From b50abd6886a36e27c4763ee8e9df3d2584530efe Mon Sep 17 00:00:00 2001
From: Nicolas MASSE <nicolas.masse@itix.fr>
Date: Mon, 19 Apr 2021 16:33:05 +0200
Subject: [PATCH] bridged network

---
 bridged-network/README.md                    | 51 +++++++++++++++++++
 bridged-network/centos.tf                    | 53 ++++++++++++++++++++
 bridged-network/main.tf                      | 21 ++++++++
 bridged-network/patch.xslt                   | 25 +++++++++
 bridged-network/provider.tf                  |  2 +
 bridged-network/templates/cloud-init.cfg     | 21 ++++++++
 bridged-network/templates/network-config.cfg |  4 ++
 bridged-network/variables.tf                 | 40 +++++++++++++++
 8 files changed, 217 insertions(+)
 create mode 100644 bridged-network/README.md
 create mode 100644 bridged-network/centos.tf
 create mode 100644 bridged-network/main.tf
 create mode 100644 bridged-network/patch.xslt
 create mode 100644 bridged-network/provider.tf
 create mode 100644 bridged-network/templates/cloud-init.cfg
 create mode 100644 bridged-network/templates/network-config.cfg
 create mode 100644 bridged-network/variables.tf

diff --git a/bridged-network/README.md b/bridged-network/README.md
new file mode 100644
index 0000000..f079a5e
--- /dev/null
+++ b/bridged-network/README.md
@@ -0,0 +1,51 @@
+# Lab of Centos Machines
+
+Fetch the latest CentOS Stream 8 cloud image.
+
+```sh
+sudo curl -Lo /var/lib/libvirt/images/centos-stream-8.qcow2 http://cloud.centos.org/centos/8-stream/x86_64/images/CentOS-Stream-GenericCloud-8-20201217.0.x86_64.qcow2
+```
+
+Define a new network with VLANs.
+
+```xml
+<network>
+    <name>lab</name>
+    <forward mode="bridge" />
+    <bridge name="lab" />
+    <virtualport type='openvswitch'>
+    </virtualport>
+    <portgroup name='lab7' default='yes'>
+    </portgroup>
+    <portgroup name='lab8'>
+        <vlan>
+        <tag id='8'/>
+        </vlan>
+    </portgroup>
+    <portgroup name='lab16'>
+        <vlan>
+        <tag id='16'/>
+        </vlan>
+    </portgroup>
+</network>
+```
+
+Then, deploy the lab.
+
+```sh
+export LIBVIRT_DEFAULT_URI=qemu:///system
+terraform init
+terraform apply
+```
+
+Destroy the lab.
+
+```sh
+terraform destroy
+```
+
+Edit patch.xml and change the target portgroup to "lab8".
+
+```sh
+terraform apply -var centos_mac_format=02:01:08:00:08:%02x
+```
diff --git a/bridged-network/centos.tf b/bridged-network/centos.tf
new file mode 100644
index 0000000..e28e053
--- /dev/null
+++ b/bridged-network/centos.tf
@@ -0,0 +1,53 @@
+
+resource "libvirt_cloudinit_disk" "centos_cloudinit" {
+  name           = "centos-cloudinit.iso"
+  user_data      = file("${path.module}/templates/cloud-init.cfg")
+  network_config = file("${path.module}/templates/network-config.cfg")
+  pool           = var.pool_name
+}
+
+resource "libvirt_volume" "centos_disk" {
+  name             = "${format(var.centos_hostname_format, count.index + 1)}.${var.volume_format}"
+  count            = var.centos_machine_count
+  format           = var.volume_format
+  pool             = var.pool_name
+  base_volume_name = "${var.centos_image}.${var.volume_format}"
+}
+
+resource "libvirt_domain" "centos_machine" {
+  count      = var.centos_machine_count
+  name       = format(var.centos_hostname_format, count.index + 1)
+  vcpu       = "1"
+  memory     = "1024"
+  cloudinit  = libvirt_cloudinit_disk.centos_cloudinit.id
+  autostart  = false
+  qemu_agent = true
+
+  disk {
+    volume_id = element(libvirt_volume.centos_disk.*.id, count.index)
+  }
+
+  # Makes the tty0 available via `virsh console`
+  console {
+    type        = "pty"
+    target_port = "0"
+  }
+
+  network_interface {
+    network_name = var.network_name
+    mac          = format(var.centos_mac_format, count.index + var.centos_mac_start)
+
+    # When creating the domain resource, wait until the network interface gets
+    # a DHCP lease from libvirt, so that the computed IP addresses will be
+    # available when the domain is up and the plan applied.
