shell based PoC
This commit is contained in:
parent
d7f6fb874c
commit
d0a9623a29
42
bin/create_kube.sh
Executable file
42
bin/create_kube.sh
Executable file
|
@ -0,0 +1,42 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
if [[ "$(id -u)" -ne "0" ]]
|
||||
then
|
||||
echo "you must run $0 as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
NAME=kube
|
||||
DISK=/var/openkubsd/disks/${NAME}.qcow2
|
||||
|
||||
# create a qcow2 file for /home
|
||||
test -f "${DISK}" || vmctl create -s 60G "${DISK}"
|
||||
|
||||
# generate a MAC address
|
||||
MAC="$(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/:$//')"
|
||||
NEXT_IP=$(/var/openkubsd/bin/get_ip.sh)
|
||||
|
||||
# create the vm.conf file
|
||||
cat <<EOF >/var/openkubsd/vm.conf.d/vms/${NAME}.conf
|
||||
vm "${NAME}" {
|
||||
disk /var/openkubsd/templates/openbsd-template.qcow2
|
||||
disk $DISK
|
||||
interface locked lladdr $MAC switch kubes
|
||||
disable
|
||||
}
|
||||
EOF
|
||||
|
||||
cat <<EOF >/var/openkubsd/dhcpd.d/${NAME}.conf
|
||||
host ${NAME} {
|
||||
hardware ethernet $MAC;
|
||||
fixed-address $NEXT_IP;
|
||||
}
|
||||
EOF
|
||||
|
||||
/var/openkubsd/bin/recreate_conf.sh
|
||||
|
||||
# generate PF rules
|
||||
|
||||
# generate NFS
|
92
bin/create_template.sh
Executable file
92
bin/create_template.sh
Executable file
|
@ -0,0 +1,92 @@
|
|||
#!/bin/sh
|
||||
|
||||
DIR="$(mktemp -d /tmp/openkubsd-new-template.XXXXXXXXXXXXXXXXXXXXX)"
|
||||
NAME=openbsd-template
|
||||
DISK=/var/openkubsd/templates/${NAME}.qcow2
|
||||
|
||||
if [[ "$(id -u)" -ne "0" ]]
|
||||
then
|
||||
echo "you must run $0 as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! rcctl check vmd
|
||||
then
|
||||
echo "vmd isn't running"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd $DIR || exit 1
|
||||
if [[ -f "$DISK" ]]
|
||||
then
|
||||
echo "$DISK already exist"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# download upobsd
|
||||
curl -OL https://raw.githubusercontent.com/rapenne-s/upobsd/master/upobsd.sh
|
||||
|
||||
# download bsd.rd
|
||||
curl -OL https://cdn.openbsd.org/pub/OpenBSD/7.3/amd64/bsd.rd
|
||||
|
||||
# create install.conf
|
||||
cat <<EOF >install.conf
|
||||
System hostname = $NAME
|
||||
Password for root = *************
|
||||
Public ssh key for root = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOIZKLFQXVM15viQXHYRjGqE6LLfvETMkjjgSz0mxMzS
|
||||
Change the default console to com0 = yes
|
||||
Which speed should com0 use = 19200
|
||||
Allow root ssh login = prohibit-password
|
||||
Setup a user = user
|
||||
Password for user = *************
|
||||
Public ssh key for user = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOIZKLFQXVM15viQXHYRjGqE6LLfvETMkjjgSz0mxMzS
|
||||
What timezone are you in = Europe/Paris
|
||||
Location of sets = http
|
||||
HTTP Server = 10.100.0.1
|
||||
EOF
|
||||
|
||||
# update bsd.rd
|
||||
chmod +x upobsd.sh
|
||||
./upobsd.sh -f bsd.rd -i install.conf
|
||||
|
||||
# create disk
|
||||
vmctl create -s 60G "${DISK}"
|
||||
|
||||
# generate a MAC address
|
||||
MAC="$(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/:$//')"
|
||||
NEXT_IP=$(/var/openkubsd/bin/get_ip.sh)
|
||||
|
||||
# run install
|
||||
cat <<EOF >/var/openkubsd/vm.conf.d/vms/${NAME}.conf
|
||||
vm "${NAME}" {
|
||||
disk ${DISK}
|
||||
boot device disk
|
||||
boot ${DIR}/bsd.rd
|
||||
interface locked lladdr $MAC switch kubes
|
||||
disable
|
||||
}
|
||||
EOF
|
||||
|
||||
cat <<EOF >/var/openkubsd/dhcpd.d/${NAME}.conf
|
||||
host ${NAME} {
|
||||
hardware ethernet $MAC;
|
||||
fixed-address $NEXT_IP;
|
||||
}
|
||||
EOF
|
||||
|
||||
/var/openkubsd/bin/recreate_conf.sh
|
||||
|
||||
vmctl start "${NAME}"
|
||||
vmctl wait "${NAME}"
|
||||
|
||||
cat <<EOF >/var/openkubsd/vm.conf.d/vms/${NAME}.conf
|
||||
vm "${NAME}" {
|
||||
disk ${DISK}
|
||||
interface locked lladdr $MAC switch kubes
|
||||
disable
|
||||
}
|
||||
EOF
|
||||
|
||||
/var/openkubsd/bin/recreate_conf.sh
|
||||
|
||||
rm -fr "$DIR"
|
14
bin/get_ip.sh
Executable file
14
bin/get_ip.sh
Executable file
|
@ -0,0 +1,14 @@
|
|||
#!/bin/sh
|
||||
|
||||
SUBNET=$(awk '/^subnet/ { print $2 }' /var/openkubsd/dhcpd.d/00_base.conf | cut -d '.' -f 1-3)
|
||||
IP_LIST=$(grep fixed-address /var/openkubsd/dhcpd.d/*conf | awk '{ print $3 }' | awk -F '.' '{ print $4 }' | tr -d ';' | sort -n)
|
||||
|
||||
# .1 is the gateway
|
||||
for i in $(seq 2 240)
|
||||
do
|
||||
if ! echo "${IP_LIST}" | grep "^${i}$" >/dev/null
|
||||
then
|
||||
echo "${SUBNET}.${i}"
|
||||
break
|
||||
fi
|
||||
done
|
28
bin/recreate_conf.sh
Executable file
28
bin/recreate_conf.sh
Executable file
|
@ -0,0 +1,28 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [[ "$(id -u)" -ne "0" ]]
|
||||
then
|
||||
echo "you must run $0 as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd /var/openkubsd/vm.conf.d/vms/
|
||||
ls *.conf
|
||||
cat *.conf > ../vms.conf
|
||||
|
||||
cd /var/openkubsd/dhcpd.d/
|
||||
ls *.conf
|
||||
cat *.conf > /etc/dhcpd.conf
|
||||
|
||||
HOSTS=$(find /var/openkubsd/dhcpd.d/ -not -name 00_base.conf -type f -exec cat {} + | grep -E "(^host|fixed-address)" | tr -d ';' | paste - - | awk '{ print $5" "$2".kube" }')
|
||||
|
||||
HOSTS_FILE=$(awk '/OpenKuBSD/ { stop=1 }; stop!=1 { print }' /etc/hosts)
|
||||
cat <<EOF >/etc/hosts
|
||||
$HOSTS_FILE
|
||||
|
||||
# OpenKuBSD
|
||||
$HOSTS
|
||||
EOF
|
||||
|
||||
rcctl reload vmd
|
||||
rcctl restart dhcpd
|
23
bin/remove_template.sh
Executable file
23
bin/remove_template.sh
Executable file
|
@ -0,0 +1,23 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [[ "$(id -u)" -ne "0" ]]
|
||||
then
|
||||
echo "you must run $0 as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
NAME=openbsd-template
|
||||
DISK=/var/openkubsd/templates/${NAME}.qcow2
|
||||
|
||||
if grep -r "$DISK" /var/openkubsd/vm.conf.d/vms/ | grep -v "/var/openkubsd/vm.conf.d/vms/${NAME}.conf"
|
||||
then
|
||||
echo "The configuration files above still need $NAME"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
vmctl stop -fw $NAME
|
||||
rm "/var/openkubsd/vm.conf.d/vms/${NAME}.conf"
|
||||
rm "/var/openkubsd/dhcpd.d/${NAME}.conf"
|
||||
rm "$DISK"
|
||||
|
||||
./recreate_conf.sh
|
82
bin/setup.sh
Executable file
82
bin/setup.sh
Executable file
|
@ -0,0 +1,82 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [[ "$(id -u)" -ne "0" ]]
|
||||
then
|
||||
echo "you must run $0 as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# install ansible
|
||||
type ansible >/dev/null || pkg_add ansible
|
||||
|
||||
# create some directories
|
||||
install -d -o root -g wheel -m 755 /var/openkubsd/
|
||||
install -d -o root -g wheel -m 755 /var/openkubsd/bin/
|
||||
install -d -o root -g wheel -m 755 /var/openkubsd/dhcpd.d/
|
||||
install -d -o root -g wheel -m 755 /var/openkubsd/vm.conf.d/
|
||||
install -d -o root -g wheel -m 755 /var/openkubsd/vm.conf.d/vms/
|
||||
install -d -o root -g wheel -m 700 /var/openkubsd/pf/
|
||||
install -d -o root -g wheel -m 700 /var/openkubsd/disks/
|
||||
install -d -o root -g wheel -m 755 /var/openkubsd/templates/
|
||||
|
||||
install -o root -g wheel -m 555 ./get_ip.sh /var/openkubsd/bin/
|
||||
install -o root -g wheel -m 555 ./recreate_conf.sh /var/openkubsd/bin/
|
||||
|
||||
# generate NAT PF rule
|
||||
cat <<EOF >/var/openkubsd/pf/nat
|
||||
match out on egress from vether0:network to any nat-to (egress)
|
||||
pass in proto { udp tcp } from vether0:network to any port domain \
|
||||
rdr-to 9.9.9.9 port domain
|
||||
EOF
|
||||
|
||||
# generate network interfaces
|
||||
cat <<EOF >/etc/hostname.vether0
|
||||
inet 10.100.0.1 255.255.255.0
|
||||
EOF
|
||||
|
||||
cat <<EOF >/etc/hostname.bridge0
|
||||
add vether0
|
||||
EOF
|
||||
|
||||
sh /etc/netstart vether0
|
||||
sh /etc/netstart bridge0
|
||||
|
||||
# Configure vmd to use a switch
|
||||
cat <<EOF >/etc/vm.conf
|
||||
include "/var/openkubsd/vm.conf.d/switch.conf"
|
||||
include "/var/openkubsd/vm.conf.d/vms.conf"
|
||||
EOF
|
||||
|
||||
cat <<EOF >/var/openkubsd/vm.conf.d/switch.conf
|
||||
switch "kubes" {
|
||||
interface bridge0
|
||||
locked lladdr
|
||||
}
|
||||
EOF
|
||||
test -f /var/openkubsd/vm.conf.d/vms.conf || touch /var/openkubsd/vm.conf.d/vms.conf
|
||||
|
||||
# Prepare base DHCPD configuration
|
||||
cat <<EOF >/var/openkubsd/dhcpd.d/00_base.conf
|
||||
option domain-name-servers 9.9.9.9;
|
||||
subnet 10.100.0.0 netmask 255.255.255.0 {
|
||||
option routers 10.100.0.1;
|
||||
range 10.100.0.240 10.100.0.245;
|
||||
}
|
||||
EOF
|
||||
|
||||
# check for the PF anchor
|
||||
if pfctl -a "openkubsd" -sr 2>&1 | grep "does not exist"
|
||||
then
|
||||
echo "anchor openkubsd missing in pf.conf"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# load the NAT rule into the anchor
|
||||
pfctl -a openkubsd -f /var/openkubsd/pf/nat
|
||||
|
||||
# restart vmd
|
||||
rcctl enable dhcpd
|
||||
rcctl set dhcpd flags vether0
|
||||
rcctl restart dhcpd
|
||||
rcctl enable vmd
|
||||
rcctl restart vmd
|
13
bin/start_kube.sh
Executable file
13
bin/start_kube.sh
Executable file
|
@ -0,0 +1,13 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [[ "$(id -u)" -ne "0" ]]
|
||||
then
|
||||
echo "you must run $0 as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# create a derived disk from the template
|
||||
rm -f /tmp/kube.qcow2
|
||||
vmctl create -b /var/openkubsd/templates/openbsd.qcow2 /tmp/kube.qcow2
|
||||
|
||||
vmctl start -n kube -d /tmp/kube.qcow2 -d /var/openkubsd/disks/kube.qcow2 kube
|
10
bin/stop_kube.sh
Executable file
10
bin/stop_kube.sh
Executable file
|
@ -0,0 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [[ "$(id -u)" -ne "0" ]]
|
||||
then
|
||||
echo "you must run $0 as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
vmctl stop -w kube
|
||||
rm -f /tmp/kube.qcow2
|
Loading…
Reference in New Issue
Block a user