Create or destroy jails for senior project teams on our senior project jail host.
jailify
is dependent on a ZFS dataset configured as a base jail that can be cloned to create new jails.jailify
must havesendmail
enabled in the jail. This change can be made in the base jail that all future jails will be cloned from.jailify
must have/usr/share/skel
formatted with an added.ssh/
and anauthorized_keys
file for creation of user accounts to work. This change can also be made in the base jail.jailify
is dependent onpython3
being installed.- The host must specify an acceptable range of IP addresses for the jails to
use in
/etc/jail.conf
. You may put this comment anywhere in/etc/jail.conf
. However, we suggest you place it after the#DEFAULTS
section and before the jails. Use the following format:#ip-range = <IP Range>
<IP Range>
should be the acceptable IP addresses expressed in CIDR notation, such as:10.10.1.128/25
. jailify
must havesudo
installed in the jail. This change can be made in the base jail.
To install jailify
run the following command:
pip install git+https://github.com/wwu-cs-support/jailify.git@master
jailify
is the command used to create new jails for senior project teams. The
basic usage is this:
jailify project_dir
where jailify
is the name of the command and project_dir
is the required
path to a directory (which could be either a plain directory or a tarball)
containing the SSH public keys for each group member. The project_dir
also
contains a file which should be called metadata.json
.
Here's example of that JSON file with all required fields
{
"projectName": "Green Team",
"hostname": "greenteam",
"facultyContact": "Jane Smith",
"client": "CS Support",
"teamMembers": [
{
"username": "rossb",
"name": "Bob Ross",
"email": "[email protected]"
},
{
"username": "doej",
"name": "Jane Doe",
"email": "[email protected]"
},
{
"username": "cohenh",
"name": "Harriet Cohen",
"email": "[email protected]"
},
{
"username": "obamab",
"name": "Barack Obama",
"email": "[email protected]"
}
]
}
Example usage of jailify
might look like
user@jailhost:~ % sudo jailify ./greenteam.tgz
or
user@jailhost:~ % sudo jailify ./blueteam
where the directory structure of greenteam.tgz
or blueteam
looks like
greenteam
├── rossb.pub
├── doe.pub
├── metadata.json
├── cohenh.pub
└── obamab.pub
dejailify
will be the command used to destroy old senior project jails.
The basic usage is this:
dejailify [team_name]
With no arguments dejailify should query /etc/jail.conf
for meta-data
embedded in comments above the jail descriptions to present a list of jails
allocated for destruction.
For example, jailify
with no argument should look like:
user@jailhost:~ % sudo dejailify
The following jails are allocated for destruction:
- blueteam.generic-domain
- greenteam.generic-domain
- redteam.generic-domain
Destroy all of them? [y/N] n
Destroy them individually? [y/N] y
Destroy blueteam.generic-domain? [y/N] y
[WARNING]: This will destroy ALL jail data for blueteam.generic-domain. Are you sure? [y/N] y
Destroying blueteam... done.
Destroy greenteam? [y/N] n
Destroy redteam? [y/N] n
user@jailhost:~ %
With the team_name
argument dejailify
might look like:
user@jailhost:~ % sudo dejailify redteam
Destroy redteam.generic-domain? [y/N] y
[WARNING]: This will destroy ALL jail data for redteam.generic-domain. Are you sure? [y/N] y
Destroying redteam.generic-domain... done.
[email protected]:~ %