kvm: generate script file for vm network onfiguration

a535dd9f · Alain Takoudjou · a468c598 · a535dd9f · a535dd9f · a535dd9f
Commit a535dd9f authored Apr 28, 2015 by Alain Takoudjou
5 changed files
--- a/slapos/recipe/kvm/template/kvm_run.in
+++ b/slapos/recipe/kvm/template/kvm_run.in
@@ -45,6 +45,7 @@ disk_storage_list = """%(disk-storage-list)s""".split('\n')
 map_storage_list = []
 etc_directory = '%(etc-directory)s'.strip()
 httpd_port = %(httpd-port)s
+netcat_bin = '%(netcat-binary)s'.strip()

 def md5Checksum(file_path):
    with open(file_path, 'rb') as fh:
@@ -198,6 +199,9 @@ if use_nat == 'True':
  number += 1
  rules = 'user,id=lan%%s,' %% number + ','.join('hostfwd=tcp:%%s:%%s-:%%s' %% (listen_ip,
                        int(port) + 10000, port) for port in nat_rules.split())
+  if httpd_port > 0:
+    rules += ',guestfwd=tcp:10.0.2.100:80-cmd:%%s %%s %%s' %% (netcat_bin,
+                                                        listen_ip, httpd_port)
  nat_network_parameter = ['-netdev', rules,
          '-device', 'e1000,netdev=lan%%s,mac=%%s' %% (number, mac_address)]
 if use_tap == 'True':
@@ -234,11 +238,6 @@ if tap_network_parameter == [] and nat_network_parameter == []:
 else:
  kvm_argument_list += nat_network_parameter + tap_network_parameter

-if httpd_port > 1000:
-  kvm_argument_list.extend([
-  '-net', 'nic', '-net', 'user,guestfwd=tcp:10.0.2.100:80-cmd:netcat %%s %%s' %% (
-      listen_ip, httpd_port)])
-
 for disk in additional_disk_list:
  kvm_argument_list.extend([
            '-drive', 'file=%%s,if=%%s' %% (disk, disk_type)])

--- a/software/kvm/common.cfg
+++ b/software/kvm/common.cfg
@@ -11,6 +11,7 @@ extends =
  ../../component/noVNC/buildout.cfg
  ../../component/openssl/buildout.cfg
  ../../component/dcron/buildout.cfg
+  ../../component/netcat/buildout.cfg
  ../../stack/slapos.cfg
  ../../stack/nodejs.cfg
  ../../stack/resilient/buildout.cfg
@@ -85,7 +86,7 @@ command =
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg.in
-md5sum = 5ec81de2b77e32b572f2aa3efd6434a5
+md5sum = ba30f71c132c600d7d5a884d2090b36b
 output = ${buildout:directory}/template.cfg
 mode = 0644

@@ -93,7 +94,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2
 mode = 644
-md5sum = 3ea9f211a51ea5e463bf462ed3e16ffb
+md5sum = 44e05f2df3ccca0e0287cb65899360e9
 download-only = true
 on-update = true

@@ -171,7 +172,7 @@ recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/template/apache.conf.in
 mode = 644
 filename = apache.conf.in
-md5sum = 5abb319093d639afc3d32252dbe1d90d
+md5sum = 91f05377aff35ffbac7f2687e90b5dcc
 download-only = true
 on-update = true


--- a/software/kvm/instance-kvm.cfg.jinja2
+++ b/software/kvm/instance-kvm.cfg.jinja2
@@ -40,6 +40,7 @@ promises = ${:etc}/promise
 novnc-conf = ${:etc}/novnc
 run = ${:var}/run
 ca-dir = ${:srv}/ssl
+public = ${:srv}/public/
 cron-entries = ${:etc}/cron.d
 crontabs = ${:etc}/crontabs
 cronstamps = ${:etc}/cronstamps
@@ -121,11 +122,12 @@ external-disk-number = ${slap-parameter:external-disk-number}
 external-disk-size = ${slap-parameter:external-disk-size}
 external-disk-format = ${slap-parameter:external-disk-format}

