proxy_ping_test
This commit is contained in:
parent
346682eedb
commit
c8610f9ded
138
Makefile
138
Makefile
@ -9,21 +9,21 @@ ANSIBLE_PLUGINS=/usr/local/lib/python3.11/site-packages/ansible-2.9.22-py3.11.eg
|
||||
# change this to be that hostname
|
||||
LOCALHOST=`cat /etc/hostname`
|
||||
|
||||
BOX_NBD_BASE_DIR=/a/tmp/GentooImgr
|
||||
BOX_NBD_BASE_FILE=gentoo.qcow2
|
||||
BOX_NBD_BASE_QCOW=${BOX_NBD_BASE_DIR}/${BOX_NBD_BASE_FILE}
|
||||
# set this to the name linux_local_group host in hosts.yml
|
||||
LOCAL_HOSTS_NAME=pentoo
|
||||
# set this to the name linux_chroot_group host in hosts.yml
|
||||
YAML_CHROOT_NAME=linuxGentoo
|
||||
# set this to the libvirt name of the linux_libvirt_group host in hosts.yml
|
||||
YAML_BOX_NAME=gentoo1
|
||||
INST_BOX_NAME=gentoo1
|
||||
OVERLAY_HOSTS_NAME=gentoo_overlay-2
|
||||
|
||||
BOX_NBD_BASE_QCOW="`/usr/local/bin/ansible_get_inventory.bash BOX_NBD_BASE_QCOW ${OVERLAY_HOSTS_NAME}`"
|
||||
BOX_NBD_OVERLAY_DIR="`/usr/local/bin/ansible_get_inventory.bash BOX_NBD_OVERLAT_DIR ${OVERLAY_HOSTS_NAME}`"
|
||||
BOX_NBD_OVERLAY_QCOW="`/usr/local/bin/ansible_get_inventory.bash BOX_NBD_OVERLAT_QCOW ${OVERLAY_HOSTS_NAME}`"
|
||||
BOX_NBD_OVERLAY_XML=${BOX_NBD_OVERLAY_DIR}/xml/${OVERLAY_HOSTS_NAME}.xml
|
||||
BOX_NBD_OVERLAY_NAME="`/usr/local/bin/ansible_get_inventory.bash BOX_NBD_OVERLAY_NAME ${OVERLAY_HOSTS_NAME}`"
|
||||
|
||||
#INST_BOX_DIR=/mnt/o/home/root/vms/virsh
|
||||
INST_BOX_DIR=${BOX_NBD_BASE_DIR}/create-vm
|
||||
PWD=/o/var/local/src/play_tox/
|
||||
NETWORK=default
|
||||
NETWORK=Whonix-External
|
||||
VERBOSE=2
|
||||
|
||||
all: install lint build check run test
|
||||
@ -66,27 +66,27 @@ build_base:: install
|
||||
[ -f ${BOX_NBD_BASE_QCOW} ]
|
||||
|
||||
build_overlay::
|
||||
@virsh list | grep "${INST_BOX_NAME}.*running" && \
|
||||
virsh destroy ${INST_BOX_NAME} ; true
|
||||
# @virsh list | grep "${INST_BOX_NAME}.*running" && exit 1
|
||||
@virsh list --all | grep ${INST_BOX_NAME} && \
|
||||
virsh undefine ${INST_BOX_NAME} && \
|
||||
@virsh list | grep "${OVERLAY_HOSTS_NAME}.*running" && \
|
||||
virsh destroy ${OVERLAY_HOSTS_NAME} ; true
|
||||
# @virsh list | grep "${OVERLAY_HOSTS_NAME}.*running" && exit 1
|
||||
@virsh list --all | grep ${OVERLAY_HOSTS_NAME} && \
|
||||
virsh undefine ${OVERLAY_HOSTS_NAME} && \
|
||||
rm -f \
|
||||
${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml \
|
||||
${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ; true
|
||||
${BOX_NBD_OVERLAY_XML} \
|
||||
${BOX_NBD_OVERLAY_QCOW} ; true
|
||||
# /a/tmp/GentooImgr/create-vm/xml/gentoo1.xml
|
||||
# ! virsh list --all | grep "${INST_BOX_NAME}" && exit 2
|
||||
[ ! -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ] || { \
|
||||
# ! virsh list --all | grep "${OVERLAY_HOSTS_NAME}" && exit 2
|
||||
[ ! -f ${BOX_NBD_OVERLAY_QCOW} ] || { \
|
||||
echo WARN delete this file to continue; \
|
||||
echo rm -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ; \
|
||||
echo rm -f ${BOX_NBD_OVERLAY_QCOW} ; \
|
||||
exit 3 ; }
|
||||
[ ! -f ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml ] || { \
|
||||
[ ! -f ${BOX_NBD_OVERLAY_XML} ] || { \
|
||||
echo WARN delete this file to continue ; \
|
||||
echo rm -f ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml ; \
|
||||
echo rm -f ${BOX_NBD_OVERLAY_XML} ; \
|
||||
exit 4 ; }
|
||||
PLAY_ANSIBLE_SRC=${PWD} bash bin/toxcore_build_overlay_qcow.bash
|
||||
[ -f ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml ]
|
||||
xmllint -noout ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml
|
||||
[ -f ${BOX_NBD_OVERLAY_XML} ]
|
||||
xmllint -noout ${BOX_NBD_OVERLAY_XML}
|
||||
|
||||
check::
|
||||
grep -n 'shell: *$$' roles/*/tasks/*.yml && { echo ERROR: "shell: in .yml" ; false ; } || true
|
||||
@ -96,7 +96,7 @@ check::
|
||||
$(MAKE) -$(MAKEFLAGS) check_base
|
||||
@[ -d /mnt/gentoo/lost+found ] && \
|
||||
sudo $(MAKE) -$(MAKEFLAGS) $@_chroot
|
||||
@[ -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ] && \
|
||||
@[ -f ${BOX_NBD_OVERLAY_QCOW} ] && \
|
||||
sudo $(MAKE) -$(MAKEFLAGS) $@_overlay
|
||||
|
||||
check_localhost::
|
||||
@ -106,9 +106,9 @@ check_localhost::
|
||||
|
||||
check_base::
|
||||
ls ${BOX_NBD_BASE_QCOW}
|
||||
ls ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img
|
||||
ls ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml
|
||||
ps axf | grep 'qemu-system-x86_64 -name guest='${INST_BOX_NAME} ; \
|
||||
ls ${BOX_NBD_OVERLAY_QCOW}
|
||||
ls ${BOX_NBD_OVERLAY_XML}
|
||||
ps axf | grep 'qemu-system-x86_64 -name guest='${OVERLAY_HOSTS_NAME} ; \
|
||||
true
|
||||
|
||||
check_chroot::
|
||||
@ -120,18 +120,19 @@ check_chroot::
|
||||
$(ROLES) > .$@-${YAML_CHROOT_NAME}-${LOCALHOST} 2>&1
|
||||
|
||||
check_overlay::
|
||||
sudo /var/local/sbin/hostvms_libvirt_test_ga.bash ${INST_BOX_NAME} ls /
|
||||
sudo /usr/local/sbin/toxcore_libvirt_test_ga.bash ${OVERLAY_HOSTS_NAME} ls /
|
||||
sudo /usr/local/sbin/toxcore_libvirt_test_ga.bash ${OVERLAY_HOSTS_NAME}
|
||||
# domain-*-gentoo/org.qemu.guest_agent.0 || true
|
||||
sudo virsh list | grep -q ${OVERLAY_HOSTS_NAME} || exit 0
|
||||
sudo find /var/lib/libvirt/qemu/channel/target/ | \
|
||||
grep org.qemu.guest_agent.0
|
||||
sudo find /var/lib/libvirt/qemu/channel/target/ -type s | \
|
||||
grep ${INST_BOX_NAME}
|
||||
ansible -c libvirt_qemu -l ${YAML_BOX_NAME} -i hosts.yml \
|
||||
-m setup -vvv ${YAML_BOX_NAME}
|
||||
sudo virsh list | grep -q ${INST_BOX_NAME} || exit 0
|
||||
sudo sh ansible_local.bash --diff -i hosts.yml -l ${INST_BOX_NAME} \
|
||||
grep ${OVERLAY_HOSTS_NAME}
|
||||
ansible -c libvirt_qemu -l ${OVERLAY_HOSTS_NAME} -i hosts.yml \
|
||||
-m setup -vvv ${OVERLAY_HOSTS_NAME}
|
||||
sudo sh ansible_local.bash --diff -i hosts.yml -l ${OVERLAY_HOSTS_NAME} \
|
||||
--check -c libvirt_qemu --verbose ${VERBOSE} \
|
||||
$(ROLES) > .$@-${INST_BOX_NAME}-${LOCALHOST} 2>&1
|
||||
$(ROLES) > .$@-${OVERLAY_HOSTS_NAME}-${LOCALHOST} 2>&1
|
||||
|
||||
# Edit hosts.yml and customize this target if you are on a Debianish
|
||||
devuan::
|
||||
@ -150,8 +151,8 @@ run::
|
||||
$(MAKE) -$(MAKEFLAGS) $@_local
|
||||
@[ -d /mnt/gentoo/lost+found ] && \
|
||||
sudo $(MAKE) -$(MAKEFLAGS) $@_chroot
|
||||
@[ ! -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ] && \
|
||||
sudo $(MAKE) -$(MAKEFLAGS) $@_libvirt
|
||||
@[ ! -f ${BOX_NBD_OVERLAY_QCOW} ] && \
|
||||
sudo $(MAKE) -$(MAKEFLAGS) $@_overlay
|
||||
|
||||
run_local:: lint
|
||||
A=`grep nbd /proc/partitions | wc -l`
|
||||
@ -174,26 +175,35 @@ run_chroot::
|
||||
-c chroot --verbose ${VERBOSE} $(ROLES) \
|
||||
> .$@-${YAML_CHROOT_NAME}-${LOCALHOST} 2>&1
|
||||
|
||||
run_libvirt::
|
||||
[ -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ]
|
||||
install_libvirt::
|
||||
@virsh net-list | grep "${NETWORK}.*active" || \
|
||||
sudo virsh net-start "${NETWORK}"
|
||||
@virsh list | grep ${INST_BOX_NAME} && \
|
||||
virsh define ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml
|
||||
@virsh list | grep "${INST_BOX_NAME}.*running" || \
|
||||
virsh start ${INST_BOX_NAME}
|
||||
sh ansible_local.bash --diff -i hosts.yml -l ${INST_BOX_NAME} \
|
||||
sudo virsh net-start "${NETWORK}" || { \
|
||||
echo WARN: error virsh net-start "${NETWORK}" ; }
|
||||
[ -f ${BOX_NBD_OVERLAY_XML} ]
|
||||
# xmlstarlet sel -t -v
|
||||
A=$(grep 'source file=' ${BOX_NBD_OVERLAY_XML} | sed -e 's@.*file=.@@' -e "s@'.*@@" )
|
||||
[ -n "${A}" ] && [ -f "${A}" ]
|
||||
@virsh list --all | grep ${OVERLAY_HOSTS_NAME} || \
|
||||
virsh define ${BOX_NBD_OVERLAY_XML}
|
||||
@virsh list | grep "${OVERLAY_HOSTS_NAME}.*running" || \
|
||||
{ virsh start ${OVERLAY_HOSTS_NAME} ; sleep 40 ; }
|
||||
|
||||
run_overlay:: install_libvirt
|
||||
[ -f ${BOX_NBD_OVERLAY_QCOW} ] || { \
|
||||
echo WARN ${BOX_NBD_OVERLAY_QCOW} doesnt exist - make build_overlay ; \
|
||||
exit 1 ; }
|
||||
sh ansible_local.bash --diff -i hosts.yml -l ${OVERLAY_HOSTS_NAME} \
|
||||
-c libvirt_qemu --verbose ${VERBOSE} $(ROLES) \
|
||||
> .run-${INST_BOX_NAME}-${LOCALHOST} 2>&1
|
||||
> .run-${OVERLAY_HOSTS_NAME}-${LOCALHOST} 2>&1
|
||||
|
||||
# hourly is quick tests, weekly is medium tests, monthly is long tests
|
||||
weekly:: test
|
||||
test::
|
||||
# bash .pyanal.sh &
|
||||
@[ -d /mnt/gentoo/lost+found ] && \
|
||||
sudo $(MAKE) -$(MAKEFLAGS) $@_local
|
||||
@[ -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ] && \
|
||||
sudo $(MAKE) -$(MAKEFLAGS) $@_libvert
|
||||
|
||||
@[ -f ${BOX_NBD_OVERLAY_QCOW} ] && \
