Mirrors/BastilleBSD_bastille
1
0
Fork 1
mirror of https://github.com/BastilleBSD/bastille.git synced 2025-12-11 01:19:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Initial working FSTAB hook and documentation

Browse Source
This commit is contained in:
Christer Edwards
2020-01-12 07:32:10 -07:00
parent 9778a24870
commit edc6308001
2 changed files with 74 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
README.md
View File

@@ -70,7 +70,7 @@ Use "bastille command -h|--help" for more information about a command.
```
## 0.5-beta
## 0.6-beta
This document outlines the basic usage of the Bastille container management
framework. This release is still considered beta.
@@ -543,40 +543,44 @@ Templates](https://gitlab.com/BastilleBSD-Templates)?
Bastille supports a templating system allowing you to apply files, pkgs and
execute commands inside the container automatically.
Currently supported template hooks are: `PRE`, `CONFIG`, `PKG`, `SYSRC`, `CMD`.
Planned template hooks include: `FSTAB`, `PF`, `LOG`
Currently supported template hooks are: `INCLUDE`, `PRE`, `FSTAB`, `OVERLAY`, `PKG`, `SYSRC`, `SERVICE`, `CMD`.
Planned template hooks include: `PF`, `LOG`
Templates are created in `${bastille_prefix}/templates` and can leverage any of
the template hooks. Simply create a new directory named after the template. eg;
the template hooks. Simply create a new directory in the format project/repo,
ie; `username/base-template`
```shell
mkdir -p /usr/local/bastille/templates/username/base
mkdir -p /usr/local/bastille/templates/username/base-template
```
To leverage a template hook, create an UPPERCASE file in the root of the
template directory named after the hook you want to execute. eg;
```shell
echo "zsh vim-console git-lite htop" > /usr/local/bastille/templates/username/base/PKG
echo "/usr/bin/chsh -s /usr/local/bin/zsh" > /usr/local/bastille/templates/username/base/CMD
echo "usr" > /usr/local/bastille/templates/username/base/OVERLAY
echo "zsh vim-console git-lite htop" > /usr/local/bastille/templates/username/base-template/PKG
echo "/usr/bin/chsh -s /usr/local/bin/zsh" > /usr/local/bastille/templates/username/base-template/CMD
echo "usr" > /usr/local/bastille/templates/username/base-template/OVERLAY
```
Template hooks are executed in specific order and require specific syntax to
work as expected. This table outlines those requirements:
work as expected. This table outlines that order and those requirements:
| SUPPORTED | format | example |
|-----------|------------------|----------------------------------------------------------------|
| PRE/CMD | /bin/sh command | /usr/bin/chsh -s /usr/local/bin/zsh |
| OVERLAY | paths (one/line) | etc root usr |
| PKG | port/pkg name(s) | vim-console zsh git-lite tree htop |
| SYSRC | sysrc command(s) | nginx_enable=YES |
| SUPPORTED | format | example |
|-----------|---------------------|------------------------------------------------|
| INCLUDE | template path/URL | http?://TEMPLATE_URL or username/base-template |
| PRE | /bin/sh command | mkdir -p /usr/local/path |
| FSTAB | fstab syntax | /host/path container/path nullfs ro 0 0 |
| PKG | port/pkg name(s) | vim-console zsh git-lite tree htop |
| OVERLAY | paths (one/line) | etc usr |
| SYSRC | sysrc command(s) | nginx_enable=YES |
| SERVICE | service command(s) | nginx restart |
| CMD | /bin/sh command | /usr/bin/chsh -s /usr/local/bin/zsh |
| PLANNED | format | example |
|---------|------------------|----------------------------------------------------------------|
| PF | pf rdr entry | rdr pass inet proto tcp from any to any port 80 -> 10.17.89.80 |
| LOG | path | /var/log/nginx/access.log |
| FSTAB | fstab syntax | /path/on/host /path/in/container nullfs ro 0 0 |
Note: SYSRC requires NO quotes or that quotes (`"`) be escaped. ie; `\"`)
@@ -587,12 +591,12 @@ template directory as "/".
An example here may help. Think of
`/usr/local/bastille/templates/username/base`, our example template, as the
root of our filesystem overlay. If you create an `etc/hosts` or
`etc/resolv.conf` *inside* the base template directory, these can be overlayed
`etc/resolv.conf` inside the base template directory, these can be overlayed
into your container.
Note: due to the way FreeBSD segregates user-space, the majority of your
overlayed template files will be in `usr/local`. The few general
exceptions are the `etc/hosts`, `etc/resolv.conf`, and `etc/rc.conf.local`, etc.
exceptions are the `etc/hosts`, `etc/resolv.conf`, and `etc/rc.conf.local`.
After populating `usr/local/` with custom config files that your container will
use, be sure to include `usr` in the template OVERLAY definition. eg;

53
usr/local/share/bastille/template.sh
View File

@@ -135,7 +135,58 @@ for _jail in ${JAILS}; do
## FSTAB
if [ -s "${bastille_template}/FSTAB" ]; then
echo -e "${COLOR_GREEN}NOT YET IMPLEMENTED.${COLOR_RESET}"
echo -e "${COLOR_GREEN}[${_jail}]:FSTAB -- START${COLOR_RESET}"
while read _fstab; do
## assign needed variables
_hostpath=$(echo "${_fstab}" | awk '{print $1}')
_jailpath=$(echo "${_fstab}" | awk '{print $2}')
_type=$(echo "${_fstab}" | awk '{print $3}')
_perms=$(echo "${_fstab}" | awk '{print $4}')
_checks=$(echo "${_fstab}" | awk '{print $5" "$6}')
## if any variables are empty, bail out
if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "${_perms}" ] || [ -z "${_checks}" ]; then
echo -e "${COLOR_RED}FSTAB format not recognized.${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}"
exit 1
fi
## if host path doesn't exist or type is not "nullfs"
if [ ! -d "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then
echo -e "${COLOR_RED}Detected invalid host path or incorrect mount type in FSTAB.${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}"
exit 1
fi
## if mount permissions are not "ro" or "rw"
if [ "${_perms}" != "ro" ] && [ "${_perms}" != "rw" ]; then
echo -e "${COLOR_RED}Detected invalid mount permissions in FSTAB.${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}"
exit 1
fi
## if check & pass are not "0 0 - 1 1"; bail out
if [ "${_checks}" != "0 0" ] && [ "${_checks}" != "1 0" ] && [ "${_checks}" != "0 1" ] && [ "${_checks}" != "1 1" ]; then
echo -e "${COLOR_RED}Detected invalid fstab options in FSTAB.${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}"
exit 1
fi
## aggregate variables into FSTAB entry
_fstab_entry="${_hostpath} ${bastille_jailsdir}/${_jail}/root/${_jailpath} ${_type} ${_perms} ${_checks}"
## if entry doesn't exist, add; else show existing entry
if [ ! "$(grep "${_jailpath}" "${bastille_jailsdir}/${_jail}/fstab")" ]; then
echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab"
echo "Added: ${_fstab_entry}"
else
echo "$(grep "${_jailpath}" "${bastille_jailsdir}/${_jail}/fstab")"
fi
done < "${bastille_template}/FSTAB"
mount -F "${bastille_jailsdir}/${_jail}/fstab" -a
echo -e "${COLOR_GREEN}[${_jail}]:FSTAB -- END${COLOR_RESET}"
echo
fi
## PF