IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
sadaszewski
/
focker
1
0
Fork 0
Código Issues 9 Pull requests 0 Versões 1 Wiki Atividade
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
39 Commits
1 Branch
1.1MB
Tag: 2fb23cfef1
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 2fb23cfef1
${ noResults }
focker/jail.py

274 linhas
9.2KB
Original Anotar Histórico 

  1. import subprocess

  2. from .zfs import *

  3. import random

  4. import shutil

  5. import json

  6. from tabulate import tabulate

  7. import os

  8. import jailconf

  9. from .mount import getmntinfo

  10. 

  11. 

  12. def jail_fs_create(image):

  13.     image, _ = zfs_find(image, focker_type='image', zfs_type='snapshot')

  14.     sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()

  15.     lst = zfs_list(fields=['focker:sha256'], focker_type='image')

  16.     lst = list(filter(lambda a: a[0] == sha256, lst))

  17.     if lst:

  18.         raise ValueError('Whew, a collision...')

  19.     poolname = zfs_poolname()

  20.     for pre in range(7, 32):

  21.         name = poolname + '/focker/jails/' + sha256[:pre]

  22.         if not zfs_exists(name):

  23.             break

  24.     zfs_run(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, image, name])

  25.     return name

  26. 

  27. 

  28. def gen_env_command(command, env):

  29.     env = [ 'export ' + k + '=' + quote(v) \

  30.         for (k, v) in env.items() ]

  31.     command = ' && '.join(env + [ command ])

  32.     return command

  33. 

  34. 

  35. def quote(s):

  36.     s = s.replace('\\', '\\\\')

  37.     s = s.replace('\'', '\\\'')

  38.     s = '\'' + s + '\''

  39.     return s

  40. 

  41. 

  42. def jail_create(path, command, env, mounts, hostname=None):

  43.     name = os.path.split(path)[-1]

  44.     if os.path.exists('/etc/jail.conf'):

  45.         conf = jailconf.load('/etc/jail.conf')

  46.     else:

  47.         conf = jailconf.JailConf()

  48.     conf[name] = blk = jailconf.JailBlock()

  49.     blk['path'] = path

  50.     if command:

  51.         command = gen_env_command(command, env)

  52.         command = quote(command)

  53.         print('command:', command)

  54.         blk['exec.start'] = command

  55.     prestart = [ 'cp /etc/resolv.conf ' +

  56.         quote(os.path.join(path, 'etc/resolv.conf')) ]

  57.     poststop = []

  58.     if mounts:

  59.         for (from_, on) in mounts:

  60.             if not from_.startswith('/'):

  61.                 from_, _ = zfs_find(from_, focker_type='volume')

  62.                 from_ = zfs_mountpoint(from_)

  63.             prestart.append('mount -t nullfs ' + quote(from_) +

  64.                 ' ' + quote(os.path.join(path, on.strip('/'))))

  65.         poststop += [ 'umount -f ' +

  66.             os.path.join(path, on.strip('/')) \

  67.             for (_, on) in reversed(mounts) ]

  68.     if prestart:

  69.         blk['exec.prestart'] = quote(' && '.join(prestart))

  70.     if poststop:

  71.         blk['exec.poststop'] = quote(' && '.join(poststop))

  72.     blk['persist'] = True

  73.     blk['interface'] = 'lo1'

  74.     blk['ip4.addr'] = '127.0.1.0'

  75.     blk['mount.devfs'] = True

  76.     blk['exec.clean'] = True

  77.     blk['host.hostname'] = hostname or name

  78.     conf.write('/etc/jail.conf')

  79.     return name

  80. 

  81. 

  82. def jail_run_v2(path, command, env, mounts):

  83.     name = os.path.split(path)[-1]

  84.     command = gen_env_command(command, env)

  85.     jail_create(path, None, None, mounts)

  86.     subprocess.check_output([ 'jail', '-c', name ])

  87.     subprocess.run([ 'jexec', name, '/bin/sh', '-c', command ])

  88.     subprocess.check_output([ 'jail', '-r', name ])

  89. 

