IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
sadaszewski
/
focker
1
0
Förgrening 0
Kod Ärenden 9 Pull-förfrågningar 0 Släpp 1 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
40 Incheckningar
1 Gren
1.1MB
Träd: fb68e59676
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'fb68e59676'
${ noResults }
focker/jail.py

277 lines
9.3KB
Blame Historik 

  1. import subprocess

  2. from .zfs import *

  3. import random

  4. import shutil

  5. import json

  6. from tabulate import tabulate

  7. import os

  8. import jailconf

  9. from .mount import getmntinfo

  10. import shlex

  11. 

  12. 

  13. def jail_fs_create(image):

  14.     image, _ = zfs_find(image, focker_type='image', zfs_type='snapshot')

  15.     sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()

  16.     lst = zfs_list(fields=['focker:sha256'], focker_type='image')

  17.     lst = list(filter(lambda a: a[0] == sha256, lst))

  18.     if lst:

  19.         raise ValueError('Whew, a collision...')

  20.     poolname = zfs_poolname()

  21.     for pre in range(7, 32):

  22.         name = poolname + '/focker/jails/' + sha256[:pre]

  23.         if not zfs_exists(name):

  24.             break

  25.     zfs_run(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, image, name])

  26.     return name

  27. 

  28. 

  29. def gen_env_command(command, env):

  30.     env = [ 'export ' + k + '=' + shlex.quote(v) \

  31.         for (k, v) in env.items() ]

  32.     command = ' && '.join(env + [ command ])

  33.     return command

  34. 

  35. 

  36. def quote(s):

  37.     s = s.replace('\\', '\\\\')

  38.     s = s.replace('\'', '\\\'')

  39.     s = '\'' + s + '\''

  40.     return s

  41. 

  42. 

  43. def jail_create(path, command, env, mounts, hostname=None):

  44.     name = os.path.split(path)[-1]

  45.     if os.path.exists('/etc/jail.conf'):

  46.         conf = jailconf.load('/etc/jail.conf')

  47.     else:

  48.         conf = jailconf.JailConf()

  49.     conf[name] = blk = jailconf.JailBlock()

  50.     blk['path'] = path

  51.     if command:

  52.         command = gen_env_command(command, env)

  53.         command = quote(command)

  54.         print('command:', command)

  55.         blk['exec.start'] = command

  56.     prestart = [ 'cp /etc/resolv.conf ' +

  57.         shlex.quote(os.path.join(path, 'etc/resolv.conf')) ]

  58.     poststop = []

  59.     if mounts:

  60.         for (from_, on) in mounts:

  61.             if not from_.startswith('/'):

  62.                 from_, _ = zfs_find(from_, focker_type='volume')

  63.                 from_ = zfs_mountpoint(from_)

  64.             prestart.append('mount -t nullfs ' + shlex.quote(from_) +

  65.                 ' ' + shlex.quote(os.path.join(path, on.strip('/'))))

  66.         poststop += [ 'umount -f ' +

  67.             os.path.join(path, on.strip('/')) \

  68.             for (_, on) in reversed(mounts) ]

  69.     if prestart:

  70.         blk['exec.prestart'] = quote(' && '.join(prestart))

  71.     if poststop:

  72.         blk['exec.poststop'] = quote(' && '.join(poststop))

  73.     blk['persist'] = True

  74.     blk['interface'] = 'lo1'

  75.     blk['ip4.addr'] = '127.0.1.0'

  76.     blk['mount.devfs'] = True

  77.     blk['exec.clean'] = True

  78.     blk['host.hostname'] = hostname or name

  79.     conf.write('/etc/jail.conf')

  80.     return name

  81. 

  82. 

  83. def jail_run_v2(path, command, env, mounts):

  84.     name = os.path.split(path)[-1]

  85.     command = gen_env_command(command, env)

  86.     jail_create(path, None, None, mounts)

  87.     subprocess.check_output([ 'jail', '-c', name ])

  88.     subprocess.run([ 'jexec', name, '/bin/sh', '-c', command ])

  89.     subprocess.check_output([ 'jail', '-r', name ])

  90. 

  91. 

