# Prepar qcow2

Nous allons voir ici comment creer un fichier qcow2 racine.

## Ce qu'il est necessaire d'avoir

- un fichier qcow2
- un interface tap0
- et un reseau capable de fourni l'ip et le reseau a la mac 00:22:33:00:00:01

## Le fichier seed.iso

```bash
export os=<os name>
export os_link=<url to qcow2 file>
export os_file=<os file name>
export os_dir=<os to download dir>
export disk_dir=<disk dire file>

mkdir -p "${os_dir}"
cd "${os_dir}"
mkdir -p /opt/seed/${os}

cat << ENDFILE > /opt/seed/${os}/meta-data
instance-id: iid-local01
local-hostname: my-vm-01
ENDFILE

cat << ENDFILE > /opt/seed/${os}/network-config
version: 2
renderer: networkd
ethernets:
  eth0:
    dhcp4: true
ENDFILE

cat << ENDFILE > /opt/seed/${os}/user-data
#cloud-config
users:
  - name: nicolas
    lock_passwd: false
    passwd: "$5$Swu3AjypPDw0MAqZ$82u2RmMWmc2Vo6vHUw0ZdLFzmA54FokrMs3xJ1EJFIA"
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEL7V6RKvYPtzpk+Kb00e1mXiaqj8gZYIobavWQm1iBQ cardno:16_148_277
ENDFILE

mkisofs -o /opt/seed/${os}_seed.iso -V cidata -J -r /opt/seed/${os}/

curl "${os_link}" -O
qemu-img create -f qcow2 "${disk_dir}/${os}-root.qcow2" 10G
qemu-img create -f qcow2 "${disk_dir}/tmp.qcow2" 50G
qemu-img create -f qcow2 -b "${os_dir}/${os_file}" -F qcow2  "${disk_dir}/${os}-tmp.qcow2" 10G

qemu-system-x86_64 \
    -enable-kvm \
    -cpu host \
    -m 2048 \
    -smp 2 \
    -nographic \
    -serial mon:stdio \
    -monitor unix:/tmp/vm-build.mon-sock,server,nowait \
    -drive file=/opt/seed/${os}_seed.iso,media=cdrom,if=ide \
    \
    -drive file=${disk_dir}/${os}-tmp.qcow2,format=qcow2,if=none,id=vda \
    -device virtio-blk-pci,drive=vda,bootindex=0 \
    \
    -device virtio-scsi-pci,id=scsi0 \
    \
    -drive file=${disk_dir}/${os}-root.qcow2,if=none,id=hd0 \
    -device scsi-hd,drive=hd0,bus=scsi0.0 \
    \
    -drive file=${disk_dir}/tmp.qcow2,if=none,id=hd1 \
    -device scsi-hd,drive=hd1,bus=scsi0.0 \
    \
    -netdev tap,id=net0,ifname=tap0,script=no,downscript=no -device virtio-net-pci,netdev=net0,mac=00:22:33:00:00:01

# trouver les bon disk

work_disk=/dev/sdb
os_disk=/dev/sda

mkdir /work
mkfs.xfs ${work_disk}
mount ${work_disk} /work
cd /work

curl "${os_link}" -O
qemu-img convert ./*.qcow2 -O raw ${os_disk}

partprobe
echo 1 > /sys/block/sda/device/rescan
sleep 2
# Get the biggest partition of /dev/sda as root partition
root_partition=$(fdisk -lo device,size /dev/sda | grep -E '^\/dev\/' | tr -s ' ' | sort -rhk2 | head -n1 | cut -d ' ' -f1)
mount -o nouuid $root_partition /mnt
mount -o bind /dev /mnt/dev
mount -o bind /proc /mnt/proc
mount -o bind /sys /mnt/sys

#dns
cp /etc/resolv.conf /mnt/etc/resolv.conf

#ssh
yum install -y augeas

echo "The default user for Syonad VMs is 'syonad'." > /mnt/etc/banner

augtool -r /mnt -s <<EOF
set /files/etc/ssh/sshd_config/X11Forwarding no
set /files/etc/ssh/sshd_config/PermitTunnel no
set /files/etc/ssh/sshd_config/PermitRootLogin no
set /files/etc/ssh/sshd_config/RSAAuthentication yes
set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
set /files/etc/ssh/sshd_config/PasswordAuthentication no
set /files/etc/ssh/sshd_config/UseDNS no
set /files/etc/ssh/sshd_config/ChallengeResponseAuthentication no
set /files/etc/ssh/sshd_config/GSSAPIAuthentication no
set /files/etc/ssh/sshd_config/Match[1]/Condition/User "root,centos,ubuntu,debian,ec2-user"
set /files/etc/ssh/sshd_config/Match[1]/Settings/Banner "/etc/banner"
EOF

cat << ENDFILE > /mnt/etc/cloud/cloud.cfg.d/20_user.cfg
system_info:
  default_user:
    name: syonad
ENDFILE

cat << ENDFILE > /mnt/etc/cloud/cloud.cfg.d/99_metadata.cfg
datasource_list: [ NoCloud ]
datasource:
  NoCloud:
    seedfrom: 'http://169.254.169.254:80'
    timeout: 5
    max_wait: 10
ENDFILE

# fstrim
chroot /mnt/ systemctl enable fstrim.timer

# enforce
chroot /mnt/ systemctl disable rpcbind.service
chroot /mnt/ systemctl disable rpcbind.socket

# disable SELINUX
augtool -r /mnt -s set /files/etc/selinux/config/SELINUX disabled

# clean
rm -f /mnt/etc/resolv.conf
rm -rf /mnt/var/cache/yum
rm -rf /mnt/root/.ssh
rm -rf /mnt/root/.bash_history
rm -rf /mnt/tmp/*
rm -rf /mnt/var/lib/dhcp/*
rm -rf /mnt/var/tmp/*
find /mnt/var/log ! -type d -exec rm '{}' \;
rm -rf /mnt/var/lib/cloud/*

poweroff
```

si la vm ne demarre pas correctement on peut lancer dans un nouveau terminal:
```
socat -,raw,echo=0 unix-connect:/tmp/vm-build.mon-sock
quit
```