From 8511a8f30af159f2668e8239f5a82960eaaedb15 Mon Sep 17 00:00:00 2001 From: Nicolas MASSE Date: Tue, 4 Jan 2022 22:25:22 +0100 Subject: [PATCH] initial commit --- debian11-cloudinit/run.sh | 53 +++++++++++++++++++++++++++++++ debian11-cloudinit/user-data.yaml | 22 +++++++++++++ fcos/fcos.yaml | 53 +++++++++++++++++++++++++++++++ fcos/run.sh | 46 +++++++++++++++++++++++++++ fedora35-cloudinit/run.sh | 43 +++++++++++++++++++++++++ fedora35-cloudinit/user-data.yaml | 27 ++++++++++++++++ 6 files changed, 244 insertions(+) create mode 100755 debian11-cloudinit/run.sh create mode 100644 debian11-cloudinit/user-data.yaml create mode 100644 fcos/fcos.yaml create mode 100755 fcos/run.sh create mode 100755 fedora35-cloudinit/run.sh create mode 100644 fedora35-cloudinit/user-data.yaml diff --git a/debian11-cloudinit/run.sh b/debian11-cloudinit/run.sh new file mode 100755 index 0000000..4ce4afd --- /dev/null +++ b/debian11-cloudinit/run.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +set -Eeuo pipefail + +VM="${VM:-debian}" +BASEIMAGE="${BASEIMAGE:-https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-genericcloud-amd64.qcow2}" +BACKINGSTORE="${BACKINGSTORE:-debian-11-genericcloud-amd64.qcow2}" +OSINFO="debian11" + +if [ "$UID" != "0" ]; then + echo "Usage: sudo $0 [cleanup]" + exit 1 +fi + +if virsh list --all --name | grep -xqF "$VM"; then + echo "Cleaning up..." + virsh destroy "$VM" || true + virsh undefine "$VM" || true + rm -f "/var/lib/libvirt/images/$VM.qcow2" + sleep 1 +fi + +if [ "${1:-}" == "cleanup" ]; then + exit 0 +fi + +if [ ! -f "/var/lib/libvirt/images/$BACKINGSTORE" ]; then + echo "Downloading base image..." + curl -Lo "/var/lib/libvirt/images/$BACKINGSTORE" "$BASEIMAGE" +fi + +# Pre-requisites: dnf install mtools cloud-utils +echo "Generating cloud-init.iso..." + +# Note: the Debian "genericcloud" image is smaller but does not include any driver for physical hardware. +# So we cannot use the default format (iso) since it is emulated as SATA by KVM. +# Therefore, we generate a VFAT image that will be mounted with virtio. +cloud-localds -f vfat "/var/lib/libvirt/images/$VM-cloud-init.img" user-data.yaml + +# Also, the debian image requires to explicitely set the cloud datasource. +# For KVM, this is set via the SMBIOS "serial number" property. Hence, the --sysinfo below... +# See https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html +virt-install --name "$VM" --autostart --noautoconsole --import \ + --cpu host-passthrough --vcpus 2 --ram 2048 \ + --os-variant "$OSINFO" \ + --disk "path=/var/lib/libvirt/images/$VM.qcow2,backing_store=/var/lib/libvirt/images/$BACKINGSTORE,size=10" \ + --disk "path=/var/lib/libvirt/images/$VM-cloud-init.img,readonly=on" \ + --network default \ + --console pty,target.type=virtio --serial pty \ + --sysinfo 'system.serial=ds=nocloud' +sleep 1 +virsh console "$VM" + diff --git a/debian11-cloudinit/user-data.yaml b/debian11-cloudinit/user-data.yaml new file mode 100644 index 0000000..0fbca08 --- /dev/null +++ b/debian11-cloudinit/user-data.yaml @@ -0,0 +1,22 @@ +#cloud-config + +users: +- name: nicolas + gecos: Nicolas MASSE + groups: sudo + lock_passwd: false + # Password = "nicolas". Generated with "openssl passwd -6". + passwd: $6$lEBwC1lnRvLErO9A$lsb2i.3eTHj3PKV7uKryLROFOQMPDK/eKZXaLIoIk933JimDOPjCxn3F4gIu5ao9oQ4NFid7kQj/wUYJeVqoe. + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain + +write_files: +- path: /etc/sudoers + content: | + Defaults env_reset + Defaults mail_badpass + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + root ALL=(ALL:ALL) NOPASSWD: ALL + %sudo ALL=(ALL:ALL) NOPASSWD: ALL + @includedir /etc/sudoers.d diff --git a/fcos/fcos.yaml b/fcos/fcos.yaml new file mode 100644 index 0000000..9a8878b --- /dev/null +++ b/fcos/fcos.yaml @@ -0,0 +1,53 @@ +variant: fcos +version: 1.4.0 +passwd: + users: + - name: nicolas + groups: + - wheel + - sudo + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain + # echo nicolas | mkpasswd --method=yescrypt -s + password_hash: "$y$j9T$IIkhmtKaucCqDD1gF//fm1$ZyKCnWN8i2eRFZke.O0eSvjxEqnQEmfTFQgi7.a/Ce0" +systemd: + units: + - name: unifi.service + enabled: true + contents: | + [Unit] + Description=Unifi Controller + Documentation=https://docs.linuxserver.io/images/docker-unifi-controller + Wants=network-online.target + After=network-online.target + RequiresMountsFor=%t/containers + + [Service] + Environment=PODMAN_SYSTEMD_UNIT=%n + Restart=always + TimeoutStopSec=61 + ExecStartPre=/bin/rm -f %t/%n.ctr-id + ExecStartPre=/bin/install -d /var/lib/unifi -m 0700 -o 10000 -g 10000 + ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace --name unifi -e PUID=10000 -e PGID=10000 -v /var/lib/unifi:/config:z -p 3478:3478/udp -p 10001:10001/udp -p 8080:8080 -p 8443:8443 -p 1900:1900/udp -p 8843:8843 -p 8880:8880 -p 6789:6789 -p 5514:5514/udp quay.io/linuxserver.io/unifi-controller:6.5.55 + ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id + ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id + Type=notify + NotifyAccess=all + + [Install] + WantedBy=multi-user.target default.target + +storage: + disks: + - device: /dev/vdb + wipe_table: false + partitions: + - size_mib: 0 + start_mib: 0 + label: var + filesystems: + - path: /var/lib/unifi + device: /dev/disk/by-partlabel/var + format: xfs + with_mount_unit: true diff --git a/fcos/run.sh b/fcos/run.sh new file mode 100755 index 0000000..a8d7990 --- /dev/null +++ b/fcos/run.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -Eeuo pipefail + +VM="${VM:-fcos}" +BASEIMAGE="${BASEIMAGE:-https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/35.20211203.3.0/x86_64/fedora-coreos-35.20211203.3.0-qemu.x86_64.qcow2.xz}" +BACKINGSTORE="${BACKINGSTORE:-fedora-coreos-35-qemu.x86_64.qcow2}" +OSINFO="fedora-coreos-stable" + +if [ "$UID" != "0" ]; then + echo "Usage: sudo $0 [cleanup]" + exit 1 +fi + +if virsh list --all --name | grep -xqF "$VM"; then + echo "Cleaning up..." + virsh destroy "$VM" || true + virsh undefine "$VM" || true + rm -f "/var/lib/libvirt/images/$VM.qcow2" + sleep 1 +fi + +if [ "${1:-}" == "cleanup" ]; then + exit 0 +fi + +if [ ! -f "/var/lib/libvirt/images/$BACKINGSTORE" ]; then + echo "Downloading base image..." + curl -L "$BASEIMAGE" | xz -dc > "/var/lib/libvirt/images/$BACKINGSTORE" +fi + +# Pre-requisites: dnf install butane +echo "Generating ignition file..." +butane --pretty --strict < "$PWD/fcos.yaml" > "/var/lib/libvirt/images/$VM.ign" + +virt-install --name "$VM" --autostart --import --noautoconsole \ + --cpu host-passthrough --vcpus 2 --ram 3074 \ + --os-variant "$OSINFO" \ + --disk "path=/var/lib/libvirt/images/$VM.qcow2,backing_store=/var/lib/libvirt/images/$BACKINGSTORE,size=10" \ + --disk "path=/var/lib/libvirt/images/$VM-var.qcow2,size=10" \ + --network default \ + --qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/$VM.ign" \ + --graphics none --console pty,target.type=virtio --serial pty +sleep 1 +virsh console "$VM" + diff --git a/fedora35-cloudinit/run.sh b/fedora35-cloudinit/run.sh new file mode 100755 index 0000000..40a1119 --- /dev/null +++ b/fedora35-cloudinit/run.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +set -Eeuo pipefail + +VM="${VM:-fedora}" +BASEIMAGE="${BASEIMAGE:-https://download.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2}" +BACKINGSTORE="${BACKINGSTORE:-Fedora-Cloud-Base-35-1.2.x86_64.qcow2}" +OSINFO="fedora-35" + +if [ "$UID" != "0" ]; then + echo "Usage: sudo $0 [cleanup]" + exit 1 +fi + +if virsh list --all --name | grep -xqF "$VM"; then + echo "Cleaning up..." + virsh destroy "$VM" || true + virsh undefine "$VM" || true + rm -f "/var/lib/libvirt/images/$VM.qcow2" + sleep 1 +fi + +if [ "${1:-}" == "cleanup" ]; then + exit 0 +fi + +if [ ! -f "/var/lib/libvirt/images/$BACKINGSTORE" ]; then + echo "Downloading base image..." + curl -Lo "/var/lib/libvirt/images/$BACKINGSTORE" "$BASEIMAGE" +fi + +echo "Generating cloud-init.iso..." +cloud-localds "/var/lib/libvirt/images/$VM-cloud-init.iso" user-data.yaml + +virt-install --name "$VM" --autostart --import --noautoconsole \ + --cpu host-passthrough --vcpus 2 --ram 2048 \ + --os-variant "$OSINFO" \ + --disk "path=/var/lib/libvirt/images/$VM.qcow2,backing_store=/var/lib/libvirt/images/$BACKINGSTORE,size=10" \ + --disk "path=/var/lib/libvirt/images/$VM-cloud-init.iso,readonly=on,device=cdrom" \ + --network default \ + --graphics none --console pty,target.type=virtio --serial pty +sleep 1 +virsh console "$VM" diff --git a/fedora35-cloudinit/user-data.yaml b/fedora35-cloudinit/user-data.yaml new file mode 100644 index 0000000..b02a6d5 --- /dev/null +++ b/fedora35-cloudinit/user-data.yaml @@ -0,0 +1,27 @@ +#cloud-config + +resize_rootfs: true + +users: +- name: nicolas + gecos: Nicolas MASSE + groups: wheel + lock_passwd: false + # Password = "nicolas". Generated with "openssl passwd -6". + passwd: $6$lEBwC1lnRvLErO9A$lsb2i.3eTHj3PKV7uKryLROFOQMPDK/eKZXaLIoIk933JimDOPjCxn3F4gIu5ao9oQ4NFid7kQj/wUYJeVqoe. + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain + +packages: +- podman + +runcmd: +# Enable KVM virsh console access +- [ "systemctl", "enable", "serial-getty@ttyS0.service" ] +- [ "systemctl", "start", "--no-block", "serial-getty@ttyS0.service" ] +# Disable SSH password authentication +- [ "sed", "-i.post-install", "-e", "s/PasswordAuthentication yes/PasswordAuthentication no/", "/etc/ssh/sshd_config" ] +- [ "systemctl", "restart", "--no-block", "sshd" ] +# Enable sudo without password +- [ "sed", "-i.post-install", "-e", "s/^%wheel\tALL=(ALL)\tALL/%wheel ALL=(ALL) NOPASSWD: ALL/", "/etc/sudoers" ]