2026-01-31-01

Signed-off-by: Nicolas Boufidjeline <nicolas.boufidjeline@MacBook-Pro-de-Nicolas-B.local>
2026-01-31 21:16:21 +01:00 · 2026-01-31 21:16:21 +01:00 · dfa4e7bd15
commit dfa4e7bd15
parent e058f1c494
3 changed files with 189 additions and 0 deletions
--- a/source/index.rst
+++ b/source/index.rst
@ -5,5 +5,6 @@ Documentation de GnomeZworc!

   tech_conf/index
   personnal/index
+   syonad/index
   doc_api/index
   archive/index
--- a/source/syonad/build_image.rst
+++ b/source/syonad/build_image.rst
@ -0,0 +1,182 @@
+Build an image
+==============
+
+Introduction
+------------
+
+Cette premiere documentation sur le projet est une documentation qui a pour but d'expliquer comment creer une image qui fonctionne.
+
+
+Prepar qcow2
+------------
+
+Nous allons voir ici comment creer un fichier qcow2 racine.
+
+Ce qu'il est necessaire d'avoir
+-------------------------------
+
+- un fichier qcow2
+- un interface tap0
+- et un reseau capable de fourni l'ip et le reseau a la mac 00:22:33:00:00:01
+
+Le fichier seed.iso
+-------------------
+
+.. code-block::
+
+    export os=<os name>
+    export os_link=<url to qcow2 file>
+    export os_file=<os file name>
+    export os_dir=<os to download dir>
+    export disk_dir=<disk dire file>
+
+    mkdir -p "${os_dir}"
+    cd "${os_dir}"
+    mkdir -p /opt/seed/${os}
+
+    cat << ENDFILE > /opt/seed/${os}/meta-data
+    instance-id: iid-local01
+    local-hostname: my-vm-01
+    ENDFILE
+
+    cat << ENDFILE > /opt/seed/${os}/network-config
+    version: 2
+    renderer: networkd
+    ethernets:
+    eth0:
+        dhcp4: true
+    ENDFILE
+
+    cat << ENDFILE > /opt/seed/${os}/user-data
+    #cloud-config
+    users:
+    - name: nicolas
+        lock_passwd: false
+        passwd: "$5$Swu3AjypPDw0MAqZ$82u2RmMWmc2Vo6vHUw0ZdLFzmA54FokrMs3xJ1EJFIA"
+        sudo: ALL=(ALL) NOPASSWD:ALL
+        ssh_authorized_keys:
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEL7V6RKvYPtzpk+Kb00e1mXiaqj8gZYIobavWQm1iBQ cardno:16_148_277
+    ENDFILE
+
+    mkisofs -o /opt/seed/${os}_seed.iso -V cidata -J -r /opt/seed/${os}/
+
+    curl "${os_link}" -O
+    qemu-img create -f qcow2 "${disk_dir}/${os}-root.qcow2" 10G
+    qemu-img create -f qcow2 "${disk_dir}/tmp.qcow2" 50G
+    qemu-img create -f qcow2 -b "${os_dir}/${os_file}" -F qcow2  "${disk_dir}/${os}-tmp.qcow2" 10G
+
+    qemu-system-x86_64 \
+        -enable-kvm \
+        -cpu host \
+        -m 2048 \
+        -smp 2 \
+        -nographic \
+        -serial mon:stdio \
+        -monitor unix:/tmp/vm-build.mon-sock,server,nowait \
+        -drive file=/opt/seed/${os}_seed.iso,media=cdrom,if=ide \
+        \
+        -drive file=${disk_dir}/${os}-tmp.qcow2,format=qcow2,if=none,id=vda \
+        -device virtio-blk-pci,drive=vda,bootindex=0 \
+        \
+        -device virtio-scsi-pci,id=scsi0 \
+        \
+        -drive file=${disk_dir}/${os}-root.qcow2,if=none,id=hd0 \
+        -device scsi-hd,drive=hd0,bus=scsi0.0 \
+        \
+        -drive file=${disk_dir}/tmp.qcow2,if=none,id=hd1 \
+        -device scsi-hd,drive=hd1,bus=scsi0.0 \
+        \
+        -netdev tap,id=net0,ifname=tap0,script=no,downscript=no -device virtio-net-pci,netdev=net0,mac=00:22:33:00:00:01
+
+    # trouver les bon disk
+
+    work_disk=/dev/sdb
+    os_disk=/dev/sda
+
+    mkdir /work
+    mkfs.xfs ${work_disk}
+    mount ${work_disk} /work
+    cd /work
+
+    curl "${os_link}" -O
+    qemu-img convert ./*.qcow2 -O raw ${os_disk}
+
+    partprobe
+    echo 1 > /sys/block/sda/device/rescan
+    sleep 2
+    # Get the biggest partition of /dev/sda as root partition
+    root_partition=$(fdisk -lo device,size /dev/sda | grep -E '^\/dev\/' | tr -s ' ' | sort -rhk2 | head -n1 | cut -d ' ' -f1)
+    mount -o nouuid $root_partition /mnt
+    mount -o bind /dev /mnt/dev
+    mount -o bind /proc /mnt/proc
+    mount -o bind /sys /mnt/sys
+
+    #dns
+    cp /etc/resolv.conf /mnt/etc/resolv.conf
+
+    #ssh
+    yum install -y augeas
+
+    echo "The default user for Syonad VMs is 'syonad'." > /mnt/etc/banner
+
+    augtool -r /mnt -s <<EOF
+    set /files/etc/ssh/sshd_config/X11Forwarding no
+    set /files/etc/ssh/sshd_config/PermitTunnel no
+    set /files/etc/ssh/sshd_config/PermitRootLogin no
+    set /files/etc/ssh/sshd_config/RSAAuthentication yes
+    set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
+    set /files/etc/ssh/sshd_config/PasswordAuthentication no
+    set /files/etc/ssh/sshd_config/UseDNS no
+    set /files/etc/ssh/sshd_config/ChallengeResponseAuthentication no
+    set /files/etc/ssh/sshd_config/GSSAPIAuthentication no
+    set /files/etc/ssh/sshd_config/Match[1]/Condition/User "root,centos,ubuntu,debian,ec2-user"
+    set /files/etc/ssh/sshd_config/Match[1]/Settings/Banner "/etc/banner"
+    EOF
+
+    cat << ENDFILE > /mnt/etc/cloud/cloud.cfg.d/20_user.cfg
+    system_info:
+    default_user:
+        name: syonad
+    ENDFILE
+
+    cat << ENDFILE > /mnt/etc/cloud/cloud.cfg.d/99_metadata.cfg
+    datasource_list: [ NoCloud ]
+    datasource:
+    NoCloud:
+        seedfrom: 'http://169.254.169.254:80'
+        timeout: 5
+        max_wait: 10
+    ENDFILE
+
+    # fstrim
+    chroot /mnt/ systemctl enable fstrim.timer
+
+    # enforce
+    chroot /mnt/ systemctl disable rpcbind.service
+    chroot /mnt/ systemctl disable rpcbind.socket
+
+    # disable SELINUX
+    augtool -r /mnt -s set /files/etc/selinux/config/SELINUX disabled
+
+    # clean
+    rm -f /mnt/etc/resolv.conf
+    rm -rf /mnt/var/cache/yum
+    rm -rf /mnt/root/.ssh
+    rm -rf /mnt/root/.bash_history
+    rm -rf /mnt/tmp/*
+    rm -rf /mnt/var/lib/dhcp/*
+    rm -rf /mnt/var/tmp/*
+    find /mnt/var/log ! -type d -exec rm '{}' \;
+    rm -rf /mnt/var/lib/cloud/*
+
+    poweroff
+
+Debug
+-----
+
+si la vm ne demarre pas correctement on peut lancer dans un nouveau terminal:
+
+.. code-block::
+
+    socat -,raw,echo=0 unix-connect:/tmp/vm-build.mon-sock
+    quit
--- a/source/syonad/index.rst
+++ b/source/syonad/index.rst
@ -0,0 +1,6 @@
+Syonad
+======
+
+.. toctree::
+
+    build_image