Improve the deployment of jails
This code improves the management of jails and should pave the way for things like prefetch, starting and stopping of jails, etc.
This commit is contained in:
parent
8120112268
commit
3580071201
|
@ -1,22 +1,45 @@
|
|||
# This type is meant to facilitate teh deployment of FreeBSD jails.
|
||||
#
|
||||
# We make assumptions.
|
||||
#
|
||||
# 1. The directorie that you are attemtping to deploy a jail to, actually exists.
|
||||
#
|
||||
|
||||
Puppet::Type.newtype(:jail) do
|
||||
ensurable
|
||||
|
||||
newparam(:name, :namevar => true) do
|
||||
desc "Fully qualified path to jail"
|
||||
desc "The name of the jail, and only the name"
|
||||
end
|
||||
|
||||
newparam(:source) do
|
||||
desc "Where the base.txz is located"
|
||||
desc "Full path to the local base file"
|
||||
isrequired
|
||||
end
|
||||
|
||||
#newparam(:zfs) do
|
||||
# defaultto 'true'
|
||||
#end
|
||||
newparam(:jailbase) do
|
||||
desc "The base directory to build the jail. e.g. /jails"
|
||||
isrequired
|
||||
end
|
||||
|
||||
#newparam(:zfsquota) do
|
||||
# defaultto '2G'
|
||||
#end
|
||||
ensurable do
|
||||
desc "what state should the jail be in"
|
||||
|
||||
newvalue(:present, :event => :jail_created) do
|
||||
provider.create
|
||||
end
|
||||
|
||||
newvalue(:absent, :event => :jail_destroyed) do
|
||||
provider.create
|
||||
end
|
||||
|
||||
newvalue(:running, :event => :jail_started) do
|
||||
provider.start
|
||||
end
|
||||
|
||||
newvalue(:stopped, :event => :jail_stopped) do
|
||||
provider.stop
|
||||
end
|
||||
end
|
||||
|
||||
provide(:jail) do
|
||||
|
||||
|
@ -26,24 +49,49 @@ Puppet::Type.newtype(:jail) do
|
|||
desc "The jail provider is the only provider for the jail type."
|
||||
|
||||
commands :jail => "/usr/sbin/jail"
|
||||
commands :jls => "/usr/sbin/jls"
|
||||
commands :jexec => "/usr/sbin/jexec"
|
||||
commands :tar => "/usr/bin/tar"
|
||||
commands :chflags => "/bin/chflags"
|
||||
|
||||
def get_jails
|
||||
jaildata = jls(['-h'])
|
||||
debug jaildata.split(/\r?\n/).inspect
|
||||
end
|
||||
|
||||
def exists?
|
||||
File.exists?(resource[:name])
|
||||
get_jails()
|
||||
path = "#{resource[:jailbase]}/#{resource[:name]}/root"
|
||||
debug path.inspect
|
||||
File.directory?(path)
|
||||
end
|
||||
|
||||
def running?
|
||||
output = jls('-n', 'name').split("\n").find {|j| j =~ /name=#{resource[:name]}/ }
|
||||
debug output.inspect
|
||||
! output.nil?
|
||||
end
|
||||
|
||||
def create
|
||||
Dir.mkdir(resource[:name])
|
||||
tar(['-xpf', resource[:source], '-C', resource[:name]])
|
||||
jaildir = resource[:jailbase] + '/' + resource[:name]
|
||||
debug " #{jaildir} "
|
||||
Dir.mkdir(jaildir) unless File.directory?(resource[:jailbase] + '/' + resource[:name])
|
||||
tar([ '-xpf', resource[:source], '-C', jaildir ])
|
||||
end
|
||||
|
||||
def destroy
|
||||
stop if running?
|
||||
chflags(['-R', 'noschg', resource[:name]])
|
||||
FileUtils.rm_rf(resource[:name])
|
||||
end
|
||||
|
||||
end
|
||||
def start
|
||||
create unless exists?
|
||||
jail(['-c', resource[:name]])
|
||||
end
|
||||
|
||||
def stop
|
||||
jail(['-r', resource[:name]]) if running?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
# Class: jail::setup
|
||||
#
|
||||
# Lay down the glpbal configuration for jail.conf as well as create the needed
|
||||
# directories and/or zfs mountpoints.
|
||||
#
|
||||
class jail::setup (
|
||||
$usezfs = false,
|
||||
$zpool = 'zroot',
|
||||
$zfsname = 'jails',
|
||||
$basedir = '/jails',
|
||||
$interface = undef
|
||||
) {
|
||||
|
||||
if $usezfs {
|
||||
zfs { "${zpool}/${zfsname}":
|
||||
ensure => present,
|
||||
mountpoint => $basedir,
|
||||
}
|
||||
} else {
|
||||
file { $basedir:
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => '0',
|
||||
mode => '0750',
|
||||
}
|
||||
}
|
||||
|
||||
concat::fragment { 'jail.conf-header':
|
||||
order => '00',
|
||||
content => template('jail/jail.conf-header.erb'),
|
||||
target => '/etc/jail.conf',
|
||||
}
|
||||
|
||||
concat { '/etc/jail.conf': }
|
||||
}
|
|
@ -0,0 +1,63 @@
|
|||
# A rapper define to create a ZFS jail
|
||||
#
|
||||
# * Creates a ZFS for the jail
|
||||
# * Extracts the base into the jail root
|
||||
# * Drops the configuration for the jail
|
||||
# * Starts the jail if requested
|
||||
#
|
||||
define jail::zfsjail (
|
||||
$ensure = present, # running, stopped, absent
|
||||
$config = {},
|
||||
$source,
|
||||
$bootstrap = true,
|
||||
$bootstrap_template = 'jail/bootstrap.sh.erb',
|
||||
){
|
||||
|
||||
unless defined(Class['jail::setup']) {
|
||||
fail('Please use jail::setup before creating jails')
|
||||
}
|
||||
|
||||
$pool = $jail::setup::zpool
|
||||
$zfsname = $jail::setup::zfsname
|
||||
$basedir = $jail::setup::basedir
|
||||
|
||||
if $ensure == present or $ensure == running {
|
||||
concat::fragment { "jail.conf-${name}":
|
||||
target => '/etc/jail.conf',
|
||||
content => template('jail/jail.conf-jail.erb'),
|
||||
}
|
||||
|
||||
zfs { "${pool}/${zfsname}/${name}":
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
jail { $name:
|
||||
ensure => $ensure,
|
||||
jailbase => $basedir,
|
||||
source => $source,
|
||||
require => [
|
||||
Zfs["${pool}/${zfsname}/${name}"],
|
||||
Concat::Fragment["jail.conf-${name}"],
|
||||
]
|
||||
}
|
||||
|
||||
file { "${basedir}/${name}/etc/resolv.conf":
|
||||
owner => 'root',
|
||||
group => '0',
|
||||
mode => '0644',
|
||||
source => '/etc/resolv.conf',
|
||||
replace => false,
|
||||
require => Jail[$name],
|
||||
}
|
||||
|
||||
if $bootstrap {
|
||||
file { "${basedir}/${name}/tmp/bootstrap.sh":
|
||||
owner => 'root',
|
||||
group => '0',
|
||||
mode => '0700',
|
||||
content => template($bootstrap_template),
|
||||
require => Jail[$name],
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
#! /bin/sh
|
||||
|
||||
# Install pkgng
|
||||
ASSUME_ALWAYS_YES=1 pkg update
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
# https://pub.allbsd.org/FreeBSD-snapshots/amd64-amd64/9.1-RELENG_9-r246544-JPSNAP/ftp/
|
||||
|
||||
# Use the rc scripts to start and stop jails. Mount jail's /dev.
|
||||
exec.start = "/bin/sh /etc/rc";
|
||||
exec.stop = "/bin/sh /etc/rc.shutdown";
|
||||
exec.clean;
|
||||
mount.devfs;
|
||||
|
||||
# Dynamic wildcard parameter:
|
||||
# Base the path off the jail name.
|
||||
path = "<%= @basedir %>/$name";
|
||||
<% if @interface %>
|
||||
interface="<%= @interface %>";
|
||||
<% end %>
|
||||
children.max=10;
|
||||
allow.mount;
|
||||
allow.mount.devfs;
|
||||
allow.mount.zfs;
|
||||
allow.raw_sockets;
|
||||
allow.socket_af;
|
||||
allow.chflags;
|
||||
enforce_statfs=1;
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
|
||||
# Jail: <%= @name %>
|
||||
<%= @name %> {
|
||||
<% @config.each do |k,v| -%>
|
||||
<%= k -%>=<%= v -%>;
|
||||
<% end -%>
|
||||
}
|
Loading…
Reference in New Issue