IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

323 line
11KB

  1. #
  2. # Copyright (C) Stanislaw Adaszewski, 2020
  3. # License: GNU General Public License v3.0
  4. # URL: https://github.com/sadaszewski/focker
  5. # URL: https://adared.ch/focker
  6. #
  7. import subprocess
  8. from .zfs import *
  9. import random
  10. import shutil
  11. import json
  12. from tabulate import tabulate
  13. import os
  14. import jailconf
  15. from .mount import getmntinfo
  16. import shlex
  17. import stat
  18. from .misc import focker_lock, \
  19. focker_unlock
  20. def backup_file(fname, nbackups=10, chmod=0o600):
  21. existing_backups = []
  22. for i in range(nbackups):
  23. bakname = '%s.%d' % (fname, i)
  24. if os.path.exists(bakname):
  25. st = os.stat(bakname)
  26. existing_backups.append((bakname, st.st_mtime))
  27. else:
  28. shutil.copyfile(fname, bakname)
  29. os.chmod(bakname, chmod)
  30. return bakname
  31. existing_backups.sort(key=lambda a: a[1])
  32. # overwrite the oldest
  33. bakname = existing_backups[0][0]
  34. shutil.copyfile(fname, bakname)
  35. os.chmod(bakname, chmod)
  36. return bakname
  37. def jail_conf_write(conf):
  38. conf.write('/etc/jail.conf')
  39. def jail_fs_create(image=None):
  40. sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()
  41. lst = zfs_list(fields=['focker:sha256'], focker_type='image')
  42. lst = list(filter(lambda a: a[0] == sha256, lst))
  43. if lst:
  44. raise ValueError('Whew, a collision...')
  45. poolname = zfs_poolname()
  46. for pre in range(7, 32):
  47. name = poolname + '/focker/jails/' + sha256[:pre]
  48. if not zfs_exists(name):
  49. break
  50. if image:
  51. image, _ = zfs_find(image, focker_type='image', zfs_type='snapshot')
  52. zfs_parse_output(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, image, name])
  53. else:
  54. print('Creating empty jail:', name)
  55. zfs_parse_output(['zfs', 'create', '-o', 'focker:sha256=' + sha256, name])
  56. return name
  57. def gen_env_command(command, env):
  58. if any(map(lambda a: ' ' in a, env.keys())):
  59. raise ValueError('Environment variable names cannot contain spaces')
  60. env = [ 'export ' + k + '=' + shlex.quote(v) \
  61. for (k, v) in env.items() ]
  62. command = ' && '.join(env + [ command ])
  63. return command
  64. def quote(s):
  65. s = s.replace('\\', '\\\\')
  66. s = s.replace('\'', '\\\'')
  67. s = '\'' + s + '\''
  68. return s
  69. def jail_create(path, command, env, mounts, hostname=None, overrides={}):
  70. name = os.path.split(path)[-1]
  71. if os.path.exists('/etc/jail.conf'):
  72. conf = jailconf.load('/etc/jail.conf')
  73. else:
  74. conf = jailconf.JailConf()
  75. conf[name] = blk = jailconf.JailBlock()
  76. blk['path'] = path
  77. if command:
  78. command = gen_env_command(command, env)
  79. command = quote(command)
  80. print('command:', command)
  81. blk['exec.start'] = command
  82. prestart = [ 'cp /etc/resolv.conf ' +
  83. shlex.quote(os.path.join(path, 'etc/resolv.conf')) ]
  84. poststop = []
  85. if mounts:
  86. for (from_, on) in mounts:
  87. if not from_.startswith('/'):
  88. from_, _ = zfs_find(from_, focker_type='volume')
  89. from_ = zfs_mountpoint(from_)
  90. prestart.append('mount -t nullfs ' + shlex.quote(from_) +
  91. ' ' + shlex.quote(os.path.join(path, on.strip('/'))))
  92. poststop += [ 'umount -f ' +
  93. os.path.join(path, on.strip('/')) \
  94. for (_, on) in reversed(mounts) ]
  95. if prestart:
  96. blk['exec.prestart'] = quote(' && '.join(prestart))
  97. if poststop:
  98. blk['exec.poststop'] = quote(' && '.join(poststop))
  99. blk['persist'] = True
  100. blk['interface'] = 'lo1'
  101. blk['ip4.addr'] = '127.0.1.0'
  102. blk['mount.devfs'] = True
  103. blk['exec.clean'] = True
  104. blk['host.hostname'] = hostname or name
  105. for (k, v) in overrides.items():
  106. blk[k] = quote(v)
  107. jail_conf_write(conf)
  108. return name
  109. def get_jid(path):
  110. data = json.loads(subprocess.check_output(['jls', '--libxo=json']))
  111. lst = data['jail-information']['jail']
  112. lst = list(filter(lambda a: a['path'] == path, lst))
  113. if len(lst) == 0:
  114. raise ValueError('JID not found for path: ' + path)
  115. if len(lst) > 1:
  116. raise ValueError('Ambiguous JID for path: ' + path)
  117. return str(lst[0]['jid'])
  118. def do_mounts(path, mounts):
  119. print('mounts:', mounts)
  120. for (source, target) in mounts:
  121. if source.startswith('/'):
  122. name = source
  123. else:
  124. name, _ = zfs_find(source, focker_type='volume')
  125. name = zfs_mountpoint(name)
  126. while target.startswith('/'):
  127. target = target[1:]
  128. subprocess.check_output(['mount', '-t', 'nullfs',
  129. shlex.quote(name), shlex.quote(os.path.join(path, target))])
  130. def undo_mounts(path, mounts):
  131. for (_, target) in reversed(mounts):
  132. while target.startswith('/'):
  133. target = target[1:]
  134. subprocess.check_output(['umount', '-f',
  135. shlex.quote(os.path.join(path, target))])
  136. def jail_run(path, command, mounts=[]):
  137. command = ['jail', '-c', 'host.hostname=' + os.path.split(path)[1], 'persist=1', 'mount.devfs=1', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + path, 'command', '/bin/sh', '-c', command]
  138. print('Running:', ' '.join(command))
  139. try:
  140. do_mounts(path, mounts)
  141. shutil.copyfile('/etc/resolv.conf', os.path.join(path, 'etc/resolv.conf'))
  142. res = subprocess.run(command)
  143. finally:
  144. try:
  145. subprocess.run(['jail', '-r', get_jid(path)])
  146. except ValueError:
  147. pass
  148. subprocess.run(['umount', '-f', os.path.join(path, 'dev')])
  149. undo_mounts(path, mounts)
  150. if res.returncode != 0:
  151. # subprocess.run(['umount', os.path.join(path, 'dev')])
  152. raise RuntimeError('Command failed')
  153. def jail_stop(path):
  154. try:
  155. jid = get_jid(path)
  156. jailname = os.path.split(path)[-1]
  157. subprocess.run(['jail', '-r', jailname])
  158. except ValueError:
  159. print('JID could not be determined')
  160. # import time
  161. # time.sleep(1)
  162. mi = getmntinfo()
  163. for m in mi:
  164. mntonname = m['f_mntonname'].decode('utf-8')
  165. if mntonname.startswith(path + os.path.sep):
  166. print('Unmounting:', mntonname)
  167. subprocess.run(['umount', '-f', mntonname])
  168. def jail_remove(path):
  169. print('Removing jail:', path)
  170. jail_stop(path)
  171. subprocess.run(['zfs', 'destroy', '-r', '-f', zfs_name(path)])
  172. if os.path.exists('/etc/jail.conf'):
  173. conf = jailconf.load('/etc/jail.conf')
  174. name = os.path.split(path)[-1]
  175. if name in conf:
  176. del conf[name]
  177. jail_conf_write(conf)
  178. def command_jail_create(args):
  179. backup_file('/etc/jail.conf')
  180. name = jail_fs_create(args.image)
  181. if args.tags:
  182. zfs_tag(name, args.tags)
  183. path = zfs_mountpoint(name)
  184. jail_create(path, args.command,
  185. { a.split(':')[0]: ':'.join(a.split(':')[1:]) \
  186. for a in args.env },
  187. [ [a.split(':')[0], ':'.join(a.split(':')[1:])] \
  188. for a in args.mounts ],
  189. args.hostname )
  190. # print(sha256)
  191. print(path)
  192. def command_jail_start(args):
  193. name, _ = zfs_find(args.reference, focker_type='jail')
  194. path = zfs_mountpoint(name)
  195. jailname = os.path.split(path)[-1]
  196. subprocess.run(['jail', '-c', jailname])
  197. def command_jail_stop(args):
  198. name, _ = zfs_find(args.reference, focker_type='jail')
  199. path = zfs_mountpoint(name)
  200. jail_stop(path)
  201. def command_jail_remove(args):
  202. name, _ = zfs_find(args.reference, focker_type='jail')
  203. path = zfs_mountpoint(name)
  204. jail_remove(path)
  205. def command_jail_exec(args):
  206. name, _ = zfs_find(args.reference, focker_type='jail')
  207. path = zfs_mountpoint(name)
  208. jid = get_jid(path)
  209. focker_unlock()
  210. subprocess.run(['jexec', str(jid)] + args.command)
  211. focker_lock()
  212. def jail_oneshot(image, command, env, mounts):
  213. # pdb.set_trace()
  214. backup_file('/etc/jail.conf')
  215. name = jail_fs_create(image)
  216. path = zfs_mountpoint(name)
  217. jailname = jail_create(path,
  218. ' '.join(map(shlex.quote, command or ['/bin/sh'])),
  219. env, mounts)
  220. focker_unlock()
  221. subprocess.run(['jail', '-c', jailname])
  222. focker_lock()
  223. jail_remove(path)
  224. def command_jail_oneshot(args):
  225. env = { a.split(':')[0]: ':'.join(a.split(':')[1:]) \
  226. for a in args.env }
  227. mounts = [ [ a.split(':')[0], a.split(':')[1] ] \
  228. for a in args.mounts]
  229. jail_oneshot(args.image, args.command, env, mounts)
  230. # Deprecated
  231. def command_jail_oneshot_old():
  232. base, _ = zfs_snapshot_by_tag_or_sha256(args.image)
  233. # root = '/'.join(base.split('/')[:-1])
  234. for _ in range(10**6):
  235. sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()
  236. name = sha256[:7]
  237. name = base.split('/')[0] + '/focker/jails/' + name
  238. if not zfs_exists(name):
  239. break
  240. zfs_run(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, base, name])
  241. try:
  242. mounts = list(map(lambda a: a.split(':'), args.mounts))
  243. jail_run(zfs_mountpoint(name), args.command, mounts)
  244. # subprocess.check_output(['jail', '-c', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + zfs_mountpoint(name), 'command', command])
  245. finally:
  246. # subprocess.run(['umount', zfs_mountpoint(name) + '/dev'])
  247. zfs_run(['zfs', 'destroy', '-f', name])
  248. # raise
  249. def command_jail_list(args):
  250. lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint'], focker_type='jail')
  251. jails = subprocess.check_output(['jls', '--libxo=json'])
  252. jails = json.loads(jails)['jail-information']['jail']
  253. jails = { j['path']: j for j in jails }
  254. lst = list(map(lambda a: [ a[1],
  255. a[0] if args.full_sha256 else a[0][:7],
  256. a[2],
  257. jails[a[2]]['jid'] if a[2] in jails else '-' ], lst))
  258. print(tabulate(lst, headers=['Tags', 'SHA256', 'mountpoint', 'JID']))
  259. def command_jail_tag(args):
  260. name, _ = zfs_find(args.reference, focker_type='jail')
  261. zfs_untag(args.tags, focker_type='jail')
  262. zfs_tag(name, args.tags)
  263. def command_jail_untag(args):
  264. zfs_untag(args.tags, focker_type='jail')
  265. def command_jail_prune(args):
  266. jails = subprocess.check_output(['jls', '--libxo=json'])
  267. jails = json.loads(jails)['jail-information']['jail']
  268. used = set()
  269. for j in jails:
  270. used.add(j['path'])
  271. lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint,name'], focker_type='jail')
  272. for j in lst:
  273. if j[1] == '-' and (j[2] not in used or args.force):
  274. jail_remove(j[2])