IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
sadaszewski
/
focker
1
0
Atdalīts 0
Kods Problēmas 9 Izmaiņu pieprasījumi 0 Laidieni 1 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
35 Revīzijas
1 Atzars
1.1MB
Koks: c475b11e0a
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no 'c475b11e0a'
${ noResults }
focker/jail.py

217 rindas
7.7KB
Neapstrādāts Vainot Vēsture 

  1. import subprocess

  2. from .zfs import *

  3. import random

  4. import shutil

  5. import json

  6. from tabulate import tabulate

  7. import os

  8. import jailconf

  9. import shlex

  10. from .mount import getmntinfo

  11. 

  12. 

  13. def gen_env_command(command, env):

  14.     env = [ 'export ' + k + '=' + shlex.quote(v) \

  15.         for (k, v) in env.items() ]

  16.     command = ' && '.join(env + [ command ])

  17.     return command

  18. 

  19. 

  20. def jail_create(path, command, env, mounts):

  21.     name = os.path.split(path)[-1]

  22.     if os.path.exists('/etc/jail.conf'):

  23.         conf = jailconf.load('/etc/jail.conf')

  24.     else:

  25.         conf = jailconf.JailConf()

  26.     conf[name] = blk = jailconf.JailBlock()

  27.     blk['path'] = path

  28.     if command:

  29.         command = gen_env_command(command, env)

  30.         blk['exec.start'] = command

  31.     prestart = [ 'cp /etc/resolv.conf ' +

  32.         shlex.quote(os.path.join(path, 'etc/resolv.conf')) ]

  33.     poststop = []

  34.     if mounts:

  35.         for (from_, on) in mounts:

  36.             if not from_.startswith('/'):

  37.                 from_, _ = zfs_find(from_, focker_type='volume')

  38.                 from_ = zfs_mountpoint(from_)

  39.             prestart.append('mount -t nullfs ' + shlex.quote(from_) +

  40.                 ' ' + shlex.quote(os.path.join(path, on.strip('/'))))

  41.         poststop += [ 'umount -f ' +

  42.             os.path.join(path, on.strip('/')) \

  43.             for (_, on) in reversed(mounts) ]

  44.     if prestart:

  45.         blk['exec.prestart'] = shlex.quote(' && '.join(prestart))

  46.     if poststop:

  47.         blk['exec.poststop'] = shlex.quote(' && '.join(poststop))

  48.     blk['persist'] = True

  49.     blk['interface'] = 'lo1'

  50.     blk['ip4.addr'] = '127.0.1.0'

  51.     blk['mount.devfs'] = True

  52.     blk['exec.clean'] = True

  53.     conf.write('/etc/jail.conf')

  54. 

  55. 

  56. def jail_run_v2(path, command, env, mounts):

  57.     name = os.path.split(path)[-1]

  58.     command = gen_env_command(command, env)

  59.     jail_create(path, None, None, mounts)

  60.     subprocess.check_output([ 'jail', '-c', name ])

  61.     subprocess.run([ 'jexec', name, '/bin/sh', '-c', command ])

  62.     subprocess.check_output([ 'jail', '-r', name ])

  63. 

  64. 

  65. def get_jid(path):

  66.     data = json.loads(subprocess.check_output(['jls', '--libxo=json']))

  67.     lst = data['jail-information']['jail']

  68.     lst = list(filter(lambda a: a['path'] == path, lst))

  69.     if len(lst) == 0:

  70.         raise ValueError('JID not found for path: ' + path)

  71.     if len(lst) > 1:

  72.         raise ValueError('Ambiguous JID for path: ' + path)

  73.     return str(lst[0]['jid'])

  74. 

  75. 

  76. def do_mounts(path, mounts):

  77.     print('mounts:', mounts)

  78.     for (source, target) in mounts:

  79.         if source.startswith('/'):

  80.             name = source

  81.         else:

  82.             name, _ = zfs_find(source, focker_type='volume')

  83.             name = zfs_mountpoint(name)

  84.         while target.startswith('/'):

  85.             target = target[1:]

  86.         subprocess.check_output(['mount', '-t', 'nullfs', name, os.path.join(path, target)])

  87. 

  88. 

  89. def undo_mounts(path, mounts):

  90.     for (_, target) in reversed(mounts):

  91.         while target.startswith('/'):

  92.             target = target[1:]

  93.         subprocess.check_output(['umount', '-f', os.path.join(path, target)])

  94. 

  95. 

  96. def jail_run(path, command, mounts=[]):

  97.     command = ['jail', '-c', 'host.hostname=' + os.path.split(path)[1], 'persist=1', 'mount.devfs=1', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + path, 'command', '/bin/sh', '-c', command]

  98.     print('Running:', ' '.join(command))

  99.     try:

  100.         do_mounts(path, mounts)

  101.         shutil.copyfile('/etc/resolv.conf', os.path.join(path, 'etc/resolv.conf'))

  102.         res = subprocess.run(command)

  103.     finally:

  104.         try:

  105.             subprocess.run(['jail', '-r', get_jid(path)])

  106.         except ValueError:

  107.             pass

  108.         subprocess.run(['umount', '-f', os.path.join(path, 'dev')])

  109.         undo_mounts(path, mounts)

  110.     if res.returncode != 0:

  111.         # subprocess.run(['umount', os.path.join(path, 'dev')])

  112.         raise RuntimeError('Command failed')

  113. 

  114. 

  115. def jail_stop(path):

  116.     try:

  117.         jid = get_jid(path)

  118.         subprocess.run(['jail', '-r', jid])

  119.     except ValueError:

  120.         print('JID could not be determined')

  121.     mi = getmntinfo()

  122.     for m in mi:

  123.         mntonname = m['f_mntonname'].decode('utf-8')

  124.         if mntonname.startswith(path + os.path.sep):

  125.             print('Unmounting:', mntonname)

  126.             subprocess.run(['umount', '-f', mntonname])

  127. 

  128. 

  129. def jail_remove(path):

  130.     print('Removing jail:', path)

  131.     jail_stop(path)

  132.     subprocess.run(['zfs', 'destroy', '-r', '-f', zfs_name(path)])

  133.     if os.path.exists('/etc/jail.conf'):

  134.         conf = jailconf.load('/etc/jail.conf')

  135.         name = os.path.split(path)[-1]

  136.         if name in conf:

  137.             del conf[name]

  138.             conf.write('/etc/jail.conf')

  139. 

  140. 

  141. def command_jail_create(args):

  142.     image, _ = zfs_find(args.image, focker_type='image', zfs_type='snapshot')

  143.     sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()

  144.     lst = zfs_list(fields=['focker:sha256'], focker_type='image')

  145.     lst = list(filter(lambda a: a[0] == sha256, lst))

  146.     if lst:

  147.         raise ValueError('Whew, a collision...')

  148.     poolname = zfs_poolname()

  149.     for pre in range(7, 32):

  150.         name = poolname + '/focker/jails/' + sha256[:pre]

  151.         if not zfs_exists(name):

  152.             break

  153.     zfs_run(['zfs', 'clone', '-o', 'focker:sha256=' + sha256] + \

  154.         (['-o', 'focker:tags=' + ' '.join(args.tags)] if args.tags else []) + \

  155.         [image, name])

  156.     path = zfs_mountpoint(name)

  157.     jail_create(path, args.command,

  158.         { a.split(':')[0]: ':'.join(a.split(':')[1:]) \

  159.             for a in args.env },

  160.         [ [a.split(':')[0], ':'.join(a.split(':')[1:])] \

  161.             for a in args.mounts ] )

  162.     print(sha256)

  163.     print(path)

  164. 

  165. 

  166. def command_jail_run(args):

  167.     base, _ = zfs_snapshot_by_tag_or_sha256(args.image)

  168.     # root = '/'.join(base.split('/')[:-1])

  169.     for _ in range(10**6):

  170.         sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()

  171.         name = sha256[:7]

  172.         name = base.split('/')[0] + '/focker/jails/' + name

  173.         if not zfs_exists(name):

  174.             break

  175.     zfs_run(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, base, name])

  176.     try:

  177.         mounts = list(map(lambda a: a.split(':'), args.mounts))

  178.         jail_run(zfs_mountpoint(name), args.command, mounts)

  179.         # subprocess.check_output(['jail', '-c', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + zfs_mountpoint(name), 'command', command])

  180.     finally:

  181.         # subprocess.run(['umount', zfs_mountpoint(name) + '/dev'])

  182.         zfs_run(['zfs', 'destroy', '-f', name])

  183.         # raise

  184. 

  185. def command_jail_list(args):

  186.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint'], focker_type='jail')

  187.     jails = subprocess.check_output(['jls', '--libxo=json'])

  188.     jails = json.loads(jails)['jail-information']['jail']

  189.     jails = { j['path']: j for j in jails }

  190.     lst = list(map(lambda a: [ a[1],

  191.         a[0] if args.full_sha256 else a[0][:7],

  192.         a[2],

  193.         jails[a[2]]['jid'] if a[2] in jails else '-' ], lst))

  194.     print(tabulate(lst, headers=['Tags', 'SHA256', 'mountpoint', 'JID']))

  195. 

  196. 

  197. def command_jail_tag(args):

  198.     name, _ = zfs_find(args.reference, focker_type='jail')

  199.     zfs_untag(args.tags, focker_type='jail')

  200.     zfs_tag(name, args.tags)

  201. 

  202. 

  203. def command_jail_untag(args):

  204.     zfs_untag(args.tags, focker_type='jail')

  205. 

  206. 

  207. def command_jail_prune(args):

  208.     jails = subprocess.check_output(['jls', '--libxo=json'])

  209.     jails = json.loads(jails)['jail-information']['jail']

  210.     used = set()

  211.     for j in jails:

  212.         used.add(j['path'])

  213.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint,name'], focker_type='jail')

  214.     for j in lst:

  215.         if j[1] == '-' and j[2] not in used:

  216.             jail_remove(j[2])