-{% if slapparameter_dict.get('enable-http-server', 'False') == 'True' %}
+{% if slapparameter_dict.get('enable-http-server', 'False') == 'True' or ( slapparameter_dict.get('use-tap', 'False') == 'True' and tap_network_dict.has_key('ipv4') ) -%}
 httpd-port = ${slap-parameter:httpd-port}
 {% else -%}
 httpd-port = 0
 {% endif -%}
+netcat-binary = {{ netcat_bin }}

 [kvm-vnc-promise]
 recipe = slapos.cookbook:check_port_listening
@@ -269,14 +271,30 @@ nat-rule-url-{{port}} = [${slap-network-information:global-ipv6}]:{{external_por
 {% endif -%}
 {% if slapparameter_dict.get('use-tap', 'False') == 'True' and tap_network_dict.has_key('ipv4') -%}
 1_info = Use these configurations below to configure interface {{ iface }} in your VM.
-2_info = ifconfig {{ iface }} ${slap-network-information:tap-ipv4} netmask ${slap-network-information:tap-netmask}
-3_info = route add ${slap-network-information:tap-gateway} dev {{ iface }}
-4_info = route add -net ${slap-network-information:tap-network} netmask ${slap-network-information:tap-netmask} gw ${slap-network-information:tap-gateway}
+2_info = ${network-config:ifconfig}
+3_info = ${network-config:route-iface}
+4_info = ${network-config:route-network}
+5_info = ${network-config:route-default}
+6_info = In your VM you can run the command: wget -O- http://10.0.2.100/netconfig.sh | /bin/sh -
+
+[network-config]
+recipe = plone.recipe.command
+path = ${directory:public}/netconfig.sh
+ifconfig = ifconfig {{ iface }} ${slap-network-information:tap-ipv4} netmask ${slap-network-information:tap-netmask}
+route-iface = route add ${slap-network-information:tap-gateway} dev {{ iface }}
+route-network = route add -net ${slap-network-information:tap-network} netmask ${slap-network-information:tap-netmask} gw ${slap-network-information:tap-gateway}
 {%   if iface == 'eth0' -%}
-5_info = route add default gw ${slap-network-information:tap-gateway}
+route-default = route add default gw ${slap-network-information:tap-gateway}
 {%   elif global_ipv4_prefix -%}
-5_info = ip route add {{ global_ipv4_prefix }} via ${slap-network-information:tap-gateway} dev {{ iface }} src ${slap-network-information:tap-ipv4}
+route-default = ip route add {{ global_ipv4_prefix }} via ${slap-network-information:tap-gateway} dev {{ iface }} src ${slap-network-information:tap-ipv4}
 {%   endif -%}
+command = 
+  echo "#!/bin/sh" > ${:path}
+  echo "" >> ${:path}
+  echo "${:ifconfig}" >> ${:path}
+  echo "${:route-iface}" >> ${:path}
+  echo "${:route-network}" >> ${:path}
+  echo "${:route-default}" >> ${:path}
 {% endif -%}



--- a/software/kvm/instance.cfg.in
+++ b/software/kvm/instance.cfg.in
@@ -83,6 +83,7 @@ context =
    raw dcron_executable_location ${dcron:location}/sbin/crond
    raw debian_amd64_netinst_location ${debian-amd64-netinst.iso:location}/${debian-amd64-netinst.iso:filename}
    raw novnc_location ${noVNC:location}
+    raw netcat_bin ${netcat:location}/bin/netcat
    raw openssl_executable_location ${openssl:location}/bin/openssl
    raw qemu_executable_location ${kvm:location}/bin/qemu-system-x86_64
    raw qemu_img_executable_location ${kvm:location}/bin/qemu-img

--- a/software/kvm/template/apache.conf.in
+++ b/software/kvm/template/apache.conf.in
@@ -31,6 +31,7 @@ ErrorLog "{{ error_log }}"
 # Default apache log format with request time in microsecond at the end
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
 CustomLog "{{ access_log }}" combined
+SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded

 # Directory protection
 <Directory />
@@ -42,6 +43,7 @@ CustomLog "{{ access_log }}" combined
 DocumentRoot {{ index_folder }}
 <Directory {{ index_folder }}>
  Options Indexes FollowSymLinks
-  AllowOverride All
-  Require all granted
+  Require ip {{ ip }}
+  # Require env forwarded '{{ ip }}'
+  Require all denied
 </Directory>
\ No newline at end of file