mjail.sh | Jail Manager | anukis.de

Beschreibung
Code
Der FreeBSD Jail Manager ist ein Script um die Steuerung der einzelnen Jails zu erleichtern.
Vorteile:
Jails können immer mit dem Namen angesprochen werden und nicht nur über die laufende "id"
Einfaches starten/stoppen/status abfragen
Einfacheres Verbinden zu einer Jail Beispiel: mjail.sh -c www
Einfaches erstellen einer neuen Jail Beispiel: mjail.sh -a cloud
#!/bin/sh
 
################################################################################
#
# Jail Manager
#
################################################################################
# Copyright (c) 2017, Manuel Strauch (manuel.strauch@outlook.com)
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
#  -Redistributions of source code must retain the above copyright notice,
#   this list of conditions and the following disclaimer.
#  -Redistributions in binary form must reproduce the above copyright notice,
#   this list of conditions and the following disclaimer in the documentation
#   and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
################################################################################
 
# get some informations
if [ -e /etc/jail.conf ]; then
  # FreeBSD 10 or greater
  jaillistname="`grep "host.hostname" /etc/jail.conf | sed -e 's/[^ ]*.*= \"\([^ ]*\)\"\;/\1/g' -e 's/\([^\.]*\)\.\([^ ]*.*\)/\1:\1\.\2/g'`"
else
  # until FreeBSD 9.x
  jaillistname="`grep "^jail_.*hostname" /etc/rc.conf | sed -e 's/jail_\([^ ]*\)_[^ ]*"\([^ ]*\)\"/\1:\2/g' -e '/^set/d'`"
fi
 
version="3.1.0"
arch="`uname -m`"
freebsdversion="`uname -r`"
jails_root="/usr/jails"
txz_dir="/install"
if [ "${arch}" = "amd64" ]; then
  txz_files="base.txz doc.txz kernel.txz lib32.txz"
else
  txz_files="base.txz doc.txz kernel.txz"
fi
interface="`/usr/bin/netstat -rn | grep default | sed -e 's/\([^ ]*.* \)//g'`"
freebsdurl="http://ftp2.de.freebsd.org/pub/FreeBSD/releases"
distfiles_dir="/usr/jails/distfiles"
ports_dir="/usr/ports"
src_dir="/usr/src"
jail_domain="`hostname -f | cut -f2- -d'.'`"
sysrc="/usr/sbin/sysrc"
 
## =================== Don`t TOUCH ===================
. /opt/etc/system.var
 
 
### functions
################################################################################
################################################################################
#### find the next free ip for the jail
find_free_jail_ip() {
 z=9
 check=false
 until ${check}; do
   z="`expr ${z} + 1`"
   grep "192.168.20.${z}" /etc/jail.conf >/dev/null 2>&1 && check=false || check=true
 done
 echo "192.168.20.${z}"
}
jail_ip=$(find_free_jail_ip)
 
################################################################################
################################################################################
search_options() {
  shift
  for i in ${@}; do
    check="YES"
    echo "${jaillistname}" | grep -i "${i}" >/dev/null 2>&1 || check="NO"
    if [ "${check}" = "NO" ] || [ -z "${i}" ]; then
      echo -e "Jail: ${red}\"${i}\" not found!!${normal}"
      echo 
      exit 1
    else
      find_jail="`echo "${jaillistname}" | egrep "${i}:${i}.${jail_domain}"`"
      jlongname="`echo ${find_jail} | cut -f2 -d':' | sed -e 's/ //g'`"
      jshortname="`echo ${find_jail} | cut -f1 -d':' | sed -e 's/ //g'`"
      jid="`jls -nq | grep "host.hostname=${jlongname} " | sed -e 's/[^ ]*.*jid=\([^ ]*\) .*/\1/g' -e 's/ //g'`"
      jails="${jails} ${jlongname}:${jshortname}:${jid}"
    fi
  done
}
 
################################################################################
################################################################################
start_jail() {
  jshortnames=""
  for i in ${jails}; do
    dummy="`echo ${i} | cut -f2 -d':'`"
    jshortnames="${jshortnames} ${dummy}"
  done
  /etc/rc.d/jail start "${jshortnames}"
}
 
################################################################################
################################################################################
stop_jail() {
  jshortnames=""
  for i in ${jails}; do
    dummy="`echo ${i} | cut -f2 -d':'`"
    jshortnames="${jshortnames} ${dummy}"
  done
  /etc/rc.d/jail stop "${jshortnames}"
}
 
################################################################################
################################################################################
restart_jail() {
  stop_jail
  start_jail
}
 
################################################################################
################################################################################
list_jail() {
  echo "Available Jails:"
  echo "Jail-Name"
  echo -e "\033[80C\033[1A\033[65DHostname"
  echo -e "\033[80C\033[1A\033[30DIP-Address"
  echo -e "\033[80C\033[1A\033[10DStatus"
  echo "==============================================================================="
  for i in ${jaillistname}; do
    jname="`echo "$i" | cut -f1 -d':'`"
    hname="`echo "$i" | cut -f2 -d':'`"
    jip="`jls -nq | grep "host.hostname=${hname} " | sed -e 's/[^ ]*.*ip4.addr=\([^ ]*\) .*/\1/g'`"
    jid="`jls -nq | grep "host.hostname=${hname} " | sed -e 's/[^ ]*.*host.hostname=\([^ ]*\) .*/\1/g'`"
    echo "${jname}"
    echo -e "\033[80C\033[1A\033[65D${hname}"
    echo -e "\033[80C\033[1A\033[30D${jip}"
    if [ -z "${jid}" ]; then
      echo -e "\033[80C\033[1A\033[10D${red}offline${normal}"
    else
      echo -e "\033[80C\033[1A\033[10D${green}online${normal}"
    fi
  done
}
 
################################################################################
################################################################################
connect_jail() {
  for i in ${jails}; do
    jlongname="`echo ${i} | cut -f1 -d':'`"
    jid="`echo ${i} | cut -f3 -d':'`"
    break
  done
 
  if [ -z "${jid}" ]; then
    echo "can't connect to jail!"
    echo -e "jail: ${jlongname} is ${red}offline${normal}!"
  else
    echo "connecting to jail: ${jlongname}"
    jexec "${jid}" /bin/csh
  fi
}
 
################################################################################
################################################################################
status_jail() {
  for i in ${jails}; do
    jlongname="`echo ${i} | cut -f1 -d':'`"
    jid="`echo ${i} | cut -f3 -d':'`"
    if [ -z "${jid}" ]; then
      echo -e "jail: ${jlongname} is ${red}offline${normal}!"
    else
      echo -e "jail: ${jlongname} is ${green}online${normal}!"
    fi
  done
}
 
################################################################################
################################################################################
add_check_depends() {
  echo " >> check dependencies"
  if [ ! -d "${jails_root}" ]; then
    mkdir "${jails_root}"
  fi
  if [ ! -d "${distfiles_dir}" ]; then
    mkdir "${distfiles_dir}"
  fi
  if [ ! -d "${ports_dir}" ]; then
    mkdir "${ports_dir}"
  fi
  if [ ! -d "${src_dir}" ]; then
    mkdir "${src_dir}"
  fi
  if [ ! -d "${txz_dir}" ]; then
    mkdir "${txz_dir}"
    echo "Download FreeBSD files into ${txz_dir}, please!"
    echo
    echo "cd ${txz_dir}"
    for i in ${txz_files}; do
      echo "fetch ${freebsdurl}/${arch}/${freebsdversion}/${i}"
    done
    echo 
    exit 1
  fi
}
 
################################################################################
################################################################################
add_create_jail() {
  echo " >> starting jail creation \"${2}\" (this needs some seconds)"
  cd /usr/jails
  mkdir "${2}"
  cd "${2}"
  for i in ${txz_files}; do
    tar -xzpf "${txz_dir}/${i}"
  done
  mkdir usr/ports
  mkdir home
  mkdir home/distfiles
  echo "   >> create ${jails_root}/${2}/etc/fstab"
  touch etc/fstab
  echo "   >> create ${jails_root}/${2}/etc/resolv.conf"
  cp /etc/resolv.conf etc/resolv.conf
  echo "   >> create ${jails_root}/${2}/etc/localtime"
  cp /etc/localtime etc/localtime
 
## create Jail boot fstab
echo "   >> create ${jails_root}/fstab.${2}"
(
cat <<__EOF__
/usr/ports              /usr/jails/${2}/usr/ports               nullfs  ro      0       0
/usr/src                /usr/jails/${2}/usr/src                 nullfs  ro      0       0
/usr/jails/distfiles    /usr/jails/${2}/home/distfiles          nullfs  rw      0       0
__EOF__
) >../fstab.${2}
 
## create Jail make.conf
echo "   >> create ${jails_root}/${2}/etc/make.conf"
(
cat <<__EOF__
WRKDIRPREFIX?=/tmp
DISTDIR=/home/distfiles
PACKAGES=/tmp
 
 
DOC_LANG=de_DE.ISO8859-1
# -----------------------------------------------------------------------------
 
# Fetching from de sites preferred
MASTER_SORT_REGEX?=://[^/]*\.de[/.]
# -----------------------------------------------------------------------------
 
KERNCONF=GENERIC
 
# wget statt fetch zum downloaden der ports benutzen. falls existiert
.if exists(/usr/local/bin/wget)
DISABLE_SIZE=   yes
FETCH_CMD=      /usr/local/bin/wget --continue --passive-ftp -t 2 -T 15
.endif
 
# --- common ----------------------------------------------------------------
# Default build flags.
#CPUTYPE?=              pentium-m
CFLAGS=-O2 -pipe
# -----------------------------------------------------------------------------
 
# --- common for all ports --------------------------------------------------
BATCH=YES
WITHOUT_DEBUG=yes
# -----------------------------------------------------------------------------
WITH_PKGNG=yes
__EOF__
) > etc/make.conf
 
## create Jail rc.conf
echo "   >> create ${jails_root}/${2}/etc/rc.conf"
(
cat <<__EOF__
syslogd_flags="-s -s"
newsyslog_enable="NO"
syslogd_enable="NO"
 
sendmail_enable="NONE"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"
sendmail_msp_queue_enable="NO"
__EOF__
) > etc/rc.conf
 
## create Jail hosts
  echo "   >> create ${jails_root}/${2}/etc/hosts"
(
cat <<__EOF__
${jail_ip}      ${2}    ${2}.${jail_domain}
__EOF__
) > etc/hosts
 
}
 
################################################################################
################################################################################
add_create_jail_part2_9() {
## modify Hosts /etc/rc.conf
  echo "   >> modify /etc/rc.conf"
(
cat <<__EOF__
 
###### ${2} JAIL ######
jail_${2}_hostname="${2}.${jail_domain}"
jail_${2}_interface="${interface}"
jail_${2}_ip="${jail_ip}"
jail_${2}_rootdir="/usr/jails/${2}"
jail_${2}_devfs_enable="YES"
jail_${2}_mount_enable="YES"
jail_${2}_flags="-l -U root"
jail_${2}_fstab="/usr/jails/fstab.${2}"
jail_${2}_exec_start="/bin/sh /etc/rc"
jail_${2}_exec_stop="/bin/sh /etc/rc.shutdown"
__EOF__
) >> /etc/rc.conf
 
}
 
################################################################################
################################################################################
add_create_jail_part2_10() {
## modify Hosts /etc/jail.conf
  echo "   >> modify /etc/jail.conf"
(
cat <<__EOF__
 
###### ${2} JAIL ######
${2} {
        host.hostname = "${2}.${jail_domain}";
        ip4.addr = "${jail_ip}";
}
 
__EOF__
) >> /etc/jail.conf
 
}
 
################################################################################
################################################################################
add_create_jail_part3() {
  echo "   >> enable jail ${2} in /etc/rc.conf"
  ${sysrc} -f /etc/rc.conf jail_enable=YES >/dev/null 2>&1
 
  grep jail_list /etc/rc.conf | grep "${2}" >/dev/null 2>&1 && check=false || check=true
  if [ ${check} = true ]; then
    ${sysrc} -f /etc/rc.conf jail_list="`${sysrc} -f /etc/rc.conf jail_list | cut -f2- -d' '` ${2}" >/dev/null 2>&1
  fi
 
# End of create_jail
  echo " >> Jail ${2} is now available!"
 
}
 
################################################################################
################################################################################
allow_chflags_jail() {
  for i in ${jails}; do
    jlongname="`echo ${i} | cut -f1 -d':'`"
    jid="`echo ${i} | cut -f3 -d':'`"
    if [ ! -z "${jid}" ]; then
      echo -e "jail: ${jlongname} chflags ${red}turned on${normal}!"
      /usr/sbin/jail -m jid=${jid} allow.chflags=1
    fi
  done
}
 
################################################################################
################################################################################
disallow_chflags_jail() {
  for i in ${jails}; do
    jlongname="`echo ${i} | cut -f1 -d':'`"
    jid="`echo ${i} | cut -f3 -d':'`"
    if [ ! -z "${jid}" ]; then
      echo -e "jail: ${jlongname} chflags ${green}turned off${normal}!"
      /usr/sbin/jail -m jid=${jid} allow.chflags=0
    fi
  done
}
 
################################################################################
################################################################################
### program
echo
echo "    Jail Manager V${version}"
echo "    =================================="
echo 
case "${1}" in
  -a|--add)
    if [ -z "${2}" ]; then
      echo "usage: ${0} ${1} JAILNAME"
      echo 
      exit 1
    else
      add_check_depends
      add_create_jail "${@}"
      if [ "`echo ${freebsdversion} | sed -e 's/\([0-9]\).*/\1/'`" == "1" ];then
        add_create_jail_part2_10 "${@}"
      else
        add_create_jail_part2_9 "${@}"
      fi
      add_create_jail_part3 "${@}"
    fi
  ;;
  -l|--list)
    list_jail
  ;;
  -c|--connect)
    search_options "${@}"
    connect_jail
  ;;
  -u|--up)
    search_options "${@}"
    start_jail
  ;;
  -d|--down)
    search_options "${@}"
    stop_jail
  ;;
  -r|--restart)
    search_options "${@}"
    restart_jail
  ;;
  -s|--status)
    search_options "${@}"
    status_jail
  ;;
  -m)
    search_options "${@}"
    allow_chflags_jail
  ;;
  -n)
    search_options "${@}"
    disallow_chflags_jail
  ;;
  -h|--help)
cat <<__USAGE__
    usage: ${0} { -l | -c | -u | -d | -r | -s | -a | -m | -n | -h }
    ------------------------------------------------------------------
    -l | --list                      see a list of all jails
    -c | --connect {jailname}        connect to a shell in a jail
    -u | --up {jailname}             start a jail
    -d | --down {jailname}           stop a jail
    -r | --restart {jailname}        restart a jail
    -s | --status {jailname}         status of a jail
    -a | --add {jailname}            add/create a jail
    -m | -m {jailname}               allow chflags inside jail 
    -n | -n {jailname}               disallow chflags inside jail 
    -h | --help                      this help
    ------------------------------------------------------------------
__USAGE__
  ;;
  *)
    echo "usage: ${0} -h"
    echo "for help"
    echo 
    exit 1
  ;;
esac
echo 
exit 0
anukis.de | The World of FreeBSD

mjail.sh | Jail Manager