  92. def get_jid(path):

  93.     data = json.loads(subprocess.check_output(['jls', '--libxo=json']))

  94.     lst = data['jail-information']['jail']

  95.     lst = list(filter(lambda a: a['path'] == path, lst))

  96.     if len(lst) == 0:

  97.         raise ValueError('JID not found for path: ' + path)

  98.     if len(lst) > 1:

  99.         raise ValueError('Ambiguous JID for path: ' + path)

  100.     return str(lst[0]['jid'])

  101. 

  102. 

  103. def do_mounts(path, mounts):

  104.     print('mounts:', mounts)

  105.     for (source, target) in mounts:

  106.         if source.startswith('/'):

  107.             name = source

  108.         else:

  109.             name, _ = zfs_find(source, focker_type='volume')

  110.             name = zfs_mountpoint(name)

  111.         while target.startswith('/'):

  112.             target = target[1:]

  113.         subprocess.check_output(['mount', '-t', 'nullfs', name, os.path.join(path, target)])

  114. 

  115. 

  116. def undo_mounts(path, mounts):

  117.     for (_, target) in reversed(mounts):

  118.         while target.startswith('/'):

  119.             target = target[1:]

  120.         subprocess.check_output(['umount', '-f', os.path.join(path, target)])

  121. 

  122. 

  123. def jail_run(path, command, mounts=[]):

  124.     command = ['jail', '-c', 'host.hostname=' + os.path.split(path)[1], 'persist=1', 'mount.devfs=1', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + path, 'command', '/bin/sh', '-c', command]

  125.     print('Running:', ' '.join(command))

  126.     try:

  127.         do_mounts(path, mounts)

  128.         shutil.copyfile('/etc/resolv.conf', os.path.join(path, 'etc/resolv.conf'))

  129.         res = subprocess.run(command)

  130.     finally:

  131.         try:

  132.             subprocess.run(['jail', '-r', get_jid(path)])

  133.         except ValueError:

  134.             pass

  135.         subprocess.run(['umount', '-f', os.path.join(path, 'dev')])

  136.         undo_mounts(path, mounts)

  137.     if res.returncode != 0:

  138.         # subprocess.run(['umount', os.path.join(path, 'dev')])

  139.         raise RuntimeError('Command failed')

  140. 

  141. 

  142. def jail_stop(path):

  143.     try:

  144.         jid = get_jid(path)

  145.         jailname = os.path.split(path)[-1]

  146.         subprocess.run(['jail', '-r', jailname])

  147.     except ValueError:

  148.         print('JID could not be determined')

  149.     # import time

  150.     # time.sleep(1)

  151.     mi = getmntinfo()

  152.     for m in mi:

  153.         mntonname = m['f_mntonname'].decode('utf-8')

  154.         if mntonname.startswith(path + os.path.sep):

  155.             print('Unmounting:', mntonname)

  156.             subprocess.run(['umount', '-f', mntonname])

  157. 

  158. 

  159. def jail_remove(path):

  160.     print('Removing jail:', path)

  161.     jail_stop(path)

  162.     subprocess.run(['zfs', 'destroy', '-r', '-f', zfs_name(path)])

  163.     if os.path.exists('/etc/jail.conf'):

  164.         conf = jailconf.load('/etc/jail.conf')

  165.         name = os.path.split(path)[-1]

  166.         if name in conf:

  167.             del conf[name]

  168.             conf.write('/etc/jail.conf')

  169. 

  170. 

  171. def command_jail_create(args):

  172.     name = jail_fs_create(args.image)

  173.     if args.tags:

  174.         zfs_tag(name, args.tags)

  175.     path = zfs_mountpoint(name)

  176.     jail_create(path, args.command,

  177.         { a.split(':')[0]: ':'.join(a.split(':')[1:]) \

  178.             for a in args.env },

  179.         [ [a.split(':')[0], ':'.join(a.split(':')[1:])] \

  180.             for a in args.mounts ],

  181.         args.hostname )

  182.     print(sha256)

  183.     print(path)

  184. 

  185. 

  186. def command_jail_start(args):

  187.     name, _ = zfs_find(args.reference, focker_type='jail')

  188.     path = zfs_mountpoint(name)

  189.     jailname = os.path.split(path)[-1]

  190.     subprocess.run(['jail', '-c', jailname])

  191. 

  192. 

  193. def command_jail_stop(args):

  194.     name, _ = zfs_find(args.reference, focker_type='jail')

  195.     path = zfs_mountpoint(name)

  196.     jail_stop(path)

  197. 

  198. 

  199. def command_jail_remove(args):

  200.     name, _ = zfs_find(args.reference, focker_type='jail')

  201.     path = zfs_mountpoint(name)

  202.     jail_remove(path)

  203. 

  204. 

  205. def command_jail_exec(args):

  206.     name, _ = zfs_find(args.reference, focker_type='jail')

  207.     path = zfs_mountpoint(name)

  208.     jid = get_jid(path)

  209.     subprocess.run(['jexec', str(jid)] + args.command)

  210. 

  211. 

  212. def command_jail_oneshot(args):

  213.     name = jail_fs_create(args.image)

  214.     path = zfs_mountpoint(name)

  215.     env = { a.split(':')[0]: ':'.join(a.split(':')[1:]) \

  216.         for a in args.env }

  217.     mounts = [ [ a.split(':')[0], a.split(':')[1] ] \

  218.         for a in args.mounts]

  219.     jailname = jail_create(path,

  220.         ' '.join(map(shlex.quote, args.command or ['/bin/sh'])),

  221.         env, mounts)

  222.     subprocess.run(['jail', '-c', jailname])

  223.     jail_remove(path)

  224. 

  225. # Deprecated

  226. def command_jail_oneshot_old():

  227.     base, _ = zfs_snapshot_by_tag_or_sha256(args.image)

  228.     # root = '/'.join(base.split('/')[:-1])

  229.     for _ in range(10**6):

  230.         sha256 = bytes([ random.randint(0, 255) for _ in range(32) ]).hex()

  231.         name = sha256[:7]

  232.         name = base.split('/')[0] + '/focker/jails/' + name

  233.         if not zfs_exists(name):

  234.             break

  235.     zfs_run(['zfs', 'clone', '-o', 'focker:sha256=' + sha256, base, name])

  236.     try:

  237.         mounts = list(map(lambda a: a.split(':'), args.mounts))

  238.         jail_run(zfs_mountpoint(name), args.command, mounts)

  239.         # subprocess.check_output(['jail', '-c', 'interface=lo1', 'ip4.addr=127.0.1.0', 'path=' + zfs_mountpoint(name), 'command', command])

  240.     finally:

  241.         # subprocess.run(['umount', zfs_mountpoint(name) + '/dev'])

  242.         zfs_run(['zfs', 'destroy', '-f', name])

  243.         # raise

  244. 

  245. def command_jail_list(args):

  246.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint'], focker_type='jail')

  247.     jails = subprocess.check_output(['jls', '--libxo=json'])

  248.     jails = json.loads(jails)['jail-information']['jail']

  249.     jails = { j['path']: j for j in jails }

  250.     lst = list(map(lambda a: [ a[1],

  251.         a[0] if args.full_sha256 else a[0][:7],

  252.         a[2],

  253.         jails[a[2]]['jid'] if a[2] in jails else '-' ], lst))

  254.     print(tabulate(lst, headers=['Tags', 'SHA256', 'mountpoint', 'JID']))

  255. 

  256. 

  257. def command_jail_tag(args):

  258.     name, _ = zfs_find(args.reference, focker_type='jail')

  259.     zfs_untag(args.tags, focker_type='jail')

  260.     zfs_tag(name, args.tags)

  261. 

  262. 

  263. def command_jail_untag(args):

  264.     zfs_untag(args.tags, focker_type='jail')

  265. 

  266. 

  267. def command_jail_prune(args):

  268.     jails = subprocess.check_output(['jls', '--libxo=json'])

  269.     jails = json.loads(jails)['jail-information']['jail']

  270.     used = set()

  271.     for j in jails:

  272.         used.add(j['path'])

  273.     lst = zfs_list(fields=['focker:sha256,focker:tags,mountpoint,name'], focker_type='jail')

  274.     for j in lst:

  275.         if j[1] == '-' and (j[2] not in used or args.force):

  276.             jail_remove(j[2])