361 lines
12 KiB
Bash
Executable File
361 lines
12 KiB
Bash
Executable File
#!/bin/bash
|
|
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
|
|
|
[ -f /usr/local/bin/usr_local_tput.bash ] && \
|
|
. /usr/local/bin/usr_local_tput.bash || {
|
|
DBUG() { echo DEBUG $* ; }
|
|
INFO() { echo INFO $* ; }
|
|
WARN() { echo WARN $* ; }
|
|
ERROR() { echo ERROR $* ; }
|
|
}
|
|
|
|
prog=`basename $0 .bash`
|
|
PREFIX=/usr/local
|
|
ROLE=toxcore
|
|
|
|
declare -a DEBIAN
|
|
DEBIAN=(
|
|
genisoimage
|
|
bridge-utils
|
|
guestfsd
|
|
libvirt-clients
|
|
libvirt-daemon
|
|
libvirt-daemon-system
|
|
libvirt-daemon-driver-storage-zfs
|
|
python3-libvirt
|
|
virt-manager
|
|
virtinst
|
|
python3-hacking
|
|
cloud-init
|
|
)
|
|
# create-vm - Quickly create guest VMs using cloud image files and cloud-init.
|
|
|
|
# Copyright 2018-2023 Earl C. Ruby III
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# Set VM_IMAGE_DIR environment variable to override default storage location for VMs
|
|
VM_IMAGE_DIR=${VM_IMAGE_DIR:-"${HOME}/vms/virsh"}
|
|
|
|
HOSTNAME=gentoo6
|
|
IMG_FQN=/g/Linux/net/Http/mirror.init7.net/gentoo/experimental/amd64/openstack/gentoo-openstack-amd64-hardened-latest.qcow2
|
|
AUTH_KEYS_FQN=/root/.ssh/id_rsa-ansible.pub
|
|
RAM=2048
|
|
VCPUS=1
|
|
STORAGE=40
|
|
BRIDGE=virbr0
|
|
MAC='52:54:00:1d:9c:6f'
|
|
VERBOSE=
|
|
OSINFO=gentoo
|
|
password=ansible
|
|
NETWORK=Whonix-External
|
|
|
|
usage()
|
|
{
|
|
cat << EOF
|
|
usage: $0 options
|
|
|
|
Quickly create guest VMs using cloud image files and cloud-init.
|
|
|
|
OPTIONS:
|
|
-h Show this message
|
|
-n Host name (required)
|
|
-i Full path and name of the base .img file to use (required)
|
|
-k Full path and name of the ansible user's public key file (required)
|
|
-r RAM in MB (defaults to ${RAM})
|
|
-c Number of VCPUs (defaults to ${VCPUS})
|
|
-s Amount of storage to allocate in GB (defaults to ${STORAGE})
|
|
-b Bridge interface to use (defaults to ${BRIDGE})
|
|
-m MAC address to use (default is to use a randomly-generated MAC)
|
|
-o OSINFO name like win11, win10, fedora32, gentoo, ububtu20
|
|
-p ansible users plaintext password
|
|
-v Verbose
|
|
EOF
|
|
}
|
|
|
|
while getopts "h:n:i:k:r:c:s:b:m:o:p:v" option; do
|
|
case "${option}"
|
|
in
|
|
h)
|
|
usage
|
|
exit 0
|
|
;;
|
|
n) HOSTNAME=${OPTARG};;
|
|
i) IMG_FQN=${OPTARG};;
|
|
k) AUTH_KEYS_FQN=${OPTARG};;
|
|
r) RAM=${OPTARG};;
|
|
c) VCPUS=${OPTARG};;
|
|
s) STORAGE=${OPTARG};;
|
|
b) BRIDGE=${OPTARG};;
|
|
m) MAC=${OPTARG};;
|
|
o) OSINFO=${OPTARG};;
|
|
o) password=${OPTARG};;
|
|
v) VERBOSE=1;;
|
|
*)
|
|
usage
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [[ -z $HOSTNAME ]]; then
|
|
ERROR "Host name is required"
|
|
usage
|
|
exit 1
|
|
fi
|
|
|
|
if [[ -z $IMG_FQN ]]; then
|
|
ERROR "Base cloud image file name is required"
|
|
usage
|
|
exit 1
|
|
fi
|
|
|
|
if [[ -z $AUTH_KEYS_FQN ]]; then
|
|
ERROR "ansible public key file $AUTH_KEYS_FQN not found"
|
|
usage
|
|
exit 1
|
|
fi
|
|
|
|
if ! [[ -f $IMG_FQN ]]; then
|
|
ERROR "$IMG_FQN file not found"
|
|
usage
|
|
exit 1
|
|
fi
|
|
|
|
if [[ -n $VERBOSE ]]; then
|
|
INFO "Building ${HOSTNAME} in $VM_IMAGE_DIR"
|
|
set -xv
|
|
fi
|
|
|
|
mkdir -p "$VM_IMAGE_DIR"/{images,xml,init,base} || exit 2
|
|
|
|
echo "Creating a qcow2 image file ${VM_IMAGE_DIR}/images/${HOSTNAME}.img that uses the cloud image file ${IMG_FQN} as its base"
|
|
|
|
INFO qemu-img create -b "${IMG_FQN}" -f qcow2 -F qcow2 "${VM_IMAGE_DIR}/images/${HOSTNAME}.img" "${STORAGE}G"
|
|
qemu-img create -b "${IMG_FQN}" -f qcow2 -F qcow2 "${VM_IMAGE_DIR}/images/${HOSTNAME}.img" "${STORAGE}G" || exit 3
|
|
|
|
echo "Creating meta-data file $VM_IMAGE_DIR/init/meta-data"
|
|
cat > "$VM_IMAGE_DIR/init/meta-data" << EOF
|
|
instance-id: ${HOSTNAME}
|
|
local-hostname: ${HOSTNAME}
|
|
EOF
|
|
|
|
# echo "Creating meta-data file $VM_IMAGE_DIR/init/meta-data.json"
|
|
# cat > "$VM_IMAGE_DIR/init/meta-data.json" << EOF
|
|
cat > /dev/null << EOF
|
|
{
|
|
"admin_pass": "root",
|
|
"availability_zone": "nova",
|
|
"hostname": "test.novalocal",
|
|
"launch_index": 0,
|
|
"name": "gentoo6",
|
|
"meta": {
|
|
"role": "webservers",
|
|
"essential": "false"
|
|
},
|
|
"public_keys": {
|
|
"mykey": " ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRCJCQ1UD9QslWDSw5Pwsvba0Wsf1pO4how5BtNaZn0xLZpTq2nqFEJshUkd/zCWF7DWyhmNphQ8c+U+wcmdNVcg2pI1kPxq0VZzBfZ7cDwhjgeLsIvTXvU+HVRtsXh4c5FlUXpRjf/x+a3vqFRvNsRd1DE+5ZqQHbOVbnsStk3PZppaByMg+AZZMx56OUk2pZCgvpCwj6LIixqwuxNKPxmJf45RyOsPUXwCwkq9UD4me5jksTPPkt3oeUWw1ZSSF8F/141moWsGxSnd5NxCbPUWGoRfYcHc865E70nN4WrZkM7RFI/s5mvQtuj8dRL67JUEwvdvEDO0EBz21FV/iOracXd2omlTUSK+wYrWGtiwQwEgr4r5bimxDKy9L8UlaJZ+ONhLTP8ecTHYkaU1C75sLX9ZYd5YtqjiNGsNF+wdW6WrXrQiWeyrGK7ZwbA7lagSxIa7yeqnKDjdkcJvQXCYGLM9AMBKWeJaOpwqZ+dOunMDLd5VZrDCU2lpCSJ1M="
|
|
|
|
},
|
|
"uuid": "83679162-1378-4288-a2d4-70e13ec132aa"
|
|
}
|
|
EOF
|
|
|
|
# password=`openssl passwd -1 -stdin <<< $password`
|
|
echo "Creating user-data file $VM_IMAGE_DIR/init/user-data"
|
|
# https://techglimpse.com/nova-boot-instance-with-password/
|
|
cat > "$VM_IMAGE_DIR/init/user-data" << EOF
|
|
#cloud-config
|
|
# password: ansible
|
|
# chpasswd: { expire: False }
|
|
|
|
ssh_pwauth: true
|
|
|
|
runcmd:
|
|
- "rc-update add qemu-guest-agent"
|
|
- "chmod 755 /etc/init.d/qemu-guest-agent"
|
|
- "/etc/init.d/qemu-guest-agent start"
|
|
- "echo /etc/init.d/qemu-guest-agent start >> /etc/rc.local"
|
|
|
|
users:
|
|
- default
|
|
- name: ansible
|
|
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
|
|
groups:
|
|
- wheel
|
|
- adm
|
|
shell: /bin/bash
|
|
plain_text_password: "$password"
|
|
chpasswd: { expire: False }
|
|
homedir: /home/ansible
|
|
ssh_pwauth: true
|
|
ssh_authorized_keys:
|
|
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRCJCQ1UD9QslWDSw5Pwsvba0Wsf1pO4how5BtNaZn0xLZpTq2nqFEJshUkd/zCWF7DWyhmNphQ8c+U+wcmdNVcg2pI1kPxq0VZzBfZ7cDwhjgeLsIvTXvU+HVRtsXh4c5FlUXpRjf/x+a3vqFRvNsRd1DE+5ZqQHbOVbnsStk3PZppaByMg+AZZMx56OUk2pZCgvpCwj6LIixqwuxNKPxmJf45RyOsPUXwCwkq9UD4me5jksTPPkt3oeUWw1ZSSF8F/141moWsGxSnd5NxCbPUWGoRfYcHc865E70nN4WrZkM7RFI/s5mvQtuj8dRL67JUEwvdvEDO0EBz21FV/iOracXd2omlTUSK+wYrWGtiwQwEgr4r5bimxDKy9L8UlaJZ+ONhLTP8ecTHYkaU1C75sLX9ZYd5YtqjiNGsNF+wdW6WrXrQiWeyrGK7ZwbA7lagSxIa7yeqnKDjdkcJvQXCYGLM9AMBKWeJaOpwqZ+dOunMDLd5VZrDCU2lpCSJ1M="
|
|
EOF
|
|
|
|
echo "Adding keys from the public key file $AUTH_KEYS_FQN to the user-data file"
|
|
while IFS= read -r key; do
|
|
echo " - $key" >> "$VM_IMAGE_DIR/init/user-data"
|
|
done < <(grep -v '^ *#' < "$AUTH_KEYS_FQN")
|
|
|
|
cat > "$VM_IMAGE_DIR/init/user-data" << \EOF
|
|
#!/bin/bash
|
|
|
|
# typically only executes on first boot
|
|
|
|
echo "############# user_data executing ##############"
|
|
|
|
#grep gentoo /etc/shadow
|
|
|
|
sed -e 's/#-:ALL:ALL/+:gentoo:ALL/' -i /etc/security/access.conf
|
|
# openssl passwd -1 --stdin <<< (echo gentoo)
|
|
grep -q ^gentoo /etc/passwd || \
|
|
useradd --gid 4 --uid 1000 --home-dir /home/gentoo \
|
|
--comment Gentoo --password '$1$zwJ43iye$EkLhEzheor1Ao104WHvFM1' \
|
|
-G adm,wheel --shell /bin/bash gentoo
|
|
usermod --password '$1$zwJ43iye$EkLhEzheor1Ao104WHvFM1' -G adm,wheel gentoo
|
|
usermod --password '$1$1Ho4y/W8$5VymfKWWAhLxwkkPZiWTZ1' root
|
|
# unlock account
|
|
passwd -u gentoo
|
|
passwd -u root
|
|
|
|
sed -e 's/# %wheel /%wheel /' -i /etc/sudoers
|
|
sed -e 's/PasswordAuthentication no/PasswordAuthentication yes/' -i /etc//ssh/sshd_config
|
|
sed -e 's/PermitRootLogin.*/PermitRootLogin yes/' -i /etc//ssh/sshd_config
|
|
|
|
grep net.ipv4.ip_forward=1 /etc/sysctl.conf || \
|
|
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
|
|
|
|
cd /etc/init.d
|
|
[ -e net.eth0 ] || ln -s net.lo net.eth0
|
|
|
|
for elt in i o linuxPen19 ; do
|
|
grep -q $elt /etc/fstab && continue
|
|
echo "$elt /mnt/$elt virtiofs defaults 0 0" >> /etc/fstab
|
|
done
|
|
|
|
#grep gentoo /etc/shadow
|
|
EOF
|
|
|
|
./usr/local/bin/toxcore_create-ga.sh
|
|
|
|
echo "Generating the cidata ISO file $VM_IMAGE_DIR/images/${HOSTNAME}-cidata.iso"
|
|
(
|
|
cd "$VM_IMAGE_DIR/init/"
|
|
genisoimage \
|
|
-output "$VM_IMAGE_DIR/images/${HOSTNAME}-cidata.img" \
|
|
-volid cidata \
|
|
-rational-rock \
|
|
-joliet \
|
|
-input-charset utf-8 \
|
|
user-data meta-data
|
|
) || exit 5
|
|
|
|
MACCMD=
|
|
if [[ -n $MAC ]]; then
|
|
MACCMD="--mac=${MAC}"
|
|
fi
|
|
|
|
[ -f ${VM_IMAGE_DIR}/images/${HOSTNAME}.img ] || exit 7
|
|
[ -f $VM_IMAGE_DIR/images/${HOSTNAME}-cidata.img ] || exit 8
|
|
|
|
INFO virt-install \
|
|
--name="${HOSTNAME}" \
|
|
--disk "path=${VM_IMAGE_DIR}/images/${HOSTNAME}.img,format=qcow2" \
|
|
--disk "path=$VM_IMAGE_DIR/images/${HOSTNAME}-cidata.img,device=cdrom"
|
|
|
|
virt-install \
|
|
--name="${HOSTNAME}" \
|
|
--osinfo "$OSINFO" \
|
|
--import \
|
|
--disk "path=${VM_IMAGE_DIR}/images/${HOSTNAME}.img,format=qcow2" \
|
|
--disk "path=$VM_IMAGE_DIR/images/${HOSTNAME}-cidata.img,device=cdrom" \
|
|
--ram="${RAM}" \
|
|
--vcpus="${VCPUS}" \
|
|
--autostart \
|
|
--hvm \
|
|
--arch x86_64 \
|
|
--accelerate \
|
|
--check-cpu \
|
|
--force \
|
|
--watchdog=default \
|
|
--graphics spice,listen=socket \
|
|
--channel spicevmc,target.type=virtio,target.name=com.redhat.spice.0 \
|
|
--channel unix,target.type=virtio,target.name=org.qemu.guest_agent.0 \
|
|
--rng /dev/urandom \
|
|
--os-variant detect=on,name=$OSINFO \
|
|
--network network=$NETWORK \
|
|
--noautoconsole \
|
|
--debug || exit 6
|
|
#? --network network=$NETWORK $MACCMD \
|
|
#? --shmem name=shmem_server,type="memfd",mode="shared"
|
|
# was --graphics vnc,listen=0.0.0.0
|
|
# --osinfo "$OSINFO" \
|
|
# --network "bridge=${BRIDGE},model=virtio" \
|
|
|
|
# Make a backup of the VM's XML definition file
|
|
virsh dumpxml "${HOSTNAME}" > "${VM_IMAGE_DIR}/xml/${HOSTNAME}.xml" || exit 7
|
|
INFO `ls -l ${VM_IMAGE_DIR}/xml/${HOSTNAME}.xml`
|
|
|
|
if [ -n "$VERBOSE" ]; then
|
|
set +xv
|
|
fi
|
|
|
|
# Show running VMs
|
|
virsh list
|
|
# use the following passwordless demonstration key for testing or
|
|
# replace with your own key pair
|
|
#
|
|
# -----BEGIN OPENSSH PRIVATE KEY-----
|
|
# b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
# NhAAAAAwEAAQAAAYEA0QiQkNVA/ULJVg0sOT8LL22tFrH9aTuIaMOQbTWmZ9MS2aU6tp6h
|
|
# RCbIVJHf8wlhew1soZjaYUPHPlPsHJnTVXINqSNZD8atFWcwX2e3A8IY4Hi7CL0171Ph1U
|
|
# bbF4eHORZVF6UY3/8fmt76hUbzbEXdQxPuWakB2zlW57ErZNz2aaWgcjIPgGWTMeejlJNq
|
|
# WQoL6QsI+iyIsasLsTSj8ZiX+OUcjrD1F8AsJKvVA+JnuY5LEzz5Ld6HlFsNWUkhfBf9eN
|
|
# ZqFrBsUp3eTcQmz1FhqEX2HB3POuRO9JzeFq2ZDO0RSP7OZr0Lbo/HUS+uyVBML3bxAztB
|
|
# Ac9tRVf4jq2nF3dqJpU1EivsGK1hrYsEMBIK+K+W4psQysvS/FJWiWfjjYS0z/HnEx2JGl
|
|
# NQu+bC1/WWHeWLao4jRrDRfsHVulq160Ilnsqxiu2cGwO5WoEsSGu8nqpyg43ZHCb0FwmB
|
|
# izPQDASlniWjqcKmfnTrpzAy3eVWawwlNpaQkidTAAAFgGKSj8diko/HAAAAB3NzaC1yc2
|
|
# EAAAGBANEIkJDVQP1CyVYNLDk/Cy9trRax/Wk7iGjDkG01pmfTEtmlOraeoUQmyFSR3/MJ
|
|
# YXsNbKGY2mFDxz5T7ByZ01VyDakjWQ/GrRVnMF9ntwPCGOB4uwi9Ne9T4dVG2xeHhzkWVR
|
|
# elGN//H5re+oVG82xF3UMT7lmpAds5VuexK2Tc9mmloHIyD4BlkzHno5STalkKC+kLCPos
|
|
# iLGrC7E0o/GYl/jlHI6w9RfALCSr1QPiZ7mOSxM8+S3eh5RbDVlJIXwX/XjWahawbFKd3k
|
|
# 3EJs9RYahF9hwdzzrkTvSc3hatmQztEUj+zma9C26Px1EvrslQTC928QM7QQHPbUVX+I6t
|
|
# pxd3aiaVNRIr7BitYa2LBDASCvivluKbEMrL0vxSVoln442EtM/x5xMdiRpTULvmwtf1lh
|
|
# 3li2qOI0aw0X7B1bpatetCJZ7KsYrtnBsDuVqBLEhrvJ6qcoON2Rwm9BcJgYsz0AwEpZ4l
|
|
# o6nCpn5066cwMt3lVmsMJTaWkJInUwAAAAMBAAEAAAGAEuz77Hu9EEZyujLOdTnAW9afRv
|
|
# XDOZA6pS7yWEufjw5CSlMLwisR83yww09t1QWyvhRqEyYmvOBecsXgaSUtnYfftWz44apy
|
|
# /gQYvMVELGKaJAC/q7vjMpGyrxUPkyLMhckALU2KYgV+/rj/j6pBMeVlchmk3pikYrffUX
|
|
# JDY990WVO194Dm0buLRzJvfMKYF2BcfF4TvarjOXWAxSuR8www050oJ8HdKahW7Cm5S0po
|
|
# FRnNXFGMnLA62vN00vJW8V7j7vui9ukBbhjRWaJuY5rdG/UYmzAe4wvdIEnpk9xIn6JGCp
|
|
# FRYTRn7lTh5+/QlQ6FXRP8Ir1vXZFnhKzl0K8Vqh2sf4M79MsIUGAqGxg9xdhjIa5dmgp8
|
|
# N18IEDoNEVKUbKuKe/Z5yf8Z9tmexfH1YttjmXMOojBvUHIjRS5hdI9NxnPGRLY2kjAzcm
|
|
# gV9Rv3vtdF/+zalk3fAVLeK8hXK+di/7XTvYpfJ2EZBWiNrTeagfNNGiYydsQy3zjZAAAA
|
|
# wBNRak7UrqnIHMZn7pkCTgceb1MfByaFtlNzd+Obah54HYIQj5WdZTBAITReMZNt9S5NAR
|
|
# M8sQB8UoZPaVSC3ppILIOfLhs6KYj6RrGdiYwyIhMPJ5kRWF8xGCLUX5CjwH2EOq7XhIWt
|
|
# MwEFtd/gF2Du7HUNFPsZGnzJ3e7pDKDnE7w2khZ8CIpTFgD769uBYGAtk45QYTDo5JroVM
|
|
# ZPDq08Gb/RhIgJLmIpMwyreVpLLLe8SwoMJJ+rihmnJZxO8gAAAMEA0lhiKezeTshht4xu
|
|
# rWc0NxxD84a29gSGfTphDPOrlKSEYbkSXhjqCsAZHd8S8kMr3iF6poOk3IWSvFJ6mbd3ie
|
|
# qdRTgXH9Thwk4KgpjUhNsQuYRHBbI59Mo+BxSI1B1qzmJSGdmCBL54wwzZmFKDQPQKPxiL
|
|
# n0Mlc7GooiDMjT1tbuW/O1EL5EqTRqwgWPTKhBA6r4PnGF150hZRIMooZkD2zX6b1sGojk
|
|
# QpvKkEykTwnKCzF5TXO8+wJ3qbcEo9AAAAwQD+Z0r68c2YMNpsmyj3ZKtZNPSvJNcLmyD/
|
|
# lWoNJq3djJN4s2JbK8l5ARUdW3xSFEDI9yx/wpfsXoaqWnygP3PoFw2CM4i0EiJiyvrLFU
|
|
# r3JLfDUFRy3EJ24RsqbigmEsgQOzTl3xfzeFPfxFoOhokSvTG88PQji1AYHz5kA7p6Zfaz
|
|
# Ok11rJYIe7+e9B0lhku0AFwGyqlWQmS/MhIpnjHIk5tP4heHGSmzKQWJDbTskNWd6aq1G7
|
|
# 6HWfDpX4HgoM8AAAALaG9sbWFuYkBhcmM=
|
|
# -----END OPENSSH PRIVATE KEY-----
|
|
#
|
|
sudo nmap 192.168.122.0/24
|
|
sudo virsh net-dhcp-leases default
|
|
sudo ls -ls /var/lib/libvirt/qemu/channel/target/domain-16-gentoo5/org.qemu.guest_agent.0
|
|
|