Linux vnet

.gitignore

@@ -1 +1,2 @@
 docs/_build
+freebsd_commands/*

poc/linux_vnet.sh

@@ -0,0 +1,2 @@
+sudo bastille destroy linux_vnet1
+sudo bastille create -L -V linux_vnet1 trusty 10.0.0.1 bastille0 

poc/network.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+# device init
+ifconfig epair0 create up
+ifconfig epair1 create up
+ifconfig bridge0 create up
+
+# name setting
+ifconfig epair0a name veth0
+ifconfig epair0b name veth0-bridge
+ifconfig epair1a name veth1-bridge
+ifconfig epair1b name veth1
+
+ifconfig bridge0 addm veth0-bridge addm veth1-bridge
+
+# address setting
+ifconfig veth0 inet 10.0.1.1/24 
+#ifconfig veth0-bridge 10.0.1.2/24
+#ifconfig veth1-bridge 10.0.1.3/24
+

usr/local/bin/bastille

@@ -73,7 +73,7 @@ bastille_perms_check() {
 bastille_perms_check
 
 ## version
-BASTILLE_VERSION="0.9.20220714"
+BASTILLE_VERSION=
 
 usage() {
     cat << EOF

usr/local/bin/bastille.orig

@@ -0,0 +1,221 @@
+#!/bin/sh
+#
+# Copyright (c) 2018-2022, Christer Edwards <[email protected]>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+#
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
+. /usr/local/share/bastille/common.sh
+
+## root check first.
+bastille_root_check() {
+    if [ "$(id -u)" -ne 0 ]; then
+        ## permission denied
+        error_notify "Bastille: Permission Denied"
+        error_exit "root / sudo / doas required"
+    fi
+}
+
+bastille_root_check
+
+## check for config existance
+bastille_conf_check() {
+    if [ ! -r "/usr/local/etc/bastille/bastille.conf" ]; then
+        error_exit "Missing Configuration"
+    fi
+}
+
+bastille_conf_check
+
+## we only load the config if conf_check passes
+. /usr/local/etc/bastille/bastille.conf
+# Set default values for config properties added during the current major version:
+: "${bastille_network_pf_ext_if:=ext_if}"
+: "${bastille_network_pf_table:=jails}"
+
+## bastille_prefix should be 0750
+## this restricts file system access to privileged users
+bastille_perms_check() {
+    if [ -d "${bastille_prefix}" ]; then
+        BASTILLE_PREFIX_PERMS=$(stat -f "%Op" "${bastille_prefix}")
+        if [ "${BASTILLE_PREFIX_PERMS}" != 40750 ]; then
+            error_notify "Insecure permissions on ${bastille_prefix}"
+            error_exit "Try: chmod 0750 ${bastille_prefix}"
+        fi
+    fi
+}
+
+bastille_perms_check
+
+## version
+BASTILLE_VERSION=
+
+usage() {
+    cat << EOF
+Bastille is an open-source system for automating deployment and management of
+containerized applications on FreeBSD.
+
+Usage:
+  bastille command TARGET [args]
+
+Available Commands:
+  bootstrap   Bootstrap a FreeBSD release for container base.
+  cmd         Execute arbitrary command on targeted container(s).
+  clone       Clone an existing container.
+  config      Get or set a config value for the targeted container(s).
+  console     Console into a running container.
+  convert     Convert a Thin container into a Thick container.
+  cp          cp(1) files from host to targeted container(s).
+  create      Create a new thin container or a thick container if -T|--thick option specified.
+  destroy     Destroy a stopped container or a FreeBSD release.
+  edit        Edit container configuration files (advanced).
+  export      Exports a specified container.
+  help        Help about any command.
+  htop        Interactive process viewer (requires htop).
+  import      Import a specified container.
+  limits      Apply resources limits to targeted container(s). See rctl(8).
+  list        List containers (running and stopped).
+  mount       Mount a volume inside the targeted container(s).
+  pkg         Manipulate binary packages within targeted container(s). See pkg(8).
+  rdr         Redirect host port to container port.
+  rename      Rename a container.
+  restart     Restart a running container.
+  service     Manage services within targeted container(s).
+  start       Start a stopped container.
+  stop        Stop a running container.
+  sysrc       Safely edit rc files within targeted container(s).
+  template    Apply file templates to targeted container(s).
+  top         Display and update information about the top(1) cpu processes.
+  umount      Unmount a volume from within the targeted container(s).
+  update      Update container base -pX release.
+  upgrade     Upgrade container release to X.Y-RELEASE.
+  verify      Compare release against a "known good" index.
+  zfs         Manage (get|set) ZFS attributes on targeted container(s).
+
+Use "bastille -v|--version" for version information.
+Use "bastille command -h|--help" for more information about a command.
+
+EOF
+    exit 1
+}
+
+[ $# -lt 1 ] && usage
+
+CMD=$1
+shift
+
+# Handle special-case commands first.
+case "${CMD}" in
+version|-v|--version)
+    info "${BASTILLE_VERSION}"
+    exit 0
+    ;;
+help|-h|--help)
+    usage
+    ;;
+bootstrap|create|destroy|export|import|list|rdr|restart|start|update|upgrade|verify)
+    # Nothing "extra" to do for these commands. -- cwells
+    ;;
+clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rename|service|stop|sysrc|template|top|umount|zfs)
+    # Parse the target and ensure it exists. -- cwells
+    if [ $# -eq 0 ]; then # No target was given, so show the command's help. -- cwells
+        PARAMS='help'
+    elif [ "${1}" != 'help' ] && [ "${1}" != '-h' ] && [ "${1}" != '--help' ]; then
+        TARGET="${1}"
+        shift
+
+        if [ "${TARGET}" = 'ALL' ]; then
+            _JAILS=$(/usr/sbin/jls name)
+            JAILS=""
+            for _jail in ${_JAILS}; do
+                _JAILPATH=$(/usr/sbin/jls -j "${_jail}" path)
+                if [ -z ${_JAILPATH##${bastille_jailsdir}*} ]; then
+                    JAILS="${JAILS} ${_jail}"
+                fi
+            done
+        elif [ "${CMD}" = "pkg" ] && [ "${TARGET}" = '-H' ] || [ "${TARGET}" = '--host' ]; then
+            TARGET="${1}"
+            USE_HOST_PKG=1
+            JAILS="${TARGET}"
+            shift
+
+            # Require the target to be running
+            if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then
+                error_exit "[${TARGET}]: Not started. See 'bastille start ${TARGET}'."
+            fi
+        elif [ "${CMD}" = 'template' ] && [ "${TARGET}" = '--convert' ]; then
+            # This command does not act on a jail, so we are temporarily bypassing the presence/started
+            # checks. The command will simply convert a template from hooks to a Bastillefile. -- cwells
+        else
+            JAILS="${TARGET}"
+
+            # Ensure the target exists. -- cwells
+            if [ ! -d "${bastille_jailsdir}/${TARGET}" ]; then
+                error_exit "[${TARGET}]: Not found."
+            fi
+
+            case "${CMD}" in
+            cmd|console|htop|pkg|service|stop|sysrc|template|top)
+                # Require the target to be running. -- cwells
+                if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then
+                    error_exit "[${TARGET}]: Not started. See 'bastille start ${TARGET}'."
+                fi
+                ;;
+            convert|rename)
+                # Require the target to be stopped. -- cwells
+                if [ "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then
+                    error_exit "${TARGET} is running. See 'bastille stop ${TARGET}'."
+                fi
+                ;;
+            esac
+        fi
+        export USE_HOST_PKG
+        export TARGET
+        export JAILS
+    fi
+    ;;
+*) # Filter out all non-commands
+    usage
+    ;;
+esac
+
+SCRIPTPATH="${bastille_sharedir}/${CMD}.sh"
+if [ -f "${SCRIPTPATH}" ]; then
+    : "${UMASK:=022}"
+    umask "${UMASK}"
+
+    : "${SH:=sh}"
+
+    if [ -n "${PARAMS}" ]; then
+        exec "${SH}" "${SCRIPTPATH}" "${PARAMS}"
+    else
+        exec "${SH}" "${SCRIPTPATH}" "$@"
+    fi
+else
+    error_exit "${SCRIPTPATH} not found."
+fi

usr/local/share/bastille/bootstrap.sh

@@ -544,6 +544,13 @@ http?://*/*/*)
     bootstrap_template
     ;;
 #adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad
+ubuntu_trusty|trusty|ubuntu-trusty)
+		PLATFORM_OS="Ubuntu/Linux"
+    LINUX_FLAVOR="trusty"
+    DIR_BOOTSTRAP="Ubuntu_1404"
+    ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
+    debootstrap_release
+    ;;
 ubuntu_bionic|bionic|ubuntu-bionic)
     PLATFORM_OS="Ubuntu/Linux"
     LINUX_FLAVOR="bionic"

usr/local/share/bastille/common.sh

@@ -66,7 +66,9 @@ generate_vnet_jail_netblock() {
     local jail_name="$1"
     local use_unique_bridge="$2"
     local external_interface="$3"
-    ## determine number of containers + 1
+    local linux_jail="$4"
+
+		## determine number of containers + 1
     ## iterate num and grep all jail configs
     ## define uniq_epair
     local jail_list=$(bastille list jails)
@@ -83,12 +85,24 @@ generate_vnet_jail_netblock() {
             fi
         done
     else
-        local uniq_epair="bastille0"
+        local uniq_epair="bridge0"
         local uniq_epair_bridge="0"
     fi
     if [ -n "${use_unique_bridge}" ]; then
         ## generate bridge config
-        cat <<-EOF
+    if [ -n "${linux_option}" ];then
+cat <<-EOF
+  vnet;
+  vnet.interface = "e${uniq_epair_bridge}b_${jail_name}";
+  exec.prestart += "ifconfig epair${uniq_epair_bridge} create";
+  exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a";
+  exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}";
+  exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${jail_name}";
+  exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}";
+  exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy";
+EOF
+		else 
+cat <<-EOF
   vnet;
   vnet.interface = "e${uniq_epair_bridge}b_${jail_name}";
   exec.prestart += "ifconfig epair${uniq_epair_bridge} create";
@@ -98,6 +112,7 @@ generate_vnet_jail_netblock() {
   exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}";
   exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy";
 EOF
+		fi
     else
         ## generate config
         cat <<-EOF