IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
sadaszewski
/
focker
1
0
Forkuj 0
Kod Zgłoszenia 9 Oczekujące zmiany 0 Wydania 1 Wiki Aktywność
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
142 Commity
1 Gałąź
1.1MB
Drzewo: 48b9e6264b
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z '48b9e6264b'
${ noResults }
focker/focker/jail.py

333 wiersze
11KB
Czysty Wina Historia 

  1. #

  2. # Copyright (C) Stanislaw Adaszewski, 2020

  3. # License: GNU General Public License v3.0

  4. # URL: https://github.com/sadaszewski/focker

  5. # URL: https://adared.ch/focker

  6. #

  7. 

  8. import subprocess

  9. from .zfs import *

  10. import random

  11. import shutil

  12. import json

  13. from tabulate import tabulate

  14. import os

  15. import jailconf

  16. from .mount import getmntinfo

  17. import shlex

  18. import stat

  19. from .misc import focker_lock, \

  20.     focker_unlock, \

  21.     random_sha256_hexdigest

  22. 

  23. 

  24. def backup_file(fname, nbackups=10, chmod=0o600):

  25.     existing_backups = []

  26.     for i in range(nbackups):

  27.         bakname = '%s.%d' % (fname, i)

  28.         if os.path.exists(bakname):

  29.             st = os.stat(bakname)

  30.             existing_backups.append((bakname, st.st_mtime))

  31.         else:

  32.             shutil.copyfile(fname, bakname)

  33.             os.chmod(bakname, chmod)

  34.             return bakname

  35.     existing_backups.sort(key=lambda a: a[1])

  36.     # overwrite the oldest

  37.     bakname = existing_backups[0][0]

  38.     shutil.copyfile(fname, bakname)

  39.     os.chmod(bakname, chmod)

  40.     return bakname

  41. 

  42. 

  43. def jail_conf_write(conf):

  44.     conf.write('/etc/jail.conf')

  45. 

  46. 

  47. def jail_fs_create(image=None):

  48.     sha256 = random_sha256_hexdigest()

  49.     lst = zfs_list(fields=['focker:sha256'], focker_type='image')

  50.     lst = list(filter(lambda a: a[0] == sha256, lst))

  51.     if lst:

  52.         raise ValueError('Whew, a collision...')

  53.     poolname = zfs_poolname()

  54.     for pre in range(7, 32):

  55.         name = poolname + '/focker/jails/' + sha256[:pre]

  56.         if not zfs_exists(name):

  57.             break

  58.     if image:

  59.         image, _ = zfs_find(image, focker_type='image', zfs_type='snapshot')

  60.         zfs_parse_output(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, image, name])

  61.     else:

  62.         print('Creating empty jail:', name)

  63.         zfs_parse_output(['zfs', 'create', '-o', 'focker:sha256=' + sha256, name])

  64.     return name

  65. 

  66. 

  67. def gen_env_command(command, env):

  68.     if any(map(lambda a: ' ' in a, env.keys())):

  69.         raise ValueError('Environment variable names cannot contain spaces')

  70.     env = [ 'export ' + k + '=' + shlex.quote(v) \

  71.         for (k, v) in env.items() ]

  72.     command = ' && '.join(env + [ command ])

  73.     return command

  74. 

  75. 

  76. def quote(s):

  77.     s = s.replace('\\', '\\\\')

  78.     s = s.replace('\'', '\\\'')

  79.     s = '\'' + s + '\''

  80.     return s

  81. 

  82. 

  83. def jail_create(path, command, env, mounts, hostname=None, overrides={}):

  84.     name = os.path.split(path)[-1]

  85.     if os.path.exists('/etc/jail.conf'):

  86.         conf = jailconf.load('/etc/jail.conf')

  87.     else:

  88.         conf = jailconf.JailConf()

  89.     conf[name] = blk = jailconf.JailBlock()

  90.     blk['path'] = path

  91.     if command:

  92.         command = gen_env_command(command, env)

  93.         command = quote(command)

  94.         print('command:', command)

  95.         blk['exec.start'] = command

  96.     prestart = [ 'cp /etc/resolv.conf ' +

  97.         shlex.quote(os.path.join(path, 'etc/resolv.conf')) ]

  98.     poststop = []

  99.     if mounts:

  100.         for (from_, on) in mounts:

  101.             if not from_.startswith('/'):

  102.                 from_, _ = zfs_find(from_, focker_type='volume')

  103.                 from_ = zfs_mountpoint(from_)

  104.             prestart.append('mount -t nullfs ' + shlex.quote(from_) +

  105.                 ' ' + shlex.quote(os.path.join(path, on.strip('/'))))

  106.         poststop += [ 'umount -f ' +

  107.             os.path.join(path, on.strip('/')) \

  108.             for (_, on) in reversed(mounts) ]

  109.     if prestart:

  110.         blk['exec.prestart'] = quote(' && '.join(prestart))

  111.     if poststop:

  112.         blk['exec.poststop'] = quote(' && '.join(poststop))

  113.     blk['persist'] = True

  114.     blk['interface'] = 'lo1'

  115.     blk['ip4.addr'] = '127.0.1.0'

  116.     blk['mount.devfs'] = True

  117.     blk['exec.clean'] = True

  118.     blk['host.hostname'] = hostname or name

  119.     for (k, v) in overrides.items():

  120.         blk[k] = quote(v)

  121.     jail_conf_write(conf)

  122.     return name

  123. 

  124. 

  125. def get_jid(path):

  126.     data = json.loads(subprocess.check_output(['jls', '--libxo=json']))

  127.     lst = data['jail-information']['jail']

  128.     lst = list(filter(lambda a: a['path'] == path, lst))

  129.     if len(lst) == 0:

  130.         raise ValueError('JID not found for path: ' + path)

  131.     if len(lst) > 1:

  132.         raise ValueError('Ambiguous JID for path: ' + path)

  133.     return str(lst[0]['jid'])

  134. 

  135. 

  136. def do_mounts(path, mounts):

  137.     print('mounts:', mounts)

  138.     for (source, target) in mounts:

  139.         if source.startswith('/'):

  140.             name = source

  141.         else:

  142.             name, _ = zfs_find(source, focker_type='volume')

  143.             name = zfs_mountpoint(name)

  144.         while target.startswith('/'):

  145.             target = target[1:]

  146.         subprocess.check_output(['mount', '-t', 'nullfs',

  147.             shlex.quote(name), shlex.quote(os.path.join(path, target))])

  148. 

  149. 

  150. def undo_mounts(path, mounts):

  151.     for (_, target) in reversed(mounts):

  152.         while target.startswith('/'):

  153.             target = target[1:]

  154.         subprocess.check_output(['umount', '-f',

  155.             shlex.quote(os.path.join(path, target))])

  156. 

  157. 

  158. def jail_run(path, command, mounts=[]):

  159.     command = ['jail', '-c', 'host.hostname=' + os.path.split(path)[1], 'persist=1', 'mount.devfs=1', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + path, 'command', '/bin/sh', '-c', command]

  160.     print('Running:', ' '.join(command))

  161.     try:

  162.         do_mounts(path, mounts)

  163.         os.makedirs(os.path.join(path, 'etc'), exist_ok=True)

  164.         os.makedirs(os.path.join(path, 'dev'), exist_ok=True)

  165.         shutil.copyfile('/etc/resolv.conf', os.path.join(path, 'etc/resolv.conf'))

  166.         res = subprocess.run(command)

  167.     finally:

  168.         try:

  169.             subprocess.run(['jail', '-r', get_jid(path)])

  170.         except ValueError:

  171.             pass

  172.         subprocess.run(['umount', '-f', os.path.join(path, 'dev')])

  173.         undo_mounts(path, mounts)

  174.     if res.returncode != 0:

  175.         # subprocess.run(['umount', os.path.join(path, 'dev')])

  176.         raise RuntimeError('Command failed')

  177. 

  178. 

  179. def jail_stop(path):

  180.     try:

  181.         jid = get_jid(path)

  182.         jailname = os.path.split(path)[-1]

  183.         subprocess.run(['jail', '-r', jailname])

  184.     except ValueError:

  185.         print('JID could not be determined')

  186.     # import time

  187.     # time.sleep(1)

  188.     mi = getmntinfo()

  189.     for m in mi:

  190.         mntonname = m['f_mntonname'].decode('utf-8')

  191.         if mntonname.startswith(path + os.path.sep):

  192.             print('Unmounting:', mntonname)

  193.             subprocess.run(['umount', '-f', mntonname])

  194. 

  195. 

  196. def jail_remove(path):

  197.     print('Removing jail:', path)

  198.     jail_stop(path)

  199.     subprocess.run(['zfs', 'destroy', '-r', '-f', zfs_name(path)])

  200.     if os.path.exists('/etc/jail.conf'):

  201.         conf = jailconf.load('/etc/jail.conf')

  202.         name = os.path.split(path)[-1]

  203.         if name in conf:

  204.             del conf[name]

  205.             jail_conf_write(conf)

  206. 

  207. 

  208. def command_jail_create(args):

  209.     backup_file('/etc/jail.conf')

  210.     name = jail_fs_create(args.image)

  211.     if args.tags:

  212.         zfs_tag(name, args.tags)

  213.     path = zfs_mountpoint(name)

  214.     jail_create(path, args.command,

  215.         { a.split(':')[0]: ':'.join(a.split(':')[1:]) \

  216.             for a in args.env },

  217.         [ [a.split(':')[0], ':'.join(a.split(':')[1:])] \

  218.             for a in args.mounts ],

  219.         args.hostname )

  220.     # print(sha256)

  221.     print(path)

  222. 

  223. 

  224. def command_jail_start(args):

  225.     name, _ = zfs_find(args.reference, focker_type='jail')

  226.     path = zfs_mountpoint(name)

  227.     jailname = os.path.split(path)[-1]

  228.     subprocess.run(['jail', '-c', jailname])

  229. 

  230. 

  231. def command_jail_stop(args):

  232.     name, _ = zfs_find(args.reference, focker_type='jail')

  233.     path = zfs_mountpoint(name)

  234.     jail_stop(path)

  235. 

  236. 

  237. def command_jail_remove(args):

  238.     try:

  239.         name, _ = zfs_find(args.reference, focker_type='jail')

  240.     except AmbiguousValueError:

  241.         raise

  242.     except ValueError:

  243.         if args.force:

  244.             return

  245.         raise

  246.     path = zfs_mountpoint(name)

  247.     jail_remove(path)

  248. 

  249. 

  250. def command_jail_exec(args):

  251.     name, _ = zfs_find(args.reference, focker_type='jail')

  252.     path = zfs_mountpoint(name)

  253.     jid = get_jid(path)

  254.     focker_unlock()

  255.     subprocess.run(['jexec', str(jid)] + args.command)

  256.     focker_lock()

  257. 

  258. 

  259. def jail_oneshot(image, command, env, mounts):

  260.     # pdb.set_trace()

  261.     backup_file('/etc/jail.conf')

  262.     name = jail_fs_create(image)

  263.     path = zfs_mountpoint(name)

  264.     jailname = jail_create(path,

  265.         ' '.join(map(shlex.quote, command or ['/bin/sh'])),

  266.         env, mounts)

  267.     focker_unlock()

  268.     subprocess.run(['jail', '-c', jailname])

  269.     focker_lock()

  270.     jail_remove(path)

  271. 

  272. 

  273. def command_jail_oneshot(args):

  274.     env = { a.split(':')[0]: ':'.join(a.split(':')[1:]) \

  275.         for a in args.env }

  276.     mounts = [ [ a.split(':')[0], a.split(':')[1] ] \

  277.         for a in args.mounts]

  278.     jail_oneshot(args.image, args.command, env, mounts)

  279. 

  280. 

  281. # Deprecated

  282. def command_jail_oneshot_old():

  283.     base, _ = zfs_snapshot_by_tag_or_sha256(args.image)

  284.     # root = '/'.join(base.split('/')[:-1])

  285.     for _ in range(10**6):

  286.         sha256 = random_sha256_hexdigest()

  287.         name = sha256[:7]

  288.         name = base.split('/')[0] + '/focker/jails/' + name

  289.         if not zfs_exists(name):

  290.             break

  291.     zfs_run(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, base, name])

  292.     try:

  293.         mounts = list(map(lambda a: a.split(':'), args.mounts))

  294.         jail_run(zfs_mountpoint(name), args.command, mounts)

  295.         # subprocess.check_output(['jail', '-c', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + zfs_mountpoint(name), 'command', command])

  296.     finally:

  297.         # subprocess.run(['umount', zfs_mountpoint(name) + '/dev'])

  298.         zfs_run(['zfs', 'destroy', '-f', name])

  299.         # raise

  300. 

  301. def command_jail_list(args):

  302.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint'], focker_type='jail')

  303.     jails = subprocess.check_output(['jls', '--libxo=json'])

  304.     jails = json.loads(jails)['jail-information']['jail']

  305.     jails = { j['path']: j for j in jails }

  306.     lst = list(map(lambda a: [ a[1],

  307.         a[0] if args.full_sha256 else a[0][:7],

  308.         a[2],

  309.         jails[a[2]]['jid'] if a[2] in jails else '-' ], lst))

  310.     print(tabulate(lst, headers=['Tags', 'SHA256', 'mountpoint', 'JID']))

  311. 

  312. 

  313. def command_jail_tag(args):

  314.     name, _ = zfs_find(args.reference, focker_type='jail')

  315.     zfs_untag(args.tags, focker_type='jail')

  316.     zfs_tag(name, args.tags)

  317. 

  318. 

  319. def command_jail_untag(args):

  320.     zfs_untag(args.tags, focker_type='jail')

  321. 

  322. 

  323. def command_jail_prune(args):

  324.     jails = subprocess.check_output(['jls', '--libxo=json'])

  325.     jails = json.loads(jails)['jail-information']['jail']

  326.     used = set()

  327.     for j in jails:

  328.         used.add(j['path'])

  329.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint,name'], focker_type='jail')

  330.     for j in lst:

  331.         if j[1] == '-' and (j[2] not in used or args.force):

  332.             jail_remove(j[2])