Add kvmhelpers (#581)

* add kvm creation scripts. remove patch files from kvmhelpers fix lint issues * fix linting error related to double quoting and redirection * h was specified but not handled by case * as suggested by linting, handle unhandled cases * replace !-z with -n * double quote to prevent globbing * double quote to prevent globbing again * replace !-z with -n * double quote to prevent globbing * replace !-z with -n * fix Not following: ./GUESTBRIDGE-vars.sh: openBinaryFile: does not exist (No such file or directory) * double quote to prevent globbing * double quote to prevent globbing * double quote to prevent globbing * double quote to prevent globbing * add shebang * adding export because of linting complaint appears unused. Verify use (or export if used externally). * fix Not following: ./GUESTBRIDGE-vars.sh: openBinaryFile: does not exist (No such file or directory) * double quote to prevent globbing * double quote to prevent globbing * To redirect stdout+stderr, 2>&1 must be last * fix some linting issues in kvmhelpers dir * remove unnecessary shell lint checks Co-authored-by: Arthur Wolf <[email protected]> Co-authored-by: Amit Sagtani <[email protected]>
wireapp · Nov 18, 2022 · 1a21958 · 1a21958
1 parent bd53add
commit 1a21958
Show file tree

Hide file tree

Showing 12 changed files with 890 additions and 0 deletions.
diff --git a/bin/newvm.sh b/bin/newvm.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+usage() { echo "Usage: $0 usage:" && grep ") \#" "$0" && echo "        <VM name>" 1>&2; exit 1; }
+
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+while getopts ":qm:d:c:" o; do
+    case "${o}" in
+	d) # set amount of disk, in gigabytes
+	    d=${OPTARG}
+	    ;;
+	m) # set amount of memory, in megabytes
+	    m=${OPTARG}
+	    ;;
+	c) # set amount of CPU cores.
+	    c=${OPTARG}
+	    ;;
+	q) # use qemu instead of kvm.
+	    q=1
+        ;;
+    *) # un-handled cases
+        usage 
+        ;;
+    esac
+done
+shift $((OPTIND-1))
+
+if [ -z "${d}" ] || [ -z "${m}" ]; then
+    echo "here"
+    usage
+fi
+
+VM_NAME=$1
+
+if [ -n "$2" ]; then
+    echo "ERROR: too many arguments!" 1>&2
+    usage
+fi
+
+if [ -z "$VM_NAME" ]; then
+    echo "ERROR: no VM name specified?" 1>&2
+    usage
+fi
+
+if [ ! -f ubuntu.iso ]; then
+    echo "ERROR: no ubuntu.iso found in $SCRIPT_DIR" 1>&2
+    echo "no actions performed."
+    exit 1
+fi
+
+if [ ! -d "./kvmhelpers" ]; then
+    echo "ERROR: could not find kvmhelpers directory." 1>&2
+    echo "no actions performed."
+    exit 1
+fi
+
+if [ -d "$VM_NAME" ]; then
+    echo "ERROR: directory for vm $VM_NAME already exists." 1>&2
+    echo "no actions performed."
+    exit 1
+fi
+
+echo "disk size = ${d} gigabytes"
+echo "memory = ${m} megabytes"
+echo "CPUs: ${c}"
+echo "hostname: $VM_NAME"
+if [ -n "$q" ]; then
+    echo "USE QEMU"
+fi
+
+# exit 0
+
+mkdir "$VM_NAME"
+cp ./kvmhelpers/* "$VM_NAME"/
+qemu-img create "$VM_NAME"/drive-c.img "${d}"G
+sed -i "s/MEM=.*/MEM=${m}/" "$VM_NAME"/start_kvm.sh
+sed -i "s@CDROM=.*@CDROM=../ubuntu.iso@" "$VM_NAME"/start_kvm.sh
+sed -i "s/^eth1=/#eth1=/" "$VM_NAME"/start_kvm.sh
+sed -i "s/^CPUS=.*/CPUS=${c}/" "$VM_NAME"/start_kvm.sh
+sed -i 's/\(.*\)CURSES=.*/\1CURSES="-nographic -device sga"/' "$VM_NAME"/start_kvm.sh
+
+if [ -n "$q" ]; then
+    echo "forcing QEMU."
