Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:GA
libguestfs
libguestfs.test.simple.create-sles12-guest-cryp...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libguestfs.test.simple.create-sles12-guest-crypt-on-lvm.sh of Package libguestfs
#!/bin/bash # Create an openSUSE image with lvm on dm-crypt partition # # Theory of operation: # This script uses zypper from the host to resolve dependencies # for zypper which runs within the appliance. If zypper on the host # is too old, it will be unable to handle repo data from 13.1: # http://lists.opensuse.org/zypp-devel/2013-11/msg00000.html # "[zypp-devel] Package conflicting with itself" # For this reason zypper from 12.3 can be used to install the pattern # of the final repo. # First the dependencies of zypper are resolved, the required packages # are downloaded and extracted with unrpm. Now the guest is started and # the partitions in the diskimage are prepared. Then the extracted # package content is copied into the guest. Once that is done zypper # inside the guest will install the base pattern and a few extra packages. # Finally the bootloader grub is configured. Once all that is done # kvm is started. If all goes well a login prompt appears. # The password for the crypted partition is "123456". # The password for root is "root". # The guest has also network access to the outside. # # Expected runtime: ca. 200 seconds # Requires at least 1.24.5 because this includes the required crypt modules # # Expected output: # guest should start # no "obvious" errors should be shown during the disk operation # at the end kvm is started with the generated disk image # login should be possible # set -e unset LANG unset ${!LC_*} cpus=`grep -Ec 'cpu[0-9]' /proc/stat || echo 1` output_diskimage=/dev/shm/$LOGNAME/testcase.img final_repo=http://dist.suse.de/install/SLP/SLE-12-Server-LATEST/x86_64/DVD1 initial_repo=http://dist.suse.de/install/SLP/SLE-12-Server-LATEST/x86_64/DVD1 force=false guest_zypper_in__pattern_name="base" guest_zypper_in__package_list=" grub2 kernel-default less master-boot-code nfs-utils parted vim " guest_root_password="root" guest_crypt_password="123456" diskname_inside_vm=/dev/sda case "$0" in /*) progname="$0" ;; *) progname="$PWD/$0" ;; esac _exit() { echo "Exiting '$0 $*'." exit 1 } _unrpm() { CPIO_OPTS="--extract --unconditional --preserve-modification-time --make-directories" FILES="$@" for f in $FILES; do echo -ne "$f:\t" rpm2cpio $f | cpio ${CPIO_OPTS} done } until test $# -lt 1 do case "$1" in --unrpm) shift ; _unrpm "$@" ; exit 0 ;; -n) diskname_inside_vm="$2" ; shift ;; -o) output_diskimage="$2" ; shift ;; -R) initial_repo="$2" ; shift ;; -r) final_repo="$2" ; shift ;; -f) force=true ;; -x) set -x ;; *) echo "Unknown option '$1'" ; exit 1 ;; esac shift done if test -z "${initial_repo}" then echo "URL to initial repo required. Wrong -R option." _exit fi if test -z "${final_repo}" then echo "URL to final repo required. Wrong -r option." _exit fi if test -z "${output_diskimage}" then echo "Filename for temporary disk image required. Wrong -o option." _exit fi if test -e "${output_diskimage}" then if test "${force}" = "false" then echo "Output diskimage '${output_diskimage}' exists." echo "It will not be overwritten. Option '-f' exists to force overwrite." _exit fi fi zypper --version cpio --version guestfish --version kvm="qemu-system-`uname -m`" if $kvm --version then : good else kvm="qemu-kvm" if $kvm --version then : else echo "No qemu-kvm found." _exit fi fi guestfish_version="`guestfish --version | awk '{print \$2}'`" case "${guestfish_version}" in 1.20*) _exit ;; 1.21*) _exit ;; 1.22*) _exit ;; 1.23*) _exit ;; 1.24.[0-4]) _exit ;; *) ;; esac mkdir -vp "${output_diskimage%/*}" td=`mktemp -d --tmpdir=/dev/shm/${LOGNAME}` tf=`mktemp --tmpdir=/dev/shm/${LOGNAME}` _exit() { rm -rf "$tf" rm -rf "$td" } trap _exit EXIT dir_repo=${td}/repos.d dir_root=${td}/root dir_cache=${td}/cache mkdir -vp \ ${dir_root} \ ${dir_cache} \ ${dir_repo} cat > ${tf} <<EOF [main] reposdir = ${dir_repo} EOF cat > ${dir_repo}/tmp.repo <<EOF [tmp] name=tmp enabled=1 autorefresh=1 keeppackages=0 baseurl=${initial_repo} EOF packages=" curl iproute2 zypper " head ${dir_repo}/tmp.repo ${tf} zypper \ --verbose \ --verbose \ --config ${tf} \ --root ${dir_root} \ --reposd-dir ${dir_repo} \ --cache-dir ${dir_cache} \ --gpg-auto-import-keys \ --no-gpg-checks \ --non-interactive \ lr -d zypper \ --verbose \ --verbose \ --config ${tf} \ --root ${dir_root} \ --reposd-dir ${dir_repo} \ --cache-dir ${dir_cache} \ --gpg-auto-import-keys \ --no-gpg-checks \ --non-interactive \ install \ --auto-agree-with-licenses \ --no-recommends \ --dry-run \ --download-only \ ${packages} cd ${dir_root} find ${dir_cache} -xdev -name "*.rpm" -print0 | sort -z | xargs -0 -n 1 -P ${cpus} bash "${progname}" --unrpm mkdir -vp etc/zypp/repos.d grep -w search /etc/resolv.conf >> etc/resolv.conf echo nameserver 169.254.2.3 >> etc/resolv.conf grep -w root /etc/passwd > etc/passwd grep -w root /etc/group > etc/group echo 'root::15209::::::' > etc/shadow cat > etc/fstab <<EOF LABEL=SWAP swap swap defaults 0 0 LABEL=ROOT / ext4 noatime 1 2 EOF du -sm . find ${dir_cache} -xdev -name "*.rpm" -delete ( echo "${guest_crypt_password}" echo "${guest_crypt_password}" ) | \ guestfish \ -x \ --keys-from-stdin \ \ sparse ${output_diskimage} 2048M : \ set-smp 2 : \ set-memsize 1024 : \ set-network true : \ run : \ list-devices : \ part-init ${diskname_inside_vm} mbr : \ part-add ${diskname_inside_vm} primary 1 $(( ((1024*1024)* 64)/512 - 1)) : \ part-add ${diskname_inside_vm} primary $(( ((1024*1024)* 64)/512 )) $(( ((1024*1024)*1024)/512 - 1)) : \ part-add ${diskname_inside_vm} primary $(( ((1024*1024)*1024)/512 )) $(( ((1024*1024)*1555)/512 - 1)) : \ part-add ${diskname_inside_vm} primary $(( ((1024*1024)*1555)/512 )) $(( ((1024*1024)*2024)/512 - 1)) : \ part-list ${diskname_inside_vm} : \ mkswap-opts ${diskname_inside_vm}1 label:SWAP : \ mke2fs ${diskname_inside_vm}2 label:ROOT fstype:ext4 blocksize:1024 : \ pvcreate ${diskname_inside_vm}3 : \ vgcreate uncrypted ${diskname_inside_vm}3 : \ luks-format ${diskname_inside_vm}4 0 : \ luks-open ${diskname_inside_vm}4 crypt_part4 : \ pvcreate /dev/mapper/crypt_part4 : \ vgcreate crypted /dev/mapper/crypt_part4 : \ lvcreate-free root uncrypted 50 : \ lvcreate-free work uncrypted 50 : \ lvcreate-free home crypted 50 : \ lvcreate-free mail crypted 50 : \ list-devices : \ list-partitions : \ pvs-full : \ vgs-full : \ lvs-full : \ mke2fs /dev/uncrypted/root label:LV_ROOT fstype:ext4 blocksize:1024 : \ mke2fs /dev/uncrypted/work label:LV_WORK fstype:ext4 blocksize:1024 : \ mke2fs /dev/crypted/home label:LV_HOME fstype:ext4 blocksize:1024 : \ mke2fs /dev/crypted/mail label:LV_MAIL fstype:ext4 blocksize:1024 : \ part-set-bootable ${diskname_inside_vm} 2 true : \ list-filesystems : \ swapon-label SWAP : \ mount-options discard ${diskname_inside_vm}2 / : \ set-verbose false : \ copy-in `echo *` / : \ set-verbose true : \ command /sbin/ldconfig : \ cat /etc/resolv.conf : \ command "ip a" : \ command "curl google.com" : \ command "zypper help" : \ command "zypper -v -v ar -c -K -f ${final_repo} tmp" : \ sh "(set -x -e ; z_in='zypper -v -v --gpg-auto-import-keys --no-gpg-checks --non-interactive in --auto-agree-with-licenses --no-recommends' ; \$z_in -t pattern ${guest_zypper_in__pattern_name} ; chkstat --set /etc/permissions /etc/permissions.easy ; echo root:${guest_root_password} | chpasswd ; \$z_in `eval echo ${guest_zypper_in__package_list}` ) 2>&1 " : \ sh "depmod -a \$(get_kernel_version /boot/vmlinuz) ; mkinitrd -B" : \ sh "dd if=/usr/lib/boot/MBR of=${diskname_inside_vm}" : \ sh "echo GRUB_DISABLE_OS_PROBER=true >> /etc/default/grub " : \ sh "echo GRUB_DISABLE_LINUX_RECOVERY=true >> /etc/default/grub " : \ sh "echo GRUB_CMDLINE_LINUX_DEFAULT=\'quiet panic=9 video=800x600 \' >> /etc/default/grub " : \ sh "grub2-mkconfig > /boot/grub2/grub.cfg " : \ sh "grub2-install --force --verbose ${diskname_inside_vm}2 " : \ sh "echo crypt_part4 ${diskname_inside_vm}4 none luks,timeout=0 >> /etc/crypttab" : \ mkdir /LV_ROOT : \ sh "echo LABEL=LV_ROOT /LV_ROOT ext4 noatime 1 2 >> /etc/fstab" : \ mkdir /LV_WORK : \ sh "echo LABEL=LV_WORK /LV_WORK ext4 noatime 1 2 >> /etc/fstab" : \ mkdir /LV_HOME : \ sh "echo LABEL=LV_HOME /LV_HOME ext4 noatime 1 2 >> /etc/fstab" : \ mkdir /LV_MAIL : \ sh "echo LABEL=LV_MAIL /LV_MAIL ext4 noatime 1 2 >> /etc/fstab" : \ sh "echo BOOTPROTO='dhcp' >> /etc/sysconfig/network/ifcfg-eth0" : \ sh "echo STARTMODE='auto' >> /etc/sysconfig/network/ifcfg-eth0" : \ sh "echo 'Password for User root is: ${guest_root_password}' >> /etc/issue" : \ sh "echo >> /etc/issue" : \ cat /etc/fstab : \ quit ls -lhsS "${output_diskimage}" : ${diskname_inside_vm} case "${diskname_inside_vm}" in *vda*) qemu_drive_options=" -drive file=${output_diskimage},cache=writeback,id=hd0,if=none \ -device virtio-blk-pci,drive=hd0 \ " ;; *sda*) qemu_drive_options=" -device virtio-scsi-pci,id=scsi \ -drive file=${output_diskimage},cache=unsafe,format=raw,id=hd0,if=none \ -device scsi-hd,drive=hd0 \ " ;; *) echo "${diskname_inside_vm} not handled" _exit esac $kvm -enable-kvm \ -global virtio-blk-pci.scsi=off \ -enable-fips \ -machine accel=kvm:tcg \ -cpu host,+kvmclock \ -m 500 \ -no-reboot \ -no-hpet \ ${qemu_drive_options} \ -device virtio-serial-pci \ -serial stdio \ -device VGA \ -netdev user,id=usernet,net=169.254.0.0/16 \ -device virtio-net-pci,netdev=usernet exit 0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor