Verifying host and jail

1 - original version

[dan@x8dtu:~] $ cat /usr/local/libexec/nagios-custom/check_py_iocage_host_vs_jails.sh
#!/bin/sh

exit

HOSTVERSION=`/usr/bin/file /bin/sh`

JAILS=`/usr/local/bin/iocage list -H | /usr/bin/cut -f 2 -w`
ERRORS=''
for jail in ${JAILS}
do
  JAILVERSION=`/usr/local/bin/iocage exec ${jail} 'file /bin/sh'`
  if [ "${JAILVERSION}" != "${HOSTVERSION}" ]
  then
    ERRORS="jail '${jail}' is ${JAILVERSION}"
  fi
done

if [ "${ERRORS}" == "" ]
then
  echo 'All jails match the host'
  exit 0
else
  echo "WARNING: HOST and jails are NOT in sync: host = ${HOSTVERSION} but ${ERRORS}"
  exit 2
fi
[dan@x8dtu:~] $ 


The problem: 'iocage list -H' lists all jails, running or not. If the jail is not running, the '/usr/local/bin/iocage exec'
on lin 7 will start the jail.  We don't want that.

2 - fixed version

#!/bin/sh

HOSTVERSION=`/usr/bin/file /bin/sh`

JAILS=`/usr/sbin/jls name`
ERRORS=''
for jail in ${JAILS}
do
  JAILVERSION=`/usr/sbin/jexec -U nobody ${jail} /usr/bin/file /bin/sh`
  if [ "${JAILVERSION}" != "${HOSTVERSION}" ]
  then
    ERRORS="jail '${jail}' is ${JAILVERSION}"
  fi
done

if [ "${ERRORS}" == "" ]
then
  echo 'All jails match the host'
  exit 0
else
  echo "WARNING: HOST and jails are NOT in sync: host = ${HOSTVERSION} but ${ERRORS}"
  exit 2
fi

I like this better because:

* it will work with any jail manager, because it does not use a jail manager
* instead, it uses tools found in the base system: jexec jls

I originally used -U ngaios, but nobody is present on all systems by default.