WIP on start, go fmt on *
This commit is contained in:
530
cmd/start.go
530
cmd/start.go
@ -1,13 +1,16 @@
|
||||
package cmd
|
||||
|
||||
import (
|
||||
"os"
|
||||
"fmt"
|
||||
"errors"
|
||||
"regexp"
|
||||
"strings"
|
||||
"strconv"
|
||||
"fmt"
|
||||
"github.com/c-robinson/iplib"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// FIXME : Do not work?!
|
||||
@ -34,7 +37,7 @@ func mountProcFs(jail *Jail) error {
|
||||
if err != nil {
|
||||
return errors.New(fmt.Sprintf("Error mounting procfs on %s/proc: %s", jail.RootPath, err.Error()))
|
||||
}
|
||||
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -52,7 +55,7 @@ func mountLinProcFs(jail *Jail) error {
|
||||
if err != nil {
|
||||
return errors.New(fmt.Sprintf("Error mounting linprocfs on %s: %s", ldir, err.Error()))
|
||||
}
|
||||
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -62,7 +65,7 @@ func mountDevFs(jail *Jail) error {
|
||||
if err != nil {
|
||||
return errors.New(fmt.Sprintf("Error mounting devfs on %s/dev: %s", jail.RootPath, err.Error()))
|
||||
}
|
||||
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -73,17 +76,17 @@ func mountFdescFs(jail *Jail) error {
|
||||
jail.Config.Mount_fdescfs = 0
|
||||
// Tag config so it will be synced on disk
|
||||
jail.ConfigUpdated = true
|
||||
|
||||
|
||||
// Should we consider this an error?
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
cmd := fmt.Sprintf("mount -t fdescfs descfs %s/dev/fd", jail.RootPath)
|
||||
_, err := executeCommand(cmd)
|
||||
if err != nil {
|
||||
return errors.New(fmt.Sprintf("Error mounting fdescfs on %s/dev/fd: %s", jail.RootPath, err.Error()))
|
||||
}
|
||||
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -93,22 +96,22 @@ func mountAllJailFsFromHost(jail *Jail) error {
|
||||
devfsFound := false
|
||||
fdescfsFound := false
|
||||
|
||||
cmd := "mount -p"
|
||||
out, err := executeCommand(cmd)
|
||||
if err != nil {
|
||||
return errors.New(fmt.Sprintf("Error executing mount: %s", err.Error()))
|
||||
}
|
||||
cmd := "mount -p"
|
||||
out, err := executeCommand(cmd)
|
||||
if err != nil {
|
||||
return errors.New(fmt.Sprintf("Error executing mount: %s", err.Error()))
|
||||
}
|
||||
|
||||
var outclean []string
|
||||
remSpPtrn := regexp.MustCompile(`\s+`)
|
||||
for _, l := range strings.Split(out, "\n") {
|
||||
remSpPtrn := regexp.MustCompile(`\s+`)
|
||||
for _, l := range strings.Split(out, "\n") {
|
||||
outclean = append(outclean, remSpPtrn.ReplaceAllString(l, " "))
|
||||
}
|
||||
|
||||
// Check if these FS are already mounted
|
||||
for _, l := range outclean {
|
||||
f := strings.Split(l, " ")
|
||||
if len(f) > 2 {
|
||||
f := strings.Split(l, " ")
|
||||
if len(f) > 2 {
|
||||
|
||||
if strings.EqualFold(f[1], fmt.Sprintf("%s/proc", jail.RootPath)) {
|
||||
procfsFound = true
|
||||
@ -128,22 +131,22 @@ func mountAllJailFsFromHost(jail *Jail) error {
|
||||
// Mount wanted FS
|
||||
if jail.Config.Mount_procfs > 0 && procfsFound == false {
|
||||
err := mountProcFs(jail)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if jail.Config.Mount_linprocfs > 0 && linProcfsFound == false {
|
||||
err = mountLinProcFs(jail)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if jail.Config.Mount_devfs > 0 && devfsFound == false {
|
||||
err := mountDevFs(jail)
|
||||
if err != nil {
|
||||
return err
|
||||
return err
|
||||
}
|
||||
}
|
||||
if jail.Config.Mount_fdescfs > 0 && fdescfsFound == false {
|
||||
@ -153,7 +156,6 @@ func mountAllJailFsFromHost(jail *Jail) error {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Ces montages doivent-ils etre effectués une fois le jail démarré?
|
||||
|
||||
// FreeBSD <= 9.3 do not support fdescfs
|
||||
@ -172,7 +174,7 @@ func mountAllJailFsFromHost(jail *Jail) error {
|
||||
|
||||
if gHostVersion < 12 {
|
||||
if jail.Config.Allow_mlock > 0 {
|
||||
jail.Config.Allow_mlock = 0
|
||||
jail.Config.Allow_mlock = 0
|
||||
jail.ConfigUpdated = true
|
||||
/* WIP
|
||||
err = setJailProperty(jail, "Config.Allow_mlock", "0")
|
||||
@ -186,11 +188,10 @@ func mountAllJailFsFromHost(jail *Jail) error {
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
// TODO
|
||||
// TODO
|
||||
func prepareJailedZfsDatasets(jail *Jail) error {
|
||||
if jail.Config.Jail_zfs > 0 {
|
||||
// For jail to mount filesystem, enforce_statfs should be 1 or lower (2 is the default)
|
||||
@ -229,18 +230,18 @@ func prepareJailedZfsDatasets(jail *Jail) error {
|
||||
}
|
||||
|
||||
type NatDesc struct {
|
||||
Proto string
|
||||
JailPort string
|
||||
HostPort string
|
||||
Proto string
|
||||
JailPort string
|
||||
HostPort string
|
||||
}
|
||||
|
||||
// tcp(80:8080),tcp(3300-3310:33060-33070)
|
||||
func getNatForwardsArray(nat_forwards string, decompose_range bool) ([]NatDesc, error) {
|
||||
var res []NatDesc
|
||||
|
||||
|
||||
regx := `(tcp|udp)\(([0-9]{1,5}(?:-[0-9]{1,5})?):([0-9]{1,5}(?:-[0-9]{1,5})?)\)`
|
||||
re := regexp.MustCompile(regx)
|
||||
|
||||
|
||||
for _, match := range re.FindAllStringSubmatch(nat_forwards, -1) {
|
||||
if strings.Contains(match[2], "-") == true && decompose_range == true {
|
||||
sjrange, err := strconv.Atoi(strings.Split(match[2], "-")[0])
|
||||
@ -262,7 +263,7 @@ func getNatForwardsArray(nat_forwards string, decompose_range bool) ([]NatDesc,
|
||||
if (ejrange - sjrange) != (ehrange - shrange) {
|
||||
return res, errors.New(fmt.Sprintf("Invalid port range in nat_forwards: %s", match[0]))
|
||||
}
|
||||
for i := sjrange ; i <= ejrange ; i++ {
|
||||
for i := sjrange; i <= ejrange; i++ {
|
||||
nd := NatDesc{Proto: match[1],
|
||||
JailPort: strconv.Itoa(i),
|
||||
HostPort: strconv.Itoa(shrange + (i - sjrange)),
|
||||
@ -271,16 +272,226 @@ func getNatForwardsArray(nat_forwards string, decompose_range bool) ([]NatDesc,
|
||||
}
|
||||
} else {
|
||||
nd := NatDesc{Proto: match[1],
|
||||
JailPort: match[2],
|
||||
HostPort: match[3],
|
||||
JailPort: match[2],
|
||||
HostPort: match[3],
|
||||
}
|
||||
res = append(res, nd)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func enableRcKeyValue(rcconfpath string, key string, value string) error {
|
||||
cmd := fmt.Sprintf("/usr/sbin/sysrc -f %s %s=%s", rcconfpath, key, value)
|
||||
_, err := executeCommand(cmd)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func disableRcKey(rcconfpath string, key string) error {
|
||||
cmd := fmt.Sprintf("/usr/sbin/sysrc -f %s -x %s", rcconfpath, key)
|
||||
_, err := executeCommand(cmd)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
/*****************************************************************************
|
||||
* Enable or disables DHCP or accept_rtadv for interfaces declared with this
|
||||
* option
|
||||
****************************************************************************/
|
||||
func configureDhcpOrAcceptRtadv(jail *Jail, ipproto int, enable bool) error {
|
||||
var nics []string
|
||||
|
||||
// Iocage legacy behavior to enable on all interfaces if Config.Dhcp is set...
|
||||
if ipproto == IPv4 && jail.Config.Dhcp > 0 || enable == false {
|
||||
nic_list := strings.Split(jail.Config.Interfaces, ",")
|
||||
for _, n := range nic_list {
|
||||
nics = append(nics, strings.Split(n, ":")[0])
|
||||
}
|
||||
// ...else enable for selected interface in Config.IpX_addr
|
||||
} else {
|
||||
if ipproto == IPv4 {
|
||||
for _, i := range strings.Split(jail.Config.Ip4_addr, ",") {
|
||||
if strings.EqualFold(strings.ToLower(strings.Split(i, "|")[1]), "dhcp") {
|
||||
nics = append(nics, i)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
for _, i := range strings.Split(jail.Config.Ip6_addr, ",") {
|
||||
if strings.EqualFold(strings.ToLower(strings.Split(i, "|")[1]), "accept_rtadv") {
|
||||
nics = append(nics, i)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for _, n := range nics {
|
||||
// vnet0 is epair0b inside jail
|
||||
if strings.Contains(n, "vnet") {
|
||||
n = fmt.Sprintf("%sb", strings.Replace(n, "vnet", "epair", 1))
|
||||
}
|
||||
key := fmt.Sprintf("ifconfig_%s", n)
|
||||
value := "SYNCDHCP"
|
||||
|
||||
if ipproto == IPv6 {
|
||||
key = fmt.Sprintf("%s_ipv6", key)
|
||||
value = "inet6 auto_linklocal accept_rtadv autoconf"
|
||||
}
|
||||
|
||||
if enable == true {
|
||||
err := enableRcKeyValue(jail.ConfigPath, key, value)
|
||||
if err != nil {
|
||||
return fmt.Errorf("ERROR setting %s=%s with sysrc for jail %s: %s\n", key, value, jail.Name, err)
|
||||
}
|
||||
} else {
|
||||
err := disableRcKey(jail.ConfigPath, key)
|
||||
if err != nil {
|
||||
return fmt.Errorf("ERROR deleting %s with sysrc for jail %s: %s\n", key, value, jail.Name, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func checkRtsold(jail *Jail) error {
|
||||
if strings.Contains(jail.Config.Ip6_addr, "accept_rtadv") == false {
|
||||
return fmt.Errorf("Must set at least one ip6_addr to accept_rtadv!\n")
|
||||
}
|
||||
err := enableRcKeyValue(jail.ConfigPath, "rtsold_enable", "yes")
|
||||
if err != nil {
|
||||
return fmt.Errorf("ERROR setting rtsold_enable=YES with sysrc for jail %s: %s\n", jail.Name, err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func checkNat(backend string) error {
|
||||
cmd := "/sbin/sysctl -q net.inet.ip.forwarding=1"
|
||||
_, err := executeCommand(cmd)
|
||||
if err != nil {
|
||||
return fmt.Errorf("ERROR executing \"/sbin/sysctl -q net.inet.ip.forwarding=1\": %s", err)
|
||||
}
|
||||
|
||||
if strings.EqualFold(backend, "pf") {
|
||||
// Load module and enable pf
|
||||
out, err := executeCommand("/sbin/kldload -n pf")
|
||||
if err != nil {
|
||||
if false == strings.Contains(out, "module already loaded or in kernel") {
|
||||
return fmt.Errorf("ERROR executing \"/sbin/kldload pf\": %s", err)
|
||||
}
|
||||
}
|
||||
out, err = executeCommand("/sbin/pfctl -e")
|
||||
if err != nil {
|
||||
if false == strings.Contains(out, "pf already enabled") {
|
||||
return fmt.Errorf("ERROR executing \"/sbin/pfctl -e\": %s", err)
|
||||
}
|
||||
}
|
||||
} else if strings.EqualFold(backend, "ipwf") {
|
||||
// Check if module loaded
|
||||
out, err := executeCommand("/sbin/sysctl net.inet.ip.fw.enable=1")
|
||||
if err != nil {
|
||||
if false == strings.Contains(out, "unknown oid 'net.inet.ip.fw.enable'") {
|
||||
return fmt.Errorf("ERROR executing \"/sbin/sysctl net.inet.ip.fw.enable=1\": %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
_, _ = executeCommand("/bin/kenv net.inet.ip.fw.default_to_accept=1")
|
||||
_, _ = executeCommand("/sbin/kldload -n ipfw")
|
||||
_, _ = executeCommand("/sbin/kldload -n ipfw_nat")
|
||||
_, err = executeCommand("/sbin/sysctl -q net.inet.ip.fw.enable=1")
|
||||
if err != nil {
|
||||
return fmt.Errorf("ERROR executing \"/sbin/sysctl -q net.inet.ip.fw.enable=1\": %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func getJailsInUseIPv4() ([]string, error) {
|
||||
var ips []string
|
||||
|
||||
re := regexp.MustCompile(ifconfigipv4re)
|
||||
|
||||
for _, j := range gJails {
|
||||
out, err := executeCommandInJail(&j, "/sbin/ifconfig")
|
||||
if err != nil {
|
||||
return ips, fmt.Errorf("ERROR executing \"/sbin/ifconfig\" in jail %s: %s", j.Name, err)
|
||||
}
|
||||
|
||||
for _, line := range strings.Split(out, "\n") {
|
||||
if re.MatchString(line) {
|
||||
ips = append(ips, re.FindStringSubmatch(line)[1])
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return ips, nil
|
||||
}
|
||||
|
||||
func getHostInUseIPv4() ([]string, error) {
|
||||
var ips []string
|
||||
|
||||
re := regexp.MustCompile(ifconfigipv4re)
|
||||
|
||||
out, err := executeCommand("/sbin/ifconfig")
|
||||
if err != nil {
|
||||
return ips, fmt.Errorf("ERROR executing \"/sbin/ifconfig\": %s", err)
|
||||
}
|
||||
|
||||
for _, line := range strings.Split(out, "\n") {
|
||||
if re.MatchString(line) {
|
||||
ips = append(ips, re.FindStringSubmatch(line)[1])
|
||||
}
|
||||
}
|
||||
|
||||
return ips, nil
|
||||
}
|
||||
|
||||
func genNatIpv4(jail *Jail) ([]string, error) {
|
||||
var ippair []string
|
||||
|
||||
// Get all IP in use, host and jails
|
||||
inuseip4, err := getHostInUseIPv4()
|
||||
if err != nil {
|
||||
return ippair, err
|
||||
}
|
||||
ij, err := getJailsInUseIPv4()
|
||||
if err != nil {
|
||||
return ippair, err
|
||||
}
|
||||
inuseip4 = append(inuseip4, ij...)
|
||||
|
||||
// TODO : Voir https://github.com/iocage/iocage/blob/e94863d4c54f02523fb09e62e48be7db9ac92eda/iocage_lib/ioc_common.py#L1026
|
||||
|
||||
for i := 0; i < 256; i++ {
|
||||
for j := 0; j < 256; j += 4 {
|
||||
n := iplib.NewNet4(net.ParseIP(fmt.Sprintf("172.16.%d.%d", i, j)), 30)
|
||||
for _, ip := range n.Enumerate(0, 0) {
|
||||
ippair = append(ippair, ip.String())
|
||||
}
|
||||
|
||||
found := false
|
||||
for _, ip := range inuseip4 {
|
||||
for _, ipn := range ippair {
|
||||
if ip == ipn {
|
||||
found = true
|
||||
}
|
||||
}
|
||||
}
|
||||
if found == false {
|
||||
return ippair, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return ippair, nil
|
||||
}
|
||||
|
||||
/*
|
||||
Start jail:
|
||||
Check jail fstab?
|
||||
@ -309,10 +520,11 @@ func getNatForwardsArray(nat_forwards string, decompose_range bool) ([]NatDesc,
|
||||
func StartJail(args []string) {
|
||||
// jail we have to start
|
||||
var cj *Jail
|
||||
|
||||
var err error
|
||||
|
||||
for _, j := range args {
|
||||
fmt.Printf("> Starting jail %s\n", j)
|
||||
|
||||
|
||||
for i, rj := range gJails {
|
||||
if rj.Name == j {
|
||||
// Get jail reference, not a copy of it; So we can modify attributes
|
||||
@ -324,12 +536,12 @@ func StartJail(args []string) {
|
||||
fmt.Printf("Jail not found: %s\n", j)
|
||||
continue
|
||||
}
|
||||
|
||||
|
||||
if cj.Running == true {
|
||||
fmt.Printf("Jail %s is already running!\n", cj.Name)
|
||||
continue
|
||||
}
|
||||
|
||||
|
||||
if len(cj.Config.Hostid) > 0 && cj.Config.Hostid_strict_check > 0 {
|
||||
hostid, err := ioutil.ReadFile("/etc/hostid")
|
||||
if err != nil {
|
||||
@ -342,10 +554,10 @@ func StartJail(args []string) {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
var props_missing []string
|
||||
// DHCP can also be set with "DHCP" value in ip4_addr
|
||||
if cj.Config.Dhcp > 0 || strings.EqualFold(cj.Config.Ip4_addr, "DHCP") == true {
|
||||
// DHCP can also be set with "dhcp" value in ip4_addr (Eg: "vnet0|dhcp")
|
||||
if cj.Config.Dhcp > 0 || strings.Contains(strings.ToLower(cj.Config.Ip4_addr), "dhcp") == true {
|
||||
if cj.Config.Bpf == 0 {
|
||||
props_missing = append(props_missing, fmt.Sprintf("%s: dhcp requires bpf", cj.Name))
|
||||
}
|
||||
@ -353,10 +565,10 @@ func StartJail(args []string) {
|
||||
props_missing = append(props_missing, fmt.Sprintf("%s: dhcp requires vnet", cj.Name))
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// tcp(80:8080),tcp(3300-3310:33000-33010)
|
||||
if cj.Config.Nat > 0 && strings.EqualFold(cj.Config.Nat_forwards, "none") == false {
|
||||
// If NAT && port forwarding is enabled, check that port does not conflict
|
||||
// If NAT && port forwarding is enabled, check that port does not conflict
|
||||
// with another running jail
|
||||
for _, j := range gJails {
|
||||
if j.Running == false || strings.EqualFold(j.Config.Nat_forwards, "none") == false || j.Config.Nat != 1 {
|
||||
@ -376,7 +588,7 @@ func StartJail(args []string) {
|
||||
for _, cjn := range cjnd {
|
||||
if jn == cjn {
|
||||
fmt.Printf("nat_forwards rule \"%s\" is in conflict with jail %s, won't start\n",
|
||||
fmt.Sprintf("%s(%s:%s)", cjn.Proto, cjn.JailPort, cjn.HostPort), j.Name)
|
||||
fmt.Sprintf("%s(%s:%s)", cjn.Proto, cjn.JailPort, cjn.HostPort), j.Name)
|
||||
return
|
||||
}
|
||||
}
|
||||
@ -384,27 +596,68 @@ func StartJail(args []string) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if cj.Config.Nat > 0 && strings.EqualFold(cj.Config.Nat_interface, "none") == true {
|
||||
var jhost JailHost
|
||||
cj.Config.Nat_interface = jhost.GetDefaultInterface()
|
||||
cj.ConfigUpdated = true
|
||||
}
|
||||
|
||||
|
||||
if cj.Config.Vnet > 0 && strings.EqualFold(cj.Config.Defaultrouter, "auto") == true {
|
||||
var jhost JailHost
|
||||
cj.Config.Defaultrouter = jhost.GetDefaultGateway4()
|
||||
// "auto" default Gateway should not be updated to support jailhost route change
|
||||
}
|
||||
|
||||
|
||||
if cj.Config.Vnet > 0 && strings.EqualFold(cj.Config.Defaultrouter6, "auto") == true {
|
||||
var jhost JailHost
|
||||
cj.Config.Defaultrouter6 = jhost.GetDefaultGateway6()
|
||||
// "auto" default Gateway should not be updated to support jailhost route change
|
||||
}
|
||||
|
||||
// Continue here
|
||||
|
||||
|
||||
if strings.EqualFold(cj.Config.Ip6_addr, "accept_rtadv") && cj.Config.Vnet == 0 {
|
||||
props_missing = append(props_missing, fmt.Sprintf("%s: accept_rtadv requires vnet", cj.Name))
|
||||
}
|
||||
|
||||
if cj.Config.Bpf > 0 && cj.Config.Vnet == 0 {
|
||||
props_missing = append(props_missing, fmt.Sprintf("%s: bpf requires vnet", cj.Name))
|
||||
}
|
||||
|
||||
if len(props_missing) > 0 {
|
||||
for _, m := range props_missing {
|
||||
fmt.Printf("%s\n", m)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
if cj.Config.Dhcp > 0 || strings.Contains(strings.ToLower(cj.Config.Ip4_addr), "dhcp") == true {
|
||||
err = configureDhcpOrAcceptRtadv(cj, IPv4, true)
|
||||
} else {
|
||||
err = configureDhcpOrAcceptRtadv(cj, IPv4, false)
|
||||
}
|
||||
if err != nil {
|
||||
fmt.Printf(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
if cj.Config.Rtsold > 0 {
|
||||
err = checkRtsold(cj)
|
||||
}
|
||||
if err != nil {
|
||||
fmt.Printf(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
if strings.Contains(strings.ToLower(cj.Config.Ip6_addr), "accept_rtadv") == true {
|
||||
err = configureDhcpOrAcceptRtadv(cj, IPv6, true)
|
||||
} else {
|
||||
err = configureDhcpOrAcceptRtadv(cj, IPv6, false)
|
||||
}
|
||||
if err != nil {
|
||||
fmt.Printf(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
fmt.Printf(" > Mount special filesystems:\n")
|
||||
err := mountAllJailFsFromHost(cj)
|
||||
if err != nil {
|
||||
@ -412,7 +665,7 @@ func StartJail(args []string) {
|
||||
} else {
|
||||
fmt.Printf(" > Mount special filesystems: OK\n")
|
||||
}
|
||||
|
||||
|
||||
if cj.Config.Jail_zfs > 0 {
|
||||
fmt.Printf(" > Prepare ZFS Datasets:\n")
|
||||
err := prepareJailedZfsDatasets(cj)
|
||||
@ -422,77 +675,116 @@ func StartJail(args []string) {
|
||||
fmt.Printf(" > Prepare ZFS Datasets: OK\n")
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
out, err := executeCommand(fmt.Sprintf("rctl jail:%s", cj.InternalName))
|
||||
if err == nil && len(out) > 0 {
|
||||
fmt.Printf(" > Remove RCTL rules:\n")
|
||||
err := removeRctlRules(cj.InternalName, []string{""})
|
||||
|
||||
// TODO : Check capabilites relative to FreeBSD Version when executing jail with all parameters
|
||||
// See l.335 of https://github.com/iocage/iocage/blob/e94863d4c54f02523fb09e62e48be7db9ac92eda/iocage_lib/ioc_start.py
|
||||
//checkCapabilities(cj)
|
||||
|
||||
// Check NAT backend
|
||||
if cj.Config.Nat > 0 {
|
||||
log.Debug("Check NAT backend %s\n", cj.Config.Nat_backend)
|
||||
err = checkNat(cj.Config.Nat_backend)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
fmt.Printf(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
if cj.Config.Vnet == 0 {
|
||||
log.Debug("Generate NAT IPv4 without VNet")
|
||||
ip4, err := genNatIpv4(cj)
|
||||
if err != nil {
|
||||
fmt.Printf("%s\n", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
log.Debug("Configuring NAT : Set ip4_addr to %s", ip4[0])
|
||||
// This IP should not be saved into json
|
||||
cj.Config.Ip4_addr = fmt.Sprintf("%s|%s", cj.Config.Nat_interface, ip4[0])
|
||||
} else {
|
||||
fmt.Printf(" > Remove RCTL rules: OK\n")
|
||||
log.Debug("Generate NAT IPv4 with VNet")
|
||||
ip4, err := genNatIpv4(cj)
|
||||
if err != nil {
|
||||
fmt.Printf("%s\n", err.Error())
|
||||
return
|
||||
}
|
||||
log.Debug("Configuring NAT : Set ip4_addr to %s, defaultrouter to %s", ip4[1], ip4[0])
|
||||
// This IP should not be saved into json
|
||||
cj.Config.Ip4_addr = fmt.Sprintf("vnet0|%s", ip4[1])
|
||||
cj.Config.Defaultrouter = ip4[0]
|
||||
}
|
||||
}
|
||||
|
||||
if len (cj.Config.Exec_prestop) > 0 {
|
||||
fmt.Printf(" > Execute prestop:\n")
|
||||
_, err := executeCommand(cj.Config.Exec_prestop)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Execute prestop: OK\n")
|
||||
}
|
||||
}
|
||||
|
||||
if len (cj.Config.Exec_stop) > 0 {
|
||||
fmt.Printf(" > Execute stop:\n")
|
||||
_, err := executeCommandInJail(cj, cj.Config.Exec_stop)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Execute stop: OK\n")
|
||||
}
|
||||
}
|
||||
// CONTINUE HERE
|
||||
// See https://github.com/iocage/iocage/blob/e94863d4c54f02523fb09e62e48be7db9ac92eda/iocage_lib/ioc_start.py:401
|
||||
|
||||
if cj.Config.Jail_zfs > 0 {
|
||||
fmt.Printf(" > Umount jailed ZFS:\n")
|
||||
err := umountAndUnjailZFS(cj)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Umount jailed ZFS: OK\n")
|
||||
/*
|
||||
out, err := executeCommand(fmt.Sprintf("rctl jail:%s", cj.InternalName))
|
||||
if err == nil && len(out) > 0 {
|
||||
fmt.Printf(" > Remove RCTL rules:\n")
|
||||
err := removeRctlRules(cj.InternalName, []string{""})
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Remove RCTL rules: OK\n")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if cj.Config.Vnet > 0 && len(cj.Config.Ip4_addr) > 0 {
|
||||
fmt.Printf(" > Destroy VNet interfaces:\n")
|
||||
err := destroyVNetInterfaces(cj)
|
||||
if len (cj.Config.Exec_prestop) > 0 {
|
||||
fmt.Printf(" > Execute prestop:\n")
|
||||
_, err := executeCommand(cj.Config.Exec_prestop)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Execute prestop: OK\n")
|
||||
}
|
||||
}
|
||||
|
||||
if len (cj.Config.Exec_stop) > 0 {
|
||||
fmt.Printf(" > Execute stop:\n")
|
||||
_, err := executeCommandInJail(cj, cj.Config.Exec_stop)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Execute stop: OK\n")
|
||||
}
|
||||
}
|
||||
|
||||
if cj.Config.Jail_zfs > 0 {
|
||||
fmt.Printf(" > Umount jailed ZFS:\n")
|
||||
err := umountAndUnjailZFS(cj)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Umount jailed ZFS: OK\n")
|
||||
}
|
||||
}
|
||||
|
||||
if cj.Config.Vnet > 0 && len(cj.Config.Ip4_addr) > 0 {
|
||||
fmt.Printf(" > Destroy VNet interfaces:\n")
|
||||
err := destroyVNetInterfaces(cj)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Destroy VNet interfaces: OK\n")
|
||||
}
|
||||
}
|
||||
|
||||
fmt.Printf(" > Remove devfsruleset %s:\n", cj.Config.Devfs_ruleset)
|
||||
err = deleteDevfsRuleset(cj)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Destroy VNet interfaces: OK\n")
|
||||
fmt.Printf(" > Remove devfsruleset %s: OK\n", cj.Config.Devfs_ruleset)
|
||||
}
|
||||
}
|
||||
|
||||
fmt.Printf(" > Remove devfsruleset %s:\n", cj.Config.Devfs_ruleset)
|
||||
err = deleteDevfsRuleset(cj)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Remove devfsruleset %s: OK\n", cj.Config.Devfs_ruleset)
|
||||
}
|
||||
|
||||
fmt.Printf(" > Stop jail %s:\n", cj.Name)
|
||||
err = stopJail(cj)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Stop jail %s: OK\n", cj.Name)
|
||||
}
|
||||
*/
|
||||
|
||||
fmt.Printf(" > Stop jail %s:\n", cj.Name)
|
||||
err = stopJail(cj)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %s\n", err.Error())
|
||||
} else {
|
||||
fmt.Printf(" > Stop jail %s: OK\n", cj.Name)
|
||||
}
|
||||
*/
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user