def new_default_plugin_jail(basename): addrs = guess_adresses() if not addrs['high_ipv4']: raise MiddlewareError(_("Unable to determine IPv4 for plugin")) jailname = None for i in xrange(1, 1000): tmpname = "%s_%d" % (basename, i) jails = Jails.objects.filter(jail_host=tmpname) if not jails: jailname = tmpname break w = warden.Warden() jc = JailsConfiguration.objects.order_by("-id")[0] logfile = "%s/warden.log" % jc.jc_path try: w.create( jail=jailname, ipv4=addrs['high_ipv4'], flags=(warden.WARDEN_CREATE_FLAGS_LOGFILE | warden.WARDEN_CREATE_FLAGS_PLUGINJAIL | warden.WARDEN_CREATE_FLAGS_SYSLOG | warden.WARDEN_CREATE_FLAGS_IPV4), logfile=logfile, ) except Exception, e: raise MiddlewareError(_("Failed to install plugin: %s") % e)
def get_ipv4_exclude_dict(): ipv4_exclude_dict = {} w = warden.Warden() jails = w.cached_list() if not jails: return ipv4_exclude_dict for j in jails: mask = 24 if j['ipv4']: parts = j['ipv4'].split('/') if len(parts) == 2: mask = int(parts[1]) sc = sipcalc_type("%s/%d" % ( parts[0], mask )) ipv4_exclude_dict[str(sc)] = sc if j['bridge_ipv4']: parts = j['bridge_ipv4'].split('/') if len(parts) == 2: try: mask = int(parts[1]) except ValueError: pass sc = sipcalc_type("%s/%d" % ( parts[0], mask )) ipv4_exclude_dict[str(sc)] = sc if j['alias_ipv4']: amask = mask aliases = j['alias_ipv4'].split(',') for a in aliases: parts = a.split('/') if len(parts) == 2: amask = int(parts[1]) sc = sipcalc_type("%s/%d" % ( parts[0], amask )) ipv4_exclude_dict[str(sc)] = sc if j['alias_bridge_ipv4']: amask = mask aliases = j['alias_bridge_ipv4'].split(',') for a in aliases: parts = a.split('/') if len(parts) == 2: amask = int(parts[1]) sc = sipcalc_type("%s/%d" % ( parts[0], amask )) ipv4_exclude_dict[str(sc)] = sc return ipv4_exclude_dict
def get_ipv6_exclude_dict(): ipv6_exclude_dict = {} w = warden.Warden() jails = w.cached_list() if not jails: return ipv6_exclude_dict for j in jails: prefix = 24 if j['ipv6']: parts = j['ipv6'].split('/') if len(parts) == 2: prefix = int(parts[1]) sc = sipcalc_type("%s/%d" % ( parts[0], prefix )) ipv6_exclude_dict[str(sc)] = sc if j['bridge_ipv6']: parts = j['ipv6'].split('/') if len(parts) == 2: prefix = int(parts[1]) sc = sipcalc_type("%s/%d" % ( parts[0], prefix )) ipv6_exclude_dict[str(sc)] = sc if j['alias_ipv6']: aprefix = prefix aliases = j['alias_ipv6'].split(',') for a in aliases: parts = a.split('/') if len(parts) == 2: aprefix = int(parts[1]) sc = sipcalc_type("%s/%d" % ( parts[0], aprefix )) ipv6_exclude_dict[str(sc)] = sc if j['alias_bridge_ipv6']: aprefix = prefix aliases = j['alias_bridge_ipv6'].split(',') for a in aliases: parts = a.split('/') if len(parts) == 2: aprefix = int(parts[1]) sc = sipcalc_type("%s/%d" % ( parts[0], aprefix )) ipv6_exclude_dict[str(sc)] = sc return ipv6_exclude_dict
def jail_auto_configure(): import platform """ Auto configure the jail settings The first ZFS volume found will be selected. A dataset called jails will be created, if it already exists then append "_N" where N 2..100 until a dataset is not found. """ vol_fstype = 'ZFS' volume = Volume.objects.filter(vol_fstype='ZFS') if not volume.exists(): raise MiddlewareError(_("You need to create a ZFS volume to proceed!")) volume = volume[0] basename = "%s/jails" % volume.vol_name name = basename for i in xrange(2, 100): datasets = list_datasets( path="/mnt/%s" % name, recursive=False, ) if not datasets: break else: name = "%s_%d" % (basename, i) rv, err = notifier().create_zfs_dataset(name) if rv != 0: raise MiddlewareError( _("Failed to create dataset %(name)s: %(error)s") % { 'name': name, 'error': err, }) try: jail = JailsConfiguration.objects.latest('id') except JailsConfiguration.DoesNotExist: jail = JailsConfiguration() jail.jc_path = "/mnt/%s" % name jail.save() w = warden.Warden() w.wtmp = jail.jc_path w.jdir = jail.jc_path w.release = platform.release().strip() w.save()
