry|
entry % { name: jail.name }
end
path = "/etc/fstab.#{jail.name}"
atomic_write(path, templ.render(fstab: fstab))
end
end
private
def jail_properties(name)
props = @properties.dup
def settings
{
"ip4_subnet" => "192.168.10.0/24",
"ip6_subnet" => "fd7d:aed0:18aa::/48",
"fstab" => [
"/usr/jails/basejail /usr/jails/%{name}/basejail nullfs ro 0 0",
],
}.merge(data["settings"])
end
def default_jail_conf
{
"exec_start" => "/bin/sh /etc/rc",
"exec_stop" => nil,
"hostname" => "%{name}",
"rootdir" => "/usr/jails/%{name}",
"mount_enable" => true,
"devfs_ruleset" => "devfsrules_jails",
"procfs_enable" => true,
"fdescfs_enable" => true,
"image" => nil,
"imagetype" => nil,
"attachparams" => nil,
"attachblocking" => nil,
"forceblocking" => nil,
"zfs_datasets" => nil,
"cpuset" => nil,
"fib" => nil,
"parentzfs" => nil,
"parameters" => nil,
"post_start_script" => nil,
"retention_policy" => nil
}.merge(data["default_jail_conf"])
end
def jail_properties(name, properties)
props = properties.dup
ips = props.delete("ip4") || []
ips.concat(props.delete("ip6") || [])
if props["ip4"] || props["ip6"]
unless ips.empty?
props["ip"] = ips.join(",")
end
props.each do |prop, value|
props[prop] = Shellwords.escape(value)
props[prop] = serialize_property(name, value)
end
props
end
def serialize_property(name, value)
str = case value
when TrueClass
return value ? "YES" : "NO"
when String
value % { name: name }
else
value
end
Shellwords.escape(str)
end
def jails
jails = {}
data["jails"].each do |name, properties|
jails[name] = Jail.new(name, properties)
data["jails"].map do |name, properties|
Jail.new(name, properties)
end
jails
end
def next_address(type)
assigned_subnets = data["jails"].map do |k,v|
NetAddr::CIDR.create(v[type]) if v[type]
end.compact
subnet = data["settings"]["#{type}_subnet"]
default = { "ip4" => DEFAULT_IP4_SUBNET, "ip6" => DEFAULT_IP6_SUBNET }
subnet ||= default[type]
next_free_subnet(NetAddr::CIDR.create(subnet), assigned_subnets)
subnets = []
data["jails"].each do |k,v|
if v[type].is_a? Array
v[type].each do |subnet|
subnets << NetAddr::CIDR.create(subnet)
end
end
end
subnet = settings["#{type}_subnet"]
next_free_subnet(NetAddr::CIDR.create(subnet), subnets)
end
end

4
scripts/jail_conf

@ -0,0 +1,4 @@
#!/bin/sh
echo "TODO"
exit 1

2
templates/jail_env.erb

@ -1,3 +1,3 @@
<% jail_properties.each do |property,value| -%>
<% properties.each do |property,value| -%>
export jail_<%= name %>_<%= property %>=<%= value %>
<% end -%>

14
templates/pf.erb

@ -1,14 +1,12 @@
# THIS FILE WAS GENERATED, CHANGES WILL BE OVERWRITTEN
<% jails.each do |jail| -%>
<%= name %>_ip4="{<%= jail.ip4.join(", ") %>}"
<% jail.ip4.each_with_index |ip, idx| -%>
<%= name %>_ip4_<%= idx %>="<%= ip %>"
<%= jail.name %>_ip4="{<%= jail.ip4.join(", ") -%>}"
<% jail.ip4.each_with_index do |ip, idx| -%>
<%= jail.name %>_ip4_<%= idx %>="<%= ip %>"
<% end -%>
<%= name %>_ip6="{<%= jail.ip6.join(", ") %>}"
<% jail.ip6.each_with_index |ip, idx| -%>
<%= name %>_ip6_<%= idx %>="<%= ip %>"
<%= jail.name %>_ip6="{<%= jail.ip6.join(", ") -%>}"
<% jail.ip6.each_with_index do |ip, idx| -%>
<%= jail.name %>_ip6_<%= idx %>="<%= ip %>"
<% end -%>
<% end -%>
Loading…
Cancel
Save