From 40962fd9dede9cf0304f3ae61164b51ee42fbda5 Mon Sep 17 00:00:00 2001 From: Raphael Dannecker Date: Fri, 19 Jan 2024 20:08:19 +0100 Subject: [PATCH 01/18] distribute VM-images with aria2 instead of ctorrent --- roles/lmn_vm/files/images.list | 5 - roles/lmn_vm/files/linbo-torrent | 33 --- roles/lmn_vm/files/linbo-torrenthelper.sh | 31 --- roles/lmn_vm/files/lmn-link-images | 3 - roles/lmn_vm/files/lmn-mounthome | 3 - roles/lmn_vm/files/lmn-startvirtiofsd | 3 - roles/lmn_vm/files/lmn-sync-vm | 3 - roles/lmn_vm/files/lmn-upload-vm | 1 - roles/lmn_vm/files/lmn-vm | 17 ++ roles/lmn_vm/files/upload-vm.sh | 67 ------ roles/lmn_vm/files/uploadseed | 83 +++++++ roles/lmn_vm/files/vm-aria2 | 30 +++ .../lmn_vm/files/{create-vm.sh => vm-create} | 27 ++- .../files/{link-images.sh => vm-link-images} | 18 +- .../lmn_vm/files/{rebase-vm.sh => vm-rebase} | 12 +- roles/lmn_vm/files/{run-vm.sh => vm-run} | 47 ++-- roles/lmn_vm/files/vm-sync | 131 +++++++++++ roles/lmn_vm/files/vm-upload | 70 ++++++ .../{start-virtiofsd.sh => vm-virtiofsd} | 0 roles/lmn_vm/files/vm.conf | 14 ++ roles/lmn_vm/files/vmimage-torrent | 213 ------------------ roles/lmn_vm/files/vmimage-torrent.service | 15 -- roles/lmn_vm/tasks/main.yml | 52 ++--- 23 files changed, 444 insertions(+), 434 deletions(-) delete mode 100644 roles/lmn_vm/files/images.list delete mode 100644 roles/lmn_vm/files/linbo-torrent delete mode 100755 roles/lmn_vm/files/linbo-torrenthelper.sh delete mode 100644 roles/lmn_vm/files/lmn-link-images delete mode 100644 roles/lmn_vm/files/lmn-mounthome delete mode 100644 roles/lmn_vm/files/lmn-startvirtiofsd delete mode 100644 roles/lmn_vm/files/lmn-sync-vm delete mode 100644 roles/lmn_vm/files/lmn-upload-vm create mode 100644 roles/lmn_vm/files/lmn-vm delete mode 100755 roles/lmn_vm/files/upload-vm.sh create mode 100755 roles/lmn_vm/files/uploadseed create mode 100755 roles/lmn_vm/files/vm-aria2 rename roles/lmn_vm/files/{create-vm.sh => vm-create} (69%) rename roles/lmn_vm/files/{link-images.sh => vm-link-images} (57%) rename roles/lmn_vm/files/{rebase-vm.sh => vm-rebase} (89%) rename roles/lmn_vm/files/{run-vm.sh => vm-run} (71%) create mode 100755 roles/lmn_vm/files/vm-sync create mode 100755 roles/lmn_vm/files/vm-upload rename roles/lmn_vm/files/{start-virtiofsd.sh => vm-virtiofsd} (100%) create mode 100644 roles/lmn_vm/files/vm.conf delete mode 100755 roles/lmn_vm/files/vmimage-torrent delete mode 100644 roles/lmn_vm/files/vmimage-torrent.service diff --git a/roles/lmn_vm/files/images.list b/roles/lmn_vm/files/images.list deleted file mode 100644 index 1129e07..0000000 --- a/roles/lmn_vm/files/images.list +++ /dev/null @@ -1,5 +0,0 @@ -win10.qcow2 -win10-SolidWorks.qcow2 -win10-Elektro.qcow2 -deb11.qcow2 -deb11-virtualbox.qcow2 diff --git a/roles/lmn_vm/files/linbo-torrent b/roles/lmn_vm/files/linbo-torrent deleted file mode 100644 index 958b2bb..0000000 --- a/roles/lmn_vm/files/linbo-torrent +++ /dev/null @@ -1,33 +0,0 @@ -# default values for linbo-torrenthelper service provided by ctorrent -# thomas@linuxmuster.net -# 20220317 -# -# note: you have to invoke 'linbo-torrent restart' after you have changed any values -# - -# Exit while seed hours later (default 72 hours) -SEEDHOURS="100000" - -# Max peers count (default 100) -MAXPEERS="100" - -# Min peers count (default 1) -MINPEERS="1" - -# Download slice/block size, unit KB (default 16, max 128) -SLICESIZE="128" - -# Max bandwidth down (unit KB/s, default unlimited) -MAXDOWN="" - -# Max bandwidth up (unit KB/s, default unlimited) -MAXUP="" - -# Supplemental ctorrent options, separated by space (-v: Verbose output for debugging) -#OPTIONS="-v" - -# Timeout in seconds until rsync fallback (client only) -TIMEOUT="300" - -# user to run ctorrent (server only) -CTUSER="lmnsynci" diff --git a/roles/lmn_vm/files/linbo-torrenthelper.sh b/roles/lmn_vm/files/linbo-torrenthelper.sh deleted file mode 100755 index 8c5f2a1..0000000 --- a/roles/lmn_vm/files/linbo-torrenthelper.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# -# thomas@linuxmuster.net -# GPL v3 -# 20220317 -# -# linbo ctorrent helper script, started in a screen session by init script -# - -torrent="$1" -[ -s "$torrent" ] || exit 1 - -# get ctorrent options from file -[ -e /etc/default/linbo-torrent ] && source /etc/default/linbo-torrent - -[ -n "$SEEDHOURS" ] && OPTIONS="$OPTIONS -e $SEEDHOURS" -[ -n "$MAXPEERS" ] && OPTIONS="$OPTIONS -M $MAXPEERS" -[ -n "$MINPEERS" ] && OPTIONS="$OPTIONS -m $MINPEERS" -[ -n "$SLICESIZE" ] && OPTIONS="$OPTIONS -z $SLICESIZE" -[ -n "$MAXDOWN" ] && OPTIONS="$OPTIONS -D $MAXDOWN" -[ -n "$MAXUP" ] && OPTIONS="$OPTIONS -U $MAXUP" -OPTIONS="$OPTIONS $torrent" - -[ -n "$CTUSER" ] && SUDO="/usr/bin/sudo -u $CTUSER" - -while true; do - #$SUDO /usr/bin/ctorrent $OPTIONS || exit 1 - nice -n 20 /usr/bin/ctorrent $OPTIONS || exit 1 - # hash check only on initial start, add -f parameter - echo "$OPTIONS" | grep -q ^"-f " || OPTIONS="-f $OPTIONS" -done diff --git a/roles/lmn_vm/files/lmn-link-images b/roles/lmn_vm/files/lmn-link-images deleted file mode 100644 index 15a6a14..0000000 --- a/roles/lmn_vm/files/lmn-link-images +++ /dev/null @@ -1,3 +0,0 @@ -%examusers ALL=(root) NOPASSWD: /usr/local/bin/link-images.sh -%role-student ALL=(root) NOPASSWD: /usr/local/bin/link-images.sh -%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/link-images.sh diff --git a/roles/lmn_vm/files/lmn-mounthome b/roles/lmn_vm/files/lmn-mounthome deleted file mode 100644 index ed958ff..0000000 --- a/roles/lmn_vm/files/lmn-mounthome +++ /dev/null @@ -1,3 +0,0 @@ -%examusers ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh -%role-student ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh -%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh \ No newline at end of file diff --git a/roles/lmn_vm/files/lmn-startvirtiofsd b/roles/lmn_vm/files/lmn-startvirtiofsd deleted file mode 100644 index a56b156..0000000 --- a/roles/lmn_vm/files/lmn-startvirtiofsd +++ /dev/null @@ -1,3 +0,0 @@ -%examusers ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd.sh -%role-student ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd.sh -%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd.sh diff --git a/roles/lmn_vm/files/lmn-sync-vm b/roles/lmn_vm/files/lmn-sync-vm deleted file mode 100644 index 1947e30..0000000 --- a/roles/lmn_vm/files/lmn-sync-vm +++ /dev/null @@ -1,3 +0,0 @@ -%role-teacher ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh -%role-student ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh -%examusers ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh diff --git a/roles/lmn_vm/files/lmn-upload-vm b/roles/lmn_vm/files/lmn-upload-vm deleted file mode 100644 index 599e9d8..0000000 --- a/roles/lmn_vm/files/lmn-upload-vm +++ /dev/null @@ -1 +0,0 @@ -%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/upload-vm.sh diff --git a/roles/lmn_vm/files/lmn-vm b/roles/lmn_vm/files/lmn-vm new file mode 100644 index 0000000..1297be9 --- /dev/null +++ b/roles/lmn_vm/files/lmn-vm @@ -0,0 +1,17 @@ +# vm-sync: Download and synchronize VM-Images and xml-Files +%role-teacher ALL=(lmnsynci) NOPASSWD: /usr/local/bin/vm-sync +%role-student ALL=(lmnsynci) NOPASSWD: /usr/local/bin/vm-sync +%examusers ALL=(lmnsynci) NOPASSWD: /usr/local/bin/vm-sync + +# vm-aria2: Start/Stop aria2 as systemd-service for VM-Images +lmnsynci ALL=(root) NOPASSWD: /usr/local/bin/vm-aria2 + +# vm-link-images: Link VM-Images to User-tmp-directory +%examusers ALL=(root) NOPASSWD: /usr/local/bin/vm-link-images +%role-student ALL=(root) NOPASSWD: /usr/local/bin/vm-link-images +%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/vm-link-images + +# start-virtiofsd: Start Virtiofsd as systemd-service +%examusers ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd +%role-student ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd +%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd diff --git a/roles/lmn_vm/files/upload-vm.sh b/roles/lmn_vm/files/upload-vm.sh deleted file mode 100755 index 7a05074..0000000 --- a/roles/lmn_vm/files/upload-vm.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/bash -# Push VM-Disk-Image on server -set -eu - -show_help() { - cat << EOF >&2 -Usage: $(basename "$0") vmname" -Create torrent and upload disk, torrent and xml-VM-Definiton on server. -EOF -} - -VM_DIR="/tmp/${SUDO_UID}/vm" - -upload_image() { - # check if VM-Diskimage exists - if [[ ! (-f "/lmn/vm/${VM_NAME}.qcow2" || -f "${VM_DIR}/${VM_NAME}.qcow2") ]]; then - echo "File not found ${VM_NAME}.qcow2" >&2 - exit 1 - fi - # check if VM-Machine-Definition XML exists - if [[ ! (-f "/lmn/vm/${VM_NAME}.xml" || -f "${VM_DIR}/${VM_NAME}.xml") ]]; then - echo "File not found ${VM_NAME}.xml" >&2 - exit 1 - fi - sudo -u lmnsynci /usr/local/bin/vmimage-torrent stop "${VM_NAME}.qcow2" || echo "VMImage-torrent not running" - # link private VM-Diskimage to system-Dir - if [[ -f "${VM_DIR}/${VM_NAME}.qcow2" \ - && ( -f "/lmn/vm/${VM_NAME}.qcow2" && ("${VM_DIR}/${VM_NAME}.qcow2" -nt "/lmn/vm/${VM_NAME}.qcow2") \ - || ! -f "/lmn/vm/${VM_NAME}.qcow2") ]]; then - echo "copy private VM-Diskimage to system-dir" - chown lmnsynci:lmnsynci "${VM_DIR}/${VM_NAME}.qcow2" - ln -f "${VM_DIR}/${VM_NAME}.qcow2" "/lmn/vm/${VM_NAME}.qcow2" - fi - # copy private VM-Maschine-Definition XML to system-Dir - if [[ -f "${VM_DIR}/${VM_NAME}.xml" \ - && ( -f "/lmn/vm/${VM_NAME}.xml" && $(cmp -s "${VM_DIR}/${VM_NAME}.xml" "/lmn/vm/${VM_NAME}.xml") \ - || ! -f "/lmn/vm/${VM_NAME}.xml") ]]; then - echo "copy private VM-Maschine-Definition XML to system-dir" - chown lmnsynci:lmnsynci "${VM_DIR}/${VM_NAME}.xml" - cp -a "${VM_DIR}/${VM_NAME}.xml" "/lmn/vm/" - fi - cd /lmn/vm - # (re-) create torrent file - sudo -u lmnsynci /usr/local/bin/vmimage-torrent create "${VM_NAME}.qcow2" - # create size-information-file - stat -c%s "${VM_NAME}.qcow2" > "${VM_NAME}.qcow2.size" - chown lmnsynci:lmnsynci "${VM_NAME}.qcow2.size" - # Upload Torrent, qcow2 and machine-definition-XML - [[ -f "/lmn/vm/${VM_NAME}.qcow2.torrent" ]] && rsync -av --password-file=/etc/rsync.secret \ - "/lmn/vm/${VM_NAME}.qcow2.torrent" rsync://vmuser@server:/vmimages-upload/ - rsync -av --password-file=/etc/rsync.secret "/lmn/vm/${VM_NAME}.qcow2.size" \ - rsync://vmuser@server:/vmimages-upload/ - rsync -av --password-file=/etc/rsync.secret "/lmn/vm/${VM_NAME}.qcow2" \ - rsync://vmuser@server:/vmimages-upload/ - rsync -av --password-file=/etc/rsync.secret "/lmn/vm/${VM_NAME}.xml" \ - rsync://vmuser@server:/vmimages-upload/ -} - -# if less than one arguments supplied, display usage -if [[ $# -ne 1 ]] ; then - show_help - exit 1 -fi - -VM_NAME=$1 - -upload_image diff --git a/roles/lmn_vm/files/uploadseed b/roles/lmn_vm/files/uploadseed new file mode 100755 index 0000000..eb64945 --- /dev/null +++ b/roles/lmn_vm/files/uploadseed @@ -0,0 +1,83 @@ +#!/usr/bin/python3 + +import os, sys +import subprocess +import xmlrpc.client as xc +import ssl +import argparse + +parser = argparse.ArgumentParser(description='Upload a file to the bittorrent seeder.') +parser.add_argument('--rpc-server', required=True, + help='the RPC server IPaddress:port') +parser.add_argument('--rpc-secret', required=True, + help='the RPC secret') +parser.add_argument('--dht-port', required=True, + help='the DHT port the RPC server is listening on') +parser.add_argument('--no-cert', action='store_true', + help='do not use SSL certificate') +parser.add_argument('--cert', help='the certificate to use for verification') +parser.add_argument('file', help='the file to upload') + +args = parser.parse_args() + +rpcseeder = 'https://' + args.rpc_server + '/rpc' +secret = 'token:' + args.rpc_secret +dhtentry = args.rpc_server.split(':')[0] + ':' + args.dht_port +file2send = args.file +torrent = '/tmp/' + os.path.basename(file2send) + '.torrent' + +ssl_ctx = ssl.create_default_context() +if args.no_cert: + ssl_ctx.check_hostname = False + ssl_ctx.verify_mode = ssl.CERT_NONE + print("Certificate verification disabled.") +elif args.cert is not None: + ssl_ctx.load_verify_locations(args.cert) + +s = xc.ServerProxy(rpcseeder, context = ssl_ctx) + +def make_torrent(): + if os.path.isfile(torrent): + print("Torrent file", torrent, "exists already, please (re)move it.") + sys.exit(1) + + subprocess.run(["/usr/bin/mktorrent", "-l 24", "-v", "-o", torrent, file2send], check=True) + h = subprocess.check_output(["/usr/bin/aria2c", "-S ", torrent]) + for line in h.decode().splitlines(): + if "Info Hash" in line: + return line.split(': ')[1] + +def check_seeds(bthash): + active_seeds = s.aria2.tellActive(secret) + for seed in active_seeds: + f = seed['bittorrent']['info']['name'] + gid = seed['gid'] + ihash = seed['infoHash'] + if f == os.path.basename(file2send): + print(file2send, "is already seeded with GID:", gid) + print("Info Hash is:", ihash) + if bthash == ihash: + print("The torrent file has not changed, exiting.") + return False + else: + print("The torrent file has changed, replacing torrent.") + s.aria2.remove(secret, gid) + return True + print("="*19, " Uploading new torrent with aria2 now. ", "="*19) + return True + +def upload_torrent(): + s.aria2.addTorrent(secret, xc.Binary(open(torrent, mode='rb').read())) + subprocess.run(["/usr/bin/aria2c", + "--dht-entry-point=" + dhtentry, + "--check-integrity", + "--dir=" + os.path.dirname(file2send), + torrent]) + +############################ + +if __name__ == '__main__': + infoHash = make_torrent() + if check_seeds(infoHash): + upload_torrent() + print("Upload finished.") diff --git a/roles/lmn_vm/files/vm-aria2 b/roles/lmn_vm/files/vm-aria2 new file mode 100755 index 0000000..39b3ae6 --- /dev/null +++ b/roles/lmn_vm/files/vm-aria2 @@ -0,0 +1,30 @@ +#!/usr/bin/bash + +set -eu + +# if less than one arguments supplied, display usage +if [[ $# -ne 2 ]]; then + echo "This script takes as input the name of the VM " >&2 + echo "Usage: $0 [start|stop] vm_name" >&2 + exit 1 +fi + +COMMAND="$1" +VM_NAME="$2" + +source /etc/lmn/vm.conf + +if [[ "${COMMAND}" = "start" ]]; then + systemd-run --unit=aria2-"${VM_NAME}" \ + --slice=system-aria2 \ + --uid="$(id -u lmnsynci)" \ + --gid="$(id -g lmnsynci)" \ + --nice=19 \ + --working-directory="${VM_SYSDIR}" \ + --collect \ + --property=Type=exec \ + --property=SuccessExitStatus=1 \ + aria2c --bt-hash-check-seed=true --check-integrity=true --seed-ratio=0.0 --dht-entry-point="${SEEDBOX_HOST}:${SEEDBOX_PORT}" "${VM_SYSDIR}/${VM_NAME}.qcow2.torrent" +elif [[ "${COMMAND}" = "stop" ]]; then + systemctl stop "aria2-${VM_NAME}.service" || echo "Aria2-Service not running" +fi diff --git a/roles/lmn_vm/files/create-vm.sh b/roles/lmn_vm/files/vm-create similarity index 69% rename from roles/lmn_vm/files/create-vm.sh rename to roles/lmn_vm/files/vm-create index bd1669f..5c5548f 100755 --- a/roles/lmn_vm/files/create-vm.sh +++ b/roles/lmn_vm/files/vm-create @@ -2,6 +2,20 @@ # create 1st level-Clones set -eu + +source /etc/lmn/vm.conf + +while getopts ':p' OPTION; do + case "$OPTION" in + p) + PERSISTENT=1 + VM_DIR="${VM_DIR_PERSISTENT}" + ;; + esac +done + +shift "$((OPTIND -1))" + # if less than two arguments supplied, display usage if [[ $# -ne 2 ]]; then echo "This script takes as input the name of the VM to clone" >&2 @@ -11,16 +25,19 @@ fi VM_NAME=$1 VM_CLONE=$2 -VM_DIR="/tmp/${UID}/vm" # Create User-VM-Dir and link system VM-Images [[ -d "${VM_DIR}" ]] || mkdir -p "${VM_DIR}" -sudo /usr/local/bin/link-images.sh +if [[ "${PERSISTENT}" -eq 1 ]]; then + sudo /usr/local/bin/vm-link-images -p +else + sudo /usr/local/bin/vm-link-images +fi # change to image-directory cd "${VM_DIR}" -if { [[ ! -f "${VM_NAME}.xml" ]] && [[ ! -f "/lmn/vm/${VM_NAME}.xml" ]]; } || [[ ! -f "${VM_NAME}.qcow2" ]]; then +if { [[ ! -f "${VM_NAME}.xml" ]] && [[ ! -f "${VM_SYSDIR}/${VM_NAME}.xml" ]]; } || [[ ! -f "${VM_NAME}.qcow2" ]]; then echo "xml or qcow2 File does not exists." >&2 exit 1 fi @@ -32,8 +49,8 @@ chmod a-w "${VM_NAME}-${VM_CLONE}.qcow2" # copy machine-definition-file if [[ -f "${VM_NAME}.xml" ]]; then cp "${VM_NAME}.xml" "${VM_NAME}-${VM_CLONE}.xml" -elif [[ -f "/lmn/vm/${VM_NAME}.xml" ]]; then - cp "/lmn/vm/${VM_NAME}.xml" "${VM_NAME}-${VM_CLONE}.xml" +elif [[ -f "${VM_SYSDIR}/${VM_NAME}.xml" ]]; then + cp "${VM_SYSDIR}/${VM_NAME}.xml" "${VM_NAME}-${VM_CLONE}.xml" else echo "no machine definition file found" >&2 exit 1 diff --git a/roles/lmn_vm/files/link-images.sh b/roles/lmn_vm/files/vm-link-images similarity index 57% rename from roles/lmn_vm/files/link-images.sh rename to roles/lmn_vm/files/vm-link-images index c9dd084..a3a06df 100755 --- a/roles/lmn_vm/files/link-images.sh +++ b/roles/lmn_vm/files/vm-link-images @@ -1,12 +1,22 @@ #!/usr/bin/bash -# link VM in Use-Dir in /tmp +# link VM in User-Dir in /tmp or /var/vm set -eu -# change to image-directory -cd /lmn/vm +source /etc/lmn/vm.conf -VM_DIR="/tmp/${SUDO_UID}/vm" +# change to image-directory +cd "${VM_SYSDIR}" + +while getopts ':p' OPTION; do + case "$OPTION" in + p) + VM_DIR="${VM_DIR_PERSISTENT}" + ;; + esac +done + +shift "$((OPTIND -1))" # link system-VM-Images to User VM Directory for i in *.qcow2; do diff --git a/roles/lmn_vm/files/rebase-vm.sh b/roles/lmn_vm/files/vm-rebase similarity index 89% rename from roles/lmn_vm/files/rebase-vm.sh rename to roles/lmn_vm/files/vm-rebase index d97a778..cc6292e 100755 --- a/roles/lmn_vm/files/rebase-vm.sh +++ b/roles/lmn_vm/files/vm-rebase @@ -10,11 +10,16 @@ This script takes as input the name of the VM to rebase one level down EOF } -while getopts ':n:' OPTION; do +source /etc/lmn/vm.conf + +while getopts ':n:p' OPTION; do case "$OPTION" in n) NEWNAME=$OPTARG ;; + p) + VM_DIR="${VM_DIR_PERSISTENT}" + ;; ?) show_help exit 1 @@ -31,7 +36,6 @@ if [[ $# -ne 1 ]]; then fi # change to Images directory -VM_DIR="/tmp/${UID}/vm" cd "${VM_DIR}" VM_NAME="$1" @@ -70,8 +74,8 @@ if [[ -v NEWNAME ]]; then CURRENTNAME="${CURRENTBASE/.qcow2/}" if [[ -f "${CURRENTNAME}.xml" ]]; then cp "${CURRENTNAME}.xml" "${NEWNAME}.xml" - elif [[ -f "/lmn/vm/${CURRENTNAME}.xml" ]]; then - cp "/lmn/vm/${CURRENTNAME}.xml" "${NEWNAME}.xml" + elif [[ -f "${VM_SYSDIR}/${CURRENTNAME}.xml" ]]; then + cp "${VM_SYSDIR}/${CURRENTNAME}.xml" "${NEWNAME}.xml" else echo "no machine definition file found" >&2 exit 1 diff --git a/roles/lmn_vm/files/run-vm.sh b/roles/lmn_vm/files/vm-run similarity index 71% rename from roles/lmn_vm/files/run-vm.sh rename to roles/lmn_vm/files/vm-run index 1f8a714..c5cbad4 100755 --- a/roles/lmn_vm/files/run-vm.sh +++ b/roles/lmn_vm/files/vm-run @@ -8,8 +8,8 @@ show_help() { Usage: $(basename "$0") [-n] vmname" Create a new clone, start the vm (if not yet running) and run virt-viewer. Squid-Proxy will be started too. -### remove, old ### User Home will be mounted on /media/USERNAME/home -n new clone will be created, even if exists + -p new clone will be created persistent, so available after reboot too -s qemu:///system instead of default qemu:///session EOF } @@ -23,31 +23,34 @@ exit_script() { check_images() { # sync vm-torrents and machine definition file - sudo -u lmnsynci /usr/local/bin/sync-vm.sh -t + sudo -u lmnsynci /usr/local/bin/vm-sync get_file "${VM_NAME}.xml" "${VM_NAME}.qcow2.torrent" + [[ -f "${VM_NAME}" ]] && sudo -u lmnsynci /usr/local/bin/vm-sync delete_outdated_image "${VM_NAME}.qcow2" BACKINGARRAY=() - imgfile="/lmn/vm/${VM_NAME}.qcow2" && [[ -f "${VM_DIR}/${VM_NAME}.qcow2" ]] && imgfile="${VM_DIR}/${VM_NAME}.qcow2" + imgfile="${VM_SYSDIR}/${VM_NAME}.qcow2" && [[ -f "${VM_DIR}/${VM_NAME}.qcow2" ]] && imgfile="${VM_DIR}/${VM_NAME}.qcow2" BACKINGARRAY+=("${imgfile}") echo "Imgfile=$imgfile" if [[ ! -f "${imgfile}" ]] || ! qemu-img info -U "${imgfile}" | grep "file format: qcow2"; then - if [[ ! -f "/lmn/vm/${VM_NAME}.qcow2.torrent" ]]; then + if [[ ! -f "${VM_SYSDIR}/${VM_NAME}.qcow2.torrent" ]]; then echo "no base VM disk '${VM_NAME}.qcow2' found and/or ${VM_NAME} not found on server" >&2 exit 1 fi # sync vm-disk image by torrent echo "Try to sync VM ${VM_NAME} by torrent" - sudo -u lmnsynci /usr/local/bin/sync-vm.sh "${VM_NAME}" + sudo -u lmnsynci /usr/local/bin/vm-sync get_image "${VM_NAME}" fi backingfile=$(qemu-img info -U "${imgfile}" | grep "^backing file:" | cut -d ' ' -f 3) - while [[ ! -z "${backingfile}" ]]; do + while [[ -n "${backingfile}" ]]; do echo "Backingfile required: ${backingfile}" - imgfile="/lmn/vm/${backingfile}" && [[ -f "${VM_DIR}/${backingfile}" ]] && imgfile="${VM_DIR}/${backingfile}" + imgfile="${VM_SYSDIR}/${backingfile}" && [[ -f "${VM_DIR}/${backingfile}" ]] && imgfile="${VM_DIR}/${backingfile}" BACKINGARRAY+=("${imgfile}") if [[ ! -f "${imgfile}" ]] || ! qemu-img info -U "${imgfile}" | grep "file format: qcow2"; then # sync vm-disk image by torrent echo "Try to sync backingfile ${backingfile} by torrent" - sudo -u lmnsynci /usr/local/bin/sync-vm.sh "${backingfile%.qcow2}" + sudo -u lmnsynci /usr/local/bin/vm-sync get_file "${backingfile}.torrent" + [[ -f "${backingfile}" ]] && sudo -u lmnsynci /usr/local/bin/vm-sync delete_outdated_image "${backingfile}" + sudo -u lmnsynci /usr/local/bin/vm-sync get_image "${backingfile%.qcow2}" fi backingfile=$(qemu-img info -U "${imgfile}" | grep "^backing file:" | cut -d ' ' -f 3) done @@ -62,27 +65,29 @@ check_images() { if ! qemu-img check -U "${BACKINGARRAY[$i]}" 2>/dev/null; then echo "check failed!" echo "sync ${BACKINGARRAY[$i]} again" - sudo -u lmnsynci /usr/local/bin/sync-vm.sh $(basename "${BACKINGARRAY[$i]}" .qcow2) + sudo -u lmnsynci /usr/local/bin/vm-sync get_image "$(basename "${BACKINGARRAY[$i]}" .qcow2)" fi done echo "VM-Image and required backingfiles available and checked" } -create-clone() { +create_clone() { local VM_NAME="$1" - local VM_DIR="/tmp/${UID}/vm" local VM_XML="${VM_DIR}/${VM_NAME}-clone.xml" - local VM_SYSDIR="/lmn/vm" - if ! [[ -f "$VM_SYSDIR/${VM_NAME}.xml" && -f "$VM_SYSDIR/${VM_NAME}.qcow2" ]] && ! [[ -f "${VM_DIR}/${VM_NAME}.xml" && -f "${VM_DIR}/${VM_NAME}.qcow2" ]]; then + if ! [[ -f "${VM_SYSDIR}/${VM_NAME}.xml" && -f "${VM_SYSDIR}/${VM_NAME}.qcow2" ]] && ! [[ -f "${VM_DIR}/${VM_NAME}.xml" && -f "${VM_DIR}/${VM_NAME}.qcow2" ]]; then echo "xml or qcow2 File does not exists." >&2 exit 1 fi # Create User-VM-Dir and link system VM-Images [[ -d "${VM_DIR}" ]] || mkdir -p "${VM_DIR}" - sudo /usr/local/bin/link-images.sh + if [[ "${PERSISTENT}" -eq 1 ]]; then + sudo /usr/local/bin/vm-link-images -p + else + sudo /usr/local/bin/vm-link-images + fi # Create backing file cd "${VM_DIR}" @@ -107,9 +112,16 @@ create-clone() { QEMU='qemu:///session' NEWCLONE=0 +PERSISTENT=0 -while getopts ':ns' OPTION; do +source /etc/lmn/vm.conf + +while getopts ':pns' OPTION; do case "$OPTION" in + p) + PERSISTENT=1 + VM_DIR="${VM_DIR_PERSISTENT}" + ;; n) NEWCLONE=1 ;; @@ -132,7 +144,6 @@ if [[ $# -ne 1 ]] ; then fi VM_NAME=$1 -VM_DIR="/tmp/${UID}/vm" # check, if we have to start squid if ! killall -s 0 squid; then @@ -147,14 +158,14 @@ if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then echo "VM not yet running." check_images if [[ "${NEWCLONE}" = 1 ]] || [[ ! -f "${VM_DIR}/${VM_NAME}-clone.qcow2" ]]; then - create-clone "${VM_NAME}" + create_clone "${VM_NAME}" fi # delete the old vm virsh --connect=qemu:///session undefine "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist" # finally, create the new vm virsh --connect=qemu:///session define "${VM_DIR}/${VM_NAME}-clone.xml" #trap exit_script SIGHUP SIGINT SIGTERM - [[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/start-virtiofsd.sh "${VM_NAME}" + [[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/vm-virtiofsd "${VM_NAME}" virsh --connect="${QEMU}" start "${VM_NAME}-clone" fi echo "starting viewer" diff --git a/roles/lmn_vm/files/vm-sync b/roles/lmn_vm/files/vm-sync new file mode 100755 index 0000000..5e2c6a8 --- /dev/null +++ b/roles/lmn_vm/files/vm-sync @@ -0,0 +1,131 @@ +#!/usr/bin/bash +# Push/Pull VM-Disk-Image and Infos from server +set -eu + +show_help() { + cat << EOF >&2 +Usage: $(basename "$0") command [args]" +command: + push_file + get_file + get_image + delete_outdated_image +EOF +} + +get_torrent() { + if [[ ! -f "${VM_SYSDIR}/${VM_NAME}.qcow2.torrent" ]]; then + echo "No torrent-File found" + exit 1 + fi + lockfile="/tmp/sync-vm-${VM_NAME}.lock" + if ! flock -n "$lockfile" echo "try to acquire lock"; then + echo torrent seems to be in process. + echo waiting for completion ... + flock -w 3600 "$lockfile" echo "...completed" + sleep 5 + else + ( + if ! flock -n 200; then + echo "failed to acquire lock" + echo "Bitte noch einmal starten." + echo "Beliebige Taste zum Beenden." + read -n 1 + exit 1 + fi + # stop aria2-seeding if running + sudo vm-aria2 stop "${VM_NAME}" + cd "${VM_SYSDIR}" + # get image + aria2c --seed-time=0 --dht-entry-point="${SEEDBOX_HOST}:${SEEDBOX_PORT}" "${VM_SYSDIR}/${VM_NAME}.qcow2.torrent" + # and seed + sudo vm-aria2 start "${VM_NAME}" + if ! flock -u 200; then + echo failed to drop lock + exit 1 + fi + ) 200>"$lockfile" + fi +} + + +get_image_size() { + torrentfile=$1 + length=$(aria2c -S "${torrentfile}" | grep "Total Length" | grep "Total Length" | sed -E 's/.*\(([0-9,]*)\)/\1/' | sed s/,//g) + echo "$length" +} + +delete_outdated_image() { + cd "${VM_SYSDIR}" + qcowsize=$(stat -c%s "${FILENAME}") + if [[ -f "${FILENAME}.torrent" ]] && [[ "${qcowsize}" != $(get_image_size "${FILENAME}.torrent") ]]; then + sudo vm-aria2 stop "${FILENAME%.qcow2}" + rm -f "${FILENAME}" + fi +} + +get_file() { + cd "${VM_SYSDIR}" + wget --no-proxy -O "${FILENAME}" "http://${SEEDBOX_HOST}/aria2/${FILENAME}" || echo "File not found on seedbox" +} + +push_file() { + cd "${VM_SYSDIR}" + uploadseed --rpc-server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" --rpc-secret insecure --no-cert "${FILENAME}" +} + +if [[ "$(id -nu)" != "lmnsynci" ]]; then + echo "$(basename "$0") must be run as lmnsynci user" + show_help + exit 1 +fi + +source /etc/lmn/vm.conf + +while getopts ':' OPTION; do + case "$OPTION" in + ?) + show_help + exit 1 + ;; + esac +done + +shift "$((OPTIND -1))" + +# if less than one arguments supplied, display usage +if [[ $# -lt 1 ]]; then + show_help + exit 1 +fi + +command=$1 +shift + +case "$command" in + push_file) + for FILENAME in "$@"; do + push_file + done + ;; + get_file) + for FILENAME in "$@"; do + get_file + done + ;; + get_image) + for VM_NAME in "$@"; do + get_torrent + done + ;; + delete_outdated_image) + for FILENAME in "$@"; do + delete_outdated_image + done + ;; + *) + show_help + exit 1 + ;; +esac + diff --git a/roles/lmn_vm/files/vm-upload b/roles/lmn_vm/files/vm-upload new file mode 100755 index 0000000..e3d62ee --- /dev/null +++ b/roles/lmn_vm/files/vm-upload @@ -0,0 +1,70 @@ +#!/usr/bin/bash +# Push VM-Disk-Image on server +set -eu + +show_help() { + cat << EOF >&2 +Usage: $(basename "$0") vmname" +Create torrent and upload disk and xml-VM-Definiton on server. +EOF +} + + +upload_image() { + # check if VM-Diskimage exists + if [[ ! (-f "${VM_SYSDIR}/${VM_NAME}.qcow2" || -f "${VM_DIR}/${VM_NAME}.qcow2") ]]; then + echo "File not found ${VM_NAME}.qcow2" >&2 + exit 1 + fi + # check if VM-Machine-Definition XML exists + if [[ ! (-f "${VM_SYSDIR}/${VM_NAME}.xml" || -f "${VM_DIR}/${VM_NAME}.xml") ]]; then + echo "File not found ${VM_NAME}.xml" >&2 + exit 1 + fi + sudo vm-aria2 stop "${VM_NAME}" || echo "VMImage-torrent not running" + # link private VM-Diskimage to system-Dir + if [[ -f "${VM_DIR}/${VM_NAME}.qcow2" \ + && ( -f "${VM_SYSDIR}/${VM_NAME}.qcow2" && ("${VM_DIR}/${VM_NAME}.qcow2" -nt "${VM_SYSDIR}/${VM_NAME}.qcow2") \ + || ! -f "${VM_SYSDIR}/${VM_NAME}.qcow2") ]]; then + echo "copy private VM-Diskimage to system-dir" + chown lmnsynci:lmnsynci "${VM_DIR}/${VM_NAME}.qcow2" + ln -f "${VM_DIR}/${VM_NAME}.qcow2" "${VM_SYSDIR}/${VM_NAME}.qcow2" + fi + # copy private VM-Maschine-Definition XML to system-Dir + if [[ -f "${VM_DIR}/${VM_NAME}.xml" \ + && ( -f "${VM_SYSDIR}/${VM_NAME}.xml" && $(cmp -s "${VM_DIR}/${VM_NAME}.xml" "${VM_SYSDIR}/${VM_NAME}.xml") \ + || ! -f "${VM_SYSDIR}/${VM_NAME}.xml") ]]; then + echo "copy private VM-Maschine-Definition XML to system-dir" + chown lmnsynci:lmnsynci "${VM_DIR}/${VM_NAME}.xml" + cp -a "${VM_DIR}/${VM_NAME}.xml" "${VM_SYSDIR}" + fi + cd "${VM_SYSDIR}" + uploadseed --rpc-server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" --rpc-secret insecure --no-cert "${VM_NAME}.qcow2" + uploadseed --rpc-server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" --rpc-secret insecure --no-cert "${VM_NAME}.xml" +} + +source /etc/lmn/vm.conf + +while getopts ':p' OPTION; do + case "$OPTION" in + p) + VM_DIR="${VM_DIR_PERSISTENT}" + ;; + ?) + show_help + exit 1 + ;; + esac +done + +shift "$((OPTIND -1))" + +# if less than one arguments supplied, display usage +if [[ $# -ne 1 ]] ; then + show_help + exit 1 +fi + +VM_NAME=$1 + +upload_image diff --git a/roles/lmn_vm/files/start-virtiofsd.sh b/roles/lmn_vm/files/vm-virtiofsd similarity index 100% rename from roles/lmn_vm/files/start-virtiofsd.sh rename to roles/lmn_vm/files/vm-virtiofsd diff --git a/roles/lmn_vm/files/vm.conf b/roles/lmn_vm/files/vm.conf new file mode 100644 index 0000000..b10aa9f --- /dev/null +++ b/roles/lmn_vm/files/vm.conf @@ -0,0 +1,14 @@ +# variables for LMN VM submodule + +SEEDBOX_HOST=seedbox.pn.steinbeis.schule +SEEDBOX_PORT=6789 +SEEDBOX_RPC_PORT=6800 + +VM_SYSDIR="/lmn/vm" +if [[ -v SUDO_UID ]]; then + VM_DIR="/tmp/${SUDO_UID}/vm" + VM_DIR_PERSISTENT="/var/vm/${SUDO_UID}" +else + VM_DIR="/tmp/${UID}/vm" + VM_DIR_PERSISTENT="/var/vm/${UID}" +fi diff --git a/roles/lmn_vm/files/vmimage-torrent b/roles/lmn_vm/files/vmimage-torrent deleted file mode 100755 index 4ec8bd6..0000000 --- a/roles/lmn_vm/files/vmimage-torrent +++ /dev/null @@ -1,213 +0,0 @@ -#!/bin/bash -# -# starts tmux sessions for each valid torrent in LINBODIR -# thomas@linuxmuster.net -# 20221103 -# - -# read environment -#. /usr/share/linuxmuster/defaults.sh || exit 1 -#THELPER=$LINBOSHAREDIR/linbo-torrenthelper.sh -THELPER=linbo-torrenthelper.sh -#. $LINBOSHAREDIR/helperfunctions.sh || exit 1 -LINBOIMGEXT="qcow2 qdiff" -LINBOIMGDIR="/lmn/vm" -serverip="10.190.1.1" - -# start of functions - -# help message -usage(){ - echo - echo "Info: vmimage-torrent manages the torrent tmux sessions of linbo images." - echo - echo "Usage:" - echo " vmimage-torrent [image_name]" - echo " vmimage-torrent attach " - echo - echo "Note:" - echo " * Only qcow2 & qdiff image files located below $LINBOIMGDIR are processed." - echo " * The commands \"start\", \"stop\" and \"restart\" may have optionally an image" - echo " filename as parameter. In this case the commands are only applied to the tmux" - echo " session of the certain file. Without an explicit image filename the commands" - echo " were applied to all image file sessions currently running." - echo " * An image filename parameter is mandatory with the commands \"check\", \"create\"" - echo " and \"attach\"." - echo " * \"check\" checks if the image file matches to the correspondig torrent." - echo " * \"create\" creates/recreates the torrent of a certain image file." - echo " * \"status\" shows a list of currently running torrent tmux sessions." - echo " * \"attach\" attaches a torrent tmux session of a certain image. An image or" - echo " session name must be given as parameter." - echo " Press [CTRL+B]+[D] to detach the session again." - echo " * \"reload\" is the identical to \"restart\" and is there for backwards compatibility." - echo - exit 1 -} - -# check torrent -check(){ - local image="$(basename "$IMGLIST")" - local torrent="$image.torrent" - local tdir="$(dirname "$IMGLIST")" - cd "$tdir" - echo "Checking $torrent ..." - if ctorrent -c "$torrent"; then - echo "Ok!" - else - echo "Failed!" - exit 1 - fi -} - -# creates torrent files -create(){ - local image="$(basename "$IMGLIST")" - local tdir="$(dirname "$IMGLIST")" - local torrent="${image}.torrent" - local session="${torrent//./_}" - # stop torrent service - vmimage-torrent status | grep -q ^"$session" && vmimage-torrent stop "$IMGLIST" - # skip already running torrents - echo "Creating $torrent ..." - cd "$tdir" - rm -f "$torrent" - if ctorrent -t -u "http://$serverip:6969/announce" -s "$torrent" "$image" ; then - [ "$START" = "no" ] || vmimage-torrent start "$IMGLIST" - else - echo "Failed!" - exit 1 - fi -} - -# starts torrent tmux sessions -start(){ - local item - local torrent - local image - local tdir - local session - for item in $IMGLIST; do - image="$(basename "$item")" - torrent="${image}.torrent" - tdir="$(dirname "$item")" - session="${torrent//./_}" - cd "$tdir" - if [ ! -s "$image" ]; then - echo "Image $image does not exist! Skipping this torrent." - continue - fi - # skip already running torrents - if vmimage-torrent status | grep -qw ^"$session"; then - echo "tmux session $session is already running." - continue - fi - # create torrent file if there is none - if [ ! -e "$torrent" ]; then - START="no" vmimage-torrent create "$item" || continue - fi - echo -n "Starting tmux session $session ... " - tmux new -ds "$session" "$THELPER $torrent ; exec $SHELL" - sleep 1 - if vmimage-torrent status | grep -qw ^"$session"; then - echo "Ok!" - else - echo "Failed!" - fi - done -} - -stop(){ - if [ -n "$SESSION" ]; then - vmimage-torrent status | grep -qw ^"$SESSION" || return - tmux kill-session -t "$SESSION" - else - local item - vmimage-torrent status | awk -F\: '{print $1}' | while read item; do - tmux kill-session -t "$item" - done - fi -} - -attach(){ - if ! tmux list-sessions | grep -qw "$SESSION"; then - echo "There is no session $SESSION." - exit 1 - fi - echo "Hint: Detach tmux session with [CTRL+B]+[D]." - sleep 3 - tmux attach -t "$SESSION" -} - -status(){ - tmux list-sessions | grep _torrent -} - -find_images(){ - local search="$(basename "$1")" - if [ -n "$search" ]; then - find "$LINBOIMGDIR" -maxdepth 2 -name "$search" - return - fi - local IMGLIST - for search in $LINBOIMGEXT; do - IMGLIST="$IMGLIST $(find "$LINBOIMGDIR" -maxdepth 2 -name \*.$search)" - done - # trim leading and trailing spaces - echo $IMGLIST | awk '{$1=$1};1' -} - -# end of functions - -# check parameters -if [ -n "$2" ] ; then - # trap torrent parameter - image="${2/.torrent/}" - case "$image" in - *.qcow2|*.qdiff) - if [ -e "$image" ]; then - IMGLIST="$image" - else - IMGLIST="$(find_images "$image")" - fi - if [ ! -e "$IMGLIST" ]; then - echo "Image file $(basename $image) not found." - usage - fi - filename="$(basename "$IMGLIST")" - SESSION="${filename//./_}_torrent" - ;; - *_torrent) - if [ "$1" = "attach" ]; then - SESSION="$image" - else - usage - fi - ;; - *) usage ;; - esac -else - case "$1" in - stop|status) ;; - attach|check|create) usage ;; - *) - IMGLIST="$(find_images)" - if [ -z "$IMGLIST" ]; then - echo "No linbo images found." - exit 0 - fi - ;; - esac -fi - -case "$1" in - start) start ;; - stop) stop ;; - restart|reload) stop ; start ;; - status) status ;; - create) create ;; - check) check ;; - attach) attach ;; - *) usage ;; -esac - -exit 0 diff --git a/roles/lmn_vm/files/vmimage-torrent.service b/roles/lmn_vm/files/vmimage-torrent.service deleted file mode 100644 index 576e6e1..0000000 --- a/roles/lmn_vm/files/vmimage-torrent.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=VM-image torrent service -After=network.target - -[Service] -Type=oneshot -RemainAfterExit=yes -User=lmnsynci -Group=lmnsynci -ExecStart=/usr/local/bin/vmimage-torrent start -ExecStop=/usr/local/bin/vmimage-torrent stop -ExecReload=/usr/local/bin/vmimage-torrent reload - -[Install] -WantedBy=multi-user.target diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml index 46f0c20..f6c34ff 100644 --- a/roles/lmn_vm/tasks/main.yml +++ b/roles/lmn_vm/tasks/main.yml @@ -13,7 +13,8 @@ - name: install libvirt packages apt: name: - - ctorrent + - aria2 + - mktorrent - libvirt-daemon-system - virt-manager state: latest @@ -80,6 +81,11 @@ system: true create_home: false +- name: Create /etc/lmn directory + file: + path: /etc/lmn + state: directory + - name: Create /lmn directory file: path: /lmn @@ -91,6 +97,12 @@ state: directory mode: '1777' +- name: Create /var/vm directory + file: + path: /var/vm + state: directory + mode: '1777' + - name: Create vm directory file: path: /lmn/vm @@ -127,10 +139,7 @@ mode: '0700' loop: - lmn-mounthome - - lmn-sync-vm - - lmn-upload-vm - - lmn-link-images - - lmn-startvirtiofsd + - lmn-vm - name: Deploy vmimages scripts copy: @@ -141,33 +150,24 @@ mode: '0755' loop: - mounthome.sh - - create-vm.sh - - rebase-vm.sh - - run-vm.sh - - upload-vm.sh - sync-vm.sh - - link-images.sh - - start-virtiofsd.sh - - linbo-torrenthelper.sh - - vmimage-torrent + - vm-create + - vm-rebase + - vm-run + - vm-upload + - vm-sync + - vm-link-images + - vm-virtiofsd - virtiofsd + - vm-aria2 + - uploadseed -- name: Deploy linbo-torrent defaults +- name: Deploy vm configuration file vm.conf copy: - src: linbo-torrent - dest: /etc/default/ + src: vm.conf + dest: /etc/lmn/vm.conf owner: root group: root - mode: '0755' - -- name: Deploy vmimage-torrent.service - copy: - src: vmimage-torrent.service - dest: /etc/systemd/system/ - owner: root - group: root - mode: '0644' - notify: "enable vmimage-torrent.service" - name: Prepare directory for qemu bridge config ansible.builtin.file: From 330e688fe8fca0a5cfc5c60ea3a877e936110cd0 Mon Sep 17 00:00:00 2001 From: Raphael Dannecker Date: Fri, 19 Jan 2024 22:08:12 +0100 Subject: [PATCH 02/18] sudo privileges for mounthome.sh and sync-vm.sh --- roles/lmn_vm/files/lmn-vm | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/lmn_vm/files/lmn-vm b/roles/lmn_vm/files/lmn-vm index 1297be9..50f8db7 100644 --- a/roles/lmn_vm/files/lmn-vm +++ b/roles/lmn_vm/files/lmn-vm @@ -15,3 +15,13 @@ lmnsynci ALL=(root) NOPASSWD: /usr/local/bin/vm-aria2 %examusers ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd %role-student ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd %role-teacher ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd + +# mounthome.sh: Mount old novell home directories +%examusers ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh +%role-student ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh +%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh + +# sync-vm.sh: sync desktop-starterfiles from server +%role-teacher ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh +%role-student ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh +%examusers ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh From 917b45aadc02bc9be73ffc6c605002468d2dff03 Mon Sep 17 00:00:00 2001 From: Raphael Dannecker Date: Fri, 19 Jan 2024 22:15:04 +0100 Subject: [PATCH 03/18] move sudo-config for mounthome back to separate file --- roles/lmn_vm/files/lmn-mounthome | 3 +++ roles/lmn_vm/files/lmn-vm | 5 ----- 2 files changed, 3 insertions(+), 5 deletions(-) create mode 100644 roles/lmn_vm/files/lmn-mounthome diff --git a/roles/lmn_vm/files/lmn-mounthome b/roles/lmn_vm/files/lmn-mounthome new file mode 100644 index 0000000..062c4f7 --- /dev/null +++ b/roles/lmn_vm/files/lmn-mounthome @@ -0,0 +1,3 @@ +%examusers ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh +%role-student ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh +%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh diff --git a/roles/lmn_vm/files/lmn-vm b/roles/lmn_vm/files/lmn-vm index 50f8db7..74736bd 100644 --- a/roles/lmn_vm/files/lmn-vm +++ b/roles/lmn_vm/files/lmn-vm @@ -16,11 +16,6 @@ lmnsynci ALL=(root) NOPASSWD: /usr/local/bin/vm-aria2 %role-student ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd %role-teacher ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd -# mounthome.sh: Mount old novell home directories -%examusers ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh -%role-student ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh -%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/mounthome.sh - # sync-vm.sh: sync desktop-starterfiles from server %role-teacher ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh %role-student ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh From 57ec856f499f7fb0183fbabee47d06e6a82d8967 Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Fri, 19 Jan 2024 21:43:32 +0100 Subject: [PATCH 04/18] Avoid exposing passwords in the process list, use a password file. --- lmn-client.yml | 1 + lmn-vault | 220 +++++++++++++++++----------------- roles/lmn_vm/files/uploadseed | 34 ++++-- roles/lmn_vm/files/vm-sync | 12 +- roles/lmn_vm/files/vm-upload | 6 +- roles/lmn_vm/files/vm.conf | 3 +- roles/lmn_vm/tasks/main.yml | 11 +- 7 files changed, 156 insertions(+), 131 deletions(-) diff --git a/lmn-client.yml b/lmn-client.yml index 100a088..41ade4d 100644 --- a/lmn-client.yml +++ b/lmn-client.yml @@ -57,6 +57,7 @@ ## Local mirror for libdvdcss. Remove or leave empty to use no mirror: mirror_dvdcss: "{{ vault_mirror_dvdcss }}" ## http://livebox.example.org/libdvdcss/ + uploadseed_pwd: "{{ vault_uploadseed_pwd }}" rsyncsecret: "{{ vault_rsyncsecret }}" keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM'] localuser: "{{ vault_localuser }}" ## needed here for the (universal) pam-mount configuration diff --git a/lmn-vault b/lmn-vault index 359df22..9479d19 100644 --- a/lmn-vault +++ b/lmn-vault @@ -1,110 +1,112 @@ $ANSIBLE_VAULT;1.1;AES256 -37663931383332613032386465663865336137383262383139636136653636623834343537316539 -3930303237653661363630656261323537663931646161370a626232346237383930396362646564 -34336337383932663166336166363933316238336632323364623161643136636438336637616530 -3064373439646363620a326433316565333630643238373062343037653038316263383233346533 -34396639656533656664323665653231633537366362616265343436626466393836363439636633 -32656532373038396638393861313832386466643735393737626138373032353362613039336530 -31306131616263333861346434636162303632356536656134346263623863306162643063353039 -32623930356561356333326334613666393639633436363539326436333530326337626538396562 -34353230306637623265623465313064623536343730396661306331313365343731366332613037 -33303534643231653439653962636237333962656631636634353730313535616637343666626364 -63633736393832663932636230356665626538313133333331323334336333353238623561313939 -66653138666335633330386263623937326164346663616131363833383536306162323737313736 -31343162633534366438306538376238333062646266666136376265383236363162313061326531 -62333531353630613639353166323035393038666263623931653631646263323062326434386361 -63646538656134616435663531393132663638383165643037303461643939373839626665663265 -61303961306238343635383231646362626639623232623333366338356361343737656665613431 -34363161626266346438303235363032646235303933383634303034343536626332623761306361 -39616239383161303334313936393632633866623031373265386661353330396432396364373330 -36386264633866316337393765333039373361653338663462663939323839373732393736393361 -32333034663966323665303532313039333438663466366435653136623166366263636434303966 -61303934633939373463373664376230363831383630633639663031303237356166663931386635 -30303461663236326536383439396139316232323162343965353034656464616431643439633837 -30346231643561636263343738613239396361383238636261646262373137383461373432343635 -33386631653139316436313532646630626230613335633538306666386163653439613462343662 -30626130326463393336643039396433643266393266646238353566306633643561386430613161 -30363263616231353661303030356638323438373466633466323833393463663562343933326631 -34313162383433356662346166383761636438636466633462396230383133613038323666643233 -63383138616637363830613661313236336564636162383262373064336365303435313463323564 -39313539656136613564393239343032373038393266656366643639303662646534306665396237 -35393264626430373662376231323165316333353263306637313962663736353633636661663961 -37336134643031323361333538613933666634666363313535636631323366613066633037653939 -32643165393631353534623435613732653364303833356436356263356438363961303665626364 -66363463633665393737616265613439326361353134623537626437303566343962626364623134 -34343165626230383039316134343238653933386134303936346162613261386539353064303330 -36353135323235663165353662643735636361646239333238306163393235663461613938643163 -34373464376163623961646262363437303563386333633764346366343066313065386530633334 -38306138616436653732316638373335353437363162373830623864633139313130386464666233 -31366165373539343766643135363136346430623335333061656664656338386661353366613865 -31323036633662636364343664626165346561323664366263383762343036373338346236353738 -31666361613036663861343937613364323130356565353161373431303732396337343134373538 -34326666346132656234623365643137343864363138666139333032393636333537626336313365 -65343136356261323637303833633132343334303366633063363437316331383434313164616332 -35636430643666626631353164646361303034366461343331376363323535303265353435323764 -63393935353731633364326365316238313031623662323235316237356663303236633838336365 -30323862656562643134363362323335396336666532336338346561623163653861316165633731 -61383736353137643339353638373035373136353161643737353839663833646230633230333962 -33363030333139613338396635396332613738363837356566646661336638613838303764616334 -32653234656265313566316463363235373337623634393764663066613530306166613238653164 -33636339336135666661303338376439636334326634373538326233653566346663376166346239 -33376130633439663130313637653865626464363531663035643466343932323439333638303663 -37346234316233373663303230353631646437616534396639396139616262383238323938666533 -38613061613632333637303731323564343664386365646562363766323734613332323462303266 -38626133643638376663343337393836663265633763326136336436346130316533373131366534 -32386465353938383266343930386362636265363761303431333730373261306564333137326562 -37643362316161643436633066343537336561623033326165623837633464663163326630346531 -38653233336639353938323932383761386230383639666265346536653035313530363665653562 -39333834313736316430666534353134373561343337323330376331323532643137663938306463 -30313162383230333138316339663432633962303161323065613039356464626166643430373465 -38343536343261346232636464316332336664643638653665333535366362303461633665666237 -31333937373762363166663936623034313934353137636266663665623066373239363164633731 -66303066336134343566313030613866313332626338363634336639636239613032343166366331 -64626130613163626230343366643063333766313530383734626161336565633635643639633361 -39663931656632333539383430393465636634663734656662393831316639316138663636373761 -34346363343966626235326338333264313266343334303533393932633032616661643236303537 -32653239393133373331623538313365636538326262373865373533646332663862373530363130 -32663938663266643461356237333139373133613833653333616464663635663131643336363534 -31313131376163633331326434303961353032633862366137326439363838383064323462643964 -30623433326361666136326237653866386534626133363334373838643635613436333035313364 -64393030323230393336373566393966326637363932336133333762626437373163626231336562 -64316538306366343732333031373765303339373436313535636231623739653932363064646461 -35323735393032333433633462313938626666303466356336323031343533346466383631653839 -32306139393039333336633639363034343566646164646334663561373563393434326233353863 -32336437623662396430623261633338623130386631616333373732383239386139326138643761 -33393031396563323566326262363037663439333233373435343039633664643064386665383931 -34653133373334346265656361333036636163386462316636643637313631323965623139313864 -37346161386539636438636533623563646535373731653336313130343365633365663533316233 -33343938333435333865653863363266326334383961396537373561366130316632376135393836 -63363033616164326364613537343037343632383638656237613633633139626363666163646537 -64393665373036396536376466633666653038613166353138636462633934306336396164323831 -32613434623539666439653131393365643738383032303930386135336664636239313031356330 -34643661643762313739386661326238343036633936376439643535383766323731353464616336 -63316438303937333232666339393635653265653066626335393839313131316164383131626637 -64313831306637313135633661333632376235656563323836656335303931663731303366326161 -63386137393835303339643933333130646532393262613635366139326434333731633630393433 -31646231616339363839623833326665333936316538343339663863356362356435666162633534 -39313833363962666139326535636133663332316431323835383035616161363032383766366363 -33653730616164313139623163356234633538356232386332656631643833663239663038643336 -35396563653433376661303961663563663333313132326263366137373263623566626634636332 -63393536303963626364653862333664616236386461323865363333663936363235653064383864 -61363464313434643938366230613139353034333330383435336364623136626565663764633230 -39383064323135336132356663366435333164313435363636353230386365316631393636613262 -37373666303836653664363266303534633037616630656633333466643631313865646462363931 -66353934393637623634326632326334616266393636343662396663373236326333663932333235 -36616439333265396266616364333239306166646335383462353235323661353837616534333433 -32623637326434613738326538323661356566373833393836343036373361393539363462393265 -33316237333532663266306139323464656530363539316364666638386338633137363533313065 -38626538323064656561613431613039323937333738353338323331656362306538613463393661 -36306237646264383338666563656239353439303265623763353839363032326261636238353235 -30353666373633396136336361363164353835646432643938316533613262373462626435646335 -62646134663362366266663565633934616166353363663039653464353330366130623930623237 -61353162376264646132393831376433303433663339336439623430346664353761363061363436 -32616539333066356563646363333133626262366566616133623635323335363936336362333062 -38303239353434306230663465623736313035376165623838346338383238383666313133333366 -62396633386133613538303565663332333730346638656161356637623931333062313462393562 -31336135326533653961393661656162653561653139333161643139363962373138383661303838 -34396461616538396331306331666434396537663534616465376565313837373232366235313830 -66393961346139393763333933326537383161373564656131323837376233393565333937616566 -39643961323236316661353331346164363137323536626665643864393137353964313465323930 -3334 +65646637366132333430346461646331313431363233363736306264633633396665626332623934 +6439363764316132383635626137313764633162636362340a613832323934646431663632396361 +36323539663238363738393131363034333561343233383238396234613434633334323235626637 +6266326166333334650a353637383131313136613635333237616361353732663734613833306538 +35643831653332346634616139363032656433623032383832363837653231306465353766343961 +65313134303434333635306634633731313462396535383662616134653762343732366431373032 +65346564663335633936636662626162636134636339343463376166666333346133616136626665 +66373064303562323564363864366363663336383862336632373436666330373465636135623762 +36656632346664326463646666313663343662363865343166376363313866663536623234383561 +61616637653630316230626337653135396134323636303538346435663639643662646133383363 +39393234333934656166366633356663326162396431383362306339623534646162613339383836 +39666464666163633033653434306365393933383232653364363062356133356239626538633338 +32303030626538373637323533303964643838383331366365326465666530623965613731663261 +33626563386262353531353635356430333633633665393230613561633836653636636639313663 +37373736346234313134313232376164633332386563383863343266626231373237643063663533 +39343939393331653665633335653264376531383364376565646239616231343531336134626531 +38396630363865376161313835376261646637383438323537626433323232353632386439393933 +32306238643436653666333561643764633831343962643165356232663932633763396437383634 +35313763323633643439376333643836613637613339343731636633313064386231613135623832 +32643934376233663865326534313735633535316635393932646263313135373633636333333737 +33386365363830336139323763303734383966616165356462333734333666343830356234616662 +30616434623237653138623538643331373432663137323333376632343065316431313734333965 +64333237396236666664613466623039626634343238363136363438663730626132646562646536 +61653562666636613164373464663931356565623862306332653230396230326636363638393862 +62663765373436303831613435383866323138316633336532336632383065343537326332653235 +30383764396361396565323035346531396365623130636538396238613037353438346365363331 +64383636376566306136653033613638323865653266383136373231353063303434636332363166 +37373462353530326663386139333536616138386431373763383838336365336634366339636637 +32356263653964343461393162396539303534343562653032643461626235373339666363646637 +37633934393036356331363563303330316234393535376338646235663235383966396634383166 +37656633373562643530663037333735396638363963323837653831396233653962356536616236 +37323139306131323561303061633136303234316335363361633766623530303762663465353163 +33313733386265346333663065366536616533326364613231313330373137616130373539313131 +37316637653934653035373965636633626262626561313338646261313530356163356364663834 +64663037666133626261386266666633336666323362373237626639373535333937336331353039 +30313833353766626332376432326531616464643364313232386633613361623234653536313830 +61626666333037393564303738646333643534623138366264353339326331386433343733623837 +63646431646533383331356334656466316465623735613537646536623364636632323566626233 +31663263623539343562383836366134366236346539386532373735633237373363636438366632 +39613330336365626137363765313930623262666263393835626532333262343265313761356333 +34623663633636373734326662363865396635613933393464356436393161303132663564366437 +35323166643762333862656561306239343034643562316534316236636362363162306131633961 +31653736613732643930666338333131373634333166633466656663636163396266306538626666 +65326163646137373236633363663063383162393435356163366665653033666161333037303035 +35396334663135373863646664613137666565356161353865316164633939323037323664346331 +63313230333565336232663166616465363038326663633066623531363338623430313332333138 +34363532643036343831353463356665646363363239643835396661356665393035303561653337 +62663335636533366334643636653366303231353630633166343832313133303663393836623036 +33616563636266356130356635663538343236356632376461626532626436616334386330356430 +62323864323534333032643737656164343633636365623664336236626239633138626230383536 +39306534383933326638666130383139316334373530373335633238316238353038643136366533 +38396661626661373964363630633963373732343161663065386539306637313633303534663466 +66396361373163313865373131636239613930333963663462306636626431363934343136616330 +30643763343838316338643463323833666639616437336361303363393361356431356266353233 +63366366336231386530313961356538613136366530343338353063343332333165323763613566 +34653133633532613332376634616234383237666261363038613437646366356332636530623534 +30613735663666636232623230633161663064666436333161633334356336383038386535336133 +39663963333031383961643232636539313137346132336462336165313862653366303135353730 +63303834313462646633333232646661623731613439633434663266303834376635346438356438 +39303066663633656234633131366330356363636535373034613037363837326562306562663538 +61316666643230626662663266373330643865393938313232306130376333306536393930363037 +66636562396339633763656431653036646361313632313932636231626333303337366266623238 +39616336656537363439373231643132363264306135346437386465326265666137353032336261 +61323234643662653233353737346661373630376630343635383834313038373162643135343434 +37613634333330326132623437623834363539343037643764303631613463343863643065643063 +33326537376130346365323361343266663331343038663037623438666362656236613065366235 +65363130356133353739623733376531636438643535633731646431653837343531313531373436 +31356139393363646262623664663261613931636330663436336466633038643763336337336330 +33393433346332623538653262303462636363363338346538376463373838363036343634363131 +31636332343931643436393464656165616631373339336537623130343630346164383830313165 +36316364653739646330663762356332393262653931613933643963626433633532353766663632 +65616262666433383763363636303131373064636261616661613139373766336639376336393962 +65336332303164353763636332323031363363653262386331313038646564393131303366653834 +33303464303566656363343464336164363264626436306465633261386464663764636431353037 +31363034323331333235346137653139323835326135653337323339346239383038363861313638 +31363136353037396634326239306665303230616131363965653439656361356538623135613238 +66366639333331306337323562343934313532323633613034353863623839636135393465383832 +34323031326262306161613439323836646538363136336537313266343662383935373762666138 +64336132356662366436326664653234303034623066313736353439396334653630643136336431 +31386330326636303334313535363564383964623538656666376136366365633538386139333862 +65336662653965343035306534393962616438636366646664383231316365366435663763643663 +64383034336565663561626262636263616336303066396164633464313830363338303932356638 +32373162313330303935316137366435373532346363386461303933643237383830623335626639 +33383335653436353831303163656530613962303439383563376534663738383035346433303834 +31663863343864656463643433383938393464613865356134346261663333616537663066333965 +32366466373165633936323232333237383638313434366437376237653837363532393564323035 +64623234376538666237653938346634346532656135333165353864383739353737643965636539 +63626134376330346538656539333362633765363735656161323635323164323038633139653663 +64616466353137623937333237633163646266326437663833393437336662356465336566353832 +30653063666261613534393439663664326336353338393439336137386662316137666236636337 +32326336396430633136333064383164373033366230333832333564616364663931653233333233 +62353264343865663865323461643032633465336564646161303039356266303738306435353131 +30376431616631613463313666383664343962306265613361376365353361303162653834623631 +33643762306232636134666366373637353234353265303437306261383861333235383530383638 +62353338323535333438376335636339386161326564623037323861343134396637366362646335 +66633865386339666265396438353362333463376361306666313331353063313331636539343835 +66326661386532343865653365356531663365663865666439653039643333363363653838616436 +38333037353333373866316333613538373263386334626665363239353162376335373238613737 +31616465326138663934356530353263653133636232396134316163343131316664633964643437 +37353937653665326638663631383733646563336162643361643366633564663439396639373966 +66356163343731353430626537326466393538363939313134343464643666323037356639323538 +35626137303439316233313664326535396234326432396132646361663936636362626232383530 +37366334333035656638383161663732393864333562373761303031353262303666626436373065 +66396233393864373463363065373461353538626135663937656330326632663863353438643838 +63663438356663313039616135393833623838366530353735333161663739366431393139623737 +63306464353039323065623765363665663266393934653962303761383362646364373239313062 +38353737663434646138303562303835373439653137656234653333313234366436623963386636 +66313837393636373537663030393331613633306531306339306261636366343362333736363465 +32316662666664636437393736383130663235373266393263623131643339323266633633336334 +30643737396364303462363262653332346637643466323339633435323436366430626339393537 +633439343732646238343833663731646631 diff --git a/roles/lmn_vm/files/uploadseed b/roles/lmn_vm/files/uploadseed index eb64945..f38d853 100755 --- a/roles/lmn_vm/files/uploadseed +++ b/roles/lmn_vm/files/uploadseed @@ -7,24 +7,34 @@ import ssl import argparse parser = argparse.ArgumentParser(description='Upload a file to the bittorrent seeder.') -parser.add_argument('--rpc-server', required=True, - help='the RPC server IPaddress:port') -parser.add_argument('--rpc-secret', required=True, - help='the RPC secret') +parser.add_argument('--server', required=True, + help="the server address and RPC port like 'IPaddress:port'") parser.add_argument('--dht-port', required=True, help='the DHT port the RPC server is listening on') -parser.add_argument('--no-cert', action='store_true', - help='do not use SSL certificate') -parser.add_argument('--cert', help='the certificate to use for verification') -parser.add_argument('file', help='the file to upload') +pwgrp = parser.add_mutually_exclusive_group(required=True) +pwgrp.add_argument('--passwd', + help='the RPC secret. Either this or --pwdfile needs to be ' \ + 'provided') +pwgrp.add_argument('--pwdfile', + help="file containing the RPC secret in the form " \ + "'secret = \"token:SECRET\"'. " \ + 'Either this or --secret needs to be provided') +certgrp = parser.add_mutually_exclusive_group(required=True) +certgrp.add_argument('--no-cert', action='store_true', + help='do not use SSL certificate') +certgrp.add_argument('--cert', help='the certificate to use for verification') +parser.add_argument('FILE', help='the file to upload') args = parser.parse_args() -rpcseeder = 'https://' + args.rpc_server + '/rpc' -secret = 'token:' + args.rpc_secret -dhtentry = args.rpc_server.split(':')[0] + ':' + args.dht_port -file2send = args.file +rpcseeder = 'https://' + args.server + '/rpc' +dhtentry = args.server.split(':')[0] + ':' + args.dht_port +file2send = args.FILE torrent = '/tmp/' + os.path.basename(file2send) + '.torrent' +if args.passwd: + secret = 'token:' + args.passwd +else: + exec(open(args.pwdfile).read()) ssl_ctx = ssl.create_default_context() if args.no_cert: diff --git a/roles/lmn_vm/files/vm-sync b/roles/lmn_vm/files/vm-sync index 5e2c6a8..0e3646e 100755 --- a/roles/lmn_vm/files/vm-sync +++ b/roles/lmn_vm/files/vm-sync @@ -71,7 +71,8 @@ get_file() { push_file() { cd "${VM_SYSDIR}" - uploadseed --rpc-server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" --rpc-secret insecure --no-cert "${FILENAME}" + uploadseed --server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" \ + --pwdfile "${SEEDBOX_PWFILE}" --no-cert "${FILENAME}" } if [[ "$(id -nu)" != "lmnsynci" ]]; then @@ -106,26 +107,25 @@ case "$command" in push_file) for FILENAME in "$@"; do push_file - done + done ;; get_file) for FILENAME in "$@"; do get_file - done + done ;; get_image) for VM_NAME in "$@"; do get_torrent - done + done ;; delete_outdated_image) for FILENAME in "$@"; do delete_outdated_image - done + done ;; *) show_help exit 1 ;; esac - diff --git a/roles/lmn_vm/files/vm-upload b/roles/lmn_vm/files/vm-upload index e3d62ee..ddb83e0 100755 --- a/roles/lmn_vm/files/vm-upload +++ b/roles/lmn_vm/files/vm-upload @@ -39,8 +39,10 @@ upload_image() { cp -a "${VM_DIR}/${VM_NAME}.xml" "${VM_SYSDIR}" fi cd "${VM_SYSDIR}" - uploadseed --rpc-server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" --rpc-secret insecure --no-cert "${VM_NAME}.qcow2" - uploadseed --rpc-server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" --rpc-secret insecure --no-cert "${VM_NAME}.xml" + uploadseed --server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" \ + --pwdfile "${SEEDBOX_PWFILE}" --no-cert "${VM_NAME}.qcow2" + uploadseed --server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" \ + --pwdfile "${SEEDBOX_PWFILE}" --no-cert "${VM_NAME}.xml" } source /etc/lmn/vm.conf diff --git a/roles/lmn_vm/files/vm.conf b/roles/lmn_vm/files/vm.conf index b10aa9f..2a50b69 100644 --- a/roles/lmn_vm/files/vm.conf +++ b/roles/lmn_vm/files/vm.conf @@ -1,8 +1,9 @@ # variables for LMN VM submodule -SEEDBOX_HOST=seedbox.pn.steinbeis.schule +SEEDBOX_HOST="seedbox.pn.steinbeis.schule" SEEDBOX_PORT=6789 SEEDBOX_RPC_PORT=6800 +SEEDBOX_PWFILE="/etc/lmn/uploadseed.conf" VM_SYSDIR="/lmn/vm" if [[ -v SUDO_UID ]]; then diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml index f6c34ff..7b4adc3 100644 --- a/roles/lmn_vm/tasks/main.yml +++ b/roles/lmn_vm/tasks/main.yml @@ -163,12 +163,21 @@ - uploadseed - name: Deploy vm configuration file vm.conf - copy: + ansible.builtin.copy: src: vm.conf dest: /etc/lmn/vm.conf owner: root group: root +- name: Deploy aria2 RPC password file + ansible.builtin.copy: + dest: /etc/lmn/uploadseed.conf + owner: root + group: lmnsynci + mode: '0640' + content: | + "{{ uploadseed_pwd }}" + - name: Prepare directory for qemu bridge config ansible.builtin.file: path: /etc/qemu/ From 350f4c26465a32850600193b2c03b139e985bc60 Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Sat, 20 Jan 2024 14:33:12 +0100 Subject: [PATCH 05/18] Configure a valid DHT cache directory. --- roles/lmn_vm/files/vm-sync | 9 +++++++-- roles/lmn_vm/files/vm.conf | 1 + roles/lmn_vm/tasks/main.yml | 9 ++++++++- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/roles/lmn_vm/files/vm-sync b/roles/lmn_vm/files/vm-sync index 0e3646e..e84b68b 100755 --- a/roles/lmn_vm/files/vm-sync +++ b/roles/lmn_vm/files/vm-sync @@ -37,7 +37,9 @@ get_torrent() { sudo vm-aria2 stop "${VM_NAME}" cd "${VM_SYSDIR}" # get image - aria2c --seed-time=0 --dht-entry-point="${SEEDBOX_HOST}:${SEEDBOX_PORT}" "${VM_SYSDIR}/${VM_NAME}.qcow2.torrent" + aria2c --seed-time=0 --dht-file-path=$DHTDAT \ + --dht-entry-point="${SEEDBOX_HOST}:${SEEDBOX_PORT}" \ + "${VM_SYSDIR}/${VM_NAME}.qcow2.torrent" # and seed sudo vm-aria2 start "${VM_NAME}" if ! flock -u 200; then @@ -51,7 +53,8 @@ get_torrent() { get_image_size() { torrentfile=$1 - length=$(aria2c -S "${torrentfile}" | grep "Total Length" | grep "Total Length" | sed -E 's/.*\(([0-9,]*)\)/\1/' | sed s/,//g) + length=$(aria2c -S "${torrentfile}" | grep "Total Length" | \ + sed -E -e 's/.*\(([0-9,]*)\)/\1/' -e 's/,//g') echo "$length" } @@ -75,6 +78,8 @@ push_file() { --pwdfile "${SEEDBOX_PWFILE}" --no-cert "${FILENAME}" } +######################## + if [[ "$(id -nu)" != "lmnsynci" ]]; then echo "$(basename "$0") must be run as lmnsynci user" show_help diff --git a/roles/lmn_vm/files/vm.conf b/roles/lmn_vm/files/vm.conf index 2a50b69..d774c3c 100644 --- a/roles/lmn_vm/files/vm.conf +++ b/roles/lmn_vm/files/vm.conf @@ -4,6 +4,7 @@ SEEDBOX_HOST="seedbox.pn.steinbeis.schule" SEEDBOX_PORT=6789 SEEDBOX_RPC_PORT=6800 SEEDBOX_PWFILE="/etc/lmn/uploadseed.conf" +DHTDAT="/var/cache/aria2/dht.dat" VM_SYSDIR="/lmn/vm" if [[ -v SUDO_UID ]]; then diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml index 7b4adc3..8a73e3f 100644 --- a/roles/lmn_vm/tasks/main.yml +++ b/roles/lmn_vm/tasks/main.yml @@ -176,7 +176,14 @@ group: lmnsynci mode: '0640' content: | - "{{ uploadseed_pwd }}" + {{ uploadseed_pwd }} + +- name: Prepare directory for aria2 dht.dat + ansible.builtin.file: + path: /var/cache/aria2/ + state: directory + owner: lmnsynci + group: lmnsynci - name: Prepare directory for qemu bridge config ansible.builtin.file: From 4ce97f54867eefb4fafa20a7b46f8e837f5dd6a6 Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Sat, 20 Jan 2024 14:38:02 +0100 Subject: [PATCH 06/18] Fixes and new desktop starter synchronization system. --- roles/lmn_vm/files/lmn-vm | 19 +++++++++++-------- roles/lmn_vm/files/vm-aria2 | 9 ++++++--- roles/lmn_vm/files/vm-create | 1 + roles/lmn_vm/files/vm-run | 1 + roles/lmn_vm/files/vm-sync | 3 ++- roles/lmn_vm/tasks/main.yml | 11 ++++++----- 6 files changed, 27 insertions(+), 17 deletions(-) diff --git a/roles/lmn_vm/files/lmn-vm b/roles/lmn_vm/files/lmn-vm index 74736bd..4f90db8 100644 --- a/roles/lmn_vm/files/lmn-vm +++ b/roles/lmn_vm/files/lmn-vm @@ -11,12 +11,15 @@ lmnsynci ALL=(root) NOPASSWD: /usr/local/bin/vm-aria2 %role-student ALL=(root) NOPASSWD: /usr/local/bin/vm-link-images %role-teacher ALL=(root) NOPASSWD: /usr/local/bin/vm-link-images -# start-virtiofsd: Start Virtiofsd as systemd-service -%examusers ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd -%role-student ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd -%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/start-virtiofsd +# vm-virtiofsd: Start Virtiofsd as systemd-service +%examusers ALL=(root) NOPASSWD: /usr/local/bin/vm-virtiofsd +%role-student ALL=(root) NOPASSWD: /usr/local/bin/vm-virtiofsd +%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/vm-virtiofsd -# sync-vm.sh: sync desktop-starterfiles from server -%role-teacher ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh -%role-student ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh -%examusers ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh +# desktop-sync: +%examusers ALL=(root) NOPASSWD: /usr/local/bin/desktop-sync +%role-student ALL=(root) NOPASSWD: /usr/local/bin/desktop-sync +%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/desktop-sync + +# vm-upload: +%role-teacher ALL=(lmnsynci) NOPASSWD: /usr/local/bin/vm-upload diff --git a/roles/lmn_vm/files/vm-aria2 b/roles/lmn_vm/files/vm-aria2 index 39b3ae6..7be4ac2 100755 --- a/roles/lmn_vm/files/vm-aria2 +++ b/roles/lmn_vm/files/vm-aria2 @@ -24,7 +24,10 @@ if [[ "${COMMAND}" = "start" ]]; then --collect \ --property=Type=exec \ --property=SuccessExitStatus=1 \ - aria2c --bt-hash-check-seed=true --check-integrity=true --seed-ratio=0.0 --dht-entry-point="${SEEDBOX_HOST}:${SEEDBOX_PORT}" "${VM_SYSDIR}/${VM_NAME}.qcow2.torrent" -elif [[ "${COMMAND}" = "stop" ]]; then - systemctl stop "aria2-${VM_NAME}.service" || echo "Aria2-Service not running" + aria2c --bt-hash-check-seed=true --check-integrity=true --seed-ratio=0.0 \ + --dht-entry-point="${SEEDBOX_HOST}:${SEEDBOX_PORT}" \ + --dht-file-path=$DHTDAT \ + "${VM_SYSDIR}/${VM_NAME}.qcow2.torrent" +elif [[ "${COMMAND}" = "stop" ]] && systemctl is-active "aria2-${VM_NAME}.service"; then + systemctl stop "aria2-${VM_NAME}.service" fi diff --git a/roles/lmn_vm/files/vm-create b/roles/lmn_vm/files/vm-create index 5c5548f..b669890 100755 --- a/roles/lmn_vm/files/vm-create +++ b/roles/lmn_vm/files/vm-create @@ -4,6 +4,7 @@ set -eu source /etc/lmn/vm.conf +PERSISTENT=0 while getopts ':p' OPTION; do case "$OPTION" in diff --git a/roles/lmn_vm/files/vm-run b/roles/lmn_vm/files/vm-run index c5cbad4..0e11ad0 100755 --- a/roles/lmn_vm/files/vm-run +++ b/roles/lmn_vm/files/vm-run @@ -156,6 +156,7 @@ export XDG_CONFIG_HOME="/tmp/${UID}/.config" if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then echo "VM not yet running." + sudo /usr/local/bin/desktop-sync check_images if [[ "${NEWCLONE}" = 1 ]] || [[ ! -f "${VM_DIR}/${VM_NAME}-clone.qcow2" ]]; then create_clone "${VM_NAME}" diff --git a/roles/lmn_vm/files/vm-sync b/roles/lmn_vm/files/vm-sync index e84b68b..b115154 100755 --- a/roles/lmn_vm/files/vm-sync +++ b/roles/lmn_vm/files/vm-sync @@ -69,7 +69,8 @@ delete_outdated_image() { get_file() { cd "${VM_SYSDIR}" - wget --no-proxy -O "${FILENAME}" "http://${SEEDBOX_HOST}/aria2/${FILENAME}" || echo "File not found on seedbox" + curl --fail --noproxy ${SEEDBOX_HOST} -o "${FILENAME}" \ + "http://${SEEDBOX_HOST}/aria2/${FILENAME}" || echo "File not found on seedbox" } push_file() { diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml index 8a73e3f..d3630b7 100644 --- a/roles/lmn_vm/tasks/main.yml +++ b/roles/lmn_vm/tasks/main.yml @@ -150,7 +150,6 @@ mode: '0755' loop: - mounthome.sh - - sync-vm.sh - vm-create - vm-rebase - vm-run @@ -161,6 +160,7 @@ - virtiofsd - vm-aria2 - uploadseed + - desktop-sync - name: Deploy vm configuration file vm.conf ansible.builtin.copy: @@ -259,7 +259,8 @@ dest: /etc/xdg/menus/applications-merged/ notify: Run update-desktop-database -- name: Sync .torrent, .xml and .desktop files and run update-desktop-database - command: sudo -u lmnsynci /usr/local/bin/sync-vm.sh -t - register: result - changed_when: result.stdout | length > 0 +- name: Copy initial sync starter + ansible.builtin.copy: + src: sync.desktop + dest: /usr/local/share/applications/ + notify: Run update-desktop-database From 5a2ae0d33c2753c8362d33b66f1bf0109a34ba1b Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Mon, 22 Jan 2024 10:06:33 +0100 Subject: [PATCH 07/18] Add files and variable missing in last commit. --- roles/lmn_vm/files/desktop-sync | 13 +++++++++++++ roles/lmn_vm/files/sync.desktop | 13 +++++++++++++ roles/lmn_vm/files/vm.conf | 1 + 3 files changed, 27 insertions(+) create mode 100644 roles/lmn_vm/files/desktop-sync create mode 100644 roles/lmn_vm/files/sync.desktop diff --git a/roles/lmn_vm/files/desktop-sync b/roles/lmn_vm/files/desktop-sync new file mode 100644 index 0000000..4967e49 --- /dev/null +++ b/roles/lmn_vm/files/desktop-sync @@ -0,0 +1,13 @@ +#!/usr/bin/bash +# +# Synchronize desktop starters +# +set -eu + +source /etc/lmn/vm.conf +RSYNC_COMMAND=$(rsync -ai --delete --exclude=mimeinfo.cache "${DESKTOPSTARTERDIR}" \ + /usr/local/share/applications/ | sed '/ \.\//d') +if [[ $? -eq 0 ]] && [[ -n "${RSYNC_COMMAND}" ]]; then + echo "${RSYNC_COMMAND}" + update-desktop-database /usr/local/share/applications +fi diff --git a/roles/lmn_vm/files/sync.desktop b/roles/lmn_vm/files/sync.desktop new file mode 100644 index 0000000..5646f6b --- /dev/null +++ b/roles/lmn_vm/files/sync.desktop @@ -0,0 +1,13 @@ +[Desktop Entry] +Version=1.0 +Type=Application +Name=Sync Starters +GenericName=Aktualisiert Info über vorhandene VMs +Comment=Sync VM Image information +#TryExec=konsole +Exec=if sudo /usr/local/bin/desktop-sync; then echo 'sync erfolgreich.\nFenster schließt sich in 3 Sekunden.'; sleep 3; else echo "Fehler - sollte nicht vorkommen."; read; fi +Icon=bittorrent-sync +Categories=fvs; +MimeType=image/vnd.dxf; +Keywords=design;VM;diagrams;graphics +Terminal=true diff --git a/roles/lmn_vm/files/vm.conf b/roles/lmn_vm/files/vm.conf index d774c3c..8bd4189 100644 --- a/roles/lmn_vm/files/vm.conf +++ b/roles/lmn_vm/files/vm.conf @@ -5,6 +5,7 @@ SEEDBOX_PORT=6789 SEEDBOX_RPC_PORT=6800 SEEDBOX_PWFILE="/etc/lmn/uploadseed.conf" DHTDAT="/var/cache/aria2/dht.dat" +DESKTOPSTARTERDIR="/srv/samba/schools/default-school/share/school/AdminIT/desktop/" VM_SYSDIR="/lmn/vm" if [[ -v SUDO_UID ]]; then From b5bb3c9fa627e29534acc1d6cd40b2961536a893 Mon Sep 17 00:00:00 2001 From: Raphael Dannecker Date: Wed, 24 Jan 2024 10:02:03 +0100 Subject: [PATCH 08/18] create VMs without xml machine file --- roles/lmn_vm/files/vm-create | 23 +---- roles/lmn_vm/files/vm-link-images | 5 -- roles/lmn_vm/files/vm-rebase | 11 --- roles/lmn_vm/files/vm-run | 143 +++++++++++++++++++++--------- roles/lmn_vm/files/vm-upload | 17 +--- 5 files changed, 102 insertions(+), 97 deletions(-) diff --git a/roles/lmn_vm/files/vm-create b/roles/lmn_vm/files/vm-create index b669890..4fb2a67 100755 --- a/roles/lmn_vm/files/vm-create +++ b/roles/lmn_vm/files/vm-create @@ -38,29 +38,10 @@ fi # change to image-directory cd "${VM_DIR}" -if { [[ ! -f "${VM_NAME}.xml" ]] && [[ ! -f "${VM_SYSDIR}/${VM_NAME}.xml" ]]; } || [[ ! -f "${VM_NAME}.qcow2" ]]; then - echo "xml or qcow2 File does not exists." >&2 +if [[ ! -f "${VM_NAME}.qcow2" ]]; then + echo "qcow2 File does not exists." >&2 exit 1 fi qemu-img create -f qcow2 -F qcow2 -b "${VM_NAME}.qcow2" "${VM_NAME}-${VM_CLONE}.qcow2" chmod a-w "${VM_NAME}-${VM_CLONE}.qcow2" - -# virsh --connect=qemu:///system dumpxml "${VM_NAME}" > "xml/${VM_NAME}-${VM_CLONE}.xml" -# copy machine-definition-file -if [[ -f "${VM_NAME}.xml" ]]; then - cp "${VM_NAME}.xml" "${VM_NAME}-${VM_CLONE}.xml" -elif [[ -f "${VM_SYSDIR}/${VM_NAME}.xml" ]]; then - cp "${VM_SYSDIR}/${VM_NAME}.xml" "${VM_NAME}-${VM_CLONE}.xml" -else - echo "no machine definition file found" >&2 - exit 1 -fi - -# hardware addresses need to be removed, libvirt will assign -# new addresses automatically -# and actually rename the vm: (this also updates the storage path) -sed -i -E \ - -e '/.+<\/uuid>/d' \ - -e '/.+mac address.+[[:xdigit:]:]{17}.+/d' \ - -e "s/${VM_NAME}/${VM_NAME}-${VM_CLONE}/" "${VM_NAME}-${VM_CLONE}.xml" diff --git a/roles/lmn_vm/files/vm-link-images b/roles/lmn_vm/files/vm-link-images index a3a06df..efa083c 100755 --- a/roles/lmn_vm/files/vm-link-images +++ b/roles/lmn_vm/files/vm-link-images @@ -22,8 +22,3 @@ shift "$((OPTIND -1))" for i in *.qcow2; do [[ -f "${VM_DIR}/${i}" ]] || ln "${i}" "${VM_DIR}/${i}" done - -# link system-VM-Machine-Definitions to User VM Directory -for i in *.xml; do - [[ -f "${VM_DIR}/${i}" ]] || ln "${i}" "${VM_DIR}/${i}" -done diff --git a/roles/lmn_vm/files/vm-rebase b/roles/lmn_vm/files/vm-rebase index cc6292e..b235760 100755 --- a/roles/lmn_vm/files/vm-rebase +++ b/roles/lmn_vm/files/vm-rebase @@ -70,17 +70,6 @@ fi # rebasing disk image qemu-img rebase -f qcow2 -b "${NEWBASE}" -F qcow2 "${VM_NAME}.qcow2" if [[ -v NEWNAME ]]; then - # copy and adapt machine definition file - CURRENTNAME="${CURRENTBASE/.qcow2/}" - if [[ -f "${CURRENTNAME}.xml" ]]; then - cp "${CURRENTNAME}.xml" "${NEWNAME}.xml" - elif [[ -f "${VM_SYSDIR}/${CURRENTNAME}.xml" ]]; then - cp "${VM_SYSDIR}/${CURRENTNAME}.xml" "${NEWNAME}.xml" - else - echo "no machine definition file found" >&2 - exit 1 - fi - sed -i "s/${CURRENTNAME}/${NEWNAME}/" "${NEWNAME}.xml" NEWNAME="${NEWNAME}.qcow2" else rm "${CURRENTBASE}" diff --git a/roles/lmn_vm/files/vm-run b/roles/lmn_vm/files/vm-run index 0e11ad0..eef1010 100755 --- a/roles/lmn_vm/files/vm-run +++ b/roles/lmn_vm/files/vm-run @@ -5,12 +5,18 @@ set -eu show_help() { cat << EOF >&2 -Usage: $(basename "$0") [-n] vmname" +Usage: $(basename "$0") [options] vmname" Create a new clone, start the vm (if not yet running) and run virt-viewer. Squid-Proxy will be started too. - -n new clone will be created, even if exists - -p new clone will be created persistent, so available after reboot too - -s qemu:///system instead of default qemu:///session +options: + -n|--new new clone will be created, even if exists + -p|--persistent new clone will be created persistent, so available after reboot too + -s|--system qemu:///system instead of default qemu:///session + --memory sizeMB memory size in MB + --cpu num number of CPUs + --os OS operating system (win10|linux|..) + --data-disk size additional data-disk + --options options additional options for virt-install command EOF } @@ -23,7 +29,7 @@ exit_script() { check_images() { # sync vm-torrents and machine definition file - sudo -u lmnsynci /usr/local/bin/vm-sync get_file "${VM_NAME}.xml" "${VM_NAME}.qcow2.torrent" + sudo -u lmnsynci /usr/local/bin/vm-sync get_file "${VM_NAME}.qcow2.torrent" [[ -f "${VM_NAME}" ]] && sudo -u lmnsynci /usr/local/bin/vm-sync delete_outdated_image "${VM_NAME}.qcow2" BACKINGARRAY=() @@ -74,10 +80,9 @@ check_images() { create_clone() { local VM_NAME="$1" - local VM_XML="${VM_DIR}/${VM_NAME}-clone.xml" - if ! [[ -f "${VM_SYSDIR}/${VM_NAME}.xml" && -f "${VM_SYSDIR}/${VM_NAME}.qcow2" ]] && ! [[ -f "${VM_DIR}/${VM_NAME}.xml" && -f "${VM_DIR}/${VM_NAME}.qcow2" ]]; then - echo "xml or qcow2 File does not exists." >&2 + if ! [[ -f "${VM_SYSDIR}/${VM_NAME}.qcow2" || -f "${VM_DIR}/${VM_NAME}.qcow2" ]]; then + echo "qcow2 File does not exists." >&2 exit 1 fi @@ -93,49 +98,65 @@ create_clone() { cd "${VM_DIR}" qemu-img create -f qcow2 -F qcow2 -b "${VM_NAME}.qcow2" "${VM_NAME}-clone.qcow2" - # Create machine-definition-file - cp "${VM_DIR}/${VM_NAME}.xml" "${VM_XML}" - - # set VM_DIR: - sed -i "s:VMIMAGEDIR:${VM_DIR}:" "${VM_XML}" - # and actually rename the vm (this also updates part of the storage path): - sed -i "s/${VM_NAME}/${VM_NAME}-clone/" "${VM_XML}" - # set virtiofs-Socket - sed -i "s:VIRTIOFSSOCKET:/run/user/${UID}/virtiofs-${VM_NAME}.sock:" "${VM_XML}" - - # find macvtap interface MAC address: - MAC="$(ip link | grep -A1 "vm-macvtap" | - sed -nE "s%\s+link/ether ([[:xdigit:]:]{17}) .+%\1%p")" - sed -i -E -e "s/MACMACVTAP/$MAC/" "${VM_XML}" } QEMU='qemu:///session' NEWCLONE=0 PERSISTENT=0 +LIBVIRTOSINFO="win10" +LIBVIRTOPTS="" source /etc/lmn/vm.conf -while getopts ':pns' OPTION; do - case "$OPTION" in - p) - PERSISTENT=1 - VM_DIR="${VM_DIR_PERSISTENT}" - ;; - n) - NEWCLONE=1 - ;; - s) - QEMU='qemu:///system' - ;; - ?) - show_help - exit 1 - ;; - esac -done +TEMP=$(getopt -o no:ps --long new,options:,persistent:,system,memory:,data-disk:,cpu:,os:,help -n $0 -- "$@") +if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi -shift "$((OPTIND -1))" +eval set -- "$TEMP" + +while true; do + case "$1" in + -p | --persistent ) + PERSISTENT=1; + VM_DIR="${VM_DIR_PERSISTENT}" + shift + ;; + -n | --new ) + NEWCLONE=1 + shift + ;; + -s | --system ) + QEMU='qemu:///system' + shift + ;; + -o | --options ) + LIBVIRTOPTS=$2 + shift 2 + ;; + --data-disk ) + LIBVIRTOPTS="${LIBVIRTOPTS} --disk ${VM_DIR}/data.qcow2,size=$2,sparse=yes" + shift 2 + ;; + --memory ) + LIBVIRTOPTS="${LIBVIRTOPTS} --memory $2" + shift 2 + ;; + --cpu ) + LIBVIRTOPTS="${LIBVIRTOPTS} --vcpu $2" + shift 2 + ;; + --os ) + LIBVIRTOSINFO=$2 + shift 2 + ;; + --help ) + show_help + exit 1 + ;; + -- ) shift; break ;; + * ) break ;; + esac +done # if less than one arguments supplied, display usage if [[ $# -ne 1 ]] ; then @@ -163,11 +184,45 @@ if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then fi # delete the old vm virsh --connect=qemu:///session undefine "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist" - # finally, create the new vm - virsh --connect=qemu:///session define "${VM_DIR}/${VM_NAME}-clone.xml" #trap exit_script SIGHUP SIGINT SIGTERM + + # start virtiofsd-service [[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/vm-virtiofsd "${VM_NAME}" - virsh --connect="${QEMU}" start "${VM_NAME}-clone" + + # finally, create the new vm + + if ip link | grep virbr1; then + LIBVIRTOPTS="${LIBVIRTOPTS} --network=bridge=virbr1,model.type=virtio" + fi + + +# TODO +# # find macvtap interface MAC address: +# MAC="$(ip link | grep -A1 "vm-macvtap" | +# sed -nE "s%\s+link/ether ([[:xdigit:]:]{17}) .+%\1%p")" +# sed -i -E -e "s/MACMACVTAP/$MAC/" "${VM_XML}" + + virt-install \ + --osinfo "${LIBVIRTOSINFO}" \ + --name "${VM_NAME}-clone" \ + --import \ + --clock hpet_present=yes \ + --features hyperv.synic.state=on,xpath1.set=./hyperv/vpindex/@state=on \ + --memorybacking source.type=memfd,access.mode=shared \ + --disk "${VM_DIR}/${VM_NAME}-clone.qcow2" \ + --network=bridge=virbr0,model.type=virtio \ + --filesystem driver.type=virtiofs,accessmode=passthrough,target.dir=virtiofs,xpath1.set=./source/@socket="/run/user/${UID}/virtiofs-${VM_NAME}.sock" \ + --check path_in_use=off \ + --connect="${QEMU}" \ + --noautoconsole \ + ${LIBVIRTOPTS} +# --dry-run \ +# --print-xml \ +# > /tmp/vm.xml +# --features hyperv.synic.state=on,xpath1.set=./hyperv/vpindex/@state=on,xpath2.set=./hyperv/stimer/@state=on \ +# --network type=ethernet,target.dev=vm-macvtap,xpath1.set=./target/@managed=no \ + +# virsh --connect="${QEMU}" start "${VM_NAME}-clone" fi echo "starting viewer" trap exit_script SIGHUP SIGINT SIGTERM diff --git a/roles/lmn_vm/files/vm-upload b/roles/lmn_vm/files/vm-upload index ddb83e0..732b59b 100755 --- a/roles/lmn_vm/files/vm-upload +++ b/roles/lmn_vm/files/vm-upload @@ -5,7 +5,7 @@ set -eu show_help() { cat << EOF >&2 Usage: $(basename "$0") vmname" -Create torrent and upload disk and xml-VM-Definiton on server. +Create torrent and upload disk on server. EOF } @@ -16,11 +16,6 @@ upload_image() { echo "File not found ${VM_NAME}.qcow2" >&2 exit 1 fi - # check if VM-Machine-Definition XML exists - if [[ ! (-f "${VM_SYSDIR}/${VM_NAME}.xml" || -f "${VM_DIR}/${VM_NAME}.xml") ]]; then - echo "File not found ${VM_NAME}.xml" >&2 - exit 1 - fi sudo vm-aria2 stop "${VM_NAME}" || echo "VMImage-torrent not running" # link private VM-Diskimage to system-Dir if [[ -f "${VM_DIR}/${VM_NAME}.qcow2" \ @@ -30,19 +25,9 @@ upload_image() { chown lmnsynci:lmnsynci "${VM_DIR}/${VM_NAME}.qcow2" ln -f "${VM_DIR}/${VM_NAME}.qcow2" "${VM_SYSDIR}/${VM_NAME}.qcow2" fi - # copy private VM-Maschine-Definition XML to system-Dir - if [[ -f "${VM_DIR}/${VM_NAME}.xml" \ - && ( -f "${VM_SYSDIR}/${VM_NAME}.xml" && $(cmp -s "${VM_DIR}/${VM_NAME}.xml" "${VM_SYSDIR}/${VM_NAME}.xml") \ - || ! -f "${VM_SYSDIR}/${VM_NAME}.xml") ]]; then - echo "copy private VM-Maschine-Definition XML to system-dir" - chown lmnsynci:lmnsynci "${VM_DIR}/${VM_NAME}.xml" - cp -a "${VM_DIR}/${VM_NAME}.xml" "${VM_SYSDIR}" - fi cd "${VM_SYSDIR}" uploadseed --server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" \ --pwdfile "${SEEDBOX_PWFILE}" --no-cert "${VM_NAME}.qcow2" - uploadseed --server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" \ - --pwdfile "${SEEDBOX_PWFILE}" --no-cert "${VM_NAME}.xml" } source /etc/lmn/vm.conf From fb4041b6f2bb120be051332318bcad40ce5c0a78 Mon Sep 17 00:00:00 2001 From: Raphael Dannecker Date: Tue, 30 Jan 2024 15:17:02 +0100 Subject: [PATCH 09/18] remove old desktop VM-starters --- lmn-client.yml | 25 +++++++++++++++++++++++++ roles/lmn_vm/tasks/main.yml | 9 +++++++++ 2 files changed, 34 insertions(+) diff --git a/lmn-client.yml b/lmn-client.yml index 41ade4d..8303300 100644 --- a/lmn-client.yml +++ b/lmn-client.yml @@ -197,6 +197,16 @@ enabled: false when: rmlpr.stat.exists + - name: check if vmimage-torrent.service is installed + stat: path=/etc/systemd/system/vmimage-torrent.service + register: vmimagetorrent + + - name: disable vmimage-torrent.service + systemd: + name: vmimage-torrent.service + enabled: false + when: vmimagetorrent.stat.exists + - name: Remove deprecated files and directories file: path: "{{ item }}" @@ -209,6 +219,21 @@ - /etc/sudoers.d/90-lmn-sudotools - /etc/systemd/system/rmlpr.service - /etc/systemd/system/rmlpr.timer + - /usr/local/bin/sync-vm.sh + - /usr/local/bin/run-vm.sh + - /usr/local/bin/rebase-vm.sh + - /usr/local/bin/create-vm.sh + - /usr/local/bin/upload-vm.sh + - /usr/local/bin/vmimage-torrent + - /etc/systemd/system/vmimage-torrent.service + - /usr/local/bin/linbo-torrenthelper.sh + - /usr/local/bin/link-images.sh + - /usr/local/bin/start-virtiofsd.sh + - /etc/sudoers.d/90-lmn-upload-vm + - /etc/sudoers.d/90-lmn-sync-vm + - /etc/sudoers.d/90-lmn-startvirtiofsd + - /etc/sudoers.d/90-lmn-link-images + - /etc/rsync.secret ## bookworm fixes/hacks: - name: Work around sddm hang on shutdown diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml index 893e8fd..3227054 100644 --- a/roles/lmn_vm/tasks/main.yml +++ b/roles/lmn_vm/tasks/main.yml @@ -260,6 +260,15 @@ dest: /etc/xdg/menus/applications-merged/ notify: Run update-desktop-database +- name: check if sync.desktop is installed + stat: path=/usr/local/share/applications/sync.desktop + register: syncdesktop + +- name: remove deprecated desktop-files + ansible.builtin.shell: rm -f /usr/local/share/applications/*.desktop + when: not syncdesktop.stat.exists + notify: Run update-desktop-database + - name: Copy initial sync starter ansible.builtin.copy: src: sync.desktop From a410f4528c4b231d5d0e928cf2475d24906dda1b Mon Sep 17 00:00:00 2001 From: Raphael Dannecker Date: Thu, 1 Feb 2024 08:13:27 +0100 Subject: [PATCH 10/18] 2nd nic for TIA-VM (--bridge Option in vm-start) --- roles/lmn_vm/files/vm-run | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/roles/lmn_vm/files/vm-run b/roles/lmn_vm/files/vm-run index eef1010..293ed4f 100755 --- a/roles/lmn_vm/files/vm-run +++ b/roles/lmn_vm/files/vm-run @@ -16,6 +16,7 @@ options: --cpu num number of CPUs --os OS operating system (win10|linux|..) --data-disk size additional data-disk + --bridge virbrX additional network interface on bridge virbrX --options options additional options for virt-install command EOF } @@ -109,7 +110,7 @@ LIBVIRTOPTS="" source /etc/lmn/vm.conf -TEMP=$(getopt -o no:ps --long new,options:,persistent:,system,memory:,data-disk:,cpu:,os:,help -n $0 -- "$@") +TEMP=$(getopt -o no:ps --long new,options:,persistent:,system,memory:,data-disk:,cpu:,bridge:,os:,help -n $0 -- "$@") if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi eval set -- "$TEMP" @@ -145,6 +146,12 @@ while true; do LIBVIRTOPTS="${LIBVIRTOPTS} --vcpu $2" shift 2 ;; + --bridge ) + if ip link | grep $2; then + LIBVIRTOPTS="${LIBVIRTOPTS} --network=bridge=$2,model.type=virtio" + fi + shift 2 + ;; --os ) LIBVIRTOSINFO=$2 shift 2 @@ -191,11 +198,6 @@ if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then # finally, create the new vm - if ip link | grep virbr1; then - LIBVIRTOPTS="${LIBVIRTOPTS} --network=bridge=virbr1,model.type=virtio" - fi - - # TODO # # find macvtap interface MAC address: # MAC="$(ip link | grep -A1 "vm-macvtap" | @@ -209,9 +211,10 @@ if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then --clock hpet_present=yes \ --features hyperv.synic.state=on,xpath1.set=./hyperv/vpindex/@state=on \ --memorybacking source.type=memfd,access.mode=shared \ - --disk "${VM_DIR}/${VM_NAME}-clone.qcow2" \ + --disk "${VM_DIR}/${VM_NAME}-clone.qcow2",driver.discard=unmap,target.bus=scsi,cache=writeback \ --network=bridge=virbr0,model.type=virtio \ --filesystem driver.type=virtiofs,accessmode=passthrough,target.dir=virtiofs,xpath1.set=./source/@socket="/run/user/${UID}/virtiofs-${VM_NAME}.sock" \ + --controller type=scsi,model=virtio-scsi \ --check path_in_use=off \ --connect="${QEMU}" \ --noautoconsole \ From 89f851bc735ea327704d4fb1093a806d77700853 Mon Sep 17 00:00:00 2001 From: Raphael Dannecker Date: Thu, 1 Feb 2024 09:08:33 +0100 Subject: [PATCH 11/18] vm cpu utilization optimized --- roles/lmn_vm/files/vm-run | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/lmn_vm/files/vm-run b/roles/lmn_vm/files/vm-run index 293ed4f..4934797 100755 --- a/roles/lmn_vm/files/vm-run +++ b/roles/lmn_vm/files/vm-run @@ -208,8 +208,8 @@ if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then --osinfo "${LIBVIRTOSINFO}" \ --name "${VM_NAME}-clone" \ --import \ - --clock hpet_present=yes \ - --features hyperv.synic.state=on,xpath1.set=./hyperv/vpindex/@state=on \ + --clock hpet_present=yes,hypervclock_present=yes \ + --features hyperv.synic.state=on,xpath1.set=./hyperv/vpindex/@state=on,xpath2.set=./hyperv/stimer/@state=on \ --memorybacking source.type=memfd,access.mode=shared \ --disk "${VM_DIR}/${VM_NAME}-clone.qcow2",driver.discard=unmap,target.bus=scsi,cache=writeback \ --network=bridge=virbr0,model.type=virtio \ From ccec0f7feac8e857106eff23294542e833f34c16 Mon Sep 17 00:00:00 2001 From: Raphael Dannecker Date: Thu, 1 Feb 2024 15:01:59 +0100 Subject: [PATCH 12/18] fix owner of starters --- roles/lmn_vm/files/desktop-sync | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/lmn_vm/files/desktop-sync b/roles/lmn_vm/files/desktop-sync index 4967e49..580d43c 100644 --- a/roles/lmn_vm/files/desktop-sync +++ b/roles/lmn_vm/files/desktop-sync @@ -5,8 +5,9 @@ set -eu source /etc/lmn/vm.conf -RSYNC_COMMAND=$(rsync -ai --delete --exclude=mimeinfo.cache "${DESKTOPSTARTERDIR}" \ - /usr/local/share/applications/ | sed '/ \.