• server/24.10 ec9e056ff7

    lpoujol released this 2024-10-10 15:09:45 +02:00 | 42 commits to master since this release

    Signed by lpoujol
    SSH key fingerprint: SHA256:YZbQWfjHONnvIGkFZMs0xRKtqzqGqwtZU+kCOKhZXPA

    BREAKING

    This release change the internals of bkctld. Instead of relying on chroot, it now uses systemd-nspawn.
    This change required to reorganize the jail folder structure in a new form (called version 2). And also brings the possibility to have most of the jail folder read-only.

    The convertion to this format is required to do any actions on the jail (start/stop) or change any of it's settings (key, ip...)

    The jail folder structure before :

    # tree -L 2 /backup/jails/old-jail/ 
    /backup/jails/old-jail/   # <--- Jail root 
    ├── bin -> ./usr/bin 
    ├── dev
    ├── etc
    │   ├── ...
    │   └── ssh
    ├── ...
    ├── usr 
    │   └── ...
    └── var
         ├── backup   # <--- Where data was expected to be pushed
         ├── log
         ├── run -> ../run
         └── tmp
    

    And after the convertion :

    # tree -L 2 /backup/jails/new-jail/
    /backup/jails/new-jail/
    ├── data
    │   └── Things
    ├── root        # <--- New jail root (Read-Only)
    │   ├── bin -> ./usr/bin
    │   ├── data    # <- Bind mount from /backup/jails/new-jail/data (Read-Write)
    │   ├── dev
    │   ├── etc
    │   ├── start.sh
    │   ├── ...
    │   └── var    # <- Bind mount from /backup/jails/new-jail/var (Read-Write)
    └── var
         ├── backup # <- Bind mount from /backup/jails/new-jail/data (Read-Write) 
         ├── dev
         ├── log
         └── run -> ../run
    

    Added

    • New command bkctld logs : Display the logs of the sshd server for a given jail
    • New command bkctld convert-v2 : Convert a given jail in the v2 format for nspawn
    • New command bkctld jail-version : Return the jail format

    Changed

    • Disallow jail actions/configuration commands if the jail is deemed not up-to-date
    • bkcltd-check-canary: Canary check will raise a WARNING instead of a CRITICAL if yesterday date was found

    Fixed

    • Test presence of old config file before trying to delete it
    • Use correct variable when detecting local sshrc template
    • bkcltd-rm: hide over allocation message
    Downloads