diff options
-rwxr-xr-x | build-in-vm | 34 | ||||
-rwxr-xr-x | build-locally.sh | 11 | ||||
-rw-r--r-- | build-prepare.sh | 6 | ||||
-rwxr-xr-x | create-vm | 24 | ||||
-rw-r--r-- | manager-ssh-config | 4 | ||||
-rw-r--r-- | manager.key | 27 | ||||
-rw-r--r-- | manager.key.pub | 1 | ||||
-rw-r--r-- | worker.vmdb | 46 | ||||
-rw-r--r-- | worker.yml | 63 |
9 files changed, 216 insertions, 0 deletions
diff --git a/build-in-vm b/build-in-vm new file mode 100755 index 0000000..2e71681 --- /dev/null +++ b/build-in-vm @@ -0,0 +1,34 @@ +#!/bin/sh + +set -eux + +workerip() { + ssh "$manager" cat /var/lib/libvirt/dnsmasq/virbr0.status | + jq -r '.[0]["ip-address"]' +} + +toguest() { + scp "$2" "$manager:tmpfile" + ssh "$manager" scp tmpfile "$1@$worker:$2" +} + +onguest() { + local user="$1" + shift + ssh "$manager" ssh "$user@$worker" "$@" +} + +manager="manager@$1" +worker="$(workerip "$manager")" + +if [ "$worker" = "" ] +then + echo "Worker isn't running yet." 1>&2 + exit 1 +fi + +toguest manager build-prepare.sh +toguest worker build-locally.sh + +onguest manager sudo sh build-prepare.sh +onguest worker sh build-locally.sh diff --git a/build-locally.sh b/build-locally.sh new file mode 100755 index 0000000..296d801 --- /dev/null +++ b/build-locally.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +set -eux + +url="git://git.liw.fi/heippa" + + +git clone "$url" src +cd src +make +./heippa diff --git a/build-prepare.sh b/build-prepare.sh new file mode 100644 index 0000000..902d646 --- /dev/null +++ b/build-prepare.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +set -eux + +export DEBIAN_FRONTEND=noninteractive +apt-get install -y git build-essential diff --git a/create-vm b/create-vm new file mode 100755 index 0000000..aabc56e --- /dev/null +++ b/create-vm @@ -0,0 +1,24 @@ +#!/bin/sh + +set -eu + +name=worker + +cp worker.img temp.img +image=temp.img + +virsh -c qemu:///system net-autostart default +virsh -c qemu:///system net-start default || true + +virt-install \ + --connect qemu:///system \ + --quiet \ + --name="$name" \ + --memory=4096 \ + --cpu=host-model-only \ + --import \ + --os-variant=debian9 \ + --disk="path=$image,cache=none" \ + --network="network=default" \ + --graphics=spice \ + --noautoconsole diff --git a/manager-ssh-config b/manager-ssh-config new file mode 100644 index 0000000..bf5a537 --- /dev/null +++ b/manager-ssh-config @@ -0,0 +1,4 @@ +Host 192.168.* + UserKnownHostsFile /dev/null + StrictHostKeyChecking no + IdentityFile ~/.ssh/manager.key diff --git a/manager.key b/manager.key new file mode 100644 index 0000000..e40061c --- /dev/null +++ b/manager.key @@ -0,0 +1,27 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAQEA6MzpvUpjRTV80BDEW2zJanrbWoNz2P65lkcSYgnF469LQ1UEnoZv +pYnochzMmpFZHuOkNkYuPVmQxni+ErA0qP6w/q5Sw85ARwdG8tX0QtVTjm/5qQHnOX/IcW +GSutvTvSAMG//EZD7RrdfoCwXzz2HaU4ru/DMwsoDYgnNLGR4n7T61NCAYy/FEbKpu7gIt +FGrWIVyN7512uDtKXB3UtQ9dnBzgi1q5HxTf4/4yxkmTBGH45pT2y98Hh17pk6GpAXr64V +6vN/dWSGkePayB4NFD5f09CueiNbsbqgQtrF+WhlBPC7Jh+Wocxj5u+z4i4sbiv9WuDWxc +0v7VUaHy5wAAA8jnOHeT5zh3kwAAAAdzc2gtcnNhAAABAQDozOm9SmNFNXzQEMRbbMlqet +tag3PY/rmWRxJiCcXjr0tDVQSehm+liehyHMyakVke46Q2Ri49WZDGeL4SsDSo/rD+rlLD +zkBHB0by1fRC1VOOb/mpAec5f8hxYZK629O9IAwb/8RkPtGt1+gLBfPPYdpTiu78MzCygN +iCc0sZHiftPrU0IBjL8URsqm7uAi0UatYhXI3vnXa4O0pcHdS1D12cHOCLWrkfFN/j/jLG +SZMEYfjmlPbL3weHXumToakBevrhXq8391ZIaR49rIHg0UPl/T0K56I1uxuqBC2sX5aGUE +8LsmH5ahzGPm77PiLixuK/1a4NbFzS/tVRofLnAAAAAwEAAQAAAQBkl1ZQQnpOh2QdC4Gs +9364kcmCfNZr5vUOKDubPRnS3gWpXG0YioJnhwV3eVY3W6KkpDxqbzy/qZnTCI0oyhaXBy +Y3hd+hV9eSWWSgvS5ESqVGIMBB9N6Si9Jym3SpZR9C0zwoRQX5QuObOHW9fZ7x9xg9jQTi +2MOr/dyP0X2bpgcXPkJis3jYVkozksYznZsFiogThQyeBNfxvMa3ryP1y+Wnu1YXoDOSB2 +TT3a4lHoUBsNO1lhgnYs4Ra7cjYW6VNowncNsFo6pQ6J373chcOL/KqSDbz0ImUjxkXBi2 +R7+EouYOlV0oX3ysVJ5ESuc0DUt9DbqySVQvjs2RZ02BAAAAgEi8IP85gwpjvQtIWYdRsg +TaNGX8b9rM3tpKv4D3YqGkAzlC9+tTc0+D6hpc0tlHvM15zISgEAsg/EFGhRRxB2cBVDwS +ArLxKHQzdLShcxJcbtBt0g1V+aHyjo0vqBtH0NKGz7gFSXnlaGis3dHNiHwfgLmcyvOyKO +NvwS0UNCgyAAAAgQD52d7gc0KmHhyjBJbVXYytuAVm2JTVBe7Uy1urXE4l+c/2EEB38Rkg +pU/16B/phPyum9zbqBzien8SR5TUwWqlhpIC+6iEmQYFTLeRQNNDMiFPcg4D7ZKIeRVNe+ +eG4/6gMWAl3B25VzxeUB8iLEiAihTcV+5P7ThSUrTb3/QcxwAAAIEA7oeecl6QNnR8yopn +AbQmwHCdN1M4byKfQ7imoK00DMbty2z4gdDkeIssACOWF1P0C0wZYPOHFqMJA7F/sZFtgh +dUyY6zH/LwFlflID96FfcgFtjZzV17A/Qv5Za9Fkfuf0mB78kNWPlIuoDi8T2+1k0Cz/HT +8506lPPeK0WOGOEAAAAMbGl3QGV4b2xvYmUxAQIDBAUGBw== +-----END OPENSSH PRIVATE KEY----- diff --git a/manager.key.pub b/manager.key.pub new file mode 100644 index 0000000..a4a9489 --- /dev/null +++ b/manager.key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDozOm9SmNFNXzQEMRbbMlqettag3PY/rmWRxJiCcXjr0tDVQSehm+liehyHMyakVke46Q2Ri49WZDGeL4SsDSo/rD+rlLDzkBHB0by1fRC1VOOb/mpAec5f8hxYZK629O9IAwb/8RkPtGt1+gLBfPPYdpTiu78MzCygNiCc0sZHiftPrU0IBjL8URsqm7uAi0UatYhXI3vnXa4O0pcHdS1D12cHOCLWrkfFN/j/jLGSZMEYfjmlPbL3weHXumToakBevrhXq8391ZIaR49rIHg0UPl/T0K56I1uxuqBC2sX5aGUE8LsmH5ahzGPm77PiLixuK/1a4NbFzS/tVRofLn liw@exolobe1 diff --git a/worker.vmdb b/worker.vmdb new file mode 100644 index 0000000..56218ae --- /dev/null +++ b/worker.vmdb @@ -0,0 +1,46 @@ +# An image for running the Ick contractor inner VM. + +steps: + - mkimg: "{{ output }}" + size: 4G + + - mklabel: msdos + device: "{{ output }}" + + - mkpart: primary + device: "{{ output }}" + start: 0% + end: 100% + tag: / + + - kpartx: "{{ output }}" + + - mkfs: ext4 + partition: / + + - mount: / + + - unpack-rootfs: / + + - debootstrap: buster + mirror: http://deb.debian.org/debian + target: / + unless: rootfs_unpacked + + - apt: install + packages: + - linux-image-amd64 + - python3 + tag: / + unless: rootfs_unpacked + + - cache-rootfs: / + unless: rootfs_unpacked + + - fstab: / + + - ansible: / + playbook: worker.yml + + - grub: bios + tag: / diff --git a/worker.yml b/worker.yml new file mode 100644 index 0000000..1851cae --- /dev/null +++ b/worker.yml @@ -0,0 +1,63 @@ +- hosts: image + tasks: + - shell: | + echo "{{ host }}" > /etc/hostname + sed -i '/^127\.0\.0.*localhost.*/s/.*/127.0.0.1 localhost {{ host }}/' \ + /etc/hosts + sed -i '/^root:[^:]:/s//root::/' /etc/passwd + - copy: + content: | + auto lo + iface lo inet loopback + + auto eth0 + iface eth0 inet dhcp + dest: /etc/network/interfaces + - apt: + name: + - ssh + - sudo + - user: + comment: "Worker" + name: worker + shell: /bin/bash + - file: + state: directory + path: /home/worker/.ssh + owner: worker + group: worker + mode: 0700 + - copy: + src: manager.key.pub + dest: /home/worker/.ssh/authorized_keys + owner: worker + group: worker + mode: 0600 + - user: + comment: "Manager" + name: manager + shell: /bin/bash + - file: + state: directory + path: /home/manager/.ssh + owner: manager + group: manager + mode: 0700 + - copy: + src: manager.key.pub + dest: /home/manager/.ssh/authorized_keys + owner: manager + group: manager + mode: 0600 + - copy: + content: | + manager ALL=(ALL:ALL) NOPASSWD: ALL + dest: /etc/sudoers.d/manager + owner: root + group: root + mode: 0600 + vars: + host: worker + ansible_python_interpreter: /usr/bin/python3 + user_pub: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAlECa3tbFGXhB3Zh/4/GhM11THOThVfiuLqqJ2dpWHEClzpKJHpzzwWt7g9z/MMQNMsUJLy+okz+De6hdjjmYJ9kG9Sr3H4YKq6itGQMj7L/cH3WS3ynp0uy0oW3hf932vDZKQ8iy9vczXH+ERYl+4TYae1Jp4Hyf4/2IYxEfuhKctvSvqySST3Qk9JNZ71HFGOWhjH/MmoCLoT1v+HkqmHdYf/GMKGRo3gqCEGgCgNErYYIyKm3OF3dHXK+hyGLE/cZNu6fU5woW3rvtUCFt08Ri2pm0cnXXJn9jQIMxfS5Kkf64svwgzKmPqgX1f4flopYPlsBXduCgzbJvj+lpgauAk/i1A5B01CFa9sI4C6pHZmwk1qxRwN+4IXL2CQt+tDgYC84ZDDd8R7cNyL22a3KhMQmdHtvog1beAa3Ab+J+cafkXXN+Es9f1wQjzk7DiHupmJIVofBvPP+cRcB46rwha6ati8Fa5QkT9rXFNqQsKk7jq8TIi54Bm15OOa0jInGG3TM17b9Ftu2WTJSAaqgBnDfZiInK7HEvC6K/IBljrN3oGagmFZPrAvzw7d6C2/nKFAQtfoMcE5oWVDrJyjsmJ8oaru0E8rwj7mMvyKPgEMnXTGXLWDgEo50+i291m4bkCxVwiOPbPRvdMll1Y8qfBAPT76sY4Ikgcw/2iw== openpgp:0xBBE80E50 |