mkjail.sh

Check-in [cc5b2533c3]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Standardize variables Introduce config file Architecture is now possible to override via an option flag
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | combined
Files: files | file ages | folders
SHA3-256:cc5b2533c396ecbf228bef40efb3e7dd1b81e86d7e2026d8986cc6970807617d
User & Date: feld 2018-10-02 20:46:48
Context
2018-10-02
21:11
Reliability improvements Automatic release fetching if it's not already seeded Leaf check-in: 87a9ece2e6 user: feld tags: combined
20:46
Standardize variables Introduce config file Architecture is now possible to override via an option flag check-in: cc5b2533c3 user: feld tags: combined
2018-09-27
19:13
Centralize uid check into mkjail itself check-in: 0f6d6be7c1 user: feld tags: combined
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/bin/mkjail.

21
22
23
24
25
26
27


28
29
30
31
32
33
34
..
50
51
52
53
54
55
56



57
58
59
60
61
62
63
64



65
66
67
68



69
70
71
72
73
74
75
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.



if [ $(id -u) -ne 0 ]; then
    echo "Error: must run as root or with sudo."
    exit 1
fi

show_help() {
cat <<HELP
................................................................................
CMD=$1

MKJAILPATH=`realpath $0`
if [ "${MKJAILPATH%src/bin/mkjail}" != "${MKJAILPATH}" ]; then
        # It is running from src/bin/mkjail in checkout
        MKJAILPREFIX=${MKJAILPATH%/bin/*}
        LIBEXECPREFIX="${MKJAILPATH%/src/bin/mkjail}"



elif [ "${MKJAILPATH%/bin/*}" = "${MKJAILPATH}" ]; then
        # It is running in a build directory or the source checkout as
        # ./mkjail.  Lookup VPATH to resolve to source checkout if in
        # build directory.
        [ -f Makefile ] && VPATH="$(make -V VPATH)"
        MKJAILPREFIX="${MKJAILPATH%/mkjail}${VPATH:+/${VPATH}}/src"
        [ -n "${VPATH}" ] && MKJAILPREFIX="$(realpath "${MKJAILPREFIX}")"
        LIBEXECPREFIX="${MKJAILPATH%/mkjail}"



else
        # Running from PREFIX/bin/mkjail
        MKJAILPREFIX=${MKJAILPATH%/bin/*}
        LIBEXECPREFIX="${MKJAILPREFIX}/libexec/mkjail"



fi

SCRIPTPREFIX=${MKJAILPREFIX}/share/mkjail
SCRIPTPATH="${SCRIPTPREFIX}/${CMD}.sh"

case "${CMD}" in
create|update|upgrade)







>
>







 







>
>
>








>
>
>




>
>
>







21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
..
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.

export PATH=/bin:/sbin:/usr/bin:/usr/sbin

if [ $(id -u) -ne 0 ]; then
    echo "Error: must run as root or with sudo."
    exit 1
fi

show_help() {
cat <<HELP
................................................................................
CMD=$1

MKJAILPATH=`realpath $0`
if [ "${MKJAILPATH%src/bin/mkjail}" != "${MKJAILPATH}" ]; then
        # It is running from src/bin/mkjail in checkout
        MKJAILPREFIX=${MKJAILPATH%/bin/*}
        LIBEXECPREFIX="${MKJAILPATH%/src/bin/mkjail}"
        set -a
        . ${MKJAILPREFIX}/etc/mkjail.conf
        set +a
elif [ "${MKJAILPATH%/bin/*}" = "${MKJAILPATH}" ]; then
        # It is running in a build directory or the source checkout as
        # ./mkjail.  Lookup VPATH to resolve to source checkout if in
        # build directory.
        [ -f Makefile ] && VPATH="$(make -V VPATH)"
        MKJAILPREFIX="${MKJAILPATH%/mkjail}${VPATH:+/${VPATH}}/src"
        [ -n "${VPATH}" ] && MKJAILPREFIX="$(realpath "${MKJAILPREFIX}")"
        LIBEXECPREFIX="${MKJAILPATH%/mkjail}"
        set -a
        . ${MKJAILPREFIX}/etc/mkjail.conf
        set +a
else
        # Running from PREFIX/bin/mkjail
        MKJAILPREFIX=${MKJAILPATH%/bin/*}
        LIBEXECPREFIX="${MKJAILPREFIX}/libexec/mkjail"
        set -a
        . ${MKJAILPREFIX}/etc/mkjail.conf
        set +a
fi

SCRIPTPREFIX=${MKJAILPREFIX}/share/mkjail
SCRIPTPATH="${SCRIPTPREFIX}/${CMD}.sh"

case "${CMD}" in
create|update|upgrade)

Added src/etc/mkjail.conf.























>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
# mkjail config file

# Set your zpool name
ZPOOL="zroot"

# Set jail root filesystem path
JAILROOT="/jails"

# Sets you want extracted into new jail
# options include: base, doc, games (deprecated), kernel, lib32, ports, src
SETS="base doc lib32"

Changes to src/share/mkjail/create.sh.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

67
68
69
70
71
72
73
..
82
83
84
85
86
87
88
89
90


91
92
93
94
95
96
97
...
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
#!/bin/sh
# Lazy, dirty tool for creating fat jails.
#-
# Copyright (c) 2018 Mark Felder
# All rights reserved
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted providing that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.

ARCH=$(uname -m)

# Set your zpool name
zpool="zroot"

# Set jailroot
jailroot=/jails

# Sets you want extracted into new jail
# options include: base, doc, games (deprecated), kernel, lib32, ports, src
SETS="base doc lib32"

# The "version" names are names of dirs you have downloaded the release
# tarballs into. They are found in e.g., /var/db/mkjail/releases/amd64/10.1-RELEASE.
#
# Note, it is important to name the dir the full name of the release
# (10.1-RELEASE) as this information is added to a ZFS property used to
# track which version the jail is. It is then used by the updatejail.sh
# script to correctly update the jail with freebsd-update.
#
# The flavours are directories with config files you want copied into
# the new jail upon creation. If you have a flavour named "foo", you
# would create /var/db/mkjail/flavours/foo/etc/something.conf to have that
# copied to jail's /etc/something.conf upon creation.
#
#
# Nothing below here is configurable but I remind you that I did not
# build in any seatbelts :-)
#

ip4int=$(route -4 get default | awk '/interface: / {print $2}')
ip6int=$(route -6 get default | awk '/interface: / {print $2}')
ip4guess=$(ifconfig ${ip4int} | awk '/inet / && !/127.0/ {print $2}' | head -n 1)
ip6guess=$(ifconfig ${ip6int} | awk '/inet6 / && !/(fe80| ::1)/ {print $2}' | head -n 1)

show_help() {
cat <<HELP
usage: mkjail create [-j JAILNAME] [-v VERSION] [-f FLAVOUR] [-s "SETS"]


	-f Flavour (copy in files after creation)
	-h View this help
	-j Jail name
	-s Sets: "base doc games lib32"
	-v Version of jail (9.3-RELEASE, 10.1-RELEASE, etc)

mkjail.sh: 2018, feld@FreeBSD.org
................................................................................
    exit 1
}


# option parsing has to happen below the show_help
# shift to skip the first argument or getopts loses its mind
shift
while getopts "f:hj:v:s:" opt; do
    case ${opt} in


        f)  fflag=1; FLAVOUR=${OPTARG}
            ;;
        h)
            show_help
            exit 0
            ;;
        j)  jflag=1; JAILNAME=${OPTARG}
................................................................................
# Make sure target flavor exists
if [ x"${fflag}" = x1 ] && [ ! -d /var/db/mkjail/flavours/${FLAVOUR} ]; then
    echo "Error: flavour ${FLAVOUR} does not exist. Please create it first."
    exit 1
fi

# Create the ZFS filesystem
echo "Creating ${zpool}/jails/${JAILNAME}..."
zfs create -p -o mountpoint=/jails ${zpool}/jails
zfs create -p ${zpool}/jails/${JAILNAME}
zfs set mkjail:version=${VERSION} ${zpool}/jails/${JAILNAME}

# Extract the files
for set in $(echo ${SETS}); do
    echo "Extracting ${set} into ${jailroot}/${JAILNAME}..."
    tar -xf /var/db/mkjail/releases/${ARCH}/${VERSION}/$set.txz -C ${jailroot}/${JAILNAME} ;
done

if [ x"${fflag}" = x1 ] ; then
    # put in default configs:
    echo "Copying in our configs..."
    cp -a /var/db/mkjail/flavours/${FLAVOUR}/ ${jailroot}/${JAILNAME}
fi
}

_docs() {
# Give instructions
cat <<DOCS

Now put something like the following in /etc/jail.conf:

exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
path = ${jailroot}/\$name;
securelevel = 2;

${JAILNAME} {
    host.hostname = "${JAILNAME}";
    ip4.addr = ${ip4guess};
    ip6.addr = ${ip6guess};
    persist;

<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<








|

>







 







|

>
>







 







|
|
|
|



|
|





|













|







1




2





















3




























4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
..
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
..
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/bin/sh


























: ${ARCH=$(uname -m)}





























ip4int=$(route -4 get default | awk '/interface: / {print $2}')
ip6int=$(route -6 get default | awk '/interface: / {print $2}')
ip4guess=$(ifconfig ${ip4int} | awk '/inet / && !/127.0/ {print $2}' | head -n 1)
ip6guess=$(ifconfig ${ip6int} | awk '/inet6 / && !/(fe80| ::1)/ {print $2}' | head -n 1)

show_help() {
cat <<HELP
usage: mkjail create [-j JAILNAME] [-a ARCH] [-v VERSION] [-f FLAVOUR] [-s "SETS"]

        -a Architecture (i386, amd64, etc)
	-f Flavour (copy in files after creation)
	-h View this help
	-j Jail name
	-s Sets: "base doc games lib32"
	-v Version of jail (9.3-RELEASE, 10.1-RELEASE, etc)

mkjail.sh: 2018, feld@FreeBSD.org
................................................................................
    exit 1
}


# option parsing has to happen below the show_help
# shift to skip the first argument or getopts loses its mind
shift
while getopts "a:f:hj:v:s:" opt; do
    case ${opt} in
        a)  ARCH=${OPTARG}
            ;;
        f)  fflag=1; FLAVOUR=${OPTARG}
            ;;
        h)
            show_help
            exit 0
            ;;
        j)  jflag=1; JAILNAME=${OPTARG}
................................................................................
# Make sure target flavor exists
if [ x"${fflag}" = x1 ] && [ ! -d /var/db/mkjail/flavours/${FLAVOUR} ]; then
    echo "Error: flavour ${FLAVOUR} does not exist. Please create it first."
    exit 1
fi

# Create the ZFS filesystem
echo "Creating ${ZPOOL}/jails/${JAILNAME}..."
zfs create -p -o mountpoint=/jails ${ZPOOL}/jails
zfs create -p ${ZPOOL}/jails/${JAILNAME}
zfs set mkjail:version=${VERSION} ${ZPOOL}/jails/${JAILNAME}

# Extract the files
for set in $(echo ${SETS}); do
    echo "Extracting ${set} into ${JAILROOT}/${JAILNAME}..."
    tar -xf /var/db/mkjail/releases/${ARCH}/${VERSION}/$set.txz -C ${JAILROOT}/${JAILNAME} ;
done

if [ x"${fflag}" = x1 ] ; then
    # put in default configs:
    echo "Copying in our configs..."
    cp -a /var/db/mkjail/flavours/${FLAVOUR}/ ${JAILROOT}/${JAILNAME}
fi
}

_docs() {
# Give instructions
cat <<DOCS

Now put something like the following in /etc/jail.conf:

exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
path = ${JAILROOT}/\$name;
securelevel = 2;

${JAILNAME} {
    host.hostname = "${JAILNAME}";
    ip4.addr = ${ip4guess};
    ip6.addr = ${ip6guess};
    persist;

Changes to src/share/mkjail/getrelease.sh.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#!/bin/sh

if [ $(id -u) -ne 0 ]; then
    echo "Error: must run as root or with sudo."
    exit 1
fi

ARCH=$(uname -m)

dists="base.txz doc.txz lib32.txz"

mkdir -p /var/db/mkjail/releases/${ARCH}/${1}
cd /var/db/mkjail/releases/${ARCH}/${1}

for i in $dists; do 
   fetch https://download.freebsd.org/ftp/releases/${ARCH}/${1}/${i}
done








|










1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#!/bin/sh

if [ $(id -u) -ne 0 ]; then
    echo "Error: must run as root or with sudo."
    exit 1
fi

: ${ARCH=$(uname -m)}

dists="base.txz doc.txz lib32.txz"

mkdir -p /var/db/mkjail/releases/${ARCH}/${1}
cd /var/db/mkjail/releases/${ARCH}/${1}

for i in $dists; do 
   fetch https://download.freebsd.org/ftp/releases/${ARCH}/${1}/${i}
done

Changes to src/share/mkjail/update.sh.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/bin/sh

export JAILROOT=/jails
export PAGER=cat
export JAILNAME=${@}
export MIRROR=update5.freebsd.org

_alljails()
{
    echo "Updating all jails..."
    echo ""
    for i in $(jls -q name); do
      echo "Updating ${i} jail..."
      echo ""
      export UNAME_r=$(zfs get -H mkjail:version ${JAILROOT}/${i} | awk '{print $3}')
      freebsd-update -s ${MIRROR} -b ${JAILROOT}/${i} -f ${JAILROOT}/${i}/etc/freebsd-update.conf fetch install
    done
    exit 0
}

