diyIT
/
FreeBSD
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

.

This commit is contained in:
Sharad Ahlawat 2021-04-17 11:05:38 -07:00
parent 90c5709862
commit 6d8da42776
20 changed files with 3690 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configs/pxe/fstab.11
View File

@ -1,3 +1,3 @@
# Device Mountpoint FStype Options Dump Pass#
192.168.0.10:/mnt/ship/pxe/FreeBSD11 / nfs rw 0 0
192.168.10.10:/mnt/ship/pxe/FreeBSD11 / nfs rw 0 0
fdescfs /dev/fd fdescfs rw 0 0

2
configs/pxe/fstab.12
View File

@ -1,3 +1,3 @@
# Device Mountpoint FStype Options Dump Pass#
192.168.0.10:/mnt/ship/pxe/FreeBSD12 / nfs rw 0 0
192.168.10.10:/mnt/ship/pxe/FreeBSD12 / nfs rw 0 0
fdescfs /dev/fd fdescfs rw 0 0

2
configs/pxe/fstab.12p
View File

@ -1,3 +1,3 @@
# Device Mountpoint FStype Options Dump Pass#
192.168.0.10:/mnt/ship/pxe/FreeBSD12p / nfs rw 0 0
192.168.10.10:/mnt/ship/pxe/FreeBSD12p / nfs rw 0 0
fdescfs /dev/fd fdescfs rw 0 0

2
configs/pxe/fstab.13
View File

@ -1,3 +1,3 @@
# Device Mountpoint FStype Options Dump Pass#
192.168.0.10:/mnt/ship/pxe/FreeBSD13 / nfs rw 0 0
192.168.10.10:/mnt/ship/pxe/FreeBSD13 / nfs rw 0 0
fdescfs /dev/fd fdescfs rw 0 0

2
configs/pxe/fstab.13p
View File

@ -1,3 +1,3 @@
# Device Mountpoint FStype Options Dump Pass#
192.168.0.10:/mnt/ship/pxe/FreeBSD13p / nfs rw 0 0
192.168.10.10:/mnt/ship/pxe/FreeBSD13p / nfs rw 0 0
fdescfs /dev/fd fdescfs rw 0 0

2
configs/pxe/iscsi.conf.11
View File

@ -1,5 +1,5 @@
t0 {
TargetAddress = 192.168.0.10
TargetAddress = 192.168.10.10
TargetName = iqn.nas.ahlawat.com:f11
AuthMethod = CHAP
chapIName = user

2
configs/pxe/iscsi.conf.12
View File

@ -1,5 +1,5 @@
t0 {
TargetAddress = 192.168.0.10
TargetAddress = 192.168.10.10
TargetName = iqn.nas.ahlawat.com:f12
AuthMethod = CHAP
chapIName = user

2
configs/pxe/iscsi.conf.12p
View File

@ -1,5 +1,5 @@
t0 {
TargetAddress = 192.168.0.10
TargetAddress = 192.168.10.10
TargetName = iqn.nas.ahlawat.com:f12p
AuthMethod = CHAP
chapIName = user

2
configs/pxe/iscsi.conf.13
View File

@ -1,5 +1,5 @@
t0 {
TargetAddress = 192.168.0.10
TargetAddress = 192.168.10.10
TargetName = iqn.nas.ahlawat.com:f13
AuthMethod = CHAP
chapIName = user

2
configs/pxe/iscsi.conf.13p
View File

@ -1,5 +1,5 @@
t0 {
TargetAddress = 192.168.0.10
TargetAddress = 192.168.10.10
TargetName = iqn.nas.ahlawat.com:f13p
AuthMethod = CHAP
chapIName = user

2
configs/pxe/resolv.conf
View File

@ -1,6 +1,6 @@
# Generated by resolvconf
search diyit.org
nameserver 192.168.0.5
nameserver 192.168.10.5
nameserver fd01::5
nameserver fd02::5
nameserver fd05::5

27
iocage/Makefile Normal file
View File

@ -0,0 +1,27 @@
ZPOOL=""
SERVER=""
PYTHON?=/usr/local/bin/python3.7
# pkg install python37 git-lite
# pip19 required for iocage files install
depends:
@(pkg -vv | grep -e "url.*/latest") > /dev/null 2>&1 || (echo "It is advised pkg url is using \"latest\" instead of \"quarterly\" in /etc/pkg/FreeBSD.conf.";)
@test -s ${PYTHON} || (echo "Python binary ${PYTHON} not found, iocage will install python37"; pkg install -q -y python37)
pkg install -q -y py37-cython py37-pip py37-libzfs py37-six
${PYTHON} -m pip install pip==19.3.1
${PYTHON} -m ensurepip
${PYTHON} -m pip install -Ur requirements.txt
install: depends
${PYTHON} -m pip install -U .
uninstall:
${PYTHON} -m pip uninstall -y iocage-lib iocage-cli
test:
pytest --zpool $(ZPOOL) --server $(SERVER)
help:
@echo " install"
@echo " Installs iocage"
@echo " uninstall"
@echo " Removes iocage"
@echo " test"
@echo " Run unit tests with pytest"

1021
iocage/iocage_lib/ioc_fetch.py Normal file
View File

File diff suppressed because it is too large Load Diff

410
iocage/iocage_lib/ioc_upgrade.py Normal file
View File

@ -0,0 +1,410 @@
# Copyright (c) 2014-2019, iocage
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted providing that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
"""iocage upgrade module"""
import datetime
import fileinput
import hashlib
import os
import pathlib
import subprocess as su
import tempfile
import urllib.request
import iocage_lib.ioc_common
import iocage_lib.ioc_json
import iocage_lib.ioc_list
class IOCUpgrade:
"""Will upgrade a jail to the specified RELEASE."""
def __init__(self,
new_release,
path,
interactive=True,
silent=False,
callback=None,
):
super().__init__()
self.pool = iocage_lib.ioc_json.IOCJson().json_get_value("pool")
self.iocroot = iocage_lib.ioc_json.IOCJson(
self.pool).json_get_value("iocroot")
self.freebsd_version = iocage_lib.ioc_common.checkoutput(
["freebsd-version"])
self.conf = iocage_lib.ioc_json.IOCJson(path.rsplit(
'/root', 1)[0]).json_get_value('all')
self.uuid = self.conf["host_hostuuid"]
self.host_release = os.uname()[2]
_release = self.conf["release"].rsplit("-", 1)[0]
self.jail_release = _release if "-RELEASE" in _release else \
self.conf["release"]
self.new_release = new_release
self.path = path
self.status, self.jid = iocage_lib.ioc_list.IOCList.list_get_jid(
self.uuid)
self._freebsd_version = f"{self.iocroot}/jails/" \
f"{self.uuid}/root/bin/freebsd-version"
self.date = datetime.datetime.utcnow().strftime("%F")
self.interactive = interactive
self.silent = silent
path = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:'\
'/usr/local/bin:/root/bin'
self.upgrade_env = {
'PAGER': '/bin/cat',
'PATH': path,
'PWD': '/',
'HOME': '/',
'TERM': 'xterm-256color'
}
self.callback = callback
# symbolic link created on fetch by freebsd-update
bd_hash = hashlib.sha256((self.path + '\n').encode('utf-8')).hexdigest()
self.freebsd_install_link = os.path.join(self.path,
'var/db/freebsd-update', bd_hash + '-install')
def upgrade_jail(self):
iocage_lib.ioc_common.tmp_dataset_checks(self.callback, self.silent)
if "HBSD" in self.freebsd_version:
su.Popen(["hbsd-upgrade", "-j", self.jid]).communicate()
return
if not os.path.isfile(f"{self.path}/etc/freebsd-update.conf"):
return
self.__upgrade_check_conf__()
f_rel = f'{self.new_release.rsplit("-RELEASE")[0]}'
f = 'https://raw.githubusercontent.com/freebsd/freebsd-src' \
f'/releng/{f_rel}/usr.sbin/freebsd-update/freebsd-update.sh'
tmp = None
try:
tmp = tempfile.NamedTemporaryFile(delete=False)
with urllib.request.urlopen(f) as fbsd_update:
tmp.write(fbsd_update.read())
tmp.close()
os.chmod(tmp.name, 0o755)
fetch_cmd = [
tmp.name, "-b", self.path, "-d",
f"{self.path}/var/db/freebsd-update/", "-f",
f"{self.path}/etc/freebsd-update.conf",
"--not-running-from-cron", "--currently-running "
f"{self.jail_release}", "-r", self.new_release, "upgrade"
]
# FreeNAS MW/Others, this is a best effort as things may require
# stdin input, in which case dropping to a tty is the best solution
if not self.interactive:
with iocage_lib.ioc_exec.IOCExec(
fetch_cmd,
self.path.replace('/root', ''),
uuid=self.uuid,
unjailed=True,
stdin_bytestring=b'y\n',
callback=self.callback,
) as _exec:
iocage_lib.ioc_common.consume_and_log(
_exec,
callback=self.callback
)
else:
iocage_lib.ioc_exec.InteractiveExec(
fetch_cmd,
self.path.replace('/root', ''),
uuid=self.uuid,
unjailed=True
)
if not os.path.islink(self.freebsd_install_link):
msg = 'Upgrade failed, nothing to install after fetch!'
iocage_lib.ioc_common.logit(
{
'level': 'EXCEPTION',
'message': msg
},
_callback=self.callback,
silent=self.silent
)
for _ in range(50): # up to 50 invocations to prevent runaway
if os.path.islink(self.freebsd_install_link):
self.__upgrade_install__(tmp.name)
else:
break
if os.path.islink(self.freebsd_install_link):
msg = f'Upgrade failed, freebsd-update won\'t finish!'
iocage_lib.ioc_common.logit(
{
'level': 'EXCEPTION',
'message': msg
},
_callback=self.callback,
silent=self.silent
)
new_release = iocage_lib.ioc_common.get_jail_freebsd_version(
self.path,
self.new_release
)
if f_rel.startswith('12'):
# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239498
cp = su.Popen(
['pkg-static', '-j', self.jid, 'install', '-q', '-f', '-y', 'pkg'],
stdout=su.PIPE, stderr=su.PIPE
)
_, stderr = cp.communicate()
if cp.returncode:
# Let's make this non-fatal as this is only being done as a convenience to user
iocage_lib.ioc_common.logit(
{
'level': 'ERROR',
'message': 'Unable to install pkg after upgrade'
},
_callback=self.callback,
silent=self.silent,
)
finally:
if tmp:
if not tmp.closed:
tmp.close()
os.remove(tmp.name)
iocage_lib.ioc_json.IOCJson(
self.path.replace('/root', ''),
silent=True).json_set_value(f"release={new_release}")
return new_release
def upgrade_basejail(self, snapshot=True, snap_name=None):
if "HBSD" in self.freebsd_version:
# TODO: Not supported yet
msg = "Upgrading basejails on HardenedBSD is not supported yet."
iocage_lib.ioc_common.logit(
{
"level": "EXCEPTION",
"message": msg
},
_callback=self.callback,
silent=self.silent)
release_p = pathlib.Path(f"{self.iocroot}/releases/{self.new_release}")
self._freebsd_version = f"{self.iocroot}/releases/"\
f"{self.new_release}/root/bin/freebsd-version"
if not release_p.exists():
msg = f"{self.new_release} is missing, please fetch it!"
iocage_lib.ioc_common.logit(
{
"level": "EXCEPTION",
"message": msg
},
_callback=self.callback,
silent=self.silent)
if snapshot:
self.__snapshot_jail__()
p = pathlib.Path(
f"{self.iocroot}/releases/{self.new_release}/root/usr/src")
p_files = []
if p.exists():
for f in p.iterdir():
# We want to make sure files actually exist as well
p_files.append(f)
if not p_files:
msg = f"{self.new_release} is missing 'src.txz', please refetch!"
iocage_lib.ioc_common.logit(
{
"level": "EXCEPTION",
"message": msg
},
_callback=self.callback,
silent=self.silent)
self.__upgrade_replace_basejail_paths__()
ioc_up_dir = pathlib.Path(f"{self.path}/iocage_upgrade")
if not ioc_up_dir.exists():
ioc_up_dir.mkdir(exist_ok=True, parents=True)
mount_cmd = [
"mount_nullfs", "-o", "ro",
f"{self.iocroot}/releases/{self.new_release}/root/usr/src",
f"{self.path}/iocage_upgrade"
]
try:
iocage_lib.ioc_exec.SilentExec(
mount_cmd,
self.path.replace('/root', ''),
uuid=self.uuid,
unjailed=True
)
except iocage_lib.ioc_exceptions.CommandFailed:
msg = "Mounting src into jail failed! Rolling back snapshot."
self.__rollback_jail__(name=snap_name)
iocage_lib.ioc_common.logit(
{
"level": "EXCEPTION",
"message": msg
},
_callback=self.callback,
silent=self.silent)
etcupdate_cmd = [
"/usr/sbin/jexec", f"ioc-{self.uuid.replace('.', '_')}",
"/usr/sbin/etcupdate", "-F", "-s", "/iocage_upgrade"
]
try:
iocage_lib.ioc_exec.SilentExec(
etcupdate_cmd,
self.path.replace('/root', ''),
uuid=self.uuid,
unjailed=True
)
except iocage_lib.ioc_exceptions.CommandFailed:
# These are now the result of a failed merge, nuking and putting
# the backup back
msg = "etcupdate failed! Rolling back snapshot."
self.__rollback_jail__(name=snap_name)
su.Popen([
"umount", "-f", f"{self.path}/iocage_upgrade"
]).communicate()
iocage_lib.ioc_common.logit(
{
"level": "EXCEPTION",
"message": msg
},
_callback=self.callback,
silent=self.silent)
new_release = iocage_lib.ioc_common.get_jail_freebsd_version(
f'{self.iocroot}/releases/{self.new_release}/root',
self.new_release
)
iocage_lib.ioc_json.IOCJson(
f"{self.path.replace('/root', '')}",
silent=True).json_set_value(f"release={new_release}")
mq = pathlib.Path(f"{self.path}/var/spool/mqueue")
if not mq.exists():
mq.mkdir(exist_ok=True, parents=True)
iocage_lib.ioc_exec.SilentExec(
['newaliases'],
self.path.replace('/root', ''),
uuid=self.uuid
)
umount_command = [
"umount", "-f", f"{self.path}/iocage_upgrade"
]
iocage_lib.ioc_exec.SilentExec(
umount_command,
self.path.replace('/root', ''),
uuid=self.uuid,
unjailed=True
)
return new_release
def __upgrade_install__(self, name):
"""Installs the upgrade."""
install_cmd = [
name, "-b", self.path, "-d",
f"{self.path}/var/db/freebsd-update/", "-f",
f"{self.path}/etc/freebsd-update.conf", "-r", self.new_release,
"install"
]
if not self.interactive:
with iocage_lib.ioc_exec.IOCExec(
install_cmd,
self.path.replace('/root', ''),
uuid=self.uuid,
unjailed=True,
callback=self.callback,
) as _exec:
iocage_lib.ioc_common.consume_and_log(
_exec,
callback=self.callback
)
else:
iocage_lib.ioc_exec.InteractiveExec(
install_cmd,
self.path.replace('/root', ''),
uuid=self.uuid,
unjailed=True
)
def __upgrade_check_conf__(self):
"""
Replaces freebsd-update.conf's default Components configuration to not
update kernel
"""
f = f"{self.path}/etc/freebsd-update.conf"
text = "Components src world kernel"
replace = "Components src world"
self.__upgrade_replace_text__(f, text, replace)
def __upgrade_replace_basejail_paths__(self):
f = f"{self.iocroot}/jails/{self.uuid}/fstab"
self.__upgrade_replace_text__(f, self.jail_release, self.new_release)
@staticmethod
def __upgrade_replace_text__(path, text, replace):
with fileinput.FileInput(path, inplace=True, backup=".bak") as _file:
for line in _file:
print(line.replace(text, replace), end='')
os.remove(f"{path}.bak")
def __snapshot_jail__(self):
import iocage_lib.iocage as ioc # Avoids dep issues
name = f"ioc_upgrade_{self.date}"
ioc.IOCage(jail=self.uuid, skip_jails=True, silent=True).snapshot(name)
def __rollback_jail__(self, name=None):
import iocage_lib.iocage as ioc # Avoids dep issues
name = name if name else f'ioc_upgrade_{self.date}'
iocage = ioc.IOCage(jail=self.uuid, skip_jails=True, silent=True)
iocage.stop()
iocage.rollback(name)

