#!/bin/bash # -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- # from https://github.com/earlruby/create-vm/ [ -f /usr/local/bin/usr_local_tput.bash ] && \ . /usr/local/bin/usr_local_tput.bash || { DBUG() { echo DEBUG $* ; } INFO() { echo INFO $* ; } WARN() { echo WARN $* ; } ERROR() { echo ERROR $* ; } } prog=`basename $0 .bash` PREFIX=/usr/local ROLE=toxcore declare -a DEBIAN DEBIAN=( genisoimage bridge-utils guestfsd libvirt-clients libvirt-daemon libvirt-daemon-system libvirt-daemon-driver-storage-zfs python3-libvirt virt-manager virtinst python3-hacking cloud-init ) # create-vm - Quickly create guest VMs using cloud image files and cloud-init. # Copyright 2018-2023 Earl C. Ruby III # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # Set VM_IMAGE_DIR environment variable to override default storage location for VMs VM_IMAGE_DIR=${VM_IMAGE_DIR:-"${HOME}/vms/virsh"} HOSTNAME=gentoo6 IMG_FQN=/g/Linux/net/Http/mirror.init7.net/gentoo/experimental/amd64/openstack/gentoo-openstack-amd64-hardened-latest.qcow2 AUTH_KEYS_FQN=/root/.ssh/id_rsa-ansible.pub RAM=2048 VCPUS=1 STORAGE=40 BRIDGE=virbr0 MAC='52:54:00:1d:9c:6f' VERBOSE= OSINFO=gentoo password=ansible NETWORK=Whonix-External usage() { cat << EOF usage: $0 options Quickly create guest VMs using cloud image files and cloud-init. OPTIONS: -h Show this message -n Host name (required) -i Full path and name of the base .img file to use (required) -k Full path and name of the ansible user's public key file (required) -r RAM in MB (defaults to ${RAM}) -c Number of VCPUs (defaults to ${VCPUS}) -s Amount of storage to allocate in GB (defaults to ${STORAGE}) -b Bridge interface to use (defaults to ${BRIDGE}) -m MAC address to use (default is to use a randomly-generated MAC) -o OSINFO name like win11, win10, fedora32, gentoo, ububtu20 -p ansible users plaintext password -v Verbose EOF } while getopts "h:n:i:k:r:c:s:b:m:o:p:v" option; do case "${option}" in h) usage exit 0 ;; n) HOSTNAME=${OPTARG};; i) IMG_FQN=${OPTARG};; k) AUTH_KEYS_FQN=${OPTARG};; r) RAM=${OPTARG};; c) VCPUS=${OPTARG};; s) STORAGE=${OPTARG};; b) BRIDGE=${OPTARG};; m) MAC=${OPTARG};; o) OSINFO=${OPTARG};; o) password=${OPTARG};; v) VERBOSE=1;; *) usage exit 1 ;; esac done if [[ -z $HOSTNAME ]]; then ERROR "Host name is required" usage exit 1 fi if [[ -z $IMG_FQN ]]; then ERROR "Base cloud image file name is required" usage exit 1 fi if [[ -z $AUTH_KEYS_FQN ]]; then ERROR "ansible public key file $AUTH_KEYS_FQN not found" usage exit 1 fi if ! [[ -f $IMG_FQN ]]; then ERROR "$IMG_FQN file not found" usage exit 1 fi if [[ -n $VERBOSE ]]; then INFO "Building ${HOSTNAME} in $VM_IMAGE_DIR" set -xv fi mkdir -p "$VM_IMAGE_DIR"/{images,xml,init,base} || exit 2 echo "Creating a qcow2 image file ${VM_IMAGE_DIR}/images/${HOSTNAME}.img that uses the cloud image file ${IMG_FQN} as its base" INFO qemu-img create -b "${IMG_FQN}" -f