IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
sadaszewski
/
focker
1
0
Fork 0
Code Issues 9 Pull Requests 0 Releases 1 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 Commits
1 Branch
1.1MB
Tree: ad5421e16b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ad5421e16b'
${ noResults }
focker/focker/jail.py

283 lines
9.5KB
Raw Blame History 

  1. import subprocess

  2. from .zfs import *

  3. import random

  4. import shutil

  5. import json

  6. from tabulate import tabulate

  7. import os

  8. import jailconf

  9. from .mount import getmntinfo

  10. import shlex

  11. # import pdb

  12. 

  13. 

  14. def jail_fs_create(image=None):

  15.     sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()

  16.     lst = zfs_list(fields=['focker:sha256'], focker_type='image')

  17.     lst = list(filter(lambda a: a[0] == sha256, lst))

  18.     if lst:

  19.         raise ValueError('Whew, a collision...')

  20.     poolname = zfs_poolname()

  21.     for pre in range(7, 32):

  22.         name = poolname + '/focker/jails/' + sha256[:pre]

  23.         if not zfs_exists(name):

  24.             break

  25.     if image:

  26.         image, _ = zfs_find(image, focker_type='image', zfs_type='snapshot')

  27.         zfs_parse_output(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, image, name])

  28.     else:

  29.         print('Creating empty jail:', name)

  30.         zfs_parse_output(['zfs', 'create', '-o', 'focker:sha256=' + sha256, name])

  31.     return name

  32. 

  33. 

  34. def gen_env_command(command, env):

  35.     if any(map(lambda a: ' ' in a, env.keys())):

  36.         raise ValueError('Environment variable names cannot contain spaces')

  37.     env = [ 'export ' + k + '=' + shlex.quote(v) \

  38.         for (k, v) in env.items() ]

  39.     command = ' && '.join(env + [ command ])

  40.     return command

  41. 

  42. 

  43. def quote(s):

  44.     s = s.replace('\\', '\\\\')

  45.     s = s.replace('\'', '\\\'')

  46.     s = '\'' + s + '\''

  47.     return s

  48. 

  49. 

  50. def jail_create(path, command, env, mounts, hostname=None):

  51.     name = os.path.split(path)[-1]

  52.     if os.path.exists('/etc/jail.conf'):

  53.         conf = jailconf.load('/etc/jail.conf')

  54.     else:

  55.         conf = jailconf.JailConf()

  56.     conf[name] = blk = jailconf.JailBlock()

  57.     blk['path'] = path

  58.     if command:

  59.         command = gen_env_command(command, env)

  60.         command = quote(command)

  61.         print('command:', command)

  62.         blk['exec.start'] = command

  63.     prestart = [ 'cp /etc/resolv.conf ' +

  64.         shlex.quote(os.path.join(path, 'etc/resolv.conf')) ]

  65.     poststop = []

  66.     if mounts:

  67.         for (from_, on) in mounts:

  68.             if not from_.startswith('/'):

  69.                 from_, _ = zfs_find(from_, focker_type='volume')

  70.                 from_ = zfs_mountpoint(from_)

  71.             prestart.append('mount -t nullfs ' + shlex.quote(from_) +

  72.                 ' ' + shlex.quote(os.path.join(path, on.strip('/'))))

  73.         poststop += [ 'umount -f ' +

  74.             os.path.join(path, on.strip('/')) \

  75.             for (_, on) in reversed(mounts) ]

  76.     if prestart:

  77.         blk['exec.prestart'] = quote(' && '.join(prestart))

  78.     if poststop:

  79.         blk['exec.poststop'] = quote(' && '.join(poststop))

  80.     blk['persist'] = True

  81.     blk['interface'] = 'lo1'

  82.     blk['ip4.addr'] = '127.0.1.0'

  83.     blk['mount.devfs'] = True

  84.     blk['exec.clean'] = True

  85.     blk['host.hostname'] = hostname or name

  86.     conf.write('/etc/jail.conf')

  87.     return name

  88. 

  89. 

