diff options
| -rw-r--r-- | README | 98 | ||||
| -rwxr-xr-x | kvm-creator | 69 |
2 files changed, 141 insertions, 26 deletions
@@ -7,7 +7,9 @@ This is a small set of scripts to make it relatively easy to manage a stable of kvm instances in a fairly secure and isolated fashion. The basic model is to use runit to supervise each KVM instance, with a -single, non-privileged user account for each instance. +single, non-privileged user account for each instance. You can login +via ssh as the non-privileged user and, via screen, access the +instance's console. Dependencies: @@ -15,29 +17,99 @@ Dependencies: uml-utilities : for tunctl for the tun/tap interface kvm : for the virtual machine emulator screen : for the detached, logged serial console + bridge-utils : for configuring a bridge device Recommendations: openssh-server : i've been using ssh to access the vm's serial console -A typical workflow to start an installer is: +INSTALLATION -kvm-creator create $GUESTNAME [$DISKSIZE [$RAM [$TAP [$MAC] ] ] ] -# set up boot media for the host ("put the installer CD in the drive"): -ln -s /usr/local/share/ISOs/d-i.iso /home/$GUESTNAME/vms/$GUESTNAME/cd.iso -# set up access to the account: -mkdir -p /home/$GUESTNAME/.ssh -cat ~/.ssh/authorized_keys >> /home/$GUESTNAME/.ssh/authorized_keys -# start up the host -update-service --add /etc/sv/kvm/$GUESTNAME + * Install dependencies: + aptitude install runit uml-utilties kvm screen bridge-utils + + * Copy programs into /usr/local/sbin: + + cp {di-maker,kvm-manager,kvm-creator} /usr/local/sbin/ + + * Copy screen configuration file into /etc + + cp screenrc.kvm-manager /etc/ + + * Configure your host network to use a bridge. If your network adaptor + is eth0, you can use the following in /etc/network/interfaces + + auto br0 + iface br0 inet static + [Put your normal IP config for eth0 here...] + bridge_ports eth0 + +INSTALLING DEBIAN ONTO YOUR VIRTUAL SERVER + +To create a KVM instance, run: + + kvm-creator create $GUESTNAME $VG [$DISKSIZE [$RAM [$TAP [$MAC] ] ] ] + +You can replace "create" with "demo" to see the default values for non- +specified options. + +The creator scripts creates a username and home directory, logical volume, and +the required directory in /etc/sv/kvm/GUESTNAME from which the kvm-manager +script is run. After creating your virtual server, you can modify the files in +/etc/sv/kvm/GUESTNAME/env to change initial settings. + +You may also add ssh key's to /home/GUESTNAME/.ssh/authorized_keys to provide +additional access to other users. + +At this point, your virtual server is created, however, it has no operating system +and it has not been started. + +There are two options for installing debian onto the virtual server: + + * netboot + * iso (like a CD install) + +To use netboot, make sure you have a working DHCP server running on your +host server and offering addresses over your bridge interface. + +Then, indicate that the server should boot via the network with: + + touch /home/$GUESTNAME/vms/$GUESTNAME/netboot + +Alternatively, you can make a debian boot ISO image: + + * Make the directory /usr/local/share/ISOs + * Create a serial console enabled debian installer. + * cd /usr/local/share/ISOs + * di-maker > d-i.iso + +Indicate that the server should boot via the CDROM (the equivelant of putting +the installer CD in the drive) with: + + ln -s /usr/local/share/ISOs/d-i.iso /home/$GUESTNAME/vms/$GUESTNAME/cd.iso + +STARTING YOUR VIRTUAL SERVER + + update-service --add /etc/sv/kvm/$GUESTNAME + +This process adds your virtual server to the runit service directory. + +If /home/$GUESTNAME/vms/$GUESTNAME/cd.iso exists, the server will behave as if you +set the CDROM as the boot device in the bios. + +If /home/$GUESTNAME/vms/$GUESTNAME/netboot exists, the server will behave as if you +set the network device as the boot device in the bios. + +After you have installed your server, be sure to delete these files if they exist or +your server won't boot properly. + +ACCESSING YOUR VIRTUAL SERVER To access the guest's serial console, do: ssh -t $GUESTNAME@host.machine screen -x $GUESTNAME - -trouble getting a serial console-enabled debian -installer ISO? try using the di-maker script. +HACKING All patches, fixes, suggestions welcome! diff --git a/kvm-creator b/kvm-creator index 6ea989f..ff51243 100755 --- a/kvm-creator +++ b/kvm-creator @@ -1,5 +1,5 @@ #!/bin/bash -set -x +#set -x # Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> # Date: 2009-10-08 @@ -9,12 +9,35 @@ CMD="$1" shift NAME="$1" -SIZE="${2:-3G}" -RAM="${3:-512}" -TAP="${4:-$(( $( cat /etc/sv/kvm/*/env/TAP | sed 's/^tap//' | sort -n | tail -n 1 ) + 1 ))}" -MAC="${5:-$(cat /etc/sv/kvm/*/env/MAC | head -n1 | cut -f 1-5 -d: ):$(( $( cat /etc/sv/kvm/*/env/MAC | cut -f 6 -d: | sort -n | tail -n 1 ) + 1 ))}" +VG="$2" +SIZE="${3:-3G}" +RAM="${4:-512}" -VG=vg_malty0 +[ "$CMD" == "create" ] && [ ! -d /etc/sv/kvm ] && mkdir /etc/sv/kvm + +ls /etc/sv/kvm/* &> /dev/null +if [ "$?" -eq 0 ]; then + TAP="${5:-tap$(( $( cat /etc/sv/kvm/*/env/TAP | sed 's/^tap//' | sort -n | tail -n 1 ) + 1 ))}" + MAC="${6:-$(cat /etc/sv/kvm/*/env/MAC | head -n1 | cut -f 1-5 -d: ):$(( $( cat /etc/sv/kvm/*/env/MAC | cut -f 6 -d: | sort -n | tail -n 1 ) + 1 ))}" +else + TAP=tap0 + MAC=00:00:00:00:00:00 +fi + +usage() { + + die "USAGE: kvm-creator create|destroy|demo guestname [volumegroup [disksize [ram [tap [mac] ] ] ] ]" + +} + +die() { + + echo "$1" + exit_code=1 + [ -n "$2" ] && exit_code="$2" + exit $exit_code + +} destroy() { @@ -26,14 +49,30 @@ destroy() { } -create() { - set -e +validate() { + + # Make sure none of the pieces already exist. + [ -z "$NAME" ] && die "Please pass the name of the virtual server to create" + [ -z "$VG" ] && [ "$CMD" == "create" ] && die "Please pass the name of the volume group to use" + getent passwd "$NAME" > /dev/null + [ "$?" -eq "0" ] && die "The username '$NAME' already exists." + getent group "$NAME" > /dev/null + [ "$?" -eq 0 ] && die "The group '$NAME' already exists." + [ -d /home/"$NAME" ] && die "The directory '/home/$NAME' already exists." + [ -d /etc/sv/kvm/"$NAME" ] && die "The directory '/etc/sv/kvm/$NAME' already exists." + [ -d /dev/mapper/${VG}-${NAME} ] && die "The logical volume $NAME already exists." -# FIXME: check that this stuff doesn't exist yet: +} + +create() { + set -e + validate adduser "$NAME" --disabled-password --gecos "$NAME KVM user,,," - mkdir "/home/$NAME/"{.ssh,vms,"vms/$NAME"} - touch "/home/$NAME/vms/$NAME/netboot" + addgroup "$NAME" kvm + for dir in .ssh vms "vms/$NAME"; do + [ ! -d "/home/$NAME/$dir" ] && mkdir "/home/$NAME/$dir" + done chown "$NAME:$NAME" "/home/$NAME/"{.ssh,vms,"vms/$NAME","vms/$NAME/netboot"} cp /root/.ssh/authorized_keys "/home/$NAME/.ssh/" lvcreate --name "$NAME" --size "$SIZE" $VG @@ -67,9 +106,13 @@ EOF demo() { - for foo in NAME TAP RAM MAC SIZE ; do - echo "$foo : ${!foo}" + validate + for foo in NAME VG TAP RAM MAC SIZE ; do + echo "$foo : ${!foo}" done + } +[ "$CMD" != "create" ] && [ "$CMD" != "destroy" ] && [ "$CMD" != "demo" ] && usage + "$CMD" |