add metadata files

Signed-off-by: GnomeZworc <nicolas.boufidjeline@g3e.fr>
2025-05-15 21:20:28 +02:00 · 2025-05-15 21:20:28 +02:00 · bf00263bc5
commit bf00263bc5
parent b108d836ff
9 changed files with 206 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -69,3 +69,65 @@ exec ip netns exec "$NETNS" \
    --log-facility="/var/log/dnsmasq-$arg.log" \
    --no-daemon -p0
 ```
+
+```
+vm-1-toto:~# cat /etc/cloud/cloud.cfg.d/20_user.cfg
+system_info:
+  default_user:
+    name: syonad
+vm-1-toto:~# cat /etc/cloud/cloud.cfg.d/99_metadata.cfg
+datasource_list: [ NoCloud ]
+datasource:
+  NoCloud:
+    seedfrom: 'http://169.254.169.254:80'
+    timeout: 5
+    max_wait: 10
+```
+
+
+```
+qemu-system-x86_64 -enable-kvm -cpu host -m 512 \
+  -smp 1 -serial unix:/tmp/i-0343234.sock,server,nowait \
+  -monitor unix:/tmp/i-0343234.mon-sock,server,nowait \
+  -qmp unix:/tmp/i-0343234.qmp-sock,server,nowait \
+  -drive file=/disk/vm-1.qcow2,if=virtio \
+  -netdev tap,id=net0,ifname=tap9837026863,script=no,downscript=no -device virtio-net-pci,netdev=net0,mac=00:22:33:00:00:0A \
+  -display none -daemonize
+```
+
+
+```
+qemu-system-x86_64 -enable-kvm -cpu host -m 512 \
+  -smp 1 -serial unix:/tmp/i-0343234.sock,server,nowait \
+  -monitor unix:/tmp/i-0343234.mon-sock,server,nowait \
+  -qmp unix:/tmp/i-0343234.qmp-sock,server,nowait \
+  -drive file=/disk/vm-2.qcow2,if=virtio \
+  -drive file=/disk/tmp.qcow2,if=virtio \
+  -drive file=/disk/root.qcow2,if=virtio \
+  -netdev tap,id=net0,ifname=tap9102959250,script=no,downscript=no -device virtio-net-pci,netdev=net0,mac=00:22:33:00:00:0A \
+  -display none -daemonize \
+  -drive file=./seed/seed.iso,media=cdrom,if=ide
+```
+
+add public ip:
+```
+brctl addbr br-public
+brctl stp   "br-public" off
+ip link add "veth-public-ext" type veth peer name "veth-public-int" netns "vpc-00003"
+ip netns exec "vpc-00003" brctl addbr "br-public"
+ip netns exec "vpc-00003" brctl stp   "br-public" off
+
+brctl addif "br-public" "veth-public-ext"
+ip netns exec "vpc-00003" brctl addif "br-public" "veth-public-int"
+
+
+ip                link set up dev "veth-public-ext"
+ip                link set up dev "br-public"
+ip -n "vpc-00003" link set up dev "veth-public-int"
+ip -n "vpc-00003" link set up dev "br-public"
+
+ip link add link eno1 name macvlan0 type macvlan mode bridge
+
+-A PREROUTING -d 192.168.15.2/32 -j DNAT --to-destination 192.168.20.10
+-A POSTROUTING -s 192.168.20.10/32 -o br-public -j MASQUERADE
+```
--- a/agent.sh
+++ b/agent.sh
@ -26,6 +26,7 @@ function start_vm {
    DEFINE_string  'vm_name'     '-'    'VM NAME'               'm'
    DEFINE_string  'vm_ip'       '-'    'VM CIDR'               'p'
    DEFINE_string  'volume_id'   '-'    'Volume backend file'   'o'
+    DEFINE_string  'ssh_key'     '-'    'pub ssh Key'           'k'
    DEFINE_boolean 'dryrun'      false  'Enable dry-run mode'   'd'
  
    FLAGS "$@" || exit $?
@ -52,14 +53,14 @@ function start_vm {
    print_in_color "${COLOR_SYAN}"  "  name: ${FLAGS_vm_name}"
    print_in_color "${COLOR_SYAN}"  "  ip: ${vm_ip}"
    print_in_color "${COLOR_SYAN}"  "  volume backing file: ${FLAGS_volume_id}"
-    print_in_color "${COLOR_SYAN}"  "  tap: to generate"
+    print_in_color "${COLOR_SYAN}"  "  sshkey: ${FLAGS_ssh_key}"
    print_in_color "${COLOR_SYAN}"  "#############################################"
    echo
    echo

    create_vpc "${FLAGS_vpc_name}"
    create_subnet "${FLAGS_vpc_name}" "${FLAGS_subnet_name}" "${FLAGS_vxlan_id}" "${local_ip}" "${gateway_ip}" "${subnet}"
-    qemu_start_vm "${FLAGS_vm_ip}" "${FLAGS_subnet_name}" "${FLAGS_vpc_name}" "${FLAGS_vm_name}" "${FLAGS_volume_id}"
+    qemu_start_vm "${FLAGS_vm_ip}" "${FLAGS_subnet_name}" "${FLAGS_vpc_name}" "${FLAGS_vm_name}" "${FLAGS_volume_id}" "${FLAGS_ssh_key}" "${FLAGS_gateway_ip}"
 }

 function stop_vm {
--- a/files/dnsmasq.service
+++ b/files/dnsmasq.service
@ -0,0 +1,11 @@
+[Unit]
+Description=dnsmasq in netns %i
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/run-dnsmasq-in-netns.sh %i
+ExecStopPost=/bin/rm -f /run/dnsmasq-%i.pid
+
+[Install]
+WantedBy=multi-user.target
--- a/files/dnsmasq.sh
+++ b/files/dnsmasq.sh
@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+# Expects one argument: netns_bridge (e.g. vpc-00003_br-00002 or vpc1_br0)
+arg="$1"
+NETNS="${arg%%_*}"
+BRIDGE="${arg#*_}"
+
+echo "start dnsmasq ${NETNS} ${BRIDGE}"
+
+exec ip netns exec "${NETNS}" \
+  dnsmasq \
+    --no-daemon \
+    --interface="${BRIDGE}" \
+    --bind-interfaces \
+    --pid-file="/run/dnsmasq-$arg.pid" \
+    --conf-file="/etc/dnsmasq.d/$arg.conf" \
+    --no-hosts \
+    --no-resolv \
+    --log-facility="/var/log/dnsmasq-$arg.log" \
+    --no-daemon -p0
--- a/files/metadata.service
+++ b/files/metadata.service
@ -0,0 +1,10 @@
+[Unit]
+Description=metadata in netns %i
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/run-metadata-in-netns.sh %i
+
+[Install]
+WantedBy=multi-user.target
--- a/files/metadata.sh
+++ b/files/metadata.sh
@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+# Expects one argument: netns_bridge (e.g. vpc-00003_br-00002 or vpc1_br0)
+arg="$1"
+NETNS="${arg%%_*}"
+ip_port="${arg#*_}"
+IP="${ip_port%%-*}"
+PORT="${ip_port#*-}"
+
+echo "start metadata ${NETNS} "
+
+exec ip netns exec "${NETNS}" \
+  /usr/bin/metadata \
+    -file "/opt/metadata/${arg}.json" \
+    -interface "${IP}" \
+    -port "${PORT}"
--- a/lib/metadata.sh
+++ b/lib/metadata.sh
@ -0,0 +1,64 @@
+#!/bin/bash
+
+function metadata_service() {
+    cp ./files/metadata.service /etc/systemd/system/metadata@.service
+    cp ./files/metadata.sh      /usr/local/bin/run-metadata-in-netns.sh
+    chmod +x /usr/local/bin/run-metadata-in-netns.sh
+}
+
+function metadata_config() {
+  vm_name="${1}"
+  meta_def="${2}"
+  ssh_key="${3}"
+
+  PASSWORD="\$6\$LD5z9v/s2b170Twj\$pl1B/Mz0w8PCr7JhFcclQpBSxUQTDOiuPko8yf4LntEo8FrIo2yKVeHR6fb5VQpxX9NP2k9yhXdsp671Sc56u1"
+
+  VENDOR_DATA=$(
+  cat <<END | sed -e ':a;N;$!ba;s/\n/\\n/g' | sed -e 's/"/\\"/g'
+users:
+  - name: syonad
+    lock_passwd: true
+    gecos: alpine Cloud User
+    groups: [adm, wheel]
+    doas:
+      - permit nopass syonad
+    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+    shell: /bin/ash
+    passwd: "${PASSWORD}"
+    ssh_authorized_keys:
+      - ${ssh_key}
+END
+  )
+
+  cat <<END > "/opt/metadata/${meta_def}.conf"
+{
+  "meta-data": "instance-id: ${vm_name}\nlocal-hostname: ${vm_name}\n",
+  "user-data": "#!/bin/sh\npasswd -d root\n",
+  "network-config": "version: 2\nethernets:\n  eth0:\n    dhcp4: true\n",
+  "vendor-data": "${VENDOR_DATA}"
+}
+END
+
+
+}
+
+function metadata_start() {
+    vpc="${1}"
+    ip="${2}"
+    port="${3}"
+    vm_name="${4}"
+    ssh_key="${5}"
+
+
+    metadata_config "${vm_name}" "${vpc}_${ip}-${port}" "${ssh_key}"
+    systemctl start "metadata@${vpc}_${ip}-${port}.service"
+}
+
+function metadata_stop() {
+    vpc="${1}"
+    ip="${2}"
+    port="${3}"
+
+    systemctl stop "metadata@${vpc}_${ip}-${port}.service"
+    rm -f "/opt/metadata/${vpc}_${ip}-${port}.conf"
+}
--- a/lib/numbers.sh
+++ b/lib/numbers.sh
@ -1,10 +1,15 @@
 #!/bin/bash

-function generate_random_number {
+function generate_random_id {
    local digits="$1"
    tr -dc '0-9' </dev/urandom | head -c "$digits"
 }

+function generate_random_number {
+    local number=$(shuf -i 10000-20000 -n 1)
+    echo "${number}"
+}
+
 function find_mac {
    id="${1}"
    ip="${2}"
--- a/lib/qemu.sh
+++ b/lib/qemu.sh
@ -3,6 +3,7 @@
 . ./lib/numbers.sh
 . ./lib/colors.sh
 . ./lib/db.sh
+. ./lib/metadata.sh

 function check_qemu_exist {
    local vm_name="${1}"
@ -31,7 +32,10 @@ function qemu_start_vm {
    local vpc_name="${3}"
    local vm_name="${4}"
    local volume_path="${5}"
-    local tap_id="$(generate_random_number 10)"
+    local ssh_key="${6}"
+    local gateway_ip="${7}"
+    local tap_id="$(generate_random_id 10)"
+    local metadata_port="$(generate_random_number)"
    local subnet_id="$(echo "${subnet_name}" | cut -d\- -f2)"
    local mac="$(find_mac "${vpc_name}_br-${subnet_id}" "${ip}")"

@ -42,8 +46,10 @@ function qemu_start_vm {
    } || \
    {
        print_in_color "${COLOR_GREEN}"  "Create tap tap${tap_id}"
-        add_in_db "vm" "${vm_name}" "${subnet_name}" "${tap_id}"
+        add_in_db "vm" "${vm_name}" "${subnet_name}" "${tap_id}" "${metadata_port}" "${ip}"
        create_tap "${tap_id}" "br-${subnet_id}" "${vpc_name}"
+        metadata_start "${vpc_name}" "${gateway_ip}" "${metadata_port}" "${vm_name}" "${ssh_key}"
+        ip netnes exec "${vpc_name}" iptable -t nat -A PREROUTING -s "${ip}/32" -d "169.254.169.254/32" -p tcp -m tcp --dport 80 -j DNAT --to-destination "${gateway_ip}:8080"

        print_in_color "${COLOR_GREEN}"  "Start vm ${vm_name}"
        ip netns exec "${vpc_name}" qemu-system-x86_64 \
@ -67,6 +73,8 @@ function qemu_stop_vm {
    local vm_def=$(get_from_db "vm" "${vm_name}")
    local subnet_name="$(echo "${vm_def}" | cut -d\; -f 2)"
    local tap_id="$(echo "${vm_def}" | cut -d\; -f 3)"
+    local metadata_port="$(echo "${vm_def}" | cut -d\; -f 4)"
+    local ip="$(echo "${vm_def}" | cut -d\; -f 5)"
    local subnet_def=$(get_from_db "subnet" "${subnet_name}")
    local vpc_name="$(echo "${subnet_def}" | cut -d\; -f 2)"

@ -79,6 +87,8 @@ function qemu_stop_vm {

    print_in_color "${COLOR_RED}" "Delete tap${tap_id}"
    ip -n "${vpc_name}" link del dev "tap${tap_id}"
+
+    metadata_stop "${vpc_name}" "${ip}" "${metadata_port}"
    delete_in_db "vm" "${vm_name}"

    print_in_color "${COLOR_GREY}" "Try to delete ${subnet_name}"