Commit d3cf1c9f authored by Your Name's avatar Your Name
Browse files

some experiments / porting

- xen
- freebsd
- plan9fs
parent 9305a9f9
#!/bin/bash
#!/usr/bin/env bash
export LANG=en_US.UTF-8
export LANGUAGE=en_US.UTF-8
export LC_ALL=en_US.UTF-8
......@@ -6,6 +6,8 @@ set -eux
env
TESTING=1
echo $DEBIAN_VERSION
DISK=$1
......@@ -14,11 +16,14 @@ ETH1=""
ETH2=""
cleanup(){
if [ ! -z "$MOUNTDIR" ]; then
if /bin/mountpoint -q "${MOUNTDIR}"; then
/bin/umount "${MOUNTDIR}"
if [ ! $TESTING -eq 1 ]
then
if [ ! -z "$MOUNTDIR" ]; then
#FIXME why is this check necassarry? if mountpoint -q "${MOUNTDIR}"; then
umount "${MOUNTDIR}"
#fi
rm -rf "${MOUNTDIR}"
fi
/bin/rm -rf "${MOUNTDIR}"
fi
}
......@@ -57,7 +62,21 @@ mketh1(){
if [ ! -z "$DISK" ]; then
/bin/mount "$DISK" "$MOUNTDIR"
if [[ `uname` == "FreeBSD" ]]
then
if kldload ext2fs
then
echo "loaded ext2"
fi
if kldload linux64
then
echo "loaded linux64"
fi
mount -t ext2fs "$DISK" "$MOUNTDIR"
else
mount "$DISK" "$MOUNTDIR"
fi
trap cleanup EXIT
......@@ -76,9 +95,54 @@ if [ ! -z "$DISK" ]; then
chroot ${MOUNTDIR} apt-get -y install systemd ifupdown netbase puppet git openssh-server curl vim lsb-release python3 udev python
else
echo "using debootstrap"
/usr/sbin/debootstrap \
--include=systemd-sysv,ifupdown,netbase,puppet,git,openssh-server,curl,vim,lsb-release,python3,udev,python \
"$DEBIAN_VERSION" "$MOUNTDIR" http://ftp.nl.debian.org/debian/
mirror="http://ftp.nl.debian.org/debian/"
image="https://cloud.debian.org/images/cloud/buster/daily/20190718-412/debian-10-generic-amd64-daily-20190718-412.tar.xz"
# https://github.com/NotGlop/docker-drag
# https://devops.stackexchange.com/questions/2731/downloading-docker-images-from-docker-hub-without-using-docker
# https://github.com/containers/skopeo
if [[ `uname` == "FreeBSD" ]]
then
if ls /usr/local/bin/gpgv
then
echo "found gpgv"
else
ln -s /usr/local/bin/gpgv2 /usr/local/bin/gpgv
fi
debootstrap \
--variant=minbase --exclude=systemd \
--keyring=/usr/local/etc/debian-archive-keyring.gpg \
--arch=amd64 "$DEBIAN_VERSION" "$MOUNTDIR" "$mirror"
#chroot "$MOUNTDIR" /debootstrap/debootstrap --second-stage
chroot apt-get -y update
if chroot ${MOUNTDIR} apt-get -y install systemd systemd-sysv
then
echo "systemd install success"
else
echo "systemd install fail"
fi
if chroot ${MOUNTDIR} apt-get -y install ifupdown netbase puppet git openssh-server curl vim lsb-release python3 udev python
then
echo "other pkg install success"
else
echo "other pkg install fail"
fi
else
debootstrap \
--include=systemd-sysv,ifupdown,netbase,puppet,git,openssh-server,curl,vim,lsb-release,python3,udev,python \
"$DEBIAN_VERSION" "$MOUNTDIR" "$mirror"
fi
fi
......@@ -111,8 +175,8 @@ if [ ! -z "$DISK" ]; then
echo "nameserver ${DNS}" > "${MOUNTDIR}/etc/resolv.conf"
/usr/bin/gpg --no-autostart --no-tty --homedir "${MOUNTDIR}/root/.gnupg" --import /usr/local/etc/admins.asc
/usr/bin/gpg --no-autostart --no-tty --homedir "${MOUNTDIR}/root/.gnupg" --import-ownertrust < /usr/local/etc/otrust.txt
gpg --no-autostart --no-tty --homedir "${MOUNTDIR}/root/.gnupg" --import /usr/local/etc/admins.asc
gpg --no-autostart --no-tty --homedir "${MOUNTDIR}/root/.gnupg" --import-ownertrust < /usr/local/etc/otrust.txt
echo "puppetmaster: $PUPPETMASTER"
#setup puppet
......@@ -120,7 +184,7 @@ if [ ! -z "$DISK" ]; then
then
echo "There is no puppetmaster, using masterless"
/usr/bin/git clone --recursive https://git.puscii.nl/puppet1/nomasters.git "${MOUNTDIR}/etc/puppet/code"
git clone --recursive https://git.puscii.nl/puppet1/nomasters.git "${MOUNTDIR}/etc/puppet/code"
echo "[Unit]" > "${MOUNTDIR}/etc/systemd/system/run-puppet.service"
echo "Description=apply our puppet manifest" >> "${MOUNTDIR}/etc/systemd/system/run-puppet.service"
......
......@@ -11,24 +11,25 @@ module Puppet::Parser::Functions
ext_net = args[5]
int_method = args[6]
ext_method = args[7]
type = args[8]
interfaces = Array.new
#FIXME: put the 0.0.0.0 check back
if not int_method=='none' then
if not int_mac.empty? then
interfaces << {'filter' => name + "-internal", 'network' => 'net-internal', 'mac' => int_mac, 'type' => 'virtio', 'ip' => int_ip, 'name' => name + "-internal"}
interfaces << {'filter' => name + "-internal", 'network' => 'net-internal', 'mac' => int_mac, 'type' => type, 'ip' => int_ip, 'name' => name + "-internal"}
else
interfaces << {'filter' => name + "-internal", 'network' => 'net-internal', 'mac' => function_libvirt_generate_mac([int_ip]), 'type' => 'virtio', 'ip' => int_ip, 'name' => name + "-internal"}
interfaces << {'filter' => name + "-internal", 'network' => 'net-internal', 'mac' => function_libvirt_generate_mac([int_ip]), 'type' => type, 'ip' => int_ip, 'name' => name + "-internal"}
end
end
if not ext_method=='none' then
if not ext_mac.empty? then
interfaces << {'filter' => name + "-external", 'network' => ext_net, 'mac' => ext_mac, 'type' => 'virtio', 'ip' => ext_ip, 'name' => name + "-external"}
interfaces << {'filter' => name + "-external", 'network' => ext_net, 'mac' => ext_mac, 'type' => type, 'ip' => ext_ip, 'name' => name + "-external"}
else
interfaces << {'filter' => name + "-external", 'network' => ext_net, 'mac' => function_libvirt_generate_mac([ext_ip]), 'type' => 'virtio', 'ip' => ext_ip, 'name' => name + "-external"}
interfaces << {'filter' => name + "-external", 'network' => ext_net, 'mac' => function_libvirt_generate_mac([ext_ip]), 'type' => type, 'ip' => ext_ip, 'name' => name + "-external"}
end
end
......
......@@ -7,30 +7,32 @@ class hypervisor::networks (
) {
require put::buster
require put::base
if "${operatingsystem}" == "Debian" {
require put::buster
include network
#packages
$packages = [
'bridge-utils',
'ifupdown',
'ebtables',
#packages
$packages = [
'bridge-utils',
'ifupdown',
'ebtables',
]
]
ensure_packages($packages)
ensure_packages($packages)
sysctl { 'net.ipv4.ip_forward': value => '1' }
sysctl { 'net.ipv4.ip_forward': value => '1' }
# create networks's defined in hiera
$networks = hiera_hash('networks')
create_resources ( hypervisor::network , $networks )
$networks = hiera_hash('networks')
create_resources ( hypervisor::network , $networks )
}
}
......@@ -3,6 +3,7 @@
#
class hypervisor::vm (
String $type = 'xen',
String $root_vg,
String $swap_vg,
String $data_vg,
......@@ -17,20 +18,41 @@ class hypervisor::vm (
include git
#packages
if "${type}" == "xen" {
require hypervisor::xen
}
if "${operatingsystem}" == "Debian" {
$rootgroup = 'root'
$packages = [
'debootstrap',
'linux-image-4.19.0-9-cloud-amd64',
]
} else {
$rootgroup = 'wheel'
$packages = [
'debootstrap',
]
}
ensure_packages($packages)
# scripts
file { '/usr/local/etc/debian-archive-keyring.gpg':
ensure => present,
owner => root,
group => $rootgroup,
mode => '0700',
source => "puppet:///modules/${module_name}/debian-archive-keyring.gpg",
}
# scripts
file { '/usr/local/bin/mkrootdisk.sh':
ensure => present,
owner => root,
group => root,
group => $rootgroup,
mode => '0700',
source => "puppet:///modules/${module_name}/scripts/mkrootdisk.sh",
}
......@@ -38,7 +60,7 @@ include git
file { '/usr/local/bin/inodecount.sh':
ensure => present,
owner => root,
group => root,
group => $rootgroup,
mode => '0700',
source => "puppet:///modules/${module_name}/scripts/inodecount.sh",
}
......
......@@ -43,48 +43,106 @@ define hypervisor::vm::deploy (
Array $external_custom_udp_rules = [], # syntax: [{remote_ip => port}, ... ]
) {
Exec {
user => 'root',
cwd => '/root/',
timeout => 9999,
path => '/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin',
environment => ['HOME=/root' ]
}
#include hypervisor::router::vm
include hypervisor::vm
# Storage
#FIXME: disks should not get added to fstab
lvm::logical_volume { "${name}-disk":
ensure => $ensure,
fs_type => 'ext4',
size => $rootsize,
mounted => false,
mountpath_require => false,
volume_group => $hypervisor::vm::root_vg,
if "$hypervisor::vm::type" == "xen" {
$interface_type = "netfront"
} else {
$interface_type = "virtio"
}
lvm::logical_volume { "${name}-swap":
ensure => $ensure,
createfs => false,
size => $swapsize,
volume_group => $hypervisor::vm::swap_vg,
# Storage
if "${operatingsystem}" == "Debian" {
}
$block_prefix = "/dev"
if $datadisk {
lvm::logical_volume { "${name}-data":
#FIXME: disks should not get added to fstab
lvm::logical_volume { "${name}-disk":
ensure => $ensure,
fs_type => 'ext4',
size => $datasize,
size => $rootsize,
atboot => false,
mounted => false,
mountpath_require => false,
volume_group => $hypervisor::vm::data_vg,
volume_group => $hypervisor::vm::root_vg,
}
lvm::logical_volume { "${name}-swap":
ensure => $ensure,
createfs => false,
size => $swapsize,
volume_group => $hypervisor::vm::swap_vg,
}
}
if $datadisk {
lvm::logical_volume { "${name}-data":
ensure => $ensure,
fs_type => 'ext4',
size => $datasize,
atboot => false,
mounted => false,
mountpath_require => false,
volume_group => $hypervisor::vm::data_vg,
}
}
} else {
$block_prefix = "/dev/zvol"
zfs { "${hypervisor::vm::root_vg}/${name}-disk":
ensure => $ensure,
volsize => $rootsize,
}
exec { "create fs ${name}-disk":
command => "mke2fs -t ext4 ${block_prefix}/${hypervisor::vm::root_vg}/${name}-disk",
subscribe => Zfs["${hypervisor::vm::root_vg}/${name}-disk"],
refreshonly => true
}
zfs { "${hypervisor::vm::root_vg}/${name}-swap":
ensure => $ensure,
volsize => $swapsize,
}
if $datadisk {
zfs { "${hypervisor::vm::root_vg}/${name}-data":
ensure => $ensure,
volsize => $datasize,
}
exec { "create fs ${name}-data":
command => "mke2fs -t ext4 ${block_prefix}/${hypervisor::vm::root_vg}/${name}-data",
subscribe => Zfs["${hypervisor::vm::root_vg}/${name}-disk"],
refreshonly => true
}
}
}
# Debootstrap
#FIXME: mkrootdisk does not get run again when it fails
# to have puppet rerun this script, make a new filesystem on the disk (deleting files does not work)
Exec { "/usr/local/bin/mkrootdisk.sh /dev/${hypervisor::vm::root_vg}/${name}-disk":
onlyif => "/usr/bin/test `/usr/local/bin/inodecount.sh /dev/${hypervisor::vm::root_vg}/${name}-disk` = 11",
Exec { "/usr/local/bin/mkrootdisk.sh ${block_prefix}/${hypervisor::vm::root_vg}/${name}-disk":
# onlyif => "test `/usr/local/bin/inodecount.sh ${block_prefix}/${hypervisor::vm::root_vg}/${name}-disk` = 11",
environment => ["INTIP=${internal_ip}",
"INTGW=${internal_gw}",
"INTNM=${internal_nm}",
......@@ -102,36 +160,42 @@ define hypervisor::vm::deploy (
],
logoutput => true,
timeout => 0,
require => [ Class['hypervisor::vm'], Lvm::Logical_volume["${name}-disk"]],
require => [
Class['hypervisor::vm'],
#FIXME: Lvm::Logical_volume["${name}-disk"]
],
}
# Firewalling
#
# FIXME (on bsd) virnwfilterdefinexml not supported by connection driver
if "${operatingsystem}" == "Debian" {
libvirt::nwfilter { "${name}-internal":
#ensure => $ensure,
ip => $internal_ip,
publictcpservices => $internal_tcp_services,
publicudpservices => $internal_udp_services,
customtcprules => $internal_custom_tcp_rules,
customudprules => $internal_custom_udp_rules,
uuid => hypervisor_generate_uuid("${name}internal"),
libvirt::nwfilter { "${name}-internal":
#ensure => $ensure,
ip => $internal_ip,
publictcpservices => $internal_tcp_services,
publicudpservices => $internal_udp_services,
customtcprules => $internal_custom_tcp_rules,
customudprules => $internal_custom_udp_rules,
uuid => hypervisor_generate_uuid("${name}internal"),
}
}
libvirt::nwfilter { "${name}-external":
#ensure => $ensure,
ip => $external_ip,
publictcpservices => $external_tcp_services,
publicudpservices => $external_udp_services,
customtcprules => $external_custom_tcp_rules,
customudprules => $external_custom_udp_rules,
uuid => hypervisor_generate_uuid("${name}external"),
libvirt::nwfilter { "${name}-external":
#ensure => $ensure,
ip => $external_ip,
publictcpservices => $external_tcp_services,
publicudpservices => $external_udp_services,
customtcprules => $external_custom_tcp_rules,
customudprules => $external_custom_udp_rules,
uuid => hypervisor_generate_uuid("${name}external"),
}
}
# VM definition
Exec { "delete old ${name} config":
exec { "delete old ${name} config":
command => "/bin/rm /etc/libvirt/qemu/${name}.xml || true",
}
......@@ -161,37 +225,53 @@ define hypervisor::vm::deploy (
}
mount { "/srv/rootfs/${name}":
ensure => 'mounted',
device => "/dev/${hypervisor::vm::root_vg}/${name}-disk",
device => "${block_prefix}/${hypervisor::vm::root_vg}/${name}-disk",
fstype => "ext4"
}
$devices = { "filesystem" => { "values" => {
"source" => { "attrs" => { "dir" => "/srv/rootfs/${name}" }},
"target" => { "attrs" => { "dir" => 'root9p' }}
}} }
# eventually security model should be mapped (so qemu doesn have to run as root): https://lists.gnu.org/archive/html/qemu-devel/2010-05/msg02673.html
# issue is how to create the rootfs when mapped is used (cause ownership info will be stored in extended attributes on host)
# squash should not be used, cause it will trow away information
$devices = { "filesystem" => { "attrs" => {
"accessmode" => "passthrough",
#"fmode" => "600",
#"dmode" => "700"
},
"values" => {
"source" => { "attrs" => { "dir" => "/srv/rootfs/${name}" }},
"target" => { "attrs" => { "dir" => 'root9p' }}
}
}
}
$disks = undef
} else {
notify { "we are NOT using 9p: $devices_profile": }
mount { "/srv/rootfs/${name}":
ensure => 'absent',
}
$devices = undef
$disks = hypervisor_disks($name,$hypervisor::vm::root_vg,$hypervisor::vm::swap_vg,$hypervisor::vm::data_vg,$datadisk)
}
libvirt::domain { $name:
type => $hypervisor::vm::type,
devices_profile => $devices_profile,
dom_profile => $dom_profile,
devices => $devices,
disks => $disks,
disks => $disks,
#boot => 'hd',
interfaces => hypervisor_interfaces($name,$internal_ip,$internal_mac,$external_ip,$external_mac,$external_net,$internal_method,$external_method),
interfaces => hypervisor_interfaces($name,$internal_ip,$internal_mac,$external_ip,$external_mac,$external_net,$internal_method,$external_method,$interface_type),
autostart => $autostart,
require => [ Exec["/usr/local/bin/mkrootdisk.sh /dev/${hypervisor::vm::root_vg}/${name}-disk"],
Exec["delete old ${name} config"],
#hypervisor::network["${internal_net}"],
#hypervisor::network["${external_net}"],
Libvirt::Nwfilter["${name}-internal"],
Libvirt::Nwfilter["${name}-external"] ],
require => [
Exec["/usr/local/bin/mkrootdisk.sh ${block_prefix}/${hypervisor::vm::root_vg}/${name}-disk"],
Exec["delete old ${name} config"],
#Hypervisor::network["${internal_net}"],
#Hypervisor::network["${external_net}"],
#FIXME Libvirt::Nwfilter["${name}-internal"],
#FIXME Libvirt::Nwfilter["${name}-external"]
],
uuid => hypervisor_generate_uuid($name),
}
......
......@@ -11,29 +11,36 @@ class hypervisor::vms (
) {
require put::buster
require put::admins
require put::base
require buildkernel::kernelprep
buildkernel::kernel { 'test1':
}
if "${operatingsystem}" == "Debian" {
require buildkernel::kernelprep
buildkernel::kernel { 'test1':
}
buildkernel::kernel { 'test2':
kernel_version => '4.19.0-9-cloud-amd64',
kernel_type => 'debian',
}
buildkernel::kernel { 'test2':
kernel_version => '4.19.0-9-cloud-amd64',
kernel_type => 'debian',
}
buildkernel::kernel { 'p9':
kernel_version => '4.19.0-13-amd64',
kernel_type => 'debian',
}
buildkernel::kernel { 'p9':
kernel_version => '4.19.0-13-amd64',
kernel_type => 'debian',
}
}
file { "/srv/":
ensure => directory
}
file { "/srv/rootfs/":
ensure => directory
......
#
# xen
#
class hypervisor::xen (
) {
case "${operatingsystem}" {
'Debian': {
$packages = [
'xen-hypervisor',
]
}
'FreeBSD': {
$packages = [
'lsblk',
'xen-kernel',
'e2fsprogs',
'fusefs-ext2',
'emulators/linux_base-c7',
#'strace',
'gdb',
'xen-tools', # doesn't work on hardenedbsd
'libvirt'
]
Exec {
user => 'root',
cwd => '/root/',
timeout => 9999,
path => '/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin',
environment => ['HOME=/root' ]
}
exec { "load linux64":
command => "kldload linux64 || true",
}
}
default: {
fail("os ${operatingsystem} not supported")
}