Add Bastillefile support to templates.
This commit is contained in:
Chris Wells
25
README.md
25
README.md
@@ -696,6 +696,31 @@ The above example will include anything under "etc" and "usr" inside
|
|||||||
the template. You do not need to list individual files. Just include the
|
the template. You do not need to list individual files. Just include the
|
||||||
top-level directory name.
|
top-level directory name.
|
||||||
|
|
||||||
|
For more control over the order of operations when applying a template,
|
||||||
|
create a `Bastillefile` inside the base template directory. Each line in
|
||||||
|
the file should begin with an uppercase reference to a Bastille command
|
||||||
|
followed by its arguments (omitting the target, which is deduced from the
|
||||||
|
`template` arguments). Lines beginning with `#` are treated as comments.
|
||||||
|
|
||||||
|
Bastillefile example:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
LIMITS memoryuse 1G
|
||||||
|
|
||||||
|
# Install and start nginx.
|
||||||
|
PKG nginx
|
||||||
|
SYSRC nginx_enable=YES
|
||||||
|
SERVICE nginx restart
|
||||||
|
|
||||||
|
# Copy files to nginx.
|
||||||
|
CP www/ usr/local/www/nginx-dist/
|
||||||
|
|
||||||
|
# Create a file on the server containing the jail's hostname.
|
||||||
|
CMD hostname > /usr/local/www/nginx-dist/hostname.txt
|
||||||
|
|
||||||
|
# Forward TCP port 80 on the host to port 80 in the container.
|
||||||
|
RDR tcp 80 80
|
||||||
|
```
|
||||||
|
|
||||||
Applying Templates
|
Applying Templates
|
||||||
------------------
|
------------------
|
||||||
|
|||||||
@@ -92,6 +92,46 @@ for _jail in ${JAILS}; do
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -s "${bastille_template}/Bastillefile" ]; then
|
||||||
|
# Ignore blank lines and comments. -- cwells
|
||||||
|
SCRIPT=$(grep -v '^\s*$' "${bastille_template}/Bastillefile" | grep -v '^\s*#')
|
||||||
|
# Use a newline as the separator. -- cwells
|
||||||
|
IFS='
|
||||||
|
'
|
||||||
|
set -f
|
||||||
|
for _line in ${SCRIPT}; do
|
||||||
|
_cmd=$(echo "${_line}" | awk '{print tolower($1);}')
|
||||||
|
_args=$(echo "${_line}" | awk '{$1=""; sub(/^ */, ""); print;}')
|
||||||
|
|
||||||
|
# Apply overrides for commands/aliases and arguments. -- cwells
|
||||||
|
case $_cmd in
|
||||||
|
cmd)
|
||||||
|
# Allow redirection within the jail. -- cwells
|
||||||
|
_args="sh -c '${_args}'"
|
||||||
|
;;
|
||||||
|
cp)
|
||||||
|
# Convert relative "from" path into absolute path inside the template directory. -- cwells
|
||||||
|
if [ "${_args%${_args#?}}" != '/' ]; then
|
||||||
|
_args="${bastille_template}/${_args}"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
include)
|
||||||
|
_cmd='template' ;;
|
||||||
|
pkg)
|
||||||
|
_args="install -y ${_args}" ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if ! eval "bastille ${_cmd} ${_jail} ${_args}"; then
|
||||||
|
echo -e "${COLOR_RED}Failed to execute command: ${BASTILLE_COMMAND}${COLOR_RESET}"
|
||||||
|
set +f
|
||||||
|
unset IFS
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
set +f
|
||||||
|
unset IFS
|
||||||
|
fi
|
||||||
|
|
||||||
## LIMITS (RCTL)
|
## LIMITS (RCTL)
|
||||||
if [ -s "${bastille_template}/LIMITS" ]; then
|
if [ -s "${bastille_template}/LIMITS" ]; then
|
||||||
echo -e "${COLOR_GREEN}[${_jail}]:LIMITS -- START${COLOR_RESET}"
|
echo -e "${COLOR_GREEN}[${_jail}]:LIMITS -- START${COLOR_RESET}"
|
||||||
|
|||||||
Reference in New Issue
Block a user