Mic92/jails-management
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add jails env, pf_vars, fstab

Browse Source
This commit is contained in:
Jörg Thalheim 2015-01-22 16:02:51 +00:00
parent aba9bb87d1
commit de798d18cc
6 changed files with 145 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
jails.json
View File

@ -2,13 +2,13 @@
"settings": { "settings": {
"ip4_subnet": "192.168.67.0/24", "ip4_subnet": "192.168.67.0/24",
"ip6_subnet": "2a03:b0c0:2:d0:1::/80", "ip6_subnet": "2a03:b0c0:2:d0:1::/80",
"flavor": "default" "flavor": "default",
}, "default_fstab": [
"default_jail_conf": {
"fstab": [
"/usr/jails/basejail /usr/jails/%{name}/basejail nullfs ro 0 0", "/usr/jails/basejail /usr/jails/%{name}/basejail nullfs ro 0 0",
"/data/pkg /usr/jails/%{name} nullfs ro 0 0" "/data/pkg /usr/jails/%{name} nullfs ro 0 0"
] ]
},
"default_jail_conf": {
"exec_start": "/bin/sh /etc/rc", "exec_start": "/bin/sh /etc/rc",
"exec_stop": null, "exec_stop": null,
"hostname": "%{name}", "hostname": "%{name}",
@ -32,16 +32,28 @@
}, },
"jails": { "jails": {
"dns": { "dns": {
"ip4": ["192.168.67.2"], "ip4": [
"ip6": ["2a03:b0c0:2:d0::2a5:f002/128"] "192.168.67.2"
],
"ip6": [
"2a03:b0c0:2:d0::2a5:f002/128"
]
}, },
"dn42": { "dn42": {
"ip4": ["192.168.67.4"], "ip4": [
"ip6": ["2a03:b0c0:2:d0:1::3"] "192.168.67.4"
],
"ip6": [
"2a03:b0c0:2:d0:1::3"
]
}, },
"mail": { "mail": {
"ip4": ["192.168.67.1"], "ip4": [
"ip6": ["2a03:b0c0:2:d0:1::1"] "192.168.67.1"
],
"ip6": [
"2a03:b0c0:2:d0:1::1"
]
} }
} }
} }

22
pf_vars.conf
View File

@ -1,6 +1,16 @@
ipv4_dns="192.168.67.2" # THIS FILE WAS GENERATED, CHANGES WILL BE OVERWRITTEN
ipv6_dns="2a03:b0c0:2:d0::2a5:f002/128"
ipv4_dn42="192.168.67.4" dns_ip4="{192.168.67.2}"
ipv6_dn42="2a03:b0c0:2:d0:1::3" dns_ip4_0="192.168.67.2"
ipv4_mail="192.168.67.1" dns_ip6="{2a03:b0c0:2:d0::2a5:f002/128}"
ipv6_mail="2a03:b0c0:2:d0:1::1" dns_ip6_0="2a03:b0c0:2:d0::2a5:f002/128"
dn42_ip4="{192.168.67.4}"
dn42_ip4_0="192.168.67.4"
dn42_ip6="{2a03:b0c0:2:d0:1::3}"
dn42_ip6_0="2a03:b0c0:2:d0:1::3"
mail_ip4="{192.168.67.1}"
mail_ip4_0="192.168.67.1"
mail_ip6="{2a03:b0c0:2:d0:1::1}"
mail_ip6_0="2a03:b0c0:2:d0:1::1"

132
scripts/jail
View File

@ -23,25 +23,26 @@ end
ROOT_PATH = Pathname.new(File.expand_path("../.." ,__FILE__)) ROOT_PATH = Pathname.new(File.expand_path("../.." ,__FILE__))
EZJAIL_CONFIG_PATH = Pathname.new("/usr/local/etc/ezjail/") EZJAIL_CONFIG_PATH = Pathname.new("/usr/local/etc/ezjail/")
DEFAULT_IP4_SUBNET = "192.168.10.0/24"
DEFAULT_IP6_SUBNET = "fd7d:aed0:18aa::/48"
class Jail class Jail
def initialize(name, properties={}) def initialize(name, properties={})
@name = name @name = name
@properties = properties @properties = properties
end end
attr_accessor :name attr_accessor :name, :properties
def ip4; extract_ip["ip4"]; end def ip4
def ip6; extract_ip["ip6"]; end extract_ip("ip4")
end
def ip6
extract_ip("ip6")
end
private private
def extract_ip(type) def extract_ip(type)
ips = @properties[ip] || [] ips = @properties[type] || []
ips.map do |addr| extract_ip(addr) ips.map do |addr|
# example: em0|192.168.67.0 -> 192.168.67.0 # example: em0|192.168.67.0 -> 192.168.67.0
spec =~ /\|?([^|]+)$/ addr =~ /\|?([^|]+)$/
$1 $1
end end
end end
@ -55,21 +56,23 @@ class JailRegistry < Registry
ip4 = next_address("ip4") ip4 = next_address("ip4")
ip6 = next_address("ip6") ip6 = next_address("ip6")
data["jails"][name] = { data["jails"][name] = {
"ip4" => ip4, "ip4" => [ip4],
"ip6" => ip6 "ip6" => [ip6]
} }
ipconfig = "#{ip4},#{ip6}" ipconfig = "#{ip4},#{ip6}"
flavour = [] flavour = []
if data["settings"]["flavour"] if settings["flavour"]
flavour = ["-f", data["settings"]["flavour"]] flavour = ["-f", settings["flavour"]]
end end
sh("ezjail-admin", "create", *flavour, name, ipconfig) sh("ezjail-admin", "create", *flavour, name, ipconfig)
end end
def env(name) def env(name)
jail_data = data[name] or die("no jail with name #{name} found") jail_data = data["jails"][name] or die("no jail with name #{name} found")
templ = Template.new(ROOT_PATH.join("templates/jail.erb")) jail_data = default_jail_conf.merge(jail_data)
puts(templ.render(name: name, properties: jail_properties(jail_data))) templ = Template.new(ROOT_PATH.join("templates/jail_env.erb"))
properties = jail_properties(name, jail_data)
puts(templ.render(name: name, properties: properties))
end end
def update_pf_vars def update_pf_vars
@ -81,49 +84,106 @@ class JailRegistry < Registry
def update_config_symlinks def update_config_symlinks
conf_path = ROOT_PATH.join("scripts/jail_conf") conf_path = ROOT_PATH.join("scripts/jail_conf")
jails.each do |name| FileUtils.mkdir_p(EZJAIL_CONFIG_PATH)
path = EZJAIL_CONFIG_PATH.join(name) jails.each do |jail|
FileUtils.ln_sf(conf_path, path) FileUtils.ln_sf(conf_path, EZJAIL_CONFIG_PATH.join(jail.name))
end end
end end
def update_fstabs def update_fstabs
templ = Template.new(ROOT_PATH.join("templates/fstab.erb")) templ = Template.new(ROOT_PATH.join("templates/fstab.erb"))
atomic_write(path, templ.render(jails: jails)) jails.each do |jail|
fstab = settings["fstab"].dup
fstab.concat(jail.properties["fstab"] || [])
fstab.map! do |entry|
entry % { name: jail.name }
end
path = "/etc/fstab.#{jail.name}"
atomic_write(path, templ.render(fstab: fstab))
end
end end
private private
def jail_properties(name) def settings
props = @properties.dup {
"ip4_subnet" => "192.168.10.0/24",
"ip6_subnet" => "fd7d:aed0:18aa::/48",
"fstab" => [
"/usr/jails/basejail /usr/jails/%{name}/basejail nullfs ro 0 0",
],
}.merge(data["settings"])
end
def default_jail_conf
{
"exec_start" => "/bin/sh /etc/rc",
"exec_stop" => nil,
"hostname" => "%{name}",
"rootdir" => "/usr/jails/%{name}",
"mount_enable" => true,
"devfs_ruleset" => "devfsrules_jails",
"procfs_enable" => true,
"fdescfs_enable" => true,
"image" => nil,
"imagetype" => nil,
"attachparams" => nil,
"attachblocking" => nil,
"forceblocking" => nil,
"zfs_datasets" => nil,
"cpuset" => nil,
"fib" => nil,
"parentzfs" => nil,
"parameters" => nil,
"post_start_script" => nil,
"retention_policy" => nil
}.merge(data["default_jail_conf"])
end
def jail_properties(name, properties)
props = properties.dup
ips = props.delete("ip4") || [] ips = props.delete("ip4") || []
ips.concat(props.delete("ip6") || []) ips.concat(props.delete("ip6") || [])
if props["ip4"] || props["ip6"] unless ips.empty?
props["ip"] = ips.join(",") props["ip"] = ips.join(",")
end end
props.each do |prop, value| props.each do |prop, value|
props[prop] = Shellwords.escape(value) props[prop] = serialize_property(name, value)
end end
props props
end end
def jails def serialize_property(name, value)
jails = {} str = case value
data["jails"].each do |name, properties| when TrueClass
jails[name] = Jail.new(name, properties) return value ? "YES" : "NO"
when String
value % { name: name }
else
value
end
Shellwords.escape(str)
end
def jails
data["jails"].map do |name, properties|
Jail.new(name, properties)
end end
jails
end end
def next_address(type) def next_address(type)
assigned_subnets = data["jails"].map do |k,v| subnets = []
NetAddr::CIDR.create(v[type]) if v[type] data["jails"].each do |k,v|
end.compact if v[type].is_a? Array
subnet = data["settings"]["#{type}_subnet"] v[type].each do |subnet|
default = { "ip4" => DEFAULT_IP4_SUBNET, "ip6" => DEFAULT_IP6_SUBNET } subnets << NetAddr::CIDR.create(subnet)
subnet ||= default[type] end
next_free_subnet(NetAddr::CIDR.create(subnet), assigned_subnets) end
end
subnet = settings["#{type}_subnet"]
next_free_subnet(NetAddr::CIDR.create(subnet), subnets)
end end
end end

4
scripts/jail_conf Normal file
View File

@ -0,0 +1,4 @@
#!/bin/sh
echo "TODO"
exit 1

2
templates/jail_env.erb
View File

@ -1,3 +1,3 @@
<% jail_properties.each do |property,value| -%> <% properties.each do |property,value| -%>
export jail_<%= name %>_<%= property %>=<%= value %> export jail_<%= name %>_<%= property %>=<%= value %>
<% end -%> <% end -%>

14
templates/pf.erb
View File

@ -1,14 +1,12 @@
# THIS FILE WAS GENERATED, CHANGES WILL BE OVERWRITTEN # THIS FILE WAS GENERATED, CHANGES WILL BE OVERWRITTEN
<% jails.each do |jail| -%> <% jails.each do |jail| -%>
<%= name %>_ip4="{<%= jail.ip4.join(", ") %>}" <%= jail.name %>_ip4="{<%= jail.ip4.join(", ") -%>}"
<% jail.ip4.each_with_index |ip, idx| -%> <% jail.ip4.each_with_index do |ip, idx| -%>
<%= name %>_ip4_<%= idx %>="<%= ip %>" <%= jail.name %>_ip4_<%= idx %>="<%= ip %>"
<% end -%> <% end -%>
<%= jail.name %>_ip6="{<%= jail.ip6.join(", ") -%>}"
<%= name %>_ip6="{<%= jail.ip6.join(", ") %>}" <% jail.ip6.each_with_index do |ip, idx| -%>
<% jail.ip6.each_with_index |ip, idx| -%> <%= jail.name %>_ip6_<%= idx %>="<%= ip %>"
<%= name %>_ip6_<%= idx %>="<%= ip %>"
<% end -%> <% end -%>
<% end -%> <% end -%>