_onejail()
{
    echo "Updating ${JAILNAME} jail..."
    echo ""
    export UNAME_r=$(zfs get -H mkjail:version ${JAILROOT}/${JAILNAME} | awk '{print $3}')
    freebsd-update -s ${MIRROR} -b ${JAILROOT}/${JAILNAME} -f ${JAILROOT}/${JAILNAME}/etc/freebsd-update.conf fetch install
    exit 0
}

show_help() {
cat <<HELP
usage: mkjail update [-a] | [-j JAILNAME]



<
|
<
<









|









|







1
2

3


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#!/bin/sh


PAGER=cat



_alljails()
{
    echo "Updating all jails..."
    echo ""
    for i in $(jls -q name); do
      echo "Updating ${i} jail..."
      echo ""
      export UNAME_r=$(zfs get -H mkjail:version ${JAILROOT}/${i} | awk '{print $3}')
      freebsd-update -b ${JAILROOT}/${i} -f ${JAILROOT}/${i}/etc/freebsd-update.conf fetch install
    done
    exit 0
}

_onejail()
{
    echo "Updating ${JAILNAME} jail..."
    echo ""
    export UNAME_r=$(zfs get -H mkjail:version ${JAILROOT}/${JAILNAME} | awk '{print $3}')
    freebsd-update -b ${JAILROOT}/${JAILNAME} -f ${JAILROOT}/${JAILNAME}/etc/freebsd-update.conf fetch install
    exit 0
}

show_help() {
cat <<HELP
usage: mkjail update [-a] | [-j JAILNAME]

Changes to src/share/mkjail/upgrade.sh.

1
2
3
4
5
6
7
8
9
10
11


12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#!/bin/sh
set -e
trap _cleanup HUP INT QUIT KILL TERM ABRT

export ZPOOL=zroot
export JAILROOT=/jails
export PAGER=cat
export MIRROR=update5.freebsd.org
export SNAPNAME="mkjail-$(date '+%Y%m%d%H%M')"
aflag=0
jflag=0



_upgradejail()
{
    _validate
    _snapshot
    echo "Updating ${JAILNAME} jail..."
    echo ""
    export UNAME_r=${MKJAILVER}
    freebsd-update -s ${MIRROR} -b ${JAILROOT}/${JAILNAME} -f ${JAILROOT}/${JAILNAME}/etc/freebsd-update.conf upgrade -r ${VERSION} || _cleanup
    freebsd-update -s ${MIRROR} -b ${JAILROOT}/${JAILNAME} -f ${JAILROOT}/${JAILNAME}/etc/freebsd-update.conf install || _cleanup
    freebsd-update -s ${MIRROR} -b ${JAILROOT}/${JAILNAME} -f ${JAILROOT}/${JAILNAME}/etc/freebsd-update.conf install || _cleanup
    jexec ${JAILNAME} pkg-static install -fy pkg || _cleanup
    jexec ${JAILNAME} pkg-static upgrade -fy || _cleanup
    zfs set mkjail:version=${VERSION} ${ZPOOL}${JAILROOT}/${JAILNAME}
}

_alljails()
{




<
<
<
<
<


>
>








|
|
|







1
2
3
4





5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/bin/sh
set -e
trap _cleanup HUP INT QUIT KILL TERM ABRT






aflag=0
jflag=0
PAGER=cat
SNAPNAME="mkjail-$(date '+%Y%m%d%H%M')"

_upgradejail()
{
    _validate
    _snapshot
    echo "Updating ${JAILNAME} jail..."
    echo ""
    export UNAME_r=${MKJAILVER}
    freebsd-update -b ${JAILROOT}/${JAILNAME} -f ${JAILROOT}/${JAILNAME}/etc/freebsd-update.conf upgrade -r ${VERSION} || _cleanup
    freebsd-update -b ${JAILROOT}/${JAILNAME} -f ${JAILROOT}/${JAILNAME}/etc/freebsd-update.conf install || _cleanup
    freebsd-update -b ${JAILROOT}/${JAILNAME} -f ${JAILROOT}/${JAILNAME}/etc/freebsd-update.conf install || _cleanup
    jexec ${JAILNAME} pkg-static install -fy pkg || _cleanup
    jexec ${JAILNAME} pkg-static upgrade -fy || _cleanup
    zfs set mkjail:version=${VERSION} ${ZPOOL}${JAILROOT}/${JAILNAME}
}

_alljails()
{