mjail.sh | Jail Manager

Der FreeBSD Jail Manager ist ein Script um die Steuerung der einzelnen Jails zu erleichtern.

Vorteile:
  • Jails können immer mit dem Namen angesprochen werden und nicht nur über die laufende "id"
  • Einfaches starten/stoppen/status abfragen
  • Einfacheres Verbinden zu einer Jail Beispiel: mjail.sh -c www
  • Einfaches erstellen einer neuen Jail Beispiel: mjail.sh -a cloud

 

Help Screenshot Add a Jail Screenshot Status Screenshot

 

  1. #!/bin/sh
  2.  
  3. ################################################################################
  4. #
  5. # Jail Manager
  6. #
  7. ################################################################################
  8. # Copyright (c) 2017, Manuel Strauch (manuel.strauch@outlook.com)
  9. # All rights reserved.
  10. #
  11. # Redistribution and use in source and binary forms, with or without
  12. # modification, are permitted provided that the following conditions are met:
  13. #
  14. #  -Redistributions of source code must retain the above copyright notice,
  15. #   this list of conditions and the following disclaimer.
  16. #  -Redistributions in binary form must reproduce the above copyright notice,
  17. #   this list of conditions and the following disclaimer in the documentation
  18. #   and/or other materials provided with the distribution.
  19. #
  20. # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21. # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22. # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23. # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
  24. # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  25. # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  26. # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  27. # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  28. # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  29. # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  30. # POSSIBILITY OF SUCH DAMAGE.
  31. ################################################################################
  32.  
  33. # get some informations
  34. if [ -e /etc/jail.conf ]; then
  35.   # FreeBSD 10 or greater
  36.   jaillistname="`grep "host.hostname" /etc/jail.conf | sed -e 's/[^ ]*.*= \"\([^ ]*\)\"\;/\1/g' -e 's/\([^\.]*\)\.\([^ ]*.*\)/\1:\1\.\2/g'`"
  37. else
  38.   # until FreeBSD 9.x
  39.   jaillistname="`grep "^jail_.*hostname" /etc/rc.conf | sed -e 's/jail_\([^ ]*\)_[^ ]*"\([^ ]*\)\"/\1:\2/g' -e '/^set/d'`"
  40. fi
  41.  
  42. version="3.1.0"
  43. arch="`uname -m`"
  44. freebsdversion="`uname -r`"
  45. jails_root="/usr/jails"
  46. txz_dir="/install"
  47. if [ "${arch}" = "amd64" ]; then
  48.   txz_files="base.txz doc.txz kernel.txz lib32.txz"
  49. else
  50.   txz_files="base.txz doc.txz kernel.txz"
  51. fi
  52. interface="`/usr/bin/netstat -rn | grep default | sed -e 's/\([^ ]*.* \)//g'`"
  53. freebsdurl="http://ftp2.de.freebsd.org/pub/FreeBSD/releases"
  54. distfiles_dir="/usr/jails/distfiles"
  55. ports_dir="/usr/ports"
  56. src_dir="/usr/src"
  57. jail_domain="`hostname -f | cut -f2- -d'.'`"
  58. sysrc="/usr/sbin/sysrc"
  59.  
  60. ## =================== Don`t TOUCH ===================
  61. . /opt/etc/system.var
  62.  
  63.  
  64. ### functions
  65. ################################################################################
  66. ################################################################################
  67. #### find the next free ip for the jail
  68. find_free_jail_ip() {
  69.  z=9
  70.  check=false
  71.  until ${check}; do
  72.    z="`expr ${z} + 1`"
  73.    grep "192.168.20.${z}" /etc/jail.conf >/dev/null 2>&1 && check=false || check=true
  74.  done
  75.  echo "192.168.20.${z}"
  76. }
  77. jail_ip=$(find_free_jail_ip)
  78.  
  79. ################################################################################
  80. ################################################################################
  81. search_options() {
  82.   shift
  83.   for i in ${@}; do
  84.     check="YES"
  85.     echo "${jaillistname}" | grep -i "${i}" >/dev/null 2>&1 || check="NO"
  86.     if [ "${check}" = "NO" ] || [ -z "${i}" ]; then
  87.       echo -e "Jail: ${red}\"${i}\" not found!!${normal}"
  88.       echo
  89.       exit 1
  90.     else
  91.       find_jail="`echo "${jaillistname}" | egrep "${i}:${i}.${jail_domain}"`"
  92.       jlongname="`echo ${find_jail} | cut -f2 -d':' | sed -e 's/ //g'`"
  93.       jshortname="`echo ${find_jail} | cut -f1 -d':' | sed -e 's/ //g'`"
  94.       jid="`jls -nq | grep "host.hostname=${jlongname} " | sed -e 's/[^ ]*.*jid=\([^ ]*\) .*/\1/g' -e 's/ //g'`"
  95.       jails="${jails} ${jlongname}:${jshortname}:${jid}"
  96.     fi
  97.   done
  98. }
  99.  
  100. ################################################################################
  101. ################################################################################
  102. start_jail() {
  103.   jshortnames=""
  104.   for i in ${jails}; do
  105.     dummy="`echo ${i} | cut -f2 -d':'`"
  106.     jshortnames="${jshortnames} ${dummy}"
  107.   done
  108.   /etc/rc.d/jail start "${jshortnames}"
  109. }
  110.  
  111. ################################################################################
  112. ################################################################################
  113. stop_jail() {
  114.   jshortnames=""
  115.   for i in ${jails}; do
  116.     dummy="`echo ${i} | cut -f2 -d':'`"
  117.     jshortnames="${jshortnames} ${dummy}"
  118.   done
  119.   /etc/rc.d/jail stop "${jshortnames}"
  120. }
  121.  
  122. ################################################################################
  123. ################################################################################
  124. restart_jail() {
  125.   stop_jail
  126.   start_jail
  127. }
  128.  
  129. ################################################################################
  130. ################################################################################
  131. list_jail() {
  132.   echo "Available Jails:"
  133.   echo "Jail-Name"
  134.   echo -e "\033[80C\033[1A\033[65DHostname"
  135.   echo -e "\033[80C\033[1A\033[30DIP-Address"
  136.   echo -e "\033[80C\033[1A\033[10DStatus"
  137.   echo "==============================================================================="
  138.   for i in ${jaillistname}; do
  139.     jname="`echo "$i" | cut -f1 -d':'`"
  140.     hname="`echo "$i" | cut -f2 -d':'`"
  141.     jip="`jls -nq | grep "host.hostname=${hname} " | sed -e 's/[^ ]*.*ip4.addr=\([^ ]*\) .*/\1/g'`"
  142.     jid="`jls -nq | grep "host.hostname=${hname} " | sed -e 's/[^ ]*.*host.hostname=\([^ ]*\) .*/\1/g'`"
  143.     echo "${jname}"
  144.     echo -e "\033[80C\033[1A\033[65D${hname}"
  145.     echo -e "\033[80C\033[1A\033[30D${jip}"
  146.     if [ -z "${jid}" ]; then
  147.       echo -e "\033[80C\033[1A\033[10D${red}offline${normal}"
  148.     else
  149.       echo -e "\033[80C\033[1A\033[10D${green}online${normal}"
  150.     fi
  151.   done
  152. }
  153.  
  154. ################################################################################
  155. ################################################################################
  156. connect_jail() {
  157.   for i in ${jails}; do
  158.     jlongname="`echo ${i} | cut -f1 -d':'`"
  159.     jid="`echo ${i} | cut -f3 -d':'`"
  160.     break
  161.   done
  162.  
  163.   if [ -z "${jid}" ]; then
  164.     echo "can't connect to jail!"
  165.     echo -e "jail: ${jlongname} is ${red}offline${normal}!"
