Page MenuHomeDevCentral

No OneTemporary

diff --git a/_modules/jails.py b/_modules/jails.py
new file mode 100644
index 0000000..9f4eabe
--- /dev/null
+++ b/_modules/jails.py
@@ -0,0 +1,139 @@
+# -*- coding: utf-8 -*-
+
+# -------------------------------------------------------------
+# Salt — Jails execution module
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-10-21
+# Description: Functions related to FreeBSD jails
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+def _get_all_jails():
+ return __pillar__.get('jails', {})
+
+
+def _get_default_group():
+ '''
+ Gets the default group to use as key to
+ the pillar's jails dictionary.
+ '''
+ return __grains__['id']
+
+
+def list(group=None):
+ '''
+ A function to list the jails for the specified group.
+
+ CLI Example::
+
+ salt '*' jails.list
+ '''
+ all_jails = _get_all_jails()
+
+ if group is None:
+ group = _get_default_group()
+
+ if group in all_jails:
+ return all_jails[group]
+
+ return []
+
+
+def flatlist(group=None):
+ '''
+ A function to list the jails for the specified group.
+
+ Output is a string, ready to pass to jail_list in rc.
+
+ CLI Example::
+
+ salt-call --local jails.list ysul
+ '''
+ return " ".join(list(group))
+
+
+def _get_hardware_network_interfaces():
+ return [interface for interface in __grains__['hwaddr_interfaces']]
+
+
+def _get_ipv6_network_interfaces():
+ return [interface for interface in __grains__['ip6_interfaces']]
+
+
+def guess_ipv4_network_interface():
+ '''
+ A function tu guess to what network interface bind the
+ public IPv4 jail IP.
+ '''
+ interfaces = _get_hardware_network_interfaces()
+
+ if len(interfaces) < 1:
+ raise "No network interface detected."
+
+ # Nasqueron convention assigns the ICANNn network
+ # to the first card.
+ return interfaces[0]
+
+
+def guess_ipv6_network_interface():
+ '''
+ A function tu guess to what network interface bind the
+ public IPv4 jail IP.
+ '''
+ interfaces = _get_ipv6_network_interfaces()
+
+ for interface in interfaces:
+ ips = __grains__['ip6_interfaces'][interface]
+
+ # We want an interface with IPv6
+ if len(ips) < 1:
+ continue
+
+ # Ignore local loopback
+ if interface.startswith("lo"):
+ continue
+
+ return interface
+
+ raise "No network interface detected."
+
+ # Nasqueron convention assigns the ICANNn network
+ # to the first card.
+ return interfaces[0]
+
+
+def get_jail(jailname, group=None):
+ '''
+ A function to get a jail pillar configuration
+
+ CLI Example::
+
+ salt-call --local jails.list mumble ysul
+ '''
+ if group is None:
+ group = _get_default_group()
+
+ all_jails = _get_all_jails()
+ return all_jails[group][jailname]
+
+
+def get_ezjail_ips_parameter(jailname, group=None):
+ '''
+ A function to get the parameters to describe the jail
+ IP configuration to `ezjail-admin create` command.
+
+ CLI Example::
+
+ salt * jails.get_ezjail_ips_parameter ftp
+ '''
+ jail = get_jail(jailname, group)
+
+ config = [
+ ["lo1", jail['lo']],
+ [guess_ipv4_network_interface(), jail['ipv4']],
+ [guess_ipv6_network_interface(), jail['ipv6']]
+ ]
+
+ return ",".join(["|".join(interface) for interface in config])
diff --git a/pillar/paas-jails/jails.sls b/pillar/paas-jails/jails.sls
new file mode 100644
index 0000000..7e632ba
--- /dev/null
+++ b/pillar/paas-jails/jails.sls
@@ -0,0 +1,23 @@
+# -------------------------------------------------------------
+# Salt — Jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-10-20
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+jails:
+ ysul:
+ ftp:
+ lo: 127.0.2.1
+ ipv4: 212.83.187.132
+ ipv6: 2001:470:1f13:9e1:0:c0ff:ee:1
+ mumble:
+ lo: 127.0.2.2
+ ipv4: 212.83.187.132
+ ipv6: 2001:470:1f13:9e1:0:c0ff:ee:1
+ # Test jail
+ tonderon:
+ lo: 127.0.2.3
+ ipv4: 212.83.187.132
+ ipv6: 2001:470:1f13:9e1:0:c0ff:ee:7
diff --git a/pillar/top.sls b/pillar/top.sls
index c03b156..e286e84 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -1,20 +1,21 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- core.hostnames
- certificates.certificates
- nodes.nodes
ysul:
+ - paas-jails.jails
- webserver-legacy.sites
eglide:
- users.revokedusers
- users.shellusers
- users.shelladmins
- users.shellgroups
diff --git a/roles/paas-jails/init.sls b/roles/paas-jails/init.sls
new file mode 100644
index 0000000..4af65f8
--- /dev/null
+++ b/roles/paas-jails/init.sls
@@ -0,0 +1,11 @@
+# -------------------------------------------------------------
+# Salt — Jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Notes: FreeBSD-only role
+# Created: 2017-10-21
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .jails
diff --git a/roles/paas-jails/jails/files/ezjail.rc b/roles/paas-jails/jails/files/ezjail.rc
new file mode 100644
index 0000000..e7dbb2b
--- /dev/null
+++ b/roles/paas-jails/jails/files/ezjail.rc
@@ -0,0 +1,16 @@
+# -------------------------------------------------------------
+# Jails - rc configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/paas-jails/jails/files/ezjail.rc
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+ezjail_enable="YES"
diff --git a/roles/paas-jails/jails/files/jail.rc b/roles/paas-jails/jails/files/jail.rc
new file mode 100644
index 0000000..3e746c7
--- /dev/null
+++ b/roles/paas-jails/jails/files/jail.rc
@@ -0,0 +1,22 @@
+# -------------------------------------------------------------
+# Jails - rc configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/paas-jails/jails/files/jail.rc
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# -------------------------------------------------------------
+# Enable the jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ezjail_enable="YES"
+
+jail_list="{{ jails }}"
diff --git a/roles/paas-jails/jails/files/netif.rc b/roles/paas-jails/jails/files/netif.rc
new file mode 100644
index 0000000..c284969
--- /dev/null
+++ b/roles/paas-jails/jails/files/netif.rc
@@ -0,0 +1,20 @@
+# -------------------------------------------------------------
+# Jails - rc configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/paas-jails/jails/files/netif.rc
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# -------------------------------------------------------------
+# Jail network
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+cloned_interfaces="lo1"
diff --git a/roles/paas-jails/jails/init.sls b/roles/paas-jails/jails/init.sls
new file mode 100644
index 0000000..b00fe5b
--- /dev/null
+++ b/roles/paas-jails/jails/init.sls
@@ -0,0 +1,54 @@
+# -------------------------------------------------------------
+# Salt — Jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Notes: FreeBSD-only unit
+# Created: 2017-10-21
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Software to manage jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ezjail:
+ pkg.installed
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+jails_rc_jail:
+ file.managed:
+ - name: /etc/rc.conf.d/jail
+ - source: salt://roles/paas-jails/jails/files/jail.rc
+ - template: jinja
+ - context:
+ jails: {{ salt['jails.flatlist']() }}
+
+jails_rc_netif:
+ file.managed:
+ - name: /etc/rc.conf.d/netif
+ - source: salt://roles/paas-jails/jails/files/netif.rc
+
+jails_rc_ezjail:
+ file.managed:
+ - name: /etc/rc.conf.d/ezjail
+ - source: salt://roles/paas-jails/jails/files/ezjail.rc
+
+# -------------------------------------------------------------
+# Build jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+generate_basejail:
+ cmd.run:
+ - name: ezjail-admin install -p
+ - creates: /usr/jails/basejail
+
+{% for jail in salt['jails.list']() %}
+{% set ips = salt['jails.get_ezjail_ips_parameter'](jail) %}
+generate_jail_{{ jail }}:
+ cmd.run:
+ - name: ezjail-admin create {{ jail }} {{ ips | yaml_encode }}
+ - creates: /usr/jails/{{ jail }}
+{% endfor %}
diff --git a/top.sls b/top.sls
index 1689d9e..e9e19f0 100644
--- a/top.sls
+++ b/top.sls
@@ -1,34 +1,35 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- roles/core/rc
- roles/core/hostname
- roles/core/network
- roles/core/motd
- roles/core/rsyslog
- roles/core/salt
- roles/core/sshd
'local':
- roles/saltmaster
'ysul.nasqueron.org':
+ - roles/paas-jails
- roles/webserver-legacy
- roles/webserver-varnish
'dwellers.nasqueron.org':
- roles/paas-docker/docker
- roles/paas-lxc/lxc
- roles/mastodon
'eglide':
- roles/webserver-core/letsencrypt
- roles/shellserver/users
- roles/shellserver/userland-software
- roles/shellserver/eglide-website
- roles/shellserver/vhosts
- roles/shellserver/web-hosting
- roles/shellserver/odderon

File Metadata

Mime Type
text/x-diff
Expires
Mon, Nov 25, 07:40 (1 d, 17 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2259748
Default Alt Text
(11 KB)

Event Timeline