Add edit command

This commit is contained in:
Jip-Hop 2023-08-14 16:12:33 +02:00
parent 5317c3f833
commit a53f698311
2 changed files with 62 additions and 21 deletions

View File

@ -70,6 +70,14 @@ jlmkr start myjail
jlmkr list jlmkr list
``` ```
### Edit Jail Config
```shell
jlmkr edit myjail
```
Once you've created a jail, it will exist in a directory inside the `jails` dir next to `jlmkr.py`. For example `/mnt/mypool/jailmaker/jails/myjail` if you've named your jail `myjail`. You may edit the jail configuration file, e.g. using the `jlmkr edit myjail` command (which uses the nano text editor). You'll have to stop the jail and start it again with `jlmkr` for these changes to take effect.
### Remove Jail ### Remove Jail
```shell ```shell
@ -110,10 +118,6 @@ If you want to run a command inside a jail, for example from a shell script or a
systemd-run --machine myjail --quiet --pipe --wait --collect --service-type=exec env systemd-run --machine myjail --quiet --pipe --wait --collect --service-type=exec env
``` ```
## Edit Jail Config
Once you've created a jail, it will exist in a directory inside the `jails` dir next to `jlmkr.py`. For example `/mnt/mypool/jailmaker/jails/myjail` if you've named your jail `myjail`. You may edit the jail configuration file. You'll have to stop the jail and start it again with `jlmkr` for these changes to take effect.
## Networking ## Networking
By default the jail will have full access to the host network. No further setup is required. You may download and install additional packages inside the jail. Note that some ports are already occupied by TrueNAS SCALE (e.g. 443 for the web interface), so your jail can't listen on these ports. This is inconvenient if you want to host some services (e.g. traefik) inside the jail. To workaround this issue when using host networking, you may disable DHCP and add several static IP addresses (Aliases) through the TrueNAS web interface. If you setup the TrueNAS web interface to only listen on one of these IP addresses, the ports on the remaining IP addresses remain available for the jail to listen on. By default the jail will have full access to the host network. No further setup is required. You may download and install additional packages inside the jail. Note that some ports are already occupied by TrueNAS SCALE (e.g. 443 for the web interface), so your jail can't listen on these ports. This is inconvenient if you want to host some services (e.g. traefik) inside the jail. To workaround this issue when using host networking, you may disable DHCP and add several static IP addresses (Aliases) through the TrueNAS web interface. If you setup the TrueNAS web interface to only listen on one of these IP addresses, the ports on the remaining IP addresses remain available for the jail to listen on.

View File

@ -35,7 +35,7 @@ IT COMES WITHOUT WARRANTY AND IS NOT SUPPORTED BY IXSYSTEMS.{NORMAL}"""
DESCRIPTION = "Create persistent Linux 'jails' on TrueNAS SCALE, with full access to all files \ DESCRIPTION = "Create persistent Linux 'jails' on TrueNAS SCALE, with full access to all files \
via bind mounts, thanks to systemd-nspawn!" via bind mounts, thanks to systemd-nspawn!"
VERSION = '0.0.7' VERSION = '0.0.8'
JAILS_DIR_PATH = 'jails' JAILS_DIR_PATH = 'jails'
JAIL_CONFIG_NAME = 'config' JAIL_CONFIG_NAME = 'config'
@ -65,6 +65,14 @@ def get_jail_path(jail_name):
return os.path.join(JAILS_DIR_PATH, jail_name) return os.path.join(JAILS_DIR_PATH, jail_name)
def get_jail_config_path(jail_name):
return os.path.join(get_jail_path(jail_name), JAIL_CONFIG_NAME)
def get_jail_rootfs_path(jail_name):
return os.path.join(get_jail_path(jail_name), JAIL_ROOTFS_NAME)
def passthrough_intel(gpu_passthrough_intel, systemd_nspawn_additional_args): def passthrough_intel(gpu_passthrough_intel, systemd_nspawn_additional_args):
if gpu_passthrough_intel != '1': if gpu_passthrough_intel != '1':
return return
@ -78,8 +86,10 @@ def passthrough_intel(gpu_passthrough_intel, systemd_nspawn_additional_args):
systemd_nspawn_additional_args.append('--bind=/dev/dri') systemd_nspawn_additional_args.append('--bind=/dev/dri')
def passthrough_nvidia(gpu_passthrough_nvidia, systemd_nspawn_additional_args, jail_path, jail_name): def passthrough_nvidia(gpu_passthrough_nvidia, systemd_nspawn_additional_args, jail_name):
ld_so_conf_path = Path(jail_path) / JAIL_ROOTFS_NAME / 'etc/ld.so.conf.d/jlmkr-nvidia.conf' jail_rootfs_path = get_jail_rootfs_path(jail_name)
ld_so_conf_path = Path(os.path.join(jail_rootfs_path),
'etc/ld.so.conf.d/jlmkr-nvidia.conf')
if gpu_passthrough_nvidia != '1': if gpu_passthrough_nvidia != '1':
# Cleanup the config file we made when passthrough was enabled # Cleanup the config file we made when passthrough was enabled
@ -114,7 +124,8 @@ def passthrough_nvidia(gpu_passthrough_nvidia, systemd_nspawn_additional_args, j
for file_path in nvidia_files: for file_path in nvidia_files:
if not os.path.exists(file_path): if not os.path.exists(file_path):
# Don't try to mount files not present on the host # Don't try to mount files not present on the host
print(f"Skipped mounting {file_path}, it doesn't exist on the host...") print(
f"Skipped mounting {file_path}, it doesn't exist on the host...")
continue continue
if file_path.startswith('/dev/'): if file_path.startswith('/dev/'):
@ -131,17 +142,19 @@ def passthrough_nvidia(gpu_passthrough_nvidia, systemd_nspawn_additional_args, j
# Only write if the conf file doesn't yet exist or has different contents # Only write if the conf file doesn't yet exist or has different contents
existing_conf_libraries = set() existing_conf_libraries = set()
if ld_so_conf_path.exists(): if ld_so_conf_path.exists():
existing_conf_libraries.update(x for x in ld_so_conf_path.read_text().splitlines() if x) existing_conf_libraries.update(
x for x in ld_so_conf_path.read_text().splitlines() if x)
if library_folders != existing_conf_libraries: if library_folders != existing_conf_libraries:
print("\n".join(x for x in library_folders), file=ld_so_conf_path.open('w')) print("\n".join(x for x in library_folders),
file=ld_so_conf_path.open('w'))
# Run ldconfig inside systemd-nspawn jail with nvidia mounts... # Run ldconfig inside systemd-nspawn jail with nvidia mounts...
subprocess.run( subprocess.run(
['systemd-nspawn', ['systemd-nspawn',
'--quiet', '--quiet',
f"--machine={jail_name}", f"--machine={jail_name}",
f"--directory={os.path.join(jail_path, JAIL_ROOTFS_NAME)}", f"--directory={jail_rootfs_path}",
*nvidia_mounts, *nvidia_mounts,
"ldconfig"]) "ldconfig"])
else: else:
@ -159,7 +172,7 @@ def start_jail(jail_name):
""" """
jail_path = get_jail_path(jail_name) jail_path = get_jail_path(jail_name)
jail_config_path = os.path.join(jail_path, JAIL_CONFIG_NAME) jail_config_path = get_jail_config_path(jail_name)
config = configparser.ConfigParser() config = configparser.ConfigParser()
try: try:
@ -253,7 +266,7 @@ def start_jail(jail_name):
passthrough_intel(gpu_passthrough_intel, systemd_nspawn_additional_args) passthrough_intel(gpu_passthrough_intel, systemd_nspawn_additional_args)
passthrough_nvidia(gpu_passthrough_nvidia, passthrough_nvidia(gpu_passthrough_nvidia,
systemd_nspawn_additional_args, jail_path, jail_name) systemd_nspawn_additional_args, jail_name)
cmd = ['systemd-run', cmd = ['systemd-run',
*shlex.split(config.get('systemd_run_default_args', '')), *shlex.split(config.get('systemd_run_default_args', '')),
@ -573,8 +586,8 @@ def create_jail(jail_name):
readline.parse_and_bind('tab: self-insert') readline.parse_and_bind('tab: self-insert')
print() print()
jail_config_path = os.path.join(jail_path, JAIL_CONFIG_NAME) jail_config_path = get_jail_config_path(jail_name)
jail_rootfs_path = os.path.join(jail_path, JAIL_ROOTFS_NAME) jail_rootfs_path = get_jail_rootfs_path(jail_name)
# Create directory for rootfs # Create directory for rootfs
os.makedirs(jail_rootfs_path, exist_ok=True) os.makedirs(jail_rootfs_path, exist_ok=True)
@ -729,6 +742,18 @@ def create_jail(jail_name):
start_jail(jail_name) start_jail(jail_name)
def edit_jail(jail_name):
"""
Edit jail with given name.
"""
if check_jail_name_valid(jail_name):
if check_jail_name_available(jail_name, False):
eprint(f"A jail with name {jail_name} does not exist.")
else:
os.system(f'nano {get_jail_config_path(jail_name)}')
print("Restart the jail for edits to apply (if you made any).")
def remove_jail(jail_name): def remove_jail(jail_name):
""" """
Remove jail with given name. Remove jail with given name.
@ -770,6 +795,7 @@ def list_jails():
print("\nCurrently running:\n") print("\nCurrently running:\n")
subprocess.run(['machinectl', 'list']) subprocess.run(['machinectl', 'list'])
def install_jailmaker(): def install_jailmaker():
# Check if command exists in path # Check if command exists in path
if shutil.which('systemd-nspawn'): if shutil.which('systemd-nspawn'):
@ -787,7 +813,8 @@ def install_jailmaker():
stat_chmod(file, 0o755) stat_chmod(file, 0o755)
subprocess.run(['apt-get', 'update'], check=True) subprocess.run(['apt-get', 'update'], check=True)
subprocess.run(['apt-get', 'install', '-y', 'systemd-container'], check=True) subprocess.run(['apt-get', 'install', '-y',
'systemd-container'], check=True)
# Restore original permissions # Restore original permissions
print("Restore permissions of apt and dpkg.") print("Restore permissions of apt and dpkg.")
@ -804,14 +831,17 @@ def install_jailmaker():
print(f"Creating symlink {target} to {SCRIPT_PATH}.") print(f"Creating symlink {target} to {SCRIPT_PATH}.")
os.symlink(SCRIPT_PATH, target) os.symlink(SCRIPT_PATH, target)
else: else:
print(f"File {target} already exists... Maybe it's a broken symlink from a previous install attempt?") print(
f"File {target} already exists... Maybe it's a broken symlink from a previous install attempt?")
print(f"Skipped creating new symlink {target} to {SCRIPT_PATH}.") print(f"Skipped creating new symlink {target} to {SCRIPT_PATH}.")
print("Done installing jailmaker.") print("Done installing jailmaker.")
def main(): def main():
if os.stat(SCRIPT_PATH).st_uid != 0: if os.stat(SCRIPT_PATH).st_uid != 0:
fail(f"This script should be owned by the root user... Fix it manually with: `chown root {SCRIPT_PATH}`.") fail(
f"This script should be owned by the root user... Fix it manually with: `chown root {SCRIPT_PATH}`.")
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(
description=DESCRIPTION, epilog=DISCLAIMER) description=DESCRIPTION, epilog=DISCLAIMER)
@ -826,12 +856,16 @@ def main():
subparsers.add_parser(name='start', epilog=DISCLAIMER).add_argument( subparsers.add_parser(name='start', epilog=DISCLAIMER).add_argument(
'name', help='name of the jail to start') 'name', help='name of the jail to start')
subparsers.add_parser(name='edit', epilog=DISCLAIMER).add_argument(
'name', help='name of the jail to edit')
subparsers.add_parser(name='remove', epilog=DISCLAIMER).add_argument( subparsers.add_parser(name='remove', epilog=DISCLAIMER).add_argument(
'name', help='name of the jail to remove') 'name', help='name of the jail to remove')
subparsers.add_parser(name='list', epilog=DISCLAIMER) subparsers.add_parser(name='list', epilog=DISCLAIMER)
subparsers.add_parser(name='install', epilog=DISCLAIMER, help="Install jailmaker dependencies and create symlink") subparsers.add_parser(name='install', epilog=DISCLAIMER,
help="Install jailmaker dependencies and create symlink")
if os.getuid() != 0: if os.getuid() != 0:
parser.print_usage() parser.print_usage()
@ -852,6 +886,9 @@ def main():
elif args.subcommand == 'create': elif args.subcommand == 'create':
create_jail(args.name) create_jail(args.name)
elif args.subcommand == 'edit':
edit_jail(args.name)
elif args.subcommand == 'remove': elif args.subcommand == 'remove':
remove_jail(args.name) remove_jail(args.name)