[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] stale /usr/jails/*.devices




This list ended up in a greybox and I've missed seeing it for a while. Sorry about the delay... Let me get to your question below.

On Fri, 23 Mar 2007, Dirk Engling wrote:
Thanks for the flowers :) Anything you miss from your old self-hacked
script days?

Yes actually. Back when I was testing the jails box, I found that if the machine went down unexpectedly it might need a bunch of work done by hand in order to come up cleanly. Fixing the /usr/jails/*.devices is one issue, but the other issue is that if you're running with file backed disks, then you might need to run fsck on them. If they need fsck and you haven't run it, then the jail won't start. So if there's a power-loss in the middle of the night, even if the system comes back up right away, it may not work.

Anyway, long story short, if you made the ezjail-admin script run fsck (or at least have an option to run fsck if needed), that'd catch another fault point.

For reference, my old script is a the bottom of this message. It hasn't been worked on in a while, but it has made things go on my old freebsd 5 box pretty well for a couple years now.

Cheers, Nathan


==== script below ====

## startjail script for FreeBSD 5 ## nathan at inwa dot net 2005-02
##

## System dependent variables ## (youll want to change these to suit your needs)
##

# $JAILROOT is the root directory for the jails JAILROOT="/usr/jails"

# $FSDIR is the directory for the filesystem files
# if you're not doing things this way, set it to something valid. FSDIR="/usr/jails"

# $DEVPARAMS is the file for /dev permissions rules
DEVPARAMS="/root/jail.devfs.rules"

# $NETWORKDEVICE is for ifconfig something fxp0 or em0 ...
NETWORKDEVICE="em0"

# $JAILCMD is what to run inside the jail # like /usr/local/sbin/jailer JAILCMD="/usr/local/sbin/jailer"

# $DEVFSRULENUMBER what rule number should we use for the devfs mounts?
DEVFSRULENUMBER="2"

###########################################
##
## You shouldn't need to change things below here ##

# Define command syntax and help
#
COMMANDSYNTAX="$0 hostname ip md"
HELP=""
#Expected inputs #hostname = the one word system host name for the jail #ip = the IP address for the jail #md = the /dev/mdX device to use - if applicable"


###########################################
##
## Test to see if we have the needed programs
## and permissions ##

# jls from jailutils port
if ! test -e /usr/sbin/jls then
	echo failed: can not find jls - make sure jailutils is installed
	exit 0
fi

# are we root?
if ! id | grep root > /dev/null
then
	echo failed: this script needs to be run as root
	exit o
fi

###########################################
##
## Test to see if shell variables are valid
##
echo Checking Parameters if ! test -e $JAILROOT
then
	echo invalid JAILROOT : $JAILROOT
	echo please fix in $0
	exit 0
elif ! test -e $FSDIR
then
	echo invalid FSDIR : $FSDIR
	echo please fix in $0
	exit 0
elif ! test -e $DEVPARAMS
then
	echo invalid DEVPARAMS : $DEVPARAMS
	echo please fix in $0
	exit 0
elif ! ifconfig | grep $NETWORKDEVICE > /dev/null
then
	echo invalid NETWORKDEVICE : $NETWORKDEVICE
	echo please check ifconfig and fix in $0
exit 0 fi

###########################################
##
## Make sure the script has been called with valid inputs
##

if ! test "$2"
then
	echo parameters?
	echo $COMMANDSYNTAX
	echo $HELP
	exit 0
fi

##########################################
## script locking
## we don't want to try doing this more than once at a time. ##

#check for lock

#make lock

#delete lock

###########################################
##
## ifconfig ##
echo Net:
if ! ifconfig | grep $2 > /dev/null
then
	# First we ping the IP address to see if another machine
	# is already using it.
	#
	echo Checking to see if $2 is used on another machine.
	if ping -c 3 $2 > /dev/null
	then
        	echo - Another host found using this IP.
		exit 0
	else
		echo - IP not in use
	fi

	# Now we configure the interface
	#
	echo Configuring network interface
	if ! ifconfig $NETWORKDEVICE inet alias $2/32
	then
		echo failed : ifconfig $NETWORKDEVICE inet alias $2/32
		exit 0
	else
		echo - ifconfig completed
	fi
else
	# Here we depend on jls which comes from jailutils
	#
	echo Network device already configured
 	if jls | grep $2 > /dev/null
	then
		echo - another jail is already using this IP
		jls | grep $2
		exit 0
	else
		echo - IP does not appear to be in use.
	fi
fi
echo - Network ready.

###########################################
##
## Filesystem ## echo Filesystem:
# Check to see if the jail's directory exists
if ! test -e $JAILROOT/$1 then
	echo unable to find $JAILROOT/$1
echo $COMMANDSYNTAX # echo $HELP
        exit 0
fi

if ! test -d $JAILROOT/$1/usr
then
	echo - Filesystem needs to be mounted

	# We'll need to do work to put the filesystem in place
	# make sure they passed in a device number
	if ! test "$3"
	then
       	        echo no md - filesystem mount device given.
               	echo $COMMANDSYNTAX \n $HELP
               	exit 0
       	fi

	# check to see if the .fs is there
	if ! test -e $FSDIR/$1.fs
	then
		echo can not find $FSDIR/$1.fs
		echo $COMMANDSYNTAX \n $HELP
		exit 0
	else
		# let's mount the directory
		echo Mounting filesystem on $JAILROOT/$1
		# Do we need to run mdconfig?
		if ! test -e /dev/md$3
		then
			echo Preparing to mount $JAILROOT/$1
			# not there lets mdconfig
			if ! mdconfig -a -t vnode -f $JAILROOT/$1.fs -u $3
			then
				echo failed : mdconfig -a -t vnode -f $JAILROOT/$1.fs -u $3
				exit 0
			else
				echo - mdconfig successful
			fi
		fi
		# If $JAILROOT/$1 needs to be mounted lets do that
		if ! mount | grep $JAILROOT/$1 > /dev/null
		then
			echo - Running fsck before mounting
			if ! fsck -y /dev/md$3c
			then
				echo failed : fsck -y /dev/md$3c
				exit 0
			fi
			echo - Attempting mount
		        if ! mount /dev/md$3c $JAILROOT/$1
			then
				echo failed : mount /dev/md$3c $JAILROOT/$1
				exit 0
			fi
			echo - mounted successfully
		else
			echo - using filesystem already mounted on $JAILROOT/$1
		fi
	fi
fi
echo - Filesystem ready

# Now that we have the filesystem, make sure we can get to everything
# we're going to need to finish
echo Checking For Required Files
if ! test -e $JAILROOT/$1/proc
then
	echo - failed : error unable to find $JAILROOT/$1/proc
	exit 0
elif ! test -e $JAILROOT/$1/dev
then
	echo - failed : unable to find $JAILROOT/$1/dev
	exit 0
elif ! test -e $JAILROOT/$1/$JAILCMD
then
	echo - failed : unable to find $JAILROOT/$1/$JAILCMD
	exit 0
fi
echo - Files found.

##########################################
##
## /proc
##
echo procfs - $JAILROOT/$1/proc

if ! mount | grep $JAILROOT/$1/proc >/dev/null
then
	echo Mounting procfs
	if ! mount -t procfs proc $JAILROOT/$1/proc
	then
		echo failed : mount -t procfs proc $JAILROOT/$1/proc
		exit 0
	else
		echo - procfs mounted
	fi
else
echo - procfs previously mounted. fi


###########################################
##
## /dev
##
## This has two parts, mounting /dev and making ## sure the permissions are ok.
##

echo devfs - $JAILROOT/$1/dev
if ! mount | grep $JAILROOT/$1/dev > /dev/null
then
	echo - trying to mount devfs
	if ! mount_devfs devfs $JAILROOT/$1/dev
	then
		echo failed : mount_devfs devfs $JAILROOT/$1/dev
		exit 0
	else
		echo - devfs mounted
	fi
fi

# this could probably look better...
echo - setting permissions on devfs
if ! devfs rule -s $DEVFSRULENUMBER delset
then
	echo failed : devfs rule -s $DEVFSRULENUMBER delset
	exit 0
elif ! cat $DEVPARAMS | devfs rule -s $DEVFSRULENUMBER add -
then
	echo failed :  cat $DEVPARAMS | /sbin/devfs rule -s $DEVFSRULENUMBER add -
	exit 0
elif ! devfs -m $JAILROOT/$1/dev rule -s $DEVFSRULENUMBER applyset
then
	echo failed :  devfs -m $JAILROOT/$1/dev rule -s $DEVFSRULENUMBER applyset
	exit 0
fi


## Check to make sure that the jail can't see things it shouldn't
echo - checking permissions
## make sure the disks are invisible
echo -- checking to make sure disks are invisible if test -e $JAILROOT/$1/dev/da* then
	echo -- failed : `ls $JAILROOT/$1/dev/da*` should not be visble
	exit 0
else
	echo -- disks are invisible
fi

echo - devfs mounted safely

###########################################
##
## Jail Command ##
##    jail [directory] [hostname] [ip] [command]
echo Starting Jail :
if ! jail $JAILROOT/$1 $1 $2 $JAILCMD
then
	echo failed : jail $JAILROOT/$1 $1 $2 $JAILCMD
	exit 0
else
	echo - jail started.
fi