X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=blobdiff_plain;f=vm_host;h=7c521e4da426f1cc94f8744d59f442d70d90adf1;hp=f5c6eaff7f97e30a5ca2ab2558165d7418c1b717;hb=08bfdef225ec9d8d83a6658d64d462404be011a3;hpb=59f4204d561b533f725bbc714604c9ca91c037fa diff --git a/vm_host b/vm_host index f5c6eaf..7c521e4 100755 --- a/vm_host +++ b/vm_host @@ -1,18 +1,21 @@ #!/bin/sh set -e -f ${DRY_RUN:+-n} -u tool=${0%/*} -. "$tool"/lib/functions.sh +. "$tool"/lib/rule.sh . "$tool"/etc/vm.sh -rule_help () { +rule_help () { # SYNTAX: [--hidden] + local hidden; [ ${1:+set} ] || hidden=set cat >&2 <<-EOF - DESCRIPTION: ce script regroupe des fonctions utilitaires - pour gérer la VM _depuis_ son hôte ; - il sert à la fois d'outil et de documentation. - Voir \`$tool/vm_hosted' pour les utilitaires côté VM hébergée. + DESCRIPTION: + ce script regroupe des règles pour administrer la VM ($vm_fqdn) + _depuis_ son hôte ($vm_host) ; + il sert à la fois d'outil (aisément bidouillable) + et de documentation (préçise). + Voir \`$tool/vm_hosted' pour les règles côté VM hébergée. SYNTAX: $0 \$RULE \${RULE}_SYNTAX RULES: - $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$tool"/etc/vm.sh "$0") + $(sed -ne "s/^rule_\(${hidden:+[^_]}[^ ]*\) () {\( *#.*\|\)/ \1\2/p" "$tool"/etc/vm.sh "$0") ENVIRONMENT: TRACE # affiche les commandes avant leur exécution $(sed -ne 's/^readonly \([^ ][^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/etc/vm.sh "$0") @@ -22,20 +25,27 @@ rule_help () { readonly vm_dev_disk=/dev/mapper/domU-$(printf %s "$vm_fqdn-disk" | sed -e 's/-/--/g') readonly vm_dev_disk_boot="${vm_dev_disk}1" +rule_git_config () { + ( + cd "$tool" + git config --replace branch.master.remote . + git config --replace branch.master.merge refs/remotes/master + ) + } rule_git_reset () { ( cd "$tool" - #git checkout -f -B master origin + #git checkout -f -B master remotes/master # NOTE: pas de -B sous squeeze git checkout HEAD'^' && - git branch -f master origin && + git branch -f master remotes/master && git checkout master git clean -f -d -x ) } -rule_vm_init () { - mk_reg mod=644 own=root:root /etc/xen/$vm_fqdn.cfg <<-EOF +rule_vm_configure () { + sudo install -m 644 -u root -g root /dev/stdin /etc/xen/$vm_fqdn.cfg <<-EOF # -*- mode: python; -*- # DOC: http://wiki.xen.org/wiki/Xen_Linux_PV_on_HVM_drivers import os, re @@ -81,9 +91,8 @@ rule_vm_start () { rule vm_attach } rule_vm_attach () { - cat <<-EOF - NOTE: Ctrl-] pour se détacher de la console - EOF + assert '! pgrep -f "sudo xm console $vm_fqdn"' + info 'Ctrl-] pour se détacher de la console' sudo xm console $vm_fqdn } rule_vm_stop () { @@ -204,33 +213,33 @@ rule_part_lvm_umount () { } rule_part_randomize () { # SYNTAX: $part # NOTE: à anticiper - local part=$1 + local part="$1" eval "sudo dd if=/dev/urandom of=\$vm_dev_disk_$part" } -rule_part_randomize_stat () { # SYNTAX: $part # DESCRIPTION: fait afficher la progression de rule_part_clean - local part=$1 +rule_part_randomize_stat () { # SYNTAX: $part # DESCRIPTION: fait afficher la progression de rule_part_randomize + local part="$1" eval "pkill -USR1 -f \"^dd if=/dev/urandom of=\$vm_dev_disk_$part\"" } rule__part_encrypted_format () { # SYNTAX: $part # DESCRIPTION: formatage d'une partition distincte de / # NOTE: la clef de chiffrement est dérivée de celle de /, # / doit être déchiffrée pour que cela fonctionne. - local part=$1 - eval "local dev=\$vm_dev_disk_$part" + local part="$1" + eval "local dev=\"\$vm_dev_disk_$part\"" test ! -e /dev/mapper/${vm_lvm_lv}_root_deciphered || sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${vm_lvm_lv}_root_deciphered | cryptsetup luksFormat --hash=sha512 --key-size=512 \ --cipher=aes-xts-essiv:sha256 --key-file=- --align-payload=8 $dev" } rule__part_encrypted_mount () { # SYNTAX: $part - local part=$1 - eval "local dev=\$vm_dev_disk_$part" + local part="$1" + eval "local dev=\"\$vm_dev_disk_$part\"" test -e /dev/mapper/${vm_lvm_lv}_${part}_deciphered || sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${vm_lvm_lv}_root_deciphered | cryptsetup luksOpen --key-file=- $dev ${vm_lvm_lv}_${part}_deciphered" } rule__part_encrypted_umount () { # SYNTAX: $part - local part=$1 - eval "local dev=\$vm_dev_disk_$part" + local part="$1" + eval "local dev=\"\$vm_dev_disk_$part\"" test ! -e /dev/mapper/${vm_lvm_lv}_${part}_deciphered || sudo cryptsetup luksClose ${vm_lvm_lv}_${part}_deciphered } @@ -272,9 +281,6 @@ rule_part_root_umount () { ! test -e /dev/mapper/${vm_lvm_lv}_root_deciphered || sudo cryptsetup luksClose ${vm_lvm_lv}_root_deciphered } -rule_part_root_backup_luks () { - sudo cryptsetup luksHeaderBackup $vm_dev_disk_root --header-backup-file ./root.luks - } rule_part_swap_format () { rule _part_encrypted_format swap rule _part_encrypted_mount swap @@ -438,7 +444,6 @@ case $rule in (help);; (*) assert 'test "$(hostname --fqdn)" = "$vm_host"' vm_host - ${TRACE:+set -x} ;; esac rule $rule "$@"