File libguestfs.test.simple.create-sles12-guest-crypt-on-lvm.sh of Package libguestfs.215
#!/bin/bash
# Create an openSUSE image with lvm on dm-crypt partition
#
# Theory of operation:
# This script uses zypper from the host to resolve dependencies
# for zypper which runs within the appliance. If zypper on the host
# is too old, it will be unable to handle repo data from 13.1:
# http://lists.opensuse.org/zypp-devel/2013-11/msg00000.html
# "[zypp-devel] Package conflicting with itself"
# For this reason zypper from 12.3 can be used to install the pattern
# of the final repo.
# First the dependencies of zypper are resolved, the required packages
# are downloaded and extracted with unrpm. Now the guest is started and
# the partitions in the diskimage are prepared. Then the extracted
# package content is copied into the guest. Once that is done zypper
# inside the guest will install the base pattern and a few extra packages.
# Finally the bootloader grub is configured. Once all that is done
# kvm is started. If all goes well a login prompt appears.
# The password for the crypted partition is "123456".
# The password for root is "root".
# The guest has also network access to the outside.
#
# Expected runtime: ca. 200 seconds
# Requires at least 1.24.5 because this includes the required crypt modules
#
# Expected output:
# guest should start
# no "obvious" errors should be shown during the disk operation
# at the end kvm is started with the generated disk image
# login should be possible
#
set -e
unset LANG
unset ${!LC_*}
cpus=`grep -Ec 'cpu[0-9]' /proc/stat || echo 1`
output_diskimage=/dev/shm/$LOGNAME/testcase.img
final_repo=http://dist.suse.de/install/SLP/SLE-12-Server-LATEST/x86_64/DVD1
initial_repo=http://dist.suse.de/install/SLP/SLE-12-Server-LATEST/x86_64/DVD1
force=false
guest_zypper_in__pattern_name="base"
guest_zypper_in__package_list="
grub2
kernel-default
less
master-boot-code
nfs-utils
parted
vim
"
guest_root_password="root"
guest_crypt_password="123456"
diskname_inside_vm=/dev/sda
case "$0" in
/*) progname="$0" ;;
*) progname="$PWD/$0" ;;
esac
_exit() {
echo "Exiting '$0 $*'."
exit 1
}
_unrpm() {
CPIO_OPTS="--extract --unconditional --preserve-modification-time --make-directories"
FILES="$@"
for f in $FILES; do
echo -ne "$f:\t"
rpm2cpio $f | cpio ${CPIO_OPTS}
done
}
until test $# -lt 1
do
case "$1" in
--unrpm) shift ; _unrpm "$@" ; exit 0 ;;
-n) diskname_inside_vm="$2" ; shift ;;
-o) output_diskimage="$2" ; shift ;;
-R) initial_repo="$2" ; shift ;;
-r) final_repo="$2" ; shift ;;
-f) force=true ;;
-x) set -x ;;
*) echo "Unknown option '$1'" ; exit 1 ;;
esac
shift
done
if test -z "${initial_repo}"
then
echo "URL to initial repo required. Wrong -R option."
_exit
fi
if test -z "${final_repo}"
then
echo "URL to final repo required. Wrong -r option."
_exit
fi
if test -z "${output_diskimage}"
then
echo "Filename for temporary disk image required. Wrong -o option."
_exit
fi
if test -e "${output_diskimage}"
then
if test "${force}" = "false"
then
echo "Output diskimage '${output_diskimage}' exists."
echo "It will not be overwritten. Option '-f' exists to force overwrite."
_exit
fi
fi
zypper --version
cpio --version
guestfish --version
kvm="qemu-system-`uname -m`"
if $kvm --version
then
: good
else
kvm="qemu-kvm"
if $kvm --version
then
:
else
echo "No qemu-kvm found."
_exit
fi
fi
guestfish_version="`guestfish --version | awk '{print \$2}'`"
case "${guestfish_version}" in
1.20*) _exit ;;
1.21*) _exit ;;
1.22*) _exit ;;
1.23*) _exit ;;
1.24.[0-4]) _exit ;;
*) ;;
esac
mkdir -vp "${output_diskimage%/*}"
td=`mktemp -d --tmpdir=/dev/shm/${LOGNAME}`
tf=`mktemp --tmpdir=/dev/shm/${LOGNAME}`
_exit() {
rm -rf "$tf"
rm -rf "$td"
}
trap _exit EXIT
dir_repo=${td}/repos.d
dir_root=${td}/root
dir_cache=${td}/cache
mkdir -vp \
${dir_root} \
${dir_cache} \
${dir_repo}
cat > ${tf} <<EOF
[main]
reposdir = ${dir_repo}
EOF
cat > ${dir_repo}/tmp.repo <<EOF
[tmp]
name=tmp
enabled=1
autorefresh=1
keeppackages=0
baseurl=${initial_repo}
EOF
packages="
curl
iproute2
zypper
"
head ${dir_repo}/tmp.repo ${tf}
zypper \
--verbose \
--verbose \
--config ${tf} \
--root ${dir_root} \
--reposd-dir ${dir_repo} \
--cache-dir ${dir_cache} \
--gpg-auto-import-keys \
--no-gpg-checks \
--non-interactive \
lr -d
zypper \
--verbose \
--verbose \
--config ${tf} \
--root ${dir_root} \
--reposd-dir ${dir_repo} \
--cache-dir ${dir_cache} \
--gpg-auto-import-keys \
--no-gpg-checks \
--non-interactive \
install \
--auto-agree-with-licenses \
--no-recommends \
--dry-run \
--download-only \
${packages}
cd ${dir_root}
find ${dir_cache} -xdev -name "*.rpm" -print0 | sort -z | xargs -0 -n 1 -P ${cpus} bash "${progname}" --unrpm
mkdir -vp etc/zypp/repos.d
grep -w search /etc/resolv.conf >> etc/resolv.conf
echo nameserver 169.254.2.3 >> etc/resolv.conf
grep -w root /etc/passwd > etc/passwd
grep -w root /etc/group > etc/group
echo 'root::15209::::::' > etc/shadow
cat > etc/fstab <<EOF
LABEL=SWAP swap swap defaults 0 0
LABEL=ROOT / ext4 noatime 1 2
EOF
du -sm .
find ${dir_cache} -xdev -name "*.rpm" -delete
(
echo "${guest_crypt_password}"
echo "${guest_crypt_password}"
) | \
guestfish \
-x \
--keys-from-stdin \
\
sparse ${output_diskimage} 2048M : \
set-smp 2 : \
set-memsize 1024 : \
set-network true : \
run : \
list-devices : \
part-init ${diskname_inside_vm} mbr : \
part-add ${diskname_inside_vm} primary 1 $(( ((1024*1024)* 64)/512 - 1)) : \
part-add ${diskname_inside_vm} primary $(( ((1024*1024)* 64)/512 )) $(( ((1024*1024)*1024)/512 - 1)) : \
part-add ${diskname_inside_vm} primary $(( ((1024*1024)*1024)/512 )) $(( ((1024*1024)*1555)/512 - 1)) : \
part-add ${diskname_inside_vm} primary $(( ((1024*1024)*1555)/512 )) $(( ((1024*1024)*2024)/512 - 1)) : \
part-list ${diskname_inside_vm} : \
mkswap-opts ${diskname_inside_vm}1 label:SWAP : \
mke2fs ${diskname_inside_vm}2 label:ROOT fstype:ext4 blocksize:1024 : \
pvcreate ${diskname_inside_vm}3 : \
vgcreate uncrypted ${diskname_inside_vm}3 : \
luks-format ${diskname_inside_vm}4 0 : \
luks-open ${diskname_inside_vm}4 crypt_part4 : \
pvcreate /dev/mapper/crypt_part4 : \
vgcreate crypted /dev/mapper/crypt_part4 : \
lvcreate-free root uncrypted 50 : \
lvcreate-free work uncrypted 50 : \
lvcreate-free home crypted 50 : \
lvcreate-free mail crypted 50 : \
list-devices : \
list-partitions : \
pvs-full : \
vgs-full : \
lvs-full : \
mke2fs /dev/uncrypted/root label:LV_ROOT fstype:ext4 blocksize:1024 : \
mke2fs /dev/uncrypted/work label:LV_WORK fstype:ext4 blocksize:1024 : \
mke2fs /dev/crypted/home label:LV_HOME fstype:ext4 blocksize:1024 : \
mke2fs /dev/crypted/mail label:LV_MAIL fstype:ext4 blocksize:1024 : \
part-set-bootable ${diskname_inside_vm} 2 true : \
list-filesystems : \
swapon-label SWAP : \
mount-options discard ${diskname_inside_vm}2 / : \
set-verbose false : \
copy-in `echo *` / : \
set-verbose true : \
command /sbin/ldconfig : \
cat /etc/resolv.conf : \
command "ip a" : \
command "curl google.com" : \
command "zypper help" : \
command "zypper -v -v ar -c -K -f ${final_repo} tmp" : \
sh "(set -x -e ; z_in='zypper -v -v --gpg-auto-import-keys --no-gpg-checks --non-interactive in --auto-agree-with-licenses --no-recommends' ; \$z_in -t pattern ${guest_zypper_in__pattern_name} ; chkstat --set /etc/permissions /etc/permissions.easy ; echo root:${guest_root_password} | chpasswd ; \$z_in `eval echo ${guest_zypper_in__package_list}` ) 2>&1 " : \
sh "depmod -a \$(get_kernel_version /boot/vmlinuz) ; mkinitrd -B" : \
sh "dd if=/usr/lib/boot/MBR of=${diskname_inside_vm}" : \
sh "echo GRUB_DISABLE_OS_PROBER=true >> /etc/default/grub " : \
sh "echo GRUB_DISABLE_LINUX_RECOVERY=true >> /etc/default/grub " : \
sh "echo GRUB_CMDLINE_LINUX_DEFAULT=\'quiet panic=9 video=800x600 \' >> /etc/default/grub " : \
sh "grub2-mkconfig > /boot/grub2/grub.cfg " : \
sh "grub2-install --force --verbose ${diskname_inside_vm}2 " : \
sh "echo crypt_part4 ${diskname_inside_vm}4 none luks,timeout=0 >> /etc/crypttab" : \
mkdir /LV_ROOT : \
sh "echo LABEL=LV_ROOT /LV_ROOT ext4 noatime 1 2 >> /etc/fstab" : \
mkdir /LV_WORK : \
sh "echo LABEL=LV_WORK /LV_WORK ext4 noatime 1 2 >> /etc/fstab" : \
mkdir /LV_HOME : \
sh "echo LABEL=LV_HOME /LV_HOME ext4 noatime 1 2 >> /etc/fstab" : \
mkdir /LV_MAIL : \
sh "echo LABEL=LV_MAIL /LV_MAIL ext4 noatime 1 2 >> /etc/fstab" : \
sh "echo BOOTPROTO='dhcp' >> /etc/sysconfig/network/ifcfg-eth0" : \
sh "echo STARTMODE='auto' >> /etc/sysconfig/network/ifcfg-eth0" : \
sh "echo 'Password for User root is: ${guest_root_password}' >> /etc/issue" : \
sh "echo >> /etc/issue" : \
cat /etc/fstab : \
quit
ls -lhsS "${output_diskimage}"
: ${diskname_inside_vm}
case "${diskname_inside_vm}" in
*vda*)
qemu_drive_options="
-drive file=${output_diskimage},cache=writeback,id=hd0,if=none \
-device virtio-blk-pci,drive=hd0 \
"
;;
*sda*)
qemu_drive_options="
-device virtio-scsi-pci,id=scsi \
-drive file=${output_diskimage},cache=unsafe,format=raw,id=hd0,if=none \
-device scsi-hd,drive=hd0 \
"
;;
*)
echo "${diskname_inside_vm} not handled"
_exit
esac
$kvm -enable-kvm \
-global virtio-blk-pci.scsi=off \
-enable-fips \
-machine accel=kvm:tcg \
-cpu host,+kvmclock \
-m 500 \
-no-reboot \
-no-hpet \
${qemu_drive_options} \
-device virtio-serial-pci \
-serial stdio \
-device VGA \
-netdev user,id=usernet,net=169.254.0.0/16 \
-device virtio-net-pci,netdev=usernet
exit 0