From 3acd06a0f1fcb8b1a687430aefb4ffa5b786f9d9 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 12:59:48 -0700 Subject: [PATCH 01/12] create: Allow setting zfs options on creating jail #514 @s1dh Run 'bastille create help' to see syntax --- usr/local/share/bastille/create.sh | 57 ++++++++++++++++++------------ 1 file changed, 34 insertions(+), 23 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 03d35e41..99adb253 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -40,15 +40,18 @@ usage() { cat << EOF Options: - - -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). - -M | --static-mac Generate a static MAC address for jail (VNET only). - -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). - -L | --linux This option is intended for testing with Linux jails, this is considered experimental. - -T | --thick Creates a thick container, they consume more space as they are self contained and independent. - -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. - -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + + -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). + -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -L | --linux This option is intended for testing with Linux jails, this is considered experimental. + -M | --static-mac Generate a static MAC address for jail (VNET only). + --no-validate Do not validate the release when creating the jail. + -T | --thick Creates a thick container, they consume more space as they are self contained and independent. + -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. + -x | --debug Enable debug mode. + -Z | --zfs-opts Comma separated list of ZFS options to create the jail with. This overrides the defaults. EOF exit 1 @@ -669,12 +672,17 @@ while [ $# -gt 0 ]; do -h|--help|help) usage ;; - -D|--dual) - DUAL_STACK="1" + -B|--bridge) + VNET_JAIL="1" + VNET_JAIL_BRIDGE="1" shift ;; - -M|--static-mac) - STATIC_MAC="1" + -C|--clone) + CLONE_JAIL="1" + shift + ;; + -D|--dual) + DUAL_STACK="1" shift ;; -E|--empty) @@ -685,6 +693,14 @@ while [ $# -gt 0 ]; do LINUX_JAIL="1" shift ;; + -M|--static-mac) + STATIC_MAC="1" + shift + ;; + --no-validate|no-validate) + VALIDATE_RELEASE="" + shift + ;; -T|--thick) THICK_JAIL="1" shift @@ -693,18 +709,13 @@ while [ $# -gt 0 ]; do VNET_JAIL="1" shift ;; - -B|--bridge) - VNET_JAIL="1" - VNET_JAIL_BRIDGE="1" + -x|--debug) + enable_debug shift ;; - -C|--clone) - CLONE_JAIL="1" - shift - ;; - --no-validate|no-validate) - VALIDATE_RELEASE="" - shift + -Z|--zfs-opts) + bastille_zfs_options="${2}" + shift 2 ;; -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do From 7ea54efb9a79c7215e281e883aff747d7cdb9a48 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 13:04:06 -0700 Subject: [PATCH 02/12] docs: update create docs for zfs-opts --- docs/chapters/subcommands/create.rst | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docs/chapters/subcommands/create.rst b/docs/chapters/subcommands/create.rst index fd3b9c5d..1105b88f 100644 --- a/docs/chapters/subcommands/create.rst +++ b/docs/chapters/subcommands/create.rst @@ -50,3 +50,27 @@ Also, uname does not work from within a jail. Much like MOTD, it gives you the information about the host system instead of the jail. If you need to check the version of freebsd running on the jail use the freebsd-version command to get accurate information. + +Bastille can create many different types of jails, along with many different options. See +the below help output. + +.. code-block:: shell + + ishmael ~ # bastille create help + + Usage: bastille create [option(s)] NAME RELEASE IP_ADDRESS [interface]" + + Options: + + -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). + -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -L | --linux This option is intended for testing with Linux jails, this is considered experimental. + -M | --static-mac Generate a static MAC address for jail (VNET only). + --no-validate Do not validate the release when creating the jail. + -T | --thick Creates a thick container, they consume more space as they are self contained and independent. + -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. + -x | --debug Enable debug mode. + -Z | --zfs-opts [zfs,options] Comma separated list of ZFS options to create the jail with. This overrides the defaults. + From 223c538680aa9ae593036d36dd7bffaf87b80c46 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 13:05:13 -0700 Subject: [PATCH 03/12] create: Fix spacing in help command --- usr/local/share/bastille/create.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 99adb253..78f4a78f 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -41,17 +41,17 @@ usage() { cat << EOF Options: - -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. - -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). - -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). - -L | --linux This option is intended for testing with Linux jails, this is considered experimental. - -M | --static-mac Generate a static MAC address for jail (VNET only). - --no-validate Do not validate the release when creating the jail. - -T | --thick Creates a thick container, they consume more space as they are self contained and independent. - -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. - -x | --debug Enable debug mode. - -Z | --zfs-opts Comma separated list of ZFS options to create the jail with. This overrides the defaults. + -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). + -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -L | --linux This option is intended for testing with Linux jails, this is considered experimental. + -M | --static-mac Generate a static MAC address for jail (VNET only). + --no-validate Do not validate the release when creating the jail. + -T | --thick Creates a thick container, they consume more space as they are self contained and independent. + -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. + -x | --debug Enable debug mode. + -Z | --zfs-opts [zfs,options] Comma separated list of ZFS options to create the jail with. This overrides the defaults. EOF exit 1 From e5a7618fb6e257480daea27006b50e737e3cb939 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:06:45 -0700 Subject: [PATCH 04/12] docs: Add --config to create help command --- docs/chapters/subcommands/create.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/chapters/subcommands/create.rst b/docs/chapters/subcommands/create.rst index 1105b88f..baabdb93 100644 --- a/docs/chapters/subcommands/create.rst +++ b/docs/chapters/subcommands/create.rst @@ -64,6 +64,7 @@ the below help output. -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -c | --config Use a customized configuration file to override the default values. -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). -L | --linux This option is intended for testing with Linux jails, this is considered experimental. From 320bcde2b224f15357e6ab7f07c438d0bc75e18b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:15:10 -0700 Subject: [PATCH 05/12] create: Allow specifying a custom config file to override default --- usr/local/share/bastille/create.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 78f4a78f..e59be833 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -43,6 +43,7 @@ usage() { -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -c | --config Use a customized configuration file to override the default values. -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). -L | --linux This option is intended for testing with Linux jails, this is considered experimental. @@ -667,6 +668,7 @@ LINUX_JAIL="" STATIC_MAC="" DUAL_STACK="" VALIDATE_RELEASE="1" +OPT_CONFIG="" while [ $# -gt 0 ]; do case "${1}" in -h|--help|help) @@ -681,6 +683,22 @@ while [ $# -gt 0 ]; do CLONE_JAIL="1" shift ;; + -c|--config) + OPT_CONFIG="${2}" + if [ ! -f "${OPT_CONFIG}" ]; then + if [ ! -f /usr/local/etc/bastille/${OPT_CONFIG} ]; then + error_notify "Not a valid config file: ${OPT_CONFIG}" + usage + else + info "Using custom config: ${OPT_CONFIG}" + . /usr/local/etc/bastille/${OPT_CONFIG} + fi + else + info "Using custom config: ${OPT_CONFIG}" + . "${OPT_CONFIG}" + fi + shift 2 + ;; -D|--dual) DUAL_STACK="1" shift From 9e9cef90d43fbfdbe50030d52e4516ad68a0107a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:22:46 -0700 Subject: [PATCH 06/12] create: Override shellcheck for sourcing variable --- usr/local/share/bastille/create.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index e59be833..8cde2390 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -691,10 +691,12 @@ while [ $# -gt 0 ]; do usage else info "Using custom config: ${OPT_CONFIG}" + # shellcheck disable=SC1090 . /usr/local/etc/bastille/${OPT_CONFIG} fi else info "Using custom config: ${OPT_CONFIG}" + # shellcheck disable=SC1090 . "${OPT_CONFIG}" fi shift 2 From 24eefc325f466f616be46ca76edaf0ff51dfe5b6 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:32:45 -0700 Subject: [PATCH 07/12] bootstrap: Allow bootstrapping with custom config --- usr/local/share/bastille/bootstrap.sh | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 74219638..24d06183 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -37,8 +37,9 @@ usage() { error_notify "Usage: bastille bootstrap [option(s)] [RELEASE|TEMPLATE] [update|arch]" cat << EOF Options: - - -x | --debug Enable debug mode. + + -c | --config Use a customized configuration file to override the default values. + -x | --debug Enable debug mode. EOF exit 1 @@ -424,6 +425,24 @@ while [ "$#" -gt 0 ]; do -h|--help|help) usage ;; + -c|--config) + OPT_CONFIG="${2}" + if [ ! -f "${OPT_CONFIG}" ]; then + if [ ! -f /usr/local/etc/bastille/${OPT_CONFIG} ]; then + error_notify "Not a valid config file: ${OPT_CONFIG}" + usage + else + info "Using custom config: ${OPT_CONFIG}" + # shellcheck disable=SC1090 + . /usr/local/etc/bastille/${OPT_CONFIG} + fi + else + info "Using custom config: ${OPT_CONFIG}" + # shellcheck disable=SC1090 + . "${OPT_CONFIG}" + fi + shift 2 + ;; -x|--debug) enable_debug shift From 4941541b0c527ef8f725ba6092521d4ee1db0e1c Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:43:55 -0700 Subject: [PATCH 08/12] docs: Remove config option from create --- docs/chapters/subcommands/create.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/chapters/subcommands/create.rst b/docs/chapters/subcommands/create.rst index baabdb93..1105b88f 100644 --- a/docs/chapters/subcommands/create.rst +++ b/docs/chapters/subcommands/create.rst @@ -64,7 +64,6 @@ the below help output. -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -c | --config Use a customized configuration file to override the default values. -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). -L | --linux This option is intended for testing with Linux jails, this is considered experimental. From 6fcbdef5eb1e45028c8fb3edef7f3f2c26845986 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:44:28 -0700 Subject: [PATCH 09/12] bootstrap: Remove config option --- usr/local/share/bastille/bootstrap.sh | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 24d06183..ccc4af6d 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -38,7 +38,6 @@ usage() { cat << EOF Options: - -c | --config Use a customized configuration file to override the default values. -x | --debug Enable debug mode. EOF @@ -425,24 +424,6 @@ while [ "$#" -gt 0 ]; do -h|--help|help) usage ;; - -c|--config) - OPT_CONFIG="${2}" - if [ ! -f "${OPT_CONFIG}" ]; then - if [ ! -f /usr/local/etc/bastille/${OPT_CONFIG} ]; then - error_notify "Not a valid config file: ${OPT_CONFIG}" - usage - else - info "Using custom config: ${OPT_CONFIG}" - # shellcheck disable=SC1090 - . /usr/local/etc/bastille/${OPT_CONFIG} - fi - else - info "Using custom config: ${OPT_CONFIG}" - # shellcheck disable=SC1090 - . "${OPT_CONFIG}" - fi - shift 2 - ;; -x|--debug) enable_debug shift From 22456b0d7c3359320ae62caabfe68fde28a25cb6 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:45:10 -0700 Subject: [PATCH 10/12] create: Remove config option --- usr/local/share/bastille/create.sh | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 8cde2390..1c403066 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -43,7 +43,6 @@ usage() { -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -c | --config Use a customized configuration file to override the default values. -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). -L | --linux This option is intended for testing with Linux jails, this is considered experimental. @@ -683,24 +682,6 @@ while [ $# -gt 0 ]; do CLONE_JAIL="1" shift ;; - -c|--config) - OPT_CONFIG="${2}" - if [ ! -f "${OPT_CONFIG}" ]; then - if [ ! -f /usr/local/etc/bastille/${OPT_CONFIG} ]; then - error_notify "Not a valid config file: ${OPT_CONFIG}" - usage - else - info "Using custom config: ${OPT_CONFIG}" - # shellcheck disable=SC1090 - . /usr/local/etc/bastille/${OPT_CONFIG} - fi - else - info "Using custom config: ${OPT_CONFIG}" - # shellcheck disable=SC1090 - . "${OPT_CONFIG}" - fi - shift 2 - ;; -D|--dual) DUAL_STACK="1" shift From 98eb36b209927b61f0f6036851495f10bb39dca6 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:45:53 -0700 Subject: [PATCH 11/12] create: Missed one var for config option --- usr/local/share/bastille/create.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 1c403066..78f4a78f 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -667,7 +667,6 @@ LINUX_JAIL="" STATIC_MAC="" DUAL_STACK="" VALIDATE_RELEASE="1" -OPT_CONFIG="" while [ $# -gt 0 ]; do case "${1}" in -h|--help|help) From 07095fc79e43449a82d0a4782d96f401ba49cc89 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 13:02:00 -0700 Subject: [PATCH 12/12] create: ZFS opts not optional --- usr/local/share/bastille/create.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 78f4a78f..d224ca3d 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -41,17 +41,17 @@ usage() { cat << EOF Options: - -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. - -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). - -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). - -L | --linux This option is intended for testing with Linux jails, this is considered experimental. - -M | --static-mac Generate a static MAC address for jail (VNET only). - --no-validate Do not validate the release when creating the jail. - -T | --thick Creates a thick container, they consume more space as they are self contained and independent. - -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. - -x | --debug Enable debug mode. - -Z | --zfs-opts [zfs,options] Comma separated list of ZFS options to create the jail with. This overrides the defaults. + -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). + -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -L | --linux This option is intended for testing with Linux jails, this is considered experimental. + -M | --static-mac Generate a static MAC address for jail (VNET only). + --no-validate Do not validate the release when creating the jail. + -T | --thick Creates a thick container, they consume more space as they are self contained and independent. + -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. + -x | --debug Enable debug mode. + -Z | --zfs-opts zfs,options Comma separated list of ZFS options to create the jail with. This overrides the defaults. EOF exit 1