Skip to content

Instantly share code, notes, and snippets.

@niamtokik

niamtokik/Makefile

Last active March 1, 2022 12:56
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save niamtokik/fe9793c07276dc7638af5358e320e5ec to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save niamtokik/fe9793c07276dc7638af5358e320e5ec to your computer and use it in GitHub Desktop.
Download ZIP
Meetup BSD Rennes - Jail Makefile
Raw
Makefile
######################################################################
# BSD Meetup Rennes - FreeBSD Jails Workshop
#
# TEA-WARE LICENSE:
# Mathieu Kerjouan <[email protected]> wrote this file. As long as
# you retain this notice you can do whatever you want with this
# stuff. If we meet some day, and you think this stuff is worth it,
# you can buy me a tea in return. Mathieu Kerjouan
#
######################################################################
WHERE ?= /home/jails
FBSD_ARCH ?= amd64
FBSD_REL ?= 11.1-BETA2
FBSD_REPO ?= http://ftp.fr.freebsd.org
REPOSITORY = $(FBSD_REPO)/pub/FreeBSD/releases/$(FBSD_ARCH)/$(FBSD_REL)
BINARIES ?= base lib32 src ports
FLAVORS ?= base lib32
THIN_DIRS ?= dev etc home proc root tmp usr usr/local var
THIN_DIRS += base
THIN_LINKS = bin sbin usr/bin usr/sbin
START += persist
######################################################################
# default target
# called with this syntax:
# make TYPE=[classic|thin] NAME=[name]
######################################################################
new: $(TYPE)
delete: $(TYPE)-delete
start: $(TYPE)-start
stop: $(TYPE)-stop
tarball: $(TYPE)-tarball
help:
@echo "Create a new jail:"
@echo " make [thin|classic] NAME=name"
@echo "List available jails:"
@echo " make [thin|classic]-list"
@echo "Start a jail:"
@echo " make [thin|classic]-start NAME=name START=args"
@echo "Stop a jail:"
@echo " make [thin|classic]-stop NAME=name"
@echo "Make a jail tarball:"
@echo " make [thin|classic]-tarball NAME=name"
@echo "Print this message:"
@echo " make [help|usage]"
usage: help
######################################################################
# main directory
######################################################################
$(WHERE):
mkdir -p $@
######################################################################
# store manager, retrieve data from freebsd repository
######################################################################
STORE = $(WHERE)/store
.if !exists($(STORE)) || defined(FORCE)
$(STORE): $(WHERE)
mkdir -p $@
_S += $(STORE)/MANIFEST
$(STORE)/MANIFEST: $(STORE)
@echo "==> fetching manifest file..."
fetch $(REPOSITORY)/MANIFEST -o$(STORE)
.for bin in $(BINARIES)
_S += $(STORE)/$(bin).txz
$(STORE)/$(bin).txz: $(STORE)
@echo "==> fetching $(bin).txz file..."
fetch $(REPOSITORY)/$(bin).txz -o$(STORE)
.endfor
.endif
_store: $(_S)
######################################################################
# backup manager, store tarball and other backup files
######################################################################
BACKUP = $(WHERE)/backup
$(BACKUP): $(WHERE)
@echo "==> initialize backup directory in $@"
mkdir -p $@
######################################################################
# classic jail manager
######################################################################
CLASSIC_PATH = $(WHERE)/classic
.if !exists($(CLASSIC_PATH)) || defined(FORCE)
$(CLASSIC_PATH): $(WHERE)
@echo "initialize classic jail path in $@"
mkdir $@
.endif
CLASSIC_JAIL = $(CLASSIC_PATH)/$(NAME)
.if (defined(NAME) && !exists($(CLASSIC_JAIL))) || defined(FORCE)
$(CLASSIC_JAIL): $(CLASSIC_PATH)
@echo "==> Create our container for jail $(NAME) in $(CLASSIC_JAIL)"
mkdir $@
.for flavor in $(FLAVORS)
@echo "==> extract $(STORE)/$(flavor).txz in $(CLASSIC_JAIL)"
cd $@ && tar xfp $(STORE)/$(flavor).txz
.endfor
classic: _store $(CLASSIC_JAIL)
.else
classic:
@echo "jail $(NAME) already exist in $(CLASSIC_PATH)"
classic-start:
@echo "==> start jail $(NAME) with name classic-$(NAME)"
jail -c name=classic-$(NAME) path=$(CLASSIC_JAIL) $(START)
classic-stop:
@echo "==> stop jail $(NAME) (classic-$(NAME))"
jail -r name=classic-$(NAME)
classic-tarball:
@echo "==> $(NAME) tarball in $(BACKUP)/classic-$(NAME).tar.gz"
tar czvfp $(BACKUP)/classic-$(NAME).tar.gz $(CLASSIC_JAIL)
classic-delete:
@echo "==> First remove all flags from $(CLASSIC_JAIL) path"
chflags -R 0 $(CLASSIC_JAIL)
@echo "==> Finally remove $(CLASSIC_JAIL)"
rm -rf $(CLASSIC_JAIL)
.endif
classic-list:
@echo "==> list all available jail:"
@for i in $(CLASSIC_PATH)/*; \
do \
name=$${i##*/}; \
jname=classic-$${name}; \
echo "$${name} ($${jname})"; \
done
######################################################################
# thin jail manager
######################################################################
THIN_BASE = $(WHERE)/base
.if !exists($(THIN_BASE)) || defined(FORCE)
$(THIN_BASE): $(WHERE)
@echo "==> Initialize $(THIN_BASE) base directory..."
mkdir $@
.for flavor in $(FLAVORS)
@echo "==> And extract $(STORE)/$(flavor) in $(THIN_BASE)."
cd $@ && tar xfp $(STORE)/$(flavor).txz
.endfor
.endif
THIN_PATH = $(WHERE)/thin
.if !exists($(THIN_PATH)) || defined(FORCE)
$(THIN_PATH): $(WHERE)
@echo "==> initialize $(THIN_PATH) directory..."
mkdir $@
.endif
THIN_JAIL = $(THIN_PATH)/$(NAME)
.if (defined(NAME) && !exists($(THIN_JAIL))) || defined(FORCE)
$(THIN_JAIL): $(THIN_BASE) $(THIN_PATH)
@echo "==> Create our thin container $(THIN_JAIL) for jail $(NAME)"
mkdir $@
.for dir in $(THIN_DIRS)
@echo "==> Create dedicated jail directory $(dir):"
cd $@ && mkdir -p $(dir)
.endfor
.for link in $(THIN_LINKS)
@echo "==> Create shared jail directory (link) from /base:"
cd $@ && ln -s /base/$(link) $(link)
.endfor
thin: _store $(THIN_JAIL)
.else
thin:
@echo "thin jail $(THIN_JAIL) already exists in ($(THIN_PATH))"
START += mount="$(THIN_BASE) $(THIN_JAIL)/base nullfs ro 0 0"
thin-start:
@echo "start thin jail $(NAME)"
jail -c name=thin-$(NAME) path=$(THIN_JAIL) $(START)
thin-stop:
@echo "stop thin jail $(NAME)"
jail -r thin-$(NAME)
thin-tarball: $(BACKUP)
@echo "make a tarball of thin-$(NAME) in $(BACKUP)."
tar czvfp $(BACKUP)/thin-$(NAME).tar.gz $(THIN_JAIL)
thin-delete:
@echo "Remove jail $(NAME) located in $(THIN_JAIL)"
rm -rf $(THIN_JAIL)
.endif
thin-list:
@for i in $(THIN_PATH)/*; \
do \
name=$${i##*/}; \
jname=thin-$${name}; \
echo "$${name} ($${jname})"; \
done
$(WHERE)/kern/VIMAGE_RCTL: $(WHERE)/kern
@echo "==> Copy generic kernel in $@"
cp /usr/src/sys/amd64/conf/GENERIC $@
@echo "==> activate VIMAGE feature"
echo "options VNET" >> $@
@echo "==> activate RACCT by default"
sed -Ei -e 's/^.*RACCT_DEFAULT.*/# &/' "$@"
@echo "==> link our kernel in src tree"
ln -s $@ /usr/src/sys/amd64/conf/
.ifdef BUILD
@echo "==> build our VIMAGE_RCTL kernel"
# cd /usr/src && make -j4 buildkernel KERNCONF=VIMAGE_RCTL
@echo "==> install our new kernel"
# cd /usr/src && make installkernel KERNCONF=VIMAGE_RCTL
.endif
$(WHERE)/kern:
mkdir $@
vimage: $(WHERE)/kern/VIMAGE_RCTL
@niamtokik
Copy link
Author

niamtokik commented Jun 17, 2017

http://aegis.sourceforge.net/auug97.pdf

@niamtokik
Copy link
Author

niamtokik commented Jun 18, 2017

  • Updated with vimage/racct kernel support
  • Classic jail: ok
  • Thin jail: ok
  • Store: ok
  • tarball: not tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment