aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README98
-rwxr-xr-xkvm-creator69
2 files changed, 141 insertions, 26 deletions
diff --git a/README b/README
index 0fac291..5a139a7 100644
--- a/README
+++ b/README
@@ -7,7 +7,9 @@ This is a small set of scripts to make it relatively easy to manage a
stable of kvm instances in a fairly secure and isolated fashion.
The basic model is to use runit to supervise each KVM instance, with a
-single, non-privileged user account for each instance.
+single, non-privileged user account for each instance. You can login
+via ssh as the non-privileged user and, via screen, access the
+instance's console.
Dependencies:
@@ -15,29 +17,99 @@ Dependencies:
uml-utilities : for tunctl for the tun/tap interface
kvm : for the virtual machine emulator
screen : for the detached, logged serial console
+ bridge-utils : for configuring a bridge device
Recommendations:
openssh-server : i've been using ssh to access the vm's serial console
-A typical workflow to start an installer is:
+INSTALLATION
-kvm-creator create $GUESTNAME [$DISKSIZE [$RAM [$TAP [$MAC] ] ] ]
-# set up boot media for the host ("put the installer CD in the drive"):
-ln -s /usr/local/share/ISOs/d-i.iso /home/$GUESTNAME/vms/$GUESTNAME/cd.iso
-# set up access to the account:
-mkdir -p /home/$GUESTNAME/.ssh
-cat ~/.ssh/authorized_keys >> /home/$GUESTNAME/.ssh/authorized_keys
-# start up the host
-update-service --add /etc/sv/kvm/$GUESTNAME
+ * Install dependencies:
+ aptitude install runit uml-utilties kvm screen bridge-utils
+
+ * Copy programs into /usr/local/sbin:
+
+ cp {di-maker,kvm-manager,kvm-creator} /usr/local/sbin/
+
+ * Copy screen configuration file into /etc
+
+ cp screenrc.kvm-manager /etc/
+
+ * Configure your host network to use a bridge. If your network adaptor
+ is eth0, you can use the following in /etc/network/interfaces
+
+ auto br0
+ iface br0 inet static
+ [Put your normal IP config for eth0 here...]
+ bridge_ports eth0
+
+INSTALLING DEBIAN ONTO YOUR VIRTUAL SERVER
+
+To create a KVM instance, run:
+
+ kvm-creator create $GUESTNAME $VG [$DISKSIZE [$RAM [$TAP [$MAC] ] ] ]
+
+You can replace "create" with "demo" to see the default values for non-
+specified options.
+
+The creator scripts creates a username and home directory, logical volume, and
+the required directory in /etc/sv/kvm/GUESTNAME from which the kvm-manager
+script is run. After creating your virtual server, you can modify the files in
+/etc/sv/kvm/GUESTNAME/env to change initial settings.
+
+You may also add ssh key's to /home/GUESTNAME/.ssh/authorized_keys to provide
+additional access to other users.
+
+At this point, your virtual server is created, however, it has no operating system
+and it has not been started.
+
+There are two options for installing debian onto the virtual server:
+
+ * netboot
+ * iso (like a CD install)
+
+To use netboot, make sure you have a working DHCP server running on your
+host server and offering addresses over your bridge interface.
+
+Then, indicate that the server should boot via the network with:
+
+ touch /home/$GUESTNAME/vms/$GUESTNAME/netboot
+
+Alternatively, you can make a debian boot ISO image:
+
+ * Make the directory /usr/local/share/ISOs
+ * Create a serial console enabled debian installer.
+ * cd /usr/local/share/ISOs
+ * di-maker > d-i.iso
+
+Indicate that the server should boot via the CDROM (the equivelant of putting
+the installer CD in the drive) with:
+
+ ln -s /usr/local/share/ISOs/d-i.iso /home/$GUESTNAME/vms/$GUESTNAME/cd.iso
+
+STARTING YOUR VIRTUAL SERVER
+
+ update-service --add /etc/sv/kvm/$GUESTNAME
+
+This process adds your virtual server to the runit service directory.
+
+If /home/$GUESTNAME/vms/$GUESTNAME/cd.iso exists, the server will behave as if you
+set the CDROM as the boot device in the bios.
+
+If /home/$GUESTNAME/vms/$GUESTNAME/netboot exists, the server will behave as if you
+set the network device as the boot device in the bios.
+
+After you have installed your server, be sure to delete these files if they exist or
+your server won't boot properly.
+
+ACCESSING YOUR VIRTUAL SERVER
To access the guest's serial console, do:
ssh -t $GUESTNAME@host.machine screen -x $GUESTNAME
-
-trouble getting a serial console-enabled debian
-installer ISO? try using the di-maker script.
+HACKING
All patches, fixes, suggestions welcome!
diff --git a/kvm-creator b/kvm-creator
index 6ea989f..ff51243 100755
--- a/kvm-creator
+++ b/kvm-creator
@@ -1,5 +1,5 @@
#!/bin/bash
-set -x
+#set -x
# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
# Date: 2009-10-08
@@ -9,12 +9,35 @@ CMD="$1"
shift
NAME="$1"
-SIZE="${2:-3G}"
-RAM="${3:-512}"
-TAP="${4:-$(( $( cat /etc/sv/kvm/*/env/TAP | sed 's/^tap//' | sort -n | tail -n 1 ) + 1 ))}"
-MAC="${5:-$(cat /etc/sv/kvm/*/env/MAC | head -n1 | cut -f 1-5 -d: ):$(( $( cat /etc/sv/kvm/*/env/MAC | cut -f 6 -d: | sort -n | tail -n 1 ) + 1 ))}"
+VG="$2"
+SIZE="${3:-3G}"
+RAM="${4:-512}"
-VG=vg_malty0
+[ "$CMD" == "create" ] && [ ! -d /etc/sv/kvm ] && mkdir /etc/sv/kvm
+
+ls /etc/sv/kvm/* &> /dev/null
+if [ "$?" -eq 0 ]; then
+ TAP="${5:-tap$(( $( cat /etc/sv/kvm/*/env/TAP | sed 's/^tap//' | sort -n | tail -n 1 ) + 1 ))}"
+ MAC="${6:-$(cat /etc/sv/kvm/*/env/MAC | head -n1 | cut -f 1-5 -d: ):$(( $( cat /etc/sv/kvm/*/env/MAC | cut -f 6 -d: | sort -n | tail -n 1 ) + 1 ))}"
+else
+ TAP=tap0
+ MAC=00:00:00:00:00:00
+fi
+
+usage() {
+
+ die "USAGE: kvm-creator create|destroy|demo guestname [volumegroup [disksize [ram [tap [mac] ] ] ] ]"
+
+}
+
+die() {
+
+ echo "$1"
+ exit_code=1
+ [ -n "$2" ] && exit_code="$2"
+ exit $exit_code
+
+}
destroy() {
@@ -26,14 +49,30 @@ destroy() {
}
-create() {
- set -e
+validate() {
+
+ # Make sure none of the pieces already exist.
+ [ -z "$NAME" ] && die "Please pass the name of the virtual server to create"
+ [ -z "$VG" ] && [ "$CMD" == "create" ] && die "Please pass the name of the volume group to use"
+ getent passwd "$NAME" > /dev/null
+ [ "$?" -eq "0" ] && die "The username '$NAME' already exists."
+ getent group "$NAME" > /dev/null
+ [ "$?" -eq 0 ] && die "The group '$NAME' already exists."
+ [ -d /home/"$NAME" ] && die "The directory '/home/$NAME' already exists."
+ [ -d /etc/sv/kvm/"$NAME" ] && die "The directory '/etc/sv/kvm/$NAME' already exists."
+ [ -d /dev/mapper/${VG}-${NAME} ] && die "The logical volume $NAME already exists."
-# FIXME: check that this stuff doesn't exist yet:
+}
+
+create() {
+ set -e
+ validate
adduser "$NAME" --disabled-password --gecos "$NAME KVM user,,,"
- mkdir "/home/$NAME/"{.ssh,vms,"vms/$NAME"}
- touch "/home/$NAME/vms/$NAME/netboot"
+ addgroup "$NAME" kvm
+ for dir in .ssh vms "vms/$NAME"; do
+ [ ! -d "/home/$NAME/$dir" ] && mkdir "/home/$NAME/$dir"
+ done
chown "$NAME:$NAME" "/home/$NAME/"{.ssh,vms,"vms/$NAME","vms/$NAME/netboot"}
cp /root/.ssh/authorized_keys "/home/$NAME/.ssh/"
lvcreate --name "$NAME" --size "$SIZE" $VG
@@ -67,9 +106,13 @@ EOF
demo() {
- for foo in NAME TAP RAM MAC SIZE ; do
- echo "$foo : ${!foo}"
+ validate
+ for foo in NAME VG TAP RAM MAC SIZE ; do
+ echo "$foo : ${!foo}"
done
+
}
+[ "$CMD" != "create" ] && [ "$CMD" != "destroy" ] && [ "$CMD" != "demo" ] && usage
+
"$CMD"