oskar456/a-poor-mans-hypervisor-scripts.md

## a-poor-mans-hypervisor-scripts.md

      
    Raw
  

              a-poor-mans-hypervisor-scripts.md
            
          
    A poor man's hypervisor scripts

These scripts are written mostly in bash in order to spawn a bunch of similar KVM VMs, have each have its own SSH key for the root account (which can be e-mailed to people) and be able to destroy all the machines easily once the work is done.
There is unfortunatelly no documentation whatsover.

  
## emailsshkeys.sh
#!/bin/bash

VMS=/home/oskar/vms
SSHK=/home/oskar/sshkeys

echo "Reading <email> <nodenum> list from stdin..."

while read email nodenum
do
	node=n$nodenum
	if [[ ! -d "${VMS}/${node}" ]]; then
		echo "Invalid node name $node skipping..."
		continue
	fi
	hostname="$node.clones.cesnet.cz"
	acctname="root@$hostname"
	keyfile="${SSHK}/id_rsa-$acctname"
	if [[ ! -f $keyfile ]]; then
		echo "SSH key ${keyfile} does not exist!"
		continue
	fi
	basekeyfile=$(basename "${keyfile}")
	mutt -s "SSH klic pro pristup k $hostname" "${email}" -a ${keyfile} -- <<EOF
Dobrý den,

v příloze najdete SSH klíč pro přístup na svůj server ${hostname}.
Použijete jej takto:

$ chmod 600 ${basekeyfile}
$ ssh -i ${basekeyfile} ${acctname}

Pro použití v PuTTY je nutné klíč nejprve překonvertovat nástrojem PuTTYgen.

Stejný klíč je možné použít i pro pomocný server ${node}a.clones.cesnet.cz.
Tento pomocný server však nemá IPv4 konektivitu.

Na tento e-mail prosím neodpovídejte.
EOF
done

## in-vm-rc.local.sh
while [ -z "$(hostname -I)" ]; do
	sleep 1;
done
hostname=$(dig +short -x $(hostname -I | cut -d' ' -f 1) | sed 's/.$//')
hostnamectl set-hostname "$hostname"
wget -qO /root/.ssh/authorized_keys2 http://clones.cesnet.cz:8080/$(hostname -s)/id_rsa-root@$(hostname).pub

## interfaces-vde0.conf
auto vde0
iface vde0 inet static
	vde2-switch -t vde0 -f /etc/vde2/vdeports.rc
	address 195.113.233.65
	netmask 255.255.255.224

iface vde0 inet6 static
	address 2001:718:ff05:102::a1/64

## vm-generatesshkeys.sh
#!/bin/bash

VMS=/home/oskar/vms
SSHK=/home/oskar/sshkeys

for vm in ${VMS}/n*;
do
	[ -d $vm ] || continue
	i="${vm##*/n}"
	n="${i:0:2}"
	acctname="root@n$n.clones.cesnet.cz"
	keyfile="${SSHK}/id_rsa-$acctname"
	[ ! -d "${SSHK}/n${i}" ] && ln -s "${SSHK}" "${SSHK}/n${i}"
	[ -f $keyfile ] && continue
	ssh-keygen -t rsa -b 2048 -f ${keyfile} -C ${acctname} -N ''
	ln -s "${keyfile}.pub" "${SSHK}/id_rsa-root@n${n}a.clones.cesnet.cz.pub"
done

## vm-masterstart.sh
#!/bin/bash

template=${1-/home/oskar/images/debian.qcow2}
shift

qemu-system-x86_64 \
	-m 1024 \
	-smp 2 \
	-vnc :1,password \
	-usb \
	-device usb-tablet \
	-net nic,netdev=mydev1,model=virtio,macaddr=02:c1:0e:ee:00:71 \
	-netdev vde,id=mydev1,sock=/var/run/vde2/vde0.ctl \
	-machine q35,accel=kvm -enable-kvm \
	-monitor stdio \
        -object rng-random,filename=/dev/urandom,id=rng0 \
        -device virtio-rng-pci,rng=rng0 \
        -device virtio-scsi,id=scsi \
	-blockdev driver=qcow2,node-name=disk,discard=unmap,pass-discard-request=on,file.driver=file,file.discard=unmap,file.filename=$template \
	-device scsi-hd,drive=disk  "$@"

## vm-preparedisks.sh
#!/bin/bash

[[ "$#" -lt 2 ]] && {
	echo "Usage: $0 <Image> <VM folder>..."
	exit
}

IMG="$(readlink -m $1)"
shift

while [[ -n "$*" ]];
do
	vm="$1"
	shift
	[ -d $vm ] || continue
	i="${vm##*/n}"
	qemu-img create -f qcow2 -o backing_file=${IMG} ${vm}/n${i}.qcow2
done

## vm-sshkeyserver.py
#!/usr/bin/env python3

import http.server
import socketserver
import socket
import os
import urllib.parse

class TCP6Server(socketserver.TCPServer):
    address_family = socket.AF_INET6

    def server_bind(self):
        self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
        self.socket.bind(self.server_address)

class MyHTTPRequestHandler(http.server.SimpleHTTPRequestHandler):
    """Serve only files ending with .pub"""
    def send_head(self):
        p = urllib.parse.urlparse(self.path)
        if not p.path.endswith('.pub'):
            self.send_error(403, "Forbidden")
            return None
        return super(MyHTTPRequestHandler, self).send_head()

    def log_message(self, format, *args):
        pass

os.chdir('/home/oskar/sshkeys')

bindaddr = ""
bindport = 8080

httpd = TCP6Server((bindaddr, bindport), MyHTTPRequestHandler)

httpd.serve_forever()

## vm-start.sh
#!/bin/bash

[[ "$#" -lt 1 ]] && {
	echo "Usage: $0 <VM folder>..."
	exit
}

for vm in $@;
do
	[ -d $vm ] || continue
	i="${vm##*/n}"
	n="${i:0:2}"
	mac="02:c1:0e:ee:00:$n"
	vnc="$n"
	mem=2048
	smp=4
	[[ ${i:2:1} = 'a' ]] && {
		mac="02:c1:0e:e1:00:$n"
		vnc="$(( $vnc + 100 ))"
		mem=512
		smp=1
	}
	echo | socat stdin unix:${vm}/monitor.sock 2>/dev/null && {
		echo "Error n$i looks like running already..."
		exit 1
	} || true
	echo "Starting n$i..."
	qemu-system-x86_64 \
		-m $mem \
		-smp $smp \
		-vnc :$vnc,password \
		-usb \
		-device usb-tablet \
		-netdev vde,id=ndev1,sock=/var/run/vde2/vde0.ctl \
		-net nic,netdev=ndev1,model=virtio,macaddr=$mac \
		-machine q35,accel=kvm -enable-kvm \
		-monitor unix:${vm}/monitor.sock,server,nowait \
        	-object rng-random,filename=/dev/urandom,id=rng0 \
	        -device virtio-rng-pci,rng=rng0 \
        	-device virtio-scsi,id=scsi \
		-blockdev driver=qcow2,node-name=disk,discard=unmap,pass-discard-request=on,file.driver=file,file.discard=unmap,file.filename=${vm}/n$i.qcow2 \
		-device scsi-hd,drive=disk \
		-daemonize
	sleep 1
done

## vm-stop.sh
#!/bin/bash

[[ "$#" -lt 1 ]] && {
	echo "Usage: $0 <VM folder>..."
	exit
}

for vm in $@;
do
	[ -d $vm ] || continue
	sock="$vm/monitor.sock"
	[ -S $sock ] || continue
	echo system_powerdown | socat stdio UNIX-CONNECT:${sock}
done
	#!/bin/bash

	VMS=/home/oskar/vms
	SSHK=/home/oskar/sshkeys

	echo "Reading <email> <nodenum> list from stdin..."

	while read email nodenum
	do
	node=n$nodenum
	if [[ ! -d "${VMS}/${node}" ]]; then
	echo "Invalid node name $node skipping..."
	continue
	fi
	hostname="$node.clones.cesnet.cz"
	acctname="root@$hostname"
	keyfile="${SSHK}/id_rsa-$acctname"
	if [[ ! -f $keyfile ]]; then
	echo "SSH key ${keyfile} does not exist!"
	continue
	fi
	basekeyfile=$(basename "${keyfile}")
	mutt -s "SSH klic pro pristup k $hostname" "${email}" -a ${keyfile} -- <<EOF
	Dobrý den,

	v příloze najdete SSH klíč pro přístup na svůj server ${hostname}.
	Použijete jej takto:

	$ chmod 600 ${basekeyfile}
	$ ssh -i ${basekeyfile} ${acctname}

	Pro použití v PuTTY je nutné klíč nejprve překonvertovat nástrojem PuTTYgen.

	Stejný klíč je možné použít i pro pomocný server ${node}a.clones.cesnet.cz.
	Tento pomocný server však nemá IPv4 konektivitu.

	Na tento e-mail prosím neodpovídejte.
	EOF
	done
	while [ -z "$(hostname -I)" ]; do
	sleep 1;
	done
	hostname=$(dig +short -x $(hostname -I \| cut -d' ' -f 1) \| sed 's/.$//')
	hostnamectl set-hostname "$hostname"
	wget -qO /root/.ssh/authorized_keys2 http://clones.cesnet.cz:8080/$(hostname -s)/id_rsa-root@$(hostname).pub
	auto vde0
	iface vde0 inet static
	vde2-switch -t vde0 -f /etc/vde2/vdeports.rc
	address 195.113.233.65
	netmask 255.255.255.224

	iface vde0 inet6 static
	address 2001:718:ff05:102::a1/64
	#!/bin/bash

	template=${1-/home/oskar/images/debian.qcow2}
	shift

	qemu-system-x86_64 \
	-m 1024 \
	-smp 2 \
	-vnc :1,password \
	-usb \
	-device usb-tablet \
	-net nic,netdev=mydev1,model=virtio,macaddr=02:c1:0e:ee:00:71 \
	-netdev vde,id=mydev1,sock=/var/run/vde2/vde0.ctl \
	-machine q35,accel=kvm -enable-kvm \
	-monitor stdio \
	-object rng-random,filename=/dev/urandom,id=rng0 \
	-device virtio-rng-pci,rng=rng0 \
	-device virtio-scsi,id=scsi \
	-blockdev driver=qcow2,node-name=disk,discard=unmap,pass-discard-request=on,file.driver=file,file.discard=unmap,file.filename=$template \
	-device scsi-hd,drive=disk "$@"
	#!/bin/bash

	[[ "$#" -lt 2 ]] && {
	echo "Usage: $0 <Image> <VM folder>..."
	exit
	}

	IMG="$(readlink -m $1)"
	shift

	while [[ -n "$*" ]];
	do
	vm="$1"
	shift
	[ -d $vm ] \|\| continue
	i="${vm##*/n}"
	qemu-img create -f qcow2 -o backing_file=${IMG} ${vm}/n${i}.qcow2
	done
	#!/usr/bin/env python3

	import http.server
	import socketserver
	import socket
	import os
	import urllib.parse

	class TCP6Server(socketserver.TCPServer):
	address_family = socket.AF_INET6

	def server_bind(self):
	self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
	self.socket.bind(self.server_address)

	class MyHTTPRequestHandler(http.server.SimpleHTTPRequestHandler):
	"""Serve only files ending with .pub"""
	def send_head(self):
	p = urllib.parse.urlparse(self.path)
	if not p.path.endswith('.pub'):
	self.send_error(403, "Forbidden")
	return None
	return super(MyHTTPRequestHandler, self).send_head()

	def log_message(self, format, *args):
	pass

	os.chdir('/home/oskar/sshkeys')

	bindaddr = ""
	bindport = 8080

	httpd = TCP6Server((bindaddr, bindport), MyHTTPRequestHandler)

	httpd.serve_forever()
	#!/bin/bash

	[[ "$#" -lt 1 ]] && {
	echo "Usage: $0 <VM folder>..."
	exit
	}

	for vm in $@;
	do
	[ -d $vm ] \|\| continue
	i="${vm##*/n}"
	n="${i:0:2}"
	mac="02:c1:0e:ee:00:$n"
	vnc="$n"
	mem=2048
	smp=4
	[[ ${i:2:1} = 'a' ]] && {
	mac="02:c1:0e:e1:00:$n"
	vnc="$(( $vnc + 100 ))"
	mem=512
	smp=1
	}
	echo \| socat stdin unix:${vm}/monitor.sock 2>/dev/null && {
	echo "Error n$i looks like running already..."
	exit 1
	} \|\| true
	echo "Starting n$i..."
	qemu-system-x86_64 \
	-m $mem \
	-smp $smp \
	-vnc :$vnc,password \
	-usb \
	-device usb-tablet \
	-netdev vde,id=ndev1,sock=/var/run/vde2/vde0.ctl \
	-net nic,netdev=ndev1,model=virtio,macaddr=$mac \
	-machine q35,accel=kvm -enable-kvm \
	-monitor unix:${vm}/monitor.sock,server,nowait \
	-object rng-random,filename=/dev/urandom,id=rng0 \
	-device virtio-rng-pci,rng=rng0 \
	-device virtio-scsi,id=scsi \
	-blockdev driver=qcow2,node-name=disk,discard=unmap,pass-discard-request=on,file.driver=file,file.discard=unmap,file.filename=${vm}/n$i.qcow2 \
	-device scsi-hd,drive=disk \
	-daemonize
	sleep 1
	done