dch revised this gist . Go to revision
No changes
dch revised this gist . Go to revision
4 files changed, 169 insertions
jc.fish(file created)
| @@ -0,0 +1,37 @@ | |||
| 1 | + | function jc | |
| 2 | + | # see https://git.io/JfHOu | |
| 3 | + | set local | |
| 4 | + | set MACH (sysctl -n hw.machine) | |
| 5 | + | set ARCH (sysctl -n hw.machine_arch) | |
| 6 | + | set DOMAIN skunkwerks.at | |
| 7 | + | set RELEASE 14.0-RELEASE | |
| 8 | + | set RELDATE 1400097 | |
| 9 | + | set FLAVOUR $RELEASE-$MACH-$ARCH | |
| 10 | + | # grab the name | |
| 11 | + | set JAIL $argv[1] | |
| 12 | + | # the container | |
| 13 | + | set TEMPLATE /jails/templates/$FLAVOUR | |
| 14 | + | set INSTANCE /jails/instances/$FLAVOUR/$JAIL | |
| 15 | + | ||
| 16 | + | # find the zpool for jails and jailed datasets | |
| 17 | + | set ZPOOL (zfs list -Ho name /jails | cut -f 1 -d /) | |
| 18 | + | ||
| 19 | + | # create a /jailed dataset to contain optional per-jail jailable datasets | |
| 20 | + | # this can be located on an alternative zpool but must not be mountable | |
| 21 | + | zfs list -Ho name -d1 |grep /jailed\$ > /dev/null 2>&1 \ | |
| 22 | + | || doas zfs create -o mountpoint=none -o canmount=off $ZPOOL/jailed | |
| 23 | + | # re-fetch after possible creation | |
| 24 | + | set JAILED (zfs list -Ho name -d1 | grep /jailed\$) | |
| 25 | + | ||
| 26 | + | # derive a hopefully non-clashing IP address | |
| 27 | + | set IPA (echo -n $JAIL | sha512 | cut -c 1,2) | |
| 28 | + | set IPB (echo -n $JAIL | sha512 | cut -c 3,4) | |
| 29 | + | set IP6 $IPA$IPB | |
| 30 | + | set IP (printf "%d.%d" 0x$IPA 0x$IPB) | |
| 31 | + | # get the zt 6plane | |
| 32 | + | set IFACE (ifconfig | sort -r | /usr/bin/egrep -o '^zt[a-z0-9]+' | head -1) | |
| 33 | + | set SUBNET (ifconfig $IFACE inet6 | rg -Po 'fc\S+::' | uniq) | |
| 34 | + | set ALIAS "$IFACE|$SUBNET$IP6" | |
| 35 | + | # display config and try to start it | |
| 36 | + | echo name=$JAIL ip=$IP ip6=$IP6 iface=$IFACE subnet=$SUBNET alias=$ALIAS | |
| 37 | + | end | |
jd.fish(file created)
| @@ -0,0 +1,8 @@ | |||
| 1 | + | function jd | |
| 2 | + | set local | |
| 3 | + | set JAIL $argv[1] | |
| 4 | + | doas sysrc jail_list-=$JAIL | |
| 5 | + | for f in (zfs list -Ho name -r zroot/jails/instances | grep /$JAIL\$) | |
| 6 | + | doas zfs destroy -Rvrf $f | |
| 7 | + | end | |
| 8 | + | end | |
jr.fish(file created)
| @@ -0,0 +1,25 @@ | |||
| 1 | + | function jr | |
| 2 | + | set local | |
| 3 | + | set JAIL $argv[1] | |
| 4 | + | set INSTANCE (jls -dj $JAIL path) | |
| 5 | + | pkill -TERM -j $JAIL | |
| 6 | + | sleep 3 | |
| 7 | + | doas jail -rv $JAIL | |
| 8 | + | ||
| 9 | + | set MOUNTS (mount -p | grep $INSTANCE/ | cut -wf 2 | grep dev/fd) | |
| 10 | + | for node in $MOUNTS | |
| 11 | + | doas umount -f $node | |
| 12 | + | end | |
| 13 | + | set MOUNTS (mount -p | grep $INSTANCE/ | cut -wf 2 | grep dev/) | |
| 14 | + | for node in $MOUNTS | |
| 15 | + | doas umount -f $node | |
| 16 | + | end | |
| 17 | + | set MOUNTS (mount -p | grep $INSTANCE/ | cut -wf 2 | grep tmp/) | |
| 18 | + | for node in $MOUNTS | |
| 19 | + | doas umount -f $node | |
| 20 | + | end | |
| 21 | + | set MOUNTS (mount -p | grep $INSTANCE/ | cut -wf 2 | grep dev/fd) | |
| 22 | + | for node in $MOUNTS | |
| 23 | + | doas umount -f $node | |
| 24 | + | end | |
| 25 | + | end | |
jz.fish(file created)
| @@ -0,0 +1,99 @@ | |||
| 1 | + | function jz | |
| 2 | + | # see https://git.io/JfHOu | |
| 3 | + | set local | |
| 4 | + | set MACH (sysctl -n hw.machine) | |
| 5 | + | set ARCH (sysctl -n hw.machine_arch) | |
| 6 | + | set DOMAIN skunkwerks.at | |
| 7 | + | set RELEASE 14.2-RELEASE | |
| 8 | + | set RELDATE 1402000 | |
| 9 | + | set FLAVOUR $RELEASE-$MACH-$ARCH | |
| 10 | + | # grab the name | |
| 11 | + | set JAIL $argv[1] | |
| 12 | + | # the container | |
| 13 | + | set TEMPLATE /jails/templates/$FLAVOUR | |
| 14 | + | set INSTANCE /jails/instances/$FLAVOUR/$JAIL | |
| 15 | + | ||
| 16 | + | # find the zpool for jails and jailed datasets | |
| 17 | + | set ZPOOL (zfs list -Ho name /jails | cut -f 1 -d /) | |
| 18 | + | ||
| 19 | + | # create a /jailed dataset to contain optional per-jail jailable datasets | |
| 20 | + | # this can be located on an alternative zpool but must not be mountable | |
| 21 | + | zfs list -Ho name -d1 |grep /jailed\$ > /dev/null 2>&1 \ | |
| 22 | + | || doas zfs create -o mountpoint=none -o canmount=off $ZPOOL/jailed | |
| 23 | + | # re-fetch after possible creation | |
| 24 | + | set JAILED (zfs list -Ho name -d1 | grep /jailed\$) | |
| 25 | + | ||
| 26 | + | # create mountpoint if missing | |
| 27 | + | zfs list -Ho name $ZPOOL/jails > /dev/null 2>&1 \ | |
| 28 | + | || doas zfs create -o mountpoint=/jails -p $ZPOOL/jails | |
| 29 | + | ||
| 30 | + | # clone a template if missing | |
| 31 | + | test -d $INSTANCE \ | |
| 32 | + | || doas zfs clone $ZPOOL$TEMPLATE@ready $ZPOOL$INSTANCE \ | |
| 33 | + | && doas zfs snapshot $ZPOOL$INSTANCE@ready | |
| 34 | + | ||
| 35 | + | # add a softlink if missing | |
| 36 | + | test -L /jails/tags/$JAIL || ln -s $INSTANCE /jails/tags/$JAIL | |
| 37 | + | ||
| 38 | + | # derive a hopefully non-clashing IP address | |
| 39 | + | set IPA (echo -n $JAIL | sha512 | cut -c 1,2) | |
| 40 | + | set IPB (echo -n $JAIL | sha512 | cut -c 3,4) | |
| 41 | + | set IP6 $IPA$IPB | |
| 42 | + | set IP (printf "%d.%d" 0x$IPA 0x$IPB) | |
| 43 | + | # get the zt 6plane | |
| 44 | + | set IFACE (ifconfig | sort -r | /usr/bin/egrep -o '^zt[a-z0-9]+' | head -1) | |
| 45 | + | set SUBNET (ifconfig $IFACE inet6 | rg -Po 'fc\S+::' | uniq) | |
| 46 | + | set ALIAS "$IFACE|$SUBNET$IP6" | |
| 47 | + | # display config and try to start it | |
| 48 | + | echo name=$JAIL ip=$IP ip6=$IP6 iface=$IFACE subnet=$SUBNET alias=$ALIAS | |
| 49 | + | jls -j $JAIL > /dev/null 2>&1 | |
| 50 | + | if test $status = 0 | |
| 51 | + | doas jexec $JAIL tmux -u new-session -DAs default | |
| 52 | + | else | |
| 53 | + | doas jail -vcmr \ | |
| 54 | + | name=$JAIL \ | |
| 55 | + | path=$INSTANCE \ | |
| 56 | + | exec.created="zfs jail $JAIL $JAILED/$JAIL || true" \ | |
| 57 | + | exec.created="test -c $INSTANCE/dev/null || mount -t devfs devfs $INSTANCE/dev" \ | |
| 58 | + | exec.created="test -c $INSTANCE/tmp || mount -t tmpfs tmpfs $INSTANCE/tmp" \ | |
| 59 | + | exec.start="/bin/sh /etc/rc" \ | |
| 60 | + | exec.poststop="umount $INSTANCE/tmp" \ | |
| 61 | + | exec.poststop="umount $INSTANCE/dev" \ | |
| 62 | + | exec.poststop="logger -p info -t jz removed $JAIL" \ | |
| 63 | + | host.domainname=$DOMAIN \ | |
| 64 | + | host.hostid=0 \ | |
| 65 | + | host.hostname=$JAIL.$DOMAIN \ | |
| 66 | + | host.hostuuid=(uuidgen) \ | |
| 67 | + | ip4.addr="lo1|100.64.$IP" \ | |
| 68 | + | ip6.addr="$ALIAS" \ | |
| 69 | + | allow.chflags \ | |
| 70 | + | allow.mount \ | |
| 71 | + | allow.mount.devfs \ | |
| 72 | + | allow.mount.fdescfs \ | |
| 73 | + | allow.mount.nolinprocfs \ | |
| 74 | + | allow.mount.nullfs \ | |
| 75 | + | allow.mount.procfs \ | |
| 76 | + | allow.mount.tmpfs \ | |
| 77 | + | allow.mount.zfs \ | |
| 78 | + | allow.nomlock \ | |
| 79 | + | allow.noquotas \ | |
| 80 | + | allow.noread_msgbuf \ | |
| 81 | + | allow.noset_hostname \ | |
| 82 | + | allow.nosocket_af \ | |
| 83 | + | allow.nosysvipc \ | |
| 84 | + | allow.raw_sockets \ | |
| 85 | + | allow.reserved_ports \ | |
| 86 | + | allow.sysvipc=1 \ | |
| 87 | + | allow.novmm \ | |
| 88 | + | children.max=0 \ | |
| 89 | + | devfs_ruleset=4 \ | |
| 90 | + | enforce_statfs=1 \ | |
| 91 | + | osreldate=$RELDATE \ | |
| 92 | + | osrelease=$RELEASE \ | |
| 93 | + | persist \ | |
| 94 | + | securelevel=2 \ | |
| 95 | + | sysvmsg=disable \ | |
| 96 | + | sysvsem=disable \ | |
| 97 | + | command=/bin/sh -c "env -i TERM=$TERM tmux -u new-session -DAs default" | |
| 98 | + | end | |
| 99 | + | end | |
Newer
Older