Initial QEMU support

19 files changed, 402 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c1cacd5
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,9 @@
+# Ansible
+*.retry
+
+# images
+*.img
+*.qcow2
+
+# Python
+.python-version
diff --git a/group_vars/all.yml b/group_vars/all.yml
new file mode 100644
index 0000000..83f730f
--- /dev/null
+++ b/group_vars/all.yml
@@ -0,0 +1,16 @@
+ansible_host_key_checking: False
+
+vyos_iso_url: "{{ iso }}"
+vyos_iso_local: /tmp/vyos.iso
+vyos_key_url: http://packages.vyos.net/vyos-release.gpg
+vyos_key_local: /tmp/vyos-release.gpg
+
+CD_ROOT: /mnt/cdrom
+CD_SQUASH_ROOT: /mnt/cdsquash
+SQUASHFS_IMAGE: "{{ CD_ROOT }}/live/filesystem.squashfs"
+
+ROOT_FSTYPE: ext4
+
+WRITE_ROOT: /mnt/wroot
+READ_ROOT: /mnt/squashfs
+INSTALL_ROOT: /mnt/inst_root
diff --git a/hosts b/hosts
new file mode 100644
index 0000000..5fd0150
--- /dev/null
+++ b/hosts
@@ -0,0 +1,5 @@
+[local]
+localhost
+
+[qemu]
+localhost
diff --git a/library/hosts b/library/hosts
new file mode 100644
index 0000000..5fd0150
--- /dev/null
+++ b/library/hosts
@@ -0,0 +1,5 @@
+[local]
+localhost
+
+[qemu]
+localhost
diff --git a/library/latest_iso.py b/library/latest_iso.py
new file mode 100755
index 0000000..b55ea98
--- /dev/null
+++ b/library/latest_iso.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+from lxml import html
+import requests
+import json
+from ansible.module_utils.basic import AnsibleModule
+
+BASE_URL = 'https://downloads.vyos.io/'
+PAGE_URL = BASE_URL+'?dir=rolling/current/amd64'
+
+
+def run_module():
+    result = dict(changed=False)
+    module = AnsibleModule(argument_spec=dict())
+
+    page = requests.get(PAGE_URL)
+    tree = html.fromstring(page.content)
+    path = '//*[@id="directory-listing"]/li/a[1]/@href'
+    isos = [x for x in tree.xpath(path) if os.path.splitext(x)[1] == '.iso']
+    latest_iso = os.path.join(BASE_URL, isos[-1])
+    result['latest_iso'] = latest_iso
+
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    run_module()
diff --git a/qemu.yml b/qemu.yml
new file mode 100644
index 0000000..59d067d
--- /dev/null
+++ b/qemu.yml
@@ -0,0 +1,8 @@
+---
+- hosts: qemu
+  become: True
+  gather_facts: False
+  connection: local
+  roles:
+    - common
+    - qemu
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
new file mode 100644
index 0000000..82d07f8
--- /dev/null
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,9 @@
+- name: get latest_iso if iso is not defined
+  latest_iso:
+  when: iso is not defined
+  register: latest_iso
+
+- name: set latest_iso as vyos_iso_url
+  set_fact:
+    vyos_iso_url: "{{ latest_iso.latest_iso }}"
+  when: latest_iso is defined
diff --git a/roles/qemu/files/config.boot b/roles/qemu/files/config.boot
new file mode 100644
index 0000000..f1ec4f5
--- /dev/null
+++ b/roles/qemu/files/config.boot
@@ -0,0 +1,41 @@
+service {
+    ssh {
+        port 22
+    }
+}
+system {
+    host-name vyos
+    login {
+        user vyos {
+            authentication {
+                encrypted-password "$6$MjV2YvKQ56q$QbL562qhRoyUu8OaqrXagicvcsNpF1HssCY06ZxxghDJkBCfSfTE/4FlFB41xZcd/HqYyVBuRt8Zyq3ozJ0dc."
+                plaintext-password ""
+            }
+            level admin
+        }
+    }
+    syslog {
+        global {
+            facility all {
+                level notice
+            }
+            facility protocols {
+                level debug
+            }
+        }
+    }
+    ntp {
+        server "0.pool.ntp.org"
+        server "1.pool.ntp.org"
+        server "2.pool.ntp.org"
+    }
+    config-management {
+        commit-revisions 100
+    }
+}
+interfaces {
+    ethernet eth0 {
+        address dhcp
+    }
+    loopback lo
+}
diff --git a/roles/qemu/files/persistence.conf b/roles/qemu/files/persistence.conf
new file mode 100644
index 0000000..f500aef
--- /dev/null
+++ b/roles/qemu/files/persistence.conf
@@ -0,0 +1 @@
+/ union
diff --git a/roles/qemu/tasks/build_image.yml b/roles/qemu/tasks/build_image.yml
new file mode 100644
index 0000000..7cfdadc
--- /dev/null
+++ b/roles/qemu/tasks/build_image.yml
@@ -0,0 +1,122 @@
+- name: Create the target disk image
+  command: qemu-img create -f raw "{{ vyos_raw_img }}" 1G
+
+- name: Find loopback
+  shell: losetup -f 
+  register: loopback
+
+- name: Loopback attach
+  command: "losetup {{ loopback.stdout }} {{ vyos_raw_img }}"
+
+- name: Partition the target drive
+  parted:
+    device: "{{ loopback.stdout }}"
+    state: present
+    label: msdos
+    number: 1
+    part_type: primary
+    part_start: 0%
+    part_end: 100%
+    align: optimal
+    flags: [boot]
+
+- name: Create a filesystem on root partition
+  filesystem:
+    fstype: "{{ ROOT_FSTYPE }}"
+    device: "{{ loopback.stdout }}"
+    opts: "-L persistence"
+
+- name: Mount root partition
+  mount:
+    name: "{{ WRITE_ROOT }}"
+    src: "{{ loopback.stdout }}"
+    fstype: "{{ ROOT_FSTYPE }}"
+    state: mounted
+
+# ---- Install image from ISO ----
+- name: Create {{ WRITE_ROOT }} directories
+  file:
+    path: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/rw"
+    state: directory
+  register: RW_DIR
+
+- name: Create the work directory
+  file:
+    path: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/work/work"
+    state: directory
+
+- name: Copy squashfs image from ISO to root partition
+  command: cp -p {{ SQUASHFS_IMAGE }} {{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/{{ version_string.stdout }}.squashfs
+  args:
+   creates: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/{{ version_string.stdout }}.squashfs"
+
+- name: Copy boot files (kernel and initrd images) from ISO to root partition
+  shell: find {{ CD_SQUASH_ROOT }}/boot -maxdepth 1  \( -type f -o -type l \) -print -exec cp -dp {} {{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/ \;
+  args:
+    creates: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/vmlinuz"
+
+- name: Mount squashfs image from root partition
+  mount:
+    name: "{{ READ_ROOT }}"
+    src: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/{{ version_string.stdout }}.squashfs"
+    fstype: squashfs
+    opts: loop,ro
+    state: mounted
+
+- name: Set up union root for post installation tasks
+  mount:
+    name: "{{ INSTALL_ROOT }}"
+    src: none
+    fstype: aufs
+    opts: "noatime,dirs={{ RW_DIR.path }}=rw:{{ READ_ROOT }}=rr"
+    state: mounted
+
+# ---- Post image installation tasks ----
+
+## ---- VyOS configuration ----
+- name: Make sure that config partition marker exists
+  file:
+    path: "{{ INSTALL_ROOT }}/opt/vyatta/etc/config/.vyatta_config"
+    state: touch
+
+- name: Copy the default config for QEMU to the installed image
+  template:
+    src: files/config.boot
+    dest: "{{ INSTALL_ROOT }}/opt/vyatta/etc/config/config.boot"
+    mode: 0755
+
+## ---- Install GRUB boot loader ----
+- name: Create GRUB directory
+  file:
+    path: "{{ WRITE_ROOT }}/boot/grub"
+    state: directory
+
+# It is necessary to mount and bind /dev, /proc, /sys and /boot in order to execute grub-install
+# and install GRUB correctly within the {{ volume_drive }} using chroot
+
+# XXX: ansible mount module requires fstype so it cannot be used for binding an already
+# mounted location, we get to use mount directly at least for /boot
+- name: Mount and bind /dev /proc /sys and {{ WRITE_ROOT }}/boot to {{ INSTALL_ROOT }}
+  shell: mount --bind /dev {{ INSTALL_ROOT }}/dev &&
+         mount --bind /proc {{ INSTALL_ROOT }}/proc &&
+         mount --bind /sys {{ INSTALL_ROOT }}/sys &&
+         mount --bind {{ WRITE_ROOT }} {{ INSTALL_ROOT }}/boot
+  args:
+    warn: no
+
+- name: Install GRUB in the boot sector of {{ loopback.stdout }}
+  command: chroot {{ INSTALL_ROOT }} grub-install --no-floppy --root-directory=/boot {{ loopback.stdout }} --force
+  args:
+    creates: "{{ INSTALL_ROOT }}/boot/grub/grubenv"
+
+- name: Configure GRUB
+  template:
+    src: templates/boot/grub/grub.cfg.j2
+    dest: "{{ WRITE_ROOT }}/boot/grub/grub.cfg"
+    mode: 0644
+
+- name: Create the persistence config
+  template:
+    src: files/persistence.conf
+    dest: "{{ WRITE_ROOT }}/persistence.conf"
+    mode: 0644
diff --git a/roles/qemu/tasks/convert.yml b/roles/qemu/tasks/convert.yml
new file mode 100644
index 0000000..7ed4ce9
--- /dev/null
+++ b/roles/qemu/tasks/convert.yml
@@ -0,0 +1,5 @@
+- name: Convert raw to qcow2
+  command: qemu-img convert -f raw "{{ vyos_raw_img }}" -O qcow2 "{{ vyos_qemu_img }}"
+- name: Copy image
+  become: false
+  command: cp "{{ vyos_qemu_img }}" .
diff --git a/roles/qemu/tasks/install_packages.yml b/roles/qemu/tasks/install_packages.yml
new file mode 100644
index 0000000..b60241e
--- /dev/null
+++ b/roles/qemu/tasks/install_packages.yml
@@ -0,0 +1,10 @@
+- name: Install required packages
+  become: yes
+  apt:
+    update_cache: yes
+    name:
+      - parted
+      - e2fsprogs
+      - gnupg
+      - qemu-utils
+    state: present
diff --git a/roles/qemu/tasks/load_modules.yml b/roles/qemu/tasks/load_modules.yml
new file mode 100644
index 0000000..44295fe
--- /dev/null
+++ b/roles/qemu/tasks/load_modules.yml
@@ -0,0 +1,2 @@
+- name: Load aufs module
+  shell: modprobe aufs
diff --git a/roles/qemu/tasks/main.yml b/roles/qemu/tasks/main.yml
new file mode 100644
index 0000000..611a6d3
--- /dev/null
+++ b/roles/qemu/tasks/main.yml
@@ -0,0 +1,7 @@
+- include_tasks: install_packages.yml
+- include_tasks: load_modules.yml
+- include_tasks: setup_iso.yml
+- include_tasks: build_image.yml
+- include_tasks: unmount.yml
+- include_tasks: convert.yml
+
diff --git a/roles/qemu/tasks/setup_iso.yml b/roles/qemu/tasks/setup_iso.yml
new file mode 100644
index 0000000..18f1f5e
--- /dev/null
+++ b/roles/qemu/tasks/setup_iso.yml
@@ -0,0 +1,57 @@
+- name: Fetch VyOS ISO GPG signature
+  uri:
+    url: "{{ vyos_iso_url }}.asc"
+    dest: "{{ vyos_iso_local }}.asc"
+    status_code: 200,404,403
+  tags: verify
+  register: gpg_uri
+
+- name: Download VyOS ISO release
+  get_url:
+    url: "{{ vyos_iso_url }}"
+    dest: "{{ vyos_iso_local }}"
+
+- name: Fetch the VyOS release GPG key
+  get_url:
+    url: "{{ vyos_key_url}}"
+    dest: "{{ vyos_key_local }}"
+  tags: verify
+
+- name: Install the VyOS release GPG key
+  command: gpg --import {{ vyos_key_local }}
+  when: gpg_uri.status == 200
+  tags: verify
+
+- name: Validate ISO GPG signature
+  command: gpg --verify {{ vyos_iso_local }}.asc {{ vyos_iso_local }}
+  when: gpg_uri.status == 200
+  tags: verify
+
+- name: Mount ISO
+  mount:
+    name: "{{ CD_ROOT }}"
+    src: "{{ vyos_iso_local }}"
+    fstype: iso9660
+    opts: loop,ro
+    state: mounted
+
+- name: Verify checksums of all the files in the ISO image
+  command: md5sum -c md5sum.txt
+  args:
+    chdir: "{{ CD_ROOT }}"
+  changed_when: False
+
+- name: Mount squashfs image from ISO
+  mount:
+    name: "{{ CD_SQUASH_ROOT }}"
+    src: "{{ SQUASHFS_IMAGE }}"
+    fstype: squashfs
+    opts: loop,ro
+    state: mounted
+
+- name: Read version string from iso packages
+  shell: cat {{ CD_SQUASH_ROOT }}/opt/vyatta/etc/version | awk '{print $2}' | tr + -
+  register: version_string
+
+- name: Debug version string as read from ISO
+  debug: msg="This is version {{ version_string.stdout }}"
diff --git a/roles/qemu/tasks/unmount.yml b/roles/qemu/tasks/unmount.yml
new file mode 100644
index 0000000..39c3d52
--- /dev/null
+++ b/roles/qemu/tasks/unmount.yml
@@ -0,0 +1,66 @@
+# Unmount all mounts
+# If remove unmounted before absent, cannot unmount INSTALL_ROOT...
