X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=blobdiff_plain;f=vm_host;h=c42fc1c8f2e553fd5b1ae4e463027077f75dd64f;hp=0a2649df81f18bacf80193912d3107ce847b4ac7;hb=a0db32961c20b1a9a404d28a8ba4932808f386af;hpb=5020fb59510a981bd021e5d34fee268d26eb40a0 diff --git a/vm_host b/vm_host index 0a2649d..c42fc1c 100755 --- a/vm_host +++ b/vm_host @@ -4,37 +4,47 @@ tool=${0%/*} . "$tool"/lib/functions.sh . "$tool"/etc/vm.sh -rule_help () { +rule_help () { # SYNTAX: [--hidden] + local hidden; [ ${1:+set} ] || hidden=set cat >&2 <<-EOF - DESCRIPTION: ce script regroupe des fonctions utilitaires - pour gérer la VM _depuis_ son hôte ; - il sert à la fois d'outil et de documentation. - Voir \`$tool/vm_hosted' pour les utilitaires côté VM hébergée. + DESCRIPTION: + ce script regroupe des règles pour administrer la VM ($vm_fqdn) + _depuis_ son hôte ($vm_host) ; + il sert à la fois d'outil (aisément bidouillable) + et de documentation (préçise). + Voir \`$tool/vm_hosted' pour les règles côté VM hébergée. SYNTAX: $0 \$RULE \${RULE}_SYNTAX RULES: - $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$tool"/vm.sh "$0") + $(sed -ne "s/^rule_\(${hidden:+[^_]}[^ ]*\) () {\( *#.*\|\)/ \1\2/p" "$tool"/etc/vm.sh "$0") ENVIRONMENT: TRACE # affiche les commandes avant leur exécution - $(sed -ne 's/^readonly \([^ ][^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/vm.sh "$0") + $(sed -ne 's/^readonly \([^ ][^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/etc/vm.sh "$0") EOF } readonly vm_dev_disk=/dev/mapper/domU-$(printf %s "$vm_fqdn-disk" | sed -e 's/-/--/g') readonly vm_dev_disk_boot="${vm_dev_disk}1" +rule_git_config () { + ( + cd "$tool" + git config --replace branch.master.remote . + git config --replace branch.master.merge refs/remotes/master + ) + } rule_git_reset () { ( cd "$tool" - #git checkout -f -B master origin + #git checkout -f -B master remotes/master # NOTE: pas de -B sous squeeze git checkout HEAD'^' && - git branch -f master origin && + git branch -f master remotes/master && git checkout master git clean -f -d -x ) } -rule_vm_init () { +rule_vm_configure () { mk_reg mod=644 own=root:root /etc/xen/$vm_fqdn.cfg <<-EOF # -*- mode: python; -*- # DOC: http://wiki.xen.org/wiki/Xen_Linux_PV_on_HVM_drivers @@ -78,9 +88,10 @@ rule_vm_init () { rule_vm_start () { test ! -e /dev/domU/$vm_fqdn-disk1 sudo xm create $vm_fqdn.cfg - rule_vm_attach + rule vm_attach } rule_vm_attach () { + assert '! pgrep -f "sudo xm console $vm_fqdn"' cat <<-EOF NOTE: Ctrl-] pour se détacher de la console EOF @@ -98,15 +109,15 @@ rule_disk_mount () { # DESCRIPTION: montage du disque de la VM depuis l'hôte #sudo xm block-attach 0 phy:/dev/domU/$vm_fqdn-disk $vm_dev_disk w } rule_disk_umount () { # DESCRIPTION: démontage du disque de la VM depuis l'hôte - rule_part_boot_umount + rule part_boot_umount case $vm_use_lvm in (yes) - rule_part_lvm_umount + rule part_lvm_umount ;; (no) - rule_part_root_umount - rule_part_var_umount - rule_part_home_umount + rule part_root_umount + rule part_var_umount + rule part_home_umount ;; (*) exit 1;; esac @@ -171,7 +182,7 @@ rule_disk_format () { # DESCRIPTION: partitionnage du disque de la VM } rule_part_lvm_format () { - rule_part_lvm_umount + rule part_lvm_umount ! sudo vgs | grep -q "^ $vm_lvm_vg " || sudo vgremove $vm_lvm_vg sudo pvcreate --dataalignment 512k $vm_lvm_pv @@ -180,7 +191,7 @@ rule_part_lvm_format () { sudo lvcreate --contiguous y -n ${vm_lvm_lv}_root -L 15G $vm_lvm_vg sudo lvcreate --contiguous y -n ${vm_lvm_lv}_var -L 5G $vm_lvm_vg sudo lvcreate --contiguous y -n ${vm_lvm_lv}_home -l 99%FREE $vm_lvm_vg - rule_part_lvm_umount + rule part_lvm_umount } rule_part_lvm_mount () { case $vm_use_lvm in @@ -193,9 +204,9 @@ rule_part_lvm_mount () { rule_part_lvm_umount () { case $vm_use_lvm in (yes) - rule_part_root_umount - rule_part_var_umount - rule_part_home_umount + rule part_root_umount + rule part_var_umount + rule part_home_umount ! sudo vgs | grep -q "^ $vm_lvm_vg " || sudo vgchange -a n $vm_lvm_vg ;; @@ -204,33 +215,33 @@ rule_part_lvm_umount () { } rule_part_randomize () { # SYNTAX: $part # NOTE: à anticiper - local part=$1 + local part="$1" eval "sudo dd if=/dev/urandom of=\$vm_dev_disk_$part" } -rule_part_randomize_stat () { # SYNTAX: $part # DESCRIPTION: fait afficher la progression de rule_part_clean - local part=$1 +rule_part_randomize_stat () { # SYNTAX: $part # DESCRIPTION: fait afficher la progression de rule_part_randomize + local part="$1" eval "pkill -USR1 -f \"^dd if=/dev/urandom of=\$vm_dev_disk_$part\"" } rule__part_encrypted_format () { # SYNTAX: $part # DESCRIPTION: formatage d'une partition distincte de / # NOTE: la clef de chiffrement est dérivée de celle de /, # / doit être déchiffrée pour que cela fonctionne. - local part=$1 - eval "local dev=\$vm_dev_disk_$part" + local part="$1" + eval "local dev=\"\$vm_dev_disk_$part\"" test ! -e /dev/mapper/${vm_lvm_lv}_root_deciphered || sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${vm_lvm_lv}_root_deciphered | cryptsetup luksFormat --hash=sha512 --key-size=512 \ --cipher=aes-xts-essiv:sha256 --key-file=- --align-payload=8 $dev" } rule__part_encrypted_mount () { # SYNTAX: $part - local part=$1 - eval "local dev=\$vm_dev_disk_$part" + local part="$1" + eval "local dev=\"\$vm_dev_disk_$part\"" test -e /dev/mapper/${vm_lvm_lv}_${part}_deciphered || sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${vm_lvm_lv}_root_deciphered | cryptsetup luksOpen --key-file=- $dev ${vm_lvm_lv}_${part}_deciphered" } rule__part_encrypted_umount () { # SYNTAX: $part - local part=$1 - eval "local dev=\$vm_dev_disk_$part" + local part="$1" + eval "local dev=\"\$vm_dev_disk_$part\"" test ! -e /dev/mapper/${vm_lvm_lv}_${part}_deciphered || sudo cryptsetup luksClose ${vm_lvm_lv}_${part}_deciphered } @@ -276,11 +287,11 @@ rule_part_root_backup_luks () { sudo cryptsetup luksHeaderBackup $vm_dev_disk_root --header-backup-file ./root.luks } rule_part_swap_format () { - rule__part_encrypted_format swap - rule__part_encrypted_mount swap + rule _part_encrypted_format swap + rule _part_encrypted_mount swap sudo mkswap -f -L ${vm_lvm_lv}_swap \ /dev/mapper/${vm_lvm_lv}_swap_deciphered - rule__part_encrypted_umount swap + rule _part_encrypted_umount swap } rule_part_boot_format () { mount | grep -q "^$vm_dev_disk_boot " || @@ -299,51 +310,51 @@ rule_part_boot_umount () { sudo umount -v /mnt/$vm_fqdn/boot } rule_part_var_format () { - rule__part_encrypted_format var - rule__part_encrypted_mount var + rule _part_encrypted_format var + rule _part_encrypted_mount var sudo mke2fs -t ext4 -c -c -m 5 -T ext4 -b $vm_e2fs_block_size \ -E resize=10G${vm_e2fs_extended_options} \ -L ${vm_lvm_lv}_var \ /dev/mapper/${vm_lvm_lv}_var_deciphered - rule__part_encrypted_umount var + rule _part_encrypted_umount var } rule_part_var_mount () { - rule__part_encrypted_mount var + rule _part_encrypted_mount var mountpoint -q /mnt/$vm_fqdn/var || sudo mount -v -t ext4 /dev/mapper/${vm_lvm_lv}_var_deciphered /mnt/$vm_fqdn/var } rule_part_var_umount () { ! mountpoint -q /mnt/$vm_fqdn/var || sudo umount -v /mnt/$vm_fqdn/var - rule__part_encrypted_umount var + rule _part_encrypted_umount var } rule_part_home_format () { - rule__part_encrypted_format home - rule__part_encrypted_mount home + rule _part_encrypted_format home + rule _part_encrypted_mount home sudo mke2fs -t ext4 -c -c -m 0 -T ext4 -b $vm_e2fs_block_size \ -E resize=400G${vm_e2fs_extended_options} \ -L ${vm_lvm_lv}_home \ /dev/mapper/${vm_lvm_lv}_home_deciphered # NOTE: -O quota pas supporté par e2fsprogs/squeeze - rule__part_encrypted_umount home + rule _part_encrypted_umount home } rule_part_home_mount () { - rule__part_encrypted_mount home + rule _part_encrypted_mount home mountpoint -q /mnt/$vm_fqdn/home || sudo mount -v -t ext4 /dev/mapper/${vm_lvm_lv}_home_deciphered /mnt/$vm_fqdn/home } rule_part_home_umount () { ! mountpoint -q /mnt/$vm_fqdn/home || sudo umount -v /mnt/$vm_fqdn/home - rule__part_encrypted_umount home + rule _part_encrypted_umount home } rule_debian_install () { - rule_disk_mount - rule_part_lvm_mount - rule_part_root_mount - rule_part_boot_mount - rule_part_var_mount + rule disk_mount + rule part_lvm_mount + rule part_root_mount + rule part_boot_mount + rule part_var_mount sudo DEBOOTSTRAP_DIR=/usr/share/debootstrap/ LANG=C LC_CTYPE=C debootstrap \ --arch=$vm_arch --verbose --keyring=/usr/share/keyrings/debian-archive-keyring.gpg \ --exclude=vim-tiny \ @@ -388,17 +399,17 @@ rule_debian_install () { ) \ $vm_lsb_name /mnt/$vm_fqdn/ \ http://ftp.fr.debian.org/debian/ - rule_part_var_umount - rule_part_boot_umount - rule_part_root_umount + rule part_var_umount + rule part_boot_umount + rule part_root_umount } rule_chroot () { - rule_disk_mount - rule_part_lvm_mount - rule_part_root_mount - rule_part_boot_mount - rule_part_var_mount + rule disk_mount + rule part_lvm_mount + rule part_root_mount + rule part_boot_mount + rule part_var_mount #rule_part_home_mount mountpoint -q /mnt/$vm_fqdn/proc || sudo mount -t proc proc /mnt/$vm_fqdn/proc @@ -414,7 +425,7 @@ rule_chroot () { rsync -a "$tool"/ /mnt/$vm_fqdn/root/tool/vm fi sudo chroot /mnt/$vm_fqdn /bin/bash || true - rule__chroot_clean + rule _chroot_clean } rule__chroot_clean () { ! sudo mountpoint -q /mnt/$vm_fqdn/root/tool/vm || @@ -425,11 +436,11 @@ rule__chroot_clean () { sudo umount -v /mnt/$vm_fqdn/sys ! mountpoint -q /mnt/$vm_fqdn/proc || sudo umount -v /mnt/$vm_fqdn/proc - rule_part_home_umount - rule_part_var_umount - rule_part_boot_umount - rule_part_root_umount - rule_disk_umount + rule part_home_umount + rule part_var_umount + rule part_boot_umount + rule part_root_umount + rule disk_umount } rule=${1:-help} @@ -437,9 +448,7 @@ ${1+shift} case $rule in (help);; (*) - test "$(hostname --fqdn)" = "$vm_host" || - error 1 "mauvaise machine" - ${TRACE:+set -x} + assert 'test "$(hostname --fqdn)" = "$vm_host"' vm_host ;; esac -rule_$rule "$@" +rule $rule "$@"