#!/bin/bash # -------------------------------------------------------------------------- # # Copyright 2002-2020, OpenNebula Project, OpenNebula Systems # # # # Licensed under the Apache License, Version 2.0 (the "License"); you may # # not use this file except in compliance with the License. You may obtain # # a copy of the License at # # # # http://www.apache.org/licenses/LICENSE-2.0 # # # # Unless required by applicable law or agreed to in writing, software # # distributed under the License is distributed on an "AS IS" BASIS, # # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # # See the License for the specific language governing permissions and # # limitations under the License. # #--------------------------------------------------------------------------- # # default parameters values VERSION='5.12' FORCE='no' VERBOSE='no' ASK='yes' PASSWORD=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c10) SSH_PUBKEY="" BRIDGE_INTERFACE='minionebr' NAT_INTERFACE='' VNET_ADDRESS='172.16.100.0' VNET_NETMASK='255.255.255.0' VNET_GATEWAY='172.16.100.1' VNET_AR_IP_START='172.16.100.2' VNET_AR_IP_COUNT='100' MARKET_APP_NAME='CentOS 7' VM_PASSWORD='opennebula' LXD='no' FRC='no' FRC_MARKET_APP_NAME="alpine" FRC_KERNEL_NAME="Kernel 5.4 x86_64 - Firecracker" SUNSTONE_PORT='80' NODE='yes' FRONTEND='yes' NETWORKING='yes' DELETE_ONEADMIN='yes' EDGE="no" EDGE_MARKET_APP_NAME="Service WordPress - KVM" EDGE_DEFAULT_APP='yes' EDGE_PACKET_FACILITY="ams1" EDGE_PACKET_PLAN="t1.small" EDGE_HOST_NUM="1" EDGE_PACKET_OS="ubuntu_18_04" e() { SPACE_NUM=$(( 35+${#2}-${#1} )) printf "%s %${SPACE_NUM}s\n" "$1" "$2" } usage() { e "-h --help" "List of supported arguments" e "-v --verbose" "Be verbose" e "-f --force" "Skip non-fatal validation errors" e "--yes" "Don't ask" e "" e "--version [$VERSION]" "OpenNebula version to install" e "--lxd" "Setup host to run LXD containers" e "--firecracker" "Setup host to run Firecracker micro-VMs" e "--frontend" "Install only frontend, skip node setup," e "" "no networking configuration" e "--node" "Install only node, edge(Packet) only" e "" e "--password [random generated]" "Initial password for oneadmin" e "--ssh-pubkey [~/.ssh/id_rsa.pub]" "User ssh public key" e "--vm-password [${VM_PASSWORD}]" "Root password for virtual machine" e "--sunstone-port [${SUNSTONE_PORT}]" "Setup sunstone port" e "--marketapp-name [${MARKET_APP_NAME}]" "Name of Marketplace appliance to import" e "--fc-marketapp-name [${FRC_MARKET_APP_NAME}]" "Dockerhub image for Firecracker" e "--fc-kernel-name [${FRC_KERNEL_NAME}]" "Market app kernel name for Firecracker" e "" e "--bridge-interface [${BRIDGE_INTERFACE}]" "Bridge interface for private networking" e "--nat-interface [first net device]" "Interface to configure for NAT" e "--vnet-address [${VNET_ADDRESS}]" "Virtual Network address" e "--vnet-netmask [${VNET_NETMASK}]" "Virtual Network netmask" e "--vnet-gateway [${VNET_GATEWAY}]" "Virtual Network gateway (i.e. bridge IP)" e "--vnet-ar-ip-start [${VNET_AR_IP_START}]" "Virtual Network AR start IP" e "--vnet-ar-ip-count [100]" "Virtual Network AR size" e "" e "--edge [packet]" "Edge provider" e "--edge-packet-token []" "Packet token (required with '--edge packet')" e "--edge-packet-project []" "Packet project (required with '--edge packet')" e "--edge-host-num [$EDGE_HOST_NUM]" "Number of edge hosts" e "--edge-packet-facility [$EDGE_PACKET_FACILITY]" "Packet facility" e "--edge-packet-plan [$EDGE_PACKET_PLAN]" "Packet plan" e "--edge-packet-os [$EDGE_PACKET_OS]" "Packet OS" e "--edge-marketapp-name [$EDGE_MARKET_APP_NAME]" e "" "Market app name for Packet" e "" e "--purge" "Only uninstall and exit" e "--preserve-user" "Dont't delete oneadmin user when purge" } #------------------------------------------------------------------------------- # COMMAND LINE PARSING #------------------------------------------------------------------------------- PARAMETERS=$(cat </dev/null) LIBVIRTD='libvirtd' ONE_WAIT_TIMEOUT=60 IMAGE_WAIT_TIMEOUT=300 STAR_NET='' ONE_SERVICES='opennebula opennebula-sunstone opennebula-flow opennebula-gate' FRC_KERNEL_PARAMS="console=ttyS0 reboot=k panic=1 pci=off i8042.noaux i8042.nomux i8042.nopnp i8042.dumbkbd" PACKET_TEMPLATE='' PACKET_LAST_ID='' PLAYBOOK='default' HYPERVISOR='kvm' AUGEAS_PKG='augeas-tools' PIP='pip' PYTHON_PIP='python-pip' VM_TEMPLATE_ID='' REPO_BASE='' while true ; do case "$1" in -v|--verbose) VERBOSE="yes"; shift;; -f|--force) FORCE="yes"; shift;; --help) usage; exit 0;; --yes) ASK="no"; shift;; --frontend) FRONTEND='yes'; NODE="no"; NETWORKING="no"; shift;; --node) FRONTEND="no"; NODE="yes"; shift;; --version) VERSION="$2" ; shift 2;; --ssh-pubkey) SSH_PUBKEY="$2" ; shift 2;; --password) PASSWORD="$2" ; shift 2;; --bridge-interface) BRIDGE_INTERFACE="$2" ; shift 2;; --nat-interface) NAT_INTERFACE="$2" ; shift 2;; --vnet-address) VNET_ADDRESS="$2" ; shift 2;; --vnet-netmask) VNET_NETMASK="$2" ; shift 2;; --vnet-gateway) VNET_GATEWAY="$2" ; shift 2;; --vnet-ar-ip-start) VNET_AR_IP_START="$2" ; shift 2;; --vnet-ar-ip-count) VNET_AR_IP_COUNT="$2" ; shift 2;; --marketapp-name) MARKET_APP_NAME="$2" ; shift 2;; --fc-marketapp-name) FRC_MARKET_APP_NAME="$2" ; shift 2;; --fc-kernel-name) FRC_KERNEL_NAME="$2" ; shift 2;; --vm-password) VM_PASSWORD="$2" ; shift 2;; --lxd) LXD="yes"; shift;; --firecracker) FRC="yes"; shift;; --sunstone-port) SUNSTONE_PORT="$2"; shift 2;; --purge) PURGE="yes"; shift;; --preserve-user) DELETE_ONEADMIN="no"; shift;; --edge) EDGE="$2"; NETWORKING="no"; shift 2;; --edge-host-num) EDGE_HOST_NUM="$2"; shift 2;; --edge-marketapp-name) EDGE_MARKET_APP_NAME="$2"; EDGE_DEFAULT_APP='no'; shift 2;; --edge-packet-token) EDGE_PACKET_TOKEN="$2"; shift 2;; --edge-packet-project) EDGE_PACKET_PROJECT="$2"; shift 2;; --edge-packet-facility) EDGE_PACKET_FACILITY="$2"; shift 2;; --edge-packet-plan) EDGE_PACKET_PLAN="$2"; shift 2;; --edge-packet-os) EDGE_PACKET_OS="$2"; shift 2;; --repo-base) REPO_BASE="$2"; shift 2;; --) shift ; break ;; *) usage; exit 1 ;; esac done # Don't ask if there is no TTY on stdin [[ ! -t 0 ]] && ASK='no' # 172.16.0.0 ~> 172.16.*.*, but 10.0.1.0~> 10.0.1.* STAR_NET=${VNET_ADDRESS} for I in 1 2 3 4; do # shellcheck disable=SC2001 STAR_NET=$(echo "${STAR_NET}" |sed -e 's/\(.*\)\.0\([0\.\*]*\)$/\1.*\2/') done #------------------------------------------------------------------------------- # Options validation #------------------------------------------------------------------------------- if [[ $EDGE != no && $EDGE != packet ]]; then echo 'Only "packet" type of edge installation is supported' exit 1 fi if [[ $EDGE = packet ]]; then EXIT=0 [[ -z "$EDGE_PACKET_TOKEN" ]] && { echo "--edge-packet-token required"; EXIT=1; } [[ -z "$EDGE_PACKET_PROJECT" ]] && { echo "--edge-packet-project required"; EXIT=1; } [[ ! "$VERSION" =~ 5.10|5.12 ]] && { echo "Edge deployment only for 5.10 or 5.12"; EXIT=1; } [[ $EXIT != 0 ]] && exit $EXIT MARKET_APP_NAME="$EDGE_MARKET_APP_NAME" fi if [[ $NODE = yes && $FRONTEND = no ]]; then [[ $EDGE = "no" ]] && { echo "--node only valid with --edge packet"; exit 1; } fi if [[ $FRC == yes ]]; then [[ ! "$VERSION" =~ 5.11|5.12 ]] && { echo "Firecracker only available for 5.11 or 5.12"; exit 1; } PLAYBOOK="default_firecracker" HYPERVISOR="firecracker" MARKET_APP_NAME="$FRC_MARKET_APP_NAME" fi if [[ $LXD == yes ]]; then PLAYBOOK="default_lxd" HYPERVISOR="lxd" fi if [[ -z "$REPO_BASE" ]]; then REPO_BASE="$REPO_URL"/"$VERSION" fi #------------------------------------------------------------------------------- # Helpers and detection functions #------------------------------------------------------------------------------- title() { echo "" echo "### $*" } interface_exists() { local DEV=$1 ip link show dev "$DEV" >/dev/null } get_interface_name() { DEV=$(ip route | grep default | head -1 | awk '{print $5}' 2>/dev/null) if [[ -z "${DEV}" ]]; then DEV=$(ip addr|grep '^[0-9]'|awk -F": " '{print $2}'|head -2|tail -1 2>/dev/null) fi echo "$DEV" } get_my_ip() { DEV=$(get_interface_name) IP=$(ip addr show dev "${DEV}" | grep inet | head -1 | awk '{print $2}') echo "${IP//\/[0-9]*/}" } get_distname_and_version() { local DIST local VER if type -t lsb_release >/dev/null; then DIST=$(lsb_release -si 2>/dev/null) VER=$(lsb_release -sr 2>/dev/null) elif [ -f /etc/redhat-release ]; then DIST=$(cut -d ' ' -f1 < /etc/redhat-release) VER=$(sed -e 's/[^0-9\.]*//g' < /etc/redhat-release) elif [ -f /etc/os-release ]; then DIST=$(grep ^NAME= /etc/os-release | cut -d\" -f2) DIST=${DIST% Linux} VER=$(grep ^VERSION_ID= /etc/os-release | cut -d\" -f2) elif [ -f /etc/lsb-release ]; then DIST=$(grep ^DISTRIB_ID= /etc/lsb-release | cut -d= -f2) VER=$(grep ^DISTRIB_RELEASE= /etc/lsb-release | cut -d= -f2) elif [ -f /etc/debian_version ]; then DIST='Debian' VER=$(cat /etc/debian_version) elif [ -f /etc/SuSe-release ]; then DIST='SuSe' fi [[ "${DIST}" =~ CentOS|RedHat ]] && VER=$(echo "$VER" | cut -c1) [[ "${DIST}" =~ Debian ]] && VER=$(echo "$VER" | cut -d. -f1) echo "${DIST} ${VER}" } get_first_ssh_key() { shopt -s nullglob for K in "$HOME"/.ssh/*.pub; do echo "$K" return 0 done shopt -u nullglob return 1 } mask2cidr() { local X=${1##*255.} set -- 0^^^128^192^224^240^248^252^254^ $(( (${#1} - ${#X})*2 )) "${X%%.*}" X=${1%%$3*} echo $(( $2 + (${#X}/4) )) } yes_no() { read -r ANS while [[ "${ANS}" != yes && "${ANS}" != no ]]; do echo 'yes or no?' read -r ANS done [[ $ANS = no ]] && exit 0 } red() { echo -e "\e[31m${1}\e[0m"; } green() { echo -e "\e[32m${1}\e[0m"; } orange() { echo -e "\e[33m${1}\e[0m"; } check() { local COMMAND=$1 local TEXT=$2 local TRIES=${3:-1} local ON_FAIL=$4 local HINT=$5 local STDERR_TMP_FILE local STDOUT_TMP_FILE local RC=1 STDERR_TMP_FILE=$(mktemp) STDOUT_TMP_FILE=$(mktemp) [[ ${VERBOSE} = 'yes' ]] && echo -ne "${TEXT} " I=1 while [[ $I -le $TRIES && $RC -gt 0 ]]; do eval "${COMMAND}" 2>"${STDERR_TMP_FILE}" >"${STDOUT_TMP_FILE}" RC=$? if [ $RC -gt 0 ]; then [[ "$ON_FAIL" = "" && $TRIES -gt 1 ]] && echo -ne "retry $I " sleep 1 fi I=$((I + 1)) done STDERR=$(cat "$STDERR_TMP_FILE") STDOUT=$(cat "$STDOUT_TMP_FILE") unlink "${STDERR_TMP_FILE}" unlink "${STDOUT_TMP_FILE}" if [[ ${RC} = '0' ]]; then [[ ${VERBOSE} = 'yes' ]] && green "OK" return ${RC} else [[ ${VERBOSE} = 'no' ]] && echo -ne "${TEXT} " if [[ "$ON_FAIL" =~ "SKIP" ]]; then orange "${ON_FAIL}" return ${RC} elif [[ ${FORCE} = 'no' && -n "${ON_FAIL}" ]]; then red "FAILED" if [[ -n "${HINT}" ]]; then echo "${HINT}" else echo 'Consider running with "--force" to override' fi exit 1 elif [[ ${FORCE} = 'yes' && "${ON_FAIL}" =~ "IGNORE" ]]; then orange "${ON_FAIL}" return ${RC} else red "FAILED" if [[ -n "${ON_FAIL}" && ! "${ON_FAIL}" =~ "IGNORE" ]]; then echo "${ON_FAIL}" fi echo "${STDOUT}" if [[ -n "${STDERR}" ]]; then echo "--- STDERR ---" echo "${STDERR}" echo "--------------" fi exit 1 fi fi } run_and_print_if_failed() { eval "$@" >/dev/null local RC=$? local MSG=$* [ ! $RC -eq 0 ] && echo "$MSG" return $RC } centos() { [[ "$DISTNAME" =~ CentOS|RedHat ]] } redhat() { [[ "$DISTNAME" =~ RedHat ]] } debian() { [[ "$DISTNAME" =~ Ubuntu|Debian ]] } firewalld_running() { systemctl -q is-active firewalld } netplan_on() { [ ! -s /run/network/ifstate ] && type -t netplan >/dev/null } kvm() { [[ $NODE == yes && $LXD == no && $EDGE == no && $FRC == no ]] } packet() { [[ $EDGE == packet ]] } lxd() { [[ $NODE == yes && $LXD == yes ]] } frc() { [[ $NODE == yes && $FRC == yes ]] } frontend() { [[ $FRONTEND == yes ]] } node() { [[ $NODE == yes ]] } networking() { [[ $NETWORKING == yes ]] } supported_dist_ver() { local DIST_VER_MATCH=$1 if [[ ! "${DISTNAME}${DISTVER} ${VERSION}" =~ $DIST_VER_MATCH ]]; then echo "\"${DISTNAME}${DISTVER} ${VERSION}\" not in ${DIST_VER_MATCH:2:-2}" >&2 return 2 fi } repo_exists() { if [[ ! "$DISTNAME" =~ CentOS|Ubuntu|Debian ]]; then echo "Currently only CentOS, Ubuntu or Debian are supported" >&2 return 1 else URL="${REPO_BASE}/${DISTNAME}/${DISTVER}" if type -t curl >/dev/null; then run_and_print_if_failed "curl -f -s -S $URL" elif type -t wget >/dev/null; then wget "$URL" else echo "Missing curl/wget to check repository" >&2 return 2 fi fi } disk_free() { local LIMIT=$1 local WHERE=$2 read -r AVAIL TARGET <<<"$(df -BG --output=avail,target "$WHERE" | tail -1)" AVAIL=${AVAIL%G} if [[ "${AVAIL}" -lt "${LIMIT}" ]]; then echo "Insufficient disk space, expected at least ${LIMIT}G on" \ "\"${TARGET}\" filesystem" return 1 fi } #------------------------------------------------------------------------------- # Install functions #------------------------------------------------------------------------------- disable_selinux() { setenforce 0 >/dev/null || return 1 sed -ie 's/^SELINUX=.*$/SELINUX=disabled/' /etc/sysconfig/selinux >/dev/null 2>&1 } modify_apparmor() { if ! grep '/var/lib/one/datastores' /etc/apparmor.d/abstractions/libvirt-qemu >/dev/null 2>&1; then echo ' /var/lib/one/datastores/** rwk,' >> /etc/apparmor.d/abstractions/libvirt-qemu systemctl reload apparmor else if [[ "$1" = 'purge' ]]; then sed -i '/\/var\/lib\/one\/datastores/d' /etc/apparmor.d/abstractions/libvirt-qemu > /dev/null 2>&1 fi fi } install() { if centos; then run_and_print_if_failed "yum -y install $*" elif debian; then export DEBIAN_FRONTEND=noninteractive run_and_print_if_failed "apt-get -q -y install $*" RC=$? unset DEBIAN_FRONTEND return $RC fi } create_bridge() { if centos; then if [[ $1 = purge ]]; then rm -f /etc/sysconfig/network-scripts/ifcfg-minionebr ip link set down dev "${BRIDGE_INTERFACE}" || true ip link del "${BRIDGE_INTERFACE}" || true else cat > /etc/sysconfig/network-scripts/ifcfg-minionebr<< EOF DEVICE=${BRIDGE_INTERFACE} TYPE=Bridge IPADDR=${VNET_GATEWAY} NETMASK=${VNET_NETMASK} ONBOOT=yes BOOTPROTO=none IPV6INIT=NO IPV6_AUTOCONF=no NM_CONTROLLED=no EOF fi elif debian; then if netplan_on; then if [[ $1 = purge ]]; then rm -f /etc/systemd/network/minionebr-nic.netdev rm -f /etc/netplan/minione.yaml ip link delete minionebr-nic || true ip link set down dev "${BRIDGE_INTERFACE}" || true ip link del "${BRIDGE_INTERFACE}" || true else cat > /etc/systemd/network/minionebr-nic.netdev<< EOF [NetDev] Name=minionebr-nic Kind=dummy EOF cat > /etc/netplan/minione.yaml<< EOF network: version: 2 renderer: networkd ethernets: minionebr-nic: {} bridges: minionebr: addresses: [ ${VNET_GATEWAY}/${NETMASK_BITS} ] interfaces: [ minionebr-nic ] EOF fi else if [[ $1 = purge ]]; then rm -f /etc/network/interfaces.d/tap.cfg rm -f /etc/network/interfaces.d/minionebr.cfg ip link set down dev "${BRIDGE_INTERFACE}" || true ip link del "${BRIDGE_INTERFACE}" || true else ip link add name "${BRIDGE_INTERFACE}" type bridge|| return 1 mkdir /etc/network/interfaces.d 2>/dev/null cat > /etc/network/interfaces.d/tap.cfg<< EOF iface tap0 inet auto pre-up ip tuntap add tap0 mode tap user root EOF cat > /etc/network/interfaces.d/minionebr.cfg<< EOF auto minionebr iface minionebr inet static address ${VNET_GATEWAY} network ${VNET_ADDRESS} netmask ${VNET_NETMASK} bridge_stp off bridge_fd 0 bridge_maxwait 0 bridge_ports tap0 EOF # add source for interfaces.d/*.cfg if missing FILE='/etc/network/interfaces' if grep -qE -e "^ *source */etc/network/interfaces.d/\*" \ -e "^ *source-directory /etc/network/interfaces.d" $FILE ; then true # already present else echo 'source /etc/network/interfaces.d/*.cfg' >> $FILE fi fi fi fi } ifup_bridge() { if netplan_on; then netplan apply else debian && ifup tap0 ifup "${BRIDGE_INTERFACE}" fi } disable_invalid_net_cfg() { # This is mainly to hack-around packet vanila Centos images # containig ifcfg- file for non-existing device cd /etc/sysconfig/network-scripts || return 1 ip link >/dev/null || return 1 CHANGED='' for FILE in ifcfg-*; do # skip interfaces disabled "on boot" if grep -q -i '^ONBOOT=["'\'']no' "$FILE"; then continue fi # get interface name from configuration or filename IFACE=$(awk -F= 'toupper($1) ~ /(DEVICE|NAME)/ { gsub("['\''\"]", "", $2); print $2; exit }' "${FILE}") IFACE=${IFACE:-${FILE##ifcfg-}} # if interface does not exist, disable configuration if ! ip link show "${IFACE}" >/dev/null 2>&1; then CHANGED=yes mv "${FILE}" disabled-"${FILE}" fi done if [ -n "${CHANGED}" ] && systemctl is-failed network.service >/dev/null 2>&1; then ifdown ifcfg-* || : systemctl restart network.service || return 1 fi cd - ||: } disable_firewalld() { systemctl stop firewalld >/dev/null && \ systemctl disable firewalld >/dev/null } configure_nat() { ACTION='-A' [[ $1 = 'purge' ]] && ACTION='-D' IPTABLES_COMMAND=$(cat << EOF iptables --table nat $ACTION POSTROUTING \ -s ${VNET_ADDRESS}/${NETMASK_BITS} \ ! -d ${VNET_ADDRESS}/${NETMASK_BITS} -j MASQUERADE EOF ) run_and_print_if_failed "$IPTABLES_COMMAND" } start_dnsmasq() { if [[ $1 = 'purge' ]]; then if [[ -f /etc/dnsmasq.conf.bk ]]; then mv /etc/dnsmasq.conf.bk /etc/dnsmasq.conf else rm -f /etc/dnsmasq.conf systemct stop dnsmasq fi else cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bk 2>/dev/null cat << EOT > /etc/dnsmasq.conf || return 1 interface=${BRIDGE_INTERFACE},lo bind-interfaces EOT systemctl start dnsmasq fi } configure_repos() { if centos; then if [[ $1 = 'purge' ]]; then rm -f /etc/yum.repos.d/opennebula.repo else cat << EOT > /etc/yum.repos.d/opennebula.repo [opennebula] name=opennebula baseurl=${REPO_BASE}/${DISTNAME}/${DISTVER}/x86_64 enabled=1 gpgkey=https://downloads.opennebula.io/repo/repo.key gpgcheck=1 EOT fi elif debian; then if [[ $1 = 'purge' ]]; then rm -f /etc/apt/sources.list.d/opennebula.list else ( wget -q -O- https://downloads.opennebula.io/repo/repo.key | \ apt-key add - >/dev/null ) || return 1 echo "deb ${REPO_BASE}/${DISTNAME}/${DISTVER} stable opennebula" \ > /etc/apt/sources.list.d/opennebula.list || return 1 fi fi } enable_rhel_extra_repos() { subscription-manager repos --enable rhel-7-server-optional-rpms && \ subscription-manager repos --enable rhel-7-server-extras-rpms >/dev/null } enable_epel() { if redhat; then rpm -ivh 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm' elif centos ; then install "epel-release" fi } install_opennebula_pkgs() { if centos; then install "opennebula-server opennebula-sunstone opennebula-ruby "\ "opennebula-gate opennebula-flow" || return 1 elif debian; then install "opennebula opennebula-sunstone opennebula-gate "\ "opennebula-flow" || return 1 fi systemctl daemon-reload } install_opennebula_kvm_pkgs() { if centos; then install opennebula-node-kvm || return 1 if redhat; then subscription-manager repos --enable \ rhel-7-server-rhv-4-mgmt-agent-rpms || return 1 install qemu-kvm-rhev || return 1 else if [[ "${DISTVER}" = 7 ]]; then run_and_print_if_failed \ "yum --quiet -y update centos-release" install centos-release-qemu-ev || return 1 install qemu-kvm-ev || return 1 fi fi elif debian; then install opennebula-node fi } install_opennebula_lxd_pkgs() { install opennebula-node-lxd || return 1 } install_opennebula_frc_pkgs() { install opennebula-node-firecracker || return 1 } uninstall_opennebula_pkgs() { if centos; then yum --quiet -y remove opennebula-node-kvm opennebula-server \ opennebula-sunstone opennebula-ruby opennebula-gate \ opennebula-flow opennebula-common opennebula-rubygems systemctl restart ${LIBVIRTD} || true if redhat; then yum --quiet -y remove qemu-kvm-rhev || true else yum --quiet -y remove qemu-kvm-ev >/dev/null || true fi elif debian; then apt-get purge -q -y opennebula-node opennebula \ opennebula-sunstone opennebula-gate opennebula-flow \ opennebula-common opennebula-rubygems >/dev/null systemctl restart ${LIBVIRTD} || true fi } create_docker_repo() { if centos; then curl -s https://download.docker.com/linux/centos/docker-ce.repo \ -o /etc/yum.repos.d/docker-ce.repo elif debian; then curl -fsSL https://download.docker.com/linux/"${DISTNAME,,}"/gpg | sudo apt-key add add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/${DISTNAME,,} $(lsb_release -cs) stable" fi } install_docker() { if centos; then if [[ ${DISTVER} = "8" ]]; then yum install -y --nobest docker-ce else yum install -y docker-ce fi elif debian; then apt-get -q -y install docker-ce fi } # Initialize some usefull vars NETMASK_BITS=$(mask2cidr "${VNET_NETMASK}") read -r DISTNAME DISTVER <<<"$(get_distname_and_version)" [[ "${DISTNAME}${DISTVER}" =~ Ubuntu16.04|Ubuntu18.04 ]] && LIBVIRTD="libvirt-bin" [[ "${DISTNAME}${DISTVER}" =~ CentOS8|RedHat8|Ubuntu20.04 ]] && PIP="pip3" && PYTHON_PIP="python3-pip" centos && AUGEAS_PKG='augeas' #------------------------------------------------------------------------------- # Uninstall #------------------------------------------------------------------------------- purge() { echo "Really uninstall? [yes/no]:" [[ "${ASK}" = 'yes' ]] && yes_no FORCE='yes' title "Uninstalling" check "systemctl stop opennebula opennebula-sunstone" "Stopping OpenNebula" 1 "SKIP" [[ "${ENABLED_APPARMOR}" = 'yes' ]] && check "modify_apparmor" "Restoring AppArmor" check "uninstall_opennebula_pkgs" "Uninstalling OpenNebula packages" 1 "SKIP" check "start_dnsmasq purge" "Stopping DNSMasq" 1 "SKIP" check "configure_repos purge" "Unconfiguring repositories" check "configure_nat purge" "Unconfiguring NAT using iptables" 1 "SKIP" check "create_bridge purge" "Deleting bridge interface ${BRIDGE_INTERFACE}" check "rm -rf /etc/one $HOME/.one >/dev/null" "Deleting /etc/one" if [[ "${DELETE_ONEADMIN}" = 'yes' ]]; then check "userdel -r -f oneadmin>/dev/null" "Deleting oneadmin user" 1 "SKIP" check "rm -rf /var/lib/one >/dev/null" "Deleting /var/lib/one" fi } if [[ $PURGE = 'yes' ]]; then VERBOSE='yes' purge exit 0 fi clean() { [[ -d /var/lib/one/.one ]] && check \ 'rm -rf /var/lib/one/.one.old; mv /var/lib/one/.one /var/lib/one/.one.old' \ 'Move old oneadmin auth-dir away' [[ -f /var/lib/one/one.db ]] && check \ 'mv /var/lib/one/one.db /var/lib/one/one.db.old' \ "Move old db away" } #------------------------------------------------------------------------------- # Edge functions #------------------------------------------------------------------------------- packet_req() { local URL="$1" shift curl -H "X-Auth-Token: $EDGE_PACKET_TOKEN" -s "$@" "https://api.packet.net$URL" } validate_packet() { local WHAT="$1" local ATTR="$2" local VALUE="$3" local URL_PREFIX="${4}" local JQ_WHAT="${WHAT/-/_}" # replace `-` by `_` local URL="${URL_PREFIX}/${WHAT}" local DATA DATA=$(packet_req "$URL") if echo "$DATA" | grep -q 'error' ; then echo "Can not list Packet $WHAT ($URL)" >&2 return 1 fi RET=$(echo "$DATA" | jq ".$JQ_WHAT | .[] | select(.$ATTR==\"$VALUE\") | .$ATTR") if echo "$RET" | grep -v -q "$VALUE"; then echo "Packet $WHAT $VALUE not found" >&2 return 1 fi } validate_packet_plan_facility() { URL="/projects/$EDGE_PACKET_PROJECT/plans/" DATA=$(packet_req "$URL") AVAILABLE_FACILITY_IDS=$(echo "$DATA" | jq -r ".plans | .[] | select(.name==\"$EDGE_PACKET_PLAN.x86\") | .\"available_in\" | .[] | .href" | awk -F/ '{print $3}') if [ -z "$AVAILABLE_FACILITY_IDS" ]; then echo "Can not list Packet project plans" return 1 fi URL="/projects/$EDGE_PACKET_PROJECT/facilities/" DATA=$(packet_req "$URL") REQUIRED_FACILITY_ID=$(echo "$DATA" |jq -r ".facilities | .[] | select(.code==\"$EDGE_PACKET_FACILITY\") | .id") if [ -z "$REQUIRED_FACILITY_ID" ]; then echo "Can not list Packet project facilities" return 1 fi if [[ ! $AVAILABLE_FACILITY_IDS =~ $REQUIRED_FACILITY_ID ]]; then echo "Required Packet plan($EDGE_PACKET_PLAN) is not available in facility($EDGE_PACKET_FACILITY)" return 1 fi } #------------------------------------------------------------------------------- # Checks & detection #------------------------------------------------------------------------------- title "Checks & detection" # check Opennebula veriosn & distribution & version check "supported_dist_ver \"$SUPPORTED_MAP\"" \ "Checking distribution and version [${DISTNAME} ${DISTVER} ${VERSION}]" \ 1 "IGNORED Will try to install if repository exists" # check if repository exists check "repo_exists" "Checking if OpenNebula repository exists" 3 # check if lxd is available for given distribution and version lxd && ! packet && check "supported_dist_ver \"$SUPPORTED_LXD_MAP\"" \ "Checking LXD support for given version" # check cpu flgas for virtualizaton capabilities frontend && { kvm && check 'grep flags /proc/cpuinfo | grep vmx\\\|svm > /dev/null' \ "Checking cpu virtualization capabilities" 1 \ "SKIP QEMU will be used" || USE_QEMU='yes'; frc && ! packet && check 'grep flags /proc/cpuinfo | grep vmx\\\|svm > /dev/null' \ "Checking cpu virtualization capabilities" } check "type -t augtool >/dev/null" "Checking augeas is installed" 1 \ "SKIP will try to install" || MISSING_PKGS="${MISSING_PKGS} $AUGEAS_PKG" check "type -t curl >/dev/null" "Checking curl is installed" 1 \ "SKIP will try to install" || MISSING_PKGS="${MISSING_PKGS} curl" frontend && { # check available disk space on /var check 'disk_free 20 /var' 'Checking free disk space' 1 'IGNORE' # check existing directories from previous installation check "[[ ! -e /etc/one && ! -e /var/lib/one ]]" \ "Checking directories from previous installation" 1 \ "IGNORED will be cleaned" || CLEAN='yes' # check existing user from previous installation check "! id oneadmin >/dev/null" \ "Checking user from previous installation" 1 "IGNORE" # check if sshd service is running check "systemctl status -n0 sshd >/dev/null" \ "Checking sshd service is running" # check if we have iptables networking && { check "type -t iptables >/dev/null" "Checking iptables are installed" 1 \ "SKIP will try to install" || MISSING_PKGS="${MISSING_PKGS} iptables" check "type -t brctl >/dev/null" "Checking bridge-utils are installed" 1 \ "SKIP will try to install" || MISSING_PKGS="${MISSING_PKGS} bridge-utils" if [[ "${DISTNAME}${DISTVER}" =~ CentOS8|RedHat8 ]]; then check "rpm -q network-scripts >/dev/null" "Checking network-scripts are installed" 1 \ "SKIP will try to install" || MISSING_PKGS="${MISSING_PKGS} network-scripts" fi } # check if we have apt-transport-https if debian; then check "dpkg -L apt-transport-https >/dev/null 2>&1" \ "Checking apt-transport-https is installed" 1 \ "SKIP will try to install" || \ MISSING_PKGS="${MISSING_PKGS} apt-transport-https" fi # check if gnupg is installed (required for apt-key add) if debian; then check "dpkg -L gnupg >/dev/null 2>&1" \ "Checking if gnupg is installed" 1 \ "SKIP will try to install" || \ MISSING_PKGS="${MISSING_PKGS} gnupg" fi # Check SELinux or AppArmor SELINUX=$(getenforce 2>/dev/null) centos && { check "[[ ! \"${SELINUX}\" = 'Enforcing' ]]" \ "Checking SELinux" 1 "SKIP will try to disable" || DISABLE_SELINUX='yes'; } debian && { check "! aa-status >/dev/null 2>&1" \ "Checking AppArmor" 1 "SKIP will try to modify" || ENABLED_APPARMOR='yes'; } # check for given ssh key if [[ -n "${SSH_PUBKEY}" ]]; then check "[[ -f \"${SSH_PUBKEY}\" ]]" \ "Checking ssh pub key ${SSH_PUBKEY} exists" # or take the first founc, or generate else SSH_PUBKEY=$(get_first_ssh_key) if ! check "[[ -f \"${SSH_PUBKEY}\" ]]" "Checking for present ssh key" 1 \ "SKIP" ; then if [[ ! -d "$HOME/.ssh" ]]; then mkdir "$HOME/.ssh/"; chmod 0700 "$HOME/.ssh/"; fi check "ssh-keygen -t rsa -P \"\" -f $HOME/.ssh/id_rsa >/dev/null"\ "Generating ssh keypair in $HOME/.ssh/id_rsa" SSH_PUBKEY="$HOME/.ssh/id_rsa.pub" fi fi } networking && { # check if given interface exists if [[ -n "${NAT_INTERFACE}" ]]; then check "interface_exists ${NAT_INTERFACE}" \ "Checking [${NAT_INTERFACE}] net device exists" else NAT_INTERFACE=$(get_interface_name) check "[[ -n \"${NAT_INTERFACE}\" ]]" \ "Checking local interface [${NAT_INTERFACE}]" fi # check if we have iptables-persistent netfilter-persistent if debian; then check "dpkg -l iptables-persistent netfilter-persistent > /dev/null" \ "Checking (iptables|netfilter)-persistent are installed" 1 \ "SKIP will try to install" || \ MISSING_PKGS="${MISSING_PKGS} iptables-persistent netfilter-persistent" fi #check if birdge iface is not already present check "! interface_exists ${BRIDGE_INTERFACE}" \ "Checking $BRIDGE_INTERFACE interface is not present" 1 "IGNORED" # check if given virtual network is already in routing table check "! ip route show ${VNET_ADDRESS}/${NETMASK_BITS} | grep dev >/dev/null" \ "Checking virtual network ${VNET_ADDRESS}/${NETMASK_BITS} is not routed" } kvm || lxd && { # check if the requested app name exists on market place if type -t curl >/dev/null; then check "curl -s -H \"${JSON_HEADERS}\" ${APPS_URL} \ | grep '\"name\":\"${MARKET_APP_NAME}\"' >/dev/null" \ "Checking presence of the market app: \"$MARKET_APP_NAME\"" 3 "Not found" elif type -t wget > /dev/null; then check "wget --quiet -O - --header \"${JSON_HEADERS}\" ${APPS_URL} \ | grep '\"name\":\"${MARKET_APP_NAME}\"' >/dev/null" \ "Checking presence of the market app: \"$MARKET_APP_NAME\"" 3 "Not found" else # Always fail, but continue with info when --force was given check "false" "Missing curl/wget to check market app" 1 "IGNORE Can't check" fi } frc && { # check if the requested app name exists on market place if type -t curl >/dev/null; then check "curl -s -H \"${JSON_HEADERS}\" -I ${DOCKERHUB_URL}/${FRC_MARKET_APP_NAME}/ \ | grep 'HTTP.*OK' >/dev/null" \ "Checking presence of the dockerhub image: \"${FRC_MARKET_APP_NAME}\"" 3 "Not found" check "curl -s -H \"${JSON_HEADERS}\" ${APPS_URL} \ | grep '\"name\":\"${FRC_KERNEL_NAME}\"' >/dev/null" \ "Checking presence of the market app: \"$FRC_KERNEL_NAME\"" 3 "Not found" elif type -t wget > /dev/null; then check "wget -S -O /dev/null --header \ \"${JSON_HEADERS}\" ${DOCKERHUB_URL}/${FRC_MARKET_APP_NAME}/ 2>&1 \ | grep 'HTTP.*OK' >/dev/null" \ "Checking presence of the market app: \"$FRC_MARKET_APP_NAME\"" 3 "Not found" check "wget --quiet -O - --header \"${JSON_HEADERS}\" ${APPS_URL} \ | grep '\"name\":\"${FRC_KERNEL_NAME}\"' >/dev/null" \ "Checking presence of the market app: \"$FRC_KERNEL_NAME\"" 3 "Not found" else # Always fail, but continue with info when --force was given check "false" "Missing curl/wget to check market app" 1 "IGNORE Can't check" fi debian && ! packet && { check "type -t add-apt-repository >/dev/null" "Checking add-apt-repository is available" 1 \ "SKIP will try to install" || MISSING_PKGS="${MISSING_PKGS} software-properties-common" } } node && packet && { if check "type -t curl" "Checking curl is installed" 1 "IGNORE can't validate Packet parameters" "Install curl package first"; then if check "type -t jq" "Checking jq is installed" 1 "IGNORE can't validate Packet parameters" "Install jq package first"; then check "validate_packet projects id $EDGE_PACKET_PROJECT" "Checking Packet token and project" check "validate_packet facilities code $EDGE_PACKET_FACILITY /projects/$EDGE_PACKET_PROJECT" "Checking Packet facility" check "validate_packet operating-systems slug $EDGE_PACKET_OS" "Checking Packet operating system" check "validate_packet plans name ${EDGE_PACKET_PLAN}.x86 /projects/$EDGE_PACKET_PROJECT" "Checking Packet plan" check "validate_packet_plan_facility" "Checking packet facility and plan" fi ! frc && check "curl -s -H \"${JSON_HEADERS}\" ${APPS_URL} \ | grep '\"name\":\"${EDGE_MARKET_APP_NAME}\"' >/dev/null" \ "Checking presence of the market app: \"$EDGE_MARKET_APP_NAME\"" 3 "Not found" fi check "type -t $PIP >/dev/null" "Checking ${PYTHON_PIP} is installed" 1 \ "SKIP will try to install" || MISSING_PKGS="${MISSING_PKGS} ${PYTHON_PIP}" if type -t ansible >/dev/null; then ANSIBLE_VERSION=$(ansible --version | head -1 | tr -cd '[:digit:]' | cut -c 1,2) if [ "$VERSION" = "5.10" ]; then check "[[ \"$ANSIBLE_VERSION\" =~ \"25\" ]]" \ "Checking ansible version (>=2.5.0, <2.6.0)" elif [ "$VERSION" = "5.12" ]; then check "[[ \"$ANSIBLE_VERSION\" =~ \"28\" ]]" \ "Checking ansible version (>=2.8.0, <2.9.0)" fi else if [ "$VERSION" = "5.10" ]; then check "false" "Checking ansible" 1 "SKIP will try to install" \ || MISSING_PIP_PKGS="'ansible>=2.5.0,<2.6.0'" elif [ "$VERSION" = "5.12" ]; then check "false" "Checking ansible" 1 "SKIP will try to install" \ || MISSING_PIP_PKGS="'ansible>=2.8.0,<2.9.0'" fi fi } #------------------------------------------------------------------------------- # Pre-installation report #------------------------------------------------------------------------------- title "Main deployment steps:" frontend && echo "Install OpenNebula frontend version ${VERSION}" node && ! packet && { centos && firewalld_running && echo "Disable_firewalld" echo "Configure bridge ${BRIDGE_INTERFACE} with IP ${VNET_GATEWAY}/${NETMASK_BITS}" echo "Enable NAT over ${NAT_INTERFACE}" [[ "${ENABLED_APPARMOR}" = yes ]] && echo "Modify AppArmor" lxd && echo "Install OpenNebula LXD node" kvm && echo "Install OpenNebula KVM node" frc && echo "Install OpenNebula Firecracker node" echo "Export appliance and update VM template" } packet && { echo "Install ONEProvision" echo "Configure IPAM Packet, alias IP mapping driver, VM hooks" node && echo "Trigger oneprovision" node && echo "Export appliance and update VM template" } [[ "${CLEAN}" = yes ]] && echo "Clean oneadmin home" [[ "${DISABLE_SELINUX}" = yes ]] && echo "Disable SELinux" [[ -n "${MISSING_PKGS}" ]] && echo "Install ${MISSING_PKGS}" echo "" echo "Do you agree? [yes/no]:" [[ "${ASK}" = 'yes' ]] && yes_no #------------------------------------------------------------------------------- # Installation #------------------------------------------------------------------------------- title "Installation" VERBOSE='yes' [[ "${CLEAN}" = yes ]] && clean debian && check "apt-get -q -y update >/dev/null" "Updating APT cache" [[ "${DISABLE_SELINUX}" = 'yes' ]] && check "disable_selinux" "Disabling SELinux" [[ -n "${MISSING_PKGS}" ]] && check "install ${MISSING_PKGS}" "Install ${MISSING_PKGS}" 3 [[ -n "${MISSING_PIP_PKGS}" ]] && check "$PIP install ${MISSING_PIP_PKGS}" \ "Install from PyPI ${MISSING_PIP_PKGS}" 3 frontend && centos && firewalld_running && check "disable_firewalld" "Disabling firewalld" networking && { centos && check "disable_invalid_net_cfg" "Rename invalid network configs" check "create_bridge" "Creating bridge interface ${BRIDGE_INTERFACE}" check "ifup_bridge" "Bring bridge interfaces up" [[ "$FORWARD" = 0 ]] && { check "sysctl -w net.ipv4.ip_forward=1 >/dev/null" "Enabling IPv4 forward" check "grep -q \"^net.ipv4.ip_forward=1$\" /etc/sysctl.conf || \ echo \"net.ipv4.ip_forward=1\" >> /etc/sysctl.conf" "Persisting IPv4 forward" } check "configure_nat" "Configuring NAT using iptables" centos && check "iptables-save > /etc/sysconfig/iptables" "Saving iptables changes" debian && check "netfilter-persistent save" "Saving iptables changes" check "install dnsmasq" "Installing DNSMasq" 3 check "start_dnsmasq" "Starting DNSMasq" } check "configure_repos" "Configuring repositories" frc && check "create_docker_repo" "Create docker packages repository" debian && check "apt-get -q -y update >/dev/null" "Updating APT cache" frontend && { redhat && check "enable_rhel_extra_repos" "Enabling RHEL 7 extra & opt repositories" centos && check "enable_epel" "Installing EPEL" check "install_opennebula_pkgs" "Installing OpenNebula packages" 3 } if kvm; then check "install_opennebula_kvm_pkgs" "Installing OpenNebula kvm node packages" 3 elif lxd && ! packet; then check "install_opennebula_lxd_pkgs" "Installing OpenNebula lxd node packages" 3 elif frc && ! packet; then check "install_opennebula_frc_pkgs" "Installing OpenNebula firecracker node packages" 3 elif packet; then check "install opennebula-provision" "Installing opennebula-provision package " 3 fi if kvm || lxd && ! packet ; then [[ "${ENABLED_APPARMOR}" = 'yes' ]] && check "modify_apparmor" "Updating AppArmor" check "rm -f /etc/libvirt/qemu/networks/autostart/default.xml" \ "Disable default libvirtd networking" if ! lxd; then check "systemctl restart ${LIBVIRTD}" "Restart libvirtd" fi fi frc && { check "install_docker" "Install docker" check "systemctl start docker" "Start docker service" check "systemctl enable docker" "Enable docker service" } #------------------------------------------------------------------------------- # Configuration functions #------------------------------------------------------------------------------- sed_subst() { local KEY=$1 local VALUE=$2 if [ -z "$3" ]; then local CONF='/etc/one/oned.conf' else local CONF=$3 fi sed -i -e "s/^${KEY}/${VALUE}/" "${CONF}" >/dev/null } aug_set() { local KEY="$1" local VALUE="$2" local CONF="${3:-/etc/one/oned.conf}" [ ! -f /usr/share/augeas/lenses/oned.aug ] && { echo "Missing oned.aug" >&2 return 1 } augtool -s set "/files$CONF/$KEY" "'$VALUE'" > /dev/null } switch_to_qemu() { LINE_NUM=$(grep -n '^VM_MAD =' -A 10 /etc/one/oned.conf | \ grep -E '^[0-9]+-\s*TYPE' | grep kvm | awk -F- '{print $1}') sed -i "${LINE_NUM}s/kvm/qemu/" /etc/one/oned.conf } set_init_password() { [[ ! -d $HOME/.one ]] && { mkdir "$HOME"/.one || return 1; } echo "oneadmin:$PASSWORD" > "$HOME"/.one/one_auth || return 1 echo "oneadmin:$PASSWORD" > /var/lib/one/.one/one_auth } set_sunstone_port() { local PORT=$1 sed_subst ":port: 9869" ":port: $PORT" /etc/one/sunstone-server.conf if [[ $PORT -lt 1024 ]]; then RUBY=$(readlink -f /usr/bin/ruby) setcap 'cap_net_bind_service=+ep' "$RUBY" fi } one_is_ready() { for I in $(seq $ONE_WAIT_TIMEOUT); do onehost list > /dev/null 2>&1 && return 0 sleep 1 done echo "OpenNebula did not start within the timeout" >&2 return 1 } deny_ssh_from_vnet() { if grep -v "DenyUsers ${STAR_NET}" /etc/ssh/sshd_config >/dev/null; then echo "" >> /etc/ssh/sshd_config echo "DenyUsers ${STAR_NET}" >> /etc/ssh/sshd_config fi systemctl restart sshd } add_keys_to_known_hosts() { su oneadmin -c 'ssh-keyscan localhost > ~/.ssh/known_hosts' || return 1 HOSTNAME=$(hostname) su oneadmin -c "ssh-keyscan ${HOSTNAME} >> ~/.ssh/known_hosts" || return 1 FQDN=$(hostname -f 2>/dev/null) if [[ -n "$FQDN" && "$HOSTNAME" != "${FQDN}" ]]; then su oneadmin -c "ssh-keyscan ${FQDN} >> ~/.ssh/known_hosts" || return 1 fi } test_ssh_connection() { sudo -u oneadmin ssh localhost true /dev/null || return 1 } add_ssh_keys_to_oneadmin() { local TMP_FILE TMP_FILE=$(mktemp) || return 1 # put current template to the tempfile oneuser show 0 | \ sed '/USER TEMPLATE/,/VMS USAGE/!d;//d' > "${TMP_FILE}" ONEADMIN_OS_USER_KEY=$(cat /var/lib/one/.ssh/id*pub 2>/dev/null) SSH_PUBKEY_CONTENT=$(cat "${SSH_PUBKEY}" 2>/dev/null) cat >> "${TMP_FILE}"<< EOF SSH_PUBLIC_KEY="${ONEADMIN_OS_USER_KEY} ${SSH_PUBKEY_CONTENT}" EOF oneuser update 0 "${TMP_FILE}" || return 1 rm "${TMP_FILE}" } update_ssh_configs() { local HOSTS=${1:-$STAR_NET} # allow VM addresses to be re-used touch /var/lib/one/.ssh/config || return 1 grep -q "Host ${HOSTS/\*/\\*}" /var/lib/one/.ssh/config || { cat >> /var/lib/one/.ssh/config << EOF || return 1 Host ${HOSTS} StrictHostKeyChecking no UserKnownHostsFile=/dev/null EOF chown oneadmin:oneadmin /var/lib/one/.ssh/config || return 1 chmod 0600 /var/lib/one/.ssh/config || return 1 } touch ~/.ssh/config || return 1 grep -q "Host ${HOSTS/\*/\\*}" ~/.ssh/config || { cat >> ~/.ssh/config << EOF || return 1 Host ${HOSTS} StrictHostKeyChecking no UserKnownHostsFile=/dev/null EOF chmod 0600 ~/.ssh/config } } ensure_hostname_resolvable() { set -e -o pipefail local HOSTNAME local IP HOSTNAME=$(hostname) IP=$(get_my_ip) if getent hosts "$HOSTNAME" >/dev/null; then return 0 fi if [ ! -f /usr/share/augeas/lenses/oned.aug ]; then echo "Missing oned.aug" >&2 return 1 fi MATCH=$(augtool match '/files/etc/hosts/*/ipaddr' "$IP") if [ -n "$MATCH" ]; then # IP already in /etc/hosts augtool -s set "/files/etc/hosts/*[ipaddr=\"$IP\"]/alias[.=\"$HOSTNAME\"] \"$HOSTNAME\"" else # IP not in /etc/hosts yet LAST=$(augtool ls '/files/etc/hosts' | tail -1 | awk -F/ '{print $1}') LAST=$(( LAST + 1 )) AUG_CMD=$(mktemp) echo "set /files/etc/hosts/$LAST/ipaddr \"$IP\"" > "$AUG_CMD" echo "set /files/etc/hosts/$LAST/canonical \"$HOSTNAME\"" >> "$AUG_CMD" augtool -s -f "$AUG_CMD" rm "$AUG_CMD" fi set +e } packet_conf_oned() { set -e -o pipefail aug_set "MONITORING_INTERVAL_HOST" "1000" aug_set "MONITORING_INTERVAL_VM" "300" aug_set "IPAM_MAD/ARGUMENTS" '"-t 1 -i dummy,packet"' aug_set "VN_MAD_CONF[NAME = '\"bridge\"']/BRIDGE_TYPE" '"linux"' aug_set "VN_MAD_CONF[NAME = '\"alias_sdnat\"']/NAME" '"alias_sdnat"' aug_set "VN_MAD_CONF[NAME = '\"alias_sdnat\"']/BRIDGE_TYPE" '"linux"' set +e } packet_conf_hooks() { set -e -o pipefail onehook show alias_ip_done >/dev/null 2>&1 || onehook create /usr/share/one/examples/alias_ip/done_hook onehook show alias_ip_hotplug >/dev/null 2>&1 || onehook create /usr/share/one/examples/alias_ip/hotplug_hook onehook show alias_ip_running >/dev/null 2>&1 || onehook create /usr/share/one/examples/alias_ip/running_hook set +e } get_next_packet_id() { local ID ID=$(onecluster list -l ID | grep -E '[0-9]+' | sort | tail -1) if [[ -z "$ID" || "$ID" -lt 100 ]]; then ID=100 else ID=$(( ID + 1 )) fi echo $ID } packet_template() { PACKET_TEMPLATE=$(mktemp) || return 1 PACKET_LAST_ID=$(get_next_packet_id) cat >> "$PACKET_TEMPLATE" << EOF || return 1 --- name: PacketProvision-${PACKET_LAST_ID} playbook: $PLAYBOOK defaults: provision: driver: packet packet_project: $EDGE_PACKET_PROJECT packet_token: $EDGE_PACKET_TOKEN facility: $EDGE_PACKET_FACILITY plan: $EDGE_PACKET_PLAN os: $EDGE_PACKET_OS connection: remote_user: root configuration: opennebula_node_kvm_use_ev: true iptables_masquerade_enabled: false hosts: EOF # HOSTS for I in $(seq 1 "$EDGE_HOST_NUM"); do cat >> "$PACKET_TEMPLATE" << EOF || return 1 - reserved_cpu: 50 im_mad: $HYPERVISOR vm_mad: $HYPERVISOR provision: hostname: packet-host-${PACKET_LAST_ID}-$I EOF done cat >> "$PACKET_TEMPLATE" << EOF || return 1 cluster: name: PacketCluster-${PACKET_LAST_ID} datastores: - name: packet-${PACKET_LAST_ID}-default ds_mad: fs tm_mad: ssh - name: packet-${PACKET_LAST_ID}-system type: system_ds tm_mad: ssh safe_dirs: '/var/tmp /tmp' - name: packet-${PACKET_LAST_ID}-files type: file_ds tm_mad: ssh ds_mad: fs safe_dirs: '/var/tmp /tmp' networks: - name: "packet-${PACKET_LAST_ID}-host-only" vn_mad: "dummy" bridge: "br0" dns: "8.8.8.8 8.8.4.4" gateway: "192.168.150.1" description: "Host-only networking" ar: - ip: "192.168.150.2" size: "253" type: "IP4" - name: "packet-${PACKET_LAST_ID}-public" vn_mad: alias_sdnat external: yes description: "Packet Public IP Networking" ar: - size: 2 type: IP4 ipam_mad: packet packet_ip_type: public_ipv4 packet_token: $EDGE_PACKET_TOKEN packet_project: $EDGE_PACKET_PROJECT facility: $EDGE_PACKET_FACILITY EOF } packet_provision() { echo "Running oneprovision" sudo -u oneadmin touch /var/lib/one/.ssh/known_hosts chown oneadmin:oneadmin "$PACKET_TEMPLATE" [[ ${VERBOSE} = 'yes' ]] && PARAMS="-D" if sudo PATH="$PATH":/usr/local/bin -H -u oneadmin oneprovision create "$PACKET_TEMPLATE" --batch --fail-cleanup --ping-timeout 60 -d $PARAMS; then green "OK" else red "FAILED" exit 1 fi } update_network_hooks() { for VN_MAD in 802.1Q bridge dummy ebtables fw ovswitch ovswitch_vxlan vxlan; do cp /var/lib/one/remotes/vnm/hooks/pre/firecracker /var/lib/one/remotes/vnm/${VN_MAD}/pre.d/firecracker cp /var/lib/one/remotes/vnm/hooks/clean/firecracker /var/lib/one/remotes/vnm/${VN_MAD}/clean.d/firecracker chown oneadmin:oneadmin /var/lib/one/remotes/vnm/${VN_MAD}/pre.d/firecracker chown oneadmin:oneadmin /var/lib/one/remotes/vnm/${VN_MAD}/clean.d/firecracker done } #------------------------------------------------------------------------------- # Configuration #------------------------------------------------------------------------------- title "Configuration" lxd && { check "sed_subst \"\s*:command: \\/bin\\/login\" \" :command: \\/bin\\/bash\" \"/var/lib/one/remotes/etc/vmm/lxd/lxdrc\""\ "Switching VNC command to /bin/bash in lxdrc" i check "sed_subst \"\s*:command => '\\/bin\\/login'\" \" :command => '\\/bin\\/bash'\" \"/var/lib/one/remotes/vmm/lxd/opennebula_vm.rb\""\ "Switching VNC command to /bin/bash in opennebula_vm.rb" } packet && { check "packet_conf_oned" "Applying packet changes to oned.conf" check "update_ssh_configs '*'" "Update ssh configs to accessing Packet hosts" } frc && { check "usermod -a -G docker oneadmin" "Add oneadmin to docker group" check "update_network_hooks" "Update network hooks" } frontend && { check "aug_set ONEGATE_ENDPOINT '\"http://${VNET_GATEWAY}:5030\"'" \ "Switching OneGate endpoint in oned.conf" check "sed_subst \":host: .*\" \":host: ${VNET_GATEWAY}\" \"/etc/one/onegate-server.conf\""\ "Switching OneGate endpoint in onegate-server.conf" check "sed_subst \":keep_empty_bridge: .*\" \":keep_empty_bridge: true\" \"/var/lib/one/remotes/etc/vnm/OpenNebulaNetwork.conf\""\ "Switching keep_empty_bridge on in OpenNebulaNetwork.conf" check "aug_set SCHED_INTERVAL 10 /etc/one/sched.conf" \ "Switching scheduler interval in oned.conf" [[ ${USE_QEMU} = 'yes' ]] && check "switch_to_qemu" "Switching to QEMU emulation" check "set_init_password" "Setting initial password for current user and oneadmin" [[ ${SUNSTONE_PORT} != 9869 ]] && check "set_sunstone_port ${SUNSTONE_PORT}"\ "Changing WebUI to listen on port ${SUNSTONE_PORT}" check "systemctl start $ONE_SERVICES" "Starting OpenNebula services" check "systemctl enable $ONE_SERVICES" "Enabling OpenNebula services" check "add_ssh_keys_to_oneadmin" "Add ssh key to oneadmin user" check "update_ssh_configs" "Update ssh configs to allow VM addresses reusig" check "ensure_hostname_resolvable" "Ensure own hostname is resolvable" } check "one_is_ready" "Checking OpenNebula is working" packet && check "packet_conf_hooks" "Configuring packet hooks" packet && node && { check "systemctl restart opennebula" "Restarting OpenNebula" check "packet_template" "Prepare packet template" check "oneprovision validate $PACKET_TEMPLATE" "Checking packet template [$PACKET_TEMPLATE]" packet_provision } networking && { check "deny_ssh_from_vnet" "Disabling ssh from virtual network" check "add_keys_to_known_hosts" "Adding localhost ssh key to known_hosts" check "test_ssh_connection" "Testing ssh connection to localhost" } #------------------------------------------------------------------------------- # Bootstrap functions #------------------------------------------------------------------------------- onecli_cmd_tmpl() { local COMMAND=$1 local DATA=$2 local TMP_FILE TMP_FILE=$(mktemp) || return 1 cat > "${TMP_FILE}"<< EOF ${DATA} EOF $COMMAND "$TMP_FILE" RC=$? rm "${TMP_FILE}" return ${RC} } update_datastores() { MAD="YESqcow2" frc && MAD="NOsshfs" TEMPLATE=$(cat << EOF $MAD FILE EOF ) onecli_cmd_tmpl "onedatastore update 0" "${TEMPLATE}" >/dev/null ||return 1 onecli_cmd_tmpl "onedatastore update 1" "${TEMPLATE}" >/dev/null } create_vnet() { SIZE=$((VNET_AR_IP_COUNT - 1)) TEMPLATE=$(cat << EOF NAME = "vnet" BRIDGE = "${BRIDGE_INTERFACE}" DNS = "${VNET_GATEWAY}" GATEWAY = "${VNET_GATEWAY}" PHYDEV = "" SECURITY_GROUPS = "0" VN_MAD = "fw" AR = [ IP = ${VNET_AR_IP_START}, SIZE = ${SIZE}, TYPE = IP4 ] EOF ) onecli_cmd_tmpl "onevnet create" "${TEMPLATE}" >/dev/null 2>&1 } poll_for_marketplace() { APP_COUNT=$(onemarketapp list | wc -l) for I in $(seq 30); do sleep 5 NEW_APP_COUNT=$(onemarketapp list | wc -l) if [[ "${NEW_APP_COUNT}" = "${APP_COUNT}" && "${APP_COUNT}" -gt 20 ]]; then return 0 fi APP_COUNT=${NEW_APP_COUNT} done return 1 } export_marketapp() { local APP_NAME="$1" local DS_ID="${2:-1}" local SUFFIX="$3" local NEW_NAME="${4:-$APP_NAME$SUFFIX}" local TEMPLATE_ID="" poll_for_marketplace ID=$(onemarketapp list --filter NAME="${APP_NAME}" \ --csv | tail -1 | awk -F, '{print $1}') || return 1 # onemarketapp always return 0 and prints to STDOUT OUT=$(mktemp) onemarketapp export "${ID}" "${NEW_NAME}" --datastore "$DS_ID" > "$OUT" if grep -q -i error < "$OUT"; then cat "$OUT" >&2 rm "$OUT" return 1 fi TEMPLATE_ID=$(tail -1 < "$OUT" | awk '{print $2}') # if -1 (kernel) don't update the VM_TEMPLATE_ID if [ $TEMPLATE_ID != -1 ]; then VM_TEMPLATE_ID=$TEMPLATE_ID fi rm "$OUT" } image_is_ready() { for I in $(seq $IMAGE_WAIT_TIMEOUT); do STATES=$(oneimage list --csv --no-header -l stat) # some error occurs echo "$STATES" | grep err && { echo "Image download error"; return 1; } # all images are ready echo "$STATES" | grep -q -v rdy || return 0 sleep 1 done echo "Image download reached timeout" >&2 return 1 } update_template() { local ID local TMP_FILE ID=${1:-0} TMP_FILE=$(mktemp) 2>/dev/null || return 1 # For firecracker delete OS=[...] template entry frc && { onedb change-body template --id="$ID" /VMTEMPLATE/TEMPLATE/OS --delete } # Add root password, report_ready and token setting to context onetemplate show "$ID" | grep CONTEXT -A1000 \ | sed -e "s/CONTEXT=\[/CONTEXT=[ PASSWORD=\"${VM_PASSWORD}\",/" \ | sed -e "s/CONTEXT=\[/CONTEXT=[ REPORT_READY=\"YES\",/" \ | sed -e "s/CONTEXT=\[/CONTEXT=[ TOKEN=\"YES\",/" \ > "${TMP_FILE}" # Add network node && ! packet && echo 'NIC=[ NETWORK="vnet", NETWORK_UNAME="oneadmin", SECURITY_GROUPS="0" ]' >> "${TMP_FILE}" # Add LXD_SECURITY_PRIVILEGED="true" lxd && echo 'LXD_SECURITY_PRIVILEGED="true"' >> "${TMP_FILE}" # Add kernel for firecracker frc && { onedb change-body template --id=0 /VMTEMPLATE/TEMPLATE/OS --delete { echo 'NIC_DEFAULT=[ MODEL="virtio" ]' echo "OS=[" echo " KERNEL_CMD=\"$FRC_KERNEL_PARAMS\"," echo " KERNEL_DS=\"\$FILE[IMAGE=\\\"kernel\\\"]\" ]" } >> "${TMP_FILE}" } # Add Packet default appliance setup and networking packet && { if [ $EDGE_DEFAULT_APP = "yes" ]; then sed -i "/^ *ONEAPP_.*$/d" "${TMP_FILE}" sed -i "/^ *USER_INPUTS.*$/d" "${TMP_FILE}" sed -i "/^ *INPUTS_ORDER.*$/d" "${TMP_FILE}" sed -i "s/CONTEXT=\[/CONTEXT=[ ONEAPP_SITE_TITLE=\"OpenNebula Edge Cloud Demo\",/" "${TMP_FILE}" sed -i "s/CONTEXT=\[/CONTEXT=[ ONEAPP_ADMIN_USERNAME=\"oneadmin\",/" "${TMP_FILE}" sed -i "s/CONTEXT=\[/CONTEXT=[ ONEAPP_ADMIN_PASSWORD=\"${PASSWORD}\",/" "${TMP_FILE}" sed -i "s/CONTEXT=\[/CONTEXT=[ ONEAPP_ADMIN_EMAIL=\"onedmin@localhost.localdomain\",/" "${TMP_FILE}" sed -i "s/CONTEXT=\[/CONTEXT=[ ONEAPP_SITE_HOSTNAME=\"\$NIC_ALIAS[IP, NETWORK=\\\\\"packet-${PACKET_LAST_ID}-public\\\\\"]\",/" "${TMP_FILE}" fi echo "NIC = [ NETWORK = \"packet-${PACKET_LAST_ID}-host-only\", NETWORK_UNAME = \"oneadmin\", SECURITY_GROUPS = \"0\" ]" >> "${TMP_FILE}" echo "NIC_ALIAS = [ NETWORK = \"packet-${PACKET_LAST_ID}-public\", PARENT = \"NIC0\", NETWORK_UNAME = \"oneadmin\", SECURITY_GROUPS = \"0\" ]" >> "${TMP_FILE}" } onetemplate update "$ID" "${TMP_FILE}" >/dev/null RC=$? rm "${TMP_FILE}" return ${RC} } get_provision_ids() { oneprovision list --l ID | grep '-' } #------------------------------------------------------------------------------- # Bootstrap #------------------------------------------------------------------------------- node && ! packet && { check "update_datastores" "Updating datastores template" } kvm && check "onehost create -i kvm -v kvm localhost >/dev/null 2>&1" \ "Creating KVM host" lxd && ! packet && check "onehost create -i lxd -v lxd localhost >/dev/null 2>&1" \ "Creating LXD host" frc && ! packet && check "onehost create -i firecracker -v firecracker localhost >/dev/null 2>&1" \ "Creating Firecracker host" networking && check "create_vnet" "Creating virtual network" DS_ID=1 SUFFIX='' node && packet && { DS_ID=$(onedatastore list --csv -l ID,NAME,TYPE -f TYPE=img -f NAME=packet-"${PACKET_LAST_ID}"-default | awk -F, '{print $1}' | tail -1) SUFFIX="-${EDGE_PACKET_FACILITY}-${PACKET_LAST_ID}" } check "export_marketapp \"$MARKET_APP_NAME\" \"${DS_ID}\" \"${SUFFIX}\"" "Exporting [${EDGE_MARKET_APP_NAME}] from Marketplace to local datastore" check "image_is_ready" "Waiting until the image is ready" frc && { DS_ID=2 if packet; then DS_ID=$(onedatastore list --csv -l ID,NAME,TYPE -f TYPE=fil -f NAME=packet-"${PACKET_LAST_ID}"-files | awk -F, '{print $1}' | tail -1) fi if ! node || ! oneimage show "kernel" >/dev/null; then check "export_marketapp \"$FRC_KERNEL_NAME\" ${DS_ID} \"\" kernel" \ "Exporting [${FRC_KERNEL_NAME}] to local datastore" fi check "image_is_ready" "Waiting until the image is ready" } check "update_template ${VM_TEMPLATE_ID:-0}" "Updating VM template" #------------------------------------------------------------------------------- # Report #------------------------------------------------------------------------------- [[ $SUNSTONE_PORT != 80 ]] && PORT_STR=":$SUNSTONE_PORT" frontend && { title 'Report' echo "OpenNebula ${VERSION} was installed" echo "Sunstone [the webui] is running on:" echo " http://$(get_my_ip)${PORT_STR}/" echo "Use following to login:" echo " user: oneadmin" echo " password: ${PASSWORD}" } node && packet && { PROVISION_IDS=$(get_provision_ids) if [ -n "$PROVISION_IDS" ]; then title "Packet provisioned" onehost list echo "" echo "To extend the setup by additional hypervisor on Packet run following command:" echo "./minione --edge packet --node --edge-packet-token [] --edge-packet-project []" echo "" echo "To cleanup (delete resources in OpenNebula and Packet) run:" for PROVISION_ID in $PROVISION_IDS; do echo "oneprovision delete $PROVISION_ID --cleanup" done fi } exit 0