new image structure for cisco-vpn and related scripts
Some checks failed
Test / test (push) Has been cancelled
Some checks failed
Test / test (push) Has been cancelled
This commit is contained in:
116
apps/rego-tunnel/shared/start-vm.sh
Normal file
116
apps/rego-tunnel/shared/start-vm.sh
Normal file
@@ -0,0 +1,116 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
# If provided, extract ssh.zip to /root/.ssh (not baked into the image)
|
||||
SSH_ZIP_PATH="/shared/ssh.zip"
|
||||
SSH_ZIP_DEST="/root/.ssh"
|
||||
|
||||
if [ -f "$SSH_ZIP_PATH" ]; then
|
||||
mkdir -p "$SSH_ZIP_DEST"
|
||||
chmod 700 "$SSH_ZIP_DEST"
|
||||
|
||||
echo "[rego-tunnel] Extracting $SSH_ZIP_PATH -> $SSH_ZIP_DEST"
|
||||
# Exclude editor swap/backup files; overwrite existing.
|
||||
7z x -y -aoa -o"$SSH_ZIP_DEST" "$SSH_ZIP_PATH" \
|
||||
-x!*.swp -x!*.swo -x!*.swx -x!*~ -x!.DS_Store >/dev/null
|
||||
|
||||
find "$SSH_ZIP_DEST" -type d -exec chmod 700 {} \;
|
||||
find "$SSH_ZIP_DEST" -type f -exec chmod 600 {} \;
|
||||
else
|
||||
echo "[rego-tunnel] No $SSH_ZIP_PATH found; skipping SSH zip extraction"
|
||||
fi
|
||||
|
||||
# Wait for network setup
|
||||
sleep 2
|
||||
|
||||
TAP_NAME="${TAP_NAME:-tap0}"
|
||||
|
||||
# Optional: provide a dedicated 9p export for host app-data (bind-mounted into the container at /shared/app-data)
|
||||
TSCLIENT_PATH="/hostshare"
|
||||
TSCLIENT_TAG="${TSCLIENT_TAG:-TSCLIENT}"
|
||||
SHARED_TAG="${SHARED_TAG:-shared}"
|
||||
|
||||
# Ensure the VM auto-mounts the 9p shares without manual steps.
|
||||
# This edits the QCOW2 from the outside (idempotent) before QEMU boots.
|
||||
AUTO_MOUNT_9P="${AUTO_MOUNT_9P:-1}"
|
||||
if [ "$AUTO_MOUNT_9P" = "1" ]; then
|
||||
QCOW2_PATH="/vm/linux-vm.qcow2"
|
||||
NBD_DEV="${NBD_DEV:-/dev/nbd0}"
|
||||
VMROOT_MNT="/mnt/vmroot"
|
||||
|
||||
if [ -e "$QCOW2_PATH" ] && [ -e "$NBD_DEV" ]; then
|
||||
echo "[rego-tunnel] Ensuring guest fstab mounts 9p tags ($SHARED_TAG, $TSCLIENT_TAG)"
|
||||
modprobe nbd max_part=16 >/dev/null 2>&1 || true
|
||||
qemu-nbd --disconnect "$NBD_DEV" >/dev/null 2>&1 || true
|
||||
qemu-nbd --connect "$NBD_DEV" "$QCOW2_PATH"
