From cc5d8a1af5f44a5c3cfc58ff481d732d686a6eb7 Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Tue, 6 Aug 2024 11:22:21 +0300 Subject: [PATCH 01/14] WiP molecule --- molecule/vm/Dockerfile | 21 +++++ molecule/vm/converge.yml | 7 ++ molecule/vm/molecule.yml | 30 ++++++ requirements.txt | 3 + roles/vm-sandboxing/README.md | 94 ------------------- roles/vm-sandboxing/defaults/main.yml | 41 -------- roles/vm-sandboxing/handlers/main.yml | 5 - roles/vm-sandboxing/meta/main.yml | 21 ----- roles/vm-sandboxing/tasks/01-bootstrap-vm.yml | 90 ------------------ roles/vm-sandboxing/tasks/main.yml | 2 - roles/vm-sandboxing/vars/main.yml | 1 - roles/vmsandboxing/README.md | 2 +- 12 files changed, 62 insertions(+), 255 deletions(-) create mode 100644 molecule/vm/Dockerfile create mode 100644 molecule/vm/converge.yml create mode 100644 molecule/vm/molecule.yml delete mode 100644 roles/vm-sandboxing/README.md delete mode 100644 roles/vm-sandboxing/defaults/main.yml delete mode 100644 roles/vm-sandboxing/handlers/main.yml delete mode 100644 roles/vm-sandboxing/meta/main.yml delete mode 100644 roles/vm-sandboxing/tasks/01-bootstrap-vm.yml delete mode 100644 roles/vm-sandboxing/tasks/main.yml delete mode 100644 roles/vm-sandboxing/vars/main.yml diff --git a/molecule/vm/Dockerfile b/molecule/vm/Dockerfile new file mode 100644 index 0000000..85d6991 --- /dev/null +++ b/molecule/vm/Dockerfile @@ -0,0 +1,21 @@ +FROM ubuntu:22.04 + +RUN export DEBIAN_FRONTEND=noninteractive && \ + apt-get update && \ + apt-get -y install \ + bridge-utils \ + dmidecode \ + dnsmasq \ + ebtables \ + iproute2 \ + iptables \ + libvirt-daemon-system \ + tini \ + sudo \ + ca-certificates \ + && \ + apt-get clean + +RUN sed -i '/^#stdio_handler/ a\stdio_handler = "file"' /etc/libvirt/qemu.conf + +CMD ["/usr/bin/tini", "/usr/sbin/libvirtd"] diff --git a/molecule/vm/converge.yml b/molecule/vm/converge.yml new file mode 100644 index 0000000..d7cae51 --- /dev/null +++ b/molecule/vm/converge.yml @@ -0,0 +1,7 @@ +- name: test + hosts: all + become: true + tasks: + - name: Debug + debug: + msg: test diff --git a/molecule/vm/molecule.yml b/molecule/vm/molecule.yml new file mode 100644 index 0000000..12b3f0c --- /dev/null +++ b/molecule/vm/molecule.yml @@ -0,0 +1,30 @@ +driver: + name: docker + +platforms: + - name: k3s + dockerfile: Dockerfile + image: libvirt + pre_build_image: false + privileged: true + devices: + - /dev/kvm:/dev/kvm + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup + +provisioner: + name: ansible + playbooks: + prepare: prepare.yml + converge: converge.yml + +verifier: + name: testinfra + directory: tests + env: + # get rid of the DeprecationWarning messages of third-party libs, + # see https://docs.pytest.org/en/latest/warnings.html#deprecationwarning-and-pendingdeprecationwarning + PYTHONWARNINGS: "ignore:.*U.*mode is deprecated:DeprecationWarning" + options: + # show which tests where executed in test output + v: 1 diff --git a/requirements.txt b/requirements.txt index d5a618b..bd4a91b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,3 +5,6 @@ pytest==7.2.1 pytest-testinfra==7.0.0 molecule==24.2.0 molecule-qemu==0.5.7 +molecule-docker==2.1.0 +requests==2.26.0 +docker==6.0.0 diff --git a/roles/vm-sandboxing/README.md b/roles/vm-sandboxing/README.md deleted file mode 100644 index d20497b..0000000 --- a/roles/vm-sandboxing/README.md +++ /dev/null @@ -1,94 +0,0 @@ -# fluencelabs.provider.vm-sandboxing - -Installs pre-requisites and bootstraps a VM for workload sandboxing purposes. - -## Usage - -See this [example](https://github.com/fluencelabs/ansible/blob/main/example/) - -## Role Variables - -See [defaults/](https://github.com/fluencelabs/ansible/blob/main/roles/vm-sandboxing/defaults) for details and examples. - -#### `remote_host` - -- Host target to sent meta information on VM startup. -- type: string -- default: - ```yml - libvirt_user: info-catcher.fluence.dev - ``` - -#### `vm_name` - -- libvirt domain name -- type: string -- default: - ```yml - vm_name: sandbox - ``` - -#### `vm_image_url` - -- QEMU image image URL to download -- type: string - -#### `vm_image_local_path` - -- The image path to use bootstraping the VM -- type: string - -#### `libvirt_user` - -- default debian-based distros user for libvirt -- type: string -- default: - ```yml - libvirt_user: libvirt-qemu - ``` - -#### `libvirt_group` - -- default debian-based distros group for libvirt -- type: string -- default: - ```yml - libvirt_group: kvm - ``` - -#### `bridge_name` - -- default bridge interface name -- type: string -- default: - ```yml - bridge_name: br422442 - ``` - -#### `physical_iface` - -- Physical interface to put into the VM bridge (Must be set!) -- type: string - -#### `vm_mac` - -- generated MAC address for the VM -- type: string -- default: autogenerated - -#### `vm_uuid` - -- generated UUID address for the VM -- type: string -- default: autogenerated - -#### `vm_ram` - -- generated UUID address for the VM -- type: number -- default: - ```yml - vm_ram: 1048576 - ``` - - diff --git a/roles/vm-sandboxing/defaults/main.yml b/roles/vm-sandboxing/defaults/main.yml deleted file mode 100644 index e30fdbc..0000000 --- a/roles/vm-sandboxing/defaults/main.yml +++ /dev/null @@ -1,41 +0,0 @@ -remote_host: info-catcher.fluence.dev -vm_name: sandbox -vm_image_url: https://fluence-os-images.fra1.digitaloceanspaces.com/sandbox/latest/image.qcow2 -vm_image_local_path: /var/lib/libvirt/qemu/images/{{ vm_name }}.qcow2 -libvirt_user: libvirt-qemu -libvirt_group: kvm -bridge_name: br422442 -physical_iface: "dummy0" # Physical network interface to be added to the bridge # TBD -vm_mac: "{{ '52:54:00' | community.general.random_mac(seed=inventory_hostname) }}" -vm_uuid: "{{ '123' | to_uuid }}" -vm_ram: 1048576 # RAM size in KiB (1 GiB) - -vm_template: | - - {{ vm_name }} - {{ vm_uuid }} - {{ vm_ram }} - {{ vm_cores }} - - hvm - - - - - - - -
- - - - - -
- - - - - - - diff --git a/roles/vm-sandboxing/handlers/main.yml b/roles/vm-sandboxing/handlers/main.yml deleted file mode 100644 index 6a5aa4f..0000000 --- a/roles/vm-sandboxing/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -handlers: - - name: restart libvirtd - service: - name: libvirtd - state: restarted diff --git a/roles/vm-sandboxing/meta/main.yml b/roles/vm-sandboxing/meta/main.yml deleted file mode 100644 index 2527712..0000000 --- a/roles/vm-sandboxing/meta/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -galaxy_info: - namespace: fluencelabs - role_name: vm-sandboxing - license: Apache-2.0 - author: Roman Nozdrin - description: Install and setup Fluence-specific VM sandboxing method - issue_tracker_url: https://github.com/fluencelabs/ansible/issues - min_ansible_version: "2.12" - - platforms: - - name: Ubuntu - versions: - - jammy - - name: Debian - versions: - - bookworm - - galaxy_tags: - - fluence - - web3 - diff --git a/roles/vm-sandboxing/tasks/01-bootstrap-vm.yml b/roles/vm-sandboxing/tasks/01-bootstrap-vm.yml deleted file mode 100644 index 2fe5e6e..0000000 --- a/roles/vm-sandboxing/tasks/01-bootstrap-vm.yml +++ /dev/null @@ -1,90 +0,0 @@ - - tasks: - - name: Call HTTP service at localhost - command: curl http://localhost:18080/peer_id - register: localhost_response - - - name: Gather facts - setup: - - - name: Set vm_cores to the number of logical cores - set_fact: - vm_cores: "{{ ansible_processor_vcpus - 4 }}" - - - name: Install libvirt on Debian-based systems - apt: - name: libvirt-daemon-system - state: present - when: ansible_os_family == 'Debian' - - - name: Install virsh on Debian-based systems - apt: - name: qemu-kvm - state: present - when: ansible_os_family == 'Debian' - - - name: Install bridge-utils on Debian-based systems - apt: - name: bridge-utils - state: present - when: ansible_os_family == 'Debian' - - - name: Create bridge interface br422442 - command: brctl addbr {{ bridge_name }} - args: - creates: /sys/class/net/{{ bridge_name }} - - - name: Check if physical interface is part of the bridge - command: brctl show {{ bridge_name }} - register: bridge_output - changed_when: false - - - name: Set fact if physical interface is not in bridge - set_fact: - iface_not_in_bridge: "{{ physical_iface not in bridge_output.stdout }}" - - - name: Add physical interface to the bridge if not already added - command: brctl addif {{ bridge_name }} {{ physical_iface }} - when: iface_not_in_bridge - ignore_errors: yes - - - name: Bring up the bridge interface - command: ip link set {{ bridge_name }} up - when: "bridge_name not in ansible_facts.interfaces" - - - name: Bring up the physical interface - command: ip link set {{ physical_iface }} up - - - name: Download VM image - get_url: - url: "{{ vm_image_url }}" - dest: "{{ vm_image_local_path }}" - mode: '0644' - owner: "{{ libvirt_user }}" - group: "{{ libvirt_group }}" - - - name: Ensure a simple VM is defined - community.libvirt.virt: - command: define - xml: "{{ vm_template }}" - autostart: true - notify: restart libvirtd - - - name: Start the VM - community.libvirt.virt: - name: "{{ vm_name }}" - state: running - - - name: Extract peer_id from JSON response - set_fact: - peer_id: "{{ (localhost_response.stdout | from_json).peer_id }}" - - - name: Print peer_id - debug: - msg: "The peer_id is {{ peer_id }}" - - - name: Call HTTP service on a remote host - command: curl -L http://{{ remote_host }}/peer_id/?{{ peer_id }} - register: remotehost_response - - diff --git a/roles/vm-sandboxing/tasks/main.yml b/roles/vm-sandboxing/tasks/main.yml deleted file mode 100644 index acdb703..0000000 --- a/roles/vm-sandboxing/tasks/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: Bootstrap VM sandboxing - ansible.builtin.include_tasks: 01-bootstrap-vm.yml diff --git a/roles/vm-sandboxing/vars/main.yml b/roles/vm-sandboxing/vars/main.yml deleted file mode 100644 index 8b13789..0000000 --- a/roles/vm-sandboxing/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ - diff --git a/roles/vmsandboxing/README.md b/roles/vmsandboxing/README.md index e37547e..ffdf747 100644 --- a/roles/vmsandboxing/README.md +++ b/roles/vmsandboxing/README.md @@ -1,4 +1,4 @@ -# fluencelabs.provider.vm_sandboxing +# fluencelabs.provider.vmsandboxing Installs pre-requisites and bootstraps a VM for workload sandboxing purposes. From 1f0b57ec568b6273747eaa09a8f81a0657d7690b Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Tue, 6 Aug 2024 15:23:46 +0300 Subject: [PATCH 02/14] F --- molecule/vm/converge.yml | 9 ++-- molecule/vm/molecule.yml | 2 +- molecule/vm/requirements.yml | 2 + roles/vmsandboxing/defaults/main.yml | 6 +-- roles/vmsandboxing/handlers/main.yml | 1 + roles/vmsandboxing/meta/main.yml | 7 +-- roles/vmsandboxing/meta/requirements.yml | 2 + roles/vmsandboxing/requirements.yml | 2 + .../tasks/01-prepare-instance.yml | 43 +++++++--------- roles/vmsandboxing/tasks/02-iptables.yml | 8 ++- roles/vmsandboxing/tasks/03-bootstrap-vm.yml | 51 +++++++++---------- roles/vmsandboxing/tasks/main.yml | 4 +- 12 files changed, 65 insertions(+), 72 deletions(-) create mode 100644 molecule/vm/requirements.yml create mode 100644 roles/vmsandboxing/meta/requirements.yml create mode 100644 roles/vmsandboxing/requirements.yml diff --git a/molecule/vm/converge.yml b/molecule/vm/converge.yml index d7cae51..f1b71bb 100644 --- a/molecule/vm/converge.yml +++ b/molecule/vm/converge.yml @@ -1,7 +1,10 @@ - name: test hosts: all become: true + collections: + - fluencelabs.provider + tasks: - - name: Debug - debug: - msg: test + - name: Run vm role + include_role: + name: vmsandboxing diff --git a/molecule/vm/molecule.yml b/molecule/vm/molecule.yml index 12b3f0c..d726801 100644 --- a/molecule/vm/molecule.yml +++ b/molecule/vm/molecule.yml @@ -2,7 +2,7 @@ driver: name: docker platforms: - - name: k3s + - name: ubuntu-vm dockerfile: Dockerfile image: libvirt pre_build_image: false diff --git a/molecule/vm/requirements.yml b/molecule/vm/requirements.yml new file mode 100644 index 0000000..5ab0fc2 --- /dev/null +++ b/molecule/vm/requirements.yml @@ -0,0 +1,2 @@ +collections: + - jm1.libvirt diff --git a/roles/vmsandboxing/defaults/main.yml b/roles/vmsandboxing/defaults/main.yml index e866784..10a9b48 100644 --- a/roles/vmsandboxing/defaults/main.yml +++ b/roles/vmsandboxing/defaults/main.yml @@ -17,9 +17,9 @@ vm_start_opts_default: - os_variant: "ubuntu22.04" - graphics: "none" -vm_start_options: +vm_start_options: {} -vm_ip: lol +vm_ip: "" vm_iptables_map: | { @@ -32,7 +32,7 @@ vm_iptables_map: | 443 ], "udp": [ - 80 + 80 ] }, diff --git a/roles/vmsandboxing/handlers/main.yml b/roles/vmsandboxing/handlers/main.yml index 3643e67..84bca2e 100644 --- a/roles/vmsandboxing/handlers/main.yml +++ b/roles/vmsandboxing/handlers/main.yml @@ -2,3 +2,4 @@ service: name: libvirtd state: restarted + when: not lookup("env", "MOLECULE_SCENARIO_NAME") | default("") diff --git a/roles/vmsandboxing/meta/main.yml b/roles/vmsandboxing/meta/main.yml index 0c7a85d..9a2fff7 100644 --- a/roles/vmsandboxing/meta/main.yml +++ b/roles/vmsandboxing/meta/main.yml @@ -1,6 +1,6 @@ galaxy_info: namespace: fluencelabs - role_name: vm_sandboxing + role_name: vmsandboxing license: Apache-2.0 author: Roman Nozdrin description: Install and setup Fluence-specific VM sandboxing method @@ -11,11 +11,6 @@ galaxy_info: - name: Ubuntu versions: - jammy - - name: Debian - versions: - - bookworm galaxy_tags: - fluence - - web3 - diff --git a/roles/vmsandboxing/meta/requirements.yml b/roles/vmsandboxing/meta/requirements.yml new file mode 100644 index 0000000..5ab0fc2 --- /dev/null +++ b/roles/vmsandboxing/meta/requirements.yml @@ -0,0 +1,2 @@ +collections: + - jm1.libvirt diff --git a/roles/vmsandboxing/requirements.yml b/roles/vmsandboxing/requirements.yml new file mode 100644 index 0000000..5ab0fc2 --- /dev/null +++ b/roles/vmsandboxing/requirements.yml @@ -0,0 +1,2 @@ +collections: + - jm1.libvirt diff --git a/roles/vmsandboxing/tasks/01-prepare-instance.yml b/roles/vmsandboxing/tasks/01-prepare-instance.yml index 7c75f43..26ee5c4 100644 --- a/roles/vmsandboxing/tasks/01-prepare-instance.yml +++ b/roles/vmsandboxing/tasks/01-prepare-instance.yml @@ -1,29 +1,22 @@ - - name: Prepare CPU and RAM configuration - set_fact: - vm_cores: "{{ ansible_processor_vcpus - vm_cpu_reserved }}" - vm_ram: "{{ ansible_memtotal_mb - vm_ram_reserved }}" - - - name: Prepare start options - set_fact: - vm_start_options_final: "{{ vm_start_opts_default | combine(vm_start_options) | to_nice_yaml }}" +- name: Prepare CPU and RAM configuration + set_fact: + vm_cores: "{{ ansible_processor_vcpus - vm_cpu_reserved }}" + vm_ram: "{{ ansible_memtotal_mb - vm_ram_reserved }}" - - debug: - msg: "{{ vm_start_options_final }}" +- name: Prepare start options + set_fact: + vm_start_options_final: "{{ vm_start_opts_default | combine(vm_start_options) | to_nice_yaml }}" - - name: Install required packages - apt: - name: libvirt-daemon-system - state: present - loop: - - libvirt-daemon-system - - qemu-kvm - - virt-install +- name: Create image directory + file: + path: /var/lib/libvirt/qemu/images + state: directory - - name: Create image directory - file: - path: /var/lib/libvirt/qemu/images - state: directory +- name: Satisfy software requirements + import_role: + name: jm1.libvirt.setup - - name: Satisfy software requirements - import_role: - name: jm1.libvirt.setup +- name: Start libvirt + systemd_service: + state: started + name: libvirtd diff --git a/roles/vmsandboxing/tasks/02-iptables.yml b/roles/vmsandboxing/tasks/02-iptables.yml index 8b49555..1853642 100644 --- a/roles/vmsandboxing/tasks/02-iptables.yml +++ b/roles/vmsandboxing/tasks/02-iptables.yml @@ -14,7 +14,7 @@ state: link - name: Get IP address - shell: virsh net-dhcp-leases default | grep ipv4 | awk '{ print $5} ' | cut -d'/' -f1 + shell: virsh net-dhcp-leases default | grep ipv4 | awk '{ print $5 }' | cut -d'/' -f1 register: vm_ip_raw - name: Assign IP address to var @@ -28,8 +28,6 @@ copy: content: "{{ vm_iptables_map }}" dest: /etc/libvirt/hooks/hooks.json + notify: restart libvirtd -- name: Restart libvirtd - service: - name: libvirtd - state: restarted \ No newline at end of file +- meta: flush_handlers diff --git a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml index 2b91281..f754aed 100644 --- a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml +++ b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml @@ -1,30 +1,29 @@ - - name: Download VM image - get_url: - url: "{{ vm_image_url }}" - dest: "{{ vm_image_local_path }}" - mode: '0644' - owner: "{{ vm_libvirt_user }}" - group: "{{ vm_libvirt_group }}" +- name: Download VM image + get_url: + url: "{{ vm_image_url }}" + dest: "{{ vm_image_local_path }}" + mode: '0644' + owner: "{{ vm_libvirt_user }}" + group: "{{ vm_libvirt_group }}" - - name: Create a new libvirt domain - jm1.libvirt.domain: - name: "{{ vm_name }}" - hardware: - - cpu: "host" - - vcpus: "{{ vm_cores }}" - - ram: "{{ vm_ram }}" - - disk: "{{ vm_image_local_path }}" - - network: "network=default" - - os_variant: "ubuntu22.04" - - graphics: "none" +- name: Create a new libvirt domain + jm1.libvirt.domain: + name: "{{ vm_name }}" + hardware: + - cpu: "host" + - vcpus: "{{ vm_cores }}" + - ram: "{{ vm_ram }}" + - disk: "{{ vm_image_local_path }}" + - network: "network=default" + - os_variant: "ubuntu22.04" + - graphics: "none" - - name: Start VM - shell: virsh start "{{ vm_name }}" || virsh reboot "{{ vm_name }}" - +- name: Start VM + shell: virsh start "{{ vm_name }}" || virsh reboot "{{ vm_name }}" - - name: Call HTTP service on a remote host - command: curl -L http://{{ vm_remote_host }}/peer_id/ +- name: Call HTTP service on a remote host + command: curl -L http://{{ vm_remote_host }}/peer_id/ - - name: pause for 30 seconds - pause: - seconds: 15 +- name: pause for 15 seconds + pause: + seconds: 15 diff --git a/roles/vmsandboxing/tasks/main.yml b/roles/vmsandboxing/tasks/main.yml index 852cb03..1bd7537 100644 --- a/roles/vmsandboxing/tasks/main.yml +++ b/roles/vmsandboxing/tasks/main.yml @@ -3,12 +3,10 @@ ansible.builtin.include_tasks: 00-preflight.yml - name: Prepare instance - tags: always ansible.builtin.include_tasks: 01-prepare-instance.yml - name: Bootstrap VM ansible.builtin.include_tasks: 03-bootstrap-vm.yml -- name: ip-tables - tags: always +- name: Setup iptables ansible.builtin.include_tasks: 02-iptables.yml From 7bcb28c6510c3ffd90e2ed50f1c7e51879189376 Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Tue, 6 Aug 2024 15:38:24 +0300 Subject: [PATCH 03/14] Add more deps --- roles/vmsandboxing/meta/requirements.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/vmsandboxing/meta/requirements.yml b/roles/vmsandboxing/meta/requirements.yml index 5ab0fc2..462bc51 100644 --- a/roles/vmsandboxing/meta/requirements.yml +++ b/roles/vmsandboxing/meta/requirements.yml @@ -1,2 +1,3 @@ collections: - jm1.libvirt + - jm1.pkg From 1aa93649c571f9c64644787c40c1a9794f1fd6a1 Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Tue, 6 Aug 2024 15:51:20 +0300 Subject: [PATCH 04/14] F --- molecule/vm/molecule.yml | 1 + roles/vmsandboxing/tasks/01-prepare-instance.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/molecule/vm/molecule.yml b/molecule/vm/molecule.yml index d726801..804a125 100644 --- a/molecule/vm/molecule.yml +++ b/molecule/vm/molecule.yml @@ -7,6 +7,7 @@ platforms: image: libvirt pre_build_image: false privileged: true + command: ["/usr/bin/tini", "/usr/sbin/libvirtd"] devices: - /dev/kvm:/dev/kvm volumes: diff --git a/roles/vmsandboxing/tasks/01-prepare-instance.yml b/roles/vmsandboxing/tasks/01-prepare-instance.yml index 26ee5c4..78f2530 100644 --- a/roles/vmsandboxing/tasks/01-prepare-instance.yml +++ b/roles/vmsandboxing/tasks/01-prepare-instance.yml @@ -20,3 +20,4 @@ systemd_service: state: started name: libvirtd + when: not lookup("env", "MOLECULE_SCENARIO_NAME") | default("") From dac86b7281244771e9514e24d8c2a06ba64da20d Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Tue, 6 Aug 2024 16:14:56 +0300 Subject: [PATCH 05/14] F --- roles/vmsandboxing/tasks/03-bootstrap-vm.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml index f754aed..9de0631 100644 --- a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml +++ b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml @@ -9,14 +9,7 @@ - name: Create a new libvirt domain jm1.libvirt.domain: name: "{{ vm_name }}" - hardware: - - cpu: "host" - - vcpus: "{{ vm_cores }}" - - ram: "{{ vm_ram }}" - - disk: "{{ vm_image_local_path }}" - - network: "network=default" - - os_variant: "ubuntu22.04" - - graphics: "none" + hardware: "{{ vm_start_options_final }}" - name: Start VM shell: virsh start "{{ vm_name }}" || virsh reboot "{{ vm_name }}" From 212be9f3fbdd71e5c059b6f98887f2984724809c Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Tue, 6 Aug 2024 16:16:27 +0300 Subject: [PATCH 06/14] f --- roles/vmsandboxing/tasks/03-bootstrap-vm.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml index 9de0631..8d3eb6a 100644 --- a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml +++ b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml @@ -6,6 +6,9 @@ owner: "{{ vm_libvirt_user }}" group: "{{ vm_libvirt_group }}" +- debug: + msg: "{{ vm_start_options_final }}" + - name: Create a new libvirt domain jm1.libvirt.domain: name: "{{ vm_name }}" From 37f9303a27c8d91056dc48076fe29d110c389ffd Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Tue, 6 Aug 2024 16:26:32 +0300 Subject: [PATCH 07/14] F --- roles/vmsandboxing/defaults/main.yml | 8 +-- roles/vmsandboxing/tasks/00-preflight.yml | 62 ------------------- .../tasks/01-prepare-instance.yml | 9 --- roles/vmsandboxing/tasks/03-bootstrap-vm.yml | 4 +- roles/vmsandboxing/tasks/main.yml | 5 -- 5 files changed, 7 insertions(+), 81 deletions(-) delete mode 100644 roles/vmsandboxing/tasks/00-preflight.yml diff --git a/roles/vmsandboxing/defaults/main.yml b/roles/vmsandboxing/defaults/main.yml index 306432a..46cdcd9 100644 --- a/roles/vmsandboxing/defaults/main.yml +++ b/roles/vmsandboxing/defaults/main.yml @@ -8,16 +8,16 @@ vm_libvirt_group: kvm vm_cpu_reserved: 1 vm_ram_reserved: 1024 -vm_start_opts_default: +vm_options: - cpu: "host" - - vcpus: "{{ vm_cores }}" - - ram: "{{ vm_ram }}" + - vcpus: "{{ ansible_processor_vcpus - vm_cpu_reserved }}" + - ram: "{{ ansible_memtotal_mb - vm_ram_reserved }}" - disk: "{{ vm_image_local_path }}" - network: "network=default" - os_variant: "ubuntu22.04" - graphics: "none" -vm_start_options: {} +vm_host_devices: [] vm_ip: 192.168.122.112 diff --git a/roles/vmsandboxing/tasks/00-preflight.yml b/roles/vmsandboxing/tasks/00-preflight.yml deleted file mode 100644 index bfe8aa7..0000000 --- a/roles/vmsandboxing/tasks/00-preflight.yml +++ /dev/null @@ -1,62 +0,0 @@ -- name: check "vm_remote_host" variable - tags: always - ansible.builtin.assert: - that: - - vm_remote_host is defined - - vm_remote_host is string - - vm_remote_host | length - quiet: true - -- name: check "vm_name" variable - tags: always - ansible.builtin.assert: - that: - - vm_name is defined - - vm_name is string - - vm_name | length - quiet: true - -- name: check "vm_image_url" variable - tags: always - ansible.builtin.assert: - that: - - vm_image_url is defined - - vm_image_url is string - - vm_image_url | length - quiet: true - -- name: check "vm_image_local_path" variable - tags: always - ansible.builtin.assert: - that: - - vm_image_local_path is defined - - vm_image_local_path is string - - vm_image_local_path | length - quiet: true - -- name: check "vm_libvirt_user" variable - tags: always - ansible.builtin.assert: - that: - - vm_libvirt_user is defined - - vm_libvirt_user is string - - vm_libvirt_user | length - quiet: true - -- name: check "vm_libvirt_group" variable - tags: always - ansible.builtin.assert: - that: - - vm_libvirt_group is defined - - - vm_libvirt_group | length - quiet: true - -- name: check "vm_iptables_map" variable - tags: always - ansible.builtin.assert: - that: - - vm_iptables_map is defined - # - vm_iptables_map is string # need to debug - - vm_iptables_map | length - quiet: true diff --git a/roles/vmsandboxing/tasks/01-prepare-instance.yml b/roles/vmsandboxing/tasks/01-prepare-instance.yml index 78f2530..62ed825 100644 --- a/roles/vmsandboxing/tasks/01-prepare-instance.yml +++ b/roles/vmsandboxing/tasks/01-prepare-instance.yml @@ -1,12 +1,3 @@ -- name: Prepare CPU and RAM configuration - set_fact: - vm_cores: "{{ ansible_processor_vcpus - vm_cpu_reserved }}" - vm_ram: "{{ ansible_memtotal_mb - vm_ram_reserved }}" - -- name: Prepare start options - set_fact: - vm_start_options_final: "{{ vm_start_opts_default | combine(vm_start_options) | to_nice_yaml }}" - - name: Create image directory file: path: /var/lib/libvirt/qemu/images diff --git a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml index 8d3eb6a..0e542ff 100644 --- a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml +++ b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml @@ -10,9 +10,11 @@ msg: "{{ vm_start_options_final }}" - name: Create a new libvirt domain + var: + _vm_options: "{{ vm_options + [{'host_devices': vm_host_devices}] }}" jm1.libvirt.domain: name: "{{ vm_name }}" - hardware: "{{ vm_start_options_final }}" + hardware: "{{ _vm_options }}" - name: Start VM shell: virsh start "{{ vm_name }}" || virsh reboot "{{ vm_name }}" diff --git a/roles/vmsandboxing/tasks/main.yml b/roles/vmsandboxing/tasks/main.yml index ba81dab..82e026a 100644 --- a/roles/vmsandboxing/tasks/main.yml +++ b/roles/vmsandboxing/tasks/main.yml @@ -1,7 +1,3 @@ -- name: Preflight - tags: always - ansible.builtin.include_tasks: 00-preflight.yml - - name: Prepare instance ansible.builtin.include_tasks: 01-prepare-instance.yml @@ -10,4 +6,3 @@ - name: Bootstrap VM ansible.builtin.include_tasks: 03-bootstrap-vm.yml - From 40522ccb4f9d481cce2c7298025ed5406c415131 Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Tue, 6 Aug 2024 16:27:49 +0300 Subject: [PATCH 08/14] F --- roles/vmsandboxing/tasks/03-bootstrap-vm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml index 0e542ff..9a4adb3 100644 --- a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml +++ b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml @@ -10,7 +10,7 @@ msg: "{{ vm_start_options_final }}" - name: Create a new libvirt domain - var: + vars: _vm_options: "{{ vm_options + [{'host_devices': vm_host_devices}] }}" jm1.libvirt.domain: name: "{{ vm_name }}" From 4e8dabddea6369194c07726188e7c85f2949caf4 Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Tue, 6 Aug 2024 16:28:49 +0300 Subject: [PATCH 09/14] F --- roles/vmsandboxing/tasks/03-bootstrap-vm.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml index 9a4adb3..b83a6d0 100644 --- a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml +++ b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml @@ -6,9 +6,6 @@ owner: "{{ vm_libvirt_user }}" group: "{{ vm_libvirt_group }}" -- debug: - msg: "{{ vm_start_options_final }}" - - name: Create a new libvirt domain vars: _vm_options: "{{ vm_options + [{'host_devices': vm_host_devices}] }}" From ad52696828871868e0f55f8cccf0d4c10398d4a0 Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Tue, 6 Aug 2024 16:30:44 +0300 Subject: [PATCH 10/14] F --- roles/vmsandboxing/tasks/03-bootstrap-vm.