Skip to content

Commit

Permalink
Merge pull request #870 from tschettervictor/master
Browse files Browse the repository at this point in the history 
template: Implement new functions and redo bastille main exec
  • Loading branch information
@bmac2
bmac2 authored Feb 24, 2025
2 parents 4e2c77c + 41d9095 commit 9eb778d
Show file tree
Hide file tree
Showing 5 changed files with 377 additions and 322 deletions.
29 changes: 26 additions & 3 deletions docs/chapters/subcommands/verify.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@
verify
======

This command scans a bootstrapped release and validates that everything looks
in order. This is not a 100% comprehensive check, but it compares the release
This command scans a bootstrapped release or template and validates that everything looks
in order. This is not a 100% comprehensive check, but it compares the release or template
against a "known good" index.

If you see errors or issues here, consider deleting and re-bootstrapping
the release.
the release or template .

.. code-block:: shell
Expand All @@ -19,3 +19,26 @@ the release.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system... done.
ishmael ~ # bastille verify bastillebsd-templates/jellyfin
Detected Bastillefile hook.
[Bastillefile]:
CMD mkdir -p /usr/local/etc/pkg/repos
CMD echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }' >
/usr/local/etc/pkg/repos/FreeBSD.conf
CONFIG set allow.mlock=1;
CONFIG set ip6=inherit;
RESTART
PKG jellyfin
SYSRC jellyfin_enable=TRUE
SERVICE jellyfin start
Template ready to use.
.. code-block:: shell
ishmael ~ # bastille verify 11.2-RELEASE
Usage: bastille verify [RELEASE|TEMPLATE]
Options:
-x | --debug Enable debug mode.
151 changes: 53 additions & 98 deletions usr/local/bin/bastille
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,6 @@ bastille_conf_check
## we only load this if conf_check passes
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
# Set default values for config properties added during the current major version:
: "${bastille_network_pf_ext_if:=ext_if}"
: "${bastille_network_pf_table:=jails}"

## bastille_prefix should be 0750
## this restricts file system access to privileged users
Expand Down Expand Up @@ -134,104 +131,62 @@ EOF
exit 1
}

[ $# -lt 1 ] && usage

CMD=$1
shift

target_all_jails_old() {
_JAILS=$(/usr/sbin/jls name)
JAILS=""
for _jail in ${_JAILS}; do
_JAILPATH=$(/usr/sbin/jls -j "${_jail}" path)
if [ -z ${_JAILPATH##${bastille_jailsdir}*} ]; then
JAILS="${JAILS} ${_jail}"
fi
done
}

check_target_is_running_old() {
if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then
error_exit "[${TARGET}]: Not started. See 'bastille start ${TARGET}'."
fi
}
if [ "$#" -lt 1 ]; then
usage
else
CMD="${1}"
shift
fi

# Handle special-case commands first.
case "${CMD}" in
version|-v|--version)
info "${BASTILLE_VERSION}"
exit 0
;;
help|-h|--help)
usage
;;
bootstrap|clone|cmd|config|console|convert|create|cp|destroy|edit|etcupdate|export|htop|import|jcp|list|mount|pkg|rcp|rdr|rename|restart|service|setup|start|stop|sysrc|top|umount|update|upgrade|verify|zfs)
# Nothing "extra" to do for these commands. -- cwells
;;
template)
# Parse the target and ensure it exists. -- cwells
if [ $# -eq 0 ]; then # No target was given, so show the command's help. -- cwells
PARAMS='help'
elif [ "${1}" != 'help' ] && [ "${1}" != '-h' ] && [ "${1}" != '--help' ]; then
TARGET="${1}"
shift

# This is needed to handle the special case of 'bastille rcp' and 'bastille cp' with the '-q' or '--quiet'
# option specified before the TARGET. Also seems the cp and rcp commands does not support ALL as a target, so
# that's why is handled here. Maybe this behaviour needs an improvement later. -- yaazkal
if { [ "${CMD}" = 'rcp' ] || [ "${CMD}" = 'cp' ]; } && \
{ [ "${TARGET}" = '-q' ] || [ "${TARGET}" = '--quiet' ]; }; then
TARGET="${1}"
JAILS="${TARGET}"
OPTION="-q"
export OPTION
shift
fi

if [ "${TARGET}" = 'ALL' ]; then
target_all_jails_old
elif [ "${CMD}" = "pkg" ] && [ "${TARGET}" = '-H' ] || [ "${TARGET}" = '--host' ]; then
TARGET="${1}"
USE_HOST_PKG=1
if [ "${TARGET}" = 'ALL' ]; then
target_all_jails_old
else
JAILS="${TARGET}"
check_target_is_running_old
fi
shift
elif [ "${CMD}" = 'template' ] && [ "${TARGET}" = '--convert' ]; then
# This command does not act on a jail, so we are temporarily bypassing the presence/started
# checks. The command will simply convert a template from hooks to a Bastillefile. -- cwells
:
else
JAILS="${TARGET}"

# Ensure the target exists. -- cwells
if [ ! -d "${bastille_jailsdir}/${TARGET}" ]; then
error_exit "[${TARGET}]: Not found."
fi

case "${CMD}" in
cmd|pkg|service|stop|sysrc|template)
check_target_is_running_old
;;
convert|rename)
# Require the target to be stopped. -- cwells
if [ "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then
error_exit "${TARGET} is running. See 'bastille stop ${TARGET}'."
fi
;;
esac
fi
export USE_HOST_PKG
export TARGET
export JAILS
fi
;;
*) # Filter out all non-commands
usage
;;
version|-v|--version)
info "${BASTILLE_VERSION}"
exit 0
;;
help|-h|--help)
usage
;;
bootstrap| \
clone| \
cmd| \
config| \
console| \
convert| \
cp| \
create| \
destroy| \
edit| \
etcupdate| \
export| \
htop| \
import| \
limits| \
list| \
mount| \
network| \
pkg| \
rcp| \
rdr| \
rename| \
restart| \
service| \
setup| \
start| \
stop| \
sysrc| \
tags| \
template| \
top| \
umount| \
update| \
upgrade| \
verify| \
zfs)
;;
*)
usage
;;
esac

# shellcheck disable=SC2154
Expand Down
Loading

0 comments on commit 9eb778d

Please sign in to comment.