def new_default_plugin_jail(basename): from freenasUI.jails.forms import generate_randomMAC, is_jail_mac_duplicate jc = JailsConfiguration.objects.order_by("-id")[0] logfile = "%s/warden.log" % jc.jc_path if not jc.jc_ipv4_dhcp or not jc.jc_ipv6_autoconf: addrs = guess_addresses() if not jc.jc_ipv4_dhcp: if not addrs['high_ipv4']: raise MiddlewareError(_("Unable to determine IPv4 for plugin")) if (jc.jc_ipv6_autoconf or jc.jc_ipv6_network): if not jc.jc_ipv6_autoconf: if not addrs['high_ipv6']: raise MiddlewareError(_("Unable to determine IPv6 for plugin")) jailname = None for i in range(1, 1000): tmpname = "%s_%d" % (basename, i) jails = Jails.objects.filter(jail_host=tmpname) if not jails: jailname = tmpname break w = warden.Warden() template_create_args = {} template = JailTemplate.objects.get(jt_name='pluginjail') template_create_args['nick'] = template.jt_name template_create_args['tar'] = template.jt_url template_create_args['flags'] = warden.WARDEN_TEMPLATE_FLAGS_CREATE | \ warden.WARDEN_TEMPLATE_CREATE_FLAGS_NICK | \ warden.WARDEN_TEMPLATE_CREATE_FLAGS_TAR if template.jt_mtree: template_create_args['mtree'] = template.jt_mtree template_create_args['flags'] = template_create_args['flags'] | \ warden.WARDEN_TEMPLATE_CREATE_FLAGS_MTREE template = None template_list_flags = {} template_list_flags['flags'] = warden.WARDEN_TEMPLATE_FLAGS_LIST templates = w.template(**template_list_flags) for t in templates: if t['nick'] == template_create_args['nick']: template = t break os.environ[ 'EXTRACT_TARBALL_STATUSFILE'] = warden.WARDEN_EXTRACT_STATUS_FILE createfile = "/var/tmp/.templatecreate" if not template: # If for some reason warden does not list the template but the path # exists, we shall try to nuke it template_path = '{}/.warden-template-pluginjail'.format(jc.jc_path) if os.path.exists(template_path): try: notifier().destroy_zfs_dataset( template_path.replace('/mnt/', '')) except: pass try: shutil.rmtree(template_path) except OSError: pass try: cf = open(createfile, "a+") cf.close() w.template(**template_create_args) except Exception as e: if os.path.exists(createfile): os.unlink(createfile) raise MiddlewareError(e) template_list_flags = {} template_list_flags['flags'] = warden.WARDEN_TEMPLATE_FLAGS_LIST templates = w.template(**template_list_flags) for t in templates: if t['nick'] == template_create_args['nick']: template = t break if not template: raise MiddlewareError(_('Unable to find template!')) try: high_ipv4 = "DHCP" if not jc.jc_ipv4_dhcp: high_ipv4 = addrs['high_ipv4'] high_ipv6 = "AUTOCONF" if not jc.jc_ipv6_autoconf: high_ipv6 = addrs['high_ipv6'] create_args = { 'jail': jailname, 'ipv4': high_ipv4, 'ipv6': high_ipv6, 'flags': (warden.WARDEN_CREATE_FLAGS_LOGFILE | warden.WARDEN_CREATE_FLAGS_TEMPLATE | warden.WARDEN_CREATE_FLAGS_VANILLA | warden.WARDEN_CREATE_FLAGS_SYSLOG | warden.WARDEN_CREATE_FLAGS_IPV4 | warden.WARDEN_CREATE_FLAGS_IPV6), 'template': 'pluginjail', 'logfile': logfile } w.create(**create_args) except Exception as e: raise MiddlewareError(_("Failed to install plugin: %s") % e) jaildir = "%s/%s" % (jc.jc_path, jailname) with open('%s/.plugins/PLUGIN' % jaildir, 'w') as f: f.close() w.auto(jail=jailname) # Make sure we generate an unique mac address for the plugin jail while True: mac = generate_randomMAC() if not is_jail_mac_duplicate(mac): break w.set( jail=jailname, mac=mac, flags=warden.WARDEN_SET_FLAGS_MAC, ) # Setting vnet and mac at the same time seems to confuse Warden wrapper w.set( jail=jailname, flags=warden.WARDEN_SET_FLAGS_VNET_ENABLE, ) w.start(jail=jailname) obj = Jails.objects.get(jail_host=jailname) add_media_user_and_group(obj.jail_path) return obj
def jail_auto_configure(): import platform """ Auto configure the jail settings The first ZFS volume found will be selected. A dataset called jails will be created, if it already exists then append "_N" where N 2..100 until a dataset is not found. """ vol_fstype = 'ZFS' volume = Volume.objects.filter(vol_fstype='ZFS') if not volume.exists(): log.warn("ZFS is recommended for plugins!") volume = Volume.objects.filter(vol_fstype='UFS') if not volume.exists(): raise MiddlewareError(_("You need to create a volume to proceed!")) vol_fstype = 'UFS' volume = volume[0] basename = "%s/jails" % volume.vol_name if vol_fstype == 'ZFS': name = basename for i in xrange(2, 100): datasets = list_datasets( path="/mnt/%s" % name, recursive=False, ) if not datasets: break else: name = "%s_%d" % (basename, i) rv, err = notifier().create_zfs_dataset(name) if rv != 0: raise MiddlewareError(_("Failed to create dataset %(name)s: %(error)s") % { 'name': name, 'error': err, }) elif vol_fstype == 'UFS': name = "/mnt/%s" % basename if os.path.exists(name): max = 1 dirs = glob.glob("%s_*" % name) if dirs: for d in dirs: parts = d.split('_') if len(parts) > 1 and re.match('^[0-9]+$', parts[1]): num = int(parts[1]) if num > max: max = num name = "%s_%d" % (name, max + 1) name = name.replace('/mnt/', '') try: os.makedirs("/mnt/%s" % name) except Exception as e: raise MiddlewareError(_("Failed to create directory %(name)s: %(error)s") % { 'name': name, 'error': e }) try: jail = JailsConfiguration.objects.latest('id') except JailsConfiguration.DoesNotExist: jail = JailsConfiguration() jail.jc_path = "/mnt/%s" % name jail.save() w = warden.Warden() w.wtmp = jail.jc_path w.jdir = jail.jc_path w.release = platform.release().strip() w.save()
def new_default_plugin_jail(basename): addrs = guess_addresses() if not addrs['high_ipv4']: raise MiddlewareError(_("Unable to determine IPv4 for plugin")) jailname = None for i in xrange(1, 1000): tmpname = "%s_%d" % (basename, i) jails = Jails.objects.filter(jail_host=tmpname) if not jails: jailname = tmpname break w = warden.Warden() jc = JailsConfiguration.objects.order_by("-id")[0] logfile = "%s/warden.log" % jc.jc_path template_create_args = {} template = JailTemplate.objects.get(jt_name='pluginjail') template_create_args['nick'] = template.jt_name template_create_args['tar'] = template.jt_url template_create_args['flags'] = warden.WARDEN_TEMPLATE_FLAGS_CREATE | \ warden.WARDEN_TEMPLATE_CREATE_FLAGS_NICK | \ warden.WARDEN_TEMPLATE_CREATE_FLAGS_TAR template = None template_list_flags = {} template_list_flags['flags'] = warden.WARDEN_TEMPLATE_FLAGS_LIST templates = w.template(**template_list_flags) for t in templates: if t['nick'] == template_create_args['nick']: template = t break os.environ['EXTRACT_TARBALL_STATUSFILE'] = warden.WARDEN_EXTRACT_STATUS_FILE createfile = "/var/tmp/.templatecreate" if not template: try: cf = open(createfile, "a+") cf.close() w.template(**template_create_args) except Exception as e: if os.path.exists(createfile): os.unlink(createfile) raise MiddlewareError(e.message) template_list_flags = {} template_list_flags['flags'] = warden.WARDEN_TEMPLATE_FLAGS_LIST templates = w.template(**template_list_flags) for t in templates: if t['nick'] == template_create_args['nick']: template = t break if not template: raise MiddlewareError(_('Unable to find template!')) try: w.create( jail=jailname, ipv4=addrs['high_ipv4'], flags=( warden.WARDEN_CREATE_FLAGS_LOGFILE | warden.WARDEN_CREATE_FLAGS_TEMPLATE | warden.WARDEN_CREATE_FLAGS_VANILLA | warden.WARDEN_CREATE_FLAGS_SYSLOG | warden.WARDEN_CREATE_FLAGS_IPV4 ), template='pluginjail', logfile=logfile, ) except Exception, e: raise MiddlewareError(_("Failed to install plugin: %s") % e)
def guess_adresses(): high_ipv4 = None high_ipv6 = None st_ipv4_network = None st_ipv6_network = None jc = None try: jc = JailsConfiguration.objects.order_by("-id")[0] st_ipv4_network = sipcalc_type(jc.jc_ipv4_network) st_ipv6_network = sipcalc_type(jc.jc_ipv6_network) except Exception as e: log.debug("Exception caught: %s", e) # # If a jails configuration exists (as it should), # create sipcalc objects # if st_ipv4_network: high_ipv4 = sipcalc_type( "%s/%d" % (jc.jc_ipv4_network_start, st_ipv4_network.network_mask_bits)) if st_ipv6_network: high_ipv6 = sipcalc_type( "%s/%d" % (jc.jc_ipv6_network_start, st_ipv6_network.prefix_length)) # # Attempt to determine the primary interface network. # This is done so that we don't set a bridge address # (we leave it blank, in which case the Warden will # figure out the default gateway and set that up inside # the jail if on the same network as the host). # st_host_ipv4_network = None try: iface = notifier().guess_default_interface() st_ha = sipcalc_type(iface=iface) if not st_ha.is_ipv4(): st_host_ipv4_network = None else: st_host_ipv4_network = sipcalc_type( "%s/%d" % (st_ha.network_address, st_ha.network_mask_bits)) except Exception as e: log.debug("Exception caught: %s", e) # # Be extra careful, if no start and end addresses # are configured, take the first network address # and add 25 to it. # if not high_ipv4 and st_ipv4_network: high_ipv4 = sipcalc_type("%s/%d" % ( st_ipv4_network.usable_range[0], st_ipv4_network.network_mask_bits, )) high_ipv4 += 25 if not high_ipv6 and st_ipv6_network: high_ipv6 = sipcalc_type("%s/%d" % ( st_ipv6_network.network_range[0], st_ipv6_network.prefix_length, )) high_ipv6 += 25 try: wlist = warden.Warden().list() except: wlist = [] for wj in wlist: wo = warden.WardenJail(**wj) st_ipv4 = None st_ipv6 = None # # This figures out the highest IP address currently in use # if wo.ipv4: st_ipv4 = sipcalc_type(wo.ipv4) if wo.ipv6: st_ipv6 = sipcalc_type(wo.ipv6) if st_ipv4 and st_ipv4_network is not None: if st_ipv4_network.in_network(st_ipv4): if st_ipv4 > high_ipv4: high_ipv4 = st_ipv4 if st_ipv6 and st_ipv6_network is not None: if st_ipv6_network.in_network(st_ipv6): if st_ipv6 > high_ipv6: high_ipv6 = st_ipv6 if high_ipv4 is None and st_ipv4_network is not None: high_ipv4 = sipcalc_type("%s/%d" % ( st_ipv4_network.usable_range[0], st_ipv4_network.network_mask_bits, )) elif high_ipv4 is not None and st_ipv4_network is not None: high_ipv4 += 1 if not st_ipv4_network.in_network(high_ipv4): high_ipv4 = None if high_ipv6 is None and st_ipv6_network is not None: high_ipv6 = sipcalc_type("%s/%d" % ( st_ipv6_network.network_range[0], st_ipv6_network.prefix_length, )) elif high_ipv6 is not None and st_ipv6_network is not None: high_ipv6 += 1 if not st_ipv6_network.in_network(high_ipv6): high_ipv6 = None # # If a network is configured for jails, and it is NOT on # the same network as the host, setup a bridge address. # (This will be the default gateway of the jail). # bridge_ipv4 = None if st_ipv4_network is not None and not st_host_ipv4_network: bridge_ipv4 = sipcalc_type("%s/%d" % ( st_ipv4_network.usable_range[0], st_ipv4_network.network_mask_bits, )) bridge_ipv6 = None if st_ipv6_network is not None: bridge_ipv6 = sipcalc_type("%s/%d" % ( st_ipv6_network.network_range[0], st_ipv6_network.prefix_length, )) return { 'high_ipv4': high_ipv4, 'high_ipv6': high_ipv6, 'bridge_ipv4': bridge_ipv4, 'bridge_ipv6': bridge_ipv6, }
def new_default_plugin_jail(basename): jc = JailsConfiguration.objects.order_by("-id")[0] logfile = "%s/warden.log" % jc.jc_path if not jc.jc_ipv4_dhcp or not jc.jc_ipv6_autoconf: addrs = guess_addresses() if not jc.jc_ipv4_dhcp: if not addrs['high_ipv4']: raise MiddlewareError(_("Unable to determine IPv4 for plugin")) if (jc.jc_ipv6_autoconf or jc.jc_ipv6_network): if not jc.jc_ipv6_autoconf: if not addrs['high_ipv6']: raise MiddlewareError(_("Unable to determine IPv6 for plugin")) jailname = None for i in xrange(1, 1000): tmpname = "%s_%d" % (basename, i) jails = Jails.objects.filter(jail_host=tmpname) if not jails: jailname = tmpname break w = warden.Warden() template_create_args = {} template = JailTemplate.objects.get(jt_name='pluginjail') template_create_args['nick'] = template.jt_name template_create_args['tar'] = template.jt_url template_create_args['flags'] = warden.WARDEN_TEMPLATE_FLAGS_CREATE | \ warden.WARDEN_TEMPLATE_CREATE_FLAGS_NICK | \ warden.WARDEN_TEMPLATE_CREATE_FLAGS_TAR if template.jt_mtree: template_create_args['mtree'] = template.jt_mtree template_create_args['flags'] = template_create_args['flags'] | \ warden.WARDEN_TEMPLATE_CREATE_FLAGS_MTREE template = None template_list_flags = {} template_list_flags['flags'] = warden.WARDEN_TEMPLATE_FLAGS_LIST templates = w.template(**template_list_flags) for t in templates: if t['nick'] == template_create_args['nick']: template = t break os.environ['EXTRACT_TARBALL_STATUSFILE'] = warden.WARDEN_EXTRACT_STATUS_FILE createfile = "/var/tmp/.templatecreate" if not template: try: cf = open(createfile, "a+") cf.close() w.template(**template_create_args) except Exception as e: if os.path.exists(createfile): os.unlink(createfile) raise MiddlewareError(e.message) template_list_flags = {} template_list_flags['flags'] = warden.WARDEN_TEMPLATE_FLAGS_LIST templates = w.template(**template_list_flags) for t in templates: if t['nick'] == template_create_args['nick']: template = t break if not template: raise MiddlewareError(_('Unable to find template!')) try: high_ipv4 = "DHCP" if not jc.jc_ipv4_dhcp: high_ipv4 = addrs['high_ipv4'] high_ipv6 = "AUTOCONF" if not jc.jc_ipv6_autoconf: high_ipv6 = addrs['high_ipv6'] create_args = { 'jail': jailname, 'ipv4': high_ipv4, 'ipv6': high_ipv6, 'flags': ( warden.WARDEN_CREATE_FLAGS_LOGFILE | warden.WARDEN_CREATE_FLAGS_TEMPLATE | warden.WARDEN_CREATE_FLAGS_VANILLA | warden.WARDEN_CREATE_FLAGS_SYSLOG | warden.WARDEN_CREATE_FLAGS_IPV4 | warden.WARDEN_CREATE_FLAGS_IPV6 ), 'template': 'pluginjail', 'logfile': logfile } w.create(**create_args) except Exception, e: raise MiddlewareError(_("Failed to install plugin: %s") % e)