|
||||
sleep 1
|
||||
|
||||
# In containers, the kernel may create sysfs partition entries but not
|
||||
# auto-create the corresponding /dev/nbd0p* nodes. Create them if missing.
|
||||
base_dev="$(basename "$NBD_DEV")"
|
||||
for sysfs_dev in /sys/class/block/${base_dev}p*; do
|
||||
[ -e "$sysfs_dev" ] || continue
|
||||
part_name="$(basename "$sysfs_dev")"
|
||||
devnode="/dev/$part_name"
|
||||
[ -e "$devnode" ] && continue
|
||||
if [ -r "$sysfs_dev/dev" ]; then
|
||||
IFS=: read -r major minor < "$sysfs_dev/dev" || true
|
||||
if [ -n "${major:-}" ] && [ -n "${minor:-}" ]; then
|
||||
mknod "$devnode" b "$major" "$minor" 2>/dev/null || true
|
||||
chmod 660 "$devnode" 2>/dev/null || true
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
mkdir -p "$VMROOT_MNT"
|
||||
ROOT_PART=""
|
||||
for part in "${NBD_DEV}"p*; do
|
||||
[ -e "$part" ] || continue
|
||||
# Try mount and detect a Linux root by presence of /etc/fstab and /etc/os-release
|
||||
if mount "$part" "$VMROOT_MNT" >/dev/null 2>&1; then
|
||||
if [ -d "$VMROOT_MNT/etc" ] && { [ -f "$VMROOT_MNT/etc/os-release" ] || [ -f "$VMROOT_MNT/usr/lib/os-release" ] || [ -f "$VMROOT_MNT/usr/share/os-release" ]; }; then
|
||||
ROOT_PART="$part"
|
||||
break
|
||||
fi
|
||||
umount "$VMROOT_MNT" >/dev/null 2>&1 || true
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "$ROOT_PART" ]; then
|
||||
# already mounted from loop above
|
||||
mkdir -p "$VMROOT_MNT/shared" "$VMROOT_MNT/hostshare"
|
||||
|
||||
FSTAB="$VMROOT_MNT/etc/fstab"
|
||||
# Add entries only if missing
|
||||
grep -qE "^[[:space:]]*${SHARED_TAG}[[:space:]]+" "$FSTAB" || echo "${SHARED_TAG} /shared 9p trans=virtio,version=9p2000.L,msize=262144,_netdev,nofail,x-systemd.automount 0 0" >> "$FSTAB"
|
||||
grep -qE "^[[:space:]]*${TSCLIENT_TAG}[[:space:]]+" "$FSTAB" || echo "${TSCLIENT_TAG} /hostshare 9p trans=virtio,version=9p2000.L,msize=262144,_netdev,nofail,x-systemd.automount 0 0" >> "$FSTAB"
|
||||
|
||||
umount "$VMROOT_MNT" >/dev/null 2>&1 || true
|
||||
else
|
||||
echo "[rego-tunnel] WARN: could not locate guest root partition; skipping auto-mount setup"
|
||||
lsblk -fp "$NBD_DEV" 2>/dev/null || true
|
||||
blkid "$NBD_DEV"* 2>/dev/null || true
|
||||
fi
|
||||
|
||||
qemu-nbd --disconnect "$NBD_DEV" >/dev/null 2>&1 || true
|
||||
else
|
||||
echo "[rego-tunnel] WARN: missing $QCOW2_PATH or $NBD_DEV; skipping auto-mount setup"
|
||||
fi
|
||||
fi
|
||||
|
||||
exec qemu-system-x86_64 \
|
||||
-enable-kvm \
|
||||
-cpu host \
|
||||
-m ${VM_RAM:-8G} \
|
||||
-smp ${VM_CPUS:-4} \
|
||||
-hda /vm/linux-vm.qcow2 \
|
||||
-fsdev local,id=fsdev0,path=/shared,security_model=none,multidevs=remap \
|
||||
-device virtio-9p-pci,fsdev=fsdev0,mount_tag="$SHARED_TAG" \
|
||||
-fsdev local,id=fsdev1,path="$TSCLIENT_PATH",security_model=none,multidevs=remap \
|
||||
-device virtio-9p-pci,fsdev=fsdev1,mount_tag="$TSCLIENT_TAG" \
|
||||
-netdev tap,id=net0,ifname="$TAP_NAME",script=no,downscript=no \
|
||||
-device virtio-net-pci,netdev=net0,mac=52:54:00:12:34:56 \
|
||||
-vnc :0 \
|
||||
-vga virtio \
|
||||
-usb \
|
||||
-device usb-tablet
|
||||
Reference in New Issue
Block a user