From 0c1456fd79ced156a0798b3094f6d9c625500078 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sat, 15 Feb 2025 22:23:43 -0700 Subject: [PATCH 01/16] template: Exit when any ARG is not set --- usr/local/share/bastille/template.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 9e4f42b28..234eece3f 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -266,7 +266,7 @@ for _jail in ${JAILS}; do _arg_name=$(get_arg_name "${_line}") _arg_value=$(get_arg_value "${_line}" "$@") if [ -z "${_arg_value}" ]; then - warn "No value provided for arg: ${_arg_name}" + error_exit "No value provided for arg: ${_arg_name}" fi ARG_REPLACEMENTS="${ARG_REPLACEMENTS} -e 's/\${${_arg_name}}/${_arg_value}/g'" done < "${bastille_template}/ARG" @@ -291,7 +291,7 @@ for _jail in ${JAILS}; do _arg_name=$(get_arg_name "${_args}") _arg_value=$(get_arg_value "${_args}" "$@") if [ -z "${_arg_value}" ]; then - warn "No value provided for arg: ${_arg_name}" + error_exit "No value provided for arg: ${_arg_name}" fi # Build a list of sed commands like this: -e 's/${username}/root/g' -e 's/${domain}/example.com/g' ARG_REPLACEMENTS="${ARG_REPLACEMENTS} -e 's/\${${_arg_name}}/${_arg_value}/g'" From fc8e9290b1421fa5bbffdc81ff2095b7c99bce74 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sat, 15 Feb 2025 22:28:06 -0700 Subject: [PATCH 02/16] =?UTF-8?q?template:=20Base=20-=20add=20=E2=80=9Cdai?= =?UTF-8?q?ly=5Fstatus=5Fworld=5Fkernel=3DNO=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- usr/local/share/bastille/templates/default/base/Bastillefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/usr/local/share/bastille/templates/default/base/Bastillefile b/usr/local/share/bastille/templates/default/base/Bastillefile index 7418fba64..ad8984469 100644 --- a/usr/local/share/bastille/templates/default/base/Bastillefile +++ b/usr/local/share/bastille/templates/default/base/Bastillefile @@ -1,6 +1,9 @@ ARG HOST_RESOLV_CONF=/etc/resolv.conf CMD touch /etc/rc.conf +CMD touch /etc/periodic.conf +CMD sysrc -f /etc/periodic.conf daily_status_world_kernel="NO" + SYSRC syslogd_flags="-ss" SYSRC sendmail_enable="NO" SYSRC sendmail_submit_enable="NO" From d23ba945c969d04afe39faee66d55f4cbed94773 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 16 Feb 2025 17:44:47 -0700 Subject: [PATCH 03/16] docs: Document missing template hooks --- docs/chapters/template.rst | 77 ++++++++++++++++++++++++++------------ 1 file changed, 54 insertions(+), 23 deletions(-) diff --git a/docs/chapters/template.rst b/docs/chapters/template.rst index e3a7d5f1a..e6d10cdfc 100644 --- a/docs/chapters/template.rst +++ b/docs/chapters/template.rst @@ -6,8 +6,8 @@ Looking for ready made CI/CD validated `Bastille Templates`_? Bastille supports a templating system allowing you to apply files, pkgs and execute commands inside the containers automatically. -Currently supported template hooks are: `CMD`, `CP`, `INCLUDE`, `LIMITS`, `MOUNT`, -`PKG`, `RDR`, `SERVICE`, `SYSRC`. +Currently supported template hooks are: `ARG`, `CMD`, `CONFIG`, `CP`, `INCLUDE`, +`LIMITS`, `MOUNT`, `OVERLAY`, `PKG`, `RDR`, `RENDER`, `RESTART`, `SERVICE`, `SYSRC`. Templates are created in `${bastille_prefix}/templates` and can leverage any of the template hooks. @@ -23,27 +23,55 @@ template hook commands. Template Automation Hooks ------------------------- -+---------+-------------------+-----------------------------------------+ -| HOOK | format | example | -+=========+===================+=========================================+ -| CMD | /bin/sh command | /usr/bin/chsh -s /usr/local/bin/zsh | -+---------+-------------------+-----------------------------------------+ -| CP | path(s) | etc root usr (one per line) | -+---------+-------------------+-----------------------------------------+ -| INCLUDE | template path/URL | http?://TEMPLATE_URL or project/path | -+---------+-------------------+-----------------------------------------+ -| LIMITS | resource value | memoryuse 1G | -+---------+-------------------+-----------------------------------------+ -| MOUNT | fstab syntax | /host/path container/path nullfs ro 0 0 | -+---------+-------------------+-----------------------------------------+ -| PKG | port/pkg name(s) | vim-console zsh git-lite tree htop | -+---------+-------------------+-----------------------------------------+ -| RDR | tcp port port | tcp 2200 22 (hostport jailport) | -+---------+-------------------+-----------------------------------------+ -| SERVICE | service command | 'nginx start' OR 'postfix reload' | -+---------+-------------------+-----------------------------------------+ -| SYSRC | sysrc command(s) | nginx_enable=YES | -+---------+-------------------+-----------------------------------------+ ++-------------+---------------------+-----------------------------------------+ +| HOOK | format | example | ++=============+=====================+=========================================+ +| ARG | ARG=VALUE | MINECRAFT_MEMX="1024M" | ++-------------+---------------------+-----------------------------------------+ +| CMD | /bin/sh command | /usr/bin/chsh -s /usr/local/bin/zsh | ++-------------+---------------------+-----------------------------------------+ +| CONFIG | set property value | set allow.mlock 1 | ++-------------+---------------------+-----------------------------------------+ +| CP/OVERLAY | path(s) | etc root usr (one per line) | ++-------------+---------------------+-----------------------------------------+ +| INCLUDE | template path/URL | http?://TEMPLATE_URL or project/path | ++-------------+---------------------+-----------------------------------------+ +| LIMITS | resource value | memoryuse 1G | ++-------------+---------------------+-----------------------------------------+ +| MOUNT | fstab syntax | /host/path container/path nullfs ro 0 0 | ++-------------+---------------------+-----------------------------------------+ +| OVERLAY | path(s) | etc root usr (one per line) | ++-------------+---------------------+-----------------------------------------+ +| PKG | port/pkg name(s) | vim-console zsh git-lite tree htop | ++-------------+---------------------+-----------------------------------------+ +| RDR | tcp port port | tcp 2200 22 (hostport jailport) | ++-------------+---------------------+-----------------------------------------+ +| RENDER | /path/file.txt | /usr/local/etc/gitea/conf/app.ini | ++-------------+---------------------+-----------------------------------------+ +| RESTART | | (restart jail) | ++-------------+---------------------+-----------------------------------------+ +| SERVICE | service command | 'nginx start' OR 'postfix reload' | ++-------------+---------------------+-----------------------------------------+ +| SYSRC | sysrc command(s) | nginx_enable=YES | ++-------------+---------------------+-----------------------------------------+ + +Template Hook Descriptions +-------------------------- + +ARG - set an ARG value to be used in the template +CMD - run the specified command +CONFIG - set the specified property and value +CP/OVERLAY - copy specified files from template directory to specified path inside jail +INCLUDE - specify a template to include +LIMITS - set the specified resource value for the jail +MOUNT - mount specified files/directories inside the jail +PKG - install specified packages inside jail +RDR - redirect specified ports to the jail +RENDER - replace ARG values inside specified files inside the jail + if a directory is specified, ARGS will be replaced in all files underneath +RESTART - restart the jail +SERVICE - run 'service' command inside the jail with specified arguments +SYSRC - run 'sysrc' inside the jail with specified arguments Special Hook Cases ------------------ @@ -54,6 +82,9 @@ ie; (`\\"`) ARG will always treat an ampersand "\&" literally, without the need to escape it. Escaping it will cause errors. +Template Examples +----------------- + Place these uppercase template hook commands into a `Bastillefile` in any order and automate container setup as needed. From d552b44521a6463e52fd1b775a1d8f267f5ddcf9 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 16 Feb 2025 17:47:58 -0700 Subject: [PATCH 04/16] Update template.rst --- docs/chapters/template.rst | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/docs/chapters/template.rst b/docs/chapters/template.rst index e6d10cdfc..36794f019 100644 --- a/docs/chapters/template.rst +++ b/docs/chapters/template.rst @@ -59,19 +59,30 @@ Template Hook Descriptions -------------------------- ARG - set an ARG value to be used in the template + CMD - run the specified command + CONFIG - set the specified property and value + CP/OVERLAY - copy specified files from template directory to specified path inside jail + INCLUDE - specify a template to include + LIMITS - set the specified resource value for the jail + MOUNT - mount specified files/directories inside the jail + PKG - install specified packages inside jail + RDR - redirect specified ports to the jail -RENDER - replace ARG values inside specified files inside the jail - if a directory is specified, ARGS will be replaced in all files underneath + +RENDER - replace ARG values inside specified files inside the jail. If a directory is specified, ARGS will be replaced in all files underneath + RESTART - restart the jail -SERVICE - run 'service' command inside the jail with specified arguments -SYSRC - run 'sysrc' inside the jail with specified arguments + +SERVICE - run `service` command inside the jail with specified arguments + +SYSRC - run `sysrc` inside the jail with specified arguments Special Hook Cases ------------------ From 34efac30177841b5711871a3d7186087d8c05106 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 16 Feb 2025 17:50:03 -0700 Subject: [PATCH 05/16] docs: Document INCLUDE to let users know to have the template bootstrapped --- docs/chapters/template.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/chapters/template.rst b/docs/chapters/template.rst index 36794f019..0e2948857 100644 --- a/docs/chapters/template.rst +++ b/docs/chapters/template.rst @@ -66,7 +66,7 @@ CONFIG - set the specified property and value CP/OVERLAY - copy specified files from template directory to specified path inside jail -INCLUDE - specify a template to include +INCLUDE - specify a template to include. Make sure the template is bootstrapped, or you are using the template url LIMITS - set the specified resource value for the jail From 6f038eda21b699b8112304dae84e1b1895781055 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 17 Feb 2025 05:07:44 -0700 Subject: [PATCH 06/16] Revert "template: Exit when any ARG is not set" --- usr/local/share/bastille/template.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 234eece3f..9e4f42b28 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -266,7 +266,7 @@ for _jail in ${JAILS}; do _arg_name=$(get_arg_name "${_line}") _arg_value=$(get_arg_value "${_line}" "$@") if [ -z "${_arg_value}" ]; then - error_exit "No value provided for arg: ${_arg_name}" + warn "No value provided for arg: ${_arg_name}" fi ARG_REPLACEMENTS="${ARG_REPLACEMENTS} -e 's/\${${_arg_name}}/${_arg_value}/g'" done < "${bastille_template}/ARG" @@ -291,7 +291,7 @@ for _jail in ${JAILS}; do _arg_name=$(get_arg_name "${_args}") _arg_value=$(get_arg_value "${_args}" "$@") if [ -z "${_arg_value}" ]; then - error_exit "No value provided for arg: ${_arg_name}" + warn "No value provided for arg: ${_arg_name}" fi # Build a list of sed commands like this: -e 's/${username}/root/g' -e 's/${domain}/example.com/g' ARG_REPLACEMENTS="${ARG_REPLACEMENTS} -e 's/\${${_arg_name}}/${_arg_value}/g'" From a8a377f7c424b4cf70c6ff6c9865c50ea2073a7f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 17 Feb 2025 16:22:30 -0700 Subject: [PATCH 07/16] docs: Document issues when not including subnet mask on VNET jails --- docs/chapters/networking.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/chapters/networking.rst b/docs/chapters/networking.rst index d94bf27d7..255d10246 100644 --- a/docs/chapters/networking.rst +++ b/docs/chapters/networking.rst @@ -120,6 +120,10 @@ container interfaces as they are started and stopped. These interface names match the pattern `eXb_bastilleX`. Internally to the containers these interfaces are presented as `vnet0`. +If you do not specify a subnet mask, you might have issues with jail to jail +networking, especially VLAN to VLAN. We recommend always adding a subnet to +VNET jail IPs when creating them to avoid these issues. + VNET also requires a custom devfs ruleset. Create the file as needed on the host system: From 1cff0763d91ea374080ebedb880dc0ca2da9a827 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 17 Feb 2025 16:41:22 -0700 Subject: [PATCH 08/16] docs: Redo upgrade instructions --- docs/chapters/upgrading.rst | 79 ++++++++++++++++++++++++++++++------- 1 file changed, 64 insertions(+), 15 deletions(-) diff --git a/docs/chapters/upgrading.rst b/docs/chapters/upgrading.rst index b059fa0d0..1621fe472 100644 --- a/docs/chapters/upgrading.rst +++ b/docs/chapters/upgrading.rst @@ -5,31 +5,80 @@ This document outlines upgrading jails hosted using Bastille. Bastille can "bootstrap" multiple versions of FreeBSD to be used by jails. All jails do not NEED to be the same version (even if they often are), the only requirement here is that the "bootstrapped" versions are less than or equal to the host version of FreeBSD. +To keep releases updated, use `bastille update RELEASE` + +To keep thick jails updated, use `bastille update TARGET` + To upgrade Bastille jails for a minor release (ie; 13.1→13.2) you can do the following: -1. ensure the new release version is bootstrapped and updated to the latest patch release: `bastille bootstrap 13.2-RELEASE update` -2. stop the jail(s) that need to be updated. -3. use `bastille edit TARGET fstab` to manually update the jail mounts from 13.1 to 13.2 release path. -4. start the jail(s) that were edited -5. upgrade complete! +Thick Jails +=========== + +1. ensure the new release version is bootstrapped and updated to the latest patch release: `bastille bootstrap 13.2-RELEASE` +2. update the release: `bastille update 13.2-RELEASE` +3. use `bastille upgrade TARGET 13.2-RELEASE` to upgrade the jail to 13.2-RELEASE +4. use `bastille upgrade TARGET 13.2-RELEASE update` to apply the updates +5. reboot the jail `bastille restart TARGET` +6. use `bastille upgrade TARGET 13.2-RELEASE update` to finish applying the upgrade +7. upgrade complete! + +Thin Jails +========== + +1. ensure the new release version is bootstrapped and updated to the latest patch release: `bastille bootstrap 13.2-RELEASE` +2. update the release: `bastille update 13.2-RELEASE` +3. stop the jail(s) that need to be updated. +4. use `bastille upgrade TARGET 13.2-RELEASE` to automatically change the mount points to 13.2-RELEASE +5. use `bastille etcupdate bootstrap 13.2-RELEASE` to bootstrap src for 13.2-RELEASE +6. use `bastille etcupdate TARGET update 13.2-RELEASE` to update the contents of /etc for 13.2-RELEASE +7. use `bastille etcupdate TARGET reslove` to resolve any conflicts +8. start the jail(s) +8. upgrade complete! To upgrade Bastille jails for a major release (ie; 12.4→13.2) you can do the following: -1. ensure the new version is bootstrapped and update to the latest patch release: `bastille bootstrap 13.2-RELEASE update` -2. stop the jail(s) that need to be updated. -3. use `bastille edit TARGET fstab` to manually update the jail mounts from 12.4 to 13.2 release path. -4. start the jail(s) that were edited -5. Force the reinstallation or upgrade of all installed packages (ABI change): `pkg upgrade -f` within each jail (or `bastille pkg ALL upgrade -f`) -6. restart the affected jail(s) -7. upgrade complete! +Thick Jails +=========== + +1. ensure the new release version is bootstrapped and updated to the latest patch release: `bastille bootstrap 13.2-RELEASE` +2. update the release: `bastille update 13.2-RELEASE` +3. use `bastille upgrade TARGET 13.2-RELEASE` to upgrade the jail to 13.2-RELEASE +4. use `bastille upgrade TARGET 13.2-RELEASE update` to apply the updates +5. reboot the jail `bastille restart TARGET` +6. use `bastille upgrade TARGET 13.2-RELEASE update` to finish applying the upgrade +7. force the reinstallation or upgrade of all installed packages (ABI change): `pkg upgrade -f` within each jail (or `bastille pkg ALL upgrade -f`) +8. upgrade complete! + +Thin Jails +========== + +1. ensure the new release version is bootstrapped and updated to the latest patch release: `bastille bootstrap 13.2-RELEASE` +2. update the release: `bastille update 13.2-RELEASE` +3. stop the jail(s) that need to be updated. +4. use `bastille upgrade TARGET 13.2-RELEASE` to automatically change the mount points to 13.2-RELEASE +5. use `bastille etcupdate bootstrap 13.2-RELEASE` to bootstrap src for 13.2-RELEASE +6. use `bastille etcupdate TARGET update 13.2-RELEASE` to update the contents of /etc for 13.2-RELEASE +7. use `bastille etcupdate TARGET reslove` to resolve any conflicts +8. start the jail(s) +9. force the reinstallation or upgrade of all installed packages (ABI change): `pkg upgrade -f` within each jail (or `bastille pkg ALL upgrade -f`) +10. upgrade complete! Revert Upgrade / Downgrade Process ---------------------------------- The downgrade process (not usually needed) is similar to the upgrade process only in reverse. -If you did a minor upgrade changing the release path from 13.1 to 13.2, stop the jail and revert that change. Downgrade complete. +Thick Jails +=========== + +Thick jails should not be downgraded and is not supported in general on FreeBSD. + +Thin Jails +========== + +Not recommended, but you can run `bastille upgrade TARGET 13.1-RELEASE` to downgrade a thin jail. +Make sure to run `bastille etcupdate TARGET update 13.1-RELEASE` to keep the contents of /etc updated with each release. -If you did a major upgrade changing the release path from 12.4 to 13.2, stop the jail and revert that change. The pkg reinstallation will also need to be repeated after the jail restarts on the previous release. +The pkg reinstallation will also need to be repeated after the jail restarts on the previous release. Old Releases ---------------------------------- @@ -40,4 +89,4 @@ After upgrading all jails from one release to the next you may find that you now `bastille destroy X.Y-RELEASE` to fully delete the release. -`bastille destroy force X.Y-RELEASE` to delete the cache directory as well. +`bastille destroy [-f|--force] X.Y-RELEASE` to delete the cache directory as well. From 5745f50204e9b92b8d522185697b6bd2ea8c72f5 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 17 Feb 2025 16:44:58 -0700 Subject: [PATCH 09/16] docs: Document having unbound enabled=network issues --- docs/chapters/networking.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/chapters/networking.rst b/docs/chapters/networking.rst index 255d10246..2befa4ebb 100644 --- a/docs/chapters/networking.rst +++ b/docs/chapters/networking.rst @@ -309,3 +309,8 @@ At this point you'll likely be disconnected from the host. Reconnect the ssh session and continue. This step only needs to be done once in order to prepare the host. + +Things to Note +============== + +- If you are running "unbound" on your server, you will probably have issues with DNS resolution. From 7fd301e66c886077463a00683c1464374678e108 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 17 Feb 2025 16:51:58 -0700 Subject: [PATCH 10/16] docs: Document using local_unbound --- docs/chapters/networking.rst | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/docs/chapters/networking.rst b/docs/chapters/networking.rst index 2befa4ebb..8b78b5dbb 100644 --- a/docs/chapters/networking.rst +++ b/docs/chapters/networking.rst @@ -310,7 +310,20 @@ ssh session and continue. This step only needs to be done once in order to prepare the host. -Things to Note -============== +local_unbound +============= + +If you are running "local_unbound" on your server, you will probably have issues with DNS resolution. + +To resolve this, add the following configuration to local_unbound: + +.. code-block:: shell + + server: + interface: 0.0.0.0 + access-control: 192.168.0.0/16 allow + access-control: 10.17.90.0/24 allow + +Also, change the nameserver to the servers IP instead of 127.0.0.1 inside /etc/rc.conf -- If you are running "unbound" on your server, you will probably have issues with DNS resolution. +Adjust the above "access-control" strings to fit your network. From dad0c5b85a869283eb65dbcae5f2e92aff3440d9 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 18 Feb 2025 08:47:36 -0700 Subject: [PATCH 11/16] docs: Add etcupdate.rst --- docs/chapters/subcommands/etcupdate.rst | 46 +++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 docs/chapters/subcommands/etcupdate.rst diff --git a/docs/chapters/subcommands/etcupdate.rst b/docs/chapters/subcommands/etcupdate.rst new file mode 100644 index 000000000..cec9a4113 --- /dev/null +++ b/docs/chapters/subcommands/etcupdate.rst @@ -0,0 +1,46 @@ +========= +etcupdate +========= + +This command will update the contents of `/etc` inside a jail. It should be run after a jail upgrade + +First we need to bootstrap a release for `etcupdate` to use. + +.. code-block:: shell + + ishmael ~ # bastille etcupdate bootstrap 14.1-RELEASE + bastille_bootstrap_archives: base -> src + /usr/local/bastille/cache/14.1-RELEASE/MANIFES 1046 B 1134 kBps 00s + /usr/local/bastille/cache/14.1-RELEASE/src.txz 205 MB 2711 kBps 01m18s + bastille_bootstrap_archives: src -> base + Building tarball, please wait... + Etcupdate bootstrap complete: 14.1-RELEASE + +Next we can use the `update` command to apply the update to the jail. + +.. code-block:: shell + + ishmael ~ # bastille etcupdate ishmael update 14.1-RELEASE + +The output will show you which files were added, updated, changed, deleted, or have conflicts. +To automatically resolve the conflicts, run the `resolve` command. + +.. code-block:: shell + + ishmael ~ # bastille etcupdate ishmael resolve + +To show only the differences between the releases, use the `diff` command. + +.. code-block:: shell + + ishmael ~ # bastille etcupdate ishmael diff 14.1-RELEASE + +.. code-block:: shell + + ishmael ~ # bastille etcupdate help + Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [diff|resolve|update RELEASE] + Options: + + -d | --dry-run Show output, but do not apply. + -f | --force Force a re-bootstrap of a RELEASE. + -x | --debug Enable debug mode. From 86714b2ae0dac99550b1044a822bfef104775466 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 18 Feb 2025 09:03:17 -0700 Subject: [PATCH 12/16] etcupdate: Fix not bootstrapping when /usr/src is present but empty --- usr/local/share/bastille/etcupdate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 1f0979be2..2f625d413 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -46,7 +46,7 @@ EOF bootstrap_etc_release() { local _release="${1}" local _current="$(sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives | awk -F': ' '{print $2}')" - if ! ls -A "${bastille_releasesdir}/${_release}/usr/src" 2>/dev/null; then + if [ -z "$(ls -A "${bastille_releasesdir}/${_release}/usr/src")" ]; then sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives=src if ! bastille bootstrap "${_release}" > /dev/null; then sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}" From 3ac59c13545343f0e4246fb2dc336808cbb3125f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 20 Feb 2025 12:28:16 -0700 Subject: [PATCH 13/16] docs: Update "update" to allow for thick jails also --- docs/chapters/subcommands/update.rst | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/chapters/subcommands/update.rst b/docs/chapters/subcommands/update.rst index 4beef6557..e1a6bae47 100644 --- a/docs/chapters/subcommands/update.rst +++ b/docs/chapters/subcommands/update.rst @@ -2,8 +2,8 @@ update ====== -The `update` command targets a release instead of a container. Because every container is -based on a release, when the release is updated all the containers are automatically +The `update` command targets a release or a thick jail. Because thin jails are +based on a release, when the release is updated all the thin jails are automatically updated as well. If no updates are available, a message will be shown: @@ -20,8 +20,7 @@ If no updates are available, a message will be shown: No updates needed to update system to 11.4-RELEASE-p4. No updates are available to install. - -The older the release, however, the more updates will be available: +The older the release or jail, however, the more updates will be available: .. code-block:: shell @@ -38,4 +37,7 @@ The older the release, however, the more updates will be available: The following files will be added as part of updating to 13.2-RELEASE-p4: ...[snip]... -To be safe, you may want to restart any containers that have been updated live. +To be safe, you may want to restart any jails that have been updated live. + +If the jail is a thin jail, an error will be shown. If it is a thick jail, it will be updated just like +the release shown above. From 29855d7957d28a8e2aeef0d45fbba4b648072b30 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 20 Feb 2025 12:39:41 -0700 Subject: [PATCH 14/16] docs: Add upgrade subcommand --- docs/chapters/subcommands/upgrade.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 docs/chapters/subcommands/upgrade.rst diff --git a/docs/chapters/subcommands/upgrade.rst b/docs/chapters/subcommands/upgrade.rst new file mode 100644 index 000000000..bbff8af46 --- /dev/null +++ b/docs/chapters/subcommands/upgrade.rst @@ -0,0 +1,16 @@ +======= +upgrade +======= + +The `upgrade` command targets a thick or thin jail. Thin jails will be updated by changing the +release mount point that it is based on. Thick jails will be upgraded normally. + +.. code-block:: shell + + ishmael ~ # bastille upgrade help + Usage: bastille upgrade [option(s)] TARGET [NEWRELEASE|install] + Options: + + -a | --auto Auto mode. Start/stop jail(s) if required. + -f | --force Force upgrade a jail. + -x | --debug Enable debug mode. From c701d6c17b0239dbbc137d089685782fff8a437f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 20 Feb 2025 12:47:20 -0700 Subject: [PATCH 15/16] docs: Document ARGS more thouroughly --- docs/chapters/template.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/chapters/template.rst b/docs/chapters/template.rst index 0e2948857..0c45bead5 100644 --- a/docs/chapters/template.rst +++ b/docs/chapters/template.rst @@ -60,6 +60,15 @@ Template Hook Descriptions ARG - set an ARG value to be used in the template +ARGS will default to the value set inside the template, but can be changed by including `--arg ARG=VALUE` when +running the template. Multiple ARGS can also be specified as seen below. If no ARG value is given, the template +will show a warning, but will still continue. + +.. code-block:: shell + + ishmael ~ # bastille template azkaban sample/template --arg ARG=VALUE --arg ARG1=VALUE + + CMD - run the specified command CONFIG - set the specified property and value From 63c008b25e3d06fb32d521349e48ec63e6ff8d9d Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 20 Feb 2025 12:48:26 -0700 Subject: [PATCH 16/16] Update upgrading.rst --- docs/chapters/upgrading.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/chapters/upgrading.rst b/docs/chapters/upgrading.rst index 1621fe472..1d9161eb6 100644 --- a/docs/chapters/upgrading.rst +++ b/docs/chapters/upgrading.rst @@ -9,6 +9,10 @@ To keep releases updated, use `bastille update RELEASE` To keep thick jails updated, use `bastille update TARGET` +====================== +Minor Release Upgrades +====================== + To upgrade Bastille jails for a minor release (ie; 13.1→13.2) you can do the following: Thick Jails @@ -35,6 +39,10 @@ Thin Jails 8. start the jail(s) 8. upgrade complete! +====================== +Major Release Upgrades +====================== + To upgrade Bastille jails for a major release (ie; 12.4→13.2) you can do the following: Thick Jails