\//d') +RSYNC_COMMAND=$(rsync -ai --delete --exclude=mimeinfo.cache \ + --chown=root:root --chmod=F644,D755 "${DESKTOPSTARTERDIR}" \ + /usr/local/share/applications/ | sed '/ \.\//d') if [[ $? -eq 0 ]] && [[ -n "${RSYNC_COMMAND}" ]]; then echo "${RSYNC_COMMAND}" update-desktop-database /usr/local/share/applications From 202ca254660b8c1383ce178766bf95607c9956da Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Fri, 2 Feb 2024 19:05:34 +0100 Subject: [PATCH 13/18] Improve emitter logic: Only run upgrade tasks if full run not needed. If a machine's timestamp is older than the date of the last git commit, do a full ansible run. If the time stamp is older than the trigger time (given as argument to 'emitter') but younger than the latest git commit, run only the upgrade tasks. A single outdated machine triggers the full run for all machines in the list. --- lmn-client.yml | 6 ++++-- tools/emitter | 42 ++++++++++++++++++++++++++++++------------ 2 files changed, 34 insertions(+), 14 deletions(-) diff --git a/lmn-client.yml b/lmn-client.yml index 100a088..4407a8c 100644 --- a/lmn-client.yml +++ b/lmn-client.yml @@ -74,7 +74,8 @@ roles: - lmn_network - - up2date_debian + - role: up2date_debian + tags: upgrade - lmn_sssd - lmn_mount - lmn_kde @@ -85,9 +86,10 @@ - lmn_security tasks: - - name: Timestamp successfull ansible run + - name: Timestamp successfull run ansible.builtin.shell: date --iso-8601=seconds >> /root/.ansible/stamps changed_when: False + tags: upgrade ## Temporary fixes and quirks: - name: Fix 8086:4909 external graphics card diff --git a/tools/emitter b/tools/emitter index aafbd7a..a7fdd82 100755 --- a/tools/emitter +++ b/tools/emitter @@ -1,4 +1,9 @@ #!/usr/bin/bash +# +# Run ansible on all hosts older than the latest git commit. +# Use argument "$(date)" to update all machines independent +# of the last ansible run. +# set -eu ## maximal age of file in minutes: @@ -11,27 +16,36 @@ debug=false ## date of latest git commit in ansible repository: git_date="$(date --iso-8601=seconds --date="$(git log --date=iso-strict | \ head -3 | sed -nE "s/^Date:\s+(.+)$/\1/p")")" - echo "Latest commit in git at: $git_date." + +if [[ $# = 0 ]] ; then + timestamp="$git_date" +else + timestamp="$(date --iso-8601=seconds --date="$1")" +fi +echo "Time stamp at: $timestamp." + #dir="$(mktemp -d)" dir="/tmp/emitter" mkdir -vp "$dir" -touch "$dir/${git_date//T*/}" +touch "$dir/${timestamp//T*/}" hlist="" n=0 running=0 +ansible_arg="" find_outdated(){ hlist="" n=0 running=0 + ansible_arg="--tags=upgrade" while IFS= read -r -d '' file ; do running=$(( running + 1 )) $debug && echo -n "Processing host '$file' with IP address " d="$(sed -nE "s/^2\s+(\S.+)$/\1/p" "$file")" if [[ -z "$d" ]] || \ - [[ $(date --date="$d" +%s) -lt $(date --date="$git_date" +%s) ]] ; then + [[ $(date --date="$d" +%s) -lt $(date --date="$timestamp" +%s) ]] ; then r='([0-9]{1,3}\.){3}[0-9]{1,3}' ipa="$(sed -nE "s/^3\s+default via.+ src ($r) metric.+/\1/p" "$file")" if [[ -z "$ipa" ]] ; then @@ -39,29 +53,33 @@ find_outdated(){ ipa="$(sed -nE "s|^.+default via.+ src ($r) metric.+|\1|p" "$file" | head -1)" fi $debug && echo "'$ipa'." - if ! grep -q "$ipa" "$dir/${git_date//T*/}" ; then - echo "$ipa" >> "$dir/${git_date//T*/}" + if ! grep -q "$ipa" "$dir/${timestamp//T*/}" ; then + echo "$ipa" >> "$dir/${timestamp//T*/}" hlist="$hlist,$ipa" n=$(( n + 1 )) + if [[ $(date --date="$d" +%s) -lt $(date --date="$git_date" +%s) ]] ; then + ## ansible run needed at least on one machine, run it on all: + echo "Triggering full ansible run!" + ansible_arg="" + fi else $debug && echo "Host already processed before." fi fi done < <(find "$logdir" -maxdepth 1 -type f -mmin -$age -print0) - hlist="${hlist//^,/}" + hlist="${hlist#,}" echo -n "Running hosts: $running, to be upgraded: $n. " } run_ansible(){ local hsts="$1" if [[ -n "$hsts" ]] ; then - if ! echo | ANSIBLE_RETRY_FILES_ENABLED=1 \ - ANSIBLE_RETRY_FILES_SAVE_PATH="$dir" \ - ansible-playbook --vault-password-file ~/.vaultpwd \ - -bi inventory.yml "$pbook.yml" -l "$hsts" ; then + if ! echo | eval ANSIBLE_RETRY_FILES_ENABLED=1 ANSIBLE_RETRY_FILES_SAVE_PATH="$dir" \ + ansible-playbook --vault-password-file ~/.vaultpwd \ + -bi inventory.yml "$pbook.yml" "$ansible_arg" -l "$hsts" ; then while IFS= read -r ipa ; do - sed -i "/$ipa/d" "$dir/${git_date//T*/}" - echo "IP address '$ipa' removed from '$dir/${git_date//T*/}'." + sed -i "/$ipa/d" "$dir/${timestamp//T*/}" + echo "IP address '$ipa' removed from '$dir/${timestamp//T*/}'." done < "$dir/$pbook.retry" fi fi From 9590af9ba2b7ef7731d68805fb2a8947898ab094 Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Fri, 2 Feb 2024 19:29:27 +0100 Subject: [PATCH 14/18] Minor fixes and improvements. --- inventory.yml | 226 +++++++++++++++++----------------- roles/lmn_fvs/tasks/main.yml | 1 + roles/lmn_vm/files/vm-netboot | 1 + 3 files changed, 115 insertions(+), 113 deletions(-) diff --git a/inventory.yml b/inventory.yml index 7313a3a..8bf7724 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,114 +1,114 @@ $ANSIBLE_VAULT;1.1;AES256 -66633761313137346437356436366332303964316235643665363338323632656562336339326565 -6163373036366531373930326330303835663534316466660a393631653931333335306437313436 -31333364363064303365336138663439656630666565636532666132316633666633396338623537 -6465376331623462390a636563663661326530646237353239636630316634366238646530323462 -33633564613565333039663662353835366439303164633338366139343165626333323836613533 -36306133616634303961373035336239643866306539366138346663396265303662353765636330 -34363734303062363733663265616363626136373338326134306434323766393339393237393836 -63303336636264656435393261303965363639633932326130666232353265633661636339316334 -39626232346466313831643034643761313137373739653330386233343836636430626462636135 -62386263343131326439373163393230393732663862333530313533616537376133373032626466 -37613031633765303466363661643132656437356434383364323432636439323832346233363638 -33383234373935616166383237633434333639613936363231313732626562623834626462316531 -61356432643362646439636634393662353739376363623130646333326435336564383461323932 -64666331643462303262353064396437356262303232616164646136393638386565303438383664 -30646562383563323735623266386239643038393531366364386235663534363736653935316161 -32323533393465303830343131623365316466366130363233626535396331393034623363623632 -31303731346261666538306361356335336162356361376366653662383839333039323132336538 -66623230373065353137356132653132343866663165663732356338326634616530333661643836 -36633336383134313931663061653635366333633663343763383730333134323538313933343536 -39616635393132666535653339656363613431373461316263306130653530343638653562623866 -32613430643437636261313662306636656661313633383833646164306566303362373338643331 -39626232306465323239326561633135303163656539643036313939356666343564376264643434 -31343434303665323330343061353535306536653266393563643033323463323031386266303363 -64313439306139616438633462613239663566346263393431656230623766346539653134666166 -38656536303765393938333965373437633238623461326632613865636564373435333234383338 -66366234303731343233363730393939313536646531313435353065373466326665373133343331 -66313239636562666634366338663937333636326534346561653132633334323937333162336364 -31316364656166343931383039343638623138373639653263373635363031373731353735393563 -37303731643536363630363961343633313739393237336261653262336161666138343336343438 -63393166396462616562386265363263336337633837663562313338626365383063356331343061 -36646265633364366234333338616161363738653561663565626463356434343663363135623931 -62346338643462373636623235393739323964666138626464383161653638393532626465346234 -66393730633635643962353139616465623236313135346131333139396264313134653762316165 -63313830396130343439613961353836383737613566376333306263343061616663623135393935 -38656138633263383734303133393132366534666638623566633566623530666630656462386565 -33633961633261666538653535323465376437666337653931663361306466626465306233353964 -63336662326634386538353464373435373262626137626462613863346539333464656538373363 -36386338326630666563323034393762303035393538623032646565323432316364333362333739 -64666235346130373562666564663834386238636132343730326631393938643530616437393938 -35616137626632613537333965393537643833303139363034303266643165333234353431316133 -63656433643137383966333531623038366164656533643835616564343736366234353862636434 -66643066663061366132373735316563356532643639343563393662396330376239373664383637 -63353235343661346238353133613834623130653861343331386539336361623762393531303533 -34633932616535356130396263333664393836386531383531313836363134326665386333616636 -35643564353639656431343139323264323936346336656163383836356662336337326562626336 -31373938613537636335393863373366323430623365373137323539353435633931383866313863 -34613661613235323733393461356161303134386332323031626635666238336337643466326666 -61353363353536376538323032386462323531626539363066636435633733356132353930653363 -64626238636364323034623761306639393939653038366537633939626236383162616162663136 -38363439656435633761376462663165613365373664333733316339326435316231633930366236 -39343934343337663938363234343838366263623436373230323365346635313435343733346635 -61633066663134396134333664376365353431663331383362316538343135626564313561393839 -62353737333163376234383561666231666537386565356133303339363937316534363265346464 -39393432666563386636653563366232316638393237393434346235613264353764633037363163 -39393865333734323139333865393363633636343931633832386364353766376161306639336134 -30386239373231616139346439353233613630376230373264343064383036323161386365396234 -64666337336230343662383863323062323733303535663935376532323336643262373437613834 -35313962636531643435373362393063616230613964383839383138653131626363363236376438 -35313131393831623966666132626661636339303761616265316232363039363036343263346565 -31633737653432323431376134393765643234343461376465643831303666643931653963346365 -62323530633332613266383133663961356332356637636261373666663565633732363465393462 -37376564636463643930373062343763353764353835346134313865353236373835323235383561 -65613038663538396463343863633033313632666131323535316136656261366637326131356230 -61383238376433373166396132346265623034666231346261623064383539623539343665336239 -33386536336363383134663432626139616532353335383431336635396531333833326137353662 -36373866393533663934363861303464313137626337623065613033666430366138363662623862 -35303734333936656163353962313566353337396661623861336134643231363532303939623335 -39376332386635326537633431313562376336626334333534646537613036326136386339333934 -36323865633362646662306438303632616166663462356661336262386461393933363433343231 -38613932663836633866396364326538303839613163633632653865643334343331663561353334 -38386365303433626530626233666632326632616332653465613933313865333134613932663362 -32386161346333653732366138666263666637623131393936396535333064313166656262613339 -37346162353866643131363530656236323535663732363134333931373736663432363861613063 -66633537353461383131653735343663613630323063393162656433303831303862323335626366 -39373664666431363462373634613636653033386463373537323461613730363031386463633030 -37616362353433376561343863393361353533356438313061653664366661373238656261336437 -32616536656464396563633164323239616265366233626432613331383839663230623662376131 -62326633646665303635653739643239323763343839663864663336386261316639633737396264 -66623635393137346133303764613138356561636134343566613366666365303762313639626666 -62633834383662336561396661343634376438666264653135393761356339366264356639653065 -35616235303063623263363730393137396139336532363262393338373937613964396161333331 -61323339636163613238353662333637383064343665386334643566393066356165323637306135 -36666538346232313637333066356636303434373731383338653762646433633637373630353339 -32353464326637393639643631623837346661653464633164653930666338306363313434653832 -62353536343764623430616163613663323934616331313433643039383966316437653033343962 -33323062346233343730643436373936626535653433323432643235623966623434613365343238 -34643163333232393333663134656364306562303964636631396463663432633964303862643635 -61386461306266626338613533646164356237343862353366663138326163613162303234386134 -65363737323930303537623134636266346330363437383434373664323536303433346536333736 -32626332343730353934356633353831656436353131326264333538643461323631633436636335 -62313738613661383238636237613034373930343964353030353434356361646138653537386237 -39393236383131616234366466393863313133666366383361306631636334316633313834633539 -64346364663862663935663037326664343133333765333437336131393961643139313436343733 -61633937343465336332376636313364383336616461346566333734633062643532333262363566 -32336334633833663733623132363737383232633231636438636264653635306634383465306630 -35613136666135313065613062616535353333353662633961343334336137616464616262316133 -31363661386536383833616435316466646639636238346365363461343137303836313766393966 -34353436636565623739656136386236383461666461653032386664616563303766663635653866 -31326537343330323931343163326630333335366437373363653436363438356365363965326237 -33343365633837393831303266376634333961333231663937656662343963643433366665643433 -39366430386134356332393665646563363537663132333937643762366334383931633637663730 -32623037353332333663613331376562616130656265623863326534376335303530386564313763 -65633732393936386133313863393664303530393761336661623732633661663465393130356333 -36343932396431653566626430643062323233613933383465656335633066636166376561656339 -38333233633765363833343734323264363265643464343765653032383330393739373433323738 -31613166633865333764633562663162326534623236633435663038333765306638643930663638 -36373065636331643338343931343964643766373764363737333831363061336262353662656537 -38306539376665346461646233383761383764366432636138663936366434396664303661356433 -34333734356661366637643034656331396164353233303739306161633236333965313161623763 -65613637346235653431633537666431323930666231363038316632633935326233303861383961 -37363039373539666237323466303264613839366239386337303036313732613034663762666337 -33346261383261363566313333666130393463623062343030623338373261646537316137623163 -3065 +63326664303233663339656463343839323837366433383038373332373536613038333538393534 +6536636139316238653431303736363333303465326631390a386434326334313338323863383262 +30623931313333396335306466393138646530313239396437313133383563373739616537616265 +3938613532643835650a333030633265356261653161636333613331356166373036363266653937 +35383434386263326539613165366538366465396135636562353462356633326139353862326163 +33393931353034306265663139663535333564653365623661323534663734356264633162623963 +66313162653131633465616536353832326165373431396334336231356165376533653632623032 +35313036653036653530313636396632656562366335646536643433373030643762636463333037 +31303462306333356537386130613634383364663832316163323834356266326363656364343264 +38386564356331316666306361653662393633343264323330303930356236336333323564303366 +64376439396539366561626335313138313132386666396564343133376362633634393837613065 +61343135363963633932373235393962316362613233653539666535343535323130376461626664 +37346536336166373134383263333337353435373139366135663364333162383266393635653838 +37616363373532313339646530616339643230613261633830656234663862356162323466333238 +65363761323339363030313565656436643439653933666230343430633032616362663930373161 +63346439333961613535643630363261376436636565313463653632303763613366646164653561 +66313962633238633537636261353366313939316530356132383132333162316262393365373265 +34353733386232396466353865653364633865616130633361383537303333643030643338613766 +34646539633732393137623335323937343834636361643331343131323834363336653864306232 +34353239396263633564326234366638333439353830396537626663363231373733653663376639 +33376336643931666661336234646635386332646634346264656466333130666238626662373134 +36376333376165663565363864393637666661316136383964646331353239396632653330326632 +64653430323332353565336463363463356439386630623066313434353865363863343965366134 +64376236646532656135306265333238636564663738353131366362366164313639393534653934 +39333464653661303764353764653765373862653535323933353532366233626337616334316161 +34353138356361373865386431623230623138646163343664373935633038306333643831653638 +30663537643566393762323765663437353236653162613535643165376231333866303363326130 +65626534316331616136343439366432343734616537363966316438663839643661613563346237 +33386532643661613663623830346634376338663763373931386435343335613838303337313633 +32626635626261636661313134366464643763326162663736346137623765346562393339336132 +66313961396534636166386463663363616163643230383165653864393566353863313135363962 +38626161313164666461323431376635363461393031353234646330643235386232356439333661 +35646561373638306362623061303537316463363962376632643736656562376437376533313464 +35613465666639353936323932393039616630396530663135336334613038326365313637626437 +32663666643562386430393039336463353863653431326263613032353761343865326234336637 +39646134353439386630386635626365353434353065336334653238346532623563663637623162 +37386332383439353436653630393534353963363765646332356135623537653738373835653766 +31313965643134303565336437653665303430653531373164366261333532396662343261363230 +62333661353461643362656639303334313038623561306639383266363365656239356665613766 +39643334656166643162303362626665663633343030626237313930613065636162623937643332 +65663836376435666433306434376332363364393866633832343236363434343363306230336663 +65313363303335353966366132343530373966623036343936346537613666306466303762383234 +39656430333837636231336462636535343464386633656633353838633865323535303230303839 +35326165353038373238346230396137386132336566346539373064313637616136623262306162 +32303237653461653230383766306134393834376566333062353732373831393665663831616235 +64366331363861646363383131313534303965393165646130336561396430323366646538363034 +32363536323135346438353932326565306262666666363735393735613463376435343135653831 +36386237626364613239616263313037663730333734396339313034333036656330323033636162 +61656161633262393535396464656164313365306131313062316266326461303162376633383863 +37643164656136366237343539643638396564303633316633656338383731393132656638653339 +35653035643861646137616363383230623466396536393430373865306136303635346535623837 +32653462616436343639633033326465346365386463643232616531383761303738353037396663 +62613962393836663832333466363066613863663163613937643334646661663937373331306364 +66666538633634383961316532313238343637383532376436643738303932383465303631393836 +31643135356332666530313633656633323561353139656566306666613534376666353233633932 +35653436663461616331313037363031366563643433373365663663613936643030663463333639 +65353062303161363466336366323531646437616238643561326533376161383137383930333066 +37643330656162333538323866313232396666323565623836393033306331366330303831626433 +62346164663864363533646366643662386161343033396438353533386266393230323538663962 +66663730616361393364643565616538636633333230636266663864306539616165663265343432 +66373537313837316366363061343233353932393337393133646565653834656363323164313331 +63663639663434643734343461316430613139303761383638653633306430353162306539636533 +35623661333939633436393934663066386438313539643163376234653135313865323636653261 +39643662356562343239373265386666636166663335663331623663303136393930663866333365 +33363934646564333532383666356236383032386366313764346263623864373737303965333236 +39333234613535353062663233373565336335333662313631613861306430343437396366646631 +64656337373230633036623131303433353138336536613233316535353637386461663632636238 +30656663633931373730366163323431656361326635346265386137623565666161613931366137 +32366539613863613561313164363339313635336365613133613139396665356234663739316666 +34353638616331326663613134663135363037306662666162346566623832646338393530396636 +39353162323332373235633031366439303962343139646134653630626362396465373133636462 +32613632616264333833656133326339643461373534396439666164303538323531383231376334 +39633931323963646632653136323766343565653066353764346466356335646434373562363562 +62623530376435363838663663616161343161646566373364393836346137373134323236613966 +64636431346131363839386265633330366464643062356631366336343738633837343966386264 +32313537373638393961396365663337636233303031646439313337353532336565363661643361 +63613131356265643662646535633862303537656664343931363265653732633633653534353235 +61383861333561356666356537366436663633316666323137366266666562366430666461313961 +39363332356361646339396663613836323133623763663939613737323962383633333330666266 +39396363643132323262643831623430313735666365336566306266323632363238646339333832 +32613161373034633065313036346562656237633264653535663666393538343166613561626432 +65656464393939393333373430353233613566626430646431356339316133633830353566616339 +31336366356638393462623835376235613137646338396331643937303362323331643164626632 +66386438303433303932663064623735653035316435633639643464343465346164306635323130 +61383361616366343534366336386337346233653866633339646566346538393762333835396661 +66343164353636623637373630323838333531346566323532386338646538323833616439346433 +35316566383333353537613765326665336136396564326661633933306237376433353138636461 +38633164646534616265356231626166636134323662323232393630326531313266383064313564 +32383165393038663236353331393163396465616536343463336132663835626662623831323034 +38346639373261396161623861386565336136363635356530366166643639613565376362666338 +31616136353733373931376166653432323566613335653964303536363662393261306633656131 +62343332386638643634656665636233616635656637353531393461636239343664343066613763 +65633836346238626339313164383036626264376265633638383732326338323432353837306638 +63666266326665313065636139613538313536366639373330636530343237653438343763346332 +64313735633132636239643236626439613833373861363433643434666535326337303266383232 +31613361643935383961376461663338313263303865346332313934666639646633353233376537 +65336538353263376530373734663336353638313136656430653537663135663266656365343666 +31393264393831366536376565356463653635333037373266613436653934643231656165383163 +35613837633633623031326631393233613836313039326236363061353536356132373534373165 +30346361323637656439633562373532653465636636373361663830306139323365303433656235 +61393364663937366464373734663734653134356665616532646530386666393734376536643630 +39326636386166376134336666363234306262666632626663656462343664393365366130393731 +30343165353035333066633564613061393631323034623561636532346564356339373466643666 +66666565626539383936346331383133323663666133333235393134353465643863356337656662 +35323165393033616135376662393463313639653866393366653932323963386263613733646565 +65643961643130633666666663613131356630303566386334633763356664383662353731346563 +35333536636165343936613463653663306639343436626265393065653036353064363861623037 +65386635663933633137303765326665353462633762393130343233316533373438373837393066 +66633965333762383437353937656265373639306534323139643630626363623165323664633963 +61613936303463356164333164623437626434303066313633303135316138663137306564656462 +65366236636664653330326132376464653161633166363963383961636635663365306464333634 +64663234306565336461393539363465353734646533393930636130363234316335376531666362 +3239 diff --git a/roles/lmn_fvs/tasks/main.yml b/roles/lmn_fvs/tasks/main.yml index afffe10..cf5d2e4 100644 --- a/roles/lmn_fvs/tasks/main.yml +++ b/roles/lmn_fvs/tasks/main.yml @@ -53,6 +53,7 @@ - shellcheck - sigrok - sigrok-cli + - texlive-latex-recommended - tmux - tree - ttf-mscorefonts-installer diff --git a/roles/lmn_vm/files/vm-netboot b/roles/lmn_vm/files/vm-netboot index dbb13bd..723b366 100755 --- a/roles/lmn_vm/files/vm-netboot +++ b/roles/lmn_vm/files/vm-netboot @@ -54,6 +54,7 @@ http_proxy='' XDG_CONFIG_HOME="/tmp/${UID}/.config" \ --name "$img" \ --osinfo debiantesting \ --nodisks --import --noreboot --transient \ + --controller type=scsi,model=virtio-scsi \ --install kernel="$kernel",initrd="$initrd",kernel_args="${kargs[*]}" \ --network "type=$type" "${arg[@]}" From 1e91e30a3f909410cf0f10880f763f2f4767420e Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Sun, 4 Feb 2024 10:07:45 +0100 Subject: [PATCH 15/18] Add RAM option to allow exploring DHCP. --- roles/lmn_vm/files/vm-netboot | 42 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/lmn_vm/files/vm-netboot b/roles/lmn_vm/files/vm-netboot index 723b366..35549ba 100755 --- a/roles/lmn_vm/files/vm-netboot +++ b/roles/lmn_vm/files/vm-netboot @@ -4,18 +4,15 @@ # set -eu -menu=(standard "CLI Standard Debian GNU/Linux" - kde-desktop "KDE Plasma Desktop Debian GNU/Linux" - gnome-desktop "Gnome Desktop Debian GNU/Linux") +menu=(standard "CLI Standard Debian GNU/Linux NFS" + standard-ram "CLI Standard Debian GNU/Linux RAM" + kde-desktop "KDE Plasma Desktop Debian GNU/Linux NFS" + gnome-desktop "Gnome Desktop Debian GNU/Linux NFS") img=$(dialog --clear --backtitle "Virtual Machine Chooser" \ --title "Choose the Virtual Machine to Start" \ - --menu "Start VM:" 12 60 6 \ - "${menu[@]}" 2>&1 >/dev/tty) + --menu "Start VM:" 12 70 6 "${menu[@]}" 2>&1 >/dev/tty) -if [[ -z $img ]] ; then - echo "Starting VM canceled." - exit 1 -fi +## If the menu is canceled, $0 stops here because of set -e mac="$(ip link | grep -A1 "vm-macvtap" | \ sed -nE "s%\s+link/ether ([[:xdigit:]:]{17}) .+%\1%p")" @@ -31,24 +28,27 @@ fi kernel="http://livebox/d-i/n-live/$img/live/vmlinuz" initrd="http://livebox/d-i/n-live/$img/live/initrd.img" -kargs=(boot=live components splash locales=de_DE.UTF-8 keyboard-layouts=de \ - swap=true live-config.timezone=Europe/Berlin netboot=nfs \ - "nfsroot=10.190.1.2:/srv/nfs/debian-live/$img/") +kargs=(boot=live components splash locales=de_DE.UTF-8 keyboard-layouts=de + swap=true live-config.timezone=Europe/Berlin) + +case "$img" in + standard*) + arg+=(--autoconsole=text) + kargs+=(console=ttyS0) + ;;& + *-ram) + kargs+=("fetch=http://10.190.1.2/d-i/n-live/${img%-ram}/live/filesystem.squashfs") + ;; + *) + kargs+=(netboot=nfs "nfsroot=10.190.1.2:/srv/nfs/debian-live/$img/") + ;; +esac type="ethernet,mac=${mac},target.dev=vm-macvtap,xpath1.set=./target/@managed=no" ## FIXME: use passt, needs more settings for correct DNS/gateway # type=user,xpath1.create=./backend,xpath2.set=./backend/@type=passt,xpath3.create=./ip,xpath4.set=./ip/@family=ipv4,xpath5.set=./ip/@address=172.16.1.1,xpath6.set=./ip/@prefix=24,xpath7.create=./portForward,xpath8.set=./portForward/@proto=tcp,xpath9.set=./portForward/range/@start=2001,xpath10.set=./portForward/range/@end=2500,xpath11.set=./portForward/range/@to=1 -case "$img" in - standard) - arg+=("--autoconsole=text") - kargs+=("console=ttyS0") - ;; - *) - ;; -esac - http_proxy='' XDG_CONFIG_HOME="/tmp/${UID}/.config" \ exec virt-install \ --name "$img" \ From 191948cf8a8b4115876d07a236734a7b20d83c4c Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Sun, 4 Feb 2024 20:10:46 +0100 Subject: [PATCH 16/18] Enable proposed-updates repository for some hosts. This makes stepwise upgrades and testing on parts of the infrastructure possible. --- inventory.yml | 227 ++++++++++++++++--------------- roles/lmn_network/tasks/main.yml | 9 ++ roles/lmn_sssd/tasks/main.yml | 6 +- 3 files changed, 126 insertions(+), 116 deletions(-) diff --git a/inventory.yml b/inventory.yml index 8bf7724..0dcc8e3 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,114 +1,115 @@ $ANSIBLE_VAULT;1.1;AES256 -63326664303233663339656463343839323837366433383038373332373536613038333538393534 -6536636139316238653431303736363333303465326631390a386434326334313338323863383262 -30623931313333396335306466393138646530313239396437313133383563373739616537616265 -3938613532643835650a333030633265356261653161636333613331356166373036363266653937 -35383434386263326539613165366538366465396135636562353462356633326139353862326163 -33393931353034306265663139663535333564653365623661323534663734356264633162623963 -66313162653131633465616536353832326165373431396334336231356165376533653632623032 -35313036653036653530313636396632656562366335646536643433373030643762636463333037 -31303462306333356537386130613634383364663832316163323834356266326363656364343264 -38386564356331316666306361653662393633343264323330303930356236336333323564303366 -64376439396539366561626335313138313132386666396564343133376362633634393837613065 -61343135363963633932373235393962316362613233653539666535343535323130376461626664 -37346536336166373134383263333337353435373139366135663364333162383266393635653838 -37616363373532313339646530616339643230613261633830656234663862356162323466333238 -65363761323339363030313565656436643439653933666230343430633032616362663930373161 -63346439333961613535643630363261376436636565313463653632303763613366646164653561 -66313962633238633537636261353366313939316530356132383132333162316262393365373265 -34353733386232396466353865653364633865616130633361383537303333643030643338613766 -34646539633732393137623335323937343834636361643331343131323834363336653864306232 -34353239396263633564326234366638333439353830396537626663363231373733653663376639 -33376336643931666661336234646635386332646634346264656466333130666238626662373134 -36376333376165663565363864393637666661316136383964646331353239396632653330326632 -64653430323332353565336463363463356439386630623066313434353865363863343965366134 -64376236646532656135306265333238636564663738353131366362366164313639393534653934 -39333464653661303764353764653765373862653535323933353532366233626337616334316161 -34353138356361373865386431623230623138646163343664373935633038306333643831653638 -30663537643566393762323765663437353236653162613535643165376231333866303363326130 -65626534316331616136343439366432343734616537363966316438663839643661613563346237 -33386532643661613663623830346634376338663763373931386435343335613838303337313633 -32626635626261636661313134366464643763326162663736346137623765346562393339336132 -66313961396534636166386463663363616163643230383165653864393566353863313135363962 -38626161313164666461323431376635363461393031353234646330643235386232356439333661 -35646561373638306362623061303537316463363962376632643736656562376437376533313464 -35613465666639353936323932393039616630396530663135336334613038326365313637626437 -32663666643562386430393039336463353863653431326263613032353761343865326234336637 -39646134353439386630386635626365353434353065336334653238346532623563663637623162 -37386332383439353436653630393534353963363765646332356135623537653738373835653766 -31313965643134303565336437653665303430653531373164366261333532396662343261363230 -62333661353461643362656639303334313038623561306639383266363365656239356665613766 -39643334656166643162303362626665663633343030626237313930613065636162623937643332 -65663836376435666433306434376332363364393866633832343236363434343363306230336663 -65313363303335353966366132343530373966623036343936346537613666306466303762383234 -39656430333837636231336462636535343464386633656633353838633865323535303230303839 -35326165353038373238346230396137386132336566346539373064313637616136623262306162 -32303237653461653230383766306134393834376566333062353732373831393665663831616235 -64366331363861646363383131313534303965393165646130336561396430323366646538363034 -32363536323135346438353932326565306262666666363735393735613463376435343135653831 -36386237626364613239616263313037663730333734396339313034333036656330323033636162 -61656161633262393535396464656164313365306131313062316266326461303162376633383863 -37643164656136366237343539643638396564303633316633656338383731393132656638653339 -35653035643861646137616363383230623466396536393430373865306136303635346535623837 -32653462616436343639633033326465346365386463643232616531383761303738353037396663 -62613962393836663832333466363066613863663163613937643334646661663937373331306364 -66666538633634383961316532313238343637383532376436643738303932383465303631393836 -31643135356332666530313633656633323561353139656566306666613534376666353233633932 -35653436663461616331313037363031366563643433373365663663613936643030663463333639 -65353062303161363466336366323531646437616238643561326533376161383137383930333066 -37643330656162333538323866313232396666323565623836393033306331366330303831626433 -62346164663864363533646366643662386161343033396438353533386266393230323538663962 -66663730616361393364643565616538636633333230636266663864306539616165663265343432 -66373537313837316366363061343233353932393337393133646565653834656363323164313331 -63663639663434643734343461316430613139303761383638653633306430353162306539636533 -35623661333939633436393934663066386438313539643163376234653135313865323636653261 -39643662356562343239373265386666636166663335663331623663303136393930663866333365 -33363934646564333532383666356236383032386366313764346263623864373737303965333236 -39333234613535353062663233373565336335333662313631613861306430343437396366646631 -64656337373230633036623131303433353138336536613233316535353637386461663632636238 -30656663633931373730366163323431656361326635346265386137623565666161613931366137 -32366539613863613561313164363339313635336365613133613139396665356234663739316666 -34353638616331326663613134663135363037306662666162346566623832646338393530396636 -39353162323332373235633031366439303962343139646134653630626362396465373133636462 -32613632616264333833656133326339643461373534396439666164303538323531383231376334 -39633931323963646632653136323766343565653066353764346466356335646434373562363562 -62623530376435363838663663616161343161646566373364393836346137373134323236613966 -64636431346131363839386265633330366464643062356631366336343738633837343966386264 -32313537373638393961396365663337636233303031646439313337353532336565363661643361 -63613131356265643662646535633862303537656664343931363265653732633633653534353235 -61383861333561356666356537366436663633316666323137366266666562366430666461313961 -39363332356361646339396663613836323133623763663939613737323962383633333330666266 -39396363643132323262643831623430313735666365336566306266323632363238646339333832 -32613161373034633065313036346562656237633264653535663666393538343166613561626432 -65656464393939393333373430353233613566626430646431356339316133633830353566616339 -31336366356638393462623835376235613137646338396331643937303362323331643164626632 -66386438303433303932663064623735653035316435633639643464343465346164306635323130 -61383361616366343534366336386337346233653866633339646566346538393762333835396661 -66343164353636623637373630323838333531346566323532386338646538323833616439346433 -35316566383333353537613765326665336136396564326661633933306237376433353138636461 -38633164646534616265356231626166636134323662323232393630326531313266383064313564 -32383165393038663236353331393163396465616536343463336132663835626662623831323034 -38346639373261396161623861386565336136363635356530366166643639613565376362666338 -31616136353733373931376166653432323566613335653964303536363662393261306633656131 -62343332386638643634656665636233616635656637353531393461636239343664343066613763 -65633836346238626339313164383036626264376265633638383732326338323432353837306638 -63666266326665313065636139613538313536366639373330636530343237653438343763346332 -64313735633132636239643236626439613833373861363433643434666535326337303266383232 -31613361643935383961376461663338313263303865346332313934666639646633353233376537 -65336538353263376530373734663336353638313136656430653537663135663266656365343666 -31393264393831366536376565356463653635333037373266613436653934643231656165383163 -35613837633633623031326631393233613836313039326236363061353536356132373534373165 -30346361323637656439633562373532653465636636373361663830306139323365303433656235 -61393364663937366464373734663734653134356665616532646530386666393734376536643630 -39326636386166376134336666363234306262666632626663656462343664393365366130393731 -30343165353035333066633564613061393631323034623561636532346564356339373466643666 -66666565626539383936346331383133323663666133333235393134353465643863356337656662 -35323165393033616135376662393463313639653866393366653932323963386263613733646565 -65643961643130633666666663613131356630303566386334633763356664383662353731346563 -35333536636165343936613463653663306639343436626265393065653036353064363861623037 -65386635663933633137303765326665353462633762393130343233316533373438373837393066 -66633965333762383437353937656265373639306534323139643630626363623165323664633963 -61613936303463356164333164623437626434303066313633303135316138663137306564656462 -65366236636664653330326132376464653161633166363963383961636635663365306464333634 -64663234306565336461393539363465353734646533393930636130363234316335376531666362 -3239 +32303461343633383666333339333262333762643838373665653431333135346363343062333463 +3130396663333866623733626265613433363133396561660a333266323331386662663066636466 +64376662306563333535313135343362646533623639316531636633323831343431396231333362 +6364656363346464310a313264656362376336626539643639386264326462356163363837646663 +33633330396639313339313137653039376261646237613931336133306238313565386232366236 +65346631646663633564343466353235626664653063373962306530613338653731666231663265 +37663766313736653562386366646162396437326439623134306466343535663964393636643561 +66613439323966313534303234663930643766386437376639653331643865326231306434373237 +34346139663262376162366565343765303538336532323937636335636437303066643437363838 +66373637313237666639653132316235633632616464656638666432653861316462376330666264 +63366330313962373237323831303235633963306433306262313036653834363863363735613931 +63376136333931646163393337333565383532303837613762383234356637346563613930303330 +65623635643961646161376137633736306262613665393763356538613530323436303164646461 +30663265363364313439356134376435656333636132623534313137393038343936633264366261 +34393761333431343331626165303638663035303831363962376434646635666439383964636534 +63343639343934663663663761616139336434656230376638383531343062623836363339653266 +35393536386436656130623734306330363161636234396464623936663335393561666234386464 +61373262373731613039663638386463383131393832373634336563383139616163363830316564 +33303762346534336431633663656335373237336433363065363337373730636336636563626634 +30653236363166616531393936333134383339303930613434313132323232393666643436373232 +39306132333866626635386134633133343862323338326138623230373239363963313963626534 +36646466623333323966306531656537376234353832333237613361623730363630623464613063 +61383633616366393939373062643637306636663965303235363936663361636165353063303864 +66623134363736323634333838633065616130333439626466666530383535363066336662363131 +65626438313563303261313434613639373438633166616533623739316239323661653461306364 +37383531626335353637333734343638613365656636313164626135303834626330333332643830 +62323566316662326161636134666563333135653934393761303062333763376139386135383264 +34333066366366306534343533623833666430636438623465396431623334323636396262373562 +33623239666431653030393766343436623863373435303863633735663065306666623634356335 +35306130616333306438323434616139316666633262346261633963623234633438393737323062 +39313062353336386339663735363363663932356238346439656635643734623431323433636165 +62356233383530346661613338353735623662643030303363396263373337383532636438343937 +36333664326263636331356536623036336566663963303165313665353532326239326266663232 +64386430383861653462643737636634653838333230653235356666633964376566623037636337 +37323536666531333835373034393438313031323931653633633365656331653038376537333139 +64393331386131366538383530366332376131373738353135616138643338613139643835396665 +36623331336331633961613831643834383332306135396633613135663131653035303966393461 +37306532353931336463376362316531383630373634663262313432386639646133633431363138 +35306331623337353234656236653263616161326565366537393535313234393236653233316532 +63636238393038646166663038636134653466633863313637643139383566376636363663663363 +39393564333431613664643937356364343564386563393661623563656531303539323062326237 +63653965313862373964363734653765343431373866643835663538356239656432646466393163 +35313130616138346563323937363266636236323063323233353761373332376234336266626462 +34323038303564336462323461336166313862316665363031356238616535656266326135396666 +61333962316331353638363939373532376438643638626162373836343838366435326237363362 +38653931623932313838613538356561636433313935323233633063656632376663323966663839 +37666332376266633865383161336638633363386238376363353935393236613266306138356338 +61643930646665313135656438386161663365613866353934386439356534333062363333306132 +61626234383234393332663765633136633063656130313538353564373836613462383362663230 +62376338646262303337333537653566636434636538646637356333663566396332366462303165 +31323835643033333965663036353561616566343237613830316462363264643865363361623464 +31613831363436666563636165383461386265663865623833373963383830343661656330376530 +39306231303661616437313333346630313536633637303862633437383231336436306132336138 +34623138376234653635353736653639393866356638663463303331313462353662613436333362 +63643265333237633366656462323063623537326230643531356363636539343139663636353663 +38323639393964383666646235353763643865366161363138643838343332623934343464353562 +39363534363238373131393663613330353563383131373831623630653164666130396436613765 +38616139646538633563313836656365326164306635313965303562383935343333323935666534 +38633534356332303030353430626331376438376339613430376132323235653033643431373135 +62326630663062303532636561313731346465313132366332356264333963643838386535393634 +62633265616436373134643339666339653661666164313266323838633661656565386461333866 +33393163303066353336326533373461363062306131613538636637623239323830313038313739 +64313164666165396134373863663533303861393136333735613339383763383862393837656435 +61373235326463306431386638383665616633623466353561613233316262356636663634663264 +65316437303363633335373838326632653264323430313866363435633938363936663430333562 +62393835346236663337313435343135303336326664343363623434326438333838633432326639 +62316636356465623235376236646430616530336662306137633137336461616331626366316166 +30376162623234346461396532656464386635333838313638393261653434646466383765346236 +63666538613866656237343631663935353139636435666338623966396161323966336266336665 +62613738346632376363353839373066613963353032643065356137656666653532656634323762 +64383263333264386233303861303439363936653538313761306665613836643263393035353638 +39316238623538633730643234313963643831363533643136313732326561373864303164653536 +64363636633764336362343566336232346666626461323833306339666431343761613562643835 +61376263396531343139323231303437386633663638323033346666386362366533633832393761 +61383731616339633162343231316461366636656463373565373635613036613963326538306433 +32396334616336356463313263336633643865356339373132356562303861363361346461663936 +35666436386130663161363364636365313234356235346230336664303536646632386630373834 +64623130323038663563636264633964613666333734386662326637626461656436336430396662 +32376263653331393833313666343261346136383534653832653366373561376166323463303735 +31366630373435663961353363656139303266353638376330666537353934383532376265313732 +62323665613763666639613038626566633763626162363034383034323335363331653064633865 +37303366383731306463643534626466643831363830346531623564353238323436353632383165 +31353835353439636538356166616231633831386261323966303663313333306165613265366635 +34656232386235623036396131616162663730333162383561326436623666626130323164376337 +65363133663332633832663936646130613762393464663835356661613232643665636537323937 +65653330303465376662623433363933333637613532333231393736343565643638653734346439 +31613433626362336637383261626163656630623061346235363063663961636530663032366533 +64353932663931396231643738393064616239363964303764636665333433616265333737333664 +39353231336266643536326462653533613330373062393964393766373966656133663135306462 +61353062326438366165373331653936313130656465313734356664643731333133306338626465 +39386664373064623837366162373033353333333338363230393262633130346636343939633536 +32316136373061396330623266633561623238623839626262623564656234643037303636616364 +37343337386464636633623563656436353761363363383138616362633631663335323830616566 +37333062663137643764323731303965666536326539393063633262383539343938326633666135 +38646631333463376339323865613938326530643836343763663435613234323562623830633266 +64363065376432623861313165353130383538323831663238363938386533633637626163616461 +62363662636431613964613761646434313034643830353331343737646266343233346337643364 +33346234616237303865613531656561343366613938363962336631323664656330643461373664 +36613533326165323039626338613765373337326136306334626238363830323334346634643938 +65613634646565646631616362313231386261363664343163336332303433326634663530663537 +35373663376562613131373734316139653935333966356666396236666530373734313237626432 +32623130663839346263383538353664363134663733386238376637666434323161333537353234 +35346133626565666563386162303165353430623432366365616436383037663739303365663738 +61373664656232303035633534393130653036316465306562396364646338666364366137373338 +66613635383834653835306266623738366233396538363166353163333839626638646562323535 +33313531323361626239363965633664346338623731333336376165353664336235643531383630 +61656263343538303036643737343633616338653434653033313763623565366331616133636166 +64353662346638636534626336353861613234646365316436313437646161613735653661316130 +31323762363465666639663137336263623937326261313030633830313234363936383766343531 +63643133386236323263646663316639393964636462663862623831306338336335303964383364 +37373865353330386138346235643537663366316466386565383633316664363038346439396565 +35373334616239303739373235366232646232303234326661303933336632656235383635616131 +32626230343531393265366466303362326562353130393739653637303333656263376336616133 +6561393566663363613936333561653030366535356534663962 diff --git a/roles/lmn_network/tasks/main.yml b/roles/lmn_network/tasks/main.yml index 853f4b6..c6bec56 100644 --- a/roles/lmn_network/tasks/main.yml +++ b/roles/lmn_network/tasks/main.yml @@ -19,3 +19,12 @@ path: /etc/systemd/timesyncd.conf insertafter: '^#NTP=' line: NTP={{ ntp_serv }} + +- name: Add proposed-updates repository + apt_repository: + repo: > + deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-proposed-updates + main non-free-firmware + state: present + update_cache: true + when: proposed_updates | default(False) diff --git a/roles/lmn_sssd/tasks/main.yml b/roles/lmn_sssd/tasks/main.yml index 082af5c..069f67c 100644 --- a/roles/lmn_sssd/tasks/main.yml +++ b/roles/lmn_sssd/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install needed packages +- name: Install needed packages apt: name: - sssd-ad @@ -7,7 +7,7 @@ - adcli state: latest -- name: provide identities from directory +- name: Provide user identities from AD template: src: sssd.conf.j2 dest: /etc/sssd/sssd.conf @@ -15,7 +15,7 @@ notify: restart sssd ## Either one of the variables is defined: -- name: join the domain +- name: Join the domain shell: cmd: > echo "{{ ansible_cmdline.adpw | default('') + adpw.user_input | default('') }}" | From eeec281bb02070685f6e317c6ec2b02d616255da Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Mon, 5 Feb 2024 08:21:11 +0100 Subject: [PATCH 17/18] Fix path for RAM image. SIP client on request. --- roles/lmn_fvs/tasks/main.yml | 1 + roles/lmn_vm/files/vm-netboot | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/lmn_fvs/tasks/main.yml b/roles/lmn_fvs/tasks/main.yml index cf5d2e4..3079016 100644 --- a/roles/lmn_fvs/tasks/main.yml +++ b/roles/lmn_fvs/tasks/main.yml @@ -57,6 +57,7 @@ - tmux - tree - ttf-mscorefonts-installer + - twinkle - unison-gtk - w3m - wireshark diff --git a/roles/lmn_vm/files/vm-netboot b/roles/lmn_vm/files/vm-netboot index 35549ba..a60a783 100755 --- a/roles/lmn_vm/files/vm-netboot +++ b/roles/lmn_vm/files/vm-netboot @@ -26,8 +26,8 @@ else arg=("$@") fi -kernel="http://livebox/d-i/n-live/$img/live/vmlinuz" -initrd="http://livebox/d-i/n-live/$img/live/initrd.img" +kernel="http://livebox/d-i/n-live/${img%-ram}/live/vmlinuz" +initrd="http://livebox/d-i/n-live/${img%-ram}/live/initrd.img" kargs=(boot=live components splash locales=de_DE.UTF-8 keyboard-layouts=de swap=true live-config.timezone=Europe/Berlin) @@ -40,7 +40,7 @@ case "$img" in kargs+=("fetch=http://10.190.1.2/d-i/n-live/${img%-ram}/live/filesystem.squashfs") ;; *) - kargs+=(netboot=nfs "nfsroot=10.190.1.2:/srv/nfs/debian-live/$img/") + kargs+=(netboot=nfs "nfsroot=10.190.1.2:/srv/nfs/debian-live/${img%-ram}") ;; esac From d285b9dbf034de01ab8a01e55d883ece898ae03c Mon Sep 17 00:00:00 2001 From: Raphael Dannecker Date: Mon, 5 Feb 2024 12:59:23 +0100 Subject: [PATCH 18/18] vm-upload must be run as user root --- roles/lmn_vm/files/lmn-vm | 2 +- roles/lmn_vm/files/vm-rebase | 2 +- roles/lmn_vm/files/vm-upload | 5 ++++- roles/lmn_vm/handlers/main.yml | 8 -------- roles/lmn_vm/tasks/main.yml | 9 +-------- 5 files changed, 7 insertions(+), 19 deletions(-) diff --git a/roles/lmn_vm/files/lmn-vm b/roles/lmn_vm/files/lmn-vm index 4f90db8..7d4011e 100644 --- a/roles/lmn_vm/files/lmn-vm +++ b/roles/lmn_vm/files/lmn-vm @@ -22,4 +22,4 @@ lmnsynci ALL=(root) NOPASSWD: /usr/local/bin/vm-aria2 %role-teacher ALL=(root) NOPASSWD: /usr/local/bin/desktop-sync # vm-upload: -%role-teacher ALL=(lmnsynci) NOPASSWD: /usr/local/bin/vm-upload +%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/vm-upload diff --git a/roles/lmn_vm/files/vm-rebase b/roles/lmn_vm/files/vm-rebase index b235760..4182390 100755 --- a/roles/lmn_vm/files/vm-rebase +++ b/roles/lmn_vm/files/vm-rebase @@ -72,7 +72,7 @@ qemu-img rebase -f qcow2 -b "${NEWBASE}" -F qcow2 "${VM_NAME}.qcow2" if [[ -v NEWNAME ]]; then NEWNAME="${NEWNAME}.qcow2" else - rm "${CURRENTBASE}" + rm -f "${CURRENTBASE}" NEWNAME="${CURRENTBASE}" fi diff --git a/roles/lmn_vm/files/vm-upload b/roles/lmn_vm/files/vm-upload index 732b59b..1fbdda3 100755 --- a/roles/lmn_vm/files/vm-upload +++ b/roles/lmn_vm/files/vm-upload @@ -16,7 +16,7 @@ upload_image() { echo "File not found ${VM_NAME}.qcow2" >&2 exit 1 fi - sudo vm-aria2 stop "${VM_NAME}" || echo "VMImage-torrent not running" + vm-aria2 stop "${VM_NAME}" || echo "VMImage-torrent not running" # link private VM-Diskimage to system-Dir if [[ -f "${VM_DIR}/${VM_NAME}.qcow2" \ && ( -f "${VM_SYSDIR}/${VM_NAME}.qcow2" && ("${VM_DIR}/${VM_NAME}.qcow2" -nt "${VM_SYSDIR}/${VM_NAME}.qcow2") \ @@ -26,6 +26,9 @@ upload_image() { ln -f "${VM_DIR}/${VM_NAME}.qcow2" "${VM_SYSDIR}/${VM_NAME}.qcow2" fi cd "${VM_SYSDIR}" + if [[ -f "/tmp/${VM_NAME}.qcow2.torrent" ]]; then + rm -f "/tmp/${VM_NAME}.qcow2.torrent" + fi uploadseed --server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" \ --pwdfile "${SEEDBOX_PWFILE}" --no-cert "${VM_NAME}.qcow2" } diff --git a/roles/lmn_vm/handlers/main.yml b/roles/lmn_vm/handlers/main.yml index 53ff53c..6af3160 100644 --- a/roles/lmn_vm/handlers/main.yml +++ b/roles/lmn_vm/handlers/main.yml @@ -3,14 +3,6 @@ name: libvirtd.service listen: reload libvirtd -- name: Enable vmimage-torrent service - systemd: - name: vmimage-torrent.service - state: restarted - daemon_reload: true - enabled: true - listen: "enable vmimage-torrent.service" - - name: Run update-desktop-database command: update-desktop-database "{{ item }}" loop: diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml index 3227054..3409db2 100644 --- a/roles/lmn_vm/tasks/main.yml +++ b/roles/lmn_vm/tasks/main.yml @@ -197,14 +197,7 @@ content: | allow virbr0 allow virbr1 - -- name: Deploy rsync.secret - lineinfile: - path: /etc/rsync.secret - line: "{{ rsyncsecret }}" - create: True - mode: '0600' - + allow virbr2 - name: Configure macvtap interface ansible.builtin.copy: