commit 002a0edd4018c56d5a593f3e1f5e377c2a1e681f from: gonzalo date: Wed Jul 27 18:26:43 2022 UTC Initial commit for vmm_setup_veb commit - /dev/null commit + 002a0edd4018c56d5a593f3e1f5e377c2a1e681f blob - /dev/null blob + 6cb4127bc51125c84519ec4b3f93645a0b5651d3 (mode 644) --- /dev/null +++ README.md @@ -0,0 +1,38 @@ +OpenBSD vmm with veb(4) +======================= + +Setup OpenBSD with veb(4) and vport(4) + +Requirements +------------ + +OpenBSD >=7.0 and a processor with flags: SLAT for AMD or EPT for Intel. + +Example hosts & Playbook +------------------------ + +hosts: +[current:vars] +ansible_python_interpreter=/usr/local/bin/python3 + +[current] +100.65.0.100 + +playbook: + + - hosts: current + remote_user: gonzalo + become: yes + become_method: doas + roles: + - vmm_setup_veb + +License +------- + +BSD + +Author Information +------------------ + +Gonzalo L. R. blob - /dev/null blob + a8d9a8801c5ec2dc6aa3980506346cb6fc0935aa (mode 644) --- /dev/null +++ defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for vmm_setup_veb blob - /dev/null blob + da7a9b392dc5866df0fd254f12903b12b917f339 (mode 644) --- /dev/null +++ handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for vmm_setup_veb blob - /dev/null blob + 01d093a6b0aeb920b81dc8a2bc59f54a3467d5f1 (mode 644) --- /dev/null +++ meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: Gonzalo L. R. + description: setup vmm env over openbsd using veb(4) + company: alfajor.sh + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: BSD + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. blob - /dev/null blob + 6f4af45ab2e5a9d91d97e603fc6eed29836d92fc (mode 644) --- /dev/null +++ tasks/main.yml @@ -0,0 +1,73 @@ +--- +# tasks file for vmm_setup_veb +- name: Creating user "{{ vmm_user }}" + user: + name: "{{ vmm_user }}" + state: present + +- name: Creating group "{{ vmm_user }}" + group: + name: "{{ vmm_user }}" + state: present + +- name: Creating "{{ vmm_dir }}" directory + file: + path: "{{ vmm_dir }}" + state: directory + owner: "{{ vmm_user }}" + group: "{{ vmm_user }}" + +- name: Creating sets directory + file: + path: "{{ vmm_dir }}/sets" + state: directory + owner: "{{ vmm_user }}" + group: "{{ vmm_user }}" + +- name: Downloading OpenBSD snapshot + get_url: + url: "https://cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/install72.img" + dest: "{{ vmm_dir }}/sets" + timeout: 60 + +- name: Downloading Alpine-virt iso + get_url: + url: "https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.1-x86_64.iso" + dest: "{{ vmm_dir }}/sets" + timeout: 60 + +- name: Creating current, release and alpine + shell: | + doas -u "{{ vmm_user }}" vmctl create -s "{{ vm01_size }}" "{{ vmm_dir }}/current.qcow2" + doas -u "{{ vmm_user }}" vmctl create -s "{{ vm02_size }}" "{{ vmm_dir }}/release.qcow2" + doas -u "{{ vmm_user }}" vmctl create -s "{{ vm03_size }}" "{{ vmm_dir }}/alpine.qcow2" + args: + executable: /bin/sh + +- name: Create directory for pf include + file: + path: /etc/pf + state: directory + +- template: src=hostname.local.j2 dest=/etc/hostname.{{ out_if }} owner="root" group="wheel" mode="0640" +- template: src=hostname.veb0.j2 dest="/etc/hostname.veb0" owner="root" group="wheel" mode="0640" +- template: src=hostname.vport0.j2 dest="/etc/hostname.vport0" owner="root" group="wheel" mode="0640" +- template: src=vmd.conf.j2 dest="/etc/pf/vmd.conf" owner="root" group="wheel" +- template: src=vm.conf.j2 dest="/etc/vm.conf" owner="root" group="wheel" + +- name: Enable vmd + service: name=vmd state=started enabled=yes + +- name: Load pf + shell: | + echo 'include "/etc/pf/vmd.conf"' >> /etc/pf.conf + pfctl -f /etc/pf.conf + args: + executable: /bin/sh + +- name: Enable forwarding + shell: | + sysctl -w net.inet.ip.forwarding=1 + echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf + args: + executable: /bin/sh blob - /dev/null blob + 0f341a7c29d90af69ae19505a33d4e5049a8099f (mode 644) --- /dev/null +++ templates/hostname.local.j2 @@ -0,0 +1,3 @@ +up +inet alias {{ local_net }} +inet autoconf blob - /dev/null blob + b672959d6e38ef92855886826e77fffec0f479fe (mode 644) --- /dev/null +++ templates/hostname.veb0.j2 @@ -0,0 +1,4 @@ +add vport0 +add tap0 +add tap1 +add tap2 blob - /dev/null blob + ff5b7ea9fa988553a3b7ffa587a034be031c13d6 (mode 644) --- /dev/null +++ templates/hostname.vport0.j2 @@ -0,0 +1,4 @@ +up +alias {{ net_vm03 }} +alias {{ net_vm02 }} +inet alias {{ net_vm01 }} blob - /dev/null blob + ea0d538f380d93c0638e9a744076a43e9c0a9b4c (mode 644) --- /dev/null +++ templates/vm.conf.j2 @@ -0,0 +1,32 @@ +sets="{{ vmm_dir }}/sets/" + +switch "veb" { + interface veb0 +} + +vm alpine { + disable + memory {{ vm03_ram }} + owner {{ vmm_user }} + cdrom $sets alpine-virt-3.16.1-x86_64.iso + disk {{ vmm_dir }}/alpine.qcow2 + interface tap { switch "veb0" } +} + +vm release { + disable + memory {{ vm02_ram }} + owner {{ vmm_user }} + cdrom $sets install72.iso + disk {{ vmm_dir }}/release.qcow2 + interface tap { switch "veb0" } +} + +vm current { + disable + memory {{ vm01_ram }} + owner {{ vmm_user }} + cdrom $sets install72.iso + disk {{ vmm_dir }}/signal.qcow2 + interface tap { switch "veb0" } +} blob - /dev/null blob + 9fc731f31315d2fc71f480c752461073c711ffa8 (mode 644) --- /dev/null +++ templates/vmd.conf.j2 @@ -0,0 +1,3 @@ +match out on egress inet from {{ net_vm01 }} to any nat-to (egress) +match out on egress inet from {{ net_vm02 }} to any nat-to (egress) +match out on egress inet from {{ net_vm03 }} to any nat-to (egress) blob - /dev/null blob + 2fbb50c4a8dc7dae6bd07d08c3f7d02ccb2818b0 (mode 644) --- /dev/null +++ tests/inventory @@ -0,0 +1 @@ +localhost blob - /dev/null blob + 8bd9b7ccd6708ef42fc76bd472f49a8cb0a1d396 (mode 644) --- /dev/null +++ tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - vmm_setup_veb blob - /dev/null blob + 260cbe0cc965170be3eb7cdcc59532665285c922 (mode 644) --- /dev/null +++ vars/main.yml @@ -0,0 +1,15 @@ +--- +# vars file for vmm_setup_veb +vmm_user: gonzalo +vmm_dir: /home/gonzalo/VMs +out_if: bwfm0 +local_net: 100.63.0.1/24 +net_vm01: 100.64.0.1/24 +net_vm02: 100.65.0.1/24 +net_vm03: 100.66.0.1/24 +vm01_size: 5G +vm01_ram: 512M +vm02_size: 5G +vm02_ram: 512M +vm03_size: 10G +vm03_ram: 1G