Skip to content
Snippets Groups Projects
Commit f39a6a0e authored by Lars Seipel's avatar Lars Seipel
Browse files

runner/libvirt: fix CL switch configuration

parent 3f058079
No related branches found
No related tags found
No related merge requests found
......@@ -3,6 +3,7 @@ module slrz.net/runtopo
go 1.16
require (
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
gonum.org/v1/gonum v0.8.2
libvirt.org/libvirt-go v7.0.0+incompatible
libvirt.org/libvirt-go-xml v7.0.0+incompatible
......
......@@ -2,11 +2,19 @@ github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3
github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g=
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2 h1:y102fOLFqhV41b+4GPiJoa0k/x+pJcEi2/HB1Y5T6fU=
golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
......
......@@ -6,6 +6,10 @@ import (
"fmt"
"io"
"os/exec"
"strings"
"golang.org/x/crypto/bcrypt"
"slrz.net/runtopo/topology"
)
func customizeDomain(ctx context.Context, uri string, d *device, extraCommands io.Reader) (err error) {
......@@ -43,14 +47,23 @@ func customizeDomain(ctx context.Context, uri string, d *device, extraCommands i
func commandsForFunction(d *device) []byte {
var buf bytes.Buffer
if isCumulusFunction(d.topoDev.Function()) {
if f := d.topoDev.Function(); isCumulusFunction(f) {
// These eat enough memory to summon the OOM killer in 512MiB
// VMs.
buf.WriteString("run-command systemctl disable netq-agent.service\n")
buf.WriteString("run-command systemctl disable netqd@mgmt.service\n")
buf.WriteString("run-command passwd -x 99999 cumulus\n")
buf.WriteString("run-command passwd -d cumulus\n") // XXX
buf.WriteString("run-command passwd -x 99999 cumulus\n") // CL4+
buf.WriteString("write /etc/sudoers.d/no-passwd:%sudo ALL=(ALL:ALL) NOPASSWD: ALL\n")
// Set password for user cumulus to some random string.
// Otherwise, CL4+ forces a password change on first login.
cryptPW, err := bcrypt.GenerateFromPassword([]byte(randomString(16)), -1)
if err != nil {
panic(err) // something is very wrong if this happens
}
fmt.Fprintf(&buf, "run-command usermod -p %s cumulus\n", cryptPW)
if f == topology.FunctionOOBSwitch {
writeExtraMgmtSwitchCommands(&buf, d)
}
return buf.Bytes()
}
......@@ -73,3 +86,22 @@ func commandsForFunction(d *device) []byte {
return buf.Bytes()
}
func writeExtraMgmtSwitchCommands(w io.Writer, d *device) {
var bridgePorts []string
for _, intf := range d.interfaces {
if intf.name == "eth0" {
// skip mgmt interface
continue
}
bridgePorts = append(bridgePorts, intf.name)
}
bridgeConf := "auto bridge\niface bridge\n bridge-ports " +
strings.Join(bridgePorts, " ") + "\n"
// From virt-customize(1): […] arguments can be spread across multiple
// lines, by adding a "\" (continuation character) at the of a line […]
io.WriteString(w, "write /etc/network/interfaces.d/bridge.intf:"+
strings.Replace(bridgeConf, "\n", "\\\n", -1)+"\n")
}
......@@ -3,6 +3,8 @@ package libvirt
import (
"bytes"
"context"
"crypto/rand"
"encoding/base64"
"encoding/binary"
"fmt"
"io"
......@@ -24,6 +26,17 @@ func (eofReader) Read([]byte) (int, error) {
return 0, io.EOF
}
// RandomString generates a printable random string of length n using a
// cryptographically-secure RNG.
func randomString(n int) string {
scratch := make([]byte, (n+3)/4*3)
if _, err := rand.Read(scratch); err != nil {
panic(err)
}
return base64.URLEncoding.EncodeToString(scratch)[:n]
}
// ValidateDomainXML validates the provided XML against the libvirt domain
// schema.
func validateDomainXML(xmlBytes []byte) (err error) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment