Skip to content

slapos
slapos
Commit 04c1af5e authored by Alain Takoudjou's avatar Alain Takoudjou
Browse files
Options

kvm: set authorized_file to download into guest vm

parent afdffb94
Hide whitespace changes
Inline Side-by-side
Showing with 46 additions and 3 deletions
software/kvm/common.cfg
View file @ 04c1af5e
...@@ -50,6 +50,7 @@ eggs = ...@@ -50,6 +50,7 @@ eggs =
erp5.util erp5.util
cns.recipe.symlink cns.recipe.symlink
collective.recipe.template collective.recipe.template
plone.recipe.command
[http-proxy] [http-proxy]
# https://github.com/nodejitsu/node-http-proxy # https://github.com/nodejitsu/node-http-proxy
...@@ -94,7 +95,7 @@ mode = 0644 ...@@ -94,7 +95,7 @@ mode = 0644
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2 url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2
mode = 644 mode = 644
md5sum = ba2be2e288c662b1566550132c0ca6a7 md5sum = 679c350a9570252dad1079ea1c80a6ec
download-only = true download-only = true
on-update = true on-update = true
...@@ -102,7 +103,7 @@ on-update = true ...@@ -102,7 +103,7 @@ on-update = true
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in
mode = 644 mode = 644
md5sum = c0c839198bd4450885de865570b6f406 md5sum = ea4302330452cb00c76f8a52e7e952eb
download-only = true download-only = true
on-update = true on-update = true
......
software/kvm/instance-kvm-cluster-input-schema.json
View file @ 04c1af5e
...@@ -122,6 +122,11 @@ ...@@ -122,6 +122,11 @@
}, },
"type": "object" "type": "object"
}, },
"authorized-key": {
"title": "Public key to put in all virtual machines.",
"description": "Set the public key to add in your virtual machine. The public key file will be available in the VM via url http://10.0.2.100/authorized_key if you keep the NAT interface enabled",
"type": "string"
},
"kvm-partition-dict": { "kvm-partition-dict": {
"title": "kvm instances definition", "title": "kvm instances definition",
"description": "kvm instances definition", "description": "kvm instances definition",
......
software/kvm/instance-kvm-cluster.cfg.jinja2.in
View file @ 04c1af5e
...@@ -30,6 +30,7 @@ config-frontend-instance-name = {{ instance_name ~ ' VNC Frontend' }} ...@@ -30,6 +30,7 @@ config-frontend-instance-name = {{ instance_name ~ ' VNC Frontend' }}
config-frontend-software-type = {{ dumps(frontend_dict.get('software-type', 'frontend')) }} config-frontend-software-type = {{ dumps(frontend_dict.get('software-type', 'frontend')) }}
config-frontend-software-url = {{ dumps(frontend_dict.get('software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/tags/slapos-0.92:/software/kvm/software.cfg')) }} config-frontend-software-url = {{ dumps(frontend_dict.get('software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/tags/slapos-0.92:/software/kvm/software.cfg')) }}
config-frontend-instance-guid = {{ dumps(frontend_dict.get('instance-guid', '')) }} config-frontend-instance-guid = {{ dumps(frontend_dict.get('instance-guid', '')) }}
config-authorized-key = {{ dumps(slapparameter_dict.get('authorized-key', '')) }}
config-nbd-port = {{ dumps(kvm_parameter_dict.get('nbd-port', 1024)) }} config-nbd-port = {{ dumps(kvm_parameter_dict.get('nbd-port', 1024)) }}
config-nbd-host = {{ dumps(kvm_parameter_dict.get('nbd-host', '')) }} config-nbd-host = {{ dumps(kvm_parameter_dict.get('nbd-host', '')) }}
config-nbd2-port = {{ dumps(kvm_parameter_dict.get('nbd-port2', 1024)) }} config-nbd2-port = {{ dumps(kvm_parameter_dict.get('nbd-port2', 1024)) }}
......
software/kvm/instance-kvm-input-schema.json
View file @ 04c1af5e
...@@ -136,6 +136,11 @@ ...@@ -136,6 +136,11 @@
"description": "List of rules for NAT of QEMU user mode network stack, as comma-separated list of ports. For each port specified, it will redirect port x of the VM (example: 80) to the port x + 10000 of the public IPv6 (example: 10080). Defaults to \"22 80 443\". Ignored if \"use-tap\" parameter is enabled.", "description": "List of rules for NAT of QEMU user mode network stack, as comma-separated list of ports. For each port specified, it will redirect port x of the VM (example: 80) to the port x + 10000 of the public IPv6 (example: 10080). Defaults to \"22 80 443\". Ignored if \"use-tap\" parameter is enabled.",
"type": "string" "type": "string"
}, },
"authorized-key": {
"title": "Public key to put in all virtual machines.",
"description": "Set the public key to add in your virtual machine. The public key file will be available in the VM via url http://10.0.2.100/authorized_keys if you keep the NAT interface enabled",
"type": "string"
},
"frontend-instance-guid": { "frontend-instance-guid": {
"title": "Frontend Instance ID", "title": "Frontend Instance ID",
"description": "Unique identifier of the frontend instance, like \"SOFTINST-11031\".", "description": "Unique identifier of the frontend instance, like \"SOFTINST-11031\".",
