Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Post creation script ? #321

Closed
Annakan opened this issue Jul 30, 2018 · 4 comments
Assignees

Comments

@Annakan
Copy link

@Annakan Annakan commented Jul 30, 2018

Mandatory info for bug reports:

FreeBSD version ( uname -a ): 11.2-RELEASE FreeBSD 11.2-RELEASE #0 r335510: Fri Jun 22 04:32:14 UTC 2018 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64

CBSD version ( cbsd version ): 11.2.0

Is there a way to execute a post creation script to finish setting up a jail without resorting to puppet or else (they bring a lot of overhead, like ugly ruby for puppet).

Something like a cbsd jexec of a given script that must be in the profile/skel (working only for jail that should be started immediately of course).

For instance to change the default shell or install a tool not from the ports/packages ... etc

It is probably doable to have a special rc.local file in the skel with some ugly self destructing script too but it would be more elegant if cbsd handled it ...

@olevole olevole self-assigned this Jul 30, 2018
@olevole

This comment has been minimized.

Copy link
Collaborator

@olevole olevole commented Jul 30, 2018

At the moment there is: https://www.bsdstore.ru/en/11.2.x/wf_jconfig_ssi.html#execscript

However, they all work separately from jcreate. I think adding another dir create.d - that's a good idea, I'll add.

Some settings in the form of files (for example, the alternative shell via {spwd.db,pwd.db,passwd,master.passwd} ), you can change with the custom skel dir ( https://www.bsdstore.ru/en/11.2.x/wf_profiles_ssi.html ).

Also CBSD always checks for the presence of /etc/rc.cbsdjail_first_boot inside the jail and after executing this script via jailed /bin/sh deletes it:

https://github.com/cbsd/cbsd/blob/develop/sudoexec/jstart#L51

Together with runasap="1" params (not available in jconstruct-tui because the jconstruct-tui for manual creation) this can be used to automatically run something in a jail when creating a container in an automated manner and performing individual actions

You can see config for jcreate (and runasap= params) by pressing 'no' for 'Do you want to create jail immediately?' question

olevole added a commit that referenced this issue Aug 23, 2018
add create.d/master_create.d directories in system skel
 external_exec_script: added a tag for jail autorun ( -a options ) as
   trigger to run the container to run cusom scripts.
 remove dup code ( external_exec_master_script/external_exec_script func )
Issue #321
@olevole

This comment has been minimized.

Copy link
Collaborator

@olevole olevole commented Aug 23, 2018

added create.d/master_create.d directories for custom post creation script.

Will be available with CBSD 11.2.2

@olevole olevole closed this Aug 23, 2018
@Annakan

This comment has been minimized.

Copy link
Author

@Annakan Annakan commented Aug 29, 2018

Thanks a lot for your answer
Let me sum it up :

I was asking about the possibility of executing code on first jail start to further customize the jail when static configuration files in the skeleton are not enough.
(because changing the shell by forcing a password file is a bit "rude" ;) or when I want to configure the jail with utf-8, I need to execute cap_mkdb /etc/login.conf)

What I was asking already exist in the form of /etc/rc.cbsdjail_first_boot and this script will be executed and then deleted (whether it was successfully executed or not if I read the code well)

You are now adding a create.d directory to extend this capability ?
How will it work ? If it exists, all scripts in it will be executed in order and the directory will be deleted ?
I think it is a great idea that allow modularity.

Thanks a lot for your work on CBSD

@olevole

This comment has been minimized.

Copy link
Collaborator

@olevole olevole commented Aug 30, 2018

Yes you are right, /etc/rc.cbsdjail_first_boot will be deleted regardless of the errcode (hmm, process errcode and do not delete script if $? != 0 - this is probably the right way).

Concerning to new 'create.d' directory and 'master_create.d' - when this directories in 'skel' dir exist and have any files, they are executed). After executing directory and/or script not deleted (nevertheless, they will never work for this environment in next time, since they are run from the jcreate script which will never be performed for an already existing environment).

I think deleting content or files is not required - you can create custom profile with alternative skel dir ( for example: https://github.com/cbsd/cbsd/blob/develop/etc/defaults/jail-freebsd-puppet.conf#L13 and

https://www.bsdstore.ru/en/11.2.x/wf_profiles_ssi.html
and demo:
https://www.bsdstore.ru/en/11.2.x/wf_profiles_ssi.html ( see Creation and using jail profile: at the bottom of the page ).

So, this can use by many env.

PS: I think this weekend I've release/commit next CBSD version into the ports tree, due to 12-RELENG frozen and current FreeBSD HEAD == 13-CURRENT. this is required to be reflected in CBSD

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.