Sunday, May 23, 2010

OpenBSD QEMU setup scripts

Here is a pair of scripts I've used to setup harnesses for some testing of custom images I've made, these will require that you have sudo access to ifconfig, as well as have qemu installed. I also use non default tun interfaces, (not installed by default), to get these working go to /dev and run "./MAKEDEV tun10 tun11 tun12 tun13 tun14 tun15"

This first on is a harness setup script.

To run the setup script simply do "sh setup-vharness.sh"

This will configure 6 tun interfaces for the image to use, I use them as WAN/LAN/DMZ, but you can use however you want, change ip's in the script to suite your needs.

#!/bin/sh
# setup-vharness.sh
# script to setup qemu guest carp setup on an obsd box

SUDO=/usr/bin/sudo
MODE=ENABLE

usage() {
  echo "usage: $0 [-d]" 1>&2
  exit 2
}

start() {
 echo MODE: $MODE
 if [ $MODE = "DISABLE" ]; then
         echo DeConfiguring CARP Harness
         echo DeConfiguring tun10:
         echo ${SUDO} ifconfig tun10 destroy
         ${SUDO} ifconfig tun10 destroy
         echo DeConfiguring tun11:
         echo ${SUDO} ifconfig tun11 destroy
         ${SUDO} ifconfig tun11 destroy
         echo DeConfiguring tun12:
         echo ${SUDO} ifconfig tun12 destroy
         ${SUDO} ifconfig tun12 destroy
         echo DeConfiguring tun13:
         echo ${SUDO} ifconfig tun13 destroy
         ${SUDO} ifconfig tun13 destroy
         echo DeConfiguring tun14:
         echo ${SUDO} ifconfig tun14 destroy
         ${SUDO} ifconfig tun14 destroy
         echo DeConfiguring tun15:
         echo ${SUDO} ifconfig tun15 destroy
         ${SUDO} ifconfig tun15 destroy
         echo DeConfiguring bridge0:
         echo ${SUDO} ifconfig bridge0 destroy
         ${SUDO} ifconfig bridge0 destroy
         echo DeConfiguring bridge1:
         echo ${SUDO} ifconfig bridge1 destroy
         ${SUDO} ifconfig bridge1 destroy
         echo DeConfiguring bridge2:
         echo ${SUDO} ifconfig bridge2 destroy
         ${SUDO} ifconfig bridge2 destroy
 else
         # make sure a tun interface is available
         echo Configuring CARP Harness 
         echo Configuring tun10:
         echo ${SUDO} ifconfig tun10 192.168.1.254 link0
         ${SUDO} ifconfig tun10 192.168.1.254 link0   
         echo Configuring tun11:
         echo ${SUDO} ifconfig tun11 192.168.254.254 link0
         ${SUDO} ifconfig tun11 192.168.254.254 link0
         echo Configuring tun12:
         echo ${SUDO} ifconfig tun12 192.168.253.254 link0
         ${SUDO} ifconfig tun12 192.168.253.254 link0
         echo Configuring tun13:
         echo ${SUDO} ifconfig tun13 link0
         ${SUDO} ifconfig tun13 link0 up
         echo Configuring bridge0:
         echo ${SUDO} ifconfig bridge0 create
         ${SUDO} ifconfig bridge0 create
         echo ${SUDO} brconfig bridge0 add tun10 add tun13 up
         ${SUDO} brconfig bridge0 add tun10 add tun13 up 
         echo Configuring tun14:
         echo ${SUDO} ifconfig tun14 link0
         ${SUDO} ifconfig tun14 link0 up
         echo Configuring bridge1:
         echo ${SUDO} ifconfig bridge1 create
         ${SUDO} ifconfig bridge1 create
         echo ${SUDO} brconfig bridge1 add tun11 add tun14 up
         ${SUDO} brconfig bridge1 add tun11 add tun14 up
         echo Configuring tun15:
         echo ${SUDO} ifconfig tun15 link0 
         ${SUDO} ifconfig tun15 link0 up
         echo Configuring bridge2:
         echo ${SUDO} ifconfig bridge2 create
         ${SUDO} ifconfig bridge2 create
         echo ${SUDO} brconfig bridge2 add tun12 add tun15 up
         ${SUDO} brconfig bridge2 add tun12 add tun15 up
 fi
}

args=`getopt d $*`

 set -- $args
 while [ $# -gt 0 ]; do
  case "$1" in
  -d) MODE="DISABLE"
  echo "Disable Mode"
  ;;
     --) shift;
  break
  ;;
  esac
  shift
 done

start $1



This next script actually brings up the image file, it sets up the serial port to be redirected to a telnet session (all my firewall images use console port, you'll need to change this if you want to see the actual screen output: man qemu). This will also dump you into a telnet session connected to the serial of the device, be aware of that. To get this one to work, just do "sh setup-qemu-img.sh " The offset is to tell the script which CARP host your using, offset is where to start the nic configs at for this host.

So after running the above script to configure this, I just do the following:

sh setup-qemu.sh 0

Then I split my window in two using tmux "Ctrl-B S"

sh setup-qemu.sh 3

At this point I have both images running side by side, and can configure the individual guests to suit my needs.

!!!You may want to change some of the arguments you give to qemu to suit your needs, again see the qemu man page.


#!/bin/sh
# setup-qemu.sh
# script to start multiple qemus on a single box

SUDO=/usr/bin/sudo

# qemu args
IMAGE=$1
MEMORY=128
FLAGS=" -daemonize -no-kqemu -nographic -serial telnet:127.0.0.1:$((1010 + $2)),server,nowait -no-fd-bootchk"

NICFLAGS="-net nic,vlan=\$id,macaddr=\$mac -net tap,vlan=\$id,ifname=\$id,fd=\$fd"

getmac() {
 mac="00:bd:`printf %02x $(($RANDOM % 256))`:"
 mac="$mac`printf %02x $(($RANDOM % 256))`:"
 mac="$mac`printf %02x $(($1 % 256))`:`printf %02x $(($2 % 255 + 4))`"
}

start() {
        for id in 0 1 2; do
                fd=$(($id + 3))
                tun=tun$(($id + 10 + $2))
    getmac 3 id
                eval "nics=\"$nics $NICFLAGS\""
                fds="$fds $fd<> /dev/$tun"

        done
        
  cmd="${SUDO} -C 5 qemu -m ${MEMORY} -hda ${IMAGE}${FLAGS}$nics$fds"
     echo Running: ${SUDO} sh -c "$cmd"
  ${SUDO} sh -c "$cmd"
}

start $1 $2

telnet localhost $((1010 + $2))



To tear down the setup script simply do "sh setup-vharness.sh -d" after you've quit the qemu instance(s).

Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)