+- name: Unmount {{ INSTALL_ROOT }}/boot
+  mount:
+    name: "{{ INSTALL_ROOT }}/boot"
+    src: "{{ WRITE_ROOT }}"
+    fstype: none
+    state: unmounted
+
+- name: Unmount {{ INSTALL_ROOT }}/boot
+  mount:
+    name: "{{ INSTALL_ROOT }}/boot"
+    src: "{{ WRITE_ROOT }}"
+    fstype: none
+    state: absent
+
+- name: Unmount {{ INSTALL_ROOT }}/sys, {{ INSTALL_ROOT }}/proc, {{ INSTALL_ROOT }}/dev
+  mount:
+    name: "{{ INSTALL_ROOT }}/{{ item }}"
+    src: "/{{ item }}"
+    fstype: none
+    state: unmounted
+  with_items: [ 'sys', 'proc', 'dev' ]
+
+- name: Unmount {{ INSTALL_ROOT }}/sys, {{ INSTALL_ROOT }}/proc, {{ INSTALL_ROOT }}/dev
+  mount:
+    name: "{{ INSTALL_ROOT }}/{{ item }}"
+    src: "/{{ item }}"
+    fstype: none
+    state: absent
+  with_items: [ 'sys', 'proc', 'dev' ]
+
+- name: Unmount {{ INSTALL_ROOT }}
+  mount:
+    name: "{{ INSTALL_ROOT }}"
+    src: overlayfs
+    fstype: overlayfs
+    state: absent
+
+- name: Unmount {{ READ_ROOT }}
+  mount:
+    name: "{{ READ_ROOT }}"
+    src: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/{{ version_string.stdout }}.squashfs"
+    fstype: squashfs
+    state: absent
+
+- name: Unmount {{ WRITE_ROOT }}
+  mount:
+    name: "{{ WRITE_ROOT }}"
+    src: "{{ loopback.stdout }}"
+    fstype: "{{ ROOT_FSTYPE }}"
+    state: absent
+
+- name: Unmount {{ CD_SQUASH_ROOT }}
+  mount:
+    name: "{{ CD_SQUASH_ROOT }}"
+    src: "{{ SQUASHFS_IMAGE }}"
+    fstype: squashfs
+    state: absent
+
+- name: Unmount {{ CD_ROOT }}
+  mount:
+    name: "{{ CD_ROOT }}"
+    src: "{{ vyos_iso_local }}"
+    fstype: iso9660
+    state: absent
diff --git a/roles/qemu/templates/boot/grub/device.map.j2 b/roles/qemu/templates/boot/grub/device.map.j2
new file mode 100644
index 0000000..e14205e
--- /dev/null
+++ b/roles/qemu/templates/boot/grub/device.map.j2
@@ -0,0 +1 @@
+(hd0)  /dev/sda
diff --git a/roles/qemu/templates/boot/grub/grub.cfg.j2 b/roles/qemu/templates/boot/grub/grub.cfg.j2
new file mode 100644
index 0000000..cf126ab
--- /dev/null
+++ b/roles/qemu/templates/boot/grub/grub.cfg.j2
@@ -0,0 +1,7 @@
+set default=0
+set timeout=0
+
+menuentry "VyOS VM Image {{ version_string.stdout }}" {
+  linux /boot/{{ version_string.stdout }}/vmlinuz boot=live selinux=0 vyos-union=/boot/{{ version_string.stdout }} console=tty1
+  initrd /boot/{{ version_string.stdout }}/initrd.img
+}
diff --git a/roles/qemu/vars/main.yml b/roles/qemu/vars/main.yml
new file mode 100644
index 0000000..838a6cb
--- /dev/null
+++ b/roles/qemu/vars/main.yml
@@ -0,0 +1,2 @@
+vyos_raw_img: /tmp/vyos_raw_image.img
+vyos_qemu_img: /tmp/vyos_qemu_image.qcow2