-
Notifications
You must be signed in to change notification settings - Fork 0
/
07-post-jail-creation-configuration-nginx.sh
executable file
·71 lines (54 loc) · 3.08 KB
/
07-post-jail-creation-configuration-nginx.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/sh -x
. /usr/local/etc/host-init/jail-vars.sh
# clear this, in case we messed it up and are running this script again.
for set in $caching_sets
do
# it has to be unjailed in order for the subsequent operations to succeed. Otherwise: dataset is used in a non-global
zfs set jailed=off ${datazpool}/freshports/jailed/$WEB_JAIL/cache/${set}
done
# unjail it
zfs set jailed=off ${datazpool}/freshports/jailed/$WEB_JAIL/cache
for set in $caching_sets
do
zfs set canmount=on ${datazpool}/freshports/jailed/$WEB_JAIL/cache/${set}
zfs inherit jailed ${datazpool}/freshports/jailed/$WEB_JAIL/cache/${set}
zfs inherit mountpoint ${datazpool}/freshports/jailed/$WEB_JAIL/cache/${set}
done
# jail it
# let's set only the top level filesystem jailed
# the children should follow inheritance.
zfs set jailed=on ${datazpool}/freshports/jailed/$WEB_JAIL/cache
jexec $WEB_JAIL mkdir -p /var/db/freshports/cache
service jail restart $WEB_JAIL
zfs jail $WEB_JAIL ${datazpool}/freshports/jailed/$WEB_JAIL/cache
jexec $WEB_JAIL zfs set mountpoint=/var/db/freshports/cache ${datazpool}/freshports/jailed/$WEB_JAIL/cache
for set in $caching_sets
do
# allow freshports to rollback
jexec $WEB_JAIL zfs allow freshports rollback ${datazpool}/freshports/jailed/$WEB_JAIL/cache/${set}
# quite sure thsi is not required because it gets mounted
# jexec $WEB_JAIL zfs mount ${datazpool}/freshports/jailed/$WEB_JAIL/cache/${set}
jexec $WEB_JAIL chown www:freshports /var/db/freshports/cache/${set}
jexec $WEB_JAIL chmod g+w /var/db/freshports/cache/${set}
# this snapshot must be last or you'll undo the chown above when you rollback
jexec $WEB_JAIL zfs snapshot ${datazpool}/freshports/jailed/$WEB_JAIL/cache/${set}@empty
done
# Enable the search log. This has always been a thing, and never really used.
jexec $WEB_JAIL touch /var/db/freshports/cache/searchlog.txt
jexec $WEB_JAIL chown www:freshports /var/db/freshports/cache/searchlog.txt
jexec $WEB_JAIL chmod 0644 /var/db/freshports/cache/searchlog.txt
# I am not sure why this needs to be done, but when configuring x8dtu, it was required.
#zfs inherit mountpoint ${datazpool}/freshports/$INGRESS_JAIL/cache/html
#zfs inherit mountpoint ${datazpool}/freshports/$INGRESS_JAIL/cache/spooling
#zfs inherit mountpoint ${datazpool}/freshports/$INGRESS_JAIL/freshports/message-queues
#zfs inherit mountpoint ${datazpool}/freshports/$INGRESS_JAIL/freshports/repos
#zfs inherit mountpoint ${datazpool}/freshports/$INGRESS_JAIL/ingress/message-queues
#zfs inherit mountpoint ${datazpool}/freshports/$INGRESS_JAIL/ingress/repos
#
#zfs mount ${datazpool}/freshports/$INGRESS_JAIL/cache/html
#zfs mount ${datazpool}/freshports/$INGRESS_JAIL/cache/spooling
#zfs mount ${datazpool}/freshports/$INGRESS_JAIL/freshports/message-queues
#zfs mount ${datazpool}/freshports/$INGRESS_JAIL/freshports/repos
#zfs mount ${datazpool}/freshports/$INGRESS_JAIL/ingress/message-queues
#zfs mount ${datazpool}/freshports/$INGRESS_JAIL/ingress/repos
jexec $WEB_JAIL mkdir -p /var/db/freshports/cache/html