|
||||
sudo $(MAKE) -$(MAKEFLAGS) $@_overlay
|
||||
test_local::
|
||||
bash .pyanal.sh &
|
||||
sudo sh ansible_local.bash --diff -i ${PWD}/hosts.yml -l ${LOCALHOST} \
|
||||
@ -201,15 +211,39 @@ test_local::
|
||||
--verbose ${VERBOSE} -t weekly \
|
||||
$(ROLES) > .$@-${LOCALHOST} 2>&1
|
||||
|
||||
test_libvirt::
|
||||
# bash .pyanal.sh &
|
||||
# check if ${INST_BOX_NAME} is running
|
||||
! sudo virsh list | grep -q ${INST_BOX_NAME} && exit 0
|
||||
test_overlay:: install_libvirt
|
||||
! sudo virsh list | grep -q ${OVERLAY_HOSTS_NAME} && exit 0
|
||||
sudo sh ansible_local.bash --diff -i ${PWD}/hosts.yml \
|
||||
-l ${INST_BOX_NAME} -c libvirt_qemu \
|
||||
-l ${OVERLAY_HOSTS_NAME} -c libvirt_qemu \
|
||||
--verbose ${VERBOSE} -t weekly \
|
||||
$(ROLES) > .$@-${LOCALHOST} 2>&1
|
||||
|
||||
# this is a special test target to test a copy of the base qcow2
|
||||
VM_HOSTS_NAME=gentoo_vm-2
|
||||
VM_XML=/etc/libvirt/qemu/${VM_HOSTS_NAME}.xml
|
||||
A="`grep 'source file=.*qcow2' ${VM_XML} | sed -e 's@.*file=.@@' -e "s@'.*@@"`"
|
||||
install_vm::
|
||||
@virsh net-list | grep "${NETWORK}.*active" || \
|
||||
sudo virsh net-start "${NETWORK}" || { \
|
||||
echo WARN: error virsh net-start "${NETWORK}" ; }
|
||||
[ -f ${VM_XML} ]
|
||||
@virsh list --all | grep ${VM_HOSTS_NAME} || { \
|
||||
echo ERROR virsh define ${VM_XML} ; exit 8 ; }
|
||||
# xmlstarlet sel -t -v
|
||||
[ -n "${A}" ] && [ -f "${A}" ]
|
||||
@virsh list | grep "${VM_HOSTS_NAME}.*running" || \
|
||||
{ virsh start ${VM_HOSTS_NAME} ; sleep 40 ; }
|
||||
|
||||
test_vm:: install_vm
|
||||
sudo sh ansible_local.bash --diff -i ${PWD}/hosts.yml \
|
||||
-l ${VM_HOSTS_NAME} -c libvirt_qemu \
|
||||
--check --verbose ${VERBOSE} -t daily \
|
||||
$(ROLES) > .$@-${LOCALHOST} 2>&1
|
||||
sudo sh ansible_local.bash --diff -i ${PWD}/hosts.yml \
|
||||
-l ${VM_HOSTS_NAME} -c libvirt_qemu \
|
||||
--verbose ${VERBOSE} -t daily \
|
||||
$(ROLES) > .$@-${LOCALHOST} 2>&1
|
||||
|
||||
veryclean:: clean
|
||||
rm -f .run* .check*
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
[defaults]
|
||||
log_path = var/tmp/2023/12/31/pentoo/base_proxy_toxcore.log
|
||||
log_path = var/tmp/2024/01/05/gentoo_vm-2/base_proxy_toxcore.log
|
||||
callback_plugins = ./lib/plugins/
|
||||
# /i/data/DevOps/net/Http/docs.ansible.com/ansible/intro_configuration.html
|
||||
# http://docs.ansible.com/ansible/intro_configuration.html#command-warnings
|
||||
|
@ -101,10 +101,10 @@
|
||||
that:
|
||||
- "'{{ansible_lsb.id}}' == '{{BOX_OS_NAME}}'"
|
||||
success_msg: "BOX_OS_FAMILY={{BOX_OS_FAMILY}}"
|
||||
fail_msg: "ON tHE WRONG BOX {{ansible_lsb.id}} "
|
||||
fail_msg: "ON tHE WRONG BOX {{ansible_lsb.id}}"
|
||||
when:
|
||||
- ansible_connection != 'local'
|
||||
- ansible_lsb.id|default('')" != ''
|
||||
# - ansible_connection != 'local'
|
||||
- ansible_lsb.id|default('') != ''
|
||||
ignore_errors: true
|
||||
|
||||
- name: "check BOX_ANSIBLE_CONNECTIONS"
|
||||
@ -148,39 +148,8 @@
|
||||
check_mode: false
|
||||
when: ansible_connection == 'local' or ansible_connection == 'chroot'
|
||||
|
||||
- block:
|
||||
|
||||
- name: "spinup libvirt hosts"
|
||||
shell: |
|
||||
sudo virsh net-list | grep -q default || \
|
||||
sudo virsh net-start default
|
||||
sudo virsh list | grep -q "{{ inventory_hostname }}" || \
|
||||
sudo virsh start "{{ inventory_hostname }}"
|
||||
delegate_to: localhost
|
||||
become: yes
|
||||
|
||||
- name: "spinup libvirt hosts"
|
||||
# pip3.sh install ovirt-engine-sdk-python --break-system-packages
|
||||
ovirt:
|
||||
url: "qemu:///system"
|
||||
instance_name: ubuntu18.04
|
||||
instance_cpus: "1"
|
||||
state: started
|
||||
# instance_rootpw
|
||||
user: "{{ BOX_USER_NAME }}" #
|
||||
password: "{{ BOX_USER_NAME }}" # "{{ ansible_ssh_user }}
|
||||
become: yes
|
||||
# msg: ovirtsdk required for this module
|
||||
ignore_errors: true
|
||||
|
||||
# required
|
||||
tags: always
|
||||
check_mode: false
|
||||
when: ansible_connection == 'libvirt_qemu'
|
||||
|
||||
- block:
|
||||
|
||||
# after spinup
|
||||
- name: "we will use sudo and make it a prerequisite"
|
||||
shell: |
|
||||
[ -z "$TMPDIR" ] || [ -d "$TMPDIR" ] || mkdir -p "$TMPDIR"
|
||||
|
55
hosts.yml
55
hosts.yml
@ -79,7 +79,6 @@ all:
|
||||
BOX_USR_LIB: lib
|
||||
BOX_DEFAULT_OUTPUT_IF: wlan4
|
||||
BOX_PROXY_MODE: selektor
|
||||
BOX_WHONIX_PROXY_HOST: ""
|
||||
BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles"
|
||||
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
|
||||
# /usr/lib/jvm/openjdk-bin-*/conf/net.properties
|
||||
@ -110,7 +109,6 @@ all:
|
||||
|
||||
BOX_JAVA_NET_PROPERTIES: /etc/java-11-openjdk/net.properties
|
||||
|
||||
BOX_WHONIX_PROXY_HOST: ""
|
||||
BOX_PROXY_MODE: tor
|
||||
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
|
||||
|
||||
@ -126,13 +124,45 @@ all:
|
||||
|
||||
hosts:
|
||||
|
||||
gentoo1:
|
||||
gentoo_overlay-2:
|
||||
|
||||
ansible_remote_addr: "gentoo1"
|
||||
ansible_host: "gentoo1"
|
||||
ansible_remote_addr: "gentoo_overlay-2"
|
||||
ansible_host: "gentoo_overlay-2"
|
||||
ansible_ssh_user: "gentoo"
|
||||
BOX_SERVICE_MGR: "openrc"
|
||||
BOX_HOST_NAME: "gentoo1"
|
||||
BOX_HOST_NAME: "gentoo_overlay-2"
|
||||
BOX_USER_NAME: "gentoo"
|
||||
BOX_USER_GROUP: "adm"
|
||||
BOX_ALSO_GROUP: "adm"
|
||||
BOX_USER_HOME: "/home/gentoo"
|
||||
BOX_OS_NAME: Gentoo
|
||||
BOX_OS_FAMILY: Gentoo
|
||||
BOX_OS_FLAVOR: "Gentoo"
|
||||
BOX_PROXY_MODE: nat
|
||||
BOX_USR_LIB: lib64
|
||||
BOX_DEFAULT_OUTPUT_IF: eth0
|
||||
BOX_PYTHON2_MINOR: ""
|
||||
BOX_PYTHON3_MINOR: "3.11"
|
||||
BASE_PORTAGE_PYTHON_MINOR: 3.11
|
||||
BOX_HOST_CONTAINER_MOUNTS: []
|
||||
BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles"
|
||||
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
|
||||
BOX_ALSO_USERS:
|
||||
- gentoo
|
||||
BOX_BASE_FEATURES: []
|
||||
BOX_TOXCORE_FEATURES: ['libvirt'] # ', 'docker
|
||||
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
|
||||
BOX_NBD_OVERLAY_NAME: "gentoo_overlay-2" # was gentoo1
|
||||
BOX_NBD_OVERLAY_BASE: "/a/tmp/GentooImgr/gentoo_base-2.qcow2"
|
||||
BOX_NBD_OVERLAY_QCOW: "/a/tmp/GentooImgr/create-vm/images/gentoo_overlay-2.img"
|
||||
|
||||
gentoo_vm-2:
|
||||
# vm no overlay, copy of the overlay's base
|
||||
ansible_remote_addr: "gentoo_vm-2"
|
||||
ansible_host: "gentoo_vm-2"
|
||||
ansible_ssh_user: "gentoo"
|
||||
BOX_SERVICE_MGR: "openrc"
|
||||
BOX_HOST_NAME: "gentoo_vm-2"
|
||||
BOX_USER_NAME: "gentoo"
|
||||
BOX_USER_GROUP: "adm"
|
||||
BOX_ALSO_GROUP: "adm"
|
||||
@ -151,8 +181,10 @@ all:
|
||||
BOX_ALSO_USERS:
|
||||
- gentoo
|
||||
BOX_BASE_FEATURES: []
|
||||
BOX_TOXCORE_FEATURES: ['libvirt', 'docker']
|
||||
BOX_TOXCORE_FEATURES: ['libvirt'] # ', 'docker
|
||||
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
|
||||
BOX_VM_NAME: "gentoo_vm-2" # was gentoo1
|
||||
BOX_VM_QCOW: "/o/var/lib/libvirt/images/gentoo_vm-2.qcow2"
|
||||
|
||||
ubuntu18.04:
|
||||
# /mnt
|
||||
@ -187,11 +219,6 @@ all:
|
||||
# ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
|
||||
# ansible_ssh_host: "127.0.0.1"
|
||||
BOX_ROOT_GROUP: root
|
||||
BOX_PROXY_MODE: client
|
||||
http_proxy: "http://127.0.0.1:3128"
|
||||
https_proxy: "http://127.0.0.1:9128"
|
||||
socks_proxy: "socks5://127.0.0.1:9050"
|
||||
no_proxy: "localhost,127.0.0.1,127.0.0.1"
|
||||
|
||||
linux_chroot_group :
|
||||
|
||||
@ -261,7 +288,6 @@ all:
|
||||
# toxcore
|
||||
BOX_NBD_DEV: nbd1
|
||||
BOX_NBD_MP: /mnt/gentoo
|
||||
BOX_NBD_OVERLAY_NAME: "gentoo1"
|
||||
BOX_NBD_FILES: "/i/data/Agile/tmp/Topics/GentooImgr"
|
||||
BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz"
|
||||
BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz"
|
||||
@ -269,12 +295,10 @@ all:
|
||||
BOX_NBD_BASE_PROFILE: openrc
|
||||
BOX_NBD_BASE_DIR: "/a/tmp/GentooImgr"
|
||||
BOX_NBD_BASE_QCOW: "{{BOX_NBD_BASE_DIR}}/gentoo.qcow2"
|
||||
BOX_NBD_OVERLAY_QCOW: "/o/var/lib/libvirt/images/gentoo1.qcow2"
|
||||
BOX_NBD_BASE_PUBKEY: "/root/.ssh/id_rsa-ansible.pub"
|
||||
|
||||
# libvirt overlay
|
||||
BOX_NBD_OVERLAY_DIR: "/a/tmp/GentooImgr/create-vm"
|
||||
BOX_NBD_OVERLAY_BASE: "/o/var/lib/libvirt/images/gentoo.qcow2.2"
|
||||
BOX_NBD_LOGLEVEL: 10
|
||||
BOX_NBD_OVERLAY_GB: "20"
|
||||
BOX_NBD_OVERLAY_CPUS: 1
|
||||
@ -286,7 +310,6 @@ all:
|
||||
BOX_NBD_OVERLAY_PASS: "gentoo"
|
||||
BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json"
|
||||
|
||||
|
||||
vars:
|
||||
# These come from the inventory overridden for connection = local,chroot in base_proxy.yml
|
||||
http_proxy: ""
|
||||
|
370
lib/plugins/#libvirt_qemu.py#
Normal file
370
lib/plugins/#libvirt_qemu.py#
Normal file
@ -0,0 +1,370 @@
|
||||
# Based on local.py (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
|
||||
# Based on chroot.py (c) 2013, Maykel Moya <mmoya@speedyrails.com>
|
||||
# (c) 2013, Michael Scherer <misc@zarb.org>
|
||||
# (c) 2015, Toshio Kuratomi <tkuratomi@ansible.com>
|
||||
# (c) 2017 Ansible Project
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
import sys
|
||||
import time
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
DOCUMENTATION = """
|
||||
author: Jesse Pretorius <jesse@odyssey4.me>
|
||||
connection: community.libvirt.libvirt_qemu
|
||||
short_description: Run tasks on libvirt/qemu virtual machines
|
||||
description:
|
||||
- Run commands or put/fetch files to libvirt/qemu virtual machines using the qemu agent API.
|
||||
notes:
|
||||
- Currently DOES NOT work with selinux set to enforcing in the VM.
|
||||
- Requires the qemu-agent installed in the VM.
|
||||
- Requires access to the qemu-ga commands guest-exec, guest-exec-status, guest-file-close, guest-file-open, guest-file-read, guest-file-write.
|
||||
version_added: "2.10"
|
||||
options:
|
||||
remote_addr:
|
||||
description: Virtual machine name
|
||||
default: inventory_hostname
|
||||
vars:
|
||||
- name: ansible_host
|
||||
executable:
|
||||
description: Shell to use for execution inside container
|
||||
default: /bin/sh
|
||||
vars:
|
||||
- name: ansible_executable
|
||||
virt_uri:
|
||||
description: libvirt URI to connect to to access the virtual machine
|
||||
default: qemu:///system
|
||||
vars:
|
||||
- name: ansible_libvirt_uri
|
||||
timeout:
|
||||
description: timeout for libvirt to connect to access the virtual machine
|
||||
required: false
|
||||
type: int
|
||||
default: 10
|
||||
"""
|
||||
|
||||
import base64
|
||||
import json
|
||||
import libvirt
|
||||
import libvirt_qemu
|
||||
import shlex
|
||||
import traceback
|
||||
|
||||
from ansible import constants as C
|
||||
from ansible.errors import AnsibleError, AnsibleConnectionFailure, AnsibleFileNotFound
|
||||
from ansible.module_utils._text import to_bytes, to_native, to_text
|
||||
from ansible.plugins.connection import ConnectionBase, BUFSIZE
|
||||
from ansible.plugins.shell.powershell import _parse_clixml
|
||||
from ansible.utils.display import Display
|
||||
from ansible.plugins.callback.minimal import CallbackModule
|
||||
from functools import partial
|
||||
from os.path import exists, getsize
|
||||
|
||||
display = Display()
|
||||
|
||||
iMAX_WAIT = 10 # sec.
|
||||
|
||||
REQUIRED_CAPABILITIES = [
|
||||
{'enabled': True, 'name': 'guest-exec', 'success-response': True},
|
||||
{'enabled': True, 'name': 'guest-exec-status', 'success-response': True},
|
||||
{'enabled': True, 'name': 'guest-file-close', 'success-response': True},
|
||||
{'enabled': True, 'name': 'guest-file-open', 'success-response': True},
|
||||
{'enabled': True, 'name': 'guest-file-read', 'success-response': True},
|
||||
{'enabled': True, 'name': 'guest-file-write', 'success-response': True}
|
||||
]
|
||||
|
||||
|
||||
class Connection(ConnectionBase):
|
||||
''' Local libvirt qemu based connections '''
|
||||
|
||||
transport = 'community.libvirt.libvirt_qemu'
|
||||
# TODO(odyssey4me):
|
||||
# Figure out why pipelining does not work and fix it
|
||||
has_pipelining = False
|
||||
has_tty = False
|
||||
|
||||
def __init__(self, play_context, new_stdin, *args, **kwargs):
|
||||
super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
|
||||
|
||||
self._host = self._play_context.remote_addr
|
||||
|
||||
# Windows operates differently from a POSIX connection/shell plugin,
|
||||
# we need to set various properties to ensure SSH on Windows continues
|
||||
# to work
|
||||
if getattr(self._shell, "_IS_WINDOWS", False):
|
||||
self.has_native_async = True
|
||||
self.always_pipeline_modules = True
|
||||
self.module_implementation_preferences = ('.ps1', '.exe', '')
|
||||
self.allow_executable = False
|
||||
self._timeout = sgelf.get_option('timeout', 10)
|
||||
|
||||
def _connect(self):
|
||||
''' connect to the virtual machine; nothing to do here '''
|
||||
super(Connection, self)._connect()
|
||||
if not self._connected:
|
||||
|
||||
self._virt_uri = self.get_option('virt_uri')
|
||||
|
||||
self._display.vvv(u"CONNECT TO {0}".format(self._virt_uri), host=self._host)
|
||||
try:
|
||||
self.conn = libvirt.open(self._virt_uri)
|
||||
except libvirt.libvirtError as err:
|
||||
self._display.vv(u"ERROR: libvirtError CONNECT TO {0}\n{1}".format(self._virt_uri, to_native(err)), host=self._host)
|
||||
self._connected = False
|
||||
raise AnsibleConnectionFailure(to_native(err))
|
||||
|
||||
self._display.vvv(u"FIND DOMAIN {0}".format(self._host), host=self._host)
|
||||
try:
|
||||
self.domain = self.conn.lookupByName(self._host)
|
||||
except libvirt.libvirtError as err:
|
||||
raise AnsibleConnectionFailure(to_native(err))
|
||||
|
||||
request_cap = json.dumps({'execute': 'guest-info'})
|
||||
response_cap = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_cap, 5, 0))
|
||||
self.capabilities = response_cap['return']['supported_commands']
|
||||
self._display.vvvvv(u"GUEST CAPABILITIES: {0}".format(self.capabilities), host=self._host)
|
||||
missing_caps = []
|
||||
for cap in REQUIRED_CAPABILITIES:
|
||||
if cap not in self.capabilities:
|
||||
missing_caps.append(cap['name'])
|
||||
if len(missing_caps) > 0:
|
||||
self._display.vvv(u"REQUIRED CAPABILITIES MISSING: {0}".format(missing_caps), host=self._host)
|
||||
raise AnsibleConnectionFailure('Domain does not have required capabilities')
|
||||
|
||||
display.vvv(u"ESTABLISH {0} CONNECTION".format(self.transport), host=self._host)
|
||||
self._connected = True
|
||||
|
||||
def exec_command(self, cmd, in_data=None, sudoable=True, timeout=None):
|
||||
""" execute a command on the virtual machine host """
|
||||
super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)
|
||||
|
||||
self._display.vvv(u"EXEC {0}".format(cmd), host=self._host)
|
||||
if timeout is None:
|
||||
timeout = self._timeout
|
||||
|
||||
cmd_args_list = shlex.split(to_native(cmd, errors='surrogate_or_strict'))
|
||||
|
||||
if getattr(self._shell, "_IS_WINDOWS", False):
|
||||
# Become method 'runas' is done in the wrapper that is executed,
|
||||
# need to disable sudoable so the bare_run is not waiting for a
|
||||
# prompt that will not occur
|
||||
sudoable = False
|
||||
|
||||
# Generate powershell commands
|
||||
cmd_args_list = self._shell._encode_script(cmd, as_list=True, strict_mode=False, preserve_rc=False)
|
||||
|
||||
# TODO(odyssey4me):
|
||||
# Implement buffering much like the other connection plugins
|
||||
# Implement 'env' for the environment settings
|
||||
# Implement 'input-data' for whatever it might be useful for
|
||||
request_exec = {
|
||||
'execute': 'guest-exec',
|
||||
'arguments': {
|
||||
'path': cmd_args_list[0],
|
||||
'capture-output': True,
|
||||
'arg': cmd_args_list[1:]
|
||||
}
|
||||
}
|
||||
request_exec_json = json.dumps(request_exec)
|
||||
|
||||
display.vvv("GA send: {0}".format(request_exec_json), host=self._host)
|
||||
# sys.stderr.write("GA send: {0}\n".format(request_exec_json))
|
||||
command_start = time.clock_gettime(time.CLOCK_MONOTONIC)
|
||||
# TODO(odyssey4me):
|
||||
# Add timeout parameter
|
||||
flags = 0
|
||||
try:
|
||||
result_exec = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_exec_json, timeout, flags))
|
||||
except libvirt.libvirtError as err:
|
||||
self._display.vv(u"ERROR: libvirtError EXEC TO {0}\n{1}".format(self._virt_uri, to_native(err)), host=self._host)
|
||||
sys.stderr.write(u"ERROR: libvirtError EXEC TO {0}\n{1}\n".format(self._virt_uri, to_native(err)))
|
||||
self._connected = False
|
||||
raise AnsibleConnectionFailure(to_native(err))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_exec), host=self._host)
|
||||
|
||||
request_status = {
|
||||
'execute': 'guest-exec-status',
|
||||
'arguments': {
|
||||
'pid': result_exec['return']['pid']
|
||||
}
|
||||
}
|
||||
request_status_json = json.dumps(request_status)
|
||||
|
||||
display.vvv(u"GA send: {0}".format(request_status_json), host=self._host)
|
||||
|
||||
# TODO(odyssey4me):
|
||||
# Work out a better way to wait until the command has exited
|
||||
max_time = iMAX_WAIT + time.clock_gettime(time.CLOCK_MONOTONIC)
|
||||
result_status = {
|
||||
'return': dict(exited=False),
|
||||
}
|
||||
while not result_status['return']['exited']:
|
||||
# Wait for 5% of the time already elapsed
|
||||
sleep_time = (time.clock_gettime(time.CLOCK_MONOTONIC) - command_start) * (5 / 100)
|
||||
if sleep_time < 0.0002:
|
||||
sleep_time = 0.0002
|
||||
elif sleep_time > 1:
|
||||
sleep_time = 1
|
||||
time.sleep(sleep_time)
|
||||
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, 5, 0))
|
||||
if time.clock_gettime(time.CLOCK_MONOTONIC) > max_time:
|
||||
err = 'timeout'
|
||||
self._display.vv(u"ERROR: libvirtError EXEC TO {0}\n{1}".format(self._virt_uri, to_native(err)), host=self._host)
|
||||
sys.stderr.write(u"ERROR: libvirtError EXEC TO {0}\n{1}\n".format(self._virt_uri, to_native(err)))
|
||||
self._connected = False
|
||||
raise AnsibleConnectionFailure(to_native(err))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_status), host=self._host)
|
||||
|
||||
while not result_status['return']['exited']:
|
||||
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, 5, 0))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_status), host=self._host)
|
||||
|
||||
if result_status['return'].get('out-data'):
|
||||
stdout = base64.b64decode(result_status['return']['out-data'])
|
||||
else:
|
||||
stdout = b''
|
||||
|
||||
if result_status['return'].get('err-data'):
|
||||
stderr = base64.b64decode(result_status['return']['err-data'])
|
||||
else:
|
||||
stderr = b''
|
||||
|
||||
# Decode xml from windows
|
||||
if getattr(self._shell, "_IS_WINDOWS", False) and stdout.startswith(b"#< CLIXML"):
|
||||
stdout = _parse_clixml(stdout)
|
||||
|
||||
display.vvv(u"GA stdout: {0}".format(to_text(stdout)), host=self._host)
|
||||
display.vvv(u"GA stderr: {0}".format(to_text(stderr)), host=self._host)
|
||||
|
||||
return result_status['return']['exitcode'], stdout, stderr
|
||||
|
||||
def put_file(self, in_path, out_path):
|
||||
''' transfer a file from local to domain '''
|
||||
super(Connection, self).put_file(in_path, out_path)
|
||||
display.vvv("PUT %s TO %s" % (in_path, out_path), host=self._host)
|
||||
|
||||
if not exists(to_bytes(in_path, errors='surrogate_or_strict')):
|
||||
raise AnsibleFileNotFound(
|
||||
"file or module does not exist: %s" % in_path)
|
||||
|
||||
request_handle = {
|
||||
'execute': 'guest-file-open',
|
||||
'arguments': {
|
||||
'path': out_path,
|
||||
'mode': 'wb+'
|
||||
}
|
||||
}
|
||||
request_handle_json = json.dumps(request_handle)
|
||||
|
||||
display.vvv(u"GA send: {0}".format(request_handle_json), host=self._host)
|
||||
|
||||
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, 5, 0))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_handle), host=self._host)
|
||||
|
||||
# TODO(odyssey4me):
|
||||
# Handle exception for file/path IOError
|
||||
with open(to_bytes(in_path, errors='surrogate_or_strict'), 'rb') as in_file:
|
||||
for chunk in iter(partial(in_file.read, BUFSIZE), b''):
|
||||
try:
|
||||
request_write = {
|
||||
'execute': 'guest-file-write',
|
||||
'arguments': {
|
||||
'handle': result_handle['return'],
|
||||
'buf-b64': base64.b64encode(chunk).decode()
|
||||
}
|
||||
}
|
||||
request_write_json = json.dumps(request_write)
|
||||
|
||||
display.vvvvv(u"GA send: {0}".format(request_write_json), host=self._host)
|
||||
|
||||
result_write = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_write_json, 5, 0))
|
||||
|
||||
display.vvvvv(u"GA return: {0}".format(result_write), host=self._host)
|
||||
|
||||
except Exception:
|
||||
traceback.print_exc()
|
||||
raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
|
||||
|
||||
request_close = {
|
||||
'execute': 'guest-file-close',
|
||||
'arguments': {
|
||||
'handle': result_handle['return']
|
||||
}
|
||||
}
|
||||
request_close_json = json.dumps(request_close)
|
||||
|
||||
display.vvv(u"GA send: {0}".format(request_close_json), host=self._host)
|
||||
|
||||
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, 5, 0))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_close), host=self._host)
|
||||
|
||||
def fetch_file(self, in_path, out_path):
|
||||
''' fetch a file from domain to local '''
|
||||
super(Connection, self).fetch_file(in_path, out_path)
|
||||
display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self._host)
|
||||
|
||||
request_handle = {
|
||||
'execute': 'guest-file-open',
|
||||
'arguments': {
|
||||
'path': in_path,
|
||||
'mode': 'r'
|
||||
}
|
||||
}
|
||||
request_handle_json = json.dumps(request_handle)
|
||||
|
||||
display.vvv(u"GA send: {0}".format(request_handle_json), host=self._host)
|
||||
|
||||
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, 5, 0))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_handle), host=self._host)
|
||||
|
||||
request_read = {
|
||||
'execute': 'guest-file-read',
|
||||
'arguments': {
|
||||
'handle': result_handle['return'],
|
||||
'count': BUFSIZE
|
||||
}
|
||||
}
|
||||
request_read_json = json.dumps(request_read)
|
||||
|
||||
display.vvv(u"GA send: {0}".format(request_read_json), host=self._host)
|
||||
|
||||
with open(to_bytes(out_path, errors='surrogate_or_strict'), 'wb+') as out_file:
|
||||
try:
|
||||
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, 5, 0))
|
||||
display.vvvvv(u"GA return: {0}".format(result_read), host=self._host)
|
||||
out_file.write(base64.b64decode(result_read['return']['buf-b64']))
|
||||
while not result_read['return']['eof']:
|
||||
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, 5, 0))
|
||||
display.vvvvv(u"GA return: {0}".format(result_read), host=self._host)
|
||||
out_file.write(base64.b64decode(result_read['return']['buf-b64']))
|
||||
|
||||
except Exception:
|
||||
traceback.print_exc()
|
||||
raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
|
||||
|
||||
request_close = {
|
||||
'execute': 'guest-file-close',
|
||||
'arguments': {
|
||||
'handle': result_handle['return']
|
||||
}
|
||||
}
|
||||
request_close_json = json.dumps(request_close)
|
||||
|
||||
display.vvv(u"GA send: {0}".format(request_close_json), host=self._host)
|
||||
|
||||
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, 5, 0))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_close), host=self._host)
|
||||
|
||||
def close(self):
|
||||
''' terminate the connection; nothing to do here '''
|
||||
super(Connection, self).close()
|
||||
self._connected = False
|
@ -42,7 +42,7 @@ DOCUMENTATION = """
|
||||
description: timeout for libvirt to connect to access the virtual machine
|
||||
required: false
|
||||
type: int
|
||||
default: 5
|
||||
default: 10
|
||||
"""
|
||||
|
||||
import base64
|
||||
@ -98,7 +98,7 @@ class Connection(ConnectionBase):
|
||||
self.always_pipeline_modules = True
|
||||
self.module_implementation_preferences = ('.ps1', '.exe', '')
|
||||
self.allow_executable = False
|
||||
self._timeout = self.get_option('timeout', 5)
|
||||
self._timeout = self.get_option('timeout', 10)
|
||||
|
||||
def _connect(self):
|
||||
''' connect to the virtual machine; nothing to do here '''
|
||||
@ -122,7 +122,7 @@ class Connection(ConnectionBase):
|
||||
raise AnsibleConnectionFailure(to_native(err))
|
||||
|
||||
request_cap = json.dumps({'execute': 'guest-info'})
|
||||
response_cap = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_cap, 5, 0))
|
||||
response_cap = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_cap, self._timeout, 0))
|
||||
self.capabilities = response_cap['return']['supported_commands']
|
||||
self._display.vvvvv(u"GUEST CAPABILITIES: {0}".format(self.capabilities), host=self._host)
|
||||
missing_caps = []
|
||||
@ -201,7 +201,9 @@ class Connection(ConnectionBase):
|
||||
result_status = {
|
||||
'return': dict(exited=False),
|
||||
}
|
||||
while not result_status['return']['exited']:
|
||||
i=0
|
||||
while not result_status['return']['exited'] and i < 20:
|
||||
i = i + 1
|
||||
# Wait for 5% of the time already elapsed
|
||||
sleep_time = (time.clock_gettime(time.CLOCK_MONOTONIC) - command_start) * (5 / 100)
|
||||
if sleep_time < 0.0002:
|
||||
@ -209,7 +211,7 @@ class Connection(ConnectionBase):
|
||||
elif sleep_time > 1:
|
||||
sleep_time = 1
|
||||
time.sleep(sleep_time)
|
||||
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, 5, 0))
|
||||
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, self._timeout, 0))
|
||||
if time.clock_gettime(time.CLOCK_MONOTONIC) > max_time:
|
||||
err = 'timeout'
|
||||
self._display.vv(u"ERROR: libvirtError EXEC TO {0}\n{1}".format(self._virt_uri, to_native(err)), host=self._host)
|
||||
@ -220,7 +222,7 @@ class Connection(ConnectionBase):
|
||||
display.vvv(u"GA return: {0}".format(result_status), host=self._host)
|
||||
|
||||
while not result_status['return']['exited']:
|
||||
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, 5, 0))
|
||||
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, self._timeout, 0))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_status), host=self._host)
|
||||
|
||||
@ -263,7 +265,7 @@ class Connection(ConnectionBase):
|
||||
|
||||
display.vvv(u"GA send: {0}".format(request_handle_json), host=self._host)
|
||||
|
||||
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, 5, 0))
|
||||
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, self._timeout, 0))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_handle), host=self._host)
|
||||
|
||||
@ -283,7 +285,7 @@ class Connection(ConnectionBase):
|
||||
|
||||
display.vvvvv(u"GA send: {0}".format(request_write_json), host=self._host)
|
||||
|
||||
result_write = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_write_json, 5, 0))
|
||||
result_write = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_write_json, self._timeout, 0))
|
||||
|
||||
display.vvvvv(u"GA return: {0}".format(result_write), host=self._host)
|
||||
|
||||
@ -301,7 +303,7 @@ class Connection(ConnectionBase):
|
||||
|
||||
display.vvv(u"GA send: {0}".format(request_close_json), host=self._host)
|
||||
|
||||
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, 5, 0))
|
||||
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, self._timeout, 0))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_close), host=self._host)
|
||||
|
||||
@ -321,7 +323,7 @@ class Connection(ConnectionBase):
|
||||
|
||||
display.vvv(u"GA send: {0}".format(request_handle_json), host=self._host)
|
||||
|
||||
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, 5, 0))
|
||||
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, self._timeout, 0))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_handle), host=self._host)
|
||||
|
||||
@ -338,11 +340,11 @@ class Connection(ConnectionBase):
|
||||
|
||||
with open(to_bytes(out_path, errors='surrogate_or_strict'), 'wb+') as out_file:
|
||||
try:
|
||||
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, 5, 0))
|
||||
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, self._timeout, 0))
|
||||
display.vvvvv(u"GA return: {0}".format(result_read), host=self._host)
|
||||
out_file.write(base64.b64decode(result_read['return']['buf-b64']))
|
||||
while not result_read['return']['eof']:
|
||||
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, 5, 0))
|
||||
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, self._timeout, 0))
|
||||
display.vvvvv(u"GA return: {0}".format(result_read), host=self._host)
|
||||
out_file.write(base64.b64decode(result_read['return']['buf-b64']))
|
||||
|
||||
@ -360,7 +362,7 @@ class Connection(ConnectionBase):
|
||||
|
||||
display.vvv(u"GA send: {0}".format(request_close_json), host=self._host)
|
||||
|
||||
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, 5, 0))
|
||||
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, self._timeout, 0))
|
||||
|
||||
display.vvv(u"GA return: {0}".format(result_close), host=self._host)
|
||||
|
||||
|
@ -14,7 +14,7 @@ AGI_PROXY_MODE: "{{PROXY_MODE|default('')}}"
|
||||
|
||||
AGI_use_local_kernel: false
|
||||
AGI_install_disklabel: msdos
|
||||
AGI_install_timezone: UTC
|
||||
AGI_install_timezone: "{{ BASE_TIMEZONE|default('Etc/UTC') }}"
|
||||
AGI_install_locales:
|
||||
- en_US ISO-8859-1
|
||||
- en_US.UTF-8 UTF-8
|
||||
@ -28,9 +28,9 @@ AGI_install_network_interfaces:
|
||||
config: dhcp
|
||||
AGI_container_disk: /dev/vda
|
||||
|
||||
AGI_install_syslog_daemon: syslog-ng # app-admin/sysklogd
|
||||
AGI_install_cron_daemon: cronie
|
||||
AGI_install_bootloader: syslinux
|
||||
AGI_install_syslog_daemon: syslog-ng # sysklogd
|
||||
AGI_install_cron_daemon: cronie #
|
||||
AGI_install_bootloader: syslinux # grub:2
|
||||
|
||||
AGI_install_syslinux_kernel_line:
|
||||
# this is required I think
|
||||
@ -48,11 +48,11 @@ AGI_install_syslinux_kernel_line:
|
||||
# =0x37f works too
|
||||
- vga=789
|
||||
# these may not all be needed or useful in a container
|
||||
- pti=on
|
||||
- iommu=pt
|
||||
- amd_iommu=on
|
||||
- intel_iommu=on
|
||||
- debug
|
||||
# - pti=on
|
||||
# - iommu=pt
|
||||
# - amd_iommu=on
|
||||
# - intel_iommu=on
|
||||
# - debug
|
||||
|
||||
# remove the unused ones:
|
||||
AGI_install_syslinux_c32:
|
||||
|
171
roles/ansible-gentoo_install/files/firewall.conf
Normal file
171
roles/ansible-gentoo_install/files/firewall.conf
Normal file
@ -0,0 +1,171 @@
|
||||
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||
*mangle
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
:LIBVIRT_PRT - [0:0]
|
||||
-A INPUT -j LOG --log-prefix "iptables_libvirt mangle-i: " --log-uid
|
||||
-A POSTROUTING -j LIBVIRT_PRT
|
||||
COMMIT
|
||||
# Completed on Wed Nov 4 01:14:37 2020
|
||||
|
||||
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
:LIBVIRT_PRT - [0:0]
|
||||
|
||||
# was ! -o lo
|
||||
-A OUTPUT -o wlan6 -p tcp --dport 53 -m tcp -j DNAT --to-destination 127.0.0.1:53
|
||||
-A OUTPUT -o wlan6 -p udp --dport 53 -m udp -j DNAT --to-destination 127.0.0.1:53
|
||||
|
||||
# .onion mapped addresses redirection to Tor.
|
||||
-A OUTPUT -d 172.16.0.0/12 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
|
||||
## Log.
|
||||
-A INPUT -j LOG --log-prefix "iptables_libvirt_nat-i: " --log-uid
|
||||
-A POSTROUTING -j LIBVIRT_PRT
|
||||
-A LIBVIRT_PRT -s 10.0.2.0/24 -d 224.0.0.0/24 -j RETURN
|
||||
-A LIBVIRT_PRT -s 10.0.2.0/24 -d 255.255.255.255/32 -j RETURN
|
||||
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
|
||||
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
|
||||
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -j MASQUERADE
|
||||
COMMIT
|
||||
# Completed on Wed Nov 4 01:14:37 2020
|
||||
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||
*filter
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD DROP [0:0]
|
||||
:OUTPUT DROP [0:0]
|
||||
:LIBVIRT_FWI - [0:0]
|
||||
:LIBVIRT_FWO - [0:0]
|
||||
:LIBVIRT_FWX - [0:0]
|
||||
:LIBVIRT_INP - [0:0]
|
||||
:LIBVIRT_OUT - [0:0]
|
||||
|
||||
## DROP PACKETS WITH INCOMING FRAGMENTS. THIS ATTACK ONCE RESULTED IN KERNEL PANICS
|
||||
-A INPUT -f -j DROP
|
||||
## DROP INCOMING MALFORMED XMAS PACKETS
|
||||
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP
|
||||
## DROP INCOMING MALFORMED NULL PACKETS
|
||||
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
|
||||
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
## Traffic on the loopback interface is accepted.
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
## Established incoming connections are accepted. RELATED?
|
||||
-A INPUT -m state --state ESTABLISHED -j ACCEPT
|
||||
### this is required for outgoing pings
|
||||
-A INPUT -i wlan6 -p icmp -j LOG --log-prefix "iptables_icmp_ACCEPT-i: " --log-uid
|
||||
-A INPUT -i wlan6 -p icmp -j ACCEPT
|
||||
|
||||
# let dhcp through? - YES
|
||||
-A INPUT -i wlan6 -p udp -m udp --sport 137 -j DROP
|
||||
-A INPUT -i wlan6 -p udp -m udp --sport 138 -j DROP
|
||||
-A INPUT -i wlan6 -p udp -m udp --sport 139 -j DROP
|
||||
-A INPUT -i wlan6 -p tcp --sport 9055 -j DROP
|
||||
-A INPUT -i wlan6 -p tcp --sport 9054 -j DROP
|
||||
-A INPUT -i wlan6 -p tcp --sport 9053 -j DROP
|
||||
-A INPUT -i wlan6 -p tcp --sport 9051 -j DROP
|
||||
-A INPUT -i wlan6 -p udp --sport 53 -j ACCEPT
|
||||
|
||||
# SRC=0.0.0.0 DST=255.255.255.255 PROTO=UDP SPT=68 DPT=67
|
||||
-A INPUT -j LOG --log-prefix "iptables_libvirt_jLIBVIRT_INP-i: " --log-uid
|
||||
# -A INPUT -i wlan6 -p udp -j DROP
|
||||
-A INPUT -i wlan6 -j DROP
|
||||
|
||||
-A INPUT -j LIBVIRT_INP
|
||||
|
||||
-A FORWARD -j LIBVIRT_FWX
|
||||
-A FORWARD -j LIBVIRT_FWI
|
||||
-A FORWARD -j LIBVIRT_FWO
|
||||
#d#-A OUTPUT -o wlan6 -p icmp -j LOG --log-prefix iptables_icmp_ACCEPT-o: --log-uid
|
||||
## Traffic on the loopback interface is accepted.
|
||||
-A OUTPUT -o lo -j ACCEPT
|
||||
|
||||
## Existing connections are accepted.
|
||||
-A OUTPUT -m state --state ESTABLISHED -j ACCEPT
|
||||
-A OUTPUT -o wlan6 -p icmp -j LOG --log-prefix "iptables_icmp_ACCEPT-o: " --log-uid
|
||||
-A OUTPUT -o wlan6 -p icmp -j ACCEPT
|
||||
# st-routers.mcast.net.
|
||||
-A OUTPUT -o wlan6 -p udp -d 224.0.0.0/8 -j REJECT
|
||||
|
||||
## Accept outgoing connections to local network, Whonix-Workstation and VirtualBox,
|
||||
-A OUTPUT -d 192.168.1.0/24 -j ACCEPT
|
||||
-A OUTPUT -d 10.0.2.0/24 -j ACCEPT
|
||||
|
||||
# gateway
|
||||
#-A OUTPUT -d 10.0.2.0/24 -j ACCEPT
|
||||
|
||||
-A OUTPUT -o wlan6 -d 10.16.238.0/24 -j ACCEPT
|
||||
-A OUTPUT -o wlan6 -d 10.0.0.0/8 -j DROP
|
||||
-A OUTPUT -o wlan6 -d 172.16.0.0/12 -j DROP
|
||||
#-A OUTPUT -o wlan6 -d 192.168.0.0/16 -j DROP
|
||||
-A OUTPUT -o wlan6 -d 224.0.0.0/4 -j DROP
|
||||
-A OUTPUT -o wlan6 -d 240.0.0.0/5 -j DROP
|
||||
|
||||
# The ntp user is allowed to connect to services listening on the ntp port...
|
||||
# If root runs ntpdate manually you will see requests to port 53 UID=0
|
||||
#-A OUTPUT -o wlan6 -m owner --gid-owner 226 -p udp --dport 123 -j LOG --log-uid --log-prefix "iptables_123_ACCEPT-o: "
|
||||
-A OUTPUT -o wlan6 -m owner --gid-owner 226 -p UDP --dport 123 -j ACCEPT
|
||||
-A OUTPUT -o wlan6 -m owner --uid-owner 0 -p UDP --dport 123 -j ACCEPT
|
||||
#-A OUTPUT -o wlan6 -m tcp -p TCP --dport 22 -j LOG --log-uid --log-prefix "IPTABLES_ssh_REJECT: "
|
||||
-A OUTPUT -o wlan6 -m tcp -p TCP --dport 22 -j REJECT --reject-with icmp-port-unreachable
|
||||
#test-A OUTPUT -o virbr1 -m tcp -p TCP --dport 22 -j LOG --log-uid --log-prefix "iptables_: "
|
||||
-A OUTPUT -o wlan6 -m owner -p tcp --gid-owner 216 -j ACCEPT
|
||||
-A OUTPUT -o wlan6 -m owner --gid-owner 1 -j ACCEPT
|
||||
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 22 -j ACCEPT
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9028 -j LOG --log-uid --log-prefix "iptables_: "
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9028 -j ACCEPT
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9040 -j LOG --log-uid --log-prefix "iptables_: "
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9040 -j ACCEPT
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9050 -j LOG --log-uid --log-prefix "iptables_: "
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9050 -j ACCEPT
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9053 -j LOG --log-uid --log-prefix "iptables_: "
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9053 -j ACCEPT
|
||||
-A OUTPUT -o virbr1 -m udp -p udp --dport 9053 -j ACCEPT
|
||||
-A OUTPUT -j LIBVIRT_OUT
|
||||
-A LIBVIRT_FWI -o virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWI_REJECT-o: "
|
||||
-A LIBVIRT_FWI -o virbr2 -j REJECT --reject-with icmp-port-unreachable
|
||||
|
||||
-A LIBVIRT_FWI -d 10.0.2.0/24 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
-A LIBVIRT_FWI -o virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWI_REJECT-o: "
|
||||
-A LIBVIRT_FWI -o virbr1 -j REJECT --reject-with icmp-port-unreachable
|
||||
|
||||
-A LIBVIRT_FWO -i virbr2 -j LOG --log-uid --log-prefix "IPTABLES_FWO_REJECT-i: "
|
||||
-A LIBVIRT_FWO -i virbr2 -j REJECT --reject-with icmp-port-unreachable
|
||||
|
||||
-A LIBVIRT_FWO -s 10.0.2.0/24 -i virbr1 -j ACCEPT
|
||||
|
||||
-A LIBVIRT_FWO -i virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWO_REJECT-i: "
|
||||
-A LIBVIRT_FWO -i virbr1 -j REJECT --reject-with icmp-port-unreachable
|
||||
|
||||
-A LIBVIRT_FWX -i virbr2 -o virbr2 -j ACCEPT
|
||||
-A LIBVIRT_FWX -i virbr1 -o virbr1 -j ACCEPT
|
||||
|
||||
-A LIBVIRT_INP -i virbr2 -p udp -m udp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr2 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr2 -p udp -m udp --dport 67 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr2 -p tcp -m tcp --dport 67 -j ACCEPT
|
||||
|
||||
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 67 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 67 -j ACCEPT
|
||||
|
||||
-A LIBVIRT_OUT -o virbr2 -p udp -m udp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr2 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr2 -p udp -m udp --dport 68 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr2 -p tcp -m tcp --dport 68 -j ACCEPT
|
||||
|
||||
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 68 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 68 -j ACCEPT
|
||||
COMMIT
|
||||
# Completed on Wed Nov 4 01:14:37 2020
|
@ -42,8 +42,8 @@
|
||||
label pentoo2019-Pen19-6.1.52-pentoo_2023_09_30_0x037f
|
||||
menu label pentoo2019_Pen19_6.1.52-pentoo_2023_09_30_0x037f
|
||||
menu default
|
||||
kernel vmlinuz-6.1.52-pentoo_2023_09_30
|
||||
INITRD initramfs-pentoo-x86_64-6.1.52-pentoo_2023_09_30.img
|
||||
kernel /vmlinuz-6.1.52-pentoo_2023_09_30
|
||||
INITRD /initramfs-pentoo-x86_64-6.1.52-pentoo_2023_09_30.img
|
||||
# was vga=0x315
|
||||
APPEND root=LABEL=root {{''.join(AGI_install_syslinux_kernel_commands)}}
|
||||
|
||||
@ -106,7 +106,39 @@
|
||||
-i /etc/default/grub
|
||||
grub-script-check /etc/default/grub
|
||||
|
||||
when: AGI_install_bootloader == 'grub:2'
|
||||
- name: roles/ansible-gentoo_install/tasks/
|
||||
shell: |
|
||||
LINE="rd.skipfsck=1 ipv6.disable=1 console=ttys0 lang=en keymap=us "
|
||||
# LINE="$LINE pti=on doscsi iommu=pt amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none "
|
||||
LINE="$LINE intel_iommu=on vga=0x315 text
|
||||
df | grep /boot || mount /dev/vda1 /boot
|
||||
[ -d /boot/grub ] || exit 2
|
||||
[ -f /boot/grub/grub.cfg ] || exit 3
|
||||
cd /
|
||||
# boot/initramfs-pentoo-x86_64-6.1.52-pentoo_2023_09_30.img
|
||||
|
||||
- name: /etc/default/grub
|
||||
lineinfile:
|
||||
dest: /etc/default/grub
|
||||
line: '{{item.from}}="{{item.to}}"'
|
||||
regexp: '^#*{{item.from}}=.*'
|
||||
with_items:
|
||||
# Append parameters to the linux kernel command line for non-recovery entries
|
||||
- from: GRUB_CMDLINE_LINUX_DEFAULT
|
||||
to: " rd.skipfsck=1 ipv6.disable=1 console=ttyS0 lang=en keymap=us intel_iommu=on vga=0x315 text"
|
||||
# The resolution used on graphical terminal.
|
||||
# Note that you can use only modes which your graphic card supports via VBE.
|
||||
# You can see them in real GRUB with the command `vbeinfo'.
|
||||
- from: GRUB_GFXMODE
|
||||
to: 640x480
|
||||
# Set to 'text' to force the Linux kernel to boot in normal text
|
||||
- from: GRUB_GFXPAYLOAD_LINUX
|
||||
to: text
|
||||
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel
|
||||
- from: GRUB_DISABLE_LINUX_UUID
|
||||
to: true
|
||||
|
||||
when: AGI_install_bootloader == 'grub:2'
|
||||
|
||||
- name: fstab root
|
||||
lineinfile:
|
||||
@ -151,54 +183,36 @@
|
||||
dest: /etc/conf.d/consolefont
|
||||
line: 'consolefont="ter-v{{AGI_consolefont_font_size}}b"'
|
||||
regexp: '^consolefont=.*'
|
||||
|
||||
- name: /etc/default/grub
|
||||
lineinfile:
|
||||
dest: /etc/default/grub
|
||||
line: '{{item.from}}="{{item.to}}"'
|
||||
regexp: '^#*{{item.from}}=.*'
|
||||
with_items:
|
||||
# Append parameters to the linux kernel command line for non-recovery entries
|
||||
- from: GRUB_CMDLINE_LINUX_DEFAULT
|
||||
to: " rd.skipfsck=1 ipv6.disable=1 console=tty1 lang=en keymap=us intel_iommu=on vga=0x315 text"
|
||||
# The resolution used on graphical terminal.
|
||||
# Note that you can use only modes which your graphic card supports via VBE.
|
||||
# You can see them in real GRUB with the command `vbeinfo'.
|
||||
- from: GRUB_GFXMODE
|
||||
to: 640x480
|
||||
# Set to 'text' to force the Linux kernel to boot in normal text
|
||||
- from: GRUB_GFXPAYLOAD_LINUX
|
||||
to: text
|
||||
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel
|
||||
- from: GRUB_DISABLE_LINUX_UUID
|
||||
to: true
|
||||
|
||||
- name: roles/ansible-gentoo_install/tasks/
|
||||
shell: |
|
||||
LINE="rd.skipfsck=1 ipv6.disable=1 console=tty1 lang=en keymap=us "
|
||||
# LINE="$LINE pti=on doscsi iommu=pt amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none "
|
||||
LINE="$LINE intel_iommu=on vga=0x315 text
|
||||
df | grep /boot || mount /dev/vda1 /boot
|
||||
[ -d /boot/grub ] || exit 2
|
||||
[ -f /boot/grub/grub.cfg ] || exit 3
|
||||
cd /
|
||||
# ln -s boot/vmlinuz* vmlinuz
|
||||
# boot/initramfs-pentoo-x86_64-6.1.52-pentoo_2023_09_30.img
|
||||
ln -s boot/initramfs* initrd.img
|
||||
|
||||
|
||||
- name: consolefont
|
||||
shell: |
|
||||
cat >> /etc/rc.local << EOF
|
||||
grep -q /etc/init.d/consolefont /etc/rc.local || \
|
||||
cat >> /etc/rc.local << EOF
|
||||
#!/bin/sh
|
||||
/etc/init.d consolefont stop
|
||||
/etc/init.d consolefont start
|
||||
stty -F /dev/tty1 cols 80 rows 24
|
||||
# these are right for ter-v28b consolefont
|
||||
if tty|grep -q /dev/ttyS0 ; then
|
||||
stty cols 80 rows 35
|
||||
elif tty|grep -q /dev/tty[1-6] ; then
|
||||
stty cols 80 rows 22
|
||||
fi
|
||||
EOF
|
||||
bash /etc/rc.local
|
||||
chmod 755 /etc/rc.local
|
||||
ignore_errors: true
|
||||
|
||||
- name: rc-update add bootlogd boot
|
||||
shell: |
|
||||
[ -d /etc/modules-load.d ] || mkdir /etc/modules-load.d
|
||||
[ -f /etc/modules-load.d/virtio.conf ] || \
|
||||
echo "{{'\n'.join(AGI_bootstrap_modules)}}" \
|
||||
> /etc/modules-load.d/virtio.conf
|
||||
rc-update add consolefont
|
||||
rc-update | grep -q 'bootlogd .* boot' || \
|
||||
rc-update add bootlogd boot
|
||||
grep -q '^s0:' /etc/inittab || \
|
||||
sed -e 's/^#s0:/s0:/' /etc/inittab
|
||||
|
||||
|
||||
exit 0
|
||||
|
||||
|
@ -18,9 +18,11 @@
|
||||
|
||||
- name: copy resolv.conf into chroot
|
||||
copy:
|
||||
src: /etc/resolv.conf
|
||||
dest: "{{AGI_NBD_MP}}/etc/resolv.conf"
|
||||
src: "/{{item}}"
|
||||
dest: "{{AGI_NBD_MP}}/{{item}}"
|
||||
mode: '0644'
|
||||
remote_src: yes
|
||||
with_items: "{{AGI_bootstrap_files}}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: mount /proc in chroot
|
||||
|
23
roles/ansible-gentoo_install/tasks/libvirt.yml
Normal file
23
roles/ansible-gentoo_install/tasks/libvirt.yml
Normal file
@ -0,0 +1,23 @@
|
||||
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
||||
# localhost
|
||||
---
|
||||
- name: "DEBUG: ansible-gentoo_install libvirt"
|
||||
debug:
|
||||
verbosity: 1
|
||||
msg: "DEBUG: ansible-gentoo_install libvirt"
|
||||
|
||||
- name: test we are NOT in the chroot
|
||||
shell: |
|
||||
[ -n "{{AGI_NBD_MP}}" ] || exit 2
|
||||
[ -d "{{AGI_NBD_MP}}" ] || exit 3
|
||||
check_mode: false
|
||||
|
||||
# - name: setup libvirt network
|
||||
# - name: setup libvirt iptables
|
||||
# net.ipv4.conf.virbr1.forwarding = 1
|
||||
# net.ipv4.ip_forward = 1
|
||||
# mkdir /etc/libvirt/qemu
|
||||
# qemu-ga -D > /etc/libvirt/qemu/qemu-ga.conf
|
||||
# for elt in unix-listen virtio-serial isa-serial vsock-listen ; do
|
||||
# /etc/conf.d/qemu-ga
|
||||
|
@ -85,6 +85,7 @@
|
||||
state: mounted
|
||||
check_mode: false
|
||||
|
||||
- include: libvirt.yml
|
||||
- include: tarball.yml
|
||||
- include: copy.yml
|
||||
when: AGI_use_local_kernel
|
||||
|
@ -131,13 +131,10 @@
|
||||
var: ansible_gentooimgr_out
|
||||
|
||||
check_mode: false
|
||||
when:
|
||||
- ansible_connection in ['chroot', 'local', 'libvirt_qemu']
|
||||
- ansible_distribution == 'Gentoo' or BOX_GENTOO_FROM_MP not in ['/', '']
|
||||
# - nbd_disk|default('') == AGI_NBD_DISK
|
||||
|
||||
- name: include_tasks local.yml
|
||||
include_tasks: local.yml
|
||||
- name: include_tasks local.yml
|
||||
include_tasks: local.yml
|
||||
|
||||
when:
|
||||
- ansible_connection in ['chroot', 'local']
|
||||
- ansible_distribution == 'Gentoo' or BOX_GENTOO_FROM_MP not in ['/', '']
|
||||
|
@ -15,6 +15,10 @@
|
||||
for elt in {{ AGI_bootstrap_mountpoints|join(' ') }} ; do
|
||||
[ -d $elt ] || mkdir $elt
|
||||
done
|
||||
# 700 files from ansible umask
|
||||
find /usr/local/*bin/ /usr/local/etc/ -name '*sh' -exec chmod 755 {} \;
|
||||
find /usr/local/ -type f -exec chown ${BOX_USER_NAME}:${BOX_USER_GROUP} {} \;
|
||||
|
||||
exit 0
|
||||
when: AGI_bootstrap_mountpoints|default([])|length > 0
|
||||
|
||||
@ -32,7 +36,7 @@
|
||||
dest: /etc/localtime
|
||||
src: /usr/share/zoneinfo/{{ AGI_install_timezone }}
|
||||
state: link
|
||||
force: yes
|
||||
force: no
|
||||
|
||||
- name: configure locales
|
||||
lineinfile:
|
||||
|
@ -0,0 +1,171 @@
|
||||
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||
*mangle
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
:LIBVIRT_PRT - [0:0]
|
||||
-A INPUT -j LOG --log-prefix "iptables_libvirt mangle-i: " --log-uid
|
||||
-A POSTROUTING -j LIBVIRT_PRT
|
||||
COMMIT
|
||||
# Completed on Wed Nov 4 01:14:37 2020
|
||||
|
||||
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
:LIBVIRT_PRT - [0:0]
|
||||
|
||||
# was ! -o lo
|
||||
-A OUTPUT -o wlan6 -p tcp --dport 53 -m tcp -j DNAT --to-destination 127.0.0.1:53
|
||||
-A OUTPUT -o wlan6 -p udp --dport 53 -m udp -j DNAT --to-destination 127.0.0.1:53
|
||||
|
||||
# .onion mapped addresses redirection to Tor.
|
||||
-A OUTPUT -d 172.16.0.0/12 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
|
||||
## Log.
|
||||
-A INPUT -j LOG --log-prefix "iptables_libvirt_nat-i: " --log-uid
|
||||
-A POSTROUTING -j LIBVIRT_PRT
|
||||
-A LIBVIRT_PRT -s 10.0.2.0/24 -d 224.0.0.0/24 -j RETURN
|
||||
-A LIBVIRT_PRT -s 10.0.2.0/24 -d 255.255.255.255/32 -j RETURN
|
||||
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
|
||||
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
|
||||
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -j MASQUERADE
|
||||
COMMIT
|
||||
# Completed on Wed Nov 4 01:14:37 2020
|
||||
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||
*filter
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD DROP [0:0]
|
||||
:OUTPUT DROP [0:0]
|
||||
:LIBVIRT_FWI - [0:0]
|
||||
:LIBVIRT_FWO - [0:0]
|
||||
:LIBVIRT_FWX - [0:0]
|
||||
:LIBVIRT_INP - [0:0]
|
||||
:LIBVIRT_OUT - [0:0]
|
||||
|
||||
## DROP PACKETS WITH INCOMING FRAGMENTS. THIS ATTACK ONCE RESULTED IN KERNEL PANICS
|
||||
-A INPUT -f -j DROP
|
||||
## DROP INCOMING MALFORMED XMAS PACKETS
|
||||
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP
|
||||
## DROP INCOMING MALFORMED NULL PACKETS
|
||||
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
|
||||
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
## Traffic on the loopback interface is accepted.
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
## Established incoming connections are accepted. RELATED?
|
||||
-A INPUT -m state --state ESTABLISHED -j ACCEPT
|
||||
### this is required for outgoing pings
|
||||
-A INPUT -i wlan6 -p icmp -j LOG --log-prefix "iptables_icmp_ACCEPT-i: " --log-uid
|
||||
-A INPUT -i wlan6 -p icmp -j ACCEPT
|
||||
|
||||
# let dhcp through? - YES
|
||||
-A INPUT -i wlan6 -p udp -m udp --sport 137 -j DROP
|
||||
-A INPUT -i wlan6 -p udp -m udp --sport 138 -j DROP
|
||||
-A INPUT -i wlan6 -p udp -m udp --sport 139 -j DROP
|
||||
-A INPUT -i wlan6 -p tcp --sport 9055 -j DROP
|
||||
-A INPUT -i wlan6 -p tcp --sport 9054 -j DROP
|
||||
-A INPUT -i wlan6 -p tcp --sport 9053 -j DROP
|
||||
-A INPUT -i wlan6 -p tcp --sport 9051 -j DROP
|
||||
-A INPUT -i wlan6 -p udp --sport 53 -j ACCEPT
|
||||
|
||||
# SRC=0.0.0.0 DST=255.255.255.255 PROTO=UDP SPT=68 DPT=67
|
||||
-A INPUT -j LOG --log-prefix "iptables_libvirt_jLIBVIRT_INP-i: " --log-uid
|
||||
# -A INPUT -i wlan6 -p udp -j DROP
|
||||
-A INPUT -i wlan6 -j DROP
|
||||
|
||||
-A INPUT -j LIBVIRT_INP
|
||||
|
||||
-A FORWARD -j LIBVIRT_FWX
|
||||
-A FORWARD -j LIBVIRT_FWI
|
||||
-A FORWARD -j LIBVIRT_FWO
|
||||
#d#-A OUTPUT -o wlan6 -p icmp -j LOG --log-prefix iptables_icmp_ACCEPT-o: --log-uid
|
||||
## Traffic on the loopback interface is accepted.
|
||||
-A OUTPUT -o lo -j ACCEPT
|
||||
|
||||
## Existing connections are accepted.
|
||||
-A OUTPUT -m state --state ESTABLISHED -j ACCEPT
|
||||
-A OUTPUT -o wlan6 -p icmp -j LOG --log-prefix "iptables_icmp_ACCEPT-o: " --log-uid
|
||||
-A OUTPUT -o wlan6 -p icmp -j ACCEPT
|
||||
# st-routers.mcast.net.
|
||||
-A OUTPUT -o wlan6 -p udp -d 224.0.0.0/8 -j REJECT
|
||||
|
||||
## Accept outgoing connections to local network, Whonix-Workstation and VirtualBox,
|
||||
-A OUTPUT -d 192.168.1.0/24 -j ACCEPT
|
||||
-A OUTPUT -d 10.0.2.0/24 -j ACCEPT
|
||||
|
||||
# gateway
|
||||
#-A OUTPUT -d 10.0.2.0/24 -j ACCEPT
|
||||
|
||||
-A OUTPUT -o wlan6 -d 10.16.238.0/24 -j ACCEPT
|
||||
-A OUTPUT -o wlan6 -d 10.0.0.0/8 -j DROP
|
||||
-A OUTPUT -o wlan6 -d 172.16.0.0/12 -j DROP
|
||||
#-A OUTPUT -o wlan6 -d 192.168.0.0/16 -j DROP
|
||||
-A OUTPUT -o wlan6 -d 224.0.0.0/4 -j DROP
|
||||
-A OUTPUT -o wlan6 -d 240.0.0.0/5 -j DROP
|
||||
|
||||
# The ntp user is allowed to connect to services listening on the ntp port...
|
||||
# If root runs ntpdate manually you will see requests to port 53 UID=0
|
||||
#-A OUTPUT -o wlan6 -m owner --gid-owner 226 -p udp --dport 123 -j LOG --log-uid --log-prefix "iptables_123_ACCEPT-o: "
|
||||
-A OUTPUT -o wlan6 -m owner --gid-owner 226 -p UDP --dport 123 -j ACCEPT
|
||||
-A OUTPUT -o wlan6 -m owner --uid-owner 0 -p UDP --dport 123 -j ACCEPT
|
||||
#-A OUTPUT -o wlan6 -m tcp -p TCP --dport 22 -j LOG --log-uid --log-prefix "IPTABLES_ssh_REJECT: "
|
||||
-A OUTPUT -o wlan6 -m tcp -p TCP --dport 22 -j REJECT --reject-with icmp-port-unreachable
|
||||
#test-A OUTPUT -o virbr1 -m tcp -p TCP --dport 22 -j LOG --log-uid --log-prefix "iptables_: "
|
||||
-A OUTPUT -o wlan6 -m owner -p tcp --gid-owner 216 -j ACCEPT
|
||||
-A OUTPUT -o wlan6 -m owner --gid-owner 1 -j ACCEPT
|
||||
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 22 -j ACCEPT
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9028 -j LOG --log-uid --log-prefix "iptables_: "
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9028 -j ACCEPT
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9040 -j LOG --log-uid --log-prefix "iptables_: "
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9040 -j ACCEPT
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9050 -j LOG --log-uid --log-prefix "iptables_: "
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9050 -j ACCEPT
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9053 -j LOG --log-uid --log-prefix "iptables_: "
|
||||
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9053 -j ACCEPT
|
||||
-A OUTPUT -o virbr1 -m udp -p udp --dport 9053 -j ACCEPT
|
||||
-A OUTPUT -j LIBVIRT_OUT
|
||||
-A LIBVIRT_FWI -o virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWI_REJECT-o: "
|
||||
-A LIBVIRT_FWI -o virbr2 -j REJECT --reject-with icmp-port-unreachable
|
||||
|
||||
-A LIBVIRT_FWI -d 10.0.2.0/24 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
-A LIBVIRT_FWI -o virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWI_REJECT-o: "
|
||||
-A LIBVIRT_FWI -o virbr1 -j REJECT --reject-with icmp-port-unreachable
|
||||
|
||||
-A LIBVIRT_FWO -i virbr2 -j LOG --log-uid --log-prefix "IPTABLES_FWO_REJECT-i: "
|
||||
-A LIBVIRT_FWO -i virbr2 -j REJECT --reject-with icmp-port-unreachable
|
||||
|
||||
-A LIBVIRT_FWO -s 10.0.2.0/24 -i virbr1 -j ACCEPT
|
||||
|
||||
-A LIBVIRT_FWO -i virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWO_REJECT-i: "
|
||||
-A LIBVIRT_FWO -i virbr1 -j REJECT --reject-with icmp-port-unreachable
|
||||
|
||||
-A LIBVIRT_FWX -i virbr2 -o virbr2 -j ACCEPT
|
||||
-A LIBVIRT_FWX -i virbr1 -o virbr1 -j ACCEPT
|
||||
|
||||
-A LIBVIRT_INP -i virbr2 -p udp -m udp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr2 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr2 -p udp -m udp --dport 67 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr2 -p tcp -m tcp --dport 67 -j ACCEPT
|
||||
|
||||
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 67 -j ACCEPT
|
||||
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 67 -j ACCEPT
|
||||
|
||||
-A LIBVIRT_OUT -o virbr2 -p udp -m udp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr2 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr2 -p udp -m udp --dport 68 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr2 -p tcp -m tcp --dport 68 -j ACCEPT
|
||||
|
||||
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 68 -j ACCEPT
|
||||
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 68 -j ACCEPT
|
||||
COMMIT
|
||||
# Completed on Wed Nov 4 01:14:37 2020
|
@ -0,0 +1,18 @@
|
||||
<!--
|
||||
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
|
||||
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
|
||||
virsh net-edit Whonix-External
|
||||
or other application using the libvirt API.
|
||||
-->
|
||||
|
||||
<network>
|
||||
<name>External</name>
|
||||
<forward mode='nat'/>
|
||||
<bridge name='virbr1' stp='on' delay='0'/>
|
||||
<mac address='52:54:00:f7:fb:37'/>
|
||||
<ip address='10.0.2.2' netmask='255.255.255.0'>
|
||||
<dhcp>
|
||||
<range start='10.0.2.20' end='10.0.2.254'/>
|
||||
</dhcp>
|
||||
</ip>
|
||||
</network>
|
@ -27,6 +27,9 @@ AGI_bootstrap_links:
|
||||
- from: /var/db/repos/gentoo
|
||||
to: /usr/portage
|
||||
|
||||
AGI_bootstrap_modules:
|
||||
- virtio_console
|
||||
|
||||
# NO LEADING /
|
||||
AGI_bootstrap_dirs:
|
||||
- usr/local/etc/local.d
|
||||
@ -49,6 +52,8 @@ AGI_bootstrap_files:
|
||||
- usr/local/etc/local.d/local.bash
|
||||
- usr/local/bin/usr_local_tput.bash
|
||||
- usr/local/bin/proxy_export.bash
|
||||
- etc/hosts
|
||||
- etc/resolv.conf
|
||||
|
||||
AGI_bootstrap_uris:
|
||||
- http://distfiles.gentoo.org/distfiles/00/elfutils-0.190.tar.bz2
|
||||
@ -56,24 +61,35 @@ AGI_bootstrap_uris:
|
||||
- http://distfiles.gentoo.org/distfiles/60/shared-mime-info-2.2.tar.gz
|
||||
- http://distfiles.gentoo.org/distfiles/fc/qemu-8.0.3.tar.xz
|
||||
|
||||
AGI_bootstrap_pips3:
|
||||
- negotiator-guest
|
||||
|
||||
# proxy_pkgs_inst:
|
||||
AGI_bootstrap_pkgs:
|
||||
- app-admin/sudo
|
||||
- sys-boot/grub:2
|
||||
- sys-boot/syslinux
|
||||
- app-editors/mg
|
||||
- qemu-guest-agent
|
||||
- app-admin/logrotate
|
||||
- "sys-process/{{ AGI_install_cron_daemon }}"
|
||||
- "{{ AGI_install_syslog_daemon}}"
|
||||
- "sys-boot/{{ AGI_install_bootloader }}"
|
||||
- media-fonts/terminus-font
|
||||
- sys-apps/gptfdisk
|
||||
- net-analyzer/openbsd-netcat
|
||||
- app-admin/logrotate
|
||||
- "sys-process/{{ AGI_install_cron_daemon }}"
|
||||
- "app-admin/{{ AGI_install_syslog_daemon}}"
|
||||
- "sys-boot/{{ AGI_install_bootloader }}"
|
||||
- media-fonts/terminus-font
|
||||
- net-misc/curl
|
||||
- app-arch/unzip
|
||||
- net-libs/pacparser
|
||||
- sys-process/lsof
|
||||
- dev-util/strace
|
||||
- sys-libs/gpm
|
||||
- app-portage/eix
|
||||
- net-misc/curl
|
||||
- sys-libs/gpm
|
||||
- linux-firmware
|
||||
- net-dns/bind-tools
|
||||
# - www-client/lynx
|
||||
- app-admin/supervisor
|
||||
- dev-python/pip
|
||||
|
||||
AGI_cloud_pkgs:
|
||||
# get these from base.json
|
||||
@ -94,4 +110,3 @@ AGI_cloud_pkgs:
|
||||
# get these from config.json
|
||||
# - app-emulation/cloud-init
|
||||
# - sys-block/open-iscsi
|
||||
|
||||
|
15
roles/toxcore/vars/mask.txt
Normal file
15
roles/toxcore/vars/mask.txt
Normal file
@ -0,0 +1,15 @@
|
||||
|
||||
# /etc/portage/package.mask/2023_BROKEN.txt qemu
|
||||
=app-emulation/qemu-guest-agent-8.0.2%
|
||||
|
||||
# /etc/portage/package.mask/2023_BROKEN.txt qemu
|
||||
=app-emulation/qemu-guest-agent-8.0.0%
|
||||
|
||||
# /etc/portage/package.mask/2023_BROKEN.txt qemu
|
||||
=app-emulation/qemu-guest-agent-8.0.3%
|
||||
|
||||
# /etc/portage/package.mask/2023_BROKEN.txt libvirt
|
||||
=app-emulation/libvirt-9.4.0-r1%
|
||||
|
||||
# /etc/portage/package.mask/2022_BLOCKED.txt docker
|
||||
app-containers/docker-compose%
|
114
roles/toxcore/vars/use.txt
Normal file
114
roles/toxcore/vars/use.txt
Normal file
@ -0,0 +1,114 @@
|
||||
|
||||
# /etc/portage/package.use/2017-01-01_libguestfs.txt iptables
|
||||
net-firewall/iptables% nftables ipv6
|
||||
|
||||
# /etc/portage/package.use/2017-08_testdisk.txt testdisk
|
||||
app-admin/testdisk% ntfs qt5 -ewf
|
||||
|
||||
# /etc/portage/package.use/2020-01_static-libs.txt zstd
|
||||
app-arch/zstd% static-libs
|
||||
|
||||
# /etc/portage/package.use/2020-03_jq.txt jq
|
||||
app-misc/jq% oniguruma
|
||||
|
||||
# /etc/portage/package.use/2016-11_world.txt libvpx
|
||||
media-libs/libvpx% svc
|
||||
|
||||
# /etc/portage/package.use/2019-02_electron.txt libvpx
|
||||
media-libs/libvpx% postproc svc
|
||||
|
||||
# /etc/portage/package.use/2021-04_world.txt libxcb
|
||||
x11-libs/libxcb% xkb
|
||||
|
||||
# /etc/portage/package.use/2018-01_qt.txt libxkbcommon
|
||||
x11-libs/libxkbcommon% X tools
|
||||
|
||||
# /etc/portage/package.use/2020-01_readline.txt libxml2
|
||||
dev-libs/libxml2% -readline
|
||||
|
||||
# /etc/portage/package.use/2021-00_verify-sig.txt libxml2
|
||||
dev-libs/libxml2:2% verify-sig
|
||||
|
||||
# /etc/portage/package.use/2021-04_world.txt libxml2
|
||||
dev-libs/libxml2% python icu ipv6 lzma
|
||||
|
||||
# /etc/portage/package.use/2021-00_verify-sig.txt libvirt-python
|
||||
dev-python/libvirt-python% verify-sig
|
||||
|
||||
# /etc/portage/package.use/2021-08_wafw00f.txt requests
|
||||
dev-python/requests% socks5
|
||||
|
||||
# /etc/portage/package.use/2020-00_dbus.txt dbus
|
||||
sys-apps/dbus% X elogind -systemd
|
||||
|
||||
# /etc/portage/package.use/2020-01_dbus.txt dbus
|
||||
sys-apps/dbus% X elogind -systemd
|
||||
|
||||
# /etc/portage/package.use/2021-01_wayland.txt gtk+
|
||||
x11-libs/gtk+% X -wayland
|
||||
|
||||
# /etc/portage/package.use/2021-04_world.txt vte
|
||||
x11-libs/vte% crypt -icu introspection vala -debug -gtk-doc -systemd -vanilla
|
||||
|
||||
# /etc/portage/package.use/2022-01_xterms.txt vte
|
||||
x11-libs/vte% vanilla
|
||||
|
||||
# /etc/portage/package.use/2021-00_verify-sig.txt zfs-kmod
|
||||
sys-fs/zfs-kmod% verify-sig
|
||||
|
||||
# /etc/portage/package.use/2021-00_verify-sig.txt zfs
|
||||
sys-fs/zfs% verify-sig
|
||||
|
||||
# /etc/portage/package.use/2021-00_verify-sig.txt zfs
|
||||
sys-fs/zfs-kmod% verify-sig
|
||||
|
||||
# /etc/portage/package.use/2020-01_nls.txt qemu
|
||||
app-emulation/qemu% -nls
|
||||
|
||||
# /etc/portage/package.use/2021-04_qemu.txt qemu
|
||||
app-emulation/qemu% -accessibility aio alsa bzip2 caps -capstone curl -debug doc fdt filecaps -fuse -glusterfs gnutls gtk -infiniband -io-uring -iscsi -jack -jemalloc jpeg lzo -multipath ncurses -nfs -nls numa opengl -oss pin-upstream-blobs plugins png -pulseaudio python -rbd sasl sdl sdl-image seccomp -selinux -slirp -smartcard snappy spice ssh -static -static-user -systemtap -test -udev usb usbredir vde vhost-net vhost-user-fs virgl virtfs vnc vte xattr -xen xfs zstd #
|
||||
|
||||
# /etc/portage/package.use/2023-00_python-3.11.txt qemu
|
||||
app-emulation/qemu% -python_single_target_python3_10 python_single_target_python3_11 python_single_target_python3_11 -python_single_target_python3_10
|
||||
|
||||
# /etc/portage/package.use/2019-11_aqemu.txt aqemu
|
||||
app-emulation/aqemu% vnc
|
||||
|
||||
# /etc/portage/package.use/2019-09_spice-gtk.txt spice-gtk
|
||||
>=net-misc/spice-gtk-0.35% usbredir
|
||||
|
||||
# /etc/portage/package.use/2020-01_polkit.txt spice-gtk
|
||||
net-misc/spice-gtk% policykit
|
||||
|
||||
# /etc/portage/package.use/2020-01_polkit.txt libvirt
|
||||
app-emulation/libvirt% apparmor audit -bash-completion caps -dbus -dtrace -firewalld fuse -glusterfs -iscsi -iscsi-direct libssh libvirtd lvm lxc -macvtap -nfs -nls numa -openvz parted pcap -policykit qemu -rbd -sasl -selinux udev vepa verify-sig virt-network virtualbox -wireshark-plugins -xen -zfs
|
||||
|
||||
# /etc/portage/package.use/2020-10_nfs.txt libvirt
|
||||
app-emulation/libvirt% -nfs
|
||||
|
||||
# /etc/portage/package.use/2021-00_verify-sig.txt libvirt
|
||||
app-emulation/libvirt% verify-sig
|
||||
|
||||
# /etc/portage/package.use/2021-00_verify-sig.txt libvirt
|
||||
dev-python/libvirt-python% verify-sig
|
||||
|
||||
# /etc/portage/package.use/2020-01_polkit.txt virt-manager
|
||||
app-emulation/virt-manager% gtk -policykit virtualbox libvirtd caps dbus fuse libssh lxc macvtap numa parted pcap policykit qemu vepa virt-network
|
||||
|
||||
# /etc/portage/package.use/2019-11_qxl.txt xf86-video-qxl
|
||||
x11-drivers/xf86-video-qxl% xspice
|
||||
|
||||
# /etc/portage/package.use/2019-11_libguestfs.txt libguestfs
|
||||
app-emulation/libguestfs% parted virtualbox libvirt -erlang -lua perl fuse gtk inspect-icons introspection -ocaml python -ruby
|
||||
|
||||
# /etc/portage/package.use/2023-00_python-3.11.txt libguestfs
|
||||
app-emulation/libguestfs% python_single_target_python3_11
|
||||
|
||||
# /etc/portage/package.use/2021-00_verify-sig.txt libvirt-python
|
||||
dev-python/libvirt-python% verify-sig
|
||||
|
||||
# /etc/portage/package.use/2017-02_docker.txt tini
|
||||
sys-process/tini% static args
|
||||
|
||||
# /etc/portage/package.use/2017-02_docker.txt docker
|
||||
app-containers/docker% btrfs
|
Loading…
Reference in New Issue
Block a user