Gotweb

Commit Diff

Commit:: 002a0edd4018c56d5a593f3e1f5e377c2a1e681f
From:: gonzalo <gonzalo@x61.com.ar>
Date:: Wed Jul 27 18:26:43 2022 UTC
Message:: Initial commit for vmm_setup_veb
Actions:: Patch | Tree
commit - /dev/null
commit + 002a0edd4018c56d5a593f3e1f5e377c2a1e681f
blob - /dev/null
blob + 6cb4127bc51125c84519ec4b3f93645a0b5651d3 (mode 644)
--- /dev/null
+++ README.md
@@ -0,0 +1,38 @@
+OpenBSD vmm with veb(4)
+=======================
+
+Setup OpenBSD with veb(4) and vport(4)
+
+Requirements
+------------
+
+OpenBSD >=7.0 and a processor with flags: SLAT for AMD or EPT for Intel.
+
+Example hosts & Playbook
+------------------------
+
+hosts:
+[current:vars]
+ansible_python_interpreter=/usr/local/bin/python3
+
+[current]
+100.65.0.100
+
+playbook:
+
+	- hosts: current
+	  remote_user: gonzalo
+	  become: yes
+	  become_method: doas
+	  roles:
+	    - vmm_setup_veb
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Gonzalo L. R. <gonzalo@x61.sh>
blob - /dev/null
blob + a8d9a8801c5ec2dc6aa3980506346cb6fc0935aa (mode 644)
--- /dev/null
+++ defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for vmm_setup_veb
blob - /dev/null
blob + da7a9b392dc5866df0fd254f12903b12b917f339 (mode 644)
--- /dev/null
+++ handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for vmm_setup_veb
blob - /dev/null
blob + 01d093a6b0aeb920b81dc8a2bc59f54a3467d5f1 (mode 644)
--- /dev/null
+++ meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Gonzalo L. R.
+  description: setup vmm env over openbsd using veb(4)
+  company: alfajor.sh
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: BSD
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
blob - /dev/null
blob + 6f4af45ab2e5a9d91d97e603fc6eed29836d92fc (mode 644)
--- /dev/null
+++ tasks/main.yml
@@ -0,0 +1,73 @@
+---
+# tasks file for vmm_setup_veb
+- name: Creating user "{{ vmm_user }}"
+  user:
+    name: "{{ vmm_user }}"
+    state: present
+
+- name: Creating group "{{ vmm_user }}"
+  group:
+    name: "{{ vmm_user }}"
+    state: present
+    
+- name: Creating "{{ vmm_dir }}" directory
+  file:
+    path: "{{ vmm_dir }}"
+    state: directory
+    owner: "{{ vmm_user }}"
+    group: "{{ vmm_user }}"
+
+- name: Creating sets directory
+  file:
+    path: "{{ vmm_dir }}/sets"
+    state: directory
+    owner: "{{ vmm_user }}"
+    group: "{{ vmm_user }}"
+
+- name: Downloading OpenBSD snapshot
+  get_url:
+    url: "https://cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/install72.img"
+    dest: "{{ vmm_dir }}/sets"
+    timeout: 60
+
+- name: Downloading Alpine-virt iso
+  get_url:
+    url: "https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.1-x86_64.iso"
+    dest: "{{ vmm_dir }}/sets"
+    timeout: 60
+  
+- name: Creating current, release and alpine
+  shell: |
+    doas -u "{{ vmm_user }}" vmctl create -s "{{ vm01_size }}" "{{ vmm_dir }}/current.qcow2"
+    doas -u "{{ vmm_user }}" vmctl create -s "{{ vm02_size }}" "{{ vmm_dir }}/release.qcow2"
+    doas -u "{{ vmm_user }}" vmctl create -s "{{ vm03_size }}" "{{ vmm_dir }}/alpine.qcow2"
+  args:
+    executable: /bin/sh
+
+- name: Create directory for pf include
+  file:
+    path: /etc/pf
+    state: directory
+
+- template: src=hostname.local.j2 dest=/etc/hostname.{{ out_if }} owner="root" group="wheel" mode="0640"
+- template: src=hostname.veb0.j2 dest="/etc/hostname.veb0" owner="root" group="wheel" mode="0640"
+- template: src=hostname.vport0.j2 dest="/etc/hostname.vport0" owner="root" group="wheel" mode="0640"
+- template: src=vmd.conf.j2 dest="/etc/pf/vmd.conf" owner="root" group="wheel"
+- template: src=vm.conf.j2 dest="/etc/vm.conf" owner="root" group="wheel"
+
+- name: Enable vmd
+  service: name=vmd state=started enabled=yes
+
+- name: Load pf
+  shell: |
+    echo 'include "/etc/pf/vmd.conf"' >> /etc/pf.conf
+    pfctl -f /etc/pf.conf
+  args:
+    executable: /bin/sh
+
+- name: Enable forwarding
+  shell: |
+    sysctl -w net.inet.ip.forwarding=1
+    echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
+  args:
+    executable: /bin/sh
blob - /dev/null
blob + 0f341a7c29d90af69ae19505a33d4e5049a8099f (mode 644)
--- /dev/null
+++ templates/hostname.local.j2
@@ -0,0 +1,3 @@
+up
+inet alias {{ local_net }}
+inet autoconf
blob - /dev/null
blob + b672959d6e38ef92855886826e77fffec0f479fe (mode 644)
--- /dev/null
+++ templates/hostname.veb0.j2
@@ -0,0 +1,4 @@
+add vport0
+add tap0
+add tap1
+add tap2
blob - /dev/null
blob + ff5b7ea9fa988553a3b7ffa587a034be031c13d6 (mode 644)
--- /dev/null
+++ templates/hostname.vport0.j2
@@ -0,0 +1,4 @@
+up
+alias {{ net_vm03 }}
+alias {{ net_vm02 }}
+inet alias {{ net_vm01 }}
blob - /dev/null
blob + ea0d538f380d93c0638e9a744076a43e9c0a9b4c (mode 644)
--- /dev/null
+++ templates/vm.conf.j2
@@ -0,0 +1,32 @@
+sets="{{ vmm_dir }}/sets/"
+
+switch "veb" {
+	interface veb0
+}
+
+vm alpine {
+	disable
+	memory {{ vm03_ram }}
+	owner {{ vmm_user }}
+	cdrom $sets alpine-virt-3.16.1-x86_64.iso
+	disk {{ vmm_dir }}/alpine.qcow2
+	interface tap { switch "veb0" }
+}
+
+vm release {
+	disable
+	memory {{ vm02_ram }}
+	owner {{ vmm_user }}
+	cdrom $sets install72.iso
+	disk {{ vmm_dir }}/release.qcow2
+	interface tap { switch "veb0" }
+}
+
+vm current {
+	disable
+	memory {{ vm01_ram }}
+	owner {{ vmm_user }}
+	cdrom $sets install72.iso
+	disk {{ vmm_dir }}/signal.qcow2
+	interface tap { switch "veb0" }
+}
blob - /dev/null
blob + 9fc731f31315d2fc71f480c752461073c711ffa8 (mode 644)
--- /dev/null
+++ templates/vmd.conf.j2
@@ -0,0 +1,3 @@
+match out on egress inet from {{ net_vm01 }} to any nat-to (egress)
+match out on egress inet from {{ net_vm02 }} to any nat-to (egress)
+match out on egress inet from {{ net_vm03 }} to any nat-to (egress)
blob - /dev/null
blob + 2fbb50c4a8dc7dae6bd07d08c3f7d02ccb2818b0 (mode 644)
--- /dev/null
+++ tests/inventory
@@ -0,0 +1 @@
+localhost
blob - /dev/null
blob + 8bd9b7ccd6708ef42fc76bd472f49a8cb0a1d396 (mode 644)
--- /dev/null
+++ tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - vmm_setup_veb
blob - /dev/null
blob + 260cbe0cc965170be3eb7cdcc59532665285c922 (mode 644)
--- /dev/null
+++ vars/main.yml
@@ -0,0 +1,15 @@
+---
+# vars file for vmm_setup_veb
+vmm_user: gonzalo
+vmm_dir: /home/gonzalo/VMs
+out_if: bwfm0
+local_net: 100.63.0.1/24
+net_vm01: 100.64.0.1/24
+net_vm02: 100.65.0.1/24
+net_vm03: 100.66.0.1/24
+vm01_size: 5G
+vm01_ram: 512M
+vm02_size: 5G
+vm02_ram: 512M
+vm03_size: 10G
+vm03_ram: 1G