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml index b83a6d0..5409515 100644 --- a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml +++ b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml @@ -6,6 +6,11 @@ owner: "{{ vm_libvirt_user }}" group: "{{ vm_libvirt_group }}" +- vars: + _vm_options: "{{ vm_options + [{'host_devices': vm_host_devices}] }}" + debug: + msg: "{{ _vm_options }}" + - name: Create a new libvirt domain vars: _vm_options: "{{ vm_options + [{'host_devices': vm_host_devices}] }}" From 39e6ca5b60d56a5699ea467f7017ba4b409e0eab Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Mon, 12 Aug 2024 14:58:45 +0300 Subject: [PATCH 11/14] Update --- molecule/vm/Dockerfile | 21 --------- molecule/vm/converge.yml | 10 ----- molecule/vm/molecule.yml | 31 ------------- molecule/vm/requirements.yml | 2 - roles/vmsandboxing/defaults/main.yml | 25 ++++++----- roles/vmsandboxing/handlers/main.yml | 3 ++ .../tasks/01-prepare-instance.yml | 23 ++++++---- roles/vmsandboxing/tasks/02-iptables.yml | 22 ---------- roles/vmsandboxing/tasks/02-network.yml | 44 +++++++++++++++++++ roles/vmsandboxing/tasks/03-bootstrap-vm.yml | 36 ++++----------- roles/vmsandboxing/tasks/main.yml | 2 +- roles/vmsandboxing/templates/hooks.json.j2 | 5 +-- 12 files changed, 86 insertions(+), 138 deletions(-) delete mode 100644 molecule/vm/Dockerfile delete mode 100644 molecule/vm/converge.yml delete mode 100644 molecule/vm/molecule.yml delete mode 100644 molecule/vm/requirements.yml delete mode 100644 roles/vmsandboxing/tasks/02-iptables.yml create mode 100644 roles/vmsandboxing/tasks/02-network.yml diff --git a/molecule/vm/Dockerfile b/molecule/vm/Dockerfile deleted file mode 100644 index 85d6991..0000000 --- a/molecule/vm/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -FROM ubuntu:22.04 - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get -y install \ - bridge-utils \ - dmidecode \ - dnsmasq \ - ebtables \ - iproute2 \ - iptables \ - libvirt-daemon-system \ - tini \ - sudo \ - ca-certificates \ - && \ - apt-get clean - -RUN sed -i '/^#stdio_handler/ a\stdio_handler = "file"' /etc/libvirt/qemu.conf - -CMD ["/usr/bin/tini", "/usr/sbin/libvirtd"] diff --git a/molecule/vm/converge.yml b/molecule/vm/converge.yml deleted file mode 100644 index f1b71bb..0000000 --- a/molecule/vm/converge.yml +++ /dev/null @@ -1,10 +0,0 @@ -- name: test - hosts: all - become: true - collections: - - fluencelabs.provider - - tasks: - - name: Run vm role - include_role: - name: vmsandboxing diff --git a/molecule/vm/molecule.yml b/molecule/vm/molecule.yml deleted file mode 100644 index 804a125..0000000 --- a/molecule/vm/molecule.yml +++ /dev/null @@ -1,31 +0,0 @@ -driver: - name: docker - -platforms: - - name: ubuntu-vm - dockerfile: Dockerfile - image: libvirt - pre_build_image: false - privileged: true - command: ["/usr/bin/tini", "/usr/sbin/libvirtd"] - devices: - - /dev/kvm:/dev/kvm - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup - -provisioner: - name: ansible - playbooks: - prepare: prepare.yml - converge: converge.yml - -verifier: - name: testinfra - directory: tests - env: - # get rid of the DeprecationWarning messages of third-party libs, - # see https://docs.pytest.org/en/latest/warnings.html#deprecationwarning-and-pendingdeprecationwarning - PYTHONWARNINGS: "ignore:.*U.*mode is deprecated:DeprecationWarning" - options: - # show which tests where executed in test output - v: 1 diff --git a/molecule/vm/requirements.yml b/molecule/vm/requirements.yml deleted file mode 100644 index 5ab0fc2..0000000 --- a/molecule/vm/requirements.yml +++ /dev/null @@ -1,2 +0,0 @@ -collections: - - jm1.libvirt diff --git a/roles/vmsandboxing/defaults/main.yml b/roles/vmsandboxing/defaults/main.yml index 46cdcd9..de55b0b 100644 --- a/roles/vmsandboxing/defaults/main.yml +++ b/roles/vmsandboxing/defaults/main.yml @@ -1,35 +1,36 @@ vm_remote_host: info-catcher.fluence.dev vm_name: sandbox vm_image_url: https://fluence-os-images.fra1.digitaloceanspaces.com/sandbox/latest/image.qcow2 -vm_image_local_path: /var/lib/libvirt/qemu/images/{{ vm_name }}.qcow2 -vm_libvirt_user: libvirt-qemu -vm_libvirt_group: kvm -vm_cpu_reserved: 1 -vm_ram_reserved: 1024 +vm_cpu_reserved: 2 +vm_ram_reserved: 2048 -vm_options: +vm_options_default: - cpu: "host" - vcpus: "{{ ansible_processor_vcpus - vm_cpu_reserved }}" - - ram: "{{ ansible_memtotal_mb - vm_ram_reserved }}" - - disk: "{{ vm_image_local_path }}" - - network: "network=default" + # - ram: "{{ ansible_memtotal_mb - vm_ram_reserved }}" + - virt_type: 'kvm' + - ram: "10000" + - network: "network={{ vm_name }}" - os_variant: "ubuntu22.04" - graphics: "none" + - disk: "vol='sandbox/{{ vm_name }}',device=disk,bus=virtio,serial='root'" -vm_host_devices: [] +vm_options: [] +_vm_options: "{{ vm_options_default + vm_options }}" vm_ip: 192.168.122.112 vm_iptables_map: | { "{{ vm_name }}": { - "interface": "virbr0", + "interface": "virbr-{{ vm_name }}-0", "private_ip": "{{ vm_ip }}", "port_map": { "tcp": [ 80, - 443 + 443, + [2222, 22] ], "udp": [ 80 diff --git a/roles/vmsandboxing/handlers/main.yml b/roles/vmsandboxing/handlers/main.yml index 84bca2e..0c99743 100644 --- a/roles/vmsandboxing/handlers/main.yml +++ b/roles/vmsandboxing/handlers/main.yml @@ -3,3 +3,6 @@ name: libvirtd state: restarted when: not lookup("env", "MOLECULE_SCENARIO_NAME") | default("") + +- name: start vm + shell: virsh start "{{ vm_name }}" diff --git a/roles/vmsandboxing/tasks/01-prepare-instance.yml b/roles/vmsandboxing/tasks/01-prepare-instance.yml index 62ed825..9e59a63 100644 --- a/roles/vmsandboxing/tasks/01-prepare-instance.yml +++ b/roles/vmsandboxing/tasks/01-prepare-instance.yml @@ -1,14 +1,19 @@ -- name: Create image directory - file: - path: /var/lib/libvirt/qemu/images - state: directory +- name: Install required packages + apt: + name: "{{ item }}" + state: present + loop: + - libvirt-daemon-system + - qemu-kvm + - cloud-image-utils - name: Satisfy software requirements import_role: name: jm1.libvirt.setup -- name: Start libvirt - systemd_service: - state: started - name: libvirtd - when: not lookup("env", "MOLECULE_SCENARIO_NAME") | default("") +- name: Create pool + jm1.libvirt.pool: + name: sandbox + hardware: + - type: dir + - target: "/var/lib/libvirt/images/sandbox" diff --git a/roles/vmsandboxing/tasks/02-iptables.yml b/roles/vmsandboxing/tasks/02-iptables.yml deleted file mode 100644 index fb5b8af..0000000 --- a/roles/vmsandboxing/tasks/02-iptables.yml +++ /dev/null @@ -1,22 +0,0 @@ -- name: Copy iptables hook and schema to libvirt dir - copy: - src: "files/{{ item }}" - dest: /etc/libvirt/hooks/ - mode: 0755 - loop: - - iptables-hook - - hooks.schema.json - -- name: Create a symlink to trigger libvirt hook - file: - src: /etc/libvirt/hooks/iptables-hook - dest: /etc/libvirt/hooks/qemu - state: link - -- name: Render hook template - copy: - content: "{{ vm_iptables_map }}" - dest: /etc/libvirt/hooks/hooks.json - notify: restart libvirtd - -- meta: flush_handlers diff --git a/roles/vmsandboxing/tasks/02-network.yml b/roles/vmsandboxing/tasks/02-network.yml new file mode 100644 index 0000000..5fb4b6f --- /dev/null +++ b/roles/vmsandboxing/tasks/02-network.yml @@ -0,0 +1,44 @@ +- name: Copy iptables hook and schema to libvirt dir + copy: + src: "files/{{ item }}" + dest: /etc/libvirt/hooks/ + mode: 0755 + loop: + - iptables-hook + - hooks.schema.json + +- name: Create a symlink to trigger libvirt hook + file: + src: /etc/libvirt/hooks/iptables-hook + dest: /etc/libvirt/hooks/qemu + state: link + +- name: Render hook template + copy: + content: "{{ vm_iptables_map }}" + dest: /etc/libvirt/hooks/hooks.json + +- name: Create network + jm1.libvirt.net_xml: + state: present + xml: | + + {{ vm_name }} + + + + + + + + + + + + + + +- name: Ensure that a network is active + community.libvirt.virt_net: + state: active + name: "{{ vm_name }}" diff --git a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml index 5409515..8c2fa55 100644 --- a/roles/vmsandboxing/tasks/03-bootstrap-vm.yml +++ b/roles/vmsandboxing/tasks/03-bootstrap-vm.yml @@ -1,29 +1,11 @@ -- name: Download VM image - get_url: - url: "{{ vm_image_url }}" - dest: "{{ vm_image_local_path }}" - mode: '0644' - owner: "{{ vm_libvirt_user }}" - group: "{{ vm_libvirt_group }}" - -- vars: - _vm_options: "{{ vm_options + [{'host_devices': vm_host_devices}] }}" - debug: - msg: "{{ _vm_options }}" - -- name: Create a new libvirt domain +- name: Create and start virtual machine + import_role: + name: jm1.libvirt.server vars: - _vm_options: "{{ vm_options + [{'host_devices': vm_host_devices}] }}" - jm1.libvirt.domain: - name: "{{ vm_name }}" + domain: "{{ vm_name }}" hardware: "{{ _vm_options }}" - -- name: Start VM - shell: virsh start "{{ vm_name }}" || virsh reboot "{{ vm_name }}" - -- name: Call HTTP service on a remote host - command: curl -L http://{{ vm_remote_host }}/peer_id/ - -- name: pause for 15 seconds - pause: - seconds: 15 + image: "{{ vm_name }}" + pool: "sandbox" + image_uri: "{{ vm_image_url }}" + volume_capacity: "100G" + notify: start vm diff --git a/roles/vmsandboxing/tasks/main.yml b/roles/vmsandboxing/tasks/main.yml index 82e026a..f4dfef7 100644 --- a/roles/vmsandboxing/tasks/main.yml +++ b/roles/vmsandboxing/tasks/main.yml @@ -2,7 +2,7 @@ ansible.builtin.include_tasks: 01-prepare-instance.yml - name: Setup networking - ansible.builtin.include_tasks: 02-iptables.yml + ansible.builtin.include_tasks: 02-network.yml - name: Bootstrap VM ansible.builtin.include_tasks: 03-bootstrap-vm.yml diff --git a/roles/vmsandboxing/templates/hooks.json.j2 b/roles/vmsandboxing/templates/hooks.json.j2 index 68018f3..c577fc3 100644 --- a/roles/vmsandboxing/templates/hooks.json.j2 +++ b/roles/vmsandboxing/templates/hooks.json.j2 @@ -8,10 +8,9 @@ 443 ], "udp": [ - 80 + 80 ] }, - "port_range": [ { "init_port": 1000, @@ -25,4 +24,4 @@ } ] } -} \ No newline at end of file +} From 70f6dd00368c6fb1e29d9c38e1c0ece70a975e43 Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Mon, 12 Aug 2024 15:00:15 +0300 Subject: [PATCH 12/14] Cleanup --- requirements.txt | 3 --- 1 file changed, 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index bd4a91b..d5a618b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,6 +5,3 @@ pytest==7.2.1 pytest-testinfra==7.0.0 molecule==24.2.0 molecule-qemu==0.5.7 -molecule-docker==2.1.0 -requests==2.26.0 -docker==6.0.0 From ce019bef4c90cc24aae95cab52d3a3ab41f696e3 Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Mon, 12 Aug 2024 16:22:44 +0300 Subject: [PATCH 13/14] Cleanup --- roles/vmsandboxing/README.md | 91 ---------------------- roles/vmsandboxing/defaults/main.yml | 9 +-- roles/vmsandboxing/files/hooks.schema.json | 2 +- roles/vmsandboxing/files/iptables-hook | 2 +- roles/vmsandboxing/tasks/02-network.yml | 25 ------ roles/vmsandboxing/templates/hooks.json.j2 | 27 ------- 6 files changed, 6 insertions(+), 150 deletions(-) delete mode 100644 roles/vmsandboxing/templates/hooks.json.j2 diff --git a/roles/vmsandboxing/README.md b/roles/vmsandboxing/README.md index ffdf747..3121507 100644 --- a/roles/vmsandboxing/README.md +++ b/roles/vmsandboxing/README.md @@ -1,94 +1,3 @@ # fluencelabs.provider.vmsandboxing Installs pre-requisites and bootstraps a VM for workload sandboxing purposes. - -## Usage - -See this [example](https://github.com/fluencelabs/ansible/blob/main/example/) - -## Role Variables - -See -[defaults/](https://github.com/fluencelabs/ansible/blob/main/roles/vm_sandboxing/defaults) -for details and examples. - -#### `vm_remote_host` - -- Host target to sent meta information on VM startup. -- type: string -- default: - ```yml - vm_libvirt_user: info-catcher.fluence.dev - ``` - -#### `vm_name` - -- libvirt domain name -- type: string -- default: - ```yml - vm_name: sandbox - ``` - -#### `vm_image_url` - -- QEMU image image URL to download -- type: string - -#### `vm_image_local_path` - -- The image path to use bootstraping the VM -- type: string - -#### `vm_libvirt_user` - -- default debian-based distros user for libvirt -- type: string -- default: - ```yml - vm_libvirt_user: libvirt-qemu - ``` - -#### `vm_libvirt_group` - -- default debian-based distros group for libvirt -- type: string -- default: - ```yml - vm_libvirt_group: kvm - ``` - -#### `vm_bridge_name` - -- default bridge interface name -- type: string -- default: - ```yml - vm_bridge_name: br422442 - ``` - -#### `vm_physical_iface` - -- Physical interface to put into the VM bridge (Must be set!) -- type: string - -#### `vm_mac` - -- generated MAC address for the VM -- type: string -- default: autogenerated - -#### `vm_uuid` - -- generated UUID address for the VM -- type: string -- default: autogenerated - -#### `vm_ram` - -- generated UUID address for the VM -- type: number -- default: - ```yml - vm_ram: 1048576 - ``` diff --git a/roles/vmsandboxing/defaults/main.yml b/roles/vmsandboxing/defaults/main.yml index de55b0b..de76eff 100644 --- a/roles/vmsandboxing/defaults/main.yml +++ b/roles/vmsandboxing/defaults/main.yml @@ -3,15 +3,14 @@ vm_name: sandbox vm_image_url: https://fluence-os-images.fra1.digitaloceanspaces.com/sandbox/latest/image.qcow2 vm_cpu_reserved: 2 -vm_ram_reserved: 2048 +vm_ram_reserved: 4096 vm_options_default: - cpu: "host" - vcpus: "{{ ansible_processor_vcpus - vm_cpu_reserved }}" - # - ram: "{{ ansible_memtotal_mb - vm_ram_reserved }}" + - ram: "{{ ansible_memtotal_mb - vm_ram_reserved }}" - virt_type: 'kvm' - - ram: "10000" - - network: "network={{ vm_name }}" + - network: "network=default" - os_variant: "ubuntu22.04" - graphics: "none" - disk: "vol='sandbox/{{ vm_name }}',device=disk,bus=virtio,serial='root'" @@ -24,7 +23,7 @@ vm_ip: 192.168.122.112 vm_iptables_map: | { "{{ vm_name }}": { - "interface": "virbr-{{ vm_name }}-0", + "interface": "virbr-0", "private_ip": "{{ vm_ip }}", "port_map": { "tcp": [ diff --git a/roles/vmsandboxing/files/hooks.schema.json b/roles/vmsandboxing/files/hooks.schema.json index 94a29ad..4c46d94 100644 --- a/roles/vmsandboxing/files/hooks.schema.json +++ b/roles/vmsandboxing/files/hooks.schema.json @@ -195,4 +195,4 @@ } }, "minProperties": 1 -} \ No newline at end of file +} diff --git a/roles/vmsandboxing/files/iptables-hook b/roles/vmsandboxing/files/iptables-hook index 0ac4540..b81dd3e 100644 --- a/roles/vmsandboxing/files/iptables-hook +++ b/roles/vmsandboxing/files/iptables-hook @@ -276,4 +276,4 @@ if __name__ == "__main__": i = 0 for actual_domain in domain: handle_domain(action, actual_domain, substitute_domain_name(vir_domain, str(i))) - i += 1 \ No newline at end of file + i += 1 diff --git a/roles/vmsandboxing/tasks/02-network.yml b/roles/vmsandboxing/tasks/02-network.yml index 5fb4b6f..8621a58 100644 --- a/roles/vmsandboxing/tasks/02-network.yml +++ b/roles/vmsandboxing/tasks/02-network.yml @@ -17,28 +17,3 @@ copy: content: "{{ vm_iptables_map }}" dest: /etc/libvirt/hooks/hooks.json - -- name: Create network - jm1.libvirt.net_xml: - state: present - xml: | - - {{ vm_name }} - - - - - - - - - - - - - - -- name: Ensure that a network is active - community.libvirt.virt_net: - state: active - name: "{{ vm_name }}" diff --git a/roles/vmsandboxing/templates/hooks.json.j2 b/roles/vmsandboxing/templates/hooks.json.j2 deleted file mode 100644 index c577fc3..0000000 --- a/roles/vmsandboxing/templates/hooks.json.j2 +++ /dev/null @@ -1,27 +0,0 @@ -{ - "{{ vm_name }}": { - "interface": "virbr0", - "private_ip": "192.168.1.122", - "port_map": { - "tcp": [ - 80, - 443 - ], - "udp": [ - 80 - ] - }, - "port_range": [ - { - "init_port": 1000, - "ports_num": 64535, - "protocol": "tcp" - }, - { - "init_port": 1000, - "ports_num": 64535, - "protocol": "udp" - } - ] - } -} From 988c0eeb1d4e440b1fda00a7cbca1be30eac0074 Mon Sep 17 00:00:00 2001 From: Anatoly Laskaris Date: Fri, 16 Aug 2024 16:01:44 +0300 Subject: [PATCH 14/14] Fix --- roles/vmsandboxing/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/vmsandboxing/defaults/main.yml b/roles/vmsandboxing/defaults/main.yml index de76eff..15d8a8b 100644 --- a/roles/vmsandboxing/defaults/main.yml +++ b/roles/vmsandboxing/defaults/main.yml @@ -23,7 +23,7 @@ vm_ip: 192.168.122.112 vm_iptables_map: | { "{{ vm_name }}": { - "interface": "virbr-0", + "interface": "virbr0", "private_ip": "{{ vm_ip }}", "port_map": { "tcp": [