qcow2 -F qcow2 "${VM_IMAGE_DIR}/images/${HOSTNAME}.img" "${STORAGE}G" qemu-img create -b "${IMG_FQN}" -f qcow2 -F qcow2 "${VM_IMAGE_DIR}/images/${HOSTNAME}.img" "${STORAGE}G" || exit 3 echo "Creating meta-data file $VM_IMAGE_DIR/init/meta-data" cat > "$VM_IMAGE_DIR/init/meta-data" << EOF instance-id: ${HOSTNAME} local-hostname: ${HOSTNAME} EOF # echo "Creating meta-data file $VM_IMAGE_DIR/init/meta-data.json" # cat > "$VM_IMAGE_DIR/init/meta-data.json" << EOF cat > /dev/null << EOF { "admin_pass": "root", "availability_zone": "nova", "hostname": "test.novalocal", "launch_index": 0, "name": "gentoo6", "meta": { "role": "webservers", "essential": "false" }, "public_keys": { "mykey": " ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRCJCQ1UD9QslWDSw5Pwsvba0Wsf1pO4how5BtNaZn0xLZpTq2nqFEJshUkd/zCWF7DWyhmNphQ8c+U+wcmdNVcg2pI1kPxq0VZzBfZ7cDwhjgeLsIvTXvU+HVRtsXh4c5FlUXpRjf/x+a3vqFRvNsRd1DE+5ZqQHbOVbnsStk3PZppaByMg+AZZMx56OUk2pZCgvpCwj6LIixqwuxNKPxmJf45RyOsPUXwCwkq9UD4me5jksTPPkt3oeUWw1ZSSF8F/141moWsGxSnd5NxCbPUWGoRfYcHc865E70nN4WrZkM7RFI/s5mvQtuj8dRL67JUEwvdvEDO0EBz21FV/iOracXd2omlTUSK+wYrWGtiwQwEgr4r5bimxDKy9L8UlaJZ+ONhLTP8ecTHYkaU1C75sLX9ZYd5YtqjiNGsNF+wdW6WrXrQiWeyrGK7ZwbA7lagSxIa7yeqnKDjdkcJvQXCYGLM9AMBKWeJaOpwqZ+dOunMDLd5VZrDCU2lpCSJ1M=" }, "uuid": "83679162-1378-4288-a2d4-70e13ec132aa" } EOF # password=`openssl passwd -1 -stdin <<< $password` echo "Creating user-data file $VM_IMAGE_DIR/init/user-data" # https://techglimpse.com/nova-boot-instance-with-password/ cat > "$VM_IMAGE_DIR/init/user-data" << EOF #cloud-config # password: ansible # chpasswd: { expire: False } ssh_pwauth: true runcmd: - "rc-update add qemu-guest-agent" - "chmod 755 /etc/init.d/qemu-guest-agent" - "/etc/init.d/qemu-guest-agent start" - "echo /etc/init.d/qemu-guest-agent start >> /etc/rc.local" users: - default - name: ansible sudo: ["ALL=(ALL) NOPASSWD:ALL"] groups: - wheel - adm shell: /bin/bash plain_text_password: "$password" chpasswd: { expire: False } homedir: /home/ansible ssh_pwauth: true ssh_authorized_keys: - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRCJCQ1UD9QslWDSw5Pwsvba0Wsf1pO4how5BtNaZn0xLZpTq2nqFEJshUkd/zCWF7DWyhmNphQ8c+U+wcmdNVcg2pI1kPxq0VZzBfZ7cDwhjgeLsIvTXvU+HVRtsXh4c5FlUXpRjf/x+a3vqFRvNsRd1DE+5ZqQHbOVbnsStk3PZppaByMg+AZZMx56OUk2pZCgvpCwj6LIixqwuxNKPxmJf45RyOsPUXwCwkq9UD4me5jksTPPkt3oeUWw1ZSSF8F/141moWsGxSnd5NxCbPUWGoRfYcHc865E70nN4WrZkM7RFI/s5mvQtuj8dRL67JUEwvdvEDO0EBz21FV/iOracXd2omlTUSK+wYrWGtiwQwEgr4r5bimxDKy9L8UlaJZ+ONhLTP8ecTHYkaU1C75sLX9ZYd5YtqjiNGsNF+wdW6WrXrQiWeyrGK7ZwbA7lagSxIa7yeqnKDjdkcJvQXCYGLM9AMBKWeJaOpwqZ+dOunMDLd5VZrDCU2lpCSJ1M=" EOF echo "Adding keys from the public key file $AUTH_KEYS_FQN to the user-data file" while IFS= read -r key; do echo " - $key" >> "$VM_IMAGE_DIR/init/user-data" done < <(grep -v '^ *#' < "$AUTH_KEYS_FQN") cat > "$VM_IMAGE_DIR/init/user-data" << \EOF #!/bin/bash # typically only executes on first boot echo "############# user_data executing ##############" #grep gentoo /etc/shadow sed -e 's/#-:ALL:ALL/+:gentoo:ALL/' -i /etc/security/access.conf # openssl passwd -1 --stdin <<< (echo gentoo) grep -q ^gentoo /etc/passwd || \ useradd --gid 4 --uid 1000 --home-dir /home/gentoo \ --comment Gentoo --password '$1$zwJ43iye$EkLhEzheor1Ao104WHvFM1' \ -G adm,wheel --shell /bin/bash gentoo usermod --password '$1$zwJ43iye$EkLhEzheor1Ao104WHvFM1' -G adm,wheel gentoo usermod --password '$1$1Ho4y/W8$5VymfKWWAhLxwkkPZiWTZ1' root # unlock account passwd -u gentoo passwd -u root sed -e 's/# %wheel /%wheel /' -i /etc/sudoers sed -e 's/PasswordAuthentication no/PasswordAuthentication yes/' -i /etc//ssh/sshd_config sed -e 's/PermitRootLogin.*/PermitRootLogin yes/' -i /etc//ssh/sshd_config grep net.ipv4.ip_forward=1 /etc/sysctl.conf || \ echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf cd /etc/init.d [ -e net.eth0 ] || ln -s net.lo net.eth0 for elt in i o linuxPen19 ; do grep -q $elt /etc/fstab && continue echo "$elt /mnt/$elt virtiofs defaults 0 0" >> /etc/fstab done #grep gentoo /etc/shadow EOF ./usr/local/bin/toxcore_create-ga.sh echo "Generating the cidata ISO file $VM_IMAGE_DIR/images/${HOSTNAME}-cidata.iso" ( cd "$VM_IMAGE_DIR/init/" genisoimage \ -output "$VM_IMAGE_DIR/images/${HOSTNAME}-cidata.img" \ -volid cidata \ -rational-rock \ -joliet \ -input-charset utf-8 \ user-data meta-data ) || exit 5 MACCMD= if [[ -n $MAC ]]; then MACCMD="--mac=${MAC}" fi [ -f ${VM_IMAGE_DIR}/images/${HOSTNAME}.img ] || exit 7 [ -f $VM_IMAGE_DIR/images/${HOSTNAME}-cidata.img ] || exit 8 INFO virt-install \ --name="${HOSTNAME}" \ --disk "path=${VM_IMAGE_DIR}/images/${HOSTNAME}.img,format=qcow2" \ --disk "path=$VM_IMAGE_DIR/images/${HOSTNAME}-cidata.img,device=cdrom" virt-install \ --name="${HOSTNAME}" \ --osinfo "$OSINFO" \ --import \ --disk "path=${VM_IMAGE_DIR}/images/${HOSTNAME}.img,format=qcow2" \ --disk "path=$VM_IMAGE_DIR/images/${HOSTNAME}-cidata.img,device=cdrom" \ --ram="${RAM}" \ --vcpus="${VCPUS}" \ --autostart \ --hvm \ --arch x86_64 \ --accelerate \ --check-cpu \ --force \ --watchdog=default \ --graphics spice,listen=socket \ --channel spicevmc,target.type=virtio,target.name=com.redhat.spice.0 \ --channel unix,target.type=virtio,target.name=org.qemu.guest_agent.0 \ --rng /dev/urandom \ --os-variant detect=on,name=$OSINFO \ --network network=$NETWORK \ --noautoconsole \ --debug || exit 6 #? --network network=$NETWORK $MACCMD \ #? --shmem name=shmem_server,type="memfd",mode="shared" # was --graphics vnc,listen=0.0.0.0 # --osinfo "$OSINFO" \ # --network "bridge=${BRIDGE},model=virtio" \ # Make a backup of the VM's XML definition file virsh dumpxml "${HOSTNAME}" > "${VM_IMAGE_DIR}/xml/${HOSTNAME}.xml" || exit 7 INFO `ls -l ${VM_IMAGE_DIR}/xml/${HOSTNAME}.xml` if [ -n "$VERBOSE" ]; then set +xv fi # Show running VMs virsh list # use the following passwordless demonstration key for testing or # replace with your own key pair # # -----BEGIN OPENSSH PRIVATE KEY----- # b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn # NhAAAAAwEAAQAAAYEA0QiQkNVA/ULJVg0sOT8LL22tFrH9aTuIaMOQbTWmZ9MS2aU6tp6h # RCbIVJHf8wlhew1soZjaYUPHPlPsHJnTVXINqSNZD8atFWcwX2e3A8IY4Hi7CL0171Ph1U # bbF4eHORZVF6UY3/8fmt76hUbzbEXdQxPuWakB2zlW57ErZNz2aaWgcjIPgGWTMeejlJNq # WQoL6QsI+iyIsasLsTSj8ZiX+OUcjrD1F8AsJKvVA+JnuY5LEzz5Ld6HlFsNWUkhfBf9eN # ZqFrBsUp3eTcQmz1FhqEX2HB3POuRO9JzeFq2ZDO0RSP7OZr0Lbo/HUS+uyVBML3bxAztB # Ac9tRVf4jq2nF3dqJpU1EivsGK1hrYsEMBIK+K+W4psQysvS/FJWiWfjjYS0z/HnEx2JGl # NQu+bC1/WWHeWLao4jRrDRfsHVulq160Ilnsqxiu2cGwO5WoEsSGu8nqpyg43ZHCb0FwmB # izPQDASlniWjqcKmfnTrpzAy3eVWawwlNpaQkidTAAAFgGKSj8diko/HAAAAB3NzaC1yc2 # EAAAGBANEIkJDVQP1CyVYNLDk/Cy9trRax/Wk7iGjDkG01pmfTEtmlOraeoUQmyFSR3/MJ # YXsNbKGY2mFDxz5T7ByZ01VyDakjWQ/GrRVnMF9ntwPCGOB4uwi9Ne9T4dVG2xeHhzkWVR # elGN//H5re+oVG82xF3UMT7lmpAds5VuexK2Tc9mmloHIyD4BlkzHno5STalkKC+kLCPos # iLGrC7E0o/GYl/jlHI6w9RfALCSr1QPiZ7mOSxM8+S3eh5RbDVlJIXwX/XjWahawbFKd3k # 3EJs9RYahF9hwdzzrkTvSc3hatmQztEUj+zma9C26Px1EvrslQTC928QM7QQHPbUVX+I6t # pxd3aiaVNRIr7BitYa2LBDASCvivluKbEMrL0vxSVoln442EtM/x5xMdiRpTULvmwtf1lh # 3li2qOI0aw0X7B1bpatetCJZ7KsYrtnBsDuVqBLEhrvJ6qcoON2Rwm9BcJgYsz0AwEpZ4l # o6nCpn5066cwMt3lVmsMJTaWkJInUwAAAAMBAAEAAAGAEuz77Hu9EEZyujLOdTnAW9afRv # XDOZA6pS7yWEufjw5CSlMLwisR83yww09t1QWyvhRqEyYmvOBecsXgaSUtnYfftWz44apy # /gQYvMVELGKaJAC/q7vjMpGyrxUPkyLMhckALU2KYgV+/rj/j6pBMeVlchmk3pikYrffUX # JDY990WVO194Dm0buLRzJvfMKYF2BcfF4TvarjOXWAxSuR8www050oJ8HdKahW7Cm5S0po # FRnNXFGMnLA62vN00vJW8V7j7vui9ukBbhjRWaJuY5rdG/UYmzAe4wvdIEnpk9xIn6JGCp # FRYTRn7lTh5+/QlQ6FXRP8Ir1vXZFnhKzl0K8Vqh2sf4M79MsIUGAqGxg9xdhjIa5dmgp8 # N18IEDoNEVKUbKuKe/Z5yf8Z9tmexfH1YttjmXMOojBvUHIjRS5hdI9NxnPGRLY2kjAzcm # gV9Rv3vtdF/+zalk3fAVLeK8hXK+di/7XTvYpfJ2EZBWiNrTeagfNNGiYydsQy3zjZAAAA # wBNRak7UrqnIHMZn7pkCTgceb1MfByaFtlNzd+Obah54HYIQj5WdZTBAITReMZNt9S5NAR # M8sQB8UoZPaVSC3ppILIOfLhs6KYj6RrGdiYwyIhMPJ5kRWF8xGCLUX5CjwH2EOq7XhIWt # MwEFtd/gF2Du7HUNFPsZGnzJ3e7pDKDnE7w2khZ8CIpTFgD769uBYGAtk45QYTDo5JroVM # ZPDq08Gb/RhIgJLmIpMwyreVpLLLe8SwoMJJ+rihmnJZxO8gAAAMEA0lhiKezeTshht4xu # rWc0NxxD84a29gSGfTphDPOrlKSEYbkSXhjqCsAZHd8S8kMr3iF6poOk3IWSvFJ6mbd3ie # qdRTgXH9Thwk4KgpjUhNsQuYRHBbI59Mo+BxSI1B1qzmJSGdmCBL54wwzZmFKDQPQKPxiL # n0Mlc7GooiDMjT1tbuW/O1EL5EqTRqwgWPTKhBA6r4PnGF150hZRIMooZkD2zX6b1sGojk # QpvKkEykTwnKCzF5TXO8+wJ3qbcEo9AAAAwQD+Z0r68c2YMNpsmyj3ZKtZNPSvJNcLmyD/ # lWoNJq3djJN4s2JbK8l5ARUdW3xSFEDI9yx/wpfsXoaqWnygP3PoFw2CM4i0EiJiyvrLFU # r3JLfDUFRy3EJ24RsqbigmEsgQOzTl3xfzeFPfxFoOhokSvTG88PQji1AYHz5kA7p6Zfaz # Ok11rJYIe7+e9B0lhku0AFwGyqlWQmS/MhIpnjHIk5tP4heHGSmzKQWJDbTskNWd6aq1G7 # 6HWfDpX4HgoM8AAAALaG9sbWFuYkBhcmM= # -----END OPENSSH PRIVATE KEY----- # sudo nmap 192.168.122.0/24 sudo virsh net-dhcp-leases default sudo ls -ls /var/lib/libvirt/qemu/channel/target/domain-16-gentoo5/org.qemu.guest_agent.0