evolix/evobackup
22
0
Fork 1
Code Issues 28 Pull requests 5 Releases 21 Activity

Merge branch 'master' into debian

Browse source
This commit is contained in:
Jérémy Lecour 2020-11-13 15:49:54 +01:00 committed by Jérémy Lecour
parent 653653cda0 01a19ad2da
commit 0c31e02083
28 changed files with 153 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
CHANGELOG.md
View file

@ -18,6 +18,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Security ### Security
## [2.7.0] - 2020-11-13
### Added
* bkctld: add a [-f|--force] option to remove confirmation on some commands
* bkctld-remove: confirmation before removal of jails if not in force mode
* bkctld-rm: delete empty jails in incs directory
### Changed
* Better help message composition and formating
* bkctld-rm: list jails from incs directory
## [2.6.0] - 2020-10-07 ## [2.6.0] - 2020-10-07
### Added ### Added
@ -58,7 +71,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
* bkctld-update: start jail after upgrade if it was started before * bkctld-update: start jail after upgrade if it was started before
* bkctld: don't replace SSH host keys when creating/updating a jail * bkctld: don't replace SSH host keys when creating/updating a jail
* Split check into check-jails and check-setup * Split check into check-jails and check-setup
* bkctld-check-jails checks if jails * bkctld-check-jails checks if jails
* bkctld-check-setup checks if the partition is mounted and writable, if firewall is configured and if all jails are in their expected state * bkctld-check-setup checks if the partition is mounted and writable, if firewall is configured and if all jails are in their expected state
* create new ssh keys for new jails instead of copying those from the host * create new ssh keys for new jails instead of copying those from the host

9
bkctld
View file

@ -36,6 +36,10 @@ fi
# Parse options # Parse options
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a # based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
if [ "$#" = "0" ]; then
show_help
exit 1
fi
while :; do while :; do
case $1 in case $1 in
-h|-\?|--help) -h|-\?|--help)
@ -46,6 +50,9 @@ while :; do
show_version show_version
exit 0 exit 0
;; ;;
-f|--force)
FORCE=1
;;
*) *)
# Default case: If no more options then break out of the loop. # Default case: If no more options then break out of the loop.
break break
@ -81,7 +88,7 @@ case "${subcommand}" in
show_help show_help
exit 1 exit 1
else else
"${LIBDIR}/bkctld-${subcommand}" "${jail_name}" "${LIBDIR}/bkctld-${subcommand}" "${jail_name}"
fi fi
;; ;;
"key" | "port" | "ip") "key" | "port" | "ip")

2
lib/bkctld-check-incs
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Run check on all expected incs of all jails # Description: Run check on all expected incs of all jails
# Usage: check-incs all # Usage: check-incs all
# #

2
lib/bkctld-check-jails
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Run check on jails (NRPE output) # Description: Run check on jails (NRPE output)
# Usage: check-jails # Usage: check-jails
# #

2
lib/bkctld-check-last-incs
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Run check on the last inc of all jails # Description: Run check on the last inc of all jails
# Usage: check-incs last # Usage: check-incs last
# #

4
lib/bkctld-check-setup
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Run check on jails (NRPE output) # Description: Run check on jails (NRPE output)
# Usage: check-setup # Usage: check setup
# #
# shellcheck source=./includes # shellcheck source=./includes

4
lib/bkctld-firewall
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Update firewall rules of <jailname> or all # Description: Update firewall rules
# Usage: firewall <jailname>|all # Usage: firewall [<jailname>|all]
# #
# shellcheck source=./includes # shellcheck source=./includes

2
lib/bkctld-inc
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Make incremental inc of all jails # Description: Make dated copies (incs) of jails
# Usage: inc # Usage: inc
# #

2
lib/bkctld-init
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Init jail <jailname> # Description: Initialize a new jail
# Usage: init <jailname> # Usage: init <jailname>
# #

2
lib/bkctld-ip
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Set or get allowed(s) ip(s) of <jailname> # Description: Set or get allowed(s) ip(s)
# Usage: ip <jailname> [<ip>|all] # Usage: ip <jailname> [<ip>|all]
# #

2
lib/bkctld-is-on
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Check if a jail is on or not # Description: Check if a SSH server is on (exit 0) or not (exit 100)
# Usage: is-on <jailname> # Usage: is-on <jailname>
# #

