txzonemgr.sh revision 052519c2d30736afb1861979b73d5a889cf7fba8
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# CDDL HEADER START
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# The contents of this file are subject to the terms of the
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# Common Development and Distribution License (the "License").
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# You may not use this file except in compliance with the License.
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# See the License for the specific language governing permissions
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# and limitations under the License.
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# When distributing Covered Code, include this CDDL HEADER in each
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# If applicable, add the following below this CDDL HEADER, with the
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# fields enclosed by brackets "[]" replaced with your own identifying
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# information: Portions Copyright [yyyy] [name of copyright owner]
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# CDDL HEADER END
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Luecke# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# Copyright 2014 Garrett D'Amore
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# This script provides a simple GUI for managing labeled zones.
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# It provides contextual menus which provide appropriate choices.
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# It must be run in the global zone as root.
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Luecke# These arguments are accepted, and will result in non-interactive
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# (text-only) mode:
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# txzonemgr [-c | -d[f]]
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# -c create default zones
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# -d destroy all zones; prompts for confirmation unless
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke# the -f flag is also specified
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Luecke# DISP - use GUI (otherwise use non-interactive mode)
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Luecke# CREATEDEF - make default zones (non-interactive)
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Luecke# DESTROYZONES - tear down all zones (non-interactive)
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Luecke# FORCE - force
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_defzones=$(gettext "Create default zones using default settings?")
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_confirmkill=$(gettext "OK to destroy all zones?")
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_continue=$(gettext "(exit to resume $(basename $0) when ready)")
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_getlabel=$(gettext "Select a label for the")
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_getremote=$(gettext "Select a remote host or network from the list below:")
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_getnet=$(gettext "Select a network configuration for the")
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_getzone=$(gettext "Select a zone from the list below:
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Luecke(select global for zone creation and shared settings)")
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_getcmd=$(gettext "Select a command from the list below:")
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_inuse=$(gettext "That label is already assigned\nto the")
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_getmin=$(gettext "Select the minimum network label for the")
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_getmax=$(gettext "Select the maximum network label for the")
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Lueckemsg_badip=$(gettext " is not a valid IP address")
d98cfdc55591a9982c8ec759520b6a4c28bd9f55Dominik Luecke if [ $CREATEDEF -eq 1 -a $DESTROYZONES -eq 1 ] ; then
d98cfdc55591a9982c8ec759520b6a4c28bd9f55Dominik Luecke if [ $CREATEDEF -eq 1 -a $FORCE -eq 1 ] ; then
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke if [ $FORCE -eq 1 -a $CREATEDEF -eq 0 -a $DESTROYZONES -eq 0 ] ; then
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke gettext "option -f specified without any other options\n"
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke if [ $zonename != global ] ; then
d98cfdc55591a9982c8ec759520b6a4c28bd9f55Dominik Luecke if [ $? != 0 ] ; then
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Luecke hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2);
d98cfdc55591a9982c8ec759520b6a4c28bd9f55Dominik Luecke if [[ $hexlabel ]] ; then
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke if [ $zonename = global ] ; then
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke addcipsohost="Add Multilevel Access to Remote Host...\n"
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke removecipsohost="Remove Multilevel Access to Remote Host...\n"
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke if [[ -n $net ]] ; then
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Luecke elif [ $zonestate = configured ] ; then
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke addremotehost="Add Single-level Access to Remote Host...\n"
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke remotes=$(grep -v "^#" $TNRHDB|grep $template)
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke if [ $? = 0 ] ; then
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke removeremotehost="Remove Single-level Access to Remote Host...\n"
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke if [ $z = $zonename ] ; then
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke if [ $clone_cnt -gt 0 ] ; then
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke macstate=$(zonecfg -z $zonename info|grep win_mac_write)
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke if [[ -n $macstate ]] ; then
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke bootmode=$(zonecfg -z $zonename info autoboot)
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke if [[ $bootmode == 'autoboot: true' ]] ; then
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke if [[ ! -n $zonename ]] ; then
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke if [[ ! -n $zonename ]] ; then
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Luecke zonecfg -z $zonename "create -t SUNWtsoldef;\
05a206508bc898f87fe6ab6e069814df3c29d303Dominik Luecke set zonepath=/zone/$zonename"
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke zfs list -H $ZDSET/$zonename 1>/dev/null 2>&1
if [ $? -eq 0 ] ; then
print "${template}:host_type=${hostType};doi=1;min_sl=${minlabel};max_sl=${maxlabel};$deflabel" >> $TNRHTP
if [ $? -eq 1 ] ; then
--accredcheck=yes \
--mode=sensitivity \
--accredcheck=no \
--mode=sensitivity \
--accredcheck=no \
--mode=sensitivity \
options=$1
pool=${2%%/*}
removefile=1;
keylen=128
if [ -f /var/ldap/ldap_client_file ] ; then
if [[ -z $locale ]] ; then
--width=330 \
if [[ -z $ipaddr ]] ; then
cidr=32
elif [[ -n $net ]] ; then
--width=330 \
image=$1
if [[ -z $image ]] ; then
--height=300 \
--width=330 \
if [[ -n $image ]] ; then
if [ $NSCD_PER_LABEL = 0 ] ; then
sleep 2
if [ $zonestate != installed ] ; then
if [ $NSCD_PER_LABEL = 0 ] ; then
if [ $zonestate != ready ] ; then
delopt=$*
IFS=.
integer octet_cnt=0
integer dummy
octet_cnt+=1
integer count=0
[ $? -eq 1 ] && continue
case $j in
count+=1
cidr=
--width=330 \
if [[ -z $ipaddr ]] ; then
if [[ -z $cidr ]] ; then
set physical=$nic; \
cidr=32
type=ignore
case $j in
inet) type=$j;;
zone) type=$j;;
type=ignore;;
if [[ -n $vnic ]] ; then
if [ $ipaddr != 0.0.0.0 ] ; then
cidr=32
if [[ -n $cidr ]] ; then
--width=330 \
if [[ -z $ipaddr ]] ; then
if [[ -z $ipaddr ]] ; then
if [ $? -eq 1 ] ; then
cidr=32
--width=330 \
if [[ ! -n $vnicname ]] ; then
set physical=$vnicname; \
--width=330 \
if [[ -z $ipaddr ]] ; then
if [ ${octets[3]} = 0 ] ; then
if [[ -z $cidr ]] ; then
cidr=32
rm $TXTMP/tnrhdb_new.$$
rm $TXTMP/syntax_error.$$
if [[ -n $remotes ]] ; then
--height=250 \
--width=300 \
if [[ -n $ipaddr ]] ; then
--height=200 \
--width=450 \
--editable \
--multiple
if [[ -z $ports ]] ; then
OPTIND=1
s) sharedMLPs=$OPTARG ;;
rm $TXTMP/syntax_error.$$
integer file_cnt=0
if [ $? -eq 0 ] ; then
chmod 400 $ZONE_ETC_DIR/shadow
$ZONE_ETC_DIR/${file[file_cnt]} >/dev/null)
if [ $? -ne 0 ] ; then
if [ $? -eq 0 ] ; then
file_cnt+=1
chmod 400 $ZONE_ETC_DIR/shadow
if [ $? -eq 0 ] ; then
echo Skipping $1
if [ $? -eq 1 ] ; then
if [ $NSCD_PER_LABEL -eq 0 ] ; then
sharePasswd $i
integer nic_cnt=0
integer netOp_cnt=2
netOp_cnt+=1
netOp_cnt+=1
nic_cnt+=1
--height=300 \
--width=500 \
if [[ -z $netOp ]] ; then
if [ $netOp = 1 ] ; then
${ncmds[1]} )
${ncmds[2]} )
physical )
logical )
virtual )
$share \
$newvnic \
$unplumb \
$bringup \
--height=300 \
createVNIC ;;
addHost;;
[ $? -eq 1 ] && continue
[ $? -eq 1 ] && continue
--height=300 \
--width=500 \
if [[ -z $nic ]] ; then
--width=400 \
if [[ -n $ldapdomain ]] ; then
--width=400 \
if [[ -n $ldapserver ]] ; then
--width=400 \
--width=400 \
--width=400 \
--width=400 \
--width=400 \
--height=250 \
if [ $? -eq 1 ] ; then
if [ $? -eq 1 ] ; then
>> $TNRHDB
>> $TNRHDB
--width=500 \
if [ $? -eq 0 ] ; then
--width=700 \
--height=300 \
read ans
if [ $? -ne 0 ] ; then
--width=330 \
if [ $? -ne 0 ] ; then
--height=400 \
--width=330 )
if [ $? -ne 0 ] ; then
zone_cnt+=1
if [ $? -ne 0 ] ; then
zone_cnt+=1
zone_cnt+=1
integer zone_cnt=1
zone_cnt+=1
if [ $zone_cnt == 1 ] ; then
if [ $zone_cnt == 1 ] ; then
zone_cnt=1
if [[ $hexlabel ]] ; then
curlabel=...
zone_cnt+=1
--height=300 \
--width=500 \
if [[ -n $zonename ]] ; then
delay=0
case $zonestate in
if [[ -z $label ]] ; then
$console \
$label \
$start \
$reboot \
$stop \
$clone \
$install \
$ready \
$delete \
$addnet \
$setmlps \
$nscdOpt \
$xit \
--height=400 \
--width=330 \
newZone ;;
delay=2
install;;
clone ;;
addTnrhdb ;;
addTnrhdb ;;
removeTnrhdb ;;
removeTnrhdb ;;
setMLPs;;
manageNscd ;;
manageNscd ;;
if [ $zone_cnt == 1 ] ; then
if [ $DESTROYZONES -eq 1 ] ; then
if [ $CREATEDEF -eq 1 ] ; then
if [ $NSCD_PER_LABEL -eq 0 ] ; then