From de798d18cc5741693454a912afc8d866a4b6b642 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@higgsboson.tk>
Date: Thu, 22 Jan 2015 16:02:51 +0000
Subject: [PATCH] add jails env, pf_vars, fstab

---
 jails.json             |  32 ++++++----
 pf_vars.conf           |  22 +++++--
 scripts/jail           | 132 ++++++++++++++++++++++++++++++-----------
 scripts/jail_conf      |   4 ++
 templates/jail_env.erb |   2 +-
 templates/pf.erb       |  14 ++---
 6 files changed, 145 insertions(+), 61 deletions(-)
 create mode 100644 scripts/jail_conf

diff --git a/jails.json b/jails.json
index bcb42c3..e023acf 100644
--- a/jails.json
+++ b/jails.json
@@ -2,13 +2,13 @@
   "settings": {
     "ip4_subnet": "192.168.67.0/24",
     "ip6_subnet": "2a03:b0c0:2:d0:1::/80",
-    "flavor": "default"
-  },
-  "default_jail_conf": {
-    "fstab": [
+    "flavor": "default",
+    "default_fstab": [
       "/usr/jails/basejail /usr/jails/%{name}/basejail nullfs ro 0 0",
       "/data/pkg /usr/jails/%{name} nullfs ro 0 0"
     ]
+  },
+  "default_jail_conf": {
     "exec_start": "/bin/sh /etc/rc",
     "exec_stop": null,
     "hostname": "%{name}",
@@ -32,16 +32,28 @@
   },
   "jails": {
     "dns": {
-      "ip4": ["192.168.67.2"],
-      "ip6": ["2a03:b0c0:2:d0::2a5:f002/128"]
+      "ip4": [
+        "192.168.67.2"
+      ],
+      "ip6": [
+        "2a03:b0c0:2:d0::2a5:f002/128"
+      ]
     },
     "dn42": {
-      "ip4": ["192.168.67.4"],
-      "ip6": ["2a03:b0c0:2:d0:1::3"]
+      "ip4": [
+        "192.168.67.4"
+      ],
+      "ip6": [
+        "2a03:b0c0:2:d0:1::3"
+      ]
     },
     "mail": {
-      "ip4": ["192.168.67.1"],
-      "ip6": ["2a03:b0c0:2:d0:1::1"]
+      "ip4": [
+        "192.168.67.1"
+      ],
+      "ip6": [
+        "2a03:b0c0:2:d0:1::1"
+      ]
     }
   }
 }
diff --git a/pf_vars.conf b/pf_vars.conf
index 0c04421..eef0d11 100644
--- a/pf_vars.conf
+++ b/pf_vars.conf
@@ -1,6 +1,16 @@
-ipv4_dns="192.168.67.2"
-ipv6_dns="2a03:b0c0:2:d0::2a5:f002/128"
-ipv4_dn42="192.168.67.4"
-ipv6_dn42="2a03:b0c0:2:d0:1::3"
-ipv4_mail="192.168.67.1"
-ipv6_mail="2a03:b0c0:2:d0:1::1"
+# THIS FILE WAS GENERATED, CHANGES WILL BE OVERWRITTEN
+
+dns_ip4="{192.168.67.2}"
+dns_ip4_0="192.168.67.2"
+dns_ip6="{2a03:b0c0:2:d0::2a5:f002/128}"
+dns_ip6_0="2a03:b0c0:2:d0::2a5:f002/128"
+
+dn42_ip4="{192.168.67.4}"
+dn42_ip4_0="192.168.67.4"
+dn42_ip6="{2a03:b0c0:2:d0:1::3}"
+dn42_ip6_0="2a03:b0c0:2:d0:1::3"
+
+mail_ip4="{192.168.67.1}"
+mail_ip4_0="192.168.67.1"
+mail_ip6="{2a03:b0c0:2:d0:1::1}"
+mail_ip6_0="2a03:b0c0:2:d0:1::1"
diff --git a/scripts/jail b/scripts/jail
index ce67511..08843b5 100755
--- a/scripts/jail
+++ b/scripts/jail
@@ -23,25 +23,26 @@ end
 ROOT_PATH = Pathname.new(File.expand_path("../.." ,__FILE__))
 EZJAIL_CONFIG_PATH = Pathname.new("/usr/local/etc/ezjail/")
 
-DEFAULT_IP4_SUBNET = "192.168.10.0/24"
-DEFAULT_IP6_SUBNET = "fd7d:aed0:18aa::/48"
-
 class Jail
   def initialize(name, properties={})
     @name = name
     @properties = properties
   end
-  attr_accessor :name
+  attr_accessor :name, :properties
 
-  def ip4; extract_ip["ip4"]; end
-  def ip6; extract_ip["ip6"]; end
+  def ip4
+    extract_ip("ip4")
+  end
+  def ip6
+    extract_ip("ip6")
+  end
 
   private
   def extract_ip(type)
-    ips = @properties[ip] || []
-    ips.map do |addr| extract_ip(addr)
+    ips = @properties[type] || []
+    ips.map do |addr|
       # example: em0|192.168.67.0 -> 192.168.67.0
-      spec =~ /\|?([^|]+)$/
+      addr =~ /\|?([^|]+)$/
       $1
     end
   end
@@ -55,21 +56,23 @@ class JailRegistry < Registry
     ip4 = next_address("ip4")
     ip6 = next_address("ip6")
     data["jails"][name] = {
-      "ip4" => ip4,
-      "ip6" => ip6
+      "ip4" => [ip4],
+      "ip6" => [ip6]
     }
     ipconfig = "#{ip4},#{ip6}"
     flavour = []
-    if data["settings"]["flavour"]
-      flavour = ["-f", data["settings"]["flavour"]]
+    if settings["flavour"]
+      flavour = ["-f", settings["flavour"]]
     end
     sh("ezjail-admin", "create", *flavour, name, ipconfig)
   end
 
   def env(name)
-    jail_data = data[name] or die("no jail with name #{name} found")
-    templ = Template.new(ROOT_PATH.join("templates/jail.erb"))
-    puts(templ.render(name: name, properties: jail_properties(jail_data)))
+    jail_data = data["jails"][name] or die("no jail with name #{name} found")
+    jail_data = default_jail_conf.merge(jail_data)
+    templ = Template.new(ROOT_PATH.join("templates/jail_env.erb"))
+    properties = jail_properties(name, jail_data)
+    puts(templ.render(name: name, properties: properties))
   end
 
   def update_pf_vars
@@ -81,49 +84,106 @@ class JailRegistry < Registry
 
   def update_config_symlinks
     conf_path = ROOT_PATH.join("scripts/jail_conf")
-    jails.each do |name|
-      path = EZJAIL_CONFIG_PATH.join(name)
-      FileUtils.ln_sf(conf_path, path)
+    FileUtils.mkdir_p(EZJAIL_CONFIG_PATH)
+    jails.each do |jail|
+      FileUtils.ln_sf(conf_path, EZJAIL_CONFIG_PATH.join(jail.name))
     end
   end
 
   def update_fstabs
     templ = Template.new(ROOT_PATH.join("templates/fstab.erb"))
-    atomic_write(path, templ.render(jails: jails))
+    jails.each do |jail|
+      fstab = settings["fstab"].dup
+      fstab.concat(jail.properties["fstab"] || [])
+      fstab.map! do |entry|
+        entry % { name: jail.name }
+      end
+
+      path = "/etc/fstab.#{jail.name}"
+      atomic_write(path, templ.render(fstab: fstab))
+    end
   end
 
   private
-    def jail_properties(name)
-      props = @properties.dup
+    def settings
+      {
+        "ip4_subnet" => "192.168.10.0/24",
+        "ip6_subnet" => "fd7d:aed0:18aa::/48",
+        "fstab" => [
+          "/usr/jails/basejail /usr/jails/%{name}/basejail nullfs ro 0 0",
+        ],
+      }.merge(data["settings"])
+    end
+
+    def default_jail_conf
+      {
+        "exec_start" => "/bin/sh /etc/rc",
+        "exec_stop" => nil,
+        "hostname" => "%{name}",
+        "rootdir" => "/usr/jails/%{name}",
+        "mount_enable" => true,
+        "devfs_ruleset" => "devfsrules_jails",
+        "procfs_enable" => true,
+        "fdescfs_enable" => true,
+        "image" => nil,
+        "imagetype" => nil,
+        "attachparams" => nil,
+        "attachblocking" => nil,
+        "forceblocking" => nil,
+        "zfs_datasets" => nil,
+        "cpuset" => nil,
+        "fib" => nil,
+        "parentzfs" => nil,
+        "parameters" => nil,
+        "post_start_script" => nil,
+        "retention_policy" => nil
+      }.merge(data["default_jail_conf"])
+    end
+
+    def jail_properties(name, properties)
+      props = properties.dup
 
       ips = props.delete("ip4") || []
       ips.concat(props.delete("ip6") || [])
-      if props["ip4"] || props["ip6"]
+      unless ips.empty?
         props["ip"] = ips.join(",")
       end
       props.each do |prop, value|
-        props[prop] = Shellwords.escape(value)
+        props[prop] = serialize_property(name, value)
       end
 
       props
     end
 
-    def jails
-      jails = {}
-      data["jails"].each do |name, properties|
-        jails[name] = Jail.new(name, properties)
+    def serialize_property(name, value)
+      str = case value
+      when TrueClass
+        return value ? "YES" : "NO"
+      when String
+        value % { name: name }
+      else
+        value
+      end
+      Shellwords.escape(str)
+    end
+
+    def jails
+      data["jails"].map do |name, properties|
+        Jail.new(name, properties)
       end
-      jails
     end
 
     def next_address(type)
-      assigned_subnets = data["jails"].map do |k,v|
-        NetAddr::CIDR.create(v[type]) if v[type]
-      end.compact
-      subnet = data["settings"]["#{type}_subnet"]
-      default = { "ip4" => DEFAULT_IP4_SUBNET, "ip6" => DEFAULT_IP6_SUBNET }
-      subnet ||= default[type]
-      next_free_subnet(NetAddr::CIDR.create(subnet), assigned_subnets)
+      subnets = []
+      data["jails"].each do |k,v|
+        if v[type].is_a? Array
+          v[type].each do |subnet|
+            subnets << NetAddr::CIDR.create(subnet)
+          end
+        end
+      end
+      subnet = settings["#{type}_subnet"]
+      next_free_subnet(NetAddr::CIDR.create(subnet), subnets)
     end
 end
 
diff --git a/scripts/jail_conf b/scripts/jail_conf
new file mode 100644
index 0000000..3fb40f9
--- /dev/null
+++ b/scripts/jail_conf
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo "TODO"
+exit 1
diff --git a/templates/jail_env.erb b/templates/jail_env.erb
index 4f251ac..1dcbed3 100644
--- a/templates/jail_env.erb
+++ b/templates/jail_env.erb
@@ -1,3 +1,3 @@
-<% jail_properties.each do |property,value| -%>
+<% properties.each do |property,value| -%>
 export jail_<%= name %>_<%= property %>=<%= value %>
 <% end -%>
diff --git a/templates/pf.erb b/templates/pf.erb
index ffc5ade..2bf9d2c 100644
--- a/templates/pf.erb
+++ b/templates/pf.erb
@@ -1,14 +1,12 @@
 # THIS FILE WAS GENERATED, CHANGES WILL BE OVERWRITTEN
 <% jails.each do |jail| -%>
 
-<%= name %>_ip4="{<%= jail.ip4.join(", ") %>}"
-<% jail.ip4.each_with_index |ip, idx| -%>
-<%= name %>_ip4_<%= idx %>="<%= ip %>"
+<%= jail.name %>_ip4="{<%= jail.ip4.join(", ") -%>}"
+<% jail.ip4.each_with_index do |ip, idx| -%>
+<%= jail.name %>_ip4_<%= idx %>="<%= ip %>"
 <% end -%>
-
-<%= name %>_ip6="{<%= jail.ip6.join(", ") %>}"
-<% jail.ip6.each_with_index |ip, idx| -%>
-<%= name %>_ip6_<%= idx %>="<%= ip %>"
+<%= jail.name %>_ip6="{<%= jail.ip6.join(", ") -%>}"
+<% jail.ip6.each_with_index do |ip, idx| -%>
+<%= jail.name %>_ip6_<%= idx %>="<%= ip %>"
 <% end -%>
-
 <% end -%>