Pull in scripts from vendor-nutanix/test-suite as a starting point

files/test-suite/foundation/install.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+#
+# Script to download and install foundation vm onto a centos server
+
+set -eo pipefail
+
+REPO_BASE_URL="${REPO_BASE_URL:-https://artifacts.platformequinix.com/vendors/nutanix}"
+
+FOUNDATION_DISK_URL="${FOUNDATION_URL:-${REPO_BASE_URL}/test-suite/foundation/Foundation_VM-5.1-disk-0.qcow2}"
+FOUNDATION_MEMORY_MB=${FOUNDATION_MEMORY_MB:-4096}
+FOUNDATION_MAC="${FOUNDATION_MAC:-52:54:00:be:ef:02}"
+
+init_libs() {
+	if ! [ -e "/tmp/notanix-libs.sh" ]; then
+		# Initialize notanix libs
+		curl "${REPO_BASE_URL}/test-suite/libs/notanix-libs.sh" >/tmp/notanix-libs.sh
+	fi
+	source /tmp/notanix-libs.sh
+}
+
+main() {
+	init_libs
+	init_prereqs
+
+	log "Installing foundation"
+	simple_vm "foundation" "$FOUNDATION_MEMORY_MB" "$FOUNDATION_DISK_URL" "$FOUNDATION_PORT_FORWARD_IN_IFACE" "$FOUNDATION_PORT_FORWARDS" \
+		--network bridge=br0,mac="$FOUNDATION_MAC"
+
+	log 'Installation complete!'
+}
+
+main

files/test-suite/install.sh

@@ -0,0 +1,57 @@
+#!/bin/sh
+#
+# Script to download and install nutanix vms onto a centos server
+
+set -eo pipefail
+
+export REPO_BASE_URL="${REPO_BASE_URL:-https://artifacts.platformequinix.com/vendors/nutanix}"
+
+export METIS_MAC="${METIS_MAC:-52:54:00:be:ef:11}"
+export METIS_IP="${METIS_IP:-192.168.0.11}"
+export FOUNDATION_MAC="${FOUNDATION_MAC:-52:54:00:be:ef:12}"
+export FOUNDATION_IP="${FOUNDATION_IP:-192.168.0.12}"
+export XRAY_MAC="${XRAY_MAC:-52:54:00:be:ef:13}"
+export XRAY_IP="${XRAY_IP:-192.168.0.13}"
+
+export L2GATEWAY_CONFIG_DHCP_RANGE="${L2GATEWAY_CONFIG_DHCP_RANGE:-192.168.0.100,192.168.0.254}"
+export L2GATEWAY_CONFIG_INTERNAL_IP="${L2GATEWAY_CONFIG_INTERNAL_IP:-192.168.0.1}"
+
+# Forward WAN -> l2gateway
+L2GATEWAY_PORT_FORWARDS="l2gw:lease-api=80:80"
+L2GATEWAY_PORT_FORWARDS+=",metis:http=8001:8001"
+L2GATEWAY_PORT_FORWARDS+=",metis:ssh=2201:2201"
+L2GATEWAY_PORT_FORWARDS+=",foundation:http=8002:8002"
+L2GATEWAY_PORT_FORWARDS+=",foundation:ssh=2202:2202"
+L2GATEWAY_PORT_FORWARDS+=",xray:http=8003:8003"
+L2GATEWAY_PORT_FORWARDS+=",xray:ssh=2203:2203"
+export L2GATEWAY_PORT_FORWARDS
+
+L2GATEWAY_CONFIG_STATIC_LEASES="${METIS_MAC}=${METIS_IP}"
+L2GATEWAY_CONFIG_STATIC_LEASES+=",${FOUNDATION_MAC}=${FOUNