Der FreeBSD Jail Manager ist ein Script um die Steuerung der einzelnen Jails zu erleichtern.
Vorteile:- Jails können immer mit dem Namen angesprochen werden und nicht nur über die laufende "id"
- Einfaches starten/stoppen/status abfragen
- Einfacheres Verbinden zu einer Jail Beispiel: mjail.sh -c www
- Einfaches erstellen einer neuen Jail Beispiel: mjail.sh -a cloud



- #!/bin/sh
- ################################################################################
- #
- # Jail Manager
- #
- ################################################################################
- # Copyright (c) 2017, Manuel Strauch (manuel.strauch@outlook.com)
- # All rights reserved.
- #
- # Redistribution and use in source and binary forms, with or without
- # modification, are permitted provided that the following conditions are met:
- #
- # -Redistributions of source code must retain the above copyright notice,
- # this list of conditions and the following disclaimer.
- # -Redistributions in binary form must reproduce the above copyright notice,
- # this list of conditions and the following disclaimer in the documentation
- # and/or other materials provided with the distribution.
- #
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- # POSSIBILITY OF SUCH DAMAGE.
- ################################################################################
- # get some informations
- if [ -e /etc/jail.conf ]; then
- # FreeBSD 10 or greater
- jaillistname="`grep "host.hostname" /etc/jail.conf | sed -e 's/[^ ]*.*= \"\([^ ]*\)\"\;/\1/g' -e 's/\([^\.]*\)\.\([^ ]*.*\)/\1:\1\.\2/g'`"
- else
- # until FreeBSD 9.x
- jaillistname="`grep "^jail_.*hostname" /etc/rc.conf | sed -e 's/jail_\([^ ]*\)_[^ ]*"\([^ ]*\)\"/\1:\2/g' -e '/^set/d'`"
- fi
- version="3.1.0"
- arch="`uname -m`"
- freebsdversion="`uname -r`"
- jails_root="/usr/jails"
- txz_dir="/install"
- if [ "${arch}" = "amd64" ]; then
- txz_files="base.txz doc.txz kernel.txz lib32.txz"
- else
- txz_files="base.txz doc.txz kernel.txz"
- fi
- interface="`/usr/bin/netstat -rn | grep default | sed -e 's/\([^ ]*.* \)//g'`"
- freebsdurl="http://ftp2.de.freebsd.org/pub/FreeBSD/releases"
- distfiles_dir="/usr/jails/distfiles"
- ports_dir="/usr/ports"
- src_dir="/usr/src"
- jail_domain="`hostname -f | cut -f2- -d'.'`"
- sysrc="/usr/sbin/sysrc"
- ## =================== Don`t TOUCH ===================
- . /opt/etc/system.var
- ### functions
- ################################################################################
- ################################################################################
- #### find the next free ip for the jail
- find_free_jail_ip() {
- z=9
- check=false
- until ${check}; do
- z="`expr ${z} + 1`"
- grep "192.168.20.${z}" /etc/jail.conf >/dev/null 2>&1 && check=false || check=true
- done
- echo "192.168.20.${z}"
- }
- jail_ip=$(find_free_jail_ip)
- ################################################################################
- ################################################################################
- search_options() {
- shift
- for i in ${@}; do
- check="YES"
- echo "${jaillistname}" | grep -i "${i}" >/dev/null 2>&1 || check="NO"
- if [ "${check}" = "NO" ] || [ -z "${i}" ]; then
- echo -e "Jail: ${red}\"${i}\" not found!!${normal}"
- echo
- exit 1
- else
- find_jail="`echo "${jaillistname}" | egrep "${i}:${i}.${jail_domain}"`"
- jlongname="`echo ${find_jail} | cut -f2 -d':' | sed -e 's/ //g'`"
- jshortname="`echo ${find_jail} | cut -f1 -d':' | sed -e 's/ //g'`"
- jid="`jls -nq | grep "host.hostname=${jlongname} " | sed -e 's/[^ ]*.*jid=\([^ ]*\) .*/\1/g' -e 's/ //g'`"
- jails="${jails} ${jlongname}:${jshortname}:${jid}"
- fi
- done
- }
- ################################################################################
- ################################################################################
- start_jail() {
- jshortnames=""
- for i in ${jails}; do
- dummy="`echo ${i} | cut -f2 -d':'`"
- jshortnames="${jshortnames} ${dummy}"
- done
- /etc/rc.d/jail start "${jshortnames}"
- }
- ################################################################################
- ################################################################################
- stop_jail() {
- jshortnames=""
- for i in ${jails}; do
- dummy="`echo ${i} | cut -f2 -d':'`"
- jshortnames="${jshortnames} ${dummy}"
- done
- /etc/rc.d/jail stop "${jshortnames}"
- }
- ################################################################################
- ################################################################################
- restart_jail() {
- stop_jail
- start_jail
- }
- ################################################################################
- ################################################################################
- list_jail() {
- echo "Available Jails:"
- echo "Jail-Name"
- echo -e "\033[80C\033[1A\033[65DHostname"
- echo -e "\033[80C\033[1A\033[30DIP-Address"
- echo -e "\033[80C\033[1A\033[10DStatus"
- echo "==============================================================================="
- for i in ${jaillistname}; do
- jname="`echo "$i" | cut -f1 -d':'`"
- hname="`echo "$i" | cut -f2 -d':'`"
- jip="`jls -nq | grep "host.hostname=${hname} " | sed -e 's/[^ ]*.*ip4.addr=\([^ ]*\) .*/\1/g'`"
- jid="`jls -nq | grep "host.hostname=${hname} " | sed -e 's/[^ ]*.*host.hostname=\([^ ]*\) .*/\1/g'`"
- echo "${jname}"
- echo -e "\033[80C\033[1A\033[65D${hname}"
- echo -e "\033[80C\033[1A\033[30D${jip}"
- if [ -z "${jid}" ]; then
- echo -e "\033[80C\033[1A\033[10D${red}offline${normal}"
- else
- echo -e "\033[80C\033[1A\033[10D${green}online${normal}"
- fi
- done
- }
- ################################################################################
- ################################################################################
- connect_jail() {
- for i in ${jails}; do
- jlongname="`echo ${i} | cut -f1 -d':'`"
- jid="`echo ${i} | cut -f3 -d':'`"
- break
- done
- if [ -z "${jid}" ]; then
- echo "can't connect to jail!"
- echo -e "jail: ${jlongname} is ${red}offline${normal}!"
- else
- echo "connecting to jail: ${jlongname}"
- jexec "${jid}" /bin/csh
- fi
- }
- ################################################################################
- ################################################################################
- status_jail() {
- for i in ${jails}; do
- jlongname="`echo ${i} | cut -f1 -d':'`"
- jid="`echo ${i} | cut -f3 -d':'`"
- if [ -z "${jid}" ]; then
- echo -e "jail: ${jlongname} is ${red}offline${normal}!"
- else
- echo -e "jail: ${jlongname} is ${green}online${normal}!"
- fi
- done
- }
- ################################################################################
- ################################################################################
- add_check_depends() {
- echo " >> check dependencies"
- if [ ! -d "${jails_root}" ]; then
- mkdir "${jails_root}"
- fi
- if [ ! -d "${distfiles_dir}" ]; then
- mkdir "${distfiles_dir}"
- fi
- if [ ! -d "${ports_dir}" ]; then
- mkdir "${ports_dir}"
- fi
- if [ ! -d "${src_dir}" ]; then
- mkdir "${src_dir}"
- fi
- if [ ! -d "${txz_dir}" ]; then
- mkdir "${txz_dir}"
- echo "Download FreeBSD files into ${txz_dir}, please!"
- echo
- echo "cd ${txz_dir}"
- for i in ${txz_files}; do
- echo "fetch ${freebsdurl}/${arch}/${freebsdversion}/${i}"
- done
- echo
- exit 1
- fi
- }
- ################################################################################
- ################################################################################
- add_create_jail() {
- echo " >> starting jail creation \"${2}\" (this needs some seconds)"
- cd /usr/jails
- mkdir "${2}"
- cd "${2}"
- for i in ${txz_files}; do
- tar -xzpf "${txz_dir}/${i}"
- done
- mkdir usr/ports
- mkdir home
- mkdir home/distfiles
- echo " >> create ${jails_root}/${2}/etc/fstab"
- touch etc/fstab
- echo " >> create ${jails_root}/${2}/etc/resolv.conf"
- cp /etc/resolv.conf etc/resolv.conf
- echo " >> create ${jails_root}/${2}/etc/localtime"
- cp /etc/localtime etc/localtime
- ## create Jail boot fstab
- echo " >> create ${jails_root}/fstab.${2}"
- (
- cat <<__EOF__
- /usr/ports /usr/jails/${2}/usr/ports nullfs ro 0 0
- /usr/src /usr/jails/${2}/usr/src nullfs ro 0 0
- /usr/jails/distfiles /usr/jails/${2}/home/distfiles nullfs rw 0 0
- __EOF__
- ) >../fstab.${2}
- ## create Jail make.conf
- echo " >> create ${jails_root}/${2}/etc/make.conf"
- (
- cat <<__EOF__
- WRKDIRPREFIX?=/tmp
- DISTDIR=/home/distfiles
- PACKAGES=/tmp
- DOC_LANG=de_DE.ISO8859-1
- # -----------------------------------------------------------------------------
- # Fetching from de sites preferred
- MASTER_SORT_REGEX?=://[^/]*\.de[/.]
- # -----------------------------------------------------------------------------
- KERNCONF=GENERIC
- # wget statt fetch zum downloaden der ports benutzen. falls existiert
- .if exists(/usr/local/bin/wget)
- DISABLE_SIZE= yes
- FETCH_CMD= /usr/local/bin/wget --continue --passive-ftp -t 2 -T 15
- .endif
- # --- common ----------------------------------------------------------------
- # Default build flags.
- #CPUTYPE?= pentium-m
- CFLAGS=-O2 -pipe
- # -----------------------------------------------------------------------------
- # --- common for all ports --------------------------------------------------
- BATCH=YES
- WITHOUT_DEBUG=yes
- # -----------------------------------------------------------------------------
- WITH_PKGNG=yes
- __EOF__
- ) > etc/make.conf
- ## create Jail rc.conf
- echo " >> create ${jails_root}/${2}/etc/rc.conf"
- (
- cat <<__EOF__
- syslogd_flags="-s -s"
- newsyslog_enable="NO"
- syslogd_enable="NO"
- sendmail_enable="NONE"
- sendmail_outbound_enable="NO"
- sendmail_submit_enable="NO"
- sendmail_msp_queue_enable="NO"
- __EOF__
- ) > etc/rc.conf
- ## create Jail hosts
- echo " >> create ${jails_root}/${2}/etc/hosts"
- (
- cat <<__EOF__
- ${jail_ip} ${2} ${2}.${jail_domain}
- __EOF__
- ) > etc/hosts
- }
- ################################################################################
- ################################################################################
- add_create_jail_part2_9() {
- ## modify Hosts /etc/rc.conf
- echo " >> modify /etc/rc.conf"
- (
- cat <<__EOF__
- ###### ${2} JAIL ######
- jail_${2}_hostname="${2}.${jail_domain}"
- jail_${2}_interface="${interface}"
- jail_${2}_ip="${jail_ip}"
- jail_${2}_rootdir="/usr/jails/${2}"
- jail_${2}_devfs_enable="YES"
- jail_${2}_mount_enable="YES"
- jail_${2}_flags="-l -U root"
- jail_${2}_fstab="/usr/jails/fstab.${2}"
- jail_${2}_exec_start="/bin/sh /etc/rc"
- jail_${2}_exec_stop="/bin/sh /etc/rc.shutdown"
- __EOF__
- ) >> /etc/rc.conf
- }
- ################################################################################
- ################################################################################
- add_create_jail_part2_10() {
- ## modify Hosts /etc/jail.conf
- echo " >> modify /etc/jail.conf"
- (
- cat <<__EOF__
- ###### ${2} JAIL ######
- ${2} {
- host.hostname = "${2}.${jail_domain}";
- ip4.addr = "${jail_ip}";
- }
- __EOF__
- ) >> /etc/jail.conf
- }
- ################################################################################
- ################################################################################
- add_create_jail_part3() {
- echo " >> enable jail ${2} in /etc/rc.conf"
- ${sysrc} -f /etc/rc.conf jail_enable=YES >/dev/null 2>&1
- grep jail_list /etc/rc.conf | grep "${2}" >/dev/null 2>&1 && check=false || check=true
- if [ ${check} = true ]; then
- ${sysrc} -f /etc/rc.conf jail_list="`${sysrc} -f /etc/rc.conf jail_list | cut -f2- -d' '` ${2}" >/dev/null 2>&1
- fi
- # End of create_jail
- echo " >> Jail ${2} is now available!"
- }
- ################################################################################
- ################################################################################
- allow_chflags_jail() {
- for i in ${jails}; do
- jlongname="`echo ${i} | cut -f1 -d':'`"
- jid="`echo ${i} | cut -f3 -d':'`"
- if [ ! -z "${jid}" ]; then
- echo -e "jail: ${jlongname} chflags ${red}turned on${normal}!"
- /usr/sbin/jail -m jid=${jid} allow.chflags=1
- fi
- done
- }
- ################################################################################
- ################################################################################
- disallow_chflags_jail() {
- for i in ${jails}; do
- jlongname="`echo ${i} | cut -f1 -d':'`"
- jid="`echo ${i} | cut -f3 -d':'`"
- if [ ! -z "${jid}" ]; then
- echo -e "jail: ${jlongname} chflags ${green}turned off${normal}!"
- /usr/sbin/jail -m jid=${jid} allow.chflags=0
- fi
- done
- }
- ################################################################################
- ################################################################################
- ### program
- echo
- echo " Jail Manager V${version}"
- echo " =================================="
- echo
- case "${1}" in
- -a|--add)
- if [ -z "${2}" ]; then
- echo "usage: ${0} ${1} JAILNAME"
- echo
- exit 1
- else
- add_check_depends
- add_create_jail "${@}"
- if [ "`echo ${freebsdversion} | sed -e 's/\([0-9]\).*/\1/'`" == "1" ];then
- add_create_jail_part2_10 "${@}"
- else
- add_create_jail_part2_9 "${@}"
- fi
- add_create_jail_part3 "${@}"
- fi
- ;;
- -l|--list)
- list_jail
- ;;
- -c|--connect)
- search_options "${@}"
- connect_jail
- ;;
- -u|--up)
- search_options "${@}"
- start_jail
- ;;
- -d|--down)
- search_options "${@}"
- stop_jail
- ;;
- -r|--restart)
- search_options "${@}"
- restart_jail
- ;;
- -s|--status)
- search_options "${@}"
- status_jail
- ;;
- -m)
- search_options "${@}"
- allow_chflags_jail
- ;;
- -n)
- search_options "${@}"
- disallow_chflags_jail
- ;;
- -h|--help)
- cat <<__USAGE__
- usage: ${0} { -l | -c | -u | -d | -r | -s | -a | -m | -n | -h }
- ------------------------------------------------------------------
- -l | --list see a list of all jails
- -c | --connect {jailname} connect to a shell in a jail
- -u | --up {jailname} start a jail
- -d | --down {jailname} stop a jail
- -r | --restart {jailname} restart a jail
- -s | --status {jailname} status of a jail
- -a | --add {jailname} add/create a jail
- -m | -m {jailname} allow chflags inside jail
- -n | -n {jailname} disallow chflags inside jail
- -h | --help this help
- ------------------------------------------------------------------
- __USAGE__
- ;;
- *)
- echo "usage: ${0} -h"
- echo "for help"
- echo
- exit 1
- ;;
- esac
- echo
- exit 0