  90. def get_jid(path):

  91.     data = json.loads(subprocess.check_output(['jls', '--libxo=json']))

  92.     lst = data['jail-information']['jail']

  93.     lst = list(filter(lambda a: a['path'] == path, lst))

  94.     if len(lst) == 0:

  95.         raise ValueError('JID not found for path: ' + path)

  96.     if len(lst) > 1:

  97.         raise ValueError('Ambiguous JID for path: ' + path)

  98.     return str(lst[0]['jid'])

  99. 

  100. 

  101. def do_mounts(path, mounts):

  102.     print('mounts:', mounts)

  103.     for (source, target) in mounts:

  104.         if source.startswith('/'):

  105.             name = source

  106.         else:

  107.             name, _ = zfs_find(source, focker_type='volume')

  108.             name = zfs_mountpoint(name)

  109.         while target.startswith('/'):

  110.             target = target[1:]

  111.         subprocess.check_output(['mount', '-t', 'nullfs',

  112.             shlex.quote(name), shlex.quote(os.path.join(path, target))])

  113. 

  114. 

  115. def undo_mounts(path, mounts):

  116.     for (_, target) in reversed(mounts):

  117.         while target.startswith('/'):

  118.             target = target[1:]

  119.         subprocess.check_output(['umount', '-f',

  120.             shlex.quote(os.path.join(path, target))])

  121. 

  122. 

  123. def jail_run(path, command, mounts=[]):

  124.     command = ['jail', '-c', 'host.hostname=' + os.path.split(path)[1], 'persist=1', 'mount.devfs=1', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + path, 'command', '/bin/sh', '-c', command]

  125.     print('Running:', ' '.join(command))

  126.     try:

  127.         do_mounts(path, mounts)

  128.         shutil.copyfile('/etc/resolv.conf', os.path.join(path, 'etc/resolv.conf'))

  129.         res = subprocess.run(command)

  130.     finally:

  131.         try:

  132.             subprocess.run(['jail', '-r', get_jid(path)])

  133.         except ValueError:

  134.             pass

  135.         subprocess.run(['umount', '-f', os.path.join(path, 'dev')])

  136.         undo_mounts(path, mounts)

  137.     if res.returncode != 0:

  138.         # subprocess.run(['umount', os.path.join(path, 'dev')])

  139.         raise RuntimeError('Command failed')

  140. 

  141. 

  142. def jail_stop(path):

  143.     try:

  144.         jid = get_jid(path)

  145.         jailname = os.path.split(path)[-1]

  146.         subprocess.run(['jail', '-r', jailname])

  147.     except ValueError:

  148.         print('JID could not be determined')

  149.     # import time

  150.     # time.sleep(1)

  151.     mi = getmntinfo()

  152.     for m in mi:

  153.         mntonname = m['f_mntonname'].decode('utf-8')

  154.         if mntonname.startswith(path + os.path.sep):

  155.             print('Unmounting:', mntonname)

  156.             subprocess.run(['umount', '-f', mntonname])

  157. 

  158. 

  159. def jail_remove(path):

  160.     print('Removing jail:', path)

  161.     jail_stop(path)

  162.     subprocess.run(['zfs', 'destroy', '-r', '-f', zfs_name(path)])

  163.     if os.path.exists('/etc/jail.conf'):

  164.         conf = jailconf.load('/etc/jail.conf')

  165.         name = os.path.split(path)[-1]

  166.         if name in conf:

  167.             del conf[name]

  168.             conf.write('/etc/jail.conf')

  169. 

  170. 

  171. def command_jail_create(args):

  172.     name = jail_fs_create(args.image)

  173.     if args.tags:

  174.         zfs_tag(name, args.tags)

  175.     path = zfs_mountpoint(name)

  176.     jail_create(path, args.command,

  177.         { a.split(':')[0]: ':'.join(a.split(':')[1:]) \

  178.             for a in args.env },

  179.         [ [a.split(':')[0], ':'.join(a.split(':')[1:])] \

  180.             for a in args.mounts ],

  181.         args.hostname )

  182.     print(sha256)

  183.     print(path)

  184. 

  185. 

  186. def command_jail_start(args):

  187.     name, _ = zfs_find(args.reference, focker_type='jail')

  188.     path = zfs_mountpoint(name)

  189.     jailname = os.path.split(path)[-1]

  190.     subprocess.run(['jail', '-c', jailname])

  191. 