  90. 

  91. def get_jid(path):

  92.     data = json.loads(subprocess.check_output(['jls', '--libxo=json']))

  93.     lst = data['jail-information']['jail']

  94.     lst = list(filter(lambda a: a['path'] == path, lst))

  95.     if len(lst) == 0:

  96.         raise ValueError('JID not found for path: ' + path)

  97.     if len(lst) > 1:

  98.         raise ValueError('Ambiguous JID for path: ' + path)

  99.     return str(lst[0]['jid'])

  100. 

  101. 

  102. def do_mounts(path, mounts):

  103.     print('mounts:', mounts)

  104.     for (source, target) in mounts:

  105.         if source.startswith('/'):

  106.             name = source

  107.         else:

  108.             name, _ = zfs_find(source, focker_type='volume')

  109.             name = zfs_mountpoint(name)

  110.         while target.startswith('/'):

  111.             target = target[1:]

  112.         subprocess.check_output(['mount', '-t', 'nullfs', name, os.path.join(path, target)])

  113. 

  114. 

  115. def undo_mounts(path, mounts):

  116.     for (_, target) in reversed(mounts):

  117.         while target.startswith('/'):

  118.             target = target[1:]

  119.         subprocess.check_output(['umount', '-f', os.path.join(path, target)])

  120. 

  121. 

  122. def jail_run(path, command, mounts=[]):

  123.     command = ['jail', '-c', 'host.hostname=' + os.path.split(path)[1], 'persist=1', 'mount.devfs=1', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + path, 'command', '/bin/sh', '-c', command]

  124.     print('Running:', ' '.join(command))

  125.     try:

  126.         do_mounts(path, mounts)

  127.         shutil.copyfile('/etc/resolv.conf', os.path.join(path, 'etc/resolv.conf'))

  128.         res = subprocess.run(command)

  129.     finally:

  130.         try:

  131.             subprocess.run(['jail', '-r', get_jid(path)])

  132.         except ValueError:

  133.             pass

  134.         subprocess.run(['umount', '-f', os.path.join(path, 'dev')])

  135.         undo_mounts(path, mounts)

  136.     if res.returncode != 0:

  137.         # subprocess.run(['umount', os.path.join(path, 'dev')])

  138.         raise RuntimeError('Command failed')

  139. 

  140. 

  141. def jail_stop(path):

  142.     try:

  143.         jid = get_jid(path)

  144.         jailname = os.path.split(path)[-1]

  145.         subprocess.run(['jail', '-r', jailname])

  146.     except ValueError:

  147.         print('JID could not be determined')

  148.     # import time

  149.     # time.sleep(1)

  150.     mi = getmntinfo()

  151.     for m in mi:

  152.         mntonname = m['f_mntonname'].decode('utf-8')

  153.         if mntonname.startswith(path + os.path.sep):

  154.             print('Unmounting:', mntonname)

  155.             subprocess.run(['umount', '-f', mntonname])

  156. 

  157. 

  158. def jail_remove(path):

  159.     print('Removing jail:', path)

  160.     jail_stop(path)

  161.     subprocess.run(['zfs', 'destroy', '-r', '-f', zfs_name(path)])

  162.     if os.path.exists('/etc/jail.conf'):

  163.         conf = jailconf.load('/etc/jail.conf')

  164.         name = os.path.split(path)[-1]

  165.         if name in conf:

  166.             del conf[name]

  167.             conf.write('/etc/jail.conf')

  168. 

  169. 

  170. def command_jail_create(args):

  171.     name = jail_fs_create(args.image)

  172.     if args.tags:

  173.         zfs_tag(name, args.tags)

  174.     path = zfs_mountpoint(name)

  175.     jail_create(path, args.command,

  176.         { a.split(':')[0]: ':'.join(a.split(':')[1:]) \

  177.             for a in args.env },

  178.         [ [a.split(':')[0], ':'.join(a.split(':')[1:])] \

  179.             for a in args.mounts ],

  180.         args.hostname )

  181.     print(sha256)

  182.     print(path)

  183. 

  184. 

  185. def command_jail_start(args):

  186.     name, _ = zfs_find(args.reference, focker_type='jail')

  187.     path = zfs_mountpoint(name)

  188.     jailname = os.path.split(path)[-1]

  189.     subprocess.run(['jail', '-c', jailname])

  190. 

  191. 

  192. def command_jail_stop(args):

  193.     name, _ = zfs_find(args.reference, focker_type='jail')

  194.     path = zfs_mountpoint(name)

  195.     jail_stop(path)

  196. 

  197. 

  198. def command_jail_remove(args):

  199.     name, _ = zfs_find(args.reference, focker_type='jail')

  200.     path = zfs_mountpoint(name)

  201.     jail_remove(path)

  202. 

  203. 

  204. def command_jail_exec(args):

  205.     name, _ = zfs_find(args.reference, focker_type='jail')

  206.     path = zfs_mountpoint(name)

  207.     jid = get_jid(path)

  208.     subprocess.run(['jexec', str(jid)] + args.command)

  209. 

  210. 

  211. def command_jail_oneshot(args):

  212.     name = jail_fs_create(args.image)

  213.     path = zfs_mountpoint(name)

  214.     env = { a.split(':')[0]: ':'.join(a.split(':')[1:]) \

  215.         for a in args.env }

  216.     mounts = [ [ a.split(':')[0], a.split(':')[1] ] \

  217.         for a in args.mounts]

  218.     jailname = jail_create(path, ' '.join(map(quote, args.command)), env, mounts)

  219.     subprocess.run(['jail', '-c', jailname])

  220.     jail_remove(path)

  221. 

  222. # Deprecated

  223. def command_jail_oneshot_old():

  224.     base, _ = zfs_snapshot_by_tag_or_sha256(args.image)

  225.     # root = '/'.join(base.split('/')[:-1])

  226.     for _ in range(10**6):

  227.         sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()

  228.         name = sha256[:7]

  229.         name = base.split('/')[0] + '/focker/jails/' + name

  230.         if not zfs_exists(name):

  231.             break

  232.     zfs_run(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, base, name])

  233.     try:

  234.         mounts = list(map(lambda a: a.split(':'), args.mounts))

  235.         jail_run(zfs_mountpoint(name), args.command, mounts)

  236.         # subprocess.check_output(['jail', '-c', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + zfs_mountpoint(name), 'command', command])

  237.     finally:

  238.         # subprocess.run(['umount', zfs_mountpoint(name) + '/dev'])

  239.         zfs_run(['zfs', 'destroy', '-f', name])

  240.         # raise

  241. 

  242. def command_jail_list(args):

  243.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint'], focker_type='jail')

  244.     jails = subprocess.check_output(['jls', '--libxo=json'])

  245.     jails = json.loads(jails)['jail-information']['jail']

  246.     jails = { j['path']: j for j in jails }

  247.     lst = list(map(lambda a: [ a[1],

  248.         a[0] if args.full_sha256 else a[0][:7],

  249.         a[2],

  250.         jails[a[2]]['jid'] if a[2] in jails else '-' ], lst))

  251.     print(tabulate(lst, headers=['Tags', 'SHA256', 'mountpoint', 'JID']))

  252. 

  253. 

  254. def command_jail_tag(args):

  255.     name, _ = zfs_find(args.reference, focker_type='jail')

  256.     zfs_untag(args.tags, focker_type='jail')

  257.     zfs_tag(name, args.tags)

  258. 

  259. 

  260. def command_jail_untag(args):

  261.     zfs_untag(args.tags, focker_type='jail')

  262. 

  263. 

  264. def command_jail_prune(args):

  265.     jails = subprocess.check_output(['jls', '--libxo=json'])

  266.     jails = json.loads(jails)['jail-information']['jail']

  267.     used = set()

  268.     for j in jails:

  269.         used.add(j['path'])

  270.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint,name'], focker_type='jail')

  271.     for j in lst:

  272.         if j[1] == '-' and (j[2] not in used or args.force):

  273.             jail_remove(j[2])