2177
iocage/iocage_lib/iocage.py Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
jails/config/common/current-src.bzip2 Normal file
View File

Binary file not shown.

2
jails/config/vm/cvm-b.sh
View File

@ -16,7 +16,7 @@ bhyvectl --destroy --vm=cvm-b
while true
do
bhyve -c 4 -m 16G -A -H -P \
bhyve -c 8 -m 32G -A -H -P \
-s 0,hostbridge \
-s 3,ahci-cd \
-s 4,virtio-blk,/dev/zvol/ship/raw/cvm-b \

20
jails/config/vm/freebsd.sh
View File

@ -19,8 +19,13 @@ do
bhyve -c 2 -m 4G -A -H -P \
-s 0,hostbridge \
-s 3,ahci-cd \
-s 4,virtio-blk,/dev/zvol/ship/raw/freebsd \
-s 5,virtio-net,tap83,mac=00:0A:0B:0C:0D:83 \
-s 4,virtio-blk,/dev/zvol/ship/raw/freebsd_1 \
-s 5,virtio-blk,/dev/zvol/ship/raw/freebsd_2 \
-s 6,virtio-blk,/dev/zvol/ship/raw/freebsd_z1 \
-s 7,virtio-blk,/dev/zvol/ship/raw/freebsd_z2 \
-s 8,virtio-blk,/dev/zvol/ship/raw/freebsd_z3 \
-s 9,virtio-blk,/dev/zvol/ship/raw/freebsd \
-s 10,virtio-net,tap83,mac=00:0A:0B:0C:0D:83 \
-s 29,fbuf,tcp=0.0.0.0:5983,w=1600,h=900 \
-s 30,xhci,tablet \
-s 31,lpc -l com1,/dev/nmdm83A \
@ -47,7 +52,7 @@ done
exit $?
#-s 3,ahci-cd \
#-s 3,ahci-cd,/mnt/freebsd/FreeBSD-12.1-RELEASE-amd64-disc1.iso \
#-s 3,ahci-cd,/mnt/freebsd/FreeBSD-12.2-RELEASE-amd64-disc1.iso \
# set boot_serial=NO
# first in boot menu option 3 and then /boot/loader.conf after install
@ -58,8 +63,17 @@ exit $?
#on base system:
#zfs create -V 32G -o refreservation=none ship/raw/freebsd
#zfs create -V 16G -o refreservation=none ship/raw/freebsd_1
#zfs create -V 16G -o refreservation=none ship/raw/freebsd_2
#zfs create -V 16G -o refreservation=none ship/raw/freebsd_z1
#zfs create -V 16G -o refreservation=none ship/raw/freebsd_z2
#zfs create -V 16G -o refreservation=none ship/raw/freebsd_z3
# on boot
#ifconfig tap83 create
#ifconfig bridge1 addm tap83 up
#ifconfig tap83 up
#ifconfig tap83 inet6 auto_linklocal
#
#zroot mirror /dev/vtbd1 /dev/vtbd2 - created during zroot install
#zpool create -f ship /dev/vtbd2 /dev/vtbd3 /dev/vtbd4
#zpool create -f data /dev/vtbd5

20
jails/update.sh
View File

@ -37,8 +37,9 @@ update_jail ()
# iocage exec $JAIL "pkg upgrade -f -y"
iocage exec $JAIL "pkg clean -ay"
iocage exec $JAIL "rm -rf /var/tmp/temproot*"
iocage exec $JAIL "mergemaster -a"
# iocage exec $JAIL "rm -rf /var/tmp/temproot*"
# iocage exec $JAIL "mergemaster -a"
iocage exec $JAIL "etcupdate -t /mnt/common/current-src.bzip2"
iocage exec $JAIL "freebsd-version"
@ -48,10 +49,8 @@ update_jail ()
iocage fetch -U -r 12.2-RELEASE
read -p "update pkgp jail (y/N)? " RESP
read -p "update pkgp packages first (y/N)? " RESP
if [ ! -z $RESP ] && [ $RESP == "y" ]; then
JAIL="pkgp"
update_jail
/root/FreeBSD/jails/jails-update-pkgs.sh pkgp-only
fi
@ -60,11 +59,11 @@ if [ ! -z $RESP ] && [ $RESP == "y" ]; then
# for JAIL in `iocage list -h | cut -f2`;
for JAIL in `jls -N | cut -d " " -f 2 | cut -d "-" -f 2- | grep -v JID | sort`;
do
if [ $JAIL == "pkgp" ] || [ $JAIL == "debian" ]; then
if [ $JAIL == "test" ] || [ $JAIL == "debian" ]; then
continue
fi
if [[ $1 == "upgrade" ]]; then
read -p "update jail $JAIL (Y/n)? " RESP
read -p "upgrade jail $JAIL (Y/n)? " RESP
if [ ! -z $RESP ] && [ $RESP == "n" ]; then
continue
fi
@ -75,10 +74,15 @@ fi
echo "update base system by running:"
echo "freebsd-update fetch"
# echo "freebsd-update upgrade -r 13.0-RELEASE"
echo "freebsd-update install"
# echo "pkg bootstrap -f ; pkg update ; pkg upgrade"
echo "cd /usr/src; svn update; make -j8 buildkernel KERNCONF=diyIT && make -j8 installkernel KERNCONF=diyIT"
echo "etcupdate build /root/FreeBSD/jails/configs/common/current-src.bzip2"
echo "reboot"
echo "pkg-static upgrade -f"
echo "mergemaster"
#echo "rm -rf /var/tmp/temproot*"
#echo "mergemaster -a"
echo "etcupdate -t /mnt/common/current-src.bzip2"
echo "/root/FreeBSD/scripts/zfs-prune-snapshots -vn -p 'ioc_update' 1d | grep removing"

14
scripts/fan.py Normal file
View File

@ -0,0 +1,14 @@
# pkgk install py37-pysnmp
from pysnmp import hlapi
def get(target, oids, credentials, port=161, engine=hlapi.SnmpEngine(), context=hlapi.ContextData()):
handler = hlapi.getCmd(
engine,
credentials,
hlapi.UdpTransportTarget((target, port)),
context,
*construct_object_types(oids)
)
return fetch(handler, 1)[0]