2
lib/bkctld-key
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Set or get ssh pubic key of <jailname> # Description: Set or get ssh pubic key
# Usage: key <jailname> [<keyfile>] # Usage: key <jailname> [<keyfile>]
# #

2
lib/bkctld-list
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# List jails # Description: List jails
# Usage: list # Usage: list
# #

2
lib/bkctld-port
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Set or get ssh port of <jailname> # Description: Set or get SSH port
# Usage: port <jailname> [<port>|auto] # Usage: port <jailname> [<port>|auto]
# #

4
lib/bkctld-reload
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Reload jail <jailname> or all # Description: Reload SSH server
# Usage: reload <jailname>|all # Usage: reload [<jailname>|all]
# #
# shellcheck source=./includes # shellcheck source=./includes

26
lib/bkctld-remove
View file

@ -1,7 +1,9 @@
#!/bin/sh #!/bin/sh
# #
# Remove jail <jailname> or all # Description: Remove jail and all dated copies (incs)
# Usage: remove <jailname>|all # Usage: remove <jailname>|all
# Return codes:
# * 101 : jail removal aborted
# #
# shellcheck source=./includes # shellcheck source=./includes
@ -16,6 +18,28 @@ incs_path=$(incs_path "${jail_name}")
test -d "${jail_path}" || error "${jail_name}: jail not found" 2 test -d "${jail_path}" || error "${jail_name}: jail not found" 2
if [ "${FORCE}" != "1" ]; then
answer=""
while :; do
printf "> Are you sure you want to delete jail \`%s'? [Y,n,?] " "${jail_name}"
read -r answer
case $answer in
[Yy]|"" )
break
;;
[Nn] )
tty -s && echo "Abort." >&2
exit 101
;;
* )
printf "y - yes, execute actions and exit\n"
printf "n - no, don't execute actions and exit\n"
printf "? - print this help\n"
;;
esac
done
fi
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}" "${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
rm -f "${CONFDIR}/${jail_name}" rm -f "${CONFDIR}/${jail_name}"

4
lib/bkctld-restart
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Restart jail <jailname> or all # Description: Restart SSH server
# Usage: restart <jailname>|all # Usage: restart [<jailname>|all]
# #
set -eu set -eu

24
lib/bkctld-rm
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Remove old incremtal inc of all jails # Description: Remove old dated copies (incs) according to policy
# Usage: rm # Usage: rm
# #
@ -84,6 +84,21 @@ delete_inc_ext4() {
fi fi
} }
delete_empty_inc() {
jail_name=$1
incs_path=$(incs_path "${jail_name}")
empty_incs_list=$(find "${incs_path}" -mindepth 0 -maxdepth 0 -type d -empty)
for empty_inc in ${empty_incs_list}; do
if dry_run; then
echo "[dry-run] Delete empty \`${empty_inc}'"
else
rmdir "${empty_inc}"
notice "Delete empty \`${empty_inc}' : OK"
fi
done
}
lock_file="${LOCKDIR}/rm-global.lock" lock_file="${LOCKDIR}/rm-global.lock"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
@ -92,7 +107,9 @@ trap "rm -f ${lock_file}; cleanup_tmp;" 0
kill_or_clean_lockfile "${lock_file}" kill_or_clean_lockfile "${lock_file}"
new_lock_file "${lock_file}" new_lock_file "${lock_file}"
jails_list=$(jails_list) # We list jails in "incs" directory, not in "jails" directory
# so we can clean old incs after a jail is archived
jails_list=$(jails_with_incs_list)
jails_total=$(echo $jails_list | wc -w) jails_total=$(echo $jails_list | wc -w)
jails_count=0 jails_count=0
@ -102,7 +119,6 @@ for jail_name in ${jails_list}; do
# If no incs policy is found, we don't remove incs # If no incs policy is found, we don't remove incs
if [ -n "${incs_policy_file}" ]; then if [ -n "${incs_policy_file}" ]; then
# shellcheck disable=SC2046 # shellcheck disable=SC2046
incs_to_delete=$(incs_to_delete "${jail_name}" "${incs_policy_file}") incs_to_delete=$(incs_to_delete "${jail_name}" "${incs_policy_file}")
incs_total=$(echo ${incs_to_delete} | wc -w) incs_total=$(echo ${incs_to_delete} | wc -w)
incs_count=0 incs_count=0
@ -130,6 +146,8 @@ for jail_name in ${jails_list}; do
else else
notice "Skip jail \`${jail_name}' : incs policy is missing" notice "Skip jail \`${jail_name}' : incs policy is missing"
fi fi
# Delete empty incs directory for jail
delete_empty_inc "${jail_name}"
done done
# Remove the lock file and cleanup tmp files # Remove the lock file and cleanup tmp files

2
lib/bkctld-start
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Start jail <jailname> or all # Description: Start SSH Server
# Usage: start <jailname>|all # Usage: start <jailname>|all
# #

2
lib/bkctld-stats
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Make and display stats on jails (size, lastconn) # Description: Display stats on jails (size, last connection…)
# Usage: stats # Usage: stats
# #

4
lib/bkctld-status
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Print status of <jailname> (default all jail) # Description: Display status of SSH server
# Usage: status [<jailname>] # Usage: status [<jailname>|all]
# #
# shellcheck source=./includes # shellcheck source=./includes

6
lib/bkctld-stop
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Stop jail <jailname> or all # Description: Stop SSH server
# Usage: stop <jailname>|all # Usage: stop [<jailname>|all]
# #
# shellcheck source=./includes # shellcheck source=./includes
@ -21,7 +21,7 @@ pid=$(cat "${jail_path}/${SSHD_PID}")
pkill --parent "${pid}" pkill --parent "${pid}"
if kill "${pid}"; then if kill "${pid}"; then
notice "Stop jail \`${jail_name}' : OK [${pid}]" notice "Stop jail \`${jail_name}' : OK [${pid}]"
umount --lazy --recursive "${jail_path}/dev" umount --lazy --recursive "${jail_path}/dev"

4
lib/bkctld-sync
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Sync jail <jailname> or all to another node # Description: Sync jail configuration and state on other node(s)
# Usage: sync <jailname>|all # Usage: sync [<jailname>|all]
# #
# shellcheck source=./includes # shellcheck source=./includes

4
lib/bkctld-update
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Update jail <jailname> or all # Description: Update binaries and libraries
# Usage: update <jailname>|all # Usage: update [<jailname>|all]
# #
# shellcheck source=./includes # shellcheck source=./includes

4
lib/bkctld-upgrade-config
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Upgrade chroot components for jail <jailname> or all # Description: Upgrade configuration to new convention
# Usage: upgrade-config <jailname>|all # Usage: upgrade-config [<jailname>|all]
# #
# shellcheck source=./includes # shellcheck source=./includes

28
lib/includes
View file

@ -2,11 +2,11 @@
# #
# Config for bkctld # Config for bkctld
# #
# shellcheck disable=SC2034
[ -f /etc/default/bkctld ] && . /etc/default/bkctld [ -f /etc/default/bkctld ] && . /etc/default/bkctld
# shellcheck disable=SC2034 VERSION="2.7.0"
VERSION="2.6.0"
LIBDIR=${LIBDIR:-/usr/lib/bkctld} LIBDIR=${LIBDIR:-/usr/lib/bkctld}
CONFDIR="${CONFDIR:-/etc/evobackup}" CONFDIR="${CONFDIR:-/etc/evobackup}"
@ -27,6 +27,7 @@ LOGLEVEL="${LOGLEVEL:-6}"
CRITICAL="${CRITICAL:-48}" CRITICAL="${CRITICAL:-48}"
WARNING="${WARNING:-24}" WARNING="${WARNING:-24}"
DUC=$(command -v duc-nox || command -v duc) DUC=$(command -v duc-nox || command -v duc)
FORCE="${FORCE:-0}"
show_version() { show_version() {
cat <<END cat <<END
@ -51,11 +52,10 @@ Options
Subcommands: Subcommands:
EOF EOF
for subcommand in ${LIBDIR}/bkctld-*; do for filename in ${LIBDIR}/bkctld-*; do
name=$(basename "${subcommand}"|sed 's/^bkctld-//') desc=$(grep -E "^# Description:" "${filename}"|sed "s/^# Description: //")
desc=$(grep -E "^#" "${subcommand}"|sed -n '3p'|sed "s/^# //") usage=$(grep -E "^# Usage:" "${filename}"|sed "s/^# Usage: //")
usage=$(grep -E "^# Usage: ${name}" "${subcommand}"|sed "s/^# Usage: ${name}//") printf " %- 32s %s\n" "${usage}" "${desc}"
printf " %- 15s %- 30s %- 40s\n" "${name}" "${usage}" "${desc}"
done done
printf "\n" printf "\n"
@ -129,12 +129,16 @@ is_btrfs() {
test $inode -eq 256 test $inode -eq 256
} }
# Returns the list of all jails # Returns the list of jails found in the "jails" directory (default)
jails_list() { jails_list() {
# TODO: try if this command works the same : # TODO: try if this command works the same :
# find "${JAILDIR}" -mindepth 1 -maxdepth 1 -type d -printf '%f\n' # find "${JAILDIR}" -mindepth 1 -maxdepth 1 -type d -printf '%f\n'
find "${JAILDIR}" -mindepth 1 -maxdepth 1 -type d | sed 's!.*/!!' | sort -h find "${JAILDIR}" -mindepth 1 -maxdepth 1 -type d | sed 's!.*/!!' | sort -h
} }
# Returns the list of jails found in the "incs" directory
jails_with_incs_list() {
find "${INCDIR}" -mindepth 1 -maxdepth 1 -type d | sed 's!.*/!!' | sort -h
}
# Returns the complete path of a jail # Returns the complete path of a jail
jail_path() { jail_path() {
jail_name=${1:?} jail_name=${1:?}
@ -180,6 +184,10 @@ incs_list() {
jail_name=${1:?} jail_name=${1:?}
find "$(incs_path "${jail_name}")" -mindepth 1 -maxdepth 1 -type d | sed 's!.*/!!' | sort -h find "$(incs_path "${jail_name}")" -mindepth 1 -maxdepth 1 -type d | sed 's!.*/!!' | sort -h
} }
# Return the list of empty incs directories
empty_incs_list() {
find ${INCDIR} -mindepth 1 -maxdepth 1 -type d -empty
}
current_jail_incs_policy_file() { current_jail_incs_policy_file() {
jail_name=${1:?} jail_name=${1:?}
@ -380,8 +388,8 @@ is_mounted_inside_jail() {
target=${1:?} target=${1:?}
# TODO: try to find why it doesn't work with this findmnt(8) command # TODO: try to find why it doesn't work with this findmnt(8) command
# findmnt --target "${target}" --tab-file /proc/mounts # findmnt --target "${target}" --tab-file /proc/mounts
grep -q "${target}" /proc/mounts grep -q "${target}" /proc/mounts
} }
mount_jail_fs() { mount_jail_fs() {

35
test/incs.bats
View file

@ -87,4 +87,39 @@ load test_helper
assert_failure assert_failure
} }
@test "All incs are removed by 'rm' with empty inc policy" {
# Setup empty incs policy
echo "" > "${CONFDIR}/${JAILNAME}.d/incs_policy"
inc_path="${INCSPATH}/${INC_NAME}"
# Create the inc
/usr/lib/bkctld/bkctld-inc
# Inc should be removed
run test -d "${inc_path}"
assert_success
# Remove incs
/usr/lib/bkctld/bkctld-rm
# Inc should be removed
run test -d "${inc_path}"
assert_failure
}
@test "empty inc directory are removed" {
# Create an inc
/usr/lib/bkctld/bkctld-inc
# no inc should be kept
echo '' > "${CONFDIR}/${JAILNAME}.d/incs_policy"
# The inc directory is present
run test -d "${INCSPATH}"
assert_success
/usr/lib/bkctld/bkctld-rm
# The inc directory is absent
run test -d "${INCSPATH}"
assert_failure
}
# TODO: add many tests for incs (creation and removal) # TODO: add many tests for incs (creation and removal)

2
test/test_helper.bash
View file

@ -20,7 +20,7 @@ setup() {
teardown() { teardown() {
remove_variable "/etc/default/bkctld" "BACKUP_DISK" remove_variable "/etc/default/bkctld" "BACKUP_DISK"
/usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}" FORCE=1 /usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}"
} }
random_jail_name() { random_jail_name() {