1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
#!/bin/sh
# Create the disk image for arbiter: a gateway with NAT, dnsmasq and
# sshd. The user account test / test is set up to run the test_task
# script for evaluating the given task. The account is also given sudo
# rights to reboot, poweroff, ifconfig, ip and mount.
set -e
if [ $# -lt 1 ]; then
echo "usage: ${0} base"
exit 1
fi
base="${1}"
name="arbiter"
format="qcow2"
# WAN on first interface, LAN on second
file_interfaces=\
'# see interfaces(5)
source /etc/network/interfaces.d/*
# loopback interface
auto lo
iface lo inet loopback
# first interface
allow-hotplug ens3
iface ens3 inet dhcp
allow-hotplug enp0s3
iface enp0s3 inet dhcp
# second interface
allow-hotplug ens4
iface ens4 inet static
address 10.94.94.1/24
allow-hotplug enp0s8
iface enp0s8 inet static
address 10.94.94.1/24
'
# NAT rules
file_nftables=\
'table ip nat {
chain prerouting {
type nat hook prerouting priority 0; policy accept;
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
oifname "ens3" masquerade
oifname "enp0s3" masquerade
}
}
'
file_dnsmasq=\
'interface=ens4
interface=enp0s8
dhcp-range=10.94.94.16,10.94.94.250,12h
'
file_sudoers=\
'test ALL = /sbin/reboot
test ALL = /sbin/poweroff
test ALL = NOPASSWD: /bin/ip
test ALL = NOPASSWD: /bin/mount
test ALL = NOPASSWD: /sbin/ifconfig
'
qemu-img create -f qcow2 -b "${base}" "${name}.${format}"
virt-customize -a "${name}.${format}" \
--hostname "${name}" \
--update \
--install fortune-mod,fortunes,fortunes-bofh-excuses,python3-pexpect,python3-paramiko,python3-snimpy,python3-yaml \
--install dnsmasq \
--install openssh-server \
--run-command "apt clean" \
--write /etc/network/interfaces:"${file_interfaces}" \
--write /etc/nftables.conf:"${file_nftables}" \
--write /etc/sysctl.d/gateway.conf:"net.ipv4.ip_forward = 1" \
--run-command "systemctl enable nftables.service" \
--write /etc/dnsmasq.d/kpov-gw:"${file_dnsmasq}" \
--run-command "useradd -m -s /bin/bash -p '\$6\$VdV5y2gl\$YxpYuwcVZHSXiv0N4yzmF8PspBeIK8QLdGJZzYFuKRjkfc82DhaS5fQeuOt0q9APDPLeSMTzt8BtxI2Bwo/hH.' test" \
--write /etc/sudoers.d/kpov-test:"${file_sudoers}"
## make a sparse diff
#virt-sparsify "${name}.${format}" "${name}x.${format}"
#qemu-img create -f "${format}" -b "${name}x.${format}" "${name}-diff.${format}"
#qemu-img rebase -b "${base}" "${name}-diff.${format}"
#rm -f "./${name}-install.${format}"
|
