Change: setup to create a nested VM and run a build

9 files changed, 216 insertions, 0 deletions

diff --git a/build-in-vm b/build-in-vm
new file mode 100755
index 0000000..2e71681
--- /dev/null
+++ b/build-in-vm
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+set -eux
+
+workerip() {
+    ssh "$manager" cat /var/lib/libvirt/dnsmasq/virbr0.status |
+        jq -r '.[0]["ip-address"]'
+}
+
+toguest() {
+    scp "$2" "$manager:tmpfile"
+    ssh "$manager" scp tmpfile "$1@$worker:$2"
+}    
+
+onguest() {
+    local user="$1"
+    shift
+    ssh "$manager" ssh "$user@$worker" "$@"
+}    
+
+manager="manager@$1"
+worker="$(workerip "$manager")"
+
+if [ "$worker" = "" ]
+then
+    echo "Worker isn't running yet." 1>&2
+    exit 1
+fi
+
+toguest manager build-prepare.sh
+toguest worker build-locally.sh 
+
+onguest manager sudo sh build-prepare.sh
+onguest worker sh build-locally.sh
diff --git a/build-locally.sh b/build-locally.sh
new file mode 100755
index 0000000..296d801
--- /dev/null
+++ b/build-locally.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -eux
+
+url="git://git.liw.fi/heippa"
+
+
+git clone "$url" src
+cd src
+make
+./heippa
diff --git a/build-prepare.sh b/build-prepare.sh
new file mode 100644
index 0000000..902d646
--- /dev/null
+++ b/build-prepare.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -eux
+
+export DEBIAN_FRONTEND=noninteractive
+apt-get install -y git build-essential
diff --git a/create-vm b/create-vm
new file mode 100755
index 0000000..aabc56e
--- /dev/null
+++ b/create-vm
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -eu
+
+name=worker
+
+cp worker.img temp.img
+image=temp.img
+
+virsh -c qemu:///system net-autostart default
+virsh -c qemu:///system net-start default || true
+
+virt-install \
+    --connect qemu:///system \
+    --quiet \
+    --name="$name" \
+    --memory=4096 \
+    --cpu=host-model-only \
+    --import \
+    --os-variant=debian9 \
+    --disk="path=$image,cache=none" \
+    --network="network=default" \
+    --graphics=spice \
+    --noautoconsole
diff --git a/manager-ssh-config b/manager-ssh-config
new file mode 100644
index 0000000..bf5a537
--- /dev/null
+++ b/manager-ssh-config
@@ -0,0 +1,4 @@
+Host 192.168.*
+  UserKnownHostsFile /dev/null
+  StrictHostKeyChecking no
+  IdentityFile ~/.ssh/manager.key
diff --git a/manager.key b/manager.key
new file mode 100644
index 0000000..e40061c
--- /dev/null
+++ b/manager.key
@@ -0,0 +1,27 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAQEA6MzpvUpjRTV80BDEW2zJanrbWoNz2P65lkcSYgnF469LQ1UEnoZv
+pYnochzMmpFZHuOkNkYuPVmQxni+ErA0qP6w/q5Sw85ARwdG8tX0QtVTjm/5qQHnOX/IcW
+GSutvTvSAMG//EZD7RrdfoCwXzz2HaU4ru/DMwsoDYgnNLGR4n7T61NCAYy/FEbKpu7gIt
+FGrWIVyN7512uDtKXB3UtQ9dnBzgi1q5HxTf4/4yxkmTBGH45pT2y98Hh17pk6GpAXr64V
+6vN/dWSGkePayB4NFD5f09CueiNbsbqgQtrF+WhlBPC7Jh+Wocxj5u+z4i4sbiv9WuDWxc
+0v7VUaHy5wAAA8jnOHeT5zh3kwAAAAdzc2gtcnNhAAABAQDozOm9SmNFNXzQEMRbbMlqet
+tag3PY/rmWRxJiCcXjr0tDVQSehm+liehyHMyakVke46Q2Ri49WZDGeL4SsDSo/rD+rlLD
+zkBHB0by1fRC1VOOb/mpAec5f8hxYZK629O9IAwb/8RkPtGt1+gLBfPPYdpTiu78MzCygN
+iCc0sZHiftPrU0IBjL8URsqm7uAi0UatYhXI3vnXa4O0pcHdS1D12cHOCLWrkfFN/j/jLG
+SZMEYfjmlPbL3weHXumToakBevrhXq8391ZIaR49rIHg0UPl/T0K56I1uxuqBC2sX5aGUE
+8LsmH5ahzGPm77PiLixuK/1a4NbFzS/tVRofLnAAAAAwEAAQAAAQBkl1ZQQnpOh2QdC4Gs
+9364kcmCfNZr5vUOKDubPRnS3gWpXG0YioJnhwV3eVY3W6KkpDxqbzy/qZnTCI0oyhaXBy
+Y3hd+hV9eSWWSgvS5ESqVGIMBB9N6Si9Jym3SpZR9C0zwoRQX5QuObOHW9fZ7x9xg9jQTi
+2MOr/dyP0X2bpgcXPkJis3jYVkozksYznZsFiogThQyeBNfxvMa3ryP1y+Wnu1YXoDOSB2
+TT3a4lHoUBsNO1lhgnYs4Ra7cjYW6VNowncNsFo6pQ6J373chcOL/KqSDbz0ImUjxkXBi2
+R7+EouYOlV0oX3ysVJ5ESuc0DUt9DbqySVQvjs2RZ02BAAAAgEi8IP85gwpjvQtIWYdRsg
+TaNGX8b9rM3tpKv4D3YqGkAzlC9+tTc0+D6hpc0tlHvM15zISgEAsg/EFGhRRxB2cBVDwS
+ArLxKHQzdLShcxJcbtBt0g1V+aHyjo0vqBtH0NKGz7gFSXnlaGis3dHNiHwfgLmcyvOyKO
+NvwS0UNCgyAAAAgQD52d7gc0KmHhyjBJbVXYytuAVm2JTVBe7Uy1urXE4l+c/2EEB38Rkg
+pU/16B/phPyum9zbqBzien8SR5TUwWqlhpIC+6iEmQYFTLeRQNNDMiFPcg4D7ZKIeRVNe+
+eG4/6gMWAl3B25VzxeUB8iLEiAihTcV+5P7ThSUrTb3/QcxwAAAIEA7oeecl6QNnR8yopn
+AbQmwHCdN1M4byKfQ7imoK00DMbty2z4gdDkeIssACOWF1P0C0wZYPOHFqMJA7F/sZFtgh
+dUyY6zH/LwFlflID96FfcgFtjZzV17A/Qv5Za9Fkfuf0mB78kNWPlIuoDi8T2+1k0Cz/HT
+8506lPPeK0WOGOEAAAAMbGl3QGV4b2xvYmUxAQIDBAUGBw==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/manager.key.pub b/manager.key.pub
new file mode 100644
index 0000000..a4a9489
--- /dev/null
+++ b/manager.key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDozOm9SmNFNXzQEMRbbMlqettag3PY/rmWRxJiCcXjr0tDVQSehm+liehyHMyakVke46Q2Ri49WZDGeL4SsDSo/rD+rlLDzkBHB0by1fRC1VOOb/mpAec5f8hxYZK629O9IAwb/8RkPtGt1+gLBfPPYdpTiu78MzCygNiCc0sZHiftPrU0IBjL8URsqm7uAi0UatYhXI3vnXa4O0pcHdS1D12cHOCLWrkfFN/j/jLGSZMEYfjmlPbL3weHXumToakBevrhXq8391ZIaR49rIHg0UPl/T0K56I1uxuqBC2sX5aGUE8LsmH5ahzGPm77PiLixuK/1a4NbFzS/tVRofLn liw@exolobe1
diff --git a/worker.vmdb b/worker.vmdb
new file mode 100644
index 0000000..56218ae
--- /dev/null
+++ b/worker.vmdb
@@ -0,0 +1,46 @@
+# An image for running the Ick contractor inner VM.
+
+steps:
+  - mkimg: "{{ output }}"
+    size: 4G
+
+  - mklabel: msdos
+    device: "{{ output }}"
+
+  - mkpart: primary
+    device: "{{ output }}"
+    start: 0%
+    end: 100%
+    tag: /
+
+  - kpartx: "{{ output }}"
+
+  - mkfs: ext4
+    partition: /
+
+  - mount: /
+
+  - unpack-rootfs: /
+
+  - debootstrap: buster
+    mirror: http://deb.debian.org/debian
+    target: /
+    unless: rootfs_unpacked
+
+  - apt: install
+    packages:
+    - linux-image-amd64
+    - python3
+    tag: /
+    unless: rootfs_unpacked
+
+  - cache-rootfs: /
+    unless: rootfs_unpacked
+
+  - fstab: /
+
+  - ansible: /
+    playbook: worker.yml
+
+  - grub: bios
+    tag: /
diff --git a/worker.yml b/worker.yml
new file mode 100644
index 0000000..1851cae
--- /dev/null
+++ b/worker.yml
@@ -0,0 +1,63 @@
+- hosts: image
+  tasks:
+    - shell: |
+        echo "{{ host }}" > /etc/hostname
+        sed -i '/^127\.0\.0.*localhost.*/s/.*/127.0.0.1 localhost {{ host }}/' \
+          /etc/hosts
+        sed -i '/^root:[^:]:/s//root::/' /etc/passwd
+    - copy:
+        content: |
+          auto lo
+          iface lo inet loopback
+
+          auto eth0
+          iface eth0 inet dhcp
+        dest: /etc/network/interfaces
+    - apt:
+        name:
+          - ssh
+          - sudo
+    - user:
+        comment: "Worker"
+        name: worker
+        shell: /bin/bash
+    - file:
+        state: directory
+        path: /home/worker/.ssh
+        owner: worker
+        group: worker
+        mode: 0700
+    - copy:
+        src: manager.key.pub
+        dest: /home/worker/.ssh/authorized_keys
+        owner: worker
+        group: worker
+        mode: 0600
+    - user:
+        comment: "Manager"
+        name: manager
+        shell: /bin/bash
+    - file:
+        state: directory
+        path: /home/manager/.ssh
+        owner: manager
+        group: manager
+        mode: 0700
+    - copy:
+        src: manager.key.pub
+        dest: /home/manager/.ssh/authorized_keys
+        owner: manager
+        group: manager
+        mode: 0600
+    - copy:
+        content: |
+          manager ALL=(ALL:ALL) NOPASSWD: ALL
+        dest: /etc/sudoers.d/manager
+        owner: root
+        group: root
+        mode: 0600
+  vars:
+    host: worker
+    ansible_python_interpreter: /usr/bin/python3
+    user_pub: |
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAlECa3tbFGXhB3Zh/4/GhM11THOThVfiuLqqJ2dpWHEClzpKJHpzzwWt7g9z/MMQNMsUJLy+okz+De6hdjjmYJ9kG9Sr3H4YKq6itGQMj7L/cH3WS3ynp0uy0oW3hf932vDZKQ8iy9vczXH+ERYl+4TYae1Jp4Hyf4/2IYxEfuhKctvSvqySST3Qk9JNZ71HFGOWhjH/MmoCLoT1v+HkqmHdYf/GMKGRo3gqCEGgCgNErYYIyKm3OF3dHXK+hyGLE/cZNu6fU5woW3rvtUCFt08Ri2pm0cnXXJn9jQIMxfS5Kkf64svwgzKmPqgX1f4flopYPlsBXduCgzbJvj+lpgauAk/i1A5B01CFa9sI4C6pHZmwk1qxRwN+4IXL2CQt+tDgYC84ZDDd8R7cNyL22a3KhMQmdHtvog1beAa3Ab+J+cafkXXN+Es9f1wQjzk7DiHupmJIVofBvPP+cRcB46rwha6ati8Fa5QkT9rXFNqQsKk7jq8TIi54Bm15OOa0jInGG3TM17b9Ftu2WTJSAaqgBnDfZiInK7HEvC6K/IBljrN3oGagmFZPrAvzw7d6C2/nKFAQtfoMcE5oWVDrJyjsmJ8oaru0E8rwj7mMvyKPgEMnXTGXLWDgEo50+i291m4bkCxVwiOPbPRvdMll1Y8qfBAPT76sY4Ikgcw/2iw== openpgp:0xBBE80E50