proxy_ping_test
This commit is contained in:
parent
346682eedb
commit
c8610f9ded
138
Makefile
138
Makefile
@ -9,21 +9,21 @@ ANSIBLE_PLUGINS=/usr/local/lib/python3.11/site-packages/ansible-2.9.22-py3.11.eg
|
|||||||
# change this to be that hostname
|
# change this to be that hostname
|
||||||
LOCALHOST=`cat /etc/hostname`
|
LOCALHOST=`cat /etc/hostname`
|
||||||
|
|
||||||
BOX_NBD_BASE_DIR=/a/tmp/GentooImgr
|
|
||||||
BOX_NBD_BASE_FILE=gentoo.qcow2
|
|
||||||
BOX_NBD_BASE_QCOW=${BOX_NBD_BASE_DIR}/${BOX_NBD_BASE_FILE}
|
|
||||||
# set this to the name linux_local_group host in hosts.yml
|
# set this to the name linux_local_group host in hosts.yml
|
||||||
LOCAL_HOSTS_NAME=pentoo
|
LOCAL_HOSTS_NAME=pentoo
|
||||||
# set this to the name linux_chroot_group host in hosts.yml
|
# set this to the name linux_chroot_group host in hosts.yml
|
||||||
YAML_CHROOT_NAME=linuxGentoo
|
YAML_CHROOT_NAME=linuxGentoo
|
||||||
# set this to the libvirt name of the linux_libvirt_group host in hosts.yml
|
# set this to the libvirt name of the linux_libvirt_group host in hosts.yml
|
||||||
YAML_BOX_NAME=gentoo1
|
OVERLAY_HOSTS_NAME=gentoo_overlay-2
|
||||||
INST_BOX_NAME=gentoo1
|
|
||||||
|
BOX_NBD_BASE_QCOW="`/usr/local/bin/ansible_get_inventory.bash BOX_NBD_BASE_QCOW ${OVERLAY_HOSTS_NAME}`"
|
||||||
|
BOX_NBD_OVERLAY_DIR="`/usr/local/bin/ansible_get_inventory.bash BOX_NBD_OVERLAT_DIR ${OVERLAY_HOSTS_NAME}`"
|
||||||
|
BOX_NBD_OVERLAY_QCOW="`/usr/local/bin/ansible_get_inventory.bash BOX_NBD_OVERLAT_QCOW ${OVERLAY_HOSTS_NAME}`"
|
||||||
|
BOX_NBD_OVERLAY_XML=${BOX_NBD_OVERLAY_DIR}/xml/${OVERLAY_HOSTS_NAME}.xml
|
||||||
|
BOX_NBD_OVERLAY_NAME="`/usr/local/bin/ansible_get_inventory.bash BOX_NBD_OVERLAY_NAME ${OVERLAY_HOSTS_NAME}`"
|
||||||
|
|
||||||
#INST_BOX_DIR=/mnt/o/home/root/vms/virsh
|
|
||||||
INST_BOX_DIR=${BOX_NBD_BASE_DIR}/create-vm
|
|
||||||
PWD=/o/var/local/src/play_tox/
|
PWD=/o/var/local/src/play_tox/
|
||||||
NETWORK=default
|
NETWORK=Whonix-External
|
||||||
VERBOSE=2
|
VERBOSE=2
|
||||||
|
|
||||||
all: install lint build check run test
|
all: install lint build check run test
|
||||||
@ -66,27 +66,27 @@ build_base:: install
|
|||||||
[ -f ${BOX_NBD_BASE_QCOW} ]
|
[ -f ${BOX_NBD_BASE_QCOW} ]
|
||||||
|
|
||||||
build_overlay::
|
build_overlay::
|
||||||
@virsh list | grep "${INST_BOX_NAME}.*running" && \
|
@virsh list | grep "${OVERLAY_HOSTS_NAME}.*running" && \
|
||||||
virsh destroy ${INST_BOX_NAME} ; true
|
virsh destroy ${OVERLAY_HOSTS_NAME} ; true
|
||||||
# @virsh list | grep "${INST_BOX_NAME}.*running" && exit 1
|
# @virsh list | grep "${OVERLAY_HOSTS_NAME}.*running" && exit 1
|
||||||
@virsh list --all | grep ${INST_BOX_NAME} && \
|
@virsh list --all | grep ${OVERLAY_HOSTS_NAME} && \
|
||||||
virsh undefine ${INST_BOX_NAME} && \
|
virsh undefine ${OVERLAY_HOSTS_NAME} && \
|
||||||
rm -f \
|
rm -f \
|
||||||
${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml \
|
${BOX_NBD_OVERLAY_XML} \
|
||||||
${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ; true
|
${BOX_NBD_OVERLAY_QCOW} ; true
|
||||||
# /a/tmp/GentooImgr/create-vm/xml/gentoo1.xml
|
# /a/tmp/GentooImgr/create-vm/xml/gentoo1.xml
|
||||||
# ! virsh list --all | grep "${INST_BOX_NAME}" && exit 2
|
# ! virsh list --all | grep "${OVERLAY_HOSTS_NAME}" && exit 2
|
||||||
[ ! -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ] || { \
|
[ ! -f ${BOX_NBD_OVERLAY_QCOW} ] || { \
|
||||||
echo WARN delete this file to continue; \
|
echo WARN delete this file to continue; \
|
||||||
echo rm -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ; \
|
echo rm -f ${BOX_NBD_OVERLAY_QCOW} ; \
|
||||||
exit 3 ; }
|
exit 3 ; }
|
||||||
[ ! -f ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml ] || { \
|
[ ! -f ${BOX_NBD_OVERLAY_XML} ] || { \
|
||||||
echo WARN delete this file to continue ; \
|
echo WARN delete this file to continue ; \
|
||||||
echo rm -f ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml ; \
|
echo rm -f ${BOX_NBD_OVERLAY_XML} ; \
|
||||||
exit 4 ; }
|
exit 4 ; }
|
||||||
PLAY_ANSIBLE_SRC=${PWD} bash bin/toxcore_build_overlay_qcow.bash
|
PLAY_ANSIBLE_SRC=${PWD} bash bin/toxcore_build_overlay_qcow.bash
|
||||||
[ -f ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml ]
|
[ -f ${BOX_NBD_OVERLAY_XML} ]
|
||||||
xmllint -noout ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml
|
xmllint -noout ${BOX_NBD_OVERLAY_XML}
|
||||||
|
|
||||||
check::
|
check::
|
||||||
grep -n 'shell: *$$' roles/*/tasks/*.yml && { echo ERROR: "shell: in .yml" ; false ; } || true
|
grep -n 'shell: *$$' roles/*/tasks/*.yml && { echo ERROR: "shell: in .yml" ; false ; } || true
|
||||||
@ -96,7 +96,7 @@ check::
|
|||||||
$(MAKE) -$(MAKEFLAGS) check_base
|
$(MAKE) -$(MAKEFLAGS) check_base
|
||||||
@[ -d /mnt/gentoo/lost+found ] && \
|
@[ -d /mnt/gentoo/lost+found ] && \
|
||||||
sudo $(MAKE) -$(MAKEFLAGS) $@_chroot
|
sudo $(MAKE) -$(MAKEFLAGS) $@_chroot
|
||||||
@[ -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ] && \
|
@[ -f ${BOX_NBD_OVERLAY_QCOW} ] && \
|
||||||
sudo $(MAKE) -$(MAKEFLAGS) $@_overlay
|
sudo $(MAKE) -$(MAKEFLAGS) $@_overlay
|
||||||
|
|
||||||
check_localhost::
|
check_localhost::
|
||||||
@ -106,9 +106,9 @@ check_localhost::
|
|||||||
|
|
||||||
check_base::
|
check_base::
|
||||||
ls ${BOX_NBD_BASE_QCOW}
|
ls ${BOX_NBD_BASE_QCOW}
|
||||||
ls ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img
|
ls ${BOX_NBD_OVERLAY_QCOW}
|
||||||
ls ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml
|
ls ${BOX_NBD_OVERLAY_XML}
|
||||||
ps axf | grep 'qemu-system-x86_64 -name guest='${INST_BOX_NAME} ; \
|
ps axf | grep 'qemu-system-x86_64 -name guest='${OVERLAY_HOSTS_NAME} ; \
|
||||||
true
|
true
|
||||||
|
|
||||||
check_chroot::
|
check_chroot::
|
||||||
@ -120,18 +120,19 @@ check_chroot::
|
|||||||
$(ROLES) > .$@-${YAML_CHROOT_NAME}-${LOCALHOST} 2>&1
|
$(ROLES) > .$@-${YAML_CHROOT_NAME}-${LOCALHOST} 2>&1
|
||||||
|
|
||||||
check_overlay::
|
check_overlay::
|
||||||
sudo /var/local/sbin/hostvms_libvirt_test_ga.bash ${INST_BOX_NAME} ls /
|
sudo /usr/local/sbin/toxcore_libvirt_test_ga.bash ${OVERLAY_HOSTS_NAME} ls /
|
||||||
|
sudo /usr/local/sbin/toxcore_libvirt_test_ga.bash ${OVERLAY_HOSTS_NAME}
|
||||||
# domain-*-gentoo/org.qemu.guest_agent.0 || true
|
# domain-*-gentoo/org.qemu.guest_agent.0 || true
|
||||||
|
sudo virsh list | grep -q ${OVERLAY_HOSTS_NAME} || exit 0
|
||||||
sudo find /var/lib/libvirt/qemu/channel/target/ | \
|
sudo find /var/lib/libvirt/qemu/channel/target/ | \
|
||||||
grep org.qemu.guest_agent.0
|
grep org.qemu.guest_agent.0
|
||||||
sudo find /var/lib/libvirt/qemu/channel/target/ -type s | \
|
sudo find /var/lib/libvirt/qemu/channel/target/ -type s | \
|
||||||
grep ${INST_BOX_NAME}
|
grep ${OVERLAY_HOSTS_NAME}
|
||||||
ansible -c libvirt_qemu -l ${YAML_BOX_NAME} -i hosts.yml \
|
ansible -c libvirt_qemu -l ${OVERLAY_HOSTS_NAME} -i hosts.yml \
|
||||||
-m setup -vvv ${YAML_BOX_NAME}
|
-m setup -vvv ${OVERLAY_HOSTS_NAME}
|
||||||
sudo virsh list | grep -q ${INST_BOX_NAME} || exit 0
|
sudo sh ansible_local.bash --diff -i hosts.yml -l ${OVERLAY_HOSTS_NAME} \
|
||||||
sudo sh ansible_local.bash --diff -i hosts.yml -l ${INST_BOX_NAME} \
|
|
||||||
--check -c libvirt_qemu --verbose ${VERBOSE} \
|
--check -c libvirt_qemu --verbose ${VERBOSE} \
|
||||||
$(ROLES) > .$@-${INST_BOX_NAME}-${LOCALHOST} 2>&1
|
$(ROLES) > .$@-${OVERLAY_HOSTS_NAME}-${LOCALHOST} 2>&1
|
||||||
|
|
||||||
# Edit hosts.yml and customize this target if you are on a Debianish
|
# Edit hosts.yml and customize this target if you are on a Debianish
|
||||||
devuan::
|
devuan::
|
||||||
@ -150,8 +151,8 @@ run::
|
|||||||
$(MAKE) -$(MAKEFLAGS) $@_local
|
$(MAKE) -$(MAKEFLAGS) $@_local
|
||||||
@[ -d /mnt/gentoo/lost+found ] && \
|
@[ -d /mnt/gentoo/lost+found ] && \
|
||||||
sudo $(MAKE) -$(MAKEFLAGS) $@_chroot
|
sudo $(MAKE) -$(MAKEFLAGS) $@_chroot
|
||||||
@[ ! -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ] && \
|
@[ ! -f ${BOX_NBD_OVERLAY_QCOW} ] && \
|
||||||
sudo $(MAKE) -$(MAKEFLAGS) $@_libvirt
|
sudo $(MAKE) -$(MAKEFLAGS) $@_overlay
|
||||||
|
|
||||||
run_local:: lint
|
run_local:: lint
|
||||||
A=`grep nbd /proc/partitions | wc -l`
|
A=`grep nbd /proc/partitions | wc -l`
|
||||||
@ -174,26 +175,35 @@ run_chroot::
|
|||||||
-c chroot --verbose ${VERBOSE} $(ROLES) \
|
-c chroot --verbose ${VERBOSE} $(ROLES) \
|
||||||
> .$@-${YAML_CHROOT_NAME}-${LOCALHOST} 2>&1
|
> .$@-${YAML_CHROOT_NAME}-${LOCALHOST} 2>&1
|
||||||
|
|
||||||
run_libvirt::
|
install_libvirt::
|
||||||
[ -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ]
|
|
||||||
@virsh net-list | grep "${NETWORK}.*active" || \
|
@virsh net-list | grep "${NETWORK}.*active" || \
|
||||||
sudo virsh net-start "${NETWORK}"
|
sudo virsh net-start "${NETWORK}" || { \
|
||||||
@virsh list | grep ${INST_BOX_NAME} && \
|
echo WARN: error virsh net-start "${NETWORK}" ; }
|
||||||
virsh define ${INST_BOX_DIR}/xml/${INST_BOX_NAME}.xml
|
[ -f ${BOX_NBD_OVERLAY_XML} ]
|
||||||
@virsh list | grep "${INST_BOX_NAME}.*running" || \
|
# xmlstarlet sel -t -v
|
||||||
virsh start ${INST_BOX_NAME}
|
A=$(grep 'source file=' ${BOX_NBD_OVERLAY_XML} | sed -e 's@.*file=.@@' -e "s@'.*@@" )
|
||||||
sh ansible_local.bash --diff -i hosts.yml -l ${INST_BOX_NAME} \
|
[ -n "${A}" ] && [ -f "${A}" ]
|
||||||
|
@virsh list --all | grep ${OVERLAY_HOSTS_NAME} || \
|
||||||
|
virsh define ${BOX_NBD_OVERLAY_XML}
|
||||||
|
@virsh list | grep "${OVERLAY_HOSTS_NAME}.*running" || \
|
||||||
|
{ virsh start ${OVERLAY_HOSTS_NAME} ; sleep 40 ; }
|
||||||
|
|
||||||
|
run_overlay:: install_libvirt
|
||||||
|
[ -f ${BOX_NBD_OVERLAY_QCOW} ] || { \
|
||||||
|
echo WARN ${BOX_NBD_OVERLAY_QCOW} doesnt exist - make build_overlay ; \
|
||||||
|
exit 1 ; }
|
||||||
|
sh ansible_local.bash --diff -i hosts.yml -l ${OVERLAY_HOSTS_NAME} \
|
||||||
-c libvirt_qemu --verbose ${VERBOSE} $(ROLES) \
|
-c libvirt_qemu --verbose ${VERBOSE} $(ROLES) \
|
||||||
> .run-${INST_BOX_NAME}-${LOCALHOST} 2>&1
|
> .run-${OVERLAY_HOSTS_NAME}-${LOCALHOST} 2>&1
|
||||||
|
|
||||||
# hourly is quick tests, weekly is medium tests, monthly is long tests
|
# hourly is quick tests, weekly is medium tests, monthly is long tests
|
||||||
weekly:: test
|
weekly:: test
|
||||||
test::
|
test::
|
||||||
|
# bash .pyanal.sh &
|
||||||
@[ -d /mnt/gentoo/lost+found ] && \
|
@[ -d /mnt/gentoo/lost+found ] && \
|
||||||
sudo $(MAKE) -$(MAKEFLAGS) $@_local
|
sudo $(MAKE) -$(MAKEFLAGS) $@_local
|
||||||
@[ -f ${INST_BOX_DIR}/images/${INST_BOX_NAME}.img ] && \
|
@[ -f ${BOX_NBD_OVERLAY_QCOW} ] && \
|
||||||
sudo $(MAKE) -$(MAKEFLAGS) $@_libvert
|
sudo $(MAKE) -$(MAKEFLAGS) $@_overlay
|
||||||
|
|
||||||
test_local::
|
test_local::
|
||||||
bash .pyanal.sh &
|
bash .pyanal.sh &
|
||||||
sudo sh ansible_local.bash --diff -i ${PWD}/hosts.yml -l ${LOCALHOST} \
|
sudo sh ansible_local.bash --diff -i ${PWD}/hosts.yml -l ${LOCALHOST} \
|
||||||
@ -201,15 +211,39 @@ test_local::
|
|||||||
--verbose ${VERBOSE} -t weekly \
|
--verbose ${VERBOSE} -t weekly \
|
||||||
$(ROLES) > .$@-${LOCALHOST} 2>&1
|
$(ROLES) > .$@-${LOCALHOST} 2>&1
|
||||||
|
|
||||||
test_libvirt::
|
test_overlay:: install_libvirt
|
||||||
# bash .pyanal.sh &
|
! sudo virsh list | grep -q ${OVERLAY_HOSTS_NAME} && exit 0
|
||||||
# check if ${INST_BOX_NAME} is running
|
|
||||||
! sudo virsh list | grep -q ${INST_BOX_NAME} && exit 0
|
|
||||||
sudo sh ansible_local.bash --diff -i ${PWD}/hosts.yml \
|
sudo sh ansible_local.bash --diff -i ${PWD}/hosts.yml \
|
||||||
-l ${INST_BOX_NAME} -c libvirt_qemu \
|
-l ${OVERLAY_HOSTS_NAME} -c libvirt_qemu \
|
||||||
--verbose ${VERBOSE} -t weekly \
|
--verbose ${VERBOSE} -t weekly \
|
||||||
$(ROLES) > .$@-${LOCALHOST} 2>&1
|
$(ROLES) > .$@-${LOCALHOST} 2>&1
|
||||||
|
|
||||||
|
# this is a special test target to test a copy of the base qcow2
|
||||||
|
VM_HOSTS_NAME=gentoo_vm-2
|
||||||
|
VM_XML=/etc/libvirt/qemu/${VM_HOSTS_NAME}.xml
|
||||||
|
A="`grep 'source file=.*qcow2' ${VM_XML} | sed -e 's@.*file=.@@' -e "s@'.*@@"`"
|
||||||
|
install_vm::
|
||||||
|
@virsh net-list | grep "${NETWORK}.*active" || \
|
||||||
|
sudo virsh net-start "${NETWORK}" || { \
|
||||||
|
echo WARN: error virsh net-start "${NETWORK}" ; }
|
||||||
|
[ -f ${VM_XML} ]
|
||||||
|
@virsh list --all | grep ${VM_HOSTS_NAME} || { \
|
||||||
|
echo ERROR virsh define ${VM_XML} ; exit 8 ; }
|
||||||
|
# xmlstarlet sel -t -v
|
||||||
|
[ -n "${A}" ] && [ -f "${A}" ]
|
||||||
|
@virsh list | grep "${VM_HOSTS_NAME}.*running" || \
|
||||||
|
{ virsh start ${VM_HOSTS_NAME} ; sleep 40 ; }
|
||||||
|
|
||||||
|
test_vm:: install_vm
|
||||||
|
sudo sh ansible_local.bash --diff -i ${PWD}/hosts.yml \
|
||||||
|
-l ${VM_HOSTS_NAME} -c libvirt_qemu \
|
||||||
|
--check --verbose ${VERBOSE} -t daily \
|
||||||
|
$(ROLES) > .$@-${LOCALHOST} 2>&1
|
||||||
|
sudo sh ansible_local.bash --diff -i ${PWD}/hosts.yml \
|
||||||
|
-l ${VM_HOSTS_NAME} -c libvirt_qemu \
|
||||||
|
--verbose ${VERBOSE} -t daily \
|
||||||
|
$(ROLES) > .$@-${LOCALHOST} 2>&1
|
||||||
|
|
||||||
veryclean:: clean
|
veryclean:: clean
|
||||||
rm -f .run* .check*
|
rm -f .run* .check*
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
[defaults]
|
[defaults]
|
||||||
log_path = var/tmp/2023/12/31/pentoo/base_proxy_toxcore.log
|
log_path = var/tmp/2024/01/05/gentoo_vm-2/base_proxy_toxcore.log
|
||||||
callback_plugins = ./lib/plugins/
|
callback_plugins = ./lib/plugins/
|
||||||
# /i/data/DevOps/net/Http/docs.ansible.com/ansible/intro_configuration.html
|
# /i/data/DevOps/net/Http/docs.ansible.com/ansible/intro_configuration.html
|
||||||
# http://docs.ansible.com/ansible/intro_configuration.html#command-warnings
|
# http://docs.ansible.com/ansible/intro_configuration.html#command-warnings
|
||||||
|
@ -101,10 +101,10 @@
|
|||||||
that:
|
that:
|
||||||
- "'{{ansible_lsb.id}}' == '{{BOX_OS_NAME}}'"
|
- "'{{ansible_lsb.id}}' == '{{BOX_OS_NAME}}'"
|
||||||
success_msg: "BOX_OS_FAMILY={{BOX_OS_FAMILY}}"
|
success_msg: "BOX_OS_FAMILY={{BOX_OS_FAMILY}}"
|
||||||
fail_msg: "ON tHE WRONG BOX {{ansible_lsb.id}} "
|
fail_msg: "ON tHE WRONG BOX {{ansible_lsb.id}}"
|
||||||
when:
|
when:
|
||||||
- ansible_connection != 'local'
|
# - ansible_connection != 'local'
|
||||||
- ansible_lsb.id|default('')" != ''
|
- ansible_lsb.id|default('') != ''
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: "check BOX_ANSIBLE_CONNECTIONS"
|
- name: "check BOX_ANSIBLE_CONNECTIONS"
|
||||||
@ -150,37 +150,6 @@
|
|||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
|
||||||
- name: "spinup libvirt hosts"
|
|
||||||
shell: |
|
|
||||||
sudo virsh net-list | grep -q default || \
|
|
||||||
sudo virsh net-start default
|
|
||||||
sudo virsh list | grep -q "{{ inventory_hostname }}" || \
|
|
||||||
sudo virsh start "{{ inventory_hostname }}"
|
|
||||||
delegate_to: localhost
|
|
||||||
become: yes
|
|
||||||
|
|
||||||
- name: "spinup libvirt hosts"
|
|
||||||
# pip3.sh install ovirt-engine-sdk-python --break-system-packages
|
|
||||||
ovirt:
|
|
||||||
url: "qemu:///system"
|
|
||||||
instance_name: ubuntu18.04
|
|
||||||
instance_cpus: "1"
|
|
||||||
state: started
|
|
||||||
# instance_rootpw
|
|
||||||
user: "{{ BOX_USER_NAME }}" #
|
|
||||||
password: "{{ BOX_USER_NAME }}" # "{{ ansible_ssh_user }}
|
|
||||||
become: yes
|
|
||||||
# msg: ovirtsdk required for this module
|
|
||||||
ignore_errors: true
|
|
||||||
|
|
||||||
# required
|
|
||||||
tags: always
|
|
||||||
check_mode: false
|
|
||||||
when: ansible_connection == 'libvirt_qemu'
|
|
||||||
|
|
||||||
- block:
|
|
||||||
|
|
||||||
# after spinup
|
|
||||||
- name: "we will use sudo and make it a prerequisite"
|
- name: "we will use sudo and make it a prerequisite"
|
||||||
shell: |
|
shell: |
|
||||||
[ -z "$TMPDIR" ] || [ -d "$TMPDIR" ] || mkdir -p "$TMPDIR"
|
[ -z "$TMPDIR" ] || [ -d "$TMPDIR" ] || mkdir -p "$TMPDIR"
|
||||||
|
55
hosts.yml
55
hosts.yml
@ -79,7 +79,6 @@ all:
|
|||||||
BOX_USR_LIB: lib
|
BOX_USR_LIB: lib
|
||||||
BOX_DEFAULT_OUTPUT_IF: wlan4
|
BOX_DEFAULT_OUTPUT_IF: wlan4
|
||||||
BOX_PROXY_MODE: selektor
|
BOX_PROXY_MODE: selektor
|
||||||
BOX_WHONIX_PROXY_HOST: ""
|
|
||||||
BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles"
|
BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles"
|
||||||
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
|
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
|
||||||
# /usr/lib/jvm/openjdk-bin-*/conf/net.properties
|
# /usr/lib/jvm/openjdk-bin-*/conf/net.properties
|
||||||
@ -110,7 +109,6 @@ all:
|
|||||||
|
|
||||||
BOX_JAVA_NET_PROPERTIES: /etc/java-11-openjdk/net.properties
|
BOX_JAVA_NET_PROPERTIES: /etc/java-11-openjdk/net.properties
|
||||||
|
|
||||||
BOX_WHONIX_PROXY_HOST: ""
|
|
||||||
BOX_PROXY_MODE: tor
|
BOX_PROXY_MODE: tor
|
||||||
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
|
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
|
||||||
|
|
||||||
@ -126,13 +124,45 @@ all:
|
|||||||
|
|
||||||
hosts:
|
hosts:
|
||||||
|
|
||||||
gentoo1:
|
gentoo_overlay-2:
|
||||||
|
|
||||||
ansible_remote_addr: "gentoo1"
|
ansible_remote_addr: "gentoo_overlay-2"
|
||||||
ansible_host: "gentoo1"
|
ansible_host: "gentoo_overlay-2"
|
||||||
ansible_ssh_user: "gentoo"
|
ansible_ssh_user: "gentoo"
|
||||||
BOX_SERVICE_MGR: "openrc"
|
BOX_SERVICE_MGR: "openrc"
|
||||||
BOX_HOST_NAME: "gentoo1"
|
BOX_HOST_NAME: "gentoo_overlay-2"
|
||||||
|
BOX_USER_NAME: "gentoo"
|
||||||
|
BOX_USER_GROUP: "adm"
|
||||||
|
BOX_ALSO_GROUP: "adm"
|
||||||
|
BOX_USER_HOME: "/home/gentoo"
|
||||||
|
BOX_OS_NAME: Gentoo
|
||||||
|
BOX_OS_FAMILY: Gentoo
|
||||||
|
BOX_OS_FLAVOR: "Gentoo"
|
||||||
|
BOX_PROXY_MODE: nat
|
||||||
|
BOX_USR_LIB: lib64
|
||||||
|
BOX_DEFAULT_OUTPUT_IF: eth0
|
||||||
|
BOX_PYTHON2_MINOR: ""
|
||||||
|
BOX_PYTHON3_MINOR: "3.11"
|
||||||
|
BASE_PORTAGE_PYTHON_MINOR: 3.11
|
||||||
|
BOX_HOST_CONTAINER_MOUNTS: []
|
||||||
|
BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles"
|
||||||
|
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
|
||||||
|
BOX_ALSO_USERS:
|
||||||
|
- gentoo
|
||||||
|
BOX_BASE_FEATURES: []
|
||||||
|
BOX_TOXCORE_FEATURES: ['libvirt'] # ', 'docker
|
||||||
|
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
|
||||||
|
BOX_NBD_OVERLAY_NAME: "gentoo_overlay-2" # was gentoo1
|
||||||
|
BOX_NBD_OVERLAY_BASE: "/a/tmp/GentooImgr/gentoo_base-2.qcow2"
|
||||||
|
BOX_NBD_OVERLAY_QCOW: "/a/tmp/GentooImgr/create-vm/images/gentoo_overlay-2.img"
|
||||||
|
|
||||||
|
gentoo_vm-2:
|
||||||
|
# vm no overlay, copy of the overlay's base
|
||||||
|
ansible_remote_addr: "gentoo_vm-2"
|
||||||
|
ansible_host: "gentoo_vm-2"
|
||||||
|
ansible_ssh_user: "gentoo"
|
||||||
|
BOX_SERVICE_MGR: "openrc"
|
||||||
|
BOX_HOST_NAME: "gentoo_vm-2"
|
||||||
BOX_USER_NAME: "gentoo"
|
BOX_USER_NAME: "gentoo"
|
||||||
BOX_USER_GROUP: "adm"
|
BOX_USER_GROUP: "adm"
|
||||||
BOX_ALSO_GROUP: "adm"
|
BOX_ALSO_GROUP: "adm"
|
||||||
@ -151,8 +181,10 @@ all:
|
|||||||
BOX_ALSO_USERS:
|
BOX_ALSO_USERS:
|
||||||
- gentoo
|
- gentoo
|
||||||
BOX_BASE_FEATURES: []
|
BOX_BASE_FEATURES: []
|
||||||
BOX_TOXCORE_FEATURES: ['libvirt', 'docker']
|
BOX_TOXCORE_FEATURES: ['libvirt'] # ', 'docker
|
||||||
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
|
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
|
||||||
|
BOX_VM_NAME: "gentoo_vm-2" # was gentoo1
|
||||||
|
BOX_VM_QCOW: "/o/var/lib/libvirt/images/gentoo_vm-2.qcow2"
|
||||||
|
|
||||||
ubuntu18.04:
|
ubuntu18.04:
|
||||||
# /mnt
|
# /mnt
|
||||||
@ -187,11 +219,6 @@ all:
|
|||||||
# ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
|
# ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
|
||||||
# ansible_ssh_host: "127.0.0.1"
|
# ansible_ssh_host: "127.0.0.1"
|
||||||
BOX_ROOT_GROUP: root
|
BOX_ROOT_GROUP: root
|
||||||
BOX_PROXY_MODE: client
|
|
||||||
http_proxy: "http://127.0.0.1:3128"
|
|
||||||
https_proxy: "http://127.0.0.1:9128"
|
|
||||||
socks_proxy: "socks5://127.0.0.1:9050"
|
|
||||||
no_proxy: "localhost,127.0.0.1,127.0.0.1"
|
|
||||||
|
|
||||||
linux_chroot_group :
|
linux_chroot_group :
|
||||||
|
|
||||||
@ -261,7 +288,6 @@ all:
|
|||||||
# toxcore
|
# toxcore
|
||||||
BOX_NBD_DEV: nbd1
|
BOX_NBD_DEV: nbd1
|
||||||
BOX_NBD_MP: /mnt/gentoo
|
BOX_NBD_MP: /mnt/gentoo
|
||||||
BOX_NBD_OVERLAY_NAME: "gentoo1"
|
|
||||||
BOX_NBD_FILES: "/i/data/Agile/tmp/Topics/GentooImgr"
|
BOX_NBD_FILES: "/i/data/Agile/tmp/Topics/GentooImgr"
|
||||||
BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz"
|
BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz"
|
||||||
BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz"
|
BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz"
|
||||||
@ -269,12 +295,10 @@ all:
|
|||||||
BOX_NBD_BASE_PROFILE: openrc
|
BOX_NBD_BASE_PROFILE: openrc
|
||||||
BOX_NBD_BASE_DIR: "/a/tmp/GentooImgr"
|
BOX_NBD_BASE_DIR: "/a/tmp/GentooImgr"
|
||||||
BOX_NBD_BASE_QCOW: "{{BOX_NBD_BASE_DIR}}/gentoo.qcow2"
|
BOX_NBD_BASE_QCOW: "{{BOX_NBD_BASE_DIR}}/gentoo.qcow2"
|
||||||
BOX_NBD_OVERLAY_QCOW: "/o/var/lib/libvirt/images/gentoo1.qcow2"
|
|
||||||
