mirror of
https://github.com/BastilleBSD/bastille.git
synced 2025-12-11 17:39:52 +01:00
247 lines
7.5 KiB
Bash
Executable File
247 lines
7.5 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
#
|
|
# Copyright (c) 2018-2025, Christer Edwards <christer.edwards@gmail.com>
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions are met:
|
|
#
|
|
# * Redistributions of source code must retain the above copyright notice, this
|
|
# list of conditions and the following disclaimer.
|
|
#
|
|
# * Redistributions in binary form must reproduce the above copyright notice,
|
|
# this list of conditions and the following disclaimer in the documentation
|
|
# and/or other materials provided with the distribution.
|
|
#
|
|
# * Neither the name of the copyright holder nor the names of its
|
|
# contributors may be used to endorse or promote products derived from
|
|
# this software without specific prior written permission.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
|
|
|
|
BASTILLE_VERSION=1.2.2.251204
|
|
|
|
# Validate config file
|
|
# Copy default when 'setup' is called
|
|
# so we can skip to the setup command
|
|
bastille_conf_check() {
|
|
|
|
local _config="${1}"
|
|
shift 1
|
|
local _args="$@"
|
|
|
|
if [ ! -r "${_config}" ]; then
|
|
if echo "${_args}" | grep -Eosqw "setup"; then
|
|
cp /usr/local/etc/bastille/bastille.conf.sample /usr/local/etc/bastille/bastille.conf
|
|
else
|
|
echo -e "\n[ERROR]: No config file found!"
|
|
echo -e "Please run 'bastille setup' to configure Bastille.\n"
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
## bastille_prefix should be 0750
|
|
## this restricts file system access to privileged users
|
|
bastille_perms_check() {
|
|
if [ -d "${bastille_prefix}" ]; then
|
|
BASTILLE_PREFIX_PERMS=$(stat -f "%Op" "${bastille_prefix}")
|
|
if [ "${BASTILLE_PREFIX_PERMS}" != 40750 ]; then
|
|
error_notify "Insecure permissions on ${bastille_prefix}"
|
|
error_exit "Try: chmod 0750 ${bastille_prefix}"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
usage() {
|
|
cat << EOF
|
|
|
|
Bastille is an open-source system for automating deployment and management of
|
|
containerized applications on FreeBSD.
|
|
|
|
Usage:
|
|
bastille [option(s)] command [option(s)] TARGET ARGS
|
|
|
|
Available Commands:
|
|
bootstrap Bootstrap a release for jail base.
|
|
clone Clone an existing jail.
|
|
cmd Execute arbitrary command on targeted jail(s).
|
|
config Get, set or remove a config value for the targeted jail(s).
|
|
console Console into a jail.
|
|
convert Convert thin jail to thick jail, or convert a jail to a custom release.
|
|
cp cp(1) files from host to targeted jail(s).
|
|
create Create a jail.
|
|
destroy Destroy a jail or release.
|
|
edit Edit jail configuration files (advanced).
|
|
export Export a jail.
|
|
help Help about any command.
|
|
htop Interactive process viewer (requires htop).
|
|
import Import a jail.
|
|
jcp cp(1) files from a jail to jail(s).
|
|
limits Apply resources limits to targeted jail(s). See rctl(8) and cpuset(1).
|
|
list List jails, releases, templates and more...
|
|
migrate Migrate targeted jail(s) to a remote system.
|
|
mount Mount a volume inside targeted jail(s).
|
|
network Add or remove interfaces from targeted jail(s).
|
|
pkg Manipulate binary packages within targeted jail(s). See pkg(8).
|
|
rcp cp(1) files from a jail to host.
|
|
rdr Redirect host port to jail port.
|
|
rename Rename a jail.
|
|
restart Restart a jail.
|
|
service Manage services within targeted jail(s).
|
|
setup Attempt to auto-configure network, firewall and storage and more...
|
|
start Start a stopped jail.
|
|
stop Stop a running jail.
|
|
sysrc Safely edit rc files within targeted jail(s).
|
|
tags Add or remove tags to targeted jail(s).
|
|
template Apply file templates to targeted jail(s).
|
|
top Display and update information about the top(1) cpu processes.
|
|
umount Unmount a volume from targeted jail(s).
|
|
update Update jail base -pX release.
|
|
upgrade Upgrade jail release to X.Y-RELEASE.
|
|
verify Compare release against a "known good" index.
|
|
zfs Manage (get|set) ZFS attributes on targeted jail(s).
|
|
|
|
Use "bastille -v|--version" for version information.
|
|
Use "bastille command -h|--help" for more information about a command.
|
|
Use "bastille -c|--config FILE command" to specify a non-default config file.
|
|
|
|
EOF
|
|
exit 1
|
|
}
|
|
|
|
if [ -z "${BASTILLE_CONFIG}" ]; then
|
|
if [ -z "${BASTILLE_CONFIG}" ]; then
|
|
BASTILLE_CONFIG=/usr/local/etc/bastille/bastille.conf
|
|
export BASTILLE_CONFIG
|
|
elif [ -r "/usr/local/etc/bastille/${BASTILLE_CONFIG}" ]; then
|
|
BASTILLE_CONFIG="/usr/local/etc/bastille/${BASTILLE_CONFIG}"
|
|
export BASTILLE_CONFIG
|
|
else
|
|
echo "Not a valid config file: ${BASTILLE_CONFIG}"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Pass BASTILLE_CONFIG and ARGS to config function
|
|
bastille_conf_check "${BASTILLE_CONFIG}" "$@"
|
|
bastille_perms_check
|
|
|
|
# Load common.sh after setting BASTILLE_CONFIG
|
|
. /usr/local/share/bastille/common.sh
|
|
|
|
# Handle options
|
|
while [ "$#" -gt 0 ]; do
|
|
case "${1}" in
|
|
-h|--help|help)
|
|
usage
|
|
;;
|
|
version|-v|--version)
|
|
info "${BASTILLE_VERSION}"
|
|
exit 0
|
|
;;
|
|
-c|--config)
|
|
BASTILLE_CONFIG="${2}"
|
|
if [ -r "/usr/local/etc/bastille/${BASTILLE_CONFIG}" ]; then
|
|
BASTILLE_CONFIG="/usr/local/etc/bastille/${BASTILLE_CONFIG}"
|
|
info "Using custom config: ${BASTILLE_CONFIG}"
|
|
export BASTILLE_CONFIG
|
|
else
|
|
error_exit "Not a valid config file: ${BASTILLE_CONFIG}"
|
|
fi
|
|
# Load common.sh after setting BASTILLE_CONFIG
|
|
. /usr/local/share/bastille/common.sh
|
|
shift 2
|
|
;;
|
|
-*)
|
|
error_exit "Unknown Option: \"${1}\""
|
|
;;
|
|
*)
|
|
break
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [ "$#" -lt 1 ]; then
|
|
usage
|
|
else
|
|
CMD="${1}"
|
|
shift
|
|
fi
|
|
|
|
# Handle sub-commands.
|
|
case "${CMD}" in
|
|
# 38 total commands
|
|
bootstrap| \
|
|
clone| \
|
|
cmd| \
|
|
config| \
|
|
console| \
|
|
convert| \
|
|
cp| \
|
|
create| \
|
|
destroy| \
|
|
edit| \
|
|
etcupdate| \
|
|
export| \
|
|
htop| \
|
|
import| \
|
|
jcp| \
|
|
limits| \
|
|
list| \
|
|
migrate| \
|
|
mount| \
|
|
network| \
|
|
pkg| \
|
|
rcp| \
|
|
rdr| \
|
|
rename| \
|
|
restart| \
|
|
service| \
|
|
setup| \
|
|
start| \
|
|
stop| \
|
|
sysrc| \
|
|
tags| \
|
|
template| \
|
|
top| \
|
|
umount| \
|
|
update| \
|
|
upgrade| \
|
|
verify| \
|
|
zfs)
|
|
;;
|
|
*)
|
|
usage
|
|
;;
|
|
esac
|
|
|
|
# shellcheck disable=SC2154
|
|
SCRIPTPATH="${bastille_sharedir}/${CMD}.sh"
|
|
|
|
if [ -f "${SCRIPTPATH}" ]; then
|
|
|
|
: "${UMASK:=022}"
|
|
umask "${UMASK}"
|
|
|
|
: "${SH:=sh}"
|
|
|
|
exec ${SH} "${SCRIPTPATH}" "$@"
|
|
|
|
else
|
|
error_exit "${SCRIPTPATH} not found."
|
|
fi
|