  166.   else
  167.     echo "connecting to jail: ${jlongname}"
  168.     jexec "${jid}" /bin/csh
  169.   fi
  170. }
  171.  
  172. ################################################################################
  173. ################################################################################
  174. status_jail() {
  175.   for i in ${jails}; do
  176.     jlongname="`echo ${i} | cut -f1 -d':'`"
  177.     jid="`echo ${i} | cut -f3 -d':'`"
  178.     if [ -z "${jid}" ]; then
  179.       echo -e "jail: ${jlongname} is ${red}offline${normal}!"
  180.     else
  181.       echo -e "jail: ${jlongname} is ${green}online${normal}!"
  182.     fi
  183.   done
  184. }
  185.  
  186. ################################################################################
  187. ################################################################################
  188. add_check_depends() {
  189.   echo " >> check dependencies"
  190.   if [ ! -d "${jails_root}" ]; then
  191.     mkdir "${jails_root}"
  192.   fi
  193.   if [ ! -d "${distfiles_dir}" ]; then
  194.     mkdir "${distfiles_dir}"
  195.   fi
  196.   if [ ! -d "${ports_dir}" ]; then
  197.     mkdir "${ports_dir}"
  198.   fi
  199.   if [ ! -d "${src_dir}" ]; then
  200.     mkdir "${src_dir}"
  201.   fi
  202.   if [ ! -d "${txz_dir}" ]; then
  203.     mkdir "${txz_dir}"
  204.     echo "Download FreeBSD files into ${txz_dir}, please!"
  205.     echo
  206.     echo "cd ${txz_dir}"
  207.     for i in ${txz_files}; do
  208.       echo "fetch ${freebsdurl}/${arch}/${freebsdversion}/${i}"
  209.     done
  210.     echo
  211.     exit 1
  212.   fi
  213. }
  214.  
  215. ################################################################################
  216. ################################################################################
  217. add_create_jail() {
  218.   echo " >> starting jail creation \"${2}\" (this needs some seconds)"
  219.   cd /usr/jails
  220.   mkdir "${2}"
  221.   cd "${2}"
  222.   for i in ${txz_files}; do
  223.     tar -xzpf "${txz_dir}/${i}"
  224.   done
  225.   mkdir usr/ports
  226.   mkdir home
  227.   mkdir home/distfiles
  228.   echo "   >> create ${jails_root}/${2}/etc/fstab"
  229.   touch etc/fstab
  230.   echo "   >> create ${jails_root}/${2}/etc/resolv.conf"
  231.   cp /etc/resolv.conf etc/resolv.conf
  232.   echo "   >> create ${jails_root}/${2}/etc/localtime"
  233.   cp /etc/localtime etc/localtime
  234.  
  235. ## create Jail boot fstab
  236. echo "   >> create ${jails_root}/fstab.${2}"
  237. (
  238. cat <<__EOF__
  239. /usr/ports              /usr/jails/${2}/usr/ports               nullfs  ro      0       0
  240. /usr/src                /usr/jails/${2}/usr/src                 nullfs  ro      0       0
  241. /usr/jails/distfiles    /usr/jails/${2}/home/distfiles          nullfs  rw      0       0
  242. __EOF__
  243. ) >../fstab.${2}
  244.  
  245. ## create Jail make.conf
  246. echo "   >> create ${jails_root}/${2}/etc/make.conf"
  247. (
  248. cat <<__EOF__
  249. WRKDIRPREFIX?=/tmp
  250. DISTDIR=/home/distfiles
  251. PACKAGES=/tmp
  252.  
  253.  
  254. DOC_LANG=de_DE.ISO8859-1
  255. # -----------------------------------------------------------------------------
  256.  
  257. # Fetching from de sites preferred
  258. MASTER_SORT_REGEX?=://[^/]*\.de[/.]
  259. # -----------------------------------------------------------------------------
  260.  
  261. KERNCONF=GENERIC
  262.  
  263. # wget statt fetch zum downloaden der ports benutzen. falls existiert
  264. .if exists(/usr/local/bin/wget)
  265. DISABLE_SIZE=   yes
  266. FETCH_CMD=      /usr/local/bin/wget --continue --passive-ftp -t 2 -T 15
  267. .endif
  268.  
  269. # --- common ----------------------------------------------------------------
  270. # Default build flags.
  271. #CPUTYPE?=              pentium-m
  272. CFLAGS=-O2 -pipe
  273. # -----------------------------------------------------------------------------
  274.  
  275. # --- common for all ports --------------------------------------------------
  276. BATCH=YES
  277. WITHOUT_DEBUG=yes
  278. # -----------------------------------------------------------------------------
  279. WITH_PKGNG=yes
  280. __EOF__
  281. ) > etc/make.conf
  282.  
  283. ## create Jail rc.conf
  284. echo "   >> create ${jails_root}/${2}/etc/rc.conf"
  285. (
  286. cat <<__EOF__
  287. syslogd_flags="-s -s"
  288. newsyslog_enable="NO"
  289. syslogd_enable="NO"
  290.  
  291. sendmail_enable="NONE"
  292. sendmail_outbound_enable="NO"
  293. sendmail_submit_enable="NO"
  294. sendmail_msp_queue_enable="NO"
  295. __EOF__
  296. ) > etc/rc.conf
  297.  
  298. ## create Jail hosts
  299.   echo "   >> create ${jails_root}/${2}/etc/hosts"
  300. (
  301. cat <<__EOF__
  302. ${jail_ip}      ${2}    ${2}.${jail_domain}
  303. __EOF__
  304. ) > etc/hosts
  305.  
  306. }
  307.  
  308. ################################################################################
  309. ################################################################################
  310. add_create_jail_part2_9() {
  311. ## modify Hosts /etc/rc.conf
  312.   echo "   >> modify /etc/rc.conf"
  313. (
  314. cat <<__EOF__
  315.  
  316. ###### ${2} JAIL ######
  317. jail_${2}_hostname="${2}.${jail_domain}"
  318. jail_${2}_interface="${interface}"
  319. jail_${2}_ip="${jail_ip}"
  320. jail_${2}_rootdir="/usr/jails/${2}"
  321. jail_${2}_devfs_enable="YES"
  322. jail_${2}_mount_enable="YES"
  323. jail_${2}_flags="-l -U root"
  324. jail_${2}_fstab="/usr/jails/fstab.${2}"
  325. jail_${2}_exec_start="/bin/sh /etc/rc"
  326. jail_${2}_exec_stop="/bin/sh /etc/rc.shutdown"
  327. __EOF__
  328. ) >> /etc/rc.conf
  329.  
  330. }
  331.  
  332. ################################################################################
  333. ################################################################################
  334. add_create_jail_part2_10() {
  335. ## modify Hosts /etc/jail.conf
  336.   echo "   >> modify /etc/jail.conf"
  337. (
  338. cat <<__EOF__
  339.  
  340. ###### ${2} JAIL ######
  341. ${2} {
  342.         host.hostname = "${2}.${jail_domain}";
  343.         ip4.addr = "${jail_ip}";
  344. }
  345.  
  346. __EOF__
  347. ) >> /etc/jail.conf
  348.  
  349. }
  350.  
  351. ################################################################################
  352. ################################################################################
  353. add_create_jail_part3() {
  354.   echo "   >> enable jail ${2} in /etc/rc.conf"
  355.   ${sysrc} -f /etc/rc.conf jail_enable=YES >/dev/null 2>&1
  356.  
  357.   grep jail_list /etc/rc.conf | grep "${2}" >/dev/null 2>&1 && check=false || check=true
  358.   if [ ${check} = true ]; then
  359.     ${sysrc} -f /etc/rc.conf jail_list="`${sysrc} -f /etc/rc.conf jail_list | cut -f2- -d' '` ${2}" >/dev/null 2>&1
  360.   fi
  361.  
  362. # End of create_jail
  363.   echo " >> Jail ${2} is now available!"
  364.  
  365. }
  366.  
  367. ################################################################################
  368. ################################################################################
  369. allow_chflags_jail() {
  370.   for i in ${jails}; do
  371.     jlongname="`echo ${i} | cut -f1 -d':'`"
  372.     jid="`echo ${i} | cut -f3 -d':'`"
  373.     if [ ! -z "${jid}" ]; then
  374.       echo -e "jail: ${jlongname} chflags ${red}turned on${normal}!"
  375.       /usr/sbin/jail -m jid=${jid} allow.chflags=1
  376.     fi
  377.   done
  378. }
  379.  
  380. ################################################################################
  381. ################################################################################
  382. disallow_chflags_jail() {
  383.   for i in ${jails}; do
  384.     jlongname="`echo ${i} | cut -f1 -d':'`"
  385.     jid="`echo ${i} | cut -f3 -d':'`"
  386.     if [ ! -z "${jid}" ]; then
  387.       echo -e "jail: ${jlongname} chflags ${green}turned off${normal}!"
  388.       /usr/sbin/jail -m jid=${jid} allow.chflags=0
  389.     fi
  390.   done
  391. }
  392.  
  393. ################################################################################
  394. ################################################################################
  395. ### program
  396. echo
  397. echo "    Jail Manager V${version}"
  398. echo "    =================================="
  399. echo
  400. case "${1}" in
  401.   -a|--add)
  402.     if [ -z "${2}" ]; then
  403.       echo "usage: ${0} ${1} JAILNAME"
  404.       echo
  405.       exit 1
  406.     else
  407.       add_check_depends
  408.       add_create_jail "${@}"
  409.       if [ "`echo ${freebsdversion} | sed -e 's/\([0-9]\).*/\1/'`" == "1" ];then
  410.         add_create_jail_part2_10 "${@}"
  411.       else
  412.         add_create_jail_part2_9 "${@}"
  413.       fi
  414.       add_create_jail_part3 "${@}"
  415.     fi
  416.   ;;
  417.   -l|--list)
  418.     list_jail
  419.   ;;
  420.   -c|--connect)
  421.     search_options "${@}"
  422.     connect_jail
  423.   ;;
  424.   -u|--up)
  425.     search_options "${@}"
  426.     start_jail
  427.   ;;
  428.   -d|--down)
  429.     search_options "${@}"
  430.     stop_jail
  431.   ;;
  432.   -r|--restart)
  433.     search_options "${@}"
  434.     restart_jail
  435.   ;;
  436.   -s|--status)
  437.     search_options "${@}"
  438.     status_jail
  439.   ;;
  440.   -m)
  441.     search_options "${@}"
  442.     allow_chflags_jail
  443.   ;;
  444.   -n)
  445.     search_options "${@}"
  446.     disallow_chflags_jail
  447.   ;;
  448.   -h|--help)
  449. cat <<__USAGE__
  450.     usage: ${0} { -l | -c | -u | -d | -r | -s | -a | -m | -n | -h }
  451.     ------------------------------------------------------------------
  452.     -l | --list                      see a list of all jails
  453.     -c | --connect {jailname}        connect to a shell in a jail
  454.     -u | --up {jailname}             start a jail
  455.     -d | --down {jailname}           stop a jail
  456.     -r | --restart {jailname}        restart a jail
  457.     -s | --status {jailname}         status of a jail
  458.     -a | --add {jailname}            add/create a jail
  459.     -m | -m {jailname}               allow chflags inside jail
  460.     -n | -n {jailname}               disallow chflags inside jail
  461.     -h | --help                      this help
  462.     ------------------------------------------------------------------
  463. __USAGE__
  464.   ;;
  465.   *)
  466.     echo "usage: ${0} -h"
  467.     echo "for help"
  468.     echo
  469.     exit 1
  470.   ;;
  471. esac
  472. echo
  473. exit 0