......
software/kvm/instance-kvm.cfg.jinja2
View file @ 04c1af5e
{% set enable_http = slapparameter_dict.get('enable-http-server', 'False') -%}
############################# #############################
# #
# Instanciate kvm # Instanciate kvm
...@@ -18,6 +19,7 @@ parts = ...@@ -18,6 +19,7 @@ parts =
{% if slapparameter_dict.get('enable-http-server', 'False') == 'True' %} {% if slapparameter_dict.get('enable-http-server', 'False') == 'True' %}
httpd httpd
httpd-promise httpd-promise
get-authorized-key
extends = extends =
{{ template_httpd_cfg }} {{ template_httpd_cfg }}
...@@ -272,13 +274,26 @@ nat-rule-url-{{port}} = [${slap-network-information:global-ipv6}]:{{external_por ...@@ -272,13 +274,26 @@ nat-rule-url-{{port}} = [${slap-network-information:global-ipv6}]:{{external_por
{% if slapparameter_dict.get('use-tap', 'False') == 'True' -%} {% if slapparameter_dict.get('use-tap', 'False') == 'True' -%}
tap-ipv4 = ${slap-network-information:tap-ipv4} tap-ipv4 = ${slap-network-information:tap-ipv4}
{% endif -%} {% endif -%}
{% set kvm_http = 'http://${slap-network-information:local-ipv4}:' ~ slapparameter_dict.get('httpd-port', 8081) -%}
{% if enable_http == 'True' %}
{% if slapparameter_dict.get('use-nat', 'True') == 'True' -%}
{% set kvm_http = 'http://10.0.2.100' -%}
{% endif %}
{% if slapparameter_dict.get('authorized-key', '') -%}
7_info = Get the publick key file in your VM with the command: wget {{ kvm_http }}/${get-authorized-key:filename}
{% endif %}
{% endif %}
{% if slapparameter_dict.get('use-tap', 'False') == 'True' and tap_network_dict.has_key('ipv4') -%} {% if slapparameter_dict.get('use-tap', 'False') == 'True' and tap_network_dict.has_key('ipv4') -%}
1_info = Use these configurations below to configure interface {{ iface }} in your VM. 1_info = Use these configurations below to configure interface {{ iface }} in your VM.
2_info = ${network-config:ifconfig} 2_info = ${network-config:ifconfig}
3_info = ${network-config:route-iface} 3_info = ${network-config:route-iface}
4_info = ${network-config:route-network} 4_info = ${network-config:route-network}
5_info = ${network-config:route-default} 5_info = ${network-config:route-default}
6_info = In your VM you can run the command: wget -O- http://10.0.2.100/netconfig.sh | /bin/sh - {% if enable_http == 'True' %}
6_info = Or run in your VM the command: wget -O- {{ kvm_http }}/netconfig.sh | /bin/sh -
{% endif %}
[network-config] [network-config]
recipe = plone.recipe.command recipe = plone.recipe.command
...@@ -290,6 +305,8 @@ route-network = route add -net ${slap-network-information:tap-network} netmask $ ...@@ -290,6 +305,8 @@ route-network = route add -net ${slap-network-information:tap-network} netmask $
route-default = route add default gw ${slap-network-information:tap-gateway} route-default = route add default gw ${slap-network-information:tap-gateway}
{% elif global_ipv4_prefix -%} {% elif global_ipv4_prefix -%}
route-default = ip route add {{ global_ipv4_prefix }} via ${slap-network-information:tap-gateway} dev {{ iface }} src ${slap-network-information:tap-ipv4} route-default = ip route add {{ global_ipv4_prefix }} via ${slap-network-information:tap-gateway} dev {{ iface }} src ${slap-network-information:tap-ipv4}
{% else -%}
route-default =
{% endif -%} {% endif -%}
command = command =
echo "#!/bin/sh" > ${:path} echo "#!/bin/sh" > ${:path}
...@@ -298,8 +315,19 @@ command = ...@@ -298,8 +315,19 @@ command =
echo "${:route-iface}" >> ${:path} echo "${:route-iface}" >> ${:path}
echo "${:route-network}" >> ${:path} echo "${:route-network}" >> ${:path}
echo "${:route-default}" >> ${:path} echo "${:route-default}" >> ${:path}
update-command = ${:command}
{% endif -%} {% endif -%}
[get-authorized-key]
recipe = plone.recipe.command
filename = authorized_keys
path = ${directory:public}/${:filename}
public-key = {{ slapparameter_dict.get('authorized-key', '') }}
command =
rm -f ${:path}
authorizedkey="${:public-key}"
echo "$authorizedkey" > ${:path}
update-command = ${:command}
[slap-parameter] [slap-parameter]
# Default values if not specified # Default values if not specified
...@@ -334,5 +362,8 @@ external-disk-number = 0 ...@@ -334,5 +362,8 @@ external-disk-number = 0
external-disk-size = 20 external-disk-size = 20
external-disk-format = qcow2 external-disk-format = qcow2
# Help to get some configuration files into the vm from http
enable-http-server = False enable-http-server = False
httpd-port = 8081 httpd-port = 8081
# for auto config, the public key file will be available in the VM via url http://10.0.2.100/authorized_key if use-nat = True
authorized-key =
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7