+    sed -i "s=/usr/bin/kvm=/usr/bin/qemu-system-x86_64=" "$VM_NAME"/start_kvm.sh
+fi
diff --git a/kvmhelpers/GUESTBRIDGE-down.sh b/kvmhelpers/GUESTBRIDGE-down.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+sh ./GUESTBRIDGE-vars.sh
+
+$SUDO "$IP" link set "$1" down promisc off
+#$SUDO $IFCONFIG $1 0.0.0.0 promisc down
+
+# remove ourself from the bridge.
+$SUDO "$BRCTL" delif "$BRIDGE" "$1"
+
+# this script is not responsible for destroying the tap device.
+#ip tuntap del dev $1
+
+BRIDGEDEV=$($SUDO "$BRCTL" show | grep -E ^"$BRIDGE" | grep tap)
+
+if [ -z "$BRIDGEDEV" ]; then
+    {
+        # we are the last one out. burn the bridge.
+        $SUDO "$IFCONFIG" "$BRIDGE" down
+        $SUDO "$BRCTL" delif "$BRIDGE" "$1"
+        $SUDO "$BRCTL" delbr "$BRIDGE"
+    }
+fi
diff --git a/kvmhelpers/GUESTBRIDGE-vars.sh b/kvmhelpers/GUESTBRIDGE-vars.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# The bridge shared by all VMs. if you change this, you should probably reboot.
+BRIDGE=br1
+export BRIDGE
+
+# The paths to binaries we use for bringing up and down the interface.
+BRCTL="/sbin/brctl"
+export BRCTL
+
+IP="/sbin/ip"
+export IP
+
+IFCONFIG="/sbin/ifconfig"
+export IFCONFIG
+
+SUDO="/usr/bin/sudo"
+export SUDO
+
+# none of the rest of this should matter.
+
+# The IP of the host system, on the host<->VM network. where we should provide services (dhcp, dns, ...) that the VMs can see.
+#BRIDGEIP=172.16.0.1
+# The broadcast address for the above network.
+#BRIDGEBROADCAST=172.16.0.255
+
+# 0 for true.
+# manage ISC DHCPD
+USEDHCP=1
+export USEDHCP
+
+# manage BIND
+USEDNS=1
+export USEDNS
+
+# Whether to assign an IP and use ufw to provide internet to the VMs using HOSTBRIDGE.
+HOSTROUTE=1
+export HOSTROUTE
+
diff --git a/kvmhelpers/GUESTBRIDGE.sh b/kvmhelpers/GUESTBRIDGE.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+USER=$(whoami)
+
+{
+
+    sh ./GUESTBRIDGE-vars.sh
+
+    BRIDGEDEV=$($BRCTL show | grep -E ^"$BRIDGE")
+
+    if [ -n "$BRIDGEDEV" ]; then
+        {
+            $SUDO "$BRCTL" addif "$BRIDGE" "$1"
+            $SUDO "$IP" link set "$1" up promisc on
+        }
+    else
+        {
+            $SUDO "$BRCTL" addbr "$BRIDGE"
+            if [ "$HOSTROUTE" -eq "0" ]; then
+                $SUDO "$IP" addr add "$BRIDGEIP"/24 broadcast "$BRIDGEBROADCAST" dev "$BRIDGE"
+            fi
+            $SUDO "$BRCTL" stp "$BRIDGE" off
+            #	$SUDO $IP tuntap add dev $1 mode tap user $USER
+            $SUDO "$IP" link set "$1" up promisc on
+            $SUDO "$BRCTL" addif "$BRIDGE" "$1"
+            $SUDO "$IP" link set "$BRIDGE" up
+            if [ "$USEDHCP" -eq "0" ]; then
+                $SUDO service isc-dhcp-server stop
+                $SUDO service isc-dhcp-server start
+                # workaround arno and fail2ban not working well together.
+                #            $SUDO service fail2ban stop
+                #            $SUDO service fail2ban start
+            fi
+            if [ "$USEDNS" -eq "0" ]; then
+                $SUDO service bind9 restart
+            fi
+        }
+    fi
+
+    if [ "$HOSTROUTE" -eq "0" ]; then
+        # Allow VMs to use ip masquerading on the host to contact the internet, as well as to have port forwards.
+        $SUDO service ufw restart
+    fi
+
+    echo "Bridge ifup completed."
+} > tapbridge.ifup 2>&1 
diff --git a/kvmhelpers/HOSTBRIDGE-down.sh b/kvmhelpers/HOSTBRIDGE-down.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+# shellcheck disable=SC1091
+
+. ./HOSTBRIDGE-vars.sh
+
+$SUDO "$IP" link set "$1" down promisc off
+#$SUDO $IFCONFIG $1 0.0.0.0 promisc down
+
+# remove ourself from the bridge.
+$SUDO "$BRCTL" delif "$BRIDGE" "$1"
+
+# this script is not responsible for destroying the tap device.
+#ip tuntap del dev $1
+
+BRIDGEDEV=$($SUDO "$BRCTL" show | grep -E ^"$BRIDGE" | grep tap)
+
+if [ -z "$BRIDGEDEV" ]; then
+    {
+        # we are the last one out. burn the bridge.
+        $SUDO "$IFCONFIG" "$BRIDGE" down
+        $SUDO "$BRCTL" delif "$BRIDGE" "$1"
+        $SUDO "$BRCTL" delbr "$BRIDGE"
+    }
+fi
diff --git a/kvmhelpers/HOSTBRIDGE-vars.sh b/kvmhelpers/HOSTBRIDGE-vars.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+# The bridge shared by all VMs using HOSTBRIDGE. if you change this, you should probably reboot.
+export BRIDGE=br0
+
+# The IP of the host system, on the host<->VM network. where we should provide services (dhcp, dns, ...) that the VMs can see.
+export BRIDGEIP=172.16.0.1
+# The broadcast address for the above network.
+export BRIDGEBROADCAST=172.16.0.255
+
+# 0 for true.
+# manage ISC DHCPD
+export USEDHCP=1
+# manage BIND
+export USEDNS=1
+# manage DNSMASQ
+export USEDNSMASQ=0
+
+# Whether to assign an IP and use ufw to provide internet to the VMs using HOSTBRIDGE.
+export HOSTROUTE=0
+
+# The paths to binaries we use for bringing up and down the interface.
+export BRCTL="/sbin/brctl"
+export IP="/sbin/ip"
+export IFCONFIG="/sbin/ifconfig"
+export SUDO="/usr/bin/sudo"
diff --git a/kvmhelpers/HOSTBRIDGE.sh b/kvmhelpers/HOSTBRIDGE.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+# shellcheck disable=SC1091
+
+USER=$(whoami)
+
+{
+
+    . ./HOSTBRIDGE-vars.sh
+
+    BRIDGEDEV=$($BRCTL show | grep -E ^"$BRIDGE")
+
+    if [ -n "$BRIDGEDEV" ]; then
+        {
+            $SUDO "$BRCTL" addif "$BRIDGE" "$1"
+            $SUDO "$IP" link set "$1" up promisc on
+        }
+    else
+        {
+            $SUDO "$BRCTL" addbr "$BRIDGE"
+            if [ "$HOSTROUTE" -eq "0" ]; then
+                $SUDO "$IP" addr add "$BRIDGEIP"/24 broadcast "$BRIDGEBROADCAST" dev "$BRIDGE"
+            fi
+            $SUDO "$BRCTL" stp "$BRIDGE" off
+            #	$SUDO $IP tuntap add dev $1 mode tap user $USER
+            $SUDO "$IP" link set "$1" up promisc on
+            $SUDO "$BRCTL" addif "$BRIDGE" "$1"
+            $SUDO "$IP" link set "$BRIDGE" up
+            if [ "$USEDNSMASQ" -eq "0" ]; then
+                $SUDO service dnsmasq restart
+            fi
+            if [ "$USEDHCP" -eq "0" ]; then
+                $SUDO service isc-dhcp-server stop
+                $SUDO service isc-dhcp-server start
+                # workaround arno and fail2ban not working well together.
+                #            $SUDO service fail2ban stop
+                #            $SUDO service fail2ban start
+            fi
+            if [ "$USEDNS" -eq "0" ]; then
+                $SUDO service bind9 restart
+            fi
+        }
+    fi
+
+    if [ "$HOSTROUTE" -eq "0" ]; then
+        # Allow VMs to use ip masquerading on the host to contact the internet, as well as to have port forwards.
+        $SUDO service ufw restart
+    fi
+
+    echo "Bridge ifup completed."
+}  >tapbridge.ifup 2>&1