Browse Source

Initial commit.

Chris Wedgwood 1 year ago
commit
76aebc9f9e
10 changed files with 766 additions and 0 deletions
  1. 2
    0
      .gitignore
  2. 201
    0
      LICENSE
  3. 30
    0
      Makefile
  4. 93
    0
      README.md
  5. 23
    0
      TODO
  6. 5
    0
      berth/Chart.yaml
  7. 1
    0
      berth/requirements.yaml
  8. 261
    0
      berth/templates/bin/_startvm.txt
  9. 132
    0
      berth/templates/deployment.yaml
  10. 18
    0
      berth/values.yaml

+ 2
- 0
.gitignore View File

@@ -0,0 +1,2 @@
1
+helm.log
2
+berth-0.1.0.tgz

+ 201
- 0
LICENSE View File

@@ -0,0 +1,201 @@
1
+                                 Apache License
2
+                           Version 2.0, January 2004
3
+                        http://www.apache.org/licenses/
4
+
5
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
+
7
+   1. Definitions.
8
+
9
+      "License" shall mean the terms and conditions for use, reproduction,
10
+      and distribution as defined by Sections 1 through 9 of this document.
11
+
12
+      "Licensor" shall mean the copyright owner or entity authorized by
13
+      the copyright owner that is granting the License.
14
+
15
+      "Legal Entity" shall mean the union of the acting entity and all
16
+      other entities that control, are controlled by, or are under common
17
+      control with that entity. For the purposes of this definition,
18
+      "control" means (i) the power, direct or indirect, to cause the
19
+      direction or management of such entity, whether by contract or
20
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
21
+      outstanding shares, or (iii) beneficial ownership of such entity.
22
+
23
+      "You" (or "Your") shall mean an individual or Legal Entity
24
+      exercising permissions granted by this License.
25
+
26
+      "Source" form shall mean the preferred form for making modifications,
27
+      including but not limited to software source code, documentation
28
+      source, and configuration files.
29
+
30
+      "Object" form shall mean any form resulting from mechanical
31
+      transformation or translation of a Source form, including but
32
+      not limited to compiled object code, generated documentation,
33
+      and conversions to other media types.
34
+
35
+      "Work" shall mean the work of authorship, whether in Source or
36
+      Object form, made available under the License, as indicated by a
37
+      copyright notice that is included in or attached to the work
38
+      (an example is provided in the Appendix below).
39
+
40
+      "Derivative Works" shall mean any work, whether in Source or Object
41
+      form, that is based on (or derived from) the Work and for which the
42
+      editorial revisions, annotations, elaborations, or other modifications
43
+      represent, as a whole, an original work of authorship. For the purposes
44
+      of this License, Derivative Works shall not include works that remain
45
+      separable from, or merely link (or bind by name) to the interfaces of,
46
+      the Work and Derivative Works thereof.
47
+
48
+      "Contribution" shall mean any work of authorship, including
49
+      the original version of the Work and any modifications or additions
50
+      to that Work or Derivative Works thereof, that is intentionally
51
+      submitted to Licensor for inclusion in the Work by the copyright owner
52
+      or by an individual or Legal Entity authorized to submit on behalf of
53
+      the copyright owner. For the purposes of this definition, "submitted"
54
+      means any form of electronic, verbal, or written communication sent
55
+      to the Licensor or its representatives, including but not limited to
56
+      communication on electronic mailing lists, source code control systems,
57
+      and issue tracking systems that are managed by, or on behalf of, the
58
+      Licensor for the purpose of discussing and improving the Work, but
59
+      excluding communication that is conspicuously marked or otherwise
60
+      designated in writing by the copyright owner as "Not a Contribution."
61
+
62
+      "Contributor" shall mean Licensor and any individual or Legal Entity
63
+      on behalf of whom a Contribution has been received by Licensor and
64
+      subsequently incorporated within the Work.
65
+
66
+   2. Grant of Copyright License. Subject to the terms and conditions of
67
+      this License, each Contributor hereby grants to You a perpetual,
68
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69
+      copyright license to reproduce, prepare Derivative Works of,
70
+      publicly display, publicly perform, sublicense, and distribute the
71
+      Work and such Derivative Works in Source or Object form.
72
+
73
+   3. Grant of Patent License. Subject to the terms and conditions of
74
+      this License, each Contributor hereby grants to You a perpetual,
75
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76
+      (except as stated in this section) patent license to make, have made,
77
+      use, offer to sell, sell, import, and otherwise transfer the Work,
78
+      where such license applies only to those patent claims licensable
79
+      by such Contributor that are necessarily infringed by their
80
+      Contribution(s) alone or by combination of their Contribution(s)
81
+      with the Work to which such Contribution(s) was submitted. If You
82
+      institute patent litigation against any entity (including a
83
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
84
+      or a Contribution incorporated within the Work constitutes direct
85
+      or contributory patent infringement, then any patent licenses
86
+      granted to You under this License for that Work shall terminate
87
+      as of the date such litigation is filed.
88
+
89
+   4. Redistribution. You may reproduce and distribute copies of the
90
+      Work or Derivative Works thereof in any medium, with or without
91
+      modifications, and in Source or Object form, provided that You
92
+      meet the following conditions:
93
+
94
+      (a) You must give any other recipients of the Work or
95
+          Derivative Works a copy of this License; and
96
+
97
+      (b) You must cause any modified files to carry prominent notices
98
+          stating that You changed the files; and
99
+
100
+      (c) You must retain, in the Source form of any Derivative Works
101
+          that You distribute, all copyright, patent, trademark, and
102
+          attribution notices from the Source form of the Work,
103
+          excluding those notices that do not pertain to any part of
104
+          the Derivative Works; and
105
+
106
+      (d) If the Work includes a "NOTICE" text file as part of its
107
+          distribution, then any Derivative Works that You distribute must
108
+          include a readable copy of the attribution notices contained
109
+          within such NOTICE file, excluding those notices that do not
110
+          pertain to any part of the Derivative Works, in at least one
111
+          of the following places: within a NOTICE text file distributed
112
+          as part of the Derivative Works; within the Source form or
113
+          documentation, if provided along with the Derivative Works; or,
114
+          within a display generated by the Derivative Works, if and
115
+          wherever such third-party notices normally appear. The contents
116
+          of the NOTICE file are for informational purposes only and
117
+          do not modify the License. You may add Your own attribution
118
+          notices within Derivative Works that You distribute, alongside
119
+          or as an addendum to the NOTICE text from the Work, provided
120
+          that such additional attribution notices cannot be construed
121
+          as modifying the License.
122
+
123
+      You may add Your own copyright statement to Your modifications and
124
+      may provide additional or different license terms and conditions
125
+      for use, reproduction, or distribution of Your modifications, or
126
+      for any such Derivative Works as a whole, provided Your use,
127
+      reproduction, and distribution of the Work otherwise complies with
128
+      the conditions stated in this License.
129
+
130
+   5. Submission of Contributions. Unless You explicitly state otherwise,
131
+      any Contribution intentionally submitted for inclusion in the Work
132
+      by You to the Licensor shall be under the terms and conditions of
133
+      this License, without any additional terms or conditions.
134
+      Notwithstanding the above, nothing herein shall supersede or modify
135
+      the terms of any separate license agreement you may have executed
136
+      with Licensor regarding such Contributions.
137
+
138
+   6. Trademarks. This License does not grant permission to use the trade
139
+      names, trademarks, service marks, or product names of the Licensor,
140
+      except as required for reasonable and customary use in describing the
141
+      origin of the Work and reproducing the content of the NOTICE file.
142
+
143
+   7. Disclaimer of Warranty. Unless required by applicable law or
144
+      agreed to in writing, Licensor provides the Work (and each
145
+      Contributor provides its Contributions) on an "AS IS" BASIS,
146
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147
+      implied, including, without limitation, any warranties or conditions
148
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149
+      PARTICULAR PURPOSE. You are solely responsible for determining the
150
+      appropriateness of using or redistributing the Work and assume any
151
+      risks associated with Your exercise of permissions under this License.
152
+
153
+   8. Limitation of Liability. In no event and under no legal theory,
154
+      whether in tort (including negligence), contract, or otherwise,
155
+      unless required by applicable law (such as deliberate and grossly
156
+      negligent acts) or agreed to in writing, shall any Contributor be
157
+      liable to You for damages, including any direct, indirect, special,
158
+      incidental, or consequential damages of any character arising as a
159
+      result of this License or out of the use or inability to use the
160
+      Work (including but not limited to damages for loss of goodwill,
161
+      work stoppage, computer failure or malfunction, or any and all
162
+      other commercial damages or losses), even if such Contributor
163
+      has been advised of the possibility of such damages.
164
+
165
+   9. Accepting Warranty or Additional Liability. While redistributing
166
+      the Work or Derivative Works thereof, You may choose to offer,
167
+      and charge a fee for, acceptance of support, warranty, indemnity,
168
+      or other liability obligations and/or rights consistent with this
169
+      License. However, in accepting such obligations, You may act only
170
+      on Your own behalf and on Your sole responsibility, not on behalf
171
+      of any other Contributor, and only if You agree to indemnify,
172
+      defend, and hold each Contributor harmless for any liability
173
+      incurred by, or claims asserted against, such Contributor by reason
174
+      of your accepting any such warranty or additional liability.
175
+
176
+   END OF TERMS AND CONDITIONS
177
+
178
+   APPENDIX: How to apply the Apache License to your work.
179
+
180
+      To apply the Apache License to your work, attach the following
181
+      boilerplate notice, with the fields enclosed by brackets "{}"
182
+      replaced with your own identifying information. (Don't include
183
+      the brackets!)  The text should be enclosed in the appropriate
184
+      comment syntax for the file format. We also recommend that a
185
+      file or class name and description of purpose be included on the
186
+      same "printed page" as the copyright notice for easier
187
+      identification within third-party archives.
188
+
189
+   Copyright {yyyy} {name of copyright owner}
190
+
191
+   Licensed under the Apache License, Version 2.0 (the "License");
192
+   you may not use this file except in compliance with the License.
193
+   You may obtain a copy of the License at
194
+
195
+       http://www.apache.org/licenses/LICENSE-2.0
196
+
197
+   Unless required by applicable law or agreed to in writing, software
198
+   distributed under the License is distributed on an "AS IS" BASIS,
199
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200
+   See the License for the specific language governing permissions and
201
+   limitations under the License.

+ 30
- 0
Makefile View File

@@ -0,0 +1,30 @@
1
+# This Makefile is used during development and can usually be ignored
2
+# by most people.
3
+
4
+all: test
5
+
6
+default: test
7
+
8
+test: install
9
+
10
+install: build
11
+	@echo
12
+	-helm delete --purge berth >>helm.log 2>&1
13
+	@echo
14
+	@[ -f override.yaml ] || touch override.yaml
15
+	helm install ./berth-0.1.0.tgz --values=override.yaml --name=berth >>helm.log 2>&1
16
+	@sleep 5.0 # give k8s a chance to see the IP
17
+	@echo
18
+	kubectl get pods -o wide
19
+
20
+build:
21
+	@echo
22
+	helm lint berth
23
+	@echo
24
+	helm package berth
25
+
26
+clean:
27
+	rm -f berth-0.1.0.tgz helm.log
28
+
29
+.PHONY:
30
+	all default build clean

+ 93
- 0
README.md View File

@@ -0,0 +1,93 @@
1
+Berth is a deliberately minimalist VM runner for Kubernetes.
2
+
3
+I'm not 100% sold on the name; before merging we could change it...
4
+
5
+## TL;DR Installation Guide
6
+
7
+```
8
+# Make sure you have Helm 2.5.x and Kubernetes 1.6.x
9
+#
10
+# edit values.yaml; set class_name and ssh key
11
+#
12
+helm package berth
13
+helm install --name=berth ./berth-0.1.0.tgz # ...
14
+kubectl get pods -o wide
15
+```
16
+
17
+You should be able to SSH to your VM at the Kubernetes IP for the
18
+container which you can retrieve with `kubectl get all -o wide`.  VNC
19
+access is available on port 5900.
20
+
21
+```
22
+ssh -i ./you-ssh-private-key root@ip.of.vm.pod
23
+```
24
+<!-- https://mostsecure.pw/  -->
25
+
26
+### Example
27
+
28
+[Quick installation / sample](https://asciinema.org/a/4VazbwsokL3zpnGPf27eyFIfe)
29
+
30
+### Why this?
31
+
32
+The requirements are very narrow right now and the existing
33
+alternatives don't align well at present.  This will likely change in
34
+time at which point we can realign the internal implementation.
35
+
36
+#### Minimalist requirements
37
+* Run VMs from inside of Kubernetes
38
+* Work with Calico
39
+* Have VM life-cycle match that of pods
40
+* Have VMs benefit from Kubernetes resiliency
41
+* Allow for persistent storage
42
+* Allow for state injection/access from a ConfigMaps
43
+
44
+## Requirements:
45
+* Helm 2.5.x
46
+* Kubernetes 1.6.x
47
+
48
+This does not need to be installed as part of the OpenStack chart
49
+collection.
50
+
51
+## How it works:
52
+
53
+At a high level, it works like this:
54
+* Create a SNAT/DNAT enabled linux bridge.
55
+* Assign the bridge a private IP address from a small /30 subnet
56
+  (controlled with `VM_IP` and `VM_GW`)
57
+* Plug the VM network interface into the bridge.
58
+* Run a dnsmasq process to allocate the VM the right name-servers, and
59
+  DNS search strings extracted from the parent container.  Assign the
60
+  private IP address to the VM and have it use the bridges IP as its
61
+  default gateway.
62
+* Setup SNAT/DNAT on the parent container to do 1:1 mapping of all
63
+  ports, all protocols to the VM, except for TCP:5900 to allow for VNC
64
+  access (can be controlled with NO_VNC environment variable).
65
+* At this point, VM essentially assumes Pod Assigned IP.
66
+* Feed any meta-data or user-data down into the VM by leveraging these
67
+  ConfigMap mounts with the same name and turning them into an ISO
68
+  presented to the guest.
69
+
70
+The startvm entry-point supports several environment variables:
71
+
72
+* `IMG_SOURCE` which is an http or https URL that contains a qcow2
73
+  image.  It can also be a full path to a local file baked into the
74
+  container image, e.g. "/image.qcow"
75
+* `IMG_TARGET` the name to save the image above as in the shared
76
+  volume.
77
+
78
+It also supports two files, which should be mounted as ConfigMaps if
79
+using Kubernetes at `/userdata` and `/metadata` as YAML files
80
+containing, obviously meta-data and user-data as YAML that will be fed
81
+to the VM as a config-drive iso.
82
+
83
+The "pet" version of the image, which is created using qemu-img -b to
84
+base it on the source, is stored in a separate volume dedicated to the
85
+VM itself, and named after the container hostname.
86
+
87
+There are a few other parameters you can control as an operator:
88
+
89
+* `VM_IP` is the IP address the VM should be allocated by DHCP.  The
90
+  container will 1:1 NAT except for port 5900 for VNC access (defaults
91
+  to 192.168.254.2)
92
+* `VM_GW` is the gateway IP address the VM should use for its default
93
+  route (defaults to 192.168.254.1)

+ 23
- 0
TODO View File

@@ -0,0 +1,23 @@
1
+[Put these in Jira]
2
+
3
+*Require* ssh key, throw an error if missing.
4
+
5
+Chart definition vs values.yaml:
6
+
7
+    Move image source/target details from chart to values
8
+    (IMG_SOURCE/IMG_TARGET)
9
+
10
+    Move the VM definitions entirely into the values.yaml file; have
11
+    helm deployment process iterate over that creating multiple pods,
12
+    one for each VM.
13
+
14
+    Ideally this will allow incremental updates of pods without having
15
+    to know about the chart internals.
16
+
17
+    XXX Get examples of where we've done this before from Alan XXX
18
+
19
+Add Dockerfile; update the container image we use to Ubuntu 16.04 with
20
+a suitable KVM/Qemu.
21
+
22
+Consider moving to stateful sets for cleaner PVC associations.  See
23
+OSH MariaDB chart for an example of this.

+ 5
- 0
berth/Chart.yaml View File

@@ -0,0 +1,5 @@
1
+apiVersion: v1
2
+description: Minimalist VMs on Kubernetes
3
+name: berth
4
+version: 0.1.0
5
+icon: https://upload.wikimedia.org/wikipedia/commons/6/62/Anchor_pictogram.svg

+ 1
- 0
berth/requirements.yaml View File

@@ -0,0 +1 @@
1
+dependencies: []

+ 261
- 0
berth/templates/bin/_startvm.txt View File

@@ -0,0 +1,261 @@
1
+#!/bin/bash
2
+
3
+set -x
4
+
5
+echo "VER-0.1.0-1.2"
6
+
7
+# Returns the integer representation of an IP arg, passed in ascii
8
+# dotted-decimal notation (x.x.x.x)
9
+atoi() {
10
+    IP=$1; IPNUM=0
11
+    for (( i=0 ; i<4 ; ++i )); do
12
+	((IPNUM+=${IP%%.*}*$((256**$((3-${i}))))))
13
+	IP=${IP#*.}
14
+    done
15
+    echo $IPNUM
16
+}
17
+
18
+# Returns the dotted-decimal ascii form of an IP arg passed in integer
19
+# format
20
+itoa() {
21
+    echo -n $(($(($(($((${1}/256))/256))/256))%256)).
22
+    echo -n $(($(($((${1}/256))/256))%256)).
23
+    echo -n $(($((${1}/256))%256)).
24
+    echo $((${1}%256))
25
+}
26
+
27
+generate_cloud_drive() {
28
+    metadata=/metadata
29
+    if [ ! -f $metadata ]; then
30
+	metadata=""
31
+    fi
32
+
33
+    userdata=/userdata
34
+    if [ ! -f $userdata ]; then
35
+	userdata=""
36
+    fi
37
+
38
+    if [ "$metadata" == "" -a "$userdata" == "" ]; then
39
+	return
40
+    fi
41
+
42
+    TMPDIR=`mktemp -d -t aicvm.XXXXXX`
43
+
44
+    if [ $? -ne 0 ]; then
45
+	echo "Fail to create temporaily directory"
46
+	exit 1
47
+    fi
48
+
49
+    # create form of config drive
50
+    mkdir -p ${TMPDIR}/openstack/2012-08-10
51
+    OLD_PWD=$PWD
52
+    cd ${TMPDIR}/openstack
53
+    ln -s 2012-08-10 latest
54
+    cd $OLD_PWD
55
+
56
+    if [ -f $metadata ]; then
57
+	cp $metadata ${TMPDIR}/openstack/2012-08-10/meta_data.json
58
+    fi
59
+    if [ -f $userdata ]; then
60
+	cp $userdata ${TMPDIR}/openstack/2012-08-10/user_data
61
+    fi
62
+
63
+    iso="cloud-drive.iso"
64
+    mkisofs -R -V config-2 -o $iso ${TMPDIR}
65
+    if [ $? -ne 0 ]; then
66
+	echo Fail to create cloud-drive ISO image for cloud-init
67
+	exit 1
68
+    fi
69
+    echo $iso
70
+}
71
+
72
+# Generate random new MAC address
73
+hexchars="0123456789ABCDEF"
74
+end=$( for i in {1..8} ; do echo -n ${hexchars:$(( $RANDOM % 16 )):1} ; done | sed -e 's/\(..\)/:\1/g' )
75
+NEWMAC=`echo 06:FE$end`
76
+
77
+# These two variables can be overwritten
78
+: ${KVM_BLK_OPTS:="-drive file=\$KVM_IMAGE,if=none,id=drive-disk0,format=qcow2 \
79
+-device virtio-blk-pci,scsi=off,drive=drive-disk0,id=virtio-disk0,bootindex=1"}
80
+: ${KVM_RAW_BLK_OPTS:="-drive file=\$KVM_IMAGE,if=none,id=drive-disk0,format=raw \
81
+-device virtio-blk-pci,scsi=off,drive=drive-disk0,id=virtio-disk0,bootindex=1"}
82
+: ${KVM_NET_OPTS:="-netdev bridge,br=\$BRIDGE_IFACE,id=net0 \
83
+-device virtio-net-pci,netdev=net0,mac=\$NEWMAC"}
84
+
85
+# define some valeus for the VM side of the networking but
86
+# allow them to be overriden by the operator
87
+: ${VM_IP:="192.168.254.2"}
88
+: ${VM_GW:="192.168.254.1"}
89
+
90
+# the netmask is not definable, as we leverage
91
+# /30 elsewhere
92
+VM_NETMASK="255.255.255.252"
93
+
94
+# For debugging
95
+if [ "$1" = "bash" ]; then
96
+  exec bash
97
+fi
98
+
99
+# Pass Docker command args to kvm
100
+KVM_ARGS=$@
101
+
102
+# Create the qcow disk image on the Docker volume named /image, using
103
+# the compressed qcow image that came with Docker image as the base.
104
+# Docker volumes typically perform better than the file system for
105
+# Docker images (no need for overlay fs etc.)
106
+
107
+if [ -e /dev/vm/root ]; then
108
+    KVM_BLK_OPTS="$KVM_RAW_BLK_OPTS"
109
+    KVM_IMAGE=/dev/vm/root
110
+else
111
+
112
+    if [ -e "${IMG_TARGET}" ]; then
113
+	BASE=${IMG_TARGET}
114
+    else
115
+
116
+	if [ ! -d "/image" ]; then
117
+	    echo "/image directory does not exist, failed to mount volume?"
118
+	    exit 2
119
+	fi
120
+
121
+	if [ ! -e "/image/${IMG_TARGET}" ]; then
122
+	    echo "Fetching missing image target"
123
+	    curl ${IMG_SOURCE} > /image/${IMG_TARGET}
124
+	fi
125
+
126
+	BASE=/image/${IMG_TARGET}
127
+    fi
128
+
129
+    if [ ! -d "/image" ]; then
130
+	echo "/image directory does not exist, failed to mount volume /image?"
131
+	exit 2
132
+    fi
133
+
134
+    if [ -z "${HOSTNAME}" ]; then
135
+    	echo "Could not find HOSTNAME var.  Did you specify a HOSTNAME environment variable?"
136
+    fi
137
+
138
+    KVM_IMAGE=/image/${HOSTNAME}.qcow2
139
+
140
+    if [ -e "${KVM_IMAGE}" ]; then
141
+    	echo "Image ${KVM_IMAGE} already exists.  Not recreating"
142
+    else
143
+        qemu-img create -f qcow2 -b ${BASE} \
144
+		 $KVM_IMAGE > /dev/null
145
+        if [[ $? -ne 0 ]]; then
146
+            echo "Failed to create qcow2 image"
147
+            exit 3
148
+        fi
149
+    fi
150
+fi
151
+
152
+VOLUMES_DIR="/volumes/"
153
+VOLUMES_LIST=`find $VOLUMES_DIR -name "*.img" | sort -d`
154
+extra_kvm_blk_opts=""
155
+for volume in $VOLUMES_LIST /dev/vm/disk* ; do
156
+    if [ -e $volume ]; then
157
+        extra_kvm_blk_opts=$extra_kvm_blk_opts" -drive file=$volume,if=virtio,format=raw"
158
+    fi
159
+done
160
+KVM_BLK_OPTS=$KVM_BLK_OPTS$extra_kvm_blk_opts
161
+
162
+# Network setup:
163
+#
164
+# 1. Create a bridge named br0
165
+# 2. Remove IP from eth0, save eth0 MAC, give eth0 a random MAC
166
+
167
+IFACE=eth0
168
+BRIDGE_IFACE=br0
169
+
170
+cidr2mask() {
171
+    local i mask=""
172
+    local full_octets=$(($1/8))
173
+    local partial_octet=$(($1%8))
174
+
175
+    for ((i=0;i<4;i+=1)); do
176
+	if [ $i -lt $full_octets ]; then
177
+	    mask+=255
178
+	elif [ $i -eq $full_octets ]; then
179
+	    mask+=$((256 - 2**(8-$partial_octet)))
180
+	else
181
+	    mask+=0
182
+	fi
183
+	test $i -lt 3 && mask+=.
184
+    done
185
+
186
+    echo $mask
187
+}
188
+
189
+setup_bridge_networking() {
190
+
191
+    MAC=`ip addr show $IFACE | grep ether | sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*\$//g' | cut -f2 -d ' '`
192
+    HOST_IP=`ip addr show dev $IFACE | grep "inet $IP" | awk '{print $2}' | cut -f1 -d/`
193
+    HOST_CIDR=`ip addr show dev $IFACE | grep "inet $IP" | awk '{print $2}' | cut -f2 -d/`
194
+    HOST_NETMASK=`cidr2mask $HOST_CIDR`
195
+    HOST_GATEWAY=`ip route get 8.8.8.8 | grep via | cut -f3 -d ' '`
196
+    NAMESERVER=( `grep nameserver /etc/resolv.conf | grep -v "#" | cut -f2 -d ' '` )
197
+    NAMESERVERS=`echo ${NAMESERVER[*]} | sed "s/ /,/"`
198
+    SEARCH=( `grep -E ^search /etc/resolv.conf | grep -v "#" | cut -f2- -d ' ' | tr ' ' ','` )
199
+
200
+    # we must enable forwarding inside the container
201
+    echo 1 > /proc/sys/net/ipv4/ip_forward
202
+
203
+    # we support exposing port 5900 on the container but leave
204
+    # it up to the operator on whether to expose this - they can
205
+    # specify NO_VNC as an environment variable to disable this
206
+    # functionality
207
+    if [ -z $NO_VNC ]; then
208
+   	iptables -t nat -A PREROUTING -p tcp \! --dport 5900 -d $HOST_IP -j DNAT --to-destination $VM_IP
209
+   	iptables -t nat -A POSTROUTING -s $VM_IP -j SNAT --to-source $HOST_IP
210
+    else
211
+	iptables -t nat -A PREROUTING -d $HOST_IP -j DNAT --to-destination $VM_IP
212
+	iptables -t nat -A POSTROUTING -s $VM_IP -j SNAT --to-source $HOST_IP
213
+    fi
214
+
215
+    # generate VM specifics
216
+    cat > /etc/dnsmasq.conf << EOF
217
+user=root
218
+dhcp-range=$VM_IP,$VM_IP
219
+dhcp-host=$NEWMAC,$HOSTNAME,$VM_IP,infinite
220
+dhcp-option=option:router,$VM_GW
221
+dhcp-option=option:netmask,$VM_NETMASK
222
+dhcp-option=option:dns-server,$NAMESERVERS
223
+dhcp-option=119,$SEARCH
224
+EOF
225
+
226
+    if [ -z $NO_DHCP ]; then
227
+        dnsmasq
228
+    fi
229
+
230
+    brctl addbr $BRIDGE_IFACE
231
+    ip link set dev $BRIDGE_IFACE up
232
+    ip addr add $VM_GW/30 dev $BRIDGE_IFACE
233
+
234
+    # alanmeadows(NOTE) in many implementations with out of
235
+    # subnet gateways the dhcp approach does not work
236
+    # if [ -z $NO_DHCP ]; then
237
+    #     ip addr add $NEWIP/$NEWCIDR dev $BRIDGE_IFACE
238
+    # fi
239
+
240
+    if [[ $? -ne 0 ]]; then
241
+        echo "Failed to bring up network bridge"
242
+        exit 4
243
+    fi
244
+
245
+    # Exec kvm as PID 1
246
+    mkdir -p /etc/qemu
247
+    echo allow $BRIDGE_IFACE >  /etc/qemu/bridge.conf
248
+}
249
+
250
+# need to wait until network is ready
251
+ISO=`generate_cloud_drive`
252
+if [[ $ISO ]]; then
253
+    KVM_BLK_OPTS=$KVM_BLK_OPTS" -cdrom $ISO"
254
+fi
255
+
256
+setup_bridge_networking
257
+
258
+HOST_IP=`ip addr show dev $IFACE | grep "inet $IP" | awk '{print $2}' | cut -f1 -d/`
259
+VNC="-vnc $HOST_IP:0"
260
+
261
+exec $LAUNCHER qemu-system-x86_64 -enable-kvm  $VNC `eval echo $KVM_BLK_OPTS` `eval echo $KVM_NET_OPTS` -usbdevice tablet -nographic $KVM_ARGS

+ 132
- 0
berth/templates/deployment.yaml View File

@@ -0,0 +1,132 @@
1
+# FIXME(cw); refactor into multiple per-function files
2
+
3
+# FIXME(cw) consider using OSH helm-toolkit.utils.template
4
+{{- define "template" -}}
5
+{{- $name := index . 0 -}}
6
+{{- $context := index . 1 -}}
7
+{{- $last := base $context.Template.Name }}
8
+{{- $wtf := $context.Template.Name | replace $last $name -}}
9
+{{ include $wtf $context }}
10
+{{- end -}}
11
+
12
+---
13
+apiVersion: v1
14
+kind: ConfigMap
15
+metadata:
16
+  name: cloudinit
17
+data:
18
+  metadata: |
19
+    { "uuid": "example-01-vm.mydomain.com" }
20
+  userdata: |
21
+    #cloud-config
22
+    fqdn: example-01-vm.mydomain.com
23
+    users:
24
+      - name: root
25
+        ssh-authorized-keys:
26
+          - {{ .Values.auth.ssh_key }}
27
+    ssh_pwauth: True
28
+    runcmd:
29
+     - [ apt-get, update ]
30
+     - [ apt-get, install, -y, --force-yes, apache2 ]
31
+---
32
+apiVersion: v1
33
+kind: ConfigMap
34
+metadata:
35
+  name: configmap-startvm
36
+data:
37
+  startvm: |
38
+    #!/bin/bash
39
+    #
40
+    # start of startvm
41
+{{ tuple "bin/_startvm.txt" . | include "template" | indent 4 }}
42
+    # end of startvm
43
+---
44
+kind: PersistentVolumeClaim
45
+apiVersion: v1
46
+metadata:
47
+  name: example-01-vm
48
+spec:
49
+  accessModes: [ "ReadWriteOnce" ]
50
+  resources:
51
+    requests:
52
+      storage: {{ .Values.volume.size }}
53
+{{ if not .Values.volume.class_name }}
54
+  storageClassName: {{ .Values.volume.class_name }}
55
+{{ end }}
56
+---
57
+apiVersion: extensions/v1beta1
58
+kind: Deployment
59
+metadata:
60
+  name: berth
61
+spec:
62
+  replicas: 1
63
+  template:
64
+    metadata:
65
+      labels:
66
+        app: berth
67
+      annotations:
68
+        pod.beta.kubernetes.io/hostname: example-01-vm
69
+    spec:
70
+      nodeSelector:
71
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
72
+      hostNetwork: false
73
+      hostPID: false
74
+      securityContext:
75
+        runAsUser: 0
76
+      containers:
77
+        - name: example-01-vm
78
+          imagePullPolicy: IfNotPresent
79
+          image: {{ .Values.images.entrypoint }}
80
+          env:
81
+            - name: IMG_SOURCE
82
+              value: http://stupidest.org/vm/ubuntu-14.04-amd64.img
83
+            - name: IMG_TARGET
84
+              value: ubuntu-14.04-amd64.img
85
+          securityContext:
86
+            privileged: true
87
+          command:
88
+            - /usr/local/bin/startvm
89
+          ports:
90
+            - containerPort: {{ .Values.network.port }}
91
+            - containerPort: {{ .Values.network.vnc }}
92
+          readinessProbe:
93
+            tcpSocket:
94
+              port: {{ .Values.network.vnc }}
95
+          volumeMounts:
96
+            - name: volume-startvm
97
+              mountPath: /usr/local/bin/startvm
98
+              subPath: startvm
99
+            - name: image
100
+              mountPath: /image
101
+            - name: dev
102
+              mountPath: /dev
103
+            - name: sys
104
+              mountPath: /sys
105
+            - name: cloudinit
106
+              mountPath: /userdata
107
+              subPath: userdata
108
+            - name: cloudinit
109
+              mountPath: /metadata
110
+              subPath: metadata
111
+      volumes:
112
+        - name: volume-startvm
113
+          configMap:
114
+            name: configmap-startvm
115
+            defaultMode: 0755
116
+        - name: image
117
+          persistentVolumeClaim:
118
+            claimName: example-01-vm
119
+        - name: dev
120
+          hostPath:
121
+              path: /dev
122
+        - name: sys
123
+          hostPath:
124
+              path: /sys
125
+        - name: cloudinit
126
+          configMap:
127
+            name: cloudinit
128
+            items:
129
+            - key: userdata
130
+              path: userdata
131
+            - key: metadata
132
+              path: metadata

+ 18
- 0
berth/values.yaml View File

@@ -0,0 +1,18 @@
1
+
2
+auth:
3
+  ssh_key:
4
+
5
+images:
6
+  entrypoint: quay.io/attcomdev/kvm-manager:latest
7
+
8
+labels:
9
+  node_selector_key: openstack-control-plane
10
+  node_selector_value: enabled
11
+
12
+volume:
13
+  class_name:
14
+  size: 25Gi
15
+
16
+network:
17
+  port: 22
18
+  vnc: 5900

Loading…
Cancel
Save