rtyler
/
puppet-jail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve the deployment of jails 

This code improves the management of jails and should pave the way for
things like prefetch, starting and stopping of jails, etc.
This commit is contained in:
Zach Leslie 2013-07-10 19:55:43 -07:00
parent 8120112268
commit 3580071201
6 changed files with 194 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
lib/puppet/type/jail.rb
View File

@ -1,22 +1,45 @@
# This type is meant to facilitate teh deployment of FreeBSD jails.
#
# We make assumptions.
#
# 1. The directorie that you are attemtping to deploy a jail to, actually exists.
#
Puppet::Type.newtype(:jail) do
ensurable
newparam(:name, :namevar => true) do
desc "Fully qualified path to jail"
desc "The name of the jail, and only the name"
end
newparam(:source) do
desc "Where the base.txz is located"
desc "Full path to the local base file"
isrequired
end
#newparam(:zfs) do
# defaultto 'true'
#end
newparam(:jailbase) do
desc "The base directory to build the jail. e.g. /jails"
isrequired
end
#newparam(:zfsquota) do
# defaultto '2G'
#end
ensurable do
desc "what state should the jail be in"
newvalue(:present, :event => :jail_created) do
provider.create
end
newvalue(:absent, :event => :jail_destroyed) do
provider.create
end
newvalue(:running, :event => :jail_started) do
provider.start
end
newvalue(:stopped, :event => :jail_stopped) do
provider.stop
end
end
provide(:jail) do
@ -26,24 +49,49 @@ Puppet::Type.newtype(:jail) do
desc "The jail provider is the only provider for the jail type."
commands :jail => "/usr/sbin/jail"
commands :jls => "/usr/sbin/jls"
commands :jexec => "/usr/sbin/jexec"
commands :tar => "/usr/bin/tar"
commands :chflags => "/bin/chflags"
def get_jails
jaildata = jls(['-h'])
debug jaildata.split(/\r?\n/).inspect
end
def exists?
File.exists?(resource[:name])
get_jails()
path = "#{resource[:jailbase]}/#{resource[:name]}/root"
debug path.inspect
File.directory?(path)
end
def running?
output = jls('-n', 'name').split("\n").find {|j| j =~ /name=#{resource[:name]}/ }
debug output.inspect
! output.nil?
end
def create
Dir.mkdir(resource[:name])
tar(['-xpf', resource[:source], '-C', resource[:name]])
jaildir = resource[:jailbase] + '/' + resource[:name]
debug " #{jaildir} "
Dir.mkdir(jaildir) unless File.directory?(resource[:jailbase] + '/' + resource[:name])
tar([ '-xpf', resource[:source], '-C', jaildir ])
end
def destroy
stop if running?
chflags(['-R', 'noschg', resource[:name]])
FileUtils.rm_rf(resource[:name])
end
end
def start
create unless exists?
jail(['-c', resource[:name]])
end
def stop
jail(['-r', resource[:name]]) if running?
end
end
end

35
manifests/setup.pp Normal file
View File

@ -0,0 +1,35 @@
# Class: jail::setup
#
# Lay down the glpbal configuration for jail.conf as well as create the needed
# directories and/or zfs mountpoints.
#
class jail::setup (
$usezfs = false,
$zpool = 'zroot',
$zfsname = 'jails',
$basedir = '/jails',
$interface = undef
) {
if $usezfs {
zfs { "${zpool}/${zfsname}":
ensure => present,
mountpoint => $basedir,
}
} else {
file { $basedir:
ensure => directory,
owner => 'root',
group => '0',
mode => '0750',
}
}
concat::fragment { 'jail.conf-header':
order => '00',
content => template('jail/jail.conf-header.erb'),
target => '/etc/jail.conf',
}
concat { '/etc/jail.conf': }
}

63
manifests/zfsjail.pp Normal file
View File

@ -0,0 +1,63 @@
# A rapper define to create a ZFS jail
#
# * Creates a ZFS for the jail
# * Extracts the base into the jail root
# * Drops the configuration for the jail
# * Starts the jail if requested
#
define jail::zfsjail (
$ensure = present, # running, stopped, absent
$config = {},
$source,
$bootstrap = true,
$bootstrap_template = 'jail/bootstrap.sh.erb',
){
unless defined(Class['jail::setup']) {
fail('Please use jail::setup before creating jails')
}
$pool = $jail::setup::zpool
$zfsname = $jail::setup::zfsname
$basedir = $jail::setup::basedir
if $ensure == present or $ensure == running {
concat::fragment { "jail.conf-${name}":
target => '/etc/jail.conf',
content => template('jail/jail.conf-jail.erb'),
}
zfs { "${pool}/${zfsname}/${name}":
ensure => present,
}
jail { $name:
ensure => $ensure,
jailbase => $basedir,
source => $source,
require => [
Zfs["${pool}/${zfsname}/${name}"],
Concat::Fragment["jail.conf-${name}"],
]
}
file { "${basedir}/${name}/etc/resolv.conf":
owner => 'root',
group => '0',
mode => '0644',
source => '/etc/resolv.conf',
replace => false,
require => Jail[$name],
}
if $bootstrap {
file { "${basedir}/${name}/tmp/bootstrap.sh":
owner => 'root',
group => '0',
mode => '0700',
content => template($bootstrap_template),
require => Jail[$name],
}
}
}
}

5
templates/bootstrap.sh.erb Normal file
View File

@ -0,0 +1,5 @@
#! /bin/sh
# Install pkgng
ASSUME_ALWAYS_YES=1 pkg update

23
templates/jail.conf-header.erb Normal file
View File

@ -0,0 +1,23 @@
# https://pub.allbsd.org/FreeBSD-snapshots/amd64-amd64/9.1-RELENG_9-r246544-JPSNAP/ftp/
# Use the rc scripts to start and stop jails. Mount jail's /dev.
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
# Dynamic wildcard parameter:
# Base the path off the jail name.
path = "<%= @basedir %>/$name";
<% if @interface %>
interface="<%= @interface %>";
<% end %>
children.max=10;
allow.mount;
allow.mount.devfs;
allow.mount.zfs;
allow.raw_sockets;
allow.socket_af;
allow.chflags;
enforce_statfs=1;

7
templates/jail.conf-jail.erb Normal file
View File

@ -0,0 +1,7 @@
# Jail: <%= @name %>
<%= @name %> {
<% @config.each do |k,v| -%>
<%= k -%>=<%= v -%>;
<% end -%>
}