BOX_NBD_BASE_PUBKEY: "/root/.ssh/id_rsa-ansible.pub"
|
BOX_NBD_BASE_PUBKEY: "/root/.ssh/id_rsa-ansible.pub"
|
||||||
|
|
||||||
# libvirt overlay
|
# libvirt overlay
|
||||||
BOX_NBD_OVERLAY_DIR: "/a/tmp/GentooImgr/create-vm"
|
BOX_NBD_OVERLAY_DIR: "/a/tmp/GentooImgr/create-vm"
|
||||||
BOX_NBD_OVERLAY_BASE: "/o/var/lib/libvirt/images/gentoo.qcow2.2"
|
|
||||||
BOX_NBD_LOGLEVEL: 10
|
BOX_NBD_LOGLEVEL: 10
|
||||||
BOX_NBD_OVERLAY_GB: "20"
|
BOX_NBD_OVERLAY_GB: "20"
|
||||||
BOX_NBD_OVERLAY_CPUS: 1
|
BOX_NBD_OVERLAY_CPUS: 1
|
||||||
@ -286,7 +310,6 @@ all:
|
|||||||
BOX_NBD_OVERLAY_PASS: "gentoo"
|
BOX_NBD_OVERLAY_PASS: "gentoo"
|
||||||
BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json"
|
BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json"
|
||||||
|
|
||||||
|
|
||||||
vars:
|
vars:
|
||||||
# These come from the inventory overridden for connection = local,chroot in base_proxy.yml
|
# These come from the inventory overridden for connection = local,chroot in base_proxy.yml
|
||||||
http_proxy: ""
|
http_proxy: ""
|
||||||
|
370
lib/plugins/#libvirt_qemu.py#
Normal file
370
lib/plugins/#libvirt_qemu.py#
Normal file
@ -0,0 +1,370 @@
|
|||||||
|
# Based on local.py (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
|
||||||
|
# Based on chroot.py (c) 2013, Maykel Moya <mmoya@speedyrails.com>
|
||||||
|
# (c) 2013, Michael Scherer <misc@zarb.org>
|
||||||
|
# (c) 2015, Toshio Kuratomi <tkuratomi@ansible.com>
|
||||||
|
# (c) 2017 Ansible Project
|
||||||
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
|
||||||
|
from __future__ import (absolute_import, division, print_function)
|
||||||
|
import sys
|
||||||
|
import time
|
||||||
|
|
||||||
|
__metaclass__ = type
|
||||||
|
|
||||||
|
DOCUMENTATION = """
|
||||||
|
author: Jesse Pretorius <jesse@odyssey4.me>
|
||||||
|
connection: community.libvirt.libvirt_qemu
|
||||||
|
short_description: Run tasks on libvirt/qemu virtual machines
|
||||||
|
description:
|
||||||
|
- Run commands or put/fetch files to libvirt/qemu virtual machines using the qemu agent API.
|
||||||
|
notes:
|
||||||
|
- Currently DOES NOT work with selinux set to enforcing in the VM.
|
||||||
|
- Requires the qemu-agent installed in the VM.
|
||||||
|
- Requires access to the qemu-ga commands guest-exec, guest-exec-status, guest-file-close, guest-file-open, guest-file-read, guest-file-write.
|
||||||
|
version_added: "2.10"
|
||||||
|
options:
|
||||||
|
remote_addr:
|
||||||
|
description: Virtual machine name
|
||||||
|
default: inventory_hostname
|
||||||
|
vars:
|
||||||
|
- name: ansible_host
|
||||||
|
executable:
|
||||||
|
description: Shell to use for execution inside container
|
||||||
|
default: /bin/sh
|
||||||
|
vars:
|
||||||
|
- name: ansible_executable
|
||||||
|
virt_uri:
|
||||||
|
description: libvirt URI to connect to to access the virtual machine
|
||||||
|
default: qemu:///system
|
||||||
|
vars:
|
||||||
|
- name: ansible_libvirt_uri
|
||||||
|
timeout:
|
||||||
|
description: timeout for libvirt to connect to access the virtual machine
|
||||||
|
required: false
|
||||||
|
type: int
|
||||||
|
default: 10
|
||||||
|
"""
|
||||||
|
|
||||||
|
import base64
|
||||||
|
import json
|
||||||
|
import libvirt
|
||||||
|
import libvirt_qemu
|
||||||
|
import shlex
|
||||||
|
import traceback
|
||||||
|
|
||||||
|
from ansible import constants as C
|
||||||
|
from ansible.errors import AnsibleError, AnsibleConnectionFailure, AnsibleFileNotFound
|
||||||
|
from ansible.module_utils._text import to_bytes, to_native, to_text
|
||||||
|
from ansible.plugins.connection import ConnectionBase, BUFSIZE
|
||||||
|
from ansible.plugins.shell.powershell import _parse_clixml
|
||||||
|
from ansible.utils.display import Display
|
||||||
|
from ansible.plugins.callback.minimal import CallbackModule
|
||||||
|
from functools import partial
|
||||||
|
from os.path import exists, getsize
|
||||||
|
|
||||||
|
display = Display()
|
||||||
|
|
||||||
|
iMAX_WAIT = 10 # sec.
|
||||||
|
|
||||||
|
REQUIRED_CAPABILITIES = [
|
||||||
|
{'enabled': True, 'name': 'guest-exec', 'success-response': True},
|
||||||
|
{'enabled': True, 'name': 'guest-exec-status', 'success-response': True},
|
||||||
|
{'enabled': True, 'name': 'guest-file-close', 'success-response': True},
|
||||||
|
{'enabled': True, 'name': 'guest-file-open', 'success-response': True},
|
||||||
|
{'enabled': True, 'name': 'guest-file-read', 'success-response': True},
|
||||||
|
{'enabled': True, 'name': 'guest-file-write', 'success-response': True}
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
class Connection(ConnectionBase):
|
||||||
|
''' Local libvirt qemu based connections '''
|
||||||
|
|
||||||
|
transport = 'community.libvirt.libvirt_qemu'
|
||||||
|
# TODO(odyssey4me):
|
||||||
|
# Figure out why pipelining does not work and fix it
|
||||||
|
has_pipelining = False
|
||||||
|
has_tty = False
|
||||||
|
|
||||||
|
def __init__(self, play_context, new_stdin, *args, **kwargs):
|
||||||
|
super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
|
||||||
|
|
||||||
|
self._host = self._play_context.remote_addr
|
||||||
|
|
||||||
|
# Windows operates differently from a POSIX connection/shell plugin,
|
||||||
|
# we need to set various properties to ensure SSH on Windows continues
|
||||||
|
# to work
|
||||||
|
if getattr(self._shell, "_IS_WINDOWS", False):
|
||||||
|
self.has_native_async = True
|
||||||
|
self.always_pipeline_modules = True
|
||||||
|
self.module_implementation_preferences = ('.ps1', '.exe', '')
|
||||||
|
self.allow_executable = False
|
||||||
|
self._timeout = sgelf.get_option('timeout', 10)
|
||||||
|
|
||||||
|
def _connect(self):
|
||||||
|
''' connect to the virtual machine; nothing to do here '''
|
||||||
|
super(Connection, self)._connect()
|
||||||
|
if not self._connected:
|
||||||
|
|
||||||
|
self._virt_uri = self.get_option('virt_uri')
|
||||||
|
|
||||||
|
self._display.vvv(u"CONNECT TO {0}".format(self._virt_uri), host=self._host)
|
||||||
|
try:
|
||||||
|
self.conn = libvirt.open(self._virt_uri)
|
||||||
|
except libvirt.libvirtError as err:
|
||||||
|
self._display.vv(u"ERROR: libvirtError CONNECT TO {0}\n{1}".format(self._virt_uri, to_native(err)), host=self._host)
|
||||||
|
self._connected = False
|
||||||
|
raise AnsibleConnectionFailure(to_native(err))
|
||||||
|
|
||||||
|
self._display.vvv(u"FIND DOMAIN {0}".format(self._host), host=self._host)
|
||||||
|
try:
|
||||||
|
self.domain = self.conn.lookupByName(self._host)
|
||||||
|
except libvirt.libvirtError as err:
|
||||||
|
raise AnsibleConnectionFailure(to_native(err))
|
||||||
|
|
||||||
|
request_cap = json.dumps({'execute': 'guest-info'})
|
||||||
|
response_cap = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_cap, 5, 0))
|
||||||
|
self.capabilities = response_cap['return']['supported_commands']
|
||||||
|
self._display.vvvvv(u"GUEST CAPABILITIES: {0}".format(self.capabilities), host=self._host)
|
||||||
|
missing_caps = []
|
||||||
|
for cap in REQUIRED_CAPABILITIES:
|
||||||
|
if cap not in self.capabilities:
|
||||||
|
missing_caps.append(cap['name'])
|
||||||
|
if len(missing_caps) > 0:
|
||||||
|
self._display.vvv(u"REQUIRED CAPABILITIES MISSING: {0}".format(missing_caps), host=self._host)
|
||||||
|
raise AnsibleConnectionFailure('Domain does not have required capabilities')
|
||||||
|
|
||||||
|
display.vvv(u"ESTABLISH {0} CONNECTION".format(self.transport), host=self._host)
|
||||||
|
self._connected = True
|
||||||
|
|
||||||
|
def exec_command(self, cmd, in_data=None, sudoable=True, timeout=None):
|
||||||
|
""" execute a command on the virtual machine host """
|
||||||
|
super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)
|
||||||
|
|
||||||
|
self._display.vvv(u"EXEC {0}".format(cmd), host=self._host)
|
||||||
|
if timeout is None:
|
||||||
|
timeout = self._timeout
|
||||||
|
|
||||||
|
cmd_args_list = shlex.split(to_native(cmd, errors='surrogate_or_strict'))
|
||||||
|
|
||||||
|
if getattr(self._shell, "_IS_WINDOWS", False):
|
||||||
|
# Become method 'runas' is done in the wrapper that is executed,
|
||||||
|
# need to disable sudoable so the bare_run is not waiting for a
|
||||||
|
# prompt that will not occur
|
||||||
|
sudoable = False
|
||||||
|
|
||||||
|
# Generate powershell commands
|
||||||
|
cmd_args_list = self._shell._encode_script(cmd, as_list=True, strict_mode=False, preserve_rc=False)
|
||||||
|
|
||||||
|
# TODO(odyssey4me):
|
||||||
|
# Implement buffering much like the other connection plugins
|
||||||
|
# Implement 'env' for the environment settings
|
||||||
|
# Implement 'input-data' for whatever it might be useful for
|
||||||
|
request_exec = {
|
||||||
|
'execute': 'guest-exec',
|
||||||
|
'arguments': {
|
||||||
|
'path': cmd_args_list[0],
|
||||||
|
'capture-output': True,
|
||||||
|
'arg': cmd_args_list[1:]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
request_exec_json = json.dumps(request_exec)
|
||||||
|
|
||||||
|
display.vvv("GA send: {0}".format(request_exec_json), host=self._host)
|
||||||
|
# sys.stderr.write("GA send: {0}\n".format(request_exec_json))
|
||||||
|
command_start = time.clock_gettime(time.CLOCK_MONOTONIC)
|
||||||
|
# TODO(odyssey4me):
|
||||||
|
# Add timeout parameter
|
||||||
|
flags = 0
|
||||||
|
try:
|
||||||
|
result_exec = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_exec_json, timeout, flags))
|
||||||
|
except libvirt.libvirtError as err:
|
||||||
|
self._display.vv(u"ERROR: libvirtError EXEC TO {0}\n{1}".format(self._virt_uri, to_native(err)), host=self._host)
|
||||||
|
sys.stderr.write(u"ERROR: libvirtError EXEC TO {0}\n{1}\n".format(self._virt_uri, to_native(err)))
|
||||||
|
self._connected = False
|
||||||
|
raise AnsibleConnectionFailure(to_native(err))
|
||||||
|
|
||||||
|
display.vvv(u"GA return: {0}".format(result_exec), host=self._host)
|
||||||
|
|
||||||
|
request_status = {
|
||||||
|
'execute': 'guest-exec-status',
|
||||||
|
'arguments': {
|
||||||
|
'pid': result_exec['return']['pid']
|
||||||
|
}
|
||||||
|
}
|
||||||
|
request_status_json = json.dumps(request_status)
|
||||||
|
|
||||||
|
display.vvv(u"GA send: {0}".format(request_status_json), host=self._host)
|
||||||
|
|
||||||
|
# TODO(odyssey4me):
|
||||||
|
# Work out a better way to wait until the command has exited
|
||||||
|
max_time = iMAX_WAIT + time.clock_gettime(time.CLOCK_MONOTONIC)
|
||||||
|
result_status = {
|
||||||
|
'return': dict(exited=False),
|
||||||
|
}
|
||||||
|
while not result_status['return']['exited']:
|
||||||
|
# Wait for 5% of the time already elapsed
|
||||||
|
sleep_time = (time.clock_gettime(time.CLOCK_MONOTONIC) - command_start) * (5 / 100)
|
||||||
|
if sleep_time < 0.0002:
|
||||||
|
sleep_time = 0.0002
|
||||||
|
elif sleep_time > 1:
|
||||||
|
sleep_time = 1
|
||||||
|
time.sleep(sleep_time)
|
||||||
|
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, 5, 0))
|
||||||
|
if time.clock_gettime(time.CLOCK_MONOTONIC) > max_time:
|
||||||
|
err = 'timeout'
|
||||||
|
self._display.vv(u"ERROR: libvirtError EXEC TO {0}\n{1}".format(self._virt_uri, to_native(err)), host=self._host)
|
||||||
|
sys.stderr.write(u"ERROR: libvirtError EXEC TO {0}\n{1}\n".format(self._virt_uri, to_native(err)))
|
||||||
|
self._connected = False
|
||||||
|
raise AnsibleConnectionFailure(to_native(err))
|
||||||
|
|
||||||
|
display.vvv(u"GA return: {0}".format(result_status), host=self._host)
|
||||||
|
|
||||||
|
while not result_status['return']['exited']:
|
||||||
|
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, 5, 0))
|
||||||
|
|
||||||
|
display.vvv(u"GA return: {0}".format(result_status), host=self._host)
|
||||||
|
|
||||||
|
if result_status['return'].get('out-data'):
|
||||||
|
stdout = base64.b64decode(result_status['return']['out-data'])
|
||||||
|
else:
|
||||||
|
stdout = b''
|
||||||
|
|
||||||
|
if result_status['return'].get('err-data'):
|
||||||
|
stderr = base64.b64decode(result_status['return']['err-data'])
|
||||||
|
else:
|
||||||
|
stderr = b''
|
||||||
|
|
||||||
|
# Decode xml from windows
|
||||||
|
if getattr(self._shell, "_IS_WINDOWS", False) and stdout.startswith(b"#< CLIXML"):
|
||||||
|
stdout = _parse_clixml(stdout)
|
||||||
|
|
||||||
|
display.vvv(u"GA stdout: {0}".format(to_text(stdout)), host=self._host)
|
||||||
|
display.vvv(u"GA stderr: {0}".format(to_text(stderr)), host=self._host)
|
||||||
|
|
||||||
|
return result_status['return']['exitcode'], stdout, stderr
|
||||||
|
|
||||||
|
def put_file(self, in_path, out_path):
|
||||||
|
''' transfer a file from local to domain '''
|
||||||
|
super(Connection, self).put_file(in_path, out_path)
|
||||||
|
display.vvv("PUT %s TO %s" % (in_path, out_path), host=self._host)
|
||||||
|
|
||||||
|
if not exists(to_bytes(in_path, errors='surrogate_or_strict')):
|
||||||
|
raise AnsibleFileNotFound(
|
||||||
|
"file or module does not exist: %s" % in_path)
|
||||||
|
|
||||||
|
request_handle = {
|
||||||
|
'execute': 'guest-file-open',
|
||||||
|
'arguments': {
|
||||||
|
'path': out_path,
|
||||||
|
'mode': 'wb+'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
request_handle_json = json.dumps(request_handle)
|
||||||
|
|
||||||
|
display.vvv(u"GA send: {0}".format(request_handle_json), host=self._host)
|
||||||
|
|
||||||
|
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, 5, 0))
|
||||||
|
|
||||||
|
display.vvv(u"GA return: {0}".format(result_handle), host=self._host)
|
||||||
|
|
||||||
|
# TODO(odyssey4me):
|
||||||
|
# Handle exception for file/path IOError
|
||||||
|
with open(to_bytes(in_path, errors='surrogate_or_strict'), 'rb') as in_file:
|
||||||
|
for chunk in iter(partial(in_file.read, BUFSIZE), b''):
|
||||||
|
try:
|
||||||
|
request_write = {
|
||||||
|
'execute': 'guest-file-write',
|
||||||
|
'arguments': {
|
||||||
|
'handle': result_handle['return'],
|
||||||
|
'buf-b64': base64.b64encode(chunk).decode()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
request_write_json = json.dumps(request_write)
|
||||||
|
|
||||||
|
display.vvvvv(u"GA send: {0}".format(request_write_json), host=self._host)
|
||||||
|
|
||||||
|
result_write = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_write_json, 5, 0))
|
||||||
|
|
||||||
|
display.vvvvv(u"GA return: {0}".format(result_write), host=self._host)
|
||||||
|
|
||||||
|
except Exception:
|
||||||
|
traceback.print_exc()
|
||||||
|
raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
|
||||||
|
|
||||||
|
request_close = {
|
||||||
|
'execute': 'guest-file-close',
|
||||||
|
'arguments': {
|
||||||
|
'handle': result_handle['return']
|
||||||
|
}
|
||||||
|
}
|
||||||
|
request_close_json = json.dumps(request_close)
|
||||||
|
|
||||||
|
display.vvv(u"GA send: {0}".format(request_close_json), host=self._host)
|
||||||
|
|
||||||
|
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, 5, 0))
|
||||||
|
|
||||||
|
display.vvv(u"GA return: {0}".format(result_close), host=self._host)
|
||||||
|
|
||||||
|
def fetch_file(self, in_path, out_path):
|
||||||
|
''' fetch a file from domain to local '''
|
||||||
|
super(Connection, self).fetch_file(in_path, out_path)
|
||||||
|
display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self._host)
|
||||||
|
|
||||||
|
request_handle = {
|
||||||
|
'execute': 'guest-file-open',
|
||||||
|
'arguments': {
|
||||||
|
'path': in_path,
|
||||||
|
'mode': 'r'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
request_handle_json = json.dumps(request_handle)
|
||||||
|
|
||||||
|
display.vvv(u"GA send: {0}".format(request_handle_json), host=self._host)
|
||||||
|
|
||||||
|
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, 5, 0))
|
||||||
|
|
||||||
|
display.vvv(u"GA return: {0}".format(result_handle), host=self._host)
|
||||||
|
|
||||||
|
request_read = {
|
||||||
|
'execute': 'guest-file-read',
|
||||||
|
'arguments': {
|
||||||
|
'handle': result_handle['return'],
|
||||||
|
'count': BUFSIZE
|
||||||
|
}
|
||||||
|
}
|
||||||
|
request_read_json = json.dumps(request_read)
|
||||||
|
|
||||||
|
display.vvv(u"GA send: {0}".format(request_read_json), host=self._host)
|
||||||
|
|
||||||
|
with open(to_bytes(out_path, errors='surrogate_or_strict'), 'wb+') as out_file:
|
||||||
|
try:
|
||||||
|
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, 5, 0))
|
||||||
|
display.vvvvv(u"GA return: {0}".format(result_read), host=self._host)
|
||||||
|
out_file.write(base64.b64decode(result_read['return']['buf-b64']))
|
||||||
|
while not result_read['return']['eof']:
|
||||||
|
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, 5, 0))
|
||||||
|
display.vvvvv(u"GA return: {0}".format(result_read), host=self._host)
|
||||||
|
out_file.write(base64.b64decode(result_read['return']['buf-b64']))
|
||||||
|
|
||||||
|
except Exception:
|
||||||
|
traceback.print_exc()
|
||||||
|
raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
|
||||||
|
|
||||||
|
request_close = {
|
||||||
|
'execute': 'guest-file-close',
|
||||||
|
'arguments': {
|
||||||
|
'handle': result_handle['return']
|
||||||
|
}
|
||||||
|
}
|
||||||
|
request_close_json = json.dumps(request_close)
|
||||||
|
|
||||||
|
display.vvv(u"GA send: {0}".format(request_close_json), host=self._host)
|
||||||
|
|
||||||
|
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, 5, 0))
|
||||||
|
|
||||||
|
display.vvv(u"GA return: {0}".format(result_close), host=self._host)
|
||||||
|
|
||||||
|
def close(self):
|
||||||
|
''' terminate the connection; nothing to do here '''
|
||||||
|
super(Connection, self).close()
|
||||||
|
self._connected = False
|
@ -42,7 +42,7 @@ DOCUMENTATION = """
|
|||||||
description: timeout for libvirt to connect to access the virtual machine
|
description: timeout for libvirt to connect to access the virtual machine
|
||||||
required: false
|
required: false
|
||||||
type: int
|
type: int
|
||||||
default: 5
|
default: 10
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import base64
|
import base64
|
||||||
@ -98,7 +98,7 @@ class Connection(ConnectionBase):
|
|||||||
self.always_pipeline_modules = True
|
self.always_pipeline_modules = True
|
||||||
self.module_implementation_preferences = ('.ps1', '.exe', '')
|
self.module_implementation_preferences = ('.ps1', '.exe', '')
|
||||||
self.allow_executable = False
|
self.allow_executable = False
|
||||||
self._timeout = self.get_option('timeout', 5)
|
self._timeout = self.get_option('timeout', 10)
|
||||||
|
|
||||||
def _connect(self):
|
def _connect(self):
|
||||||
''' connect to the virtual machine; nothing to do here '''
|
''' connect to the virtual machine; nothing to do here '''
|
||||||
@ -122,7 +122,7 @@ class Connection(ConnectionBase):
|
|||||||
raise AnsibleConnectionFailure(to_native(err))
|
raise AnsibleConnectionFailure(to_native(err))
|
||||||
|
|
||||||
request_cap = json.dumps({'execute': 'guest-info'})
|
request_cap = json.dumps({'execute': 'guest-info'})
|
||||||
response_cap = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_cap, 5, 0))
|
response_cap = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_cap, self._timeout, 0))
|
||||||
self.capabilities = response_cap['return']['supported_commands']
|
self.capabilities = response_cap['return']['supported_commands']
|
||||||
self._display.vvvvv(u"GUEST CAPABILITIES: {0}".format(self.capabilities), host=self._host)
|
self._display.vvvvv(u"GUEST CAPABILITIES: {0}".format(self.capabilities), host=self._host)
|
||||||
missing_caps = []
|
missing_caps = []
|
||||||
@ -201,7 +201,9 @@ class Connection(ConnectionBase):
|
|||||||
result_status = {
|
result_status = {
|
||||||
'return': dict(exited=False),
|
'return': dict(exited=False),
|
||||||
}
|
}
|
||||||
while not result_status['return']['exited']:
|
i=0
|
||||||
|
while not result_status['return']['exited'] and i < 20:
|
||||||
|
i = i + 1
|
||||||
# Wait for 5% of the time already elapsed
|
# Wait for 5% of the time already elapsed
|
||||||
sleep_time = (time.clock_gettime(time.CLOCK_MONOTONIC) - command_start) * (5 / 100)
|
sleep_time = (time.clock_gettime(time.CLOCK_MONOTONIC) - command_start) * (5 / 100)
|
||||||
if sleep_time < 0.0002:
|
if sleep_time < 0.0002:
|
||||||
@ -209,7 +211,7 @@ class Connection(ConnectionBase):
|
|||||||
elif sleep_time > 1:
|
elif sleep_time > 1:
|
||||||
sleep_time = 1
|
sleep_time = 1
|
||||||
time.sleep(sleep_time)
|
time.sleep(sleep_time)
|
||||||
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, 5, 0))
|
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, self._timeout, 0))
|
||||||
if time.clock_gettime(time.CLOCK_MONOTONIC) > max_time:
|
if time.clock_gettime(time.CLOCK_MONOTONIC) > max_time:
|
||||||
err = 'timeout'
|
err = 'timeout'
|
||||||
self._display.vv(u"ERROR: libvirtError EXEC TO {0}\n{1}".format(self._virt_uri, to_native(err)), host=self._host)
|
self._display.vv(u"ERROR: libvirtError EXEC TO {0}\n{1}".format(self._virt_uri, to_native(err)), host=self._host)
|
||||||
@ -220,7 +222,7 @@ class Connection(ConnectionBase):
|
|||||||
display.vvv(u"GA return: {0}".format(result_status), host=self._host)
|
display.vvv(u"GA return: {0}".format(result_status), host=self._host)
|
||||||
|
|
||||||
while not result_status['return']['exited']:
|
while not result_status['return']['exited']:
|
||||||
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, 5, 0))
|
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, self._timeout, 0))
|
||||||
|
|
||||||
display.vvv(u"GA return: {0}".format(result_status), host=self._host)
|
display.vvv(u"GA return: {0}".format(result_status), host=self._host)
|
||||||
|
|
||||||
@ -263,7 +265,7 @@ class Connection(ConnectionBase):
|
|||||||
|
|
||||||
display.vvv(u"GA send: {0}".format(request_handle_json), host=self._host)
|
display.vvv(u"GA send: {0}".format(request_handle_json), host=self._host)
|
||||||
|
|
||||||
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, 5, 0))
|
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, self._timeout, 0))
|
||||||
|
|
||||||
display.vvv(u"GA return: {0}".format(result_handle), host=self._host)
|
display.vvv(u"GA return: {0}".format(result_handle), host=self._host)
|
||||||
|
|
||||||
@ -283,7 +285,7 @@ class Connection(ConnectionBase):
|
|||||||
|
|
||||||
display.vvvvv(u"GA send: {0}".format(request_write_json), host=self._host)
|
display.vvvvv(u"GA send: {0}".format(request_write_json), host=self._host)
|
||||||
|
|
||||||
result_write = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_write_json, 5, 0))
|
result_write = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_write_json, self._timeout, 0))
|
||||||
|
|
||||||
display.vvvvv(u"GA return: {0}".format(result_write), host=self._host)
|
display.vvvvv(u"GA return: {0}".format(result_write), host=self._host)
|
||||||
|
|
||||||
@ -301,7 +303,7 @@ class Connection(ConnectionBase):
|
|||||||
|
|
||||||
display.vvv(u"GA send: {0}".format(request_close_json), host=self._host)
|
display.vvv(u"GA send: {0}".format(request_close_json), host=self._host)
|
||||||
|
|
||||||
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, 5, 0))
|
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, self._timeout, 0))
|
||||||
|
|
||||||
display.vvv(u"GA return: {0}".format(result_close), host=self._host)
|
display.vvv(u"GA return: {0}".format(result_close), host=self._host)
|
||||||
|
|
||||||
@ -321,7 +323,7 @@ class Connection(ConnectionBase):
|
|||||||
|
|
||||||
display.vvv(u"GA send: {0}".format(request_handle_json), host=self._host)
|
display.vvv(u"GA send: {0}".format(request_handle_json), host=self._host)
|
||||||
|
|
||||||
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, 5, 0))
|
result_handle = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_handle_json, self._timeout, 0))
|
||||||
|
|
||||||
display.vvv(u"GA return: {0}".format(result_handle), host=self._host)
|
display.vvv(u"GA return: {0}".format(result_handle), host=self._host)
|
||||||
|
|
||||||
@ -338,11 +340,11 @@ class Connection(ConnectionBase):
|
|||||||
|
|
||||||
with open(to_bytes(out_path, errors='surrogate_or_strict'), 'wb+') as out_file:
|
with open(to_bytes(out_path, errors='surrogate_or_strict'), 'wb+') as out_file:
|
||||||
try:
|
try:
|
||||||
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, 5, 0))
|
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, self._timeout, 0))
|
||||||
display.vvvvv(u"GA return: {0}".format(result_read), host=self._host)
|
display.vvvvv(u"GA return: {0}".format(result_read), host=self._host)
|
||||||
out_file.write(base64.b64decode(result_read['return']['buf-b64']))
|
out_file.write(base64.b64decode(result_read['return']['buf-b64']))
|
||||||
while not result_read['return']['eof']:
|
while not result_read['return']['eof']:
|
||||||
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, 5, 0))
|
result_read = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_read_json, self._timeout, 0))
|
||||||
display.vvvvv(u"GA return: {0}".format(result_read), host=self._host)
|
display.vvvvv(u"GA return: {0}".format(result_read), host=self._host)
|
||||||
out_file.write(base64.b64decode(result_read['return']['buf-b64']))
|
out_file.write(base64.b64decode(result_read['return']['buf-b64']))
|
||||||
|
|
||||||
@ -360,7 +362,7 @@ class Connection(ConnectionBase):
|
|||||||
|
|
||||||
display.vvv(u"GA send: {0}".format(request_close_json), host=self._host)
|
display.vvv(u"GA send: {0}".format(request_close_json), host=self._host)
|
||||||
|
|
||||||
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, 5, 0))
|
result_close = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_close_json, self._timeout, 0))
|
||||||
|
|
||||||
display.vvv(u"GA return: {0}".format(result_close), host=self._host)
|
display.vvv(u"GA return: {0}".format(result_close), host=self._host)
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@ AGI_PROXY_MODE: "{{PROXY_MODE|default('')}}"
|
|||||||
|
|
||||||
AGI_use_local_kernel: false
|
AGI_use_local_kernel: false
|
||||||
AGI_install_disklabel: msdos
|
AGI_install_disklabel: msdos
|
||||||
AGI_install_timezone: UTC
|
AGI_install_timezone: "{{ BASE_TIMEZONE|default('Etc/UTC') }}"
|
||||||
AGI_install_locales:
|
AGI_install_locales:
|
||||||
- en_US ISO-8859-1
|
- en_US ISO-8859-1
|
||||||
- en_US.UTF-8 UTF-8
|
- en_US.UTF-8 UTF-8
|
||||||
@ -28,9 +28,9 @@ AGI_install_network_interfaces:
|
|||||||
config: dhcp
|
config: dhcp
|
||||||
AGI_container_disk: /dev/vda
|
AGI_container_disk: /dev/vda
|
||||||
|
|
||||||
AGI_install_syslog_daemon: syslog-ng # app-admin/sysklogd
|
AGI_install_syslog_daemon: syslog-ng # sysklogd
|
||||||
AGI_install_cron_daemon: cronie
|
AGI_install_cron_daemon: cronie #
|
||||||
AGI_install_bootloader: syslinux
|
AGI_install_bootloader: syslinux # grub:2
|
||||||
|
|
||||||
AGI_install_syslinux_kernel_line:
|
AGI_install_syslinux_kernel_line:
|
||||||
# this is required I think
|
# this is required I think
|
||||||
@ -48,11 +48,11 @@ AGI_install_syslinux_kernel_line:
|
|||||||
# =0x37f works too
|
# =0x37f works too
|
||||||
- vga=789
|
- vga=789
|
||||||
# these may not all be needed or useful in a container
|
# these may not all be needed or useful in a container
|
||||||
- pti=on
|
# - pti=on
|
||||||
- iommu=pt
|
# - iommu=pt
|
||||||
- amd_iommu=on
|
# - amd_iommu=on
|
||||||
- intel_iommu=on
|
# - intel_iommu=on
|
||||||
- debug
|
# - debug
|
||||||
|
|
||||||
# remove the unused ones:
|
# remove the unused ones:
|
||||||
AGI_install_syslinux_c32:
|
AGI_install_syslinux_c32:
|
||||||
|
171
roles/ansible-gentoo_install/files/firewall.conf
Normal file
171
roles/ansible-gentoo_install/files/firewall.conf
Normal file
@ -0,0 +1,171 @@
|
|||||||
|
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||||
|
*mangle
|
||||||
|
:PREROUTING ACCEPT [0:0]
|
||||||
|
:INPUT ACCEPT [0:0]
|
||||||
|
:FORWARD ACCEPT [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
:POSTROUTING ACCEPT [0:0]
|
||||||
|
:LIBVIRT_PRT - [0:0]
|
||||||
|
-A INPUT -j LOG --log-prefix "iptables_libvirt mangle-i: " --log-uid
|
||||||
|
-A POSTROUTING -j LIBVIRT_PRT
|
||||||
|
COMMIT
|
||||||
|
# Completed on Wed Nov 4 01:14:37 2020
|
||||||
|
|
||||||
|
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||||
|
*nat
|
||||||
|
:PREROUTING ACCEPT [0:0]
|
||||||
|
:INPUT ACCEPT [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
:POSTROUTING ACCEPT [0:0]
|
||||||
|
:LIBVIRT_PRT - [0:0]
|
||||||
|
|
||||||
|
# was ! -o lo
|
||||||
|
-A OUTPUT -o wlan6 -p tcp --dport 53 -m tcp -j DNAT --to-destination 127.0.0.1:53
|
||||||
|
-A OUTPUT -o wlan6 -p udp --dport 53 -m udp -j DNAT --to-destination 127.0.0.1:53
|
||||||
|
|
||||||
|
# .onion mapped addresses redirection to Tor.
|
||||||
|
-A OUTPUT -d 172.16.0.0/12 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
|
||||||
|
## Log.
|
||||||
|
-A INPUT -j LOG --log-prefix "iptables_libvirt_nat-i: " --log-uid
|
||||||
|
-A POSTROUTING -j LIBVIRT_PRT
|
||||||
|
-A LIBVIRT_PRT -s 10.0.2.0/24 -d 224.0.0.0/24 -j RETURN
|
||||||
|
-A LIBVIRT_PRT -s 10.0.2.0/24 -d 255.255.255.255/32 -j RETURN
|
||||||
|
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
|
||||||
|
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
|
||||||
|
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -j MASQUERADE
|
||||||
|
COMMIT
|
||||||
|
# Completed on Wed Nov 4 01:14:37 2020
|
||||||
|
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||||
|
*filter
|
||||||
|
:INPUT ACCEPT [0:0]
|
||||||
|
:FORWARD DROP [0:0]
|
||||||
|
:OUTPUT DROP [0:0]
|
||||||
|
:LIBVIRT_FWI - [0:0]
|
||||||
|
:LIBVIRT_FWO - [0:0]
|
||||||
|
:LIBVIRT_FWX - [0:0]
|
||||||
|
:LIBVIRT_INP - [0:0]
|
||||||
|
:LIBVIRT_OUT - [0:0]
|
||||||
|
|
||||||
|
## DROP PACKETS WITH INCOMING FRAGMENTS. THIS ATTACK ONCE RESULTED IN KERNEL PANICS
|
||||||
|
-A INPUT -f -j DROP
|
||||||
|
## DROP INCOMING MALFORMED XMAS PACKETS
|
||||||
|
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP
|
||||||
|
## DROP INCOMING MALFORMED NULL PACKETS
|
||||||
|
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
|
||||||
|
|
||||||
|
-A INPUT -i lo -j ACCEPT
|
||||||
|
## Traffic on the loopback interface is accepted.
|
||||||
|
-A INPUT -i lo -j ACCEPT
|
||||||
|
## Established incoming connections are accepted. RELATED?
|
||||||
|
-A INPUT -m state --state ESTABLISHED -j ACCEPT
|
||||||
|
### this is required for outgoing pings
|
||||||
|
-A INPUT -i wlan6 -p icmp -j LOG --log-prefix "iptables_icmp_ACCEPT-i: " --log-uid
|
||||||
|
-A INPUT -i wlan6 -p icmp -j ACCEPT
|
||||||
|
|
||||||
|
# let dhcp through? - YES
|
||||||
|
-A INPUT -i wlan6 -p udp -m udp --sport 137 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p udp -m udp --sport 138 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p udp -m udp --sport 139 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p tcp --sport 9055 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p tcp --sport 9054 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p tcp --sport 9053 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p tcp --sport 9051 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p udp --sport 53 -j ACCEPT
|
||||||
|
|
||||||
|
# SRC=0.0.0.0 DST=255.255.255.255 PROTO=UDP SPT=68 DPT=67
|
||||||
|
-A INPUT -j LOG --log-prefix "iptables_libvirt_jLIBVIRT_INP-i: " --log-uid
|
||||||
|
# -A INPUT -i wlan6 -p udp -j DROP
|
||||||
|
-A INPUT -i wlan6 -j DROP
|
||||||
|
|
||||||
|
-A INPUT -j LIBVIRT_INP
|
||||||
|
|
||||||
|
-A FORWARD -j LIBVIRT_FWX
|
||||||
|
-A FORWARD -j LIBVIRT_FWI
|
||||||
|
-A FORWARD -j LIBVIRT_FWO
|
||||||
|
#d#-A OUTPUT -o wlan6 -p icmp -j LOG --log-prefix iptables_icmp_ACCEPT-o: --log-uid
|
||||||
|
## Traffic on the loopback interface is accepted.
|
||||||
|
-A OUTPUT -o lo -j ACCEPT
|
||||||
|
|
||||||
|
## Existing connections are accepted.
|
||||||
|
-A OUTPUT -m state --state ESTABLISHED -j ACCEPT
|
||||||
|
-A OUTPUT -o wlan6 -p icmp -j LOG --log-prefix "iptables_icmp_ACCEPT-o: " --log-uid
|
||||||
|
-A OUTPUT -o wlan6 -p icmp -j ACCEPT
|
||||||
|
# st-routers.mcast.net.
|
||||||
|
-A OUTPUT -o wlan6 -p udp -d 224.0.0.0/8 -j REJECT
|
||||||
|
|
||||||
|
## Accept outgoing connections to local network, Whonix-Workstation and VirtualBox,
|
||||||
|
-A OUTPUT -d 192.168.1.0/24 -j ACCEPT
|
||||||
|
-A OUTPUT -d 10.0.2.0/24 -j ACCEPT
|
||||||
|
|
||||||
|
# gateway
|
||||||
|
#-A OUTPUT -d 10.0.2.0/24 -j ACCEPT
|
||||||
|
|
||||||
|
-A OUTPUT -o wlan6 -d 10.16.238.0/24 -j ACCEPT
|
||||||
|
-A OUTPUT -o wlan6 -d 10.0.0.0/8 -j DROP
|
||||||
|
-A OUTPUT -o wlan6 -d 172.16.0.0/12 -j DROP
|
||||||
|
#-A OUTPUT -o wlan6 -d 192.168.0.0/16 -j DROP
|
||||||
|
-A OUTPUT -o wlan6 -d 224.0.0.0/4 -j DROP
|
||||||
|
-A OUTPUT -o wlan6 -d 240.0.0.0/5 -j DROP
|
||||||
|
|
||||||
|
# The ntp user is allowed to connect to services listening on the ntp port...
|
||||||
|
# If root runs ntpdate manually you will see requests to port 53 UID=0
|
||||||
|
#-A OUTPUT -o wlan6 -m owner --gid-owner 226 -p udp --dport 123 -j LOG --log-uid --log-prefix "iptables_123_ACCEPT-o: "
|
||||||
|
-A OUTPUT -o wlan6 -m owner --gid-owner 226 -p UDP --dport 123 -j ACCEPT
|
||||||
|
-A OUTPUT -o wlan6 -m owner --uid-owner 0 -p UDP --dport 123 -j ACCEPT
|
||||||
|
#-A OUTPUT -o wlan6 -m tcp -p TCP --dport 22 -j LOG --log-uid --log-prefix "IPTABLES_ssh_REJECT: "
|
||||||
|
-A OUTPUT -o wlan6 -m tcp -p TCP --dport 22 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
#test-A OUTPUT -o virbr1 -m tcp -p TCP --dport 22 -j LOG --log-uid --log-prefix "iptables_: "
|
||||||
|
-A OUTPUT -o wlan6 -m owner -p tcp --gid-owner 216 -j ACCEPT
|
||||||
|
-A OUTPUT -o wlan6 -m owner --gid-owner 1 -j ACCEPT
|
||||||
|
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 22 -j ACCEPT
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9028 -j LOG --log-uid --log-prefix "iptables_: "
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9028 -j ACCEPT
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9040 -j LOG --log-uid --log-prefix "iptables_: "
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9040 -j ACCEPT
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9050 -j LOG --log-uid --log-prefix "iptables_: "
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9050 -j ACCEPT
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9053 -j LOG --log-uid --log-prefix "iptables_: "
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9053 -j ACCEPT
|
||||||
|
-A OUTPUT -o virbr1 -m udp -p udp --dport 9053 -j ACCEPT
|
||||||
|
-A OUTPUT -j LIBVIRT_OUT
|
||||||
|
-A LIBVIRT_FWI -o virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWI_REJECT-o: "
|
||||||
|
-A LIBVIRT_FWI -o virbr2 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
|
||||||
|
-A LIBVIRT_FWI -d 10.0.2.0/24 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_FWI -o virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWI_REJECT-o: "
|
||||||
|
-A LIBVIRT_FWI -o virbr1 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
|
||||||
|
-A LIBVIRT_FWO -i virbr2 -j LOG --log-uid --log-prefix "IPTABLES_FWO_REJECT-i: "
|
||||||
|
-A LIBVIRT_FWO -i virbr2 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
|
||||||
|
-A LIBVIRT_FWO -s 10.0.2.0/24 -i virbr1 -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_FWO -i virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWO_REJECT-i: "
|
||||||
|
-A LIBVIRT_FWO -i virbr1 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
|
||||||
|
-A LIBVIRT_FWX -i virbr2 -o virbr2 -j ACCEPT
|
||||||
|
-A LIBVIRT_FWX -i virbr1 -o virbr1 -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_INP -i virbr2 -p udp -m udp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr2 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr2 -p udp -m udp --dport 67 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr2 -p tcp -m tcp --dport 67 -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 67 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 67 -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_OUT -o virbr2 -p udp -m udp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr2 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr2 -p udp -m udp --dport 68 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr2 -p tcp -m tcp --dport 68 -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 68 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 68 -j ACCEPT
|
||||||
|
COMMIT
|
||||||
|
# Completed on Wed Nov 4 01:14:37 2020
|
@ -42,8 +42,8 @@
|
|||||||
label pentoo2019-Pen19-6.1.52-pentoo_2023_09_30_0x037f
|
label pentoo2019-Pen19-6.1.52-pentoo_2023_09_30_0x037f
|
||||||
menu label pentoo2019_Pen19_6.1.52-pentoo_2023_09_30_0x037f
|
menu label pentoo2019_Pen19_6.1.52-pentoo_2023_09_30_0x037f
|
||||||
menu default
|
menu default
|
||||||
kernel vmlinuz-6.1.52-pentoo_2023_09_30
|
kernel /vmlinuz-6.1.52-pentoo_2023_09_30
|
||||||
INITRD initramfs-pentoo-x86_64-6.1.52-pentoo_2023_09_30.img
|
INITRD /initramfs-pentoo-x86_64-6.1.52-pentoo_2023_09_30.img
|
||||||
# was vga=0x315
|
# was vga=0x315
|
||||||
APPEND root=LABEL=root {{''.join(AGI_install_syslinux_kernel_commands)}}
|
APPEND root=LABEL=root {{''.join(AGI_install_syslinux_kernel_commands)}}
|
||||||
|
|
||||||
@ -106,6 +106,38 @@
|
|||||||
-i /etc/default/grub
|
-i /etc/default/grub
|
||||||
grub-script-check /etc/default/grub
|
grub-script-check /etc/default/grub
|
||||||
|
|
||||||
|
- name: roles/ansible-gentoo_install/tasks/
|
||||||
|
shell: |
|
||||||
|
LINE="rd.skipfsck=1 ipv6.disable=1 console=ttys0 lang=en keymap=us "
|
||||||
|
# LINE="$LINE pti=on doscsi iommu=pt amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none "
|
||||||
|
LINE="$LINE intel_iommu=on vga=0x315 text
|
||||||
|
df | grep /boot || mount /dev/vda1 /boot
|
||||||
|
[ -d /boot/grub ] || exit 2
|
||||||
|
[ -f /boot/grub/grub.cfg ] || exit 3
|
||||||
|
cd /
|
||||||
|
# boot/initramfs-pentoo-x86_64-6.1.52-pentoo_2023_09_30.img
|
||||||
|
|
||||||
|
- name: /etc/default/grub
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/default/grub
|
||||||
|
line: '{{item.from}}="{{item.to}}"'
|
||||||
|
regexp: '^#*{{item.from}}=.*'
|
||||||
|
with_items:
|
||||||
|
# Append parameters to the linux kernel command line for non-recovery entries
|
||||||
|
- from: GRUB_CMDLINE_LINUX_DEFAULT
|
||||||
|
to: " rd.skipfsck=1 ipv6.disable=1 console=ttyS0 lang=en keymap=us intel_iommu=on vga=0x315 text"
|
||||||
|
# The resolution used on graphical terminal.
|
||||||
|
# Note that you can use only modes which your graphic card supports via VBE.
|
||||||
|
# You can see them in real GRUB with the command `vbeinfo'.
|
||||||
|
- from: GRUB_GFXMODE
|
||||||
|
to: 640x480
|
||||||
|
# Set to 'text' to force the Linux kernel to boot in normal text
|
||||||
|
- from: GRUB_GFXPAYLOAD_LINUX
|
||||||
|
to: text
|
||||||
|
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel
|
||||||
|
- from: GRUB_DISABLE_LINUX_UUID
|
||||||
|
to: true
|
||||||
|
|
||||||
when: AGI_install_bootloader == 'grub:2'
|
when: AGI_install_bootloader == 'grub:2'
|
||||||
|
|
||||||
- name: fstab root
|
- name: fstab root
|
||||||
@ -152,53 +184,35 @@
|
|||||||
line: 'consolefont="ter-v{{AGI_consolefont_font_size}}b"'
|
line: 'consolefont="ter-v{{AGI_consolefont_font_size}}b"'
|
||||||
regexp: '^consolefont=.*'
|
regexp: '^consolefont=.*'
|
||||||
|
|
||||||
- name: /etc/default/grub
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/default/grub
|
|
||||||
line: '{{item.from}}="{{item.to}}"'
|
|
||||||
regexp: '^#*{{item.from}}=.*'
|
|
||||||
with_items:
|
|
||||||
# Append parameters to the linux kernel command line for non-recovery entries
|
|
||||||
- from: GRUB_CMDLINE_LINUX_DEFAULT
|
|
||||||
to: " rd.skipfsck=1 ipv6.disable=1 console=tty1 lang=en keymap=us intel_iommu=on vga=0x315 text"
|
|
||||||
# The resolution used on graphical terminal.
|
|
||||||
# Note that you can use only modes which your graphic card supports via VBE.
|
|
||||||
# You can see them in real GRUB with the command `vbeinfo'.
|
|
||||||
- from: GRUB_GFXMODE
|
|
||||||
to: 640x480
|
|
||||||
# Set to 'text' to force the Linux kernel to boot in normal text
|
|
||||||
- from: GRUB_GFXPAYLOAD_LINUX
|
|
||||||
to: text
|
|
||||||
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel
|
|
||||||
- from: GRUB_DISABLE_LINUX_UUID
|
|
||||||
to: true
|
|
||||||
|
|
||||||
- name: roles/ansible-gentoo_install/tasks/
|
|
||||||
shell: |
|
|
||||||
LINE="rd.skipfsck=1 ipv6.disable=1 console=tty1 lang=en keymap=us "
|
|
||||||
# LINE="$LINE pti=on doscsi iommu=pt amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none "
|
|
||||||
LINE="$LINE intel_iommu=on vga=0x315 text
|
|
||||||
df | grep /boot || mount /dev/vda1 /boot
|
|
||||||
[ -d /boot/grub ] || exit 2
|
|
||||||
[ -f /boot/grub/grub.cfg ] || exit 3
|
|
||||||
cd /
|
|
||||||
# ln -s boot/vmlinuz* vmlinuz
|
|
||||||
# boot/initramfs-pentoo-x86_64-6.1.52-pentoo_2023_09_30.img
|
|
||||||
ln -s boot/initramfs* initrd.img
|
|
||||||
|
|
||||||
- name: consolefont
|
- name: consolefont
|
||||||
shell: |
|
shell: |
|
||||||
|
grep -q /etc/init.d/consolefont /etc/rc.local || \
|
||||||
cat >> /etc/rc.local << EOF
|
cat >> /etc/rc.local << EOF
|
||||||
|
#!/bin/sh
|
||||||
/etc/init.d consolefont stop
|
/etc/init.d consolefont stop
|
||||||
/etc/init.d consolefont start
|
/etc/init.d consolefont start
|
||||||
stty -F /dev/tty1 cols 80 rows 24
|
# these are right for ter-v28b consolefont
|
||||||
|
if tty|grep -q /dev/ttyS0 ; then
|
||||||
|
stty cols 80 rows 35
|
||||||
|
elif tty|grep -q /dev/tty[1-6] ; then
|
||||||
|
stty cols 80 rows 22
|
||||||
|
fi
|
||||||
EOF
|
EOF
|
||||||
bash /etc/rc.local
|
chmod 755 /etc/rc.local
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: rc-update add bootlogd boot
|
- name: rc-update add bootlogd boot
|
||||||
shell: |
|
shell: |
|
||||||
|
[ -d /etc/modules-load.d ] || mkdir /etc/modules-load.d
|
||||||
|
[ -f /etc/modules-load.d/virtio.conf ] || \
|
||||||
|
echo "{{'\n'.join(AGI_bootstrap_modules)}}" \
|
||||||
|
> /etc/modules-load.d/virtio.conf
|
||||||
rc-update add consolefont
|
rc-update add consolefont
|
||||||
rc-update | grep -q 'bootlogd .* boot' || \
|
rc-update | grep -q 'bootlogd .* boot' || \
|
||||||
rc-update add bootlogd boot
|
rc-update add bootlogd boot
|
||||||
|
grep -q '^s0:' /etc/inittab || \
|
||||||
|
sed -e 's/^#s0:/s0:/' /etc/inittab
|
||||||
|
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
|
@ -18,9 +18,11 @@
|
|||||||
|
|
||||||
- name: copy resolv.conf into chroot
|
- name: copy resolv.conf into chroot
|
||||||
copy:
|
copy:
|
||||||
src: /etc/resolv.conf
|
src: "/{{item}}"
|
||||||
dest: "{{AGI_NBD_MP}}/etc/resolv.conf"
|
dest: "{{AGI_NBD_MP}}/{{item}}"
|
||||||
|
mode: '0644'
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
|
with_items: "{{AGI_bootstrap_files}}"
|
||||||
when: not ansible_check_mode
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: mount /proc in chroot
|
- name: mount /proc in chroot
|
||||||
|
23
roles/ansible-gentoo_install/tasks/libvirt.yml
Normal file
23
roles/ansible-gentoo_install/tasks/libvirt.yml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
||||||
|
# localhost
|
||||||
|
---
|
||||||
|
- name: "DEBUG: ansible-gentoo_install libvirt"
|
||||||
|
debug:
|
||||||
|
verbosity: 1
|
||||||
|
msg: "DEBUG: ansible-gentoo_install libvirt"
|
||||||
|
|
||||||
|
- name: test we are NOT in the chroot
|
||||||
|
shell: |
|
||||||
|
[ -n "{{AGI_NBD_MP}}" ] || exit 2
|
||||||
|
[ -d "{{AGI_NBD_MP}}" ] || exit 3
|
||||||
|
check_mode: false
|
||||||
|
|
||||||
|
# - name: setup libvirt network
|
||||||
|
# - name: setup libvirt iptables
|
||||||
|
# net.ipv4.conf.virbr1.forwarding = 1
|
||||||
|
# net.ipv4.ip_forward = 1
|
||||||
|
# mkdir /etc/libvirt/qemu
|
||||||
|
# qemu-ga -D > /etc/libvirt/qemu/qemu-ga.conf
|
||||||
|
# for elt in unix-listen virtio-serial isa-serial vsock-listen ; do
|
||||||
|
# /etc/conf.d/qemu-ga
|
||||||
|
|
@ -85,6 +85,7 @@
|
|||||||
state: mounted
|
state: mounted
|
||||||
check_mode: false
|
check_mode: false
|
||||||
|
|
||||||
|
- include: libvirt.yml
|
||||||
- include: tarball.yml
|
- include: tarball.yml
|
||||||
- include: copy.yml
|
- include: copy.yml
|
||||||
when: AGI_use_local_kernel
|
when: AGI_use_local_kernel
|
||||||
|
@ -131,13 +131,10 @@
|
|||||||
var: ansible_gentooimgr_out
|
var: ansible_gentooimgr_out
|
||||||
|
|
||||||
check_mode: false
|
check_mode: false
|
||||||
when:
|
|
||||||
- ansible_connection in ['chroot', 'local', 'libvirt_qemu']
|
|
||||||
- ansible_distribution == 'Gentoo' or BOX_GENTOO_FROM_MP not in ['/', '']
|
|
||||||
# - nbd_disk|default('') == AGI_NBD_DISK
|
|
||||||
|
|
||||||
- name: include_tasks local.yml
|
- name: include_tasks local.yml
|
||||||
include_tasks: local.yml
|
include_tasks: local.yml
|
||||||
|
|
||||||
when:
|
when:
|
||||||
- ansible_connection in ['chroot', 'local']
|
- ansible_connection in ['chroot', 'local']
|
||||||
- ansible_distribution == 'Gentoo' or BOX_GENTOO_FROM_MP not in ['/', '']
|
- ansible_distribution == 'Gentoo' or BOX_GENTOO_FROM_MP not in ['/', '']
|
||||||
|
@ -15,6 +15,10 @@
|
|||||||
for elt in {{ AGI_bootstrap_mountpoints|join(' ') }} ; do
|
for elt in {{ AGI_bootstrap_mountpoints|join(' ') }} ; do
|
||||||
[ -d $elt ] || mkdir $elt
|
[ -d $elt ] || mkdir $elt
|
||||||
done
|
done
|
||||||
|
# 700 files from ansible umask
|
||||||
|
find /usr/local/*bin/ /usr/local/etc/ -name '*sh' -exec chmod 755 {} \;
|
||||||
|
find /usr/local/ -type f -exec chown ${BOX_USER_NAME}:${BOX_USER_GROUP} {} \;
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
when: AGI_bootstrap_mountpoints|default([])|length > 0
|
when: AGI_bootstrap_mountpoints|default([])|length > 0
|
||||||
|
|
||||||
@ -32,7 +36,7 @@
|
|||||||
dest: /etc/localtime
|
dest: /etc/localtime
|
||||||
src: /usr/share/zoneinfo/{{ AGI_install_timezone }}
|
src: /usr/share/zoneinfo/{{ AGI_install_timezone }}
|
||||||
state: link
|
state: link
|
||||||
force: yes
|
force: no
|
||||||
|
|
||||||
- name: configure locales
|
- name: configure locales
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -0,0 +1,171 @@
|
|||||||
|
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||||
|
*mangle
|
||||||
|
:PREROUTING ACCEPT [0:0]
|
||||||
|
:INPUT ACCEPT [0:0]
|
||||||
|
:FORWARD ACCEPT [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
:POSTROUTING ACCEPT [0:0]
|
||||||
|
:LIBVIRT_PRT - [0:0]
|
||||||
|
-A INPUT -j LOG --log-prefix "iptables_libvirt mangle-i: " --log-uid
|
||||||
|
-A POSTROUTING -j LIBVIRT_PRT
|
||||||
|
COMMIT
|
||||||
|
# Completed on Wed Nov 4 01:14:37 2020
|
||||||
|
|
||||||
|
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||||
|
*nat
|
||||||
|
:PREROUTING ACCEPT [0:0]
|
||||||
|
:INPUT ACCEPT [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
:POSTROUTING ACCEPT [0:0]
|
||||||
|
:LIBVIRT_PRT - [0:0]
|
||||||
|
|
||||||
|
# was ! -o lo
|
||||||
|
-A OUTPUT -o wlan6 -p tcp --dport 53 -m tcp -j DNAT --to-destination 127.0.0.1:53
|
||||||
|
-A OUTPUT -o wlan6 -p udp --dport 53 -m udp -j DNAT --to-destination 127.0.0.1:53
|
||||||
|
|
||||||
|
# .onion mapped addresses redirection to Tor.
|
||||||
|
-A OUTPUT -d 172.16.0.0/12 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
|
||||||
|
## Log.
|
||||||
|
-A INPUT -j LOG --log-prefix "iptables_libvirt_nat-i: " --log-uid
|
||||||
|
-A POSTROUTING -j LIBVIRT_PRT
|
||||||
|
-A LIBVIRT_PRT -s 10.0.2.0/24 -d 224.0.0.0/24 -j RETURN
|
||||||
|
-A LIBVIRT_PRT -s 10.0.2.0/24 -d 255.255.255.255/32 -j RETURN
|
||||||
|
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
|
||||||
|
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
|
||||||
|
-A LIBVIRT_PRT -s 10.0.2.0/24 ! -d 10.0.2.0/24 -j MASQUERADE
|
||||||
|
COMMIT
|
||||||
|
# Completed on Wed Nov 4 01:14:37 2020
|
||||||
|
# Generated by iptables-save v1.8.5 on Wed Nov 4 01:14:37 2020
|
||||||
|
*filter
|
||||||
|
:INPUT ACCEPT [0:0]
|
||||||
|
:FORWARD DROP [0:0]
|
||||||
|
:OUTPUT DROP [0:0]
|
||||||
|
:LIBVIRT_FWI - [0:0]
|
||||||
|
:LIBVIRT_FWO - [0:0]
|
||||||
|
:LIBVIRT_FWX - [0:0]
|
||||||
|
:LIBVIRT_INP - [0:0]
|
||||||
|
:LIBVIRT_OUT - [0:0]
|
||||||
|
|
||||||
|
## DROP PACKETS WITH INCOMING FRAGMENTS. THIS ATTACK ONCE RESULTED IN KERNEL PANICS
|
||||||
|
-A INPUT -f -j DROP
|
||||||
|
## DROP INCOMING MALFORMED XMAS PACKETS
|
||||||
|
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP
|
||||||
|
## DROP INCOMING MALFORMED NULL PACKETS
|
||||||
|
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
|
||||||
|
|
||||||
|
-A INPUT -i lo -j ACCEPT
|
||||||
|
## Traffic on the loopback interface is accepted.
|
||||||
|
-A INPUT -i lo -j ACCEPT
|
||||||
|
## Established incoming connections are accepted. RELATED?
|
||||||
|
-A INPUT -m state --state ESTABLISHED -j ACCEPT
|
||||||
|
### this is required for outgoing pings
|
||||||
|
-A INPUT -i wlan6 -p icmp -j LOG --log-prefix "iptables_icmp_ACCEPT-i: " --log-uid
|
||||||
|
-A INPUT -i wlan6 -p icmp -j ACCEPT
|
||||||
|
|
||||||
|
# let dhcp through? - YES
|
||||||
|
-A INPUT -i wlan6 -p udp -m udp --sport 137 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p udp -m udp --sport 138 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p udp -m udp --sport 139 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p tcp --sport 9055 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p tcp --sport 9054 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p tcp --sport 9053 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p tcp --sport 9051 -j DROP
|
||||||
|
-A INPUT -i wlan6 -p udp --sport 53 -j ACCEPT
|
||||||
|
|
||||||
|
# SRC=0.0.0.0 DST=255.255.255.255 PROTO=UDP SPT=68 DPT=67
|
||||||
|
-A INPUT -j LOG --log-prefix "iptables_libvirt_jLIBVIRT_INP-i: " --log-uid
|
||||||
|
# -A INPUT -i wlan6 -p udp -j DROP
|
||||||
|
-A INPUT -i wlan6 -j DROP
|
||||||
|
|
||||||
|
-A INPUT -j LIBVIRT_INP
|
||||||
|
|
||||||
|
-A FORWARD -j LIBVIRT_FWX
|
||||||
|
-A FORWARD -j LIBVIRT_FWI
|
||||||
|
-A FORWARD -j LIBVIRT_FWO
|
||||||
|
#d#-A OUTPUT -o wlan6 -p icmp -j LOG --log-prefix iptables_icmp_ACCEPT-o: --log-uid
|
||||||
|
## Traffic on the loopback interface is accepted.
|
||||||
|
-A OUTPUT -o lo -j ACCEPT
|
||||||
|
|
||||||
|
## Existing connections are accepted.
|
||||||
|
-A OUTPUT -m state --state ESTABLISHED -j ACCEPT
|
||||||
|
-A OUTPUT -o wlan6 -p icmp -j LOG --log-prefix "iptables_icmp_ACCEPT-o: " --log-uid
|
||||||
|
-A OUTPUT -o wlan6 -p icmp -j ACCEPT
|
||||||
|
# st-routers.mcast.net.
|
||||||
|
-A OUTPUT -o wlan6 -p udp -d 224.0.0.0/8 -j REJECT
|
||||||
|
|
||||||
|
## Accept outgoing connections to local network, Whonix-Workstation and VirtualBox,
|
||||||
|
-A OUTPUT -d 192.168.1.0/24 -j ACCEPT
|
||||||
|
-A OUTPUT -d 10.0.2.0/24 -j ACCEPT
|
||||||
|
|
||||||
|
# gateway
|
||||||
|
#-A OUTPUT -d 10.0.2.0/24 -j ACCEPT
|
||||||
|
|
||||||
|
-A OUTPUT -o wlan6 -d 10.16.238.0/24 -j ACCEPT
|
||||||
|
-A OUTPUT -o wlan6 -d 10.0.0.0/8 -j DROP
|
||||||
|
-A OUTPUT -o wlan6 -d 172.16.0.0/12 -j DROP
|
||||||
|
#-A OUTPUT -o wlan6 -d 192.168.0.0/16 -j DROP
|
||||||
|
-A OUTPUT -o wlan6 -d 224.0.0.0/4 -j DROP
|
||||||
|
-A OUTPUT -o wlan6 -d 240.0.0.0/5 -j DROP
|
||||||
|
|
||||||
|
# The ntp user is allowed to connect to services listening on the ntp port...
|
||||||
|
# If root runs ntpdate manually you will see requests to port 53 UID=0
|
||||||
|
#-A OUTPUT -o wlan6 -m owner --gid-owner 226 -p udp --dport 123 -j LOG --log-uid --log-prefix "iptables_123_ACCEPT-o: "
|
||||||
|
-A OUTPUT -o wlan6 -m owner --gid-owner 226 -p UDP --dport 123 -j ACCEPT
|
||||||
|
-A OUTPUT -o wlan6 -m owner --uid-owner 0 -p UDP --dport 123 -j ACCEPT
|
||||||
|
#-A OUTPUT -o wlan6 -m tcp -p TCP --dport 22 -j LOG --log-uid --log-prefix "IPTABLES_ssh_REJECT: "
|
||||||
|
-A OUTPUT -o wlan6 -m tcp -p TCP --dport 22 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
#test-A OUTPUT -o virbr1 -m tcp -p TCP --dport 22 -j LOG --log-uid --log-prefix "iptables_: "
|
||||||
|
-A OUTPUT -o wlan6 -m owner -p tcp --gid-owner 216 -j ACCEPT
|
||||||
|
-A OUTPUT -o wlan6 -m owner --gid-owner 1 -j ACCEPT
|
||||||
|
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 22 -j ACCEPT
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9028 -j LOG --log-uid --log-prefix "iptables_: "
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9028 -j ACCEPT
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9040 -j LOG --log-uid --log-prefix "iptables_: "
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9040 -j ACCEPT
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9050 -j LOG --log-uid --log-prefix "iptables_: "
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9050 -j ACCEPT
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9053 -j LOG --log-uid --log-prefix "iptables_: "
|
||||||
|
-A OUTPUT -o virbr1 -m tcp -p TCP --dport 9053 -j ACCEPT
|
||||||
|
-A OUTPUT -o virbr1 -m udp -p udp --dport 9053 -j ACCEPT
|
||||||
|
-A OUTPUT -j LIBVIRT_OUT
|
||||||
|
-A LIBVIRT_FWI -o virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWI_REJECT-o: "
|
||||||
|
-A LIBVIRT_FWI -o virbr2 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
|
||||||
|
-A LIBVIRT_FWI -d 10.0.2.0/24 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_FWI -o virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWI_REJECT-o: "
|
||||||
|
-A LIBVIRT_FWI -o virbr1 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
|
||||||
|
-A LIBVIRT_FWO -i virbr2 -j LOG --log-uid --log-prefix "IPTABLES_FWO_REJECT-i: "
|
||||||
|
-A LIBVIRT_FWO -i virbr2 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
|
||||||
|
-A LIBVIRT_FWO -s 10.0.2.0/24 -i virbr1 -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_FWO -i virbr1 -j LOG --log-uid --log-prefix "IPTABLES_FWO_REJECT-i: "
|
||||||
|
-A LIBVIRT_FWO -i virbr1 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
|
||||||
|
-A LIBVIRT_FWX -i virbr2 -o virbr2 -j ACCEPT
|
||||||
|
-A LIBVIRT_FWX -i virbr1 -o virbr1 -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_INP -i virbr2 -p udp -m udp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr2 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr2 -p udp -m udp --dport 67 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr2 -p tcp -m tcp --dport 67 -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 67 -j ACCEPT
|
||||||
|
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 67 -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_OUT -o virbr2 -p udp -m udp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr2 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr2 -p udp -m udp --dport 68 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr2 -p tcp -m tcp --dport 68 -j ACCEPT
|
||||||
|
|
||||||
|
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 68 -j ACCEPT
|
||||||
|
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 68 -j ACCEPT
|
||||||
|
COMMIT
|
||||||
|
# Completed on Wed Nov 4 01:14:37 2020
|
@ -0,0 +1,18 @@
|
|||||||
|
<!--
|
||||||
|
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
|
||||||
|
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
|
||||||
|
virsh net-edit Whonix-External
|
||||||
|
or other application using the libvirt API.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<network>
|
||||||
|
<name>External</name>
|
||||||
|
<forward mode='nat'/>
|
||||||
|
<bridge name='virbr1' stp='on' delay='0'/>
|
||||||
|
<mac address='52:54:00:f7:fb:37'/>
|
||||||
|
<ip address='10.0.2.2' netmask='255.255.255.0'>
|
||||||
|
<dhcp>
|
||||||
|
<range start='10.0.2.20' end='10.0.2.254'/>
|
||||||
|
</dhcp>
|
||||||
|
</ip>
|
||||||
|
</network>
|
@ -27,6 +27,9 @@ AGI_bootstrap_links:
|
|||||||
- from: /var/db/repos/gentoo
|
- from: /var/db/repos/gentoo
|
||||||
to: /usr/portage
|
to: /usr/portage
|
||||||
|
|
||||||
|
AGI_bootstrap_modules:
|
||||||
|
- virtio_console
|
||||||
|
|
||||||
# NO LEADING /
|
# NO LEADING /
|
||||||
AGI_bootstrap_dirs:
|
AGI_bootstrap_dirs:
|
||||||
- usr/local/etc/local.d
|
- usr/local/etc/local.d
|
||||||
@ -49,6 +52,8 @@ AGI_bootstrap_files:
|
|||||||
- usr/local/etc/local.d/local.bash
|
- usr/local/etc/local.d/local.bash
|
||||||
- usr/local/bin/usr_local_tput.bash
|
- usr/local/bin/usr_local_tput.bash
|
||||||
- usr/local/bin/proxy_export.bash
|
- usr/local/bin/proxy_export.bash
|
||||||
|
- etc/hosts
|
||||||
|
- etc/resolv.conf
|
||||||
|
|
||||||
AGI_bootstrap_uris:
|
AGI_bootstrap_uris:
|
||||||
- http://distfiles.gentoo.org/distfiles/00/elfutils-0.190.tar.bz2
|
- http://distfiles.gentoo.org/distfiles/00/elfutils-0.190.tar.bz2
|
||||||
@ -56,24 +61,35 @@ AGI_bootstrap_uris:
|
|||||||
- http://distfiles.gentoo.org/distfiles/60/shared-mime-info-2.2.tar.gz
|
- http://distfiles.gentoo.org/distfiles/60/shared-mime-info-2.2.tar.gz
|
||||||
- http://distfiles.gentoo.org/distfiles/fc/qemu-8.0.3.tar.xz
|
- http://distfiles.gentoo.org/distfiles/fc/qemu-8.0.3.tar.xz
|
||||||
|
|
||||||
|
AGI_bootstrap_pips3:
|
||||||
|
- negotiator-guest
|
||||||
|
|
||||||
|
# proxy_pkgs_inst:
|
||||||
AGI_bootstrap_pkgs:
|
AGI_bootstrap_pkgs:
|
||||||
- app-admin/sudo
|
- app-admin/sudo
|
||||||
- sys-boot/grub:2
|
- sys-boot/grub:2
|
||||||
|
- sys-boot/syslinux
|
||||||
- app-editors/mg
|
- app-editors/mg
|
||||||
- qemu-guest-agent
|
- qemu-guest-agent
|
||||||
- app-admin/logrotate
|
|
||||||
- "sys-process/{{ AGI_install_cron_daemon }}"
|
|
||||||
- "{{ AGI_install_syslog_daemon}}"
|
|
||||||
- "sys-boot/{{ AGI_install_bootloader }}"
|
|
||||||
- media-fonts/terminus-font
|
|
||||||
- sys-apps/gptfdisk
|
- sys-apps/gptfdisk
|
||||||
- net-analyzer/openbsd-netcat
|
- net-analyzer/openbsd-netcat
|
||||||
|
- app-admin/logrotate
|
||||||
|
- "sys-process/{{ AGI_install_cron_daemon }}"
|
||||||
|
- "app-admin/{{ AGI_install_syslog_daemon}}"
|
||||||
|
- "sys-boot/{{ AGI_install_bootloader }}"
|
||||||
|
- media-fonts/terminus-font
|
||||||
|
- net-misc/curl
|
||||||
|
- app-arch/unzip
|
||||||
|
- net-libs/pacparser
|
||||||
- sys-process/lsof
|
- sys-process/lsof
|
||||||
- dev-util/strace
|
- dev-util/strace
|
||||||
- sys-libs/gpm
|
|
||||||
- app-portage/eix
|
- app-portage/eix
|
||||||
- net-misc/curl
|
- sys-libs/gpm
|
||||||
- linux-firmware
|
- linux-firmware
|
||||||
|
- net-dns/bind-tools
|
||||||
|
# - www-client/lynx
|
||||||
|
- app-admin/supervisor
|
||||||
|
- dev-python/pip
|
||||||
|
|
||||||
AGI_cloud_pkgs:
|
AGI_cloud_pkgs:
|
||||||
# get these from base.json
|
# get these from base.json
|
||||||
@ -94,4 +110,3 @@ AGI_cloud_pkgs:
|
|||||||
# get these from config.json
|
# get these from config.json
|
||||||
# - app-emulation/cloud-init
|
# - app-emulation/cloud-init
|
||||||
# - sys-block/open-iscsi
|
# - sys-block/open-iscsi
|
||||||
|
|
||||||
|
15
roles/toxcore/vars/mask.txt
Normal file
15
roles/toxcore/vars/mask.txt
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
|
||||||
|
# /etc/portage/package.mask/2023_BROKEN.txt qemu
|
||||||
|
=app-emulation/qemu-guest-agent-8.0.2%
|
||||||
|
|
||||||
|
# /etc/portage/package.mask/2023_BROKEN.txt qemu
|
||||||
|
=app-emulation/qemu-guest-agent-8.0.0%
|
||||||
|
|
||||||
|
# /etc/portage/package.mask/2023_BROKEN.txt qemu
|
||||||
|
=app-emulation/qemu-guest-agent-8.0.3%
|
||||||
|
|
||||||
|
# /etc/portage/package.mask/2023_BROKEN.txt libvirt
|
||||||
|
=app-emulation/libvirt-9.4.0-r1%
|
||||||
|
|
||||||
|
# /etc/portage/package.mask/2022_BLOCKED.txt docker
|
||||||
|
app-containers/docker-compose%
|
114
roles/toxcore/vars/use.txt
Normal file
114
roles/toxcore/vars/use.txt
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
|
||||||
|
# /etc/portage/package.use/2017-01-01_libguestfs.txt iptables
|
||||||
|
net-firewall/iptables% nftables ipv6
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2017-08_testdisk.txt testdisk
|
||||||
|
app-admin/testdisk% ntfs qt5 -ewf
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2020-01_static-libs.txt zstd
|
||||||
|
app-arch/zstd% static-libs
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2020-03_jq.txt jq
|
||||||
|
app-misc/jq% oniguruma
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2016-11_world.txt libvpx
|
||||||
|
media-libs/libvpx% svc
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2019-02_electron.txt libvpx
|
||||||
|
media-libs/libvpx% postproc svc
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-04_world.txt libxcb
|
||||||
|
x11-libs/libxcb% xkb
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2018-01_qt.txt libxkbcommon
|
||||||
|
x11-libs/libxkbcommon% X tools
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2020-01_readline.txt libxml2
|
||||||
|
dev-libs/libxml2% -readline
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-00_verify-sig.txt libxml2
|
||||||
|
dev-libs/libxml2:2% verify-sig
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-04_world.txt libxml2
|
||||||
|
dev-libs/libxml2% python icu ipv6 lzma
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-00_verify-sig.txt libvirt-python
|
||||||
|
dev-python/libvirt-python% verify-sig
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-08_wafw00f.txt requests
|
||||||
|
dev-python/requests% socks5
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2020-00_dbus.txt dbus
|
||||||
|
sys-apps/dbus% X elogind -systemd
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2020-01_dbus.txt dbus
|
||||||
|
sys-apps/dbus% X elogind -systemd
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-01_wayland.txt gtk+
|
||||||
|
x11-libs/gtk+% X -wayland
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-04_world.txt vte
|
||||||
|
x11-libs/vte% crypt -icu introspection vala -debug -gtk-doc -systemd -vanilla
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2022-01_xterms.txt vte
|
||||||
|
x11-libs/vte% vanilla
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-00_verify-sig.txt zfs-kmod
|
||||||
|
sys-fs/zfs-kmod% verify-sig
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-00_verify-sig.txt zfs
|
||||||
|
sys-fs/zfs% verify-sig
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-00_verify-sig.txt zfs
|
||||||
|
sys-fs/zfs-kmod% verify-sig
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2020-01_nls.txt qemu
|
||||||
|
app-emulation/qemu% -nls
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-04_qemu.txt qemu
|
||||||
|
app-emulation/qemu% -accessibility aio alsa bzip2 caps -capstone curl -debug doc fdt filecaps -fuse -glusterfs gnutls gtk -infiniband -io-uring -iscsi -jack -jemalloc jpeg lzo -multipath ncurses -nfs -nls numa opengl -oss pin-upstream-blobs plugins png -pulseaudio python -rbd sasl sdl sdl-image seccomp -selinux -slirp -smartcard snappy spice ssh -static -static-user -systemtap -test -udev usb usbredir vde vhost-net vhost-user-fs virgl virtfs vnc vte xattr -xen xfs zstd #
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2023-00_python-3.11.txt qemu
|
||||||
|
app-emulation/qemu% -python_single_target_python3_10 python_single_target_python3_11 python_single_target_python3_11 -python_single_target_python3_10
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2019-11_aqemu.txt aqemu
|
||||||
|
app-emulation/aqemu% vnc
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2019-09_spice-gtk.txt spice-gtk
|
||||||
|
>=net-misc/spice-gtk-0.35% usbredir
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2020-01_polkit.txt spice-gtk
|
||||||
|
net-misc/spice-gtk% policykit
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2020-01_polkit.txt libvirt
|
||||||
|
app-emulation/libvirt% apparmor audit -bash-completion caps -dbus -dtrace -firewalld fuse -glusterfs -iscsi -iscsi-direct libssh libvirtd lvm lxc -macvtap -nfs -nls numa -openvz parted pcap -policykit qemu -rbd -sasl -selinux udev vepa verify-sig virt-network virtualbox -wireshark-plugins -xen -zfs
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2020-10_nfs.txt libvirt
|
||||||
|
app-emulation/libvirt% -nfs
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-00_verify-sig.txt libvirt
|
||||||
|
app-emulation/libvirt% verify-sig
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-00_verify-sig.txt libvirt
|
||||||
|
dev-python/libvirt-python% verify-sig
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2020-01_polkit.txt virt-manager
|
||||||
|
app-emulation/virt-manager% gtk -policykit virtualbox libvirtd caps dbus fuse libssh lxc macvtap numa parted pcap policykit qemu vepa virt-network
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2019-11_qxl.txt xf86-video-qxl
|
||||||
|
x11-drivers/xf86-video-qxl% xspice
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2019-11_libguestfs.txt libguestfs
|
||||||
|
app-emulation/libguestfs% parted virtualbox libvirt -erlang -lua perl fuse gtk inspect-icons introspection -ocaml python -ruby
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2023-00_python-3.11.txt libguestfs
|
||||||
|
app-emulation/libguestfs% python_single_target_python3_11
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2021-00_verify-sig.txt libvirt-python
|
||||||
|
dev-python/libvirt-python% verify-sig
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2017-02_docker.txt tini
|
||||||
|
sys-process/tini% static args
|
||||||
|
|
||||||
|
# /etc/portage/package.use/2017-02_docker.txt docker
|
||||||
|
app-containers/docker% btrfs
|
Loading…
Reference in New Issue
Block a user