IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
sadaszewski
/
focker
1
0
포크 0
코드 이슈 9 풀 리퀘스트 0 릴리즈 1 위키 활동
25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 커밋
1 브렌치
1.1MB
트리: bf79569d00
브랜치 태그
${ item.name }
${ searchTerm } 브랜치 생성
from 'bf79569d00'
${ noResults }
focker/jail.py

jail.py 9.1KB
Raw Normal View 히스토리

Sketched step execution implementation
4 년 전
Added ability to run jails
4 년 전
Improved jail cleanup
4 년 전
Added focker jail list
4 년 전
Introduce jail_run_v2().
4 년 전
Added focker jail create
4 년 전
A right mix of quote() and shlex.quote() seems to be correct.
4 년 전
Introduce jail_run_v2().
4 년 전
Got rid of shlex, implemented focker run oneshot.
4 년 전
Added focker jail create
4 년 전
Protect against spaces in env vars
4 년 전
A right mix of quote() and shlex.quote() seems to be correct.
4 년 전
Added focker jail create
4 년 전
Got rid of shlex, implemented focker run oneshot.
4 년 전
Added -f switch in focker jail prune
4 년 전
Introduce jail_run_v2().
4 년 전
Added focker jail create
4 년 전
Got rid of shlex, implemented focker run oneshot.
4 년 전
Added focker jail create
4 년 전
Introduce jail_run_v2().
4 년 전
A right mix of quote() and shlex.quote() seems to be correct.
4 년 전
Introduce jail_run_v2().
4 년 전
A right mix of quote() and shlex.quote() seems to be correct.
4 년 전
Introduce jail_run_v2().
4 년 전
Got rid of shlex, implemented focker run oneshot.
4 년 전
Introduce jail_run_v2().
4 년 전
Got rid of shlex, implemented focker run oneshot.
4 년 전
Introduce jail_run_v2().
4 년 전
Added hostname in jail
4 년 전
Introduce jail_run_v2().
4 년 전
Got rid of shlex, implemented focker run oneshot.
4 년 전
Added focker jail create
4 년 전
Improved jail cleanup
4 년 전
Added ability to run jails
4 년 전
Sketched step execution implementation
4 년 전
Added ability to mount volumes in focker jail run
4 년 전
Improved jail cleanup
4 년 전
First build succeeded.
4 년 전
Trying to make sure you can Ctrl+C at any time
4 년 전
Added ability to mount volumes in focker jail run
4 년 전
Added focker image tag
4 년 전
Trying to make sure you can Ctrl+C at any time
4 년 전
Minor adjustment
4 년 전
Another fix.
4 년 전
Added ability to mount volumes in focker jail run
4 년 전
Added ability to run jails
4 년 전
Making sure to finalize in the right place
4 년 전
Added ability to run jails
4 년 전
Added focker jail create
4 년 전
Added focker jail {start, stop, remove, exec}
4 년 전
Added focker jail create
4 년 전
Added focker jail {start, stop, remove, exec}
4 년 전
Added focker jail create
4 년 전
Started implementing focker jail prune.
4 년 전
Added focker jail create
4 년 전
Got rid of shlex, implemented focker run oneshot.
4 년 전
Added hostname in jail
4 년 전
Added focker jail create
4 년 전
Added -f switch in focker jail prune
4 년 전
Added focker jail create
4 년 전
Started implementing focker jail prune.
4 년 전
Added focker jail {start, stop, remove, exec}
4 년 전
Got rid of shlex, implemented focker run oneshot.
4 년 전
A right mix of quote() and shlex.quote() seems to be correct.
4 년 전
Got rid of shlex, implemented focker run oneshot.
4 년 전
Added ability to run jails
4 년 전
Added focker jail list
4 년 전
Added ability to run jails
4 년 전
Added focker jail list
4 년 전
Added ability to run jails
4 년 전
Added ability to mount volumes in focker jail run
4 년 전
Added ability to run jails
4 년 전
Making sure to finalize in the right place
4 년 전
Added ability to run jails
4 년 전
Added focker jail list
4 년 전
Added focker jail tag/untag.
4 년 전
Started implementing focker jail prune.
4 년 전
Added -f switch in focker jail prune
4 년 전
Added focker jail create
4 년 전
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269 
  1. import subprocess

  2. from .zfs import *

  3. import random

  4. import shutil

  5. import json

  6. from tabulate import tabulate

  7. import os

  8. import jailconf

  9. from .mount import getmntinfo

  10. import shlex

  11. 

  12. 

  13. def jail_fs_create(image):

  14.     image, _ = zfs_find(image, focker_type='image', zfs_type='snapshot')

  15.     sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()

  16.     lst = zfs_list(fields=['focker:sha256'], focker_type='image')

  17.     lst = list(filter(lambda a: a[0] == sha256, lst))

  18.     if lst:

  19.         raise ValueError('Whew, a collision...')

  20.     poolname = zfs_poolname()

  21.     for pre in range(7, 32):

  22.         name = poolname + '/focker/jails/' + sha256[:pre]

  23.         if not zfs_exists(name):

  24.             break

  25.     zfs_run(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, image, name])

  26.     return name

  27. 

  28. 

  29. def gen_env_command(command, env):

  30.     if any(map(lambda a: ' ' in a, env.keys())):

  31.         raise ValueError('Environment variable names cannot contain spaces')

  32.     env = [ 'export ' + k + '=' + shlex.quote(v) \

  33.         for (k, v) in env.items() ]

  34.     command = ' && '.join(env + [ command ])

  35.     return command

  36. 

  37. 

  38. def quote(s):

  39.     s = s.replace('\\', '\\\\')

  40.     s = s.replace('\'', '\\\'')

  41.     s = '\'' + s + '\''

  42.     return s

  43. 

  44. 

  45. def jail_create(path, command, env, mounts, hostname=None):

  46.     name = os.path.split(path)[-1]

  47.     if os.path.exists('/etc/jail.conf'):

  48.         conf = jailconf.load('/etc/jail.conf')

  49.     else:

  50.         conf = jailconf.JailConf()

  51.     conf[name] = blk = jailconf.JailBlock()

  52.     blk['path'] = path

  53.     if command:

  54.         command = gen_env_command(command, env)

  55.         command = quote(command)

  56.         print('command:', command)

  57.         blk['exec.start'] = command

  58.     prestart = [ 'cp /etc/resolv.conf ' +

  59.         shlex.quote(os.path.join(path, 'etc/resolv.conf')) ]

  60.     poststop = []

  61.     if mounts:

  62.         for (from_, on) in mounts:

  63.             if not from_.startswith('/'):

  64.                 from_, _ = zfs_find(from_, focker_type='volume')

  65.                 from_ = zfs_mountpoint(from_)

  66.             prestart.append('mount -t nullfs ' + shlex.quote(from_) +

  67.                 ' ' + shlex.quote(os.path.join(path, on.strip('/'))))

  68.         poststop += [ 'umount -f ' +

  69.             os.path.join(path, on.strip('/')) \

  70.             for (_, on) in reversed(mounts) ]

  71.     if prestart:

  72.         blk['exec.prestart'] = quote(' && '.join(prestart))

  73.     if poststop:

  74.         blk['exec.poststop'] = quote(' && '.join(poststop))

  75.     blk['persist'] = True

  76.     blk['interface'] = 'lo1'

  77.     blk['ip4.addr'] = '127.0.1.0'

  78.     blk['mount.devfs'] = True

  79.     blk['exec.clean'] = True

  80.     blk['host.hostname'] = hostname or name

  81.     conf.write('/etc/jail.conf')

  82.     return name

  83. 

  84. 

  85. def get_jid(path):

  86.     data = json.loads(subprocess.check_output(['jls', '--libxo=json']))

  87.     lst = data['jail-information']['jail']

  88.     lst = list(filter(lambda a: a['path'] == path, lst))

  89.     if len(lst) == 0:

  90.         raise ValueError('JID not found for path: ' + path)

  91.     if len(lst) > 1:

  92.         raise ValueError('Ambiguous JID for path: ' + path)

  93.     return str(lst[0]['jid'])

  94. 

  95. 

  96. def do_mounts(path, mounts):

  97.     print('mounts:', mounts)

  98.     for (source, target) in mounts:

  99.         if source.startswith('/'):

  100.             name = source

  101.         else:

  102.             name, _ = zfs_find(source, focker_type='volume')

  103.             name = zfs_mountpoint(name)

  104.         while target.startswith('/'):

  105.             target = target[1:]

  106.         subprocess.check_output(['mount', '-t', 'nullfs', name, os.path.join(path, target)])

  107. 

  108. 

  109. def undo_mounts(path, mounts):

  110.     for (_, target) in reversed(mounts):

  111.         while target.startswith('/'):

  112.             target = target[1:]

  113.         subprocess.check_output(['umount', '-f', os.path.join(path, target)])

  114. 

  115. 

  116. def jail_run(path, command, mounts=[]):

  117.     command = ['jail', '-c', 'host.hostname=' + os.path.split(path)[1], 'persist=1', 'mount.devfs=1', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + path, 'command', '/bin/sh', '-c', command]

  118.     print('Running:', ' '.join(command))

  119.     try:

  120.         do_mounts(path, mounts)

  121.         shutil.copyfile('/etc/resolv.conf', os.path.join(path, 'etc/resolv.conf'))

  122.         res = subprocess.run(command)

  123.     finally:

  124.         try:

  125.             subprocess.run(['jail', '-r', get_jid(path)])

  126.         except ValueError:

  127.             pass

  128.         subprocess.run(['umount', '-f', os.path.join(path, 'dev')])

  129.         undo_mounts(path, mounts)

  130.     if res.returncode != 0:

  131.         # subprocess.run(['umount', os.path.join(path, 'dev')])

  132.         raise RuntimeError('Command failed')

  133. 

  134. 

  135. def jail_stop(path):

  136.     try:

  137.         jid = get_jid(path)

  138.         jailname = os.path.split(path)[-1]

  139.         subprocess.run(['jail', '-r', jailname])

  140.     except ValueError:

  141.         print('JID could not be determined')

  142.     # import time

  143.     # time.sleep(1)

  144.     mi = getmntinfo()

  145.     for m in mi:

  146.         mntonname = m['f_mntonname'].decode('utf-8')

  147.         if mntonname.startswith(path + os.path.sep):

  148.             print('Unmounting:', mntonname)

  149.             subprocess.run(['umount', '-f', mntonname])

  150. 

  151. 

  152. def jail_remove(path):

  153.     print('Removing jail:', path)

  154.     jail_stop(path)

  155.     subprocess.run(['zfs', 'destroy', '-r', '-f', zfs_name(path)])

  156.     if os.path.exists('/etc/jail.conf'):

  157.         conf = jailconf.load('/etc/jail.conf')

  158.         name = os.path.split(path)[-1]

  159.         if name in conf:

  160.             del conf[name]

  161.             conf.write('/etc/jail.conf')

  162. 

  163. 

  164. def command_jail_create(args):

  165.     name = jail_fs_create(args.image)

  166.     if args.tags:

  167.         zfs_tag(name, args.tags)

  168.     path = zfs_mountpoint(name)

  169.     jail_create(path, args.command,

  170.         { a.split(':')[0]: ':'.join(a.split(':')[1:]) \

  171.             for a in args.env },

  172.         [ [a.split(':')[0], ':'.join(a.split(':')[1:])] \

  173.             for a in args.mounts ],

  174.         args.hostname )

  175.     print(sha256)

  176.     print(path)

  177. 

  178. 

  179. def command_jail_start(args):

  180.     name, _ = zfs_find(args.reference, focker_type='jail')

  181.     path = zfs_mountpoint(name)

  182.     jailname = os.path.split(path)[-1]

  183.     subprocess.run(['jail', '-c', jailname])

  184. 

  185. 

  186. def command_jail_stop(args):

  187.     name, _ = zfs_find(args.reference, focker_type='jail')

  188.     path = zfs_mountpoint(name)

  189.     jail_stop(path)

  190. 

  191. 

  192. def command_jail_remove(args):

  193.     name, _ = zfs_find(args.reference, focker_type='jail')

  194.     path = zfs_mountpoint(name)

  195.     jail_remove(path)

  196. 

  197. 

  198. def command_jail_exec(args):

  199.     name, _ = zfs_find(args.reference, focker_type='jail')

  200.     path = zfs_mountpoint(name)

  201.     jid = get_jid(path)

  202.     subprocess.run(['jexec', str(jid)] + args.command)

  203. 

  204. 

  205. def command_jail_oneshot(args):

  206.     name = jail_fs_create(args.image)

  207.     path = zfs_mountpoint(name)

  208.     env = { a.split(':')[0]: ':'.join(a.split(':')[1:]) \

  209.         for a in args.env }

  210.     mounts = [ [ a.split(':')[0], a.split(':')[1] ] \

  211.         for a in args.mounts]

  212.     jailname = jail_create(path,

  213.         ' '.join(map(shlex.quote, args.command or ['/bin/sh'])),

  214.         env, mounts)

  215.     subprocess.run(['jail', '-c', jailname])

  216.     jail_remove(path)

  217. 

  218. # Deprecated

  219. def command_jail_oneshot_old():

  220.     base, _ = zfs_snapshot_by_tag_or_sha256(args.image)

  221.     # root = '/'.join(base.split('/')[:-1])

  222.     for _ in range(10**6):

  223.         sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()

  224.         name = sha256[:7]

  225.         name = base.split('/')[0] + '/focker/jails/' + name

  226.         if not zfs_exists(name):

  227.             break

  228.     zfs_run(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, base, name])

  229.     try:

  230.         mounts = list(map(lambda a: a.split(':'), args.mounts))

  231.         jail_run(zfs_mountpoint(name), args.command, mounts)

  232.         # subprocess.check_output(['jail', '-c', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + zfs_mountpoint(name), 'command', command])

  233.     finally:

  234.         # subprocess.run(['umount', zfs_mountpoint(name) + '/dev'])

  235.         zfs_run(['zfs', 'destroy', '-f', name])

  236.         # raise

  237. 

  238. def command_jail_list(args):

  239.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint'], focker_type='jail')

  240.     jails = subprocess.check_output(['jls', '--libxo=json'])

  241.     jails = json.loads(jails)['jail-information']['jail']

  242.     jails = { j['path']: j for j in jails }

  243.     lst = list(map(lambda a: [ a[1],

  244.         a[0] if args.full_sha256 else a[0][:7],

  245.         a[2],

  246.         jails[a[2]]['jid'] if a[2] in jails else '-' ], lst))

  247.     print(tabulate(lst, headers=['Tags', 'SHA256', 'mountpoint', 'JID']))

  248. 

  249. 

  250. def command_jail_tag(args):

  251.     name, _ = zfs_find(args.reference, focker_type='jail')

  252.     zfs_untag(args.tags, focker_type='jail')

  253.     zfs_tag(name, args.tags)

  254. 

  255. 

  256. def command_jail_untag(args):

  257.     zfs_untag(args.tags, focker_type='jail')

  258. 

  259. 

  260. def command_jail_prune(args):

  261.     jails = subprocess.check_output(['jls', '--libxo=json'])

  262.     jails = json.loads(jails)['jail-information']['jail']

  263.     used = set()

  264.     for j in jails:

  265.         used.add(j['path'])

  266.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint,name'], focker_type='jail')

  267.     for j in lst:

  268.         if j[1] == '-' and (j[2] not in used or args.force):

  269.             jail_remove(j[2])