+    wait_for_lease = true
+  }
+
+  xml {
+    xslt = file("${path.module}/patch.xslt")
+  }
+}
+
+locals {
+  centos_machines = { for i in libvirt_domain.centos_machine : i.name => i.network_interface.0.addresses[0] }
+}
diff --git a/bridged-network/main.tf b/bridged-network/main.tf
new file mode 100644
index 0000000..af86509
--- /dev/null
+++ b/bridged-network/main.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    libvirt = {
+      source  = "dmacvicar/libvirt"
+      version = ">=0.6.3"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = ">=2.0.0"
+    }
+    template = {
+      source  = "hashicorp/template"
+      version = ">=2.2.0"
+    }
+  }
+}
+
+output "machines" {
+  value = local.centos_machines
+}
diff --git a/bridged-network/patch.xslt b/bridged-network/patch.xslt
new file mode 100644
index 0000000..a07c9ad
--- /dev/null
+++ b/bridged-network/patch.xslt
@@ -0,0 +1,25 @@
+<?xml version="1.0" ?>
+<xsl:stylesheet version="1.0"
+                xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+  <xsl:output omit-xml-declaration="yes" indent="yes"/>
+
+  <!-- Target portgroup -->
+  <xsl:param name="portgroup" select="'lab7'"/>
+
+  <!-- XSLT Identity template -->
+  <xsl:template match="node()|@*">
+     <xsl:copy>
+       <xsl:apply-templates select="node()|@*"/>
+     </xsl:copy>
+  </xsl:template>
+
+  <!-- Put the NIC in the desired portgroup -->
+  <xsl:template match="/domain/devices/interface/source">
+    <xsl:copy>
+      <xsl:apply-templates select="@*|node()"/>
+      <xsl:attribute name="portgroup">
+        <xsl:value-of select="$portgroup"/>
+      </xsl:attribute>
+    </xsl:copy>
+  </xsl:template>
+</xsl:stylesheet>
diff --git a/bridged-network/provider.tf b/bridged-network/provider.tf
new file mode 100644
index 0000000..48c5537
--- /dev/null
+++ b/bridged-network/provider.tf
@@ -0,0 +1,2 @@
+provider "libvirt" {
+}
\ No newline at end of file
diff --git a/bridged-network/templates/cloud-init.cfg b/bridged-network/templates/cloud-init.cfg
new file mode 100644
index 0000000..0a54f29
--- /dev/null
+++ b/bridged-network/templates/cloud-init.cfg
@@ -0,0 +1,21 @@
+#cloud-config
+# vim: syntax=yaml
+
+users:
+- name: nicolas
+  gecos: Nicolas MASSE
+  groups: wheel
+  lock_passwd: false
+  # Generate encrypted password with "openssl passwd -6"
+  #passwd: $6$abc...xyz.0
+  ssh_authorized_keys:
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas.masse@itix.fr
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@redhat.com
+
+runcmd:
+# Enable KVM virsh console access
+- [ "systemctl", "enable", "serial-getty@ttyS0.service" ]
+- [ "systemctl", "start", "--no-block", "serial-getty@ttyS0.service" ]
+- [ "sed", "-i.post-install", "-e", "s/PasswordAuthentication yes/PasswordAuthentication no/", "/etc/ssh/sshd_config" ]
+- [ "systemctl", "restart", "sshd" ]
+- [ "sed", "-i.post-install", "-e", "s/^%wheel\tALL=(ALL)\tALL/%wheel  ALL=(ALL)       NOPASSWD: ALL/", "/etc/sudoers" ]
diff --git a/bridged-network/templates/network-config.cfg b/bridged-network/templates/network-config.cfg
new file mode 100644
index 0000000..39ca322
--- /dev/null
+++ b/bridged-network/templates/network-config.cfg
@@ -0,0 +1,4 @@
+version: 2
+ethernets:
+  eth0:
+    dhcp4: true
\ No newline at end of file
diff --git a/bridged-network/variables.tf b/bridged-network/variables.tf
new file mode 100644
index 0000000..feb15d5
--- /dev/null
+++ b/bridged-network/variables.tf
@@ -0,0 +1,40 @@
+
+variable "centos_machine_count" {
+  type    = number
+  default = 1
+}
+
+variable "pool_name" {
+  type    = string
+  default = "default"
+}
+
+variable "volume_format" {
+  type    = string
+  default = "qcow2"
+}
+
+variable "centos_hostname_format" {
+  type    = string
+  default = "centos-%02d"
+}
+
+variable "centos_image" {
+  type    = string
+  default = "centos-stream-8"
+}
+
+variable "network_name" {
+  type    = string
+  default = "lab"
+}
+
+variable "centos_mac_format" {
+  type    = string
+  default = "02:01:07:00:07:%02x"
+}
+
+variable "centos_mac_start" {
+  type    = number
+  default = 10
+}