talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Start of a script for managing bhyve virtual machines.

Browse Source
This commit is contained in:
Tom Alexander 2023-04-26 17:58:46 -04:00
parent 9fcc955d13
commit 3dd710eab6
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
2 changed files with 98 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
View File

@ -19,29 +19,109 @@ function main {
function create_disk {
zfs_path="$1"
gigabytes="$2"
zfs create "-V${gigabytes}G" -o volmode=dev "$zfs_path"
mount_path="$2"
gigabytes="$3"
zfs create -o "mountpoint=$mount_path" "$zfs_path"
cp /usr/local/share/edk2-bhyve/BHYVE_UEFI_VARS.fd "${mount_path}/"
tee "${mount_path}/settings" <<EOF
CPU_CORES=1
MEMORY=1G
EOF
zfs create -s "-V${gigabytes}G" -o volmode=dev "$zfs_path/disk0"
}
function start_vm {
name="$1"
zfs_path="$2"
mount_path="$3"
host_interface_name="$4"
bridge_name="bridge_${host_interface_name}"
ip_range="$5"
assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
bridge_link_name=$(detect_available_link "${bridge_name}")
CPU_CORES=1
MEMORY=1G
if [ -e "${mount_path}/settings" ]; then
source "${mount_path}/settings"
fi
# -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
bhyve \
-c $CPU_CORES \
-m $MEMORY \
-H \
-s 0,hostbridge \
-s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
-s 4,virtio-blk,/dev/zvol/${zfs_path} \
-s 2:0,virtio-net,netgraph,path=bridge_jail_nat:,peerhook=link90 \
-s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
-s 30,xhci,tablet \
-s 31,lpc -l com1,stdio \
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \
"$name"
# -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
# -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
while true; do
set -x
bhyve \
-c $CPU_CORES \
-m $MEMORY \
-H \
-s 0,hostbridge \
-s "4,nvme,/dev/zvol/${zfs_path}/disk0" \
-s "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name}" \
-s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
-s 30,xhci,tablet \
-s 31,lpc -l com1,stdio \
-l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,${mount_path}/BHYVE_UEFI_VARS.fd" \
"$name"
exit_code=$?
set +x
if [ $exit_code -eq 0 ]; then
echo "Rebooting."
elif [ $exit_code -eq 1 ]; then
echo "Powered off."
break
elif [ $exit_code -eq 2 ]; then
echo "Halted."
break
elif [ $exit_code -eq 3 ]; then
echo "Triple fault."
break
elif [ $exit_code -eq 4 ]; then
echo "Exited due to an error."
break
fi
done
}
function detect_available_link {
bridge_name="$1"
linknum=1
while true; do
link_name="link${linknum}"
if ! ng_exists "${bridge_name}:${link_name}"; then
echo "$link_name"
return
fi
linknum=$((linknum + 1))
if [ "$linknum" -gt 90 ]; then
(>&2 echo "No available links on bridge $bridge_name")
exit 1
fi
done
}
function assert_bridge {
host_interface_name="$1"
bridge_name="$2"
ip_range="$3"
if ! ng_exists "${bridge_name}:"; then
ngctl -d -f - <<EOF
mkpeer . eiface hook ether
name .:hook $host_interface_name
EOF
ngctl -d -f - <<EOF
mkpeer ${host_interface_name}: bridge ether link0
name ${host_interface_name}:ether $bridge_name
EOF
ifconfig $(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2) name "${host_interface_name}" "$ip_range" up
fi
}
function ng_exists {
ngctl status "${1}" >/dev/null 2>&1
}
main "${@}"

3
ansible/roles/firewall/files/odofreebsd_pf.conf
View File

@ -22,7 +22,10 @@ rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1
# filtering
block log all
pass out on $ext_if
pass in on jail_nat
# Allow traffic from my machine to the jails/virtual machines
pass out on jail_nat from jail_nat
# We pass on the interfaces listed in allow rather than skipping on
# them because changes to pass rules will update when running a