  192. 

  193. def command_jail_stop(args):

  194.     name, _ = zfs_find(args.reference, focker_type='jail')

  195.     path = zfs_mountpoint(name)

  196.     jail_stop(path)

  197. 

  198. 

  199. def command_jail_remove(args):

  200.     name, _ = zfs_find(args.reference, focker_type='jail')

  201.     path = zfs_mountpoint(name)

  202.     jail_remove(path)

  203. 

  204. 

  205. def command_jail_exec(args):

  206.     name, _ = zfs_find(args.reference, focker_type='jail')

  207.     path = zfs_mountpoint(name)

  208.     jid = get_jid(path)

  209.     subprocess.run(['jexec', str(jid)] + args.command)

  210. 

  211. 

  212. def jail_oneshot(image, command, env, mounts):

  213.     # pdb.set_trace()

  214.     name = jail_fs_create(image)

  215.     path = zfs_mountpoint(name)

  216.     jailname = jail_create(path,

  217.         ' '.join(map(shlex.quote, command or ['/bin/sh'])),

  218.         env, mounts)

  219.     subprocess.run(['jail', '-c', jailname])

  220.     jail_remove(path)

  221. 

  222. 

  223. def command_jail_oneshot(args):

  224.     env = { a.split(':')[0]: ':'.join(a.split(':')[1:]) \

  225.         for a in args.env }

  226.     mounts = [ [ a.split(':')[0], a.split(':')[1] ] \

  227.         for a in args.mounts]

  228.     jail_oneshot(args.image, args.command, env, mounts)

  229. 

  230. 

  231. # Deprecated

  232. def command_jail_oneshot_old():

  233.     base, _ = zfs_snapshot_by_tag_or_sha256(args.image)

  234.     # root = '/'.join(base.split('/')[:-1])

  235.     for _ in range(10**6):

  236.         sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()

  237.         name = sha256[:7]

  238.         name = base.split('/')[0] + '/focker/jails/' + name

  239.         if not zfs_exists(name):

  240.             break

  241.     zfs_run(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, base, name])

  242.     try:

  243.         mounts = list(map(lambda a: a.split(':'), args.mounts))

  244.         jail_run(zfs_mountpoint(name), args.command, mounts)

  245.         # subprocess.check_output(['jail', '-c', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + zfs_mountpoint(name), 'command', command])

  246.     finally:

  247.         # subprocess.run(['umount', zfs_mountpoint(name) + '/dev'])

  248.         zfs_run(['zfs', 'destroy', '-f', name])

  249.         # raise

  250. 

  251. def command_jail_list(args):

  252.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint'], focker_type='jail')

  253.     jails = subprocess.check_output(['jls', '--libxo=json'])

  254.     jails = json.loads(jails)['jail-information']['jail']

  255.     jails = { j['path']: j for j in jails }

  256.     lst = list(map(lambda a: [ a[1],

  257.         a[0] if args.full_sha256 else a[0][:7],

  258.         a[2],

  259.         jails[a[2]]['jid'] if a[2] in jails else '-' ], lst))

  260.     print(tabulate(lst, headers=['Tags', 'SHA256', 'mountpoint', 'JID']))

  261. 

  262. 

  263. def command_jail_tag(args):

  264.     name, _ = zfs_find(args.reference, focker_type='jail')

  265.     zfs_untag(args.tags, focker_type='jail')

  266.     zfs_tag(name, args.tags)

  267. 

  268. 

  269. def command_jail_untag(args):

  270.     zfs_untag(args.tags, focker_type='jail')

  271. 

  272. 

  273. def command_jail_prune(args):

  274.     jails = subprocess.check_output(['jls', '--libxo=json'])

  275.     jails = json.loads(jails)['jail-information']['jail']

  276.     used = set()

  277.     for j in jails:

  278.         used.add(j['path'])

  279.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint,name'], focker_type='jail')

  280.     for j in lst:

  281.         if j[1] == '-' and (j[2] not in used or args.force):

  282.             jail_remove(j[2])