wip

2 months ago · 90eb0c29d5
29 changed files with 157 additions and 119 deletions
--- a/bootc/baremetal/root/etc/libvirt/qemu/hooks/qemu.d/.keep
+++ b/bootc/baremetal/root/etc/libvirt/qemu/hooks/qemu.d/.keep
--- a/bootc/baremetal/root/etc/libvirt/hooks/qemu.d/30-iptables.sh
+++ b/bootc/baremetal/root/etc/libvirt/hooks/qemu.d/30-iptables.sh
@ -0,0 +1,57 @@
 #!/bin/bash
 set -Eeuo pipefail
 # The standard output is used to alter the domain's XML configuration.
 # Suppress all output to avoid interfering with libvirt's operation.
 exec > /dev/null
 function log () {
    echo "$@" >&2
 }
 # This script is called by libvirt when a VM is started or stopped.
 # It is used to set up and tear down networking for the VM.
 # The script takes two arguments: the VM name and the action (start or stop).
 VM_NAME="$1"
 ACTION="$2"
 # Check if the networking configuration file exists for the VM
 if [ ! -f "/etc/libvirt-hooks/${VM_NAME}/iptables" ]; then
    log "No networking configuration found for VM '$VM_NAME'. Skipping."
    exit 0
 fi
 if [ "$ACTION" = "started" ] || [ "$ACTION" = "reconnect" ] || [ "$ACTION" = "restore" ]; then
    log "Setting up networking for VM '$VM_NAME'..."
    # Set up iptables rules
    while read -r rule; do
        if [ -z "$rule" ]; then
            continue
        fi
        iptables $rule
    done < "/etc/libvirt-hooks/${VM_NAME}/iptables"
    log "Networking setup complete for VM '$VM_NAME'."
 elif [ "$ACTION" = "stopped" ] || [ "$ACTION" = "disconnect" ]; then
    log "Tearing down networking for VM '$VM_NAME'..."
    # Tear down iptables rules
    while read -r rule; do
        if [ -z "$rule" ]; then
            continue
        fi
        # Replace '-A'/'-I' with '-D' to delete the rule
        rule="${rule/-A/-D}"
        rule="${rule/-I/-D}"
        iptables $rule || log "Warning: Failed to delete iptables rule: iptables $rule"
    done < "/etc/libvirt-hooks/${VM_NAME}/iptables"
    log "Networking teardown complete for VM '$VM_NAME'."
 else
    log "Unknown action '$ACTION'. Supported actions are 'started', 'stopped', 'reconnect', and 'disconnect'."
    log "Skipping."
 fi
 exit 0
--- a/bootc/baremetal/root/etc/libvirt/qemu/hooks/qemu
+++ b/bootc/baremetal/root/etc/libvirt/qemu/hooks/qemu
@ -1,49 +0,0 @@
 #!/bin/bash
 set -Eeuo pipefail
 # This script is called by libvirt when a VM is started or stopped.
 # It is used to set up and tear down networking for the VM.
 # The script takes two arguments: the VM name and the action (start or stop).
 VM_NAME="$1"
 ACTION="$2"
 # Check if the networking configuration file exists for the VM
 if [ ! -f "/etc/libvirt/hooks/qemu.d/${VM_NAME}/iptables" ]; then
    echo "No networking configuration found for VM '$VM_NAME'. Skipping."
    exit 0
 fi
 if [ "$ACTION" = "started" ] || [ "$ACTION" = "reconnect" ]; then
    echo "Setting up networking for VM '$VM_NAME'..."
    # Set up iptables rules
    while read -r rule; do
        if [ -z "$rule" ]; then
            continue
        fi
        iptables $rule
    done < "/etc/libvirt/hooks/qemu.d/${VM_NAME}/iptables"
    echo "Networking setup complete for VM '$VM_NAME'."
 elif [ "$ACTION" = "stopped" ] || [ "$ACTION" = "disconnect" ]; then
    echo "Tearing down networking for VM '$VM_NAME'..."
    # Tear down iptables rules
    while read -r rule; do
        if [ -z "$rule" ]; then
            continue
        fi
        # Replace '-A'/'-I' with '-D' to delete the rule
        rule="${rule/-A/-D}"
        rule="${rule/-I/-D}"
        iptables $rule || echo "Warning: Failed to delete iptables rule: iptables $rule"
    done < "/etc/libvirt/hooks/qemu.d/${VM_NAME}/iptables"
    echo "Networking teardown complete for VM '$VM_NAME'."
 else
    echo "Unknown action '$ACTION'. Supported actions are 'started', 'stopped', 'reconnect', and 'disconnect'."
    echo "Skipping."
 fi
 exit 0
--- a/flightctl/apps/edge-vm/etc/systemd/system/bootstrap-vm@.service
+++ b/flightctl/apps/edge-vm/etc/systemd/system/bootstrap-vm@.service
@ -7,6 +7,9 @@ Wants=network-online.target
 # Only start if the VM root disk does not exist
 ConditionPathExists=!/var/lib/libvirt/images/%i/root.qcow2
 # Only start if the VM definition file is present
 ConditionPathExists=/etc/default/bootstrap-vm-%i.env
 # Remain started to avoid race conditions
 Persistent=true
--- a/flightctl/apps/hyperv-migration/etc/systemd/system/migrate-vm@.service
+++ b/flightctl/apps/hyperv-migration/etc/systemd/system/migrate-vm@.service
@ -7,6 +7,9 @@ Wants=network-online.target
 # Only start if the VM root disk does not exist
 ConditionPathExists=!/var/lib/libvirt/images/%i/root.qcow2
 # Only start if the VM definition file is present
 ConditionPathExists=/etc/default/migrate-vm-%i.env
 # Remain started to avoid race conditions
 Persistent=true
--- a/flightctl/apps/edge-vm/usr/local/bin/bootstrap-vm.sh
+++ b/flightctl/apps/edge-vm/usr/local/bin/bootstrap-vm.sh
--- a/flightctl/apps/hyperv-migration/usr/local/bin/migrate-vm.sh
+++ b/flightctl/apps/hyperv-migration/usr/local/bin/migrate-vm.sh
--- a/bootc/base/Containerfile
+++ b/bootc/base/Containerfile
@ -13,7 +13,7 @@ dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarc
 # Install packages
 dnf install -y mkpasswd podman skopeo flightctl-agent cockpit cockpit-podman cockpit-files \
               cockpit-ostree cockpit-pcp cockpit-system greenboot greenboot-default-health-checks \
-               stress-ng yq podman-compose tmux tcpdump
+               stress-ng yq podman-compose tmux tcpdump htop iptraf-ng
 dnf clean all
 # Create admin user if specified
--- a/bootc/scripts/buildall.sh
+++ b/bootc/scripts/buildall.sh
@ -12,7 +12,7 @@ PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
 . "$PROJECT_DIR/config.env"
-for dir in "$PROJECT_DIR"/{base,hypervisor,virtualmachine}; do
+for dir in "$PROJECT_DIR"/{base,baremetal,virtualmachine}; do
  if [ -d "$dir" -a -f "$dir/Containerfile" ]; then
    export SCENARIO="${dir##*/}"
    TARGET_IMAGE="$(echo -n "$TARGET_IMAGE_TEMPLATE" | envsubst)"
--- a/flightctl/apps/hyperv-migration/etc/greenboot/check/required.d/30_printserver_check.sh
+++ b/flightctl/apps/hyperv-migration/etc/greenboot/check/required.d/30_printserver_check.sh
@ -1,6 +1,12 @@
 #!/bin/bash
 set -Eeuo pipefail
 if [ ! -f /etc/default/migrate-vm-printserver.env ]; then
  echo "Virtual Machine 'printserver' not configured for this host!"
  exit 0
 fi
 MAX_ATTEMPTS=60
 for (( attempt=1; attempt<=MAX_ATTEMPTS; attempt++ )); do
--- a/flightctl/apps/nextcloud/etc/greenboot/check/required.d/30_nextcloud_check.sh
+++ b/flightctl/apps/nextcloud/etc/greenboot/check/required.d/30_nextcloud_check.sh
@ -1,6 +1,12 @@
 #!/bin/bash
 set -Eeuo pipefail
 if [ ! -f /etc/containers/systemd/nextcloud/nextcloud-config.env ]; then
  echo "Nextcloud not configured for this host!"
  exit 0
 fi
 declare -a container_state=()
 MAX_ATTEMPTS=60
--- a/flightctl/apps/odoo/etc/greenboot/check/required.d/30_odoo_check.sh
+++ b/flightctl/apps/odoo/etc/greenboot/check/required.d/30_odoo_check.sh
@ -1,6 +1,12 @@
 #!/bin/bash
 set -Eeuo pipefail
 if [ ! -f /etc/containers/systemd/odoo/odoo-config.env ]; then
  echo "Odoo not configured for this host!"
  exit 0
 fi
 declare -a container_state=()
 MAX_ATTEMPTS=60
--- a/flightctl/apps/odoo/etc/odoo/odoo.conf
+++ b/flightctl/apps/odoo/etc/odoo/odoo.conf
@ -3,7 +3,7 @@ addons_path = /mnt/extra-addons
 data_dir = /var/lib/odoo
 admin_passwd = $pbkdf2-sha512$600000$G6OU8j7HuBdCyBnDeE/pnQ$rtoycI6N7hJW37qeLLesYPWyfk8HsXD9HnsMtzkkU.pciBgd4bc0kV4Z2mI5cctjRIZf/RTOYAX5BvSjbwMxsA
 db_host = localhost
-db_port = 5432
+db_port = 5433
 db_user = odoo
 db_password = odoo
 logfile = /var/log/odoo/odoo.log
--- a/flightctl/apps/vm-nextcloud/etc/flightctl/hooks.d/afterupdating/30-edge-vm.yaml
+++ b/flightctl/apps/vm-nextcloud/etc/flightctl/hooks.d/afterupdating/30-edge-vm.yaml
--- a/flightctl/apps/vm-nextcloud/etc/flightctl/hooks.d/beforeupdating/30-edge-vm.yaml
+++ b/flightctl/apps/vm-nextcloud/etc/flightctl/hooks.d/beforeupdating/30-edge-vm.yaml
--- a/flightctl/apps/vm-nextcloud/etc/greenboot/check/required.d/30_nextcloud_check.sh
+++ b/flightctl/apps/vm-nextcloud/etc/greenboot/check/required.d/30_nextcloud_check.sh
@ -1,6 +1,12 @@
 #!/bin/bash
 set -Eeuo pipefail
 if [ ! -f /etc/default/bootstrap-vm-nextcloud.env ]; then
  echo "Virtual Machine 'nextcloud' not configured for this host!"
  exit 0
 fi
 MAX_ATTEMPTS=60
 for (( attempt=1; attempt<=MAX_ATTEMPTS; attempt++ )); do
--- a/flightctl/fleets.yaml
+++ b/flightctl/fleets.yaml
@ -3,92 +3,98 @@ kind: Fleet
 metadata:
  annotations: {}
  labels:
-    scenario: 'scenario1'
+    fleet: 'store-baremetal'
-  name: scenario1
+  name: store-baremetal
 spec:
  selector:
    matchLabels:
-      scenario: 'scenario1'
+      type: 'baremetal'
      demo: 'retail'
  template:
    metadata:
      labels:
-        fleet: scenario1
+        fleet: 'store-baremetal'
    spec:
      applications: []
      os:
-        image: edge-registry.itix.fr/demo-edge-retail/scenario1:latest
+        image: edge-registry.itix.fr/demo-edge-retail/baremetal:latest
      config:
-      - name: scenario1-config
+      - name: baremetal-site-config
        configType: GitConfigProviderSpec
        gitRef:
-          path: /flightctl/scenario1/sites/{{ getOrDefault .metadata.labels "site" "default" }}/
+          path: /flightctl/fleets/baremetal/sites/{{ getOrDefault .metadata.labels "site" "default" }}/
          repository: demo-edge-retail
          targetRevision: main
      - name: nextcloud-container
        configType: GitConfigProviderSpec
        gitRef:
          path: /flightctl/apps/nextcloud/
          repository: demo-edge-retail
          targetRevision: main
      - name: odoo-container
        configType: GitConfigProviderSpec
        gitRef:
          path: /flightctl/apps/odoo/
          repository: demo-edge-retail
          targetRevision: main
      - name: edge-vm
        configType: GitConfigProviderSpec
        gitRef:
          path: /flightctl/apps/edge-vm/
          repository: demo-edge-retail
          targetRevision: main
      - name: hyperv-migration
        configType: GitConfigProviderSpec
        gitRef:
          path: /flightctl/apps/hyperv-migration/
          repository: demo-edge-retail
          targetRevision: main
      systemd:
        matchPatterns:
-          - nextcloud-app.service
+        - libvirtd.service
-          - nextcloud-db.service
+        - greenboot-healthcheck.service
-          - nextcloud-nginx.service
+        - nextcloud-app.service
-          - nextcloud-redis.service
+        - nextcloud-db.service
-          - greenboot-healthcheck.service
+        - nextcloud-nginx.service
---
+        - nextcloud-redis.service
-apiVersion: flightctl.io/v1alpha1
+        - odoo-app.service
-kind: Fleet
+        - odoo-db.service
-metadata:
+        - odoo-init.service
-  annotations: {}
+        - bootstrap-vm@nextcloud.service
-  labels:
+        - migrate-vm@printserver.service
    scenario: 'scenario3a'
  name: scenario3a
 spec:
  selector:
    matchLabels:
      scenario: 'scenario3a'
      type: 'baremetal'
  template:
    metadata:
      labels:
        fleet: scenario3a
    spec:
      applications: []
      config: []
      os:
        image: edge-registry.itix.fr/demo-edge-retail/scenario3a:latest
      systemd:
        matchPatterns:
          - bootstrap-vm@nextcloud.service
          - libvirtd.service
          - nftables.service
          - greenboot-healthcheck.service
 ---
 apiVersion: flightctl.io/v1alpha1
 kind: Fleet
 metadata:
  annotations: {}
  labels:
-    scenario: 'scenario4'
+    fleet: 'store-vm-nextcloud'
-  name: scenario4
+  name: store-vm-nextcloud
 spec:
  selector:
    matchLabels:
-      scenario: 'scenario4'
+      type: 'virtualmachine'
      vm.name: 'nextcloud'
      demo: 'retail'
  template:
    metadata:
      labels:
-        fleet: scenario4
+        fleet: 'store-vm-nextcloud'
    spec:
      applications: []
      os:
-        image: edge-registry.itix.fr/demo-edge-retail/scenario4:latest
+        image: edge-registry.itix.fr/demo-edge-retail/virtualmachine:latest
      config:
-      - name: scenario4-config
+      - name: vm-nextcloud-site-config
        configType: GitConfigProviderSpec
        gitRef:
-          path: /flightctl/scenario4/sites/{{ getOrDefault .metadata.labels "site" "default" }}/
+          path: /flightctl/fleets/vm-nextcloud/sites/{{ getOrDefault .metadata.labels "site" "default" }}/
          repository: demo-edge-retail
          targetRevision: main
      systemd:
        matchPatterns:
-          - odoo-app.service
+        - greenboot-healthcheck.service
-          - odoo-db.service
+        - nextcloud-app.service
-          - odoo-init.service
+        - nextcloud-db.service
-          - greenboot-healthcheck.service
+        - nextcloud-nginx.service
        - nextcloud-redis.service
--- a/flightctl/fleets/baremetal/sites/paris-wagram/etc/containers/systemd/nextcloud/nextcloud-config.env
+++ b/flightctl/fleets/baremetal/sites/paris-wagram/etc/containers/systemd/nextcloud/nextcloud-config.env
--- a/flightctl/fleets/baremetal/sites/paris-wagram/etc/containers/systemd/configs/odoo-config.env
+++ b/flightctl/fleets/baremetal/sites/paris-wagram/etc/containers/systemd/configs/odoo-config.env
--- a/flightctl/fleets/baremetal/sites/paris-wagram/etc/default/bootstrap-vm-nextcloud.env
+++ b/flightctl/fleets/baremetal/sites/paris-wagram/etc/default/bootstrap-vm-nextcloud.env
--- a/flightctl/fleets/baremetal/sites/paris-wagram/etc/libvirt-hooks/nextcloud/iptables
+++ b/flightctl/fleets/baremetal/sites/paris-wagram/etc/libvirt-hooks/nextcloud/iptables
@ -0,0 +1,2 @@
 -t nat -A PREROUTING -p tcp --dport 80 -d 192.168.2.73 -j DNAT --to-destination 192.168.122.2:80
 -t filter -I LIBVIRT_FWI -d 192.168.122.2 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
--- a/flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/containers/systemd/configs/odoo-config.env
+++ b/flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/containers/systemd/configs/odoo-config.env
--- a/flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/default/bootstrap-vm-nextcloud.env
+++ b/flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/default/bootstrap-vm-nextcloud.env
@ -0,0 +1,8 @@
 DOMAIN_VCPUS=4
 DOMAIN_RAM=8192
 DOMAIN_DISK_SIZE=100
 DOMAIN_OS_VARIANT=rhel9.6
 DOMAIN_MAC_ADDRESS=04:00:00:00:00:01
 FLIGHTCTL_LABELS_OVERRIDE={ "type": "virtualmachine", "vm.name": "nextcloud" }
 DOMAIN_DISK_SOURCE=edge-registry.itix.fr/demo-edge-retail/virtualmachine:latest
 REGISTRY_AUTH_FILE=/etc/ostree/auth.json
--- a/flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/default/migrate-vm-printserver.env
+++ b/flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/default/migrate-vm-printserver.env
--- a/flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/libvirt-hooks/nextcloud/iptables
+++ b/flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/libvirt-hooks/nextcloud/iptables
--- a/flightctl/fleets/virtualmachines/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env
+++ b/flightctl/fleets/virtualmachines/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env
@ -1,16 +0,0 @@
 ##
 ## Nextcloud Configuration Environment Variables
 ##
 # Nextcloud domain configuration
 NEXTCLOUD_TRUSTED_DOMAINS=adlink-dlap-4001.itix.fr
 OVERWRITEHOST=adlink-dlap-4001.itix.fr
 OVERWRITEPROTOCOL=http
 OVERWRITECLIURL=http://adlink-dlap-4001.itix.fr
 # Nextcloud admin credentials
 NEXTCLOUD_ADMIN_USER=admin
 NEXTCLOUD_ADMIN_PASSWORD=nextcloud
 # Nextcloud server info token
 NEXTCLOUD_SERVERINFO_TOKEN=S3cr3t!
--- a/flightctl/fleets/virtualmachines/sites/default/etc/motd.d/unconfigured
+++ b/flightctl/fleets/virtualmachines/sites/default/etc/motd.d/unconfigured
--- a/flightctl/fleets/virtualmachines/sites/paris-wagram/etc/containers/systemd/configs/nextcloud-config.env
+++ b/flightctl/fleets/virtualmachines/sites/paris-wagram/etc/containers/systemd/configs/nextcloud-config.env
--- a/flightctl/fleets/vm-nextcloud/sites/villeneuve-d-ascq/etc/containers/systemd/nextcloud/nextcloud-config.env
+++ b/flightctl/fleets/vm-nextcloud/sites/villeneuve-d-ascq/etc/containers/systemd/nextcloud/nextcloud-config.env
	`@ -0,0 +1,2 @@`
					`-t nat -A PREROUTING -p tcp --dport 80 -d 192.168.2.73 -j DNAT --to-destination 192.168.122.2:80`
					`-t filter -I LIBVIRT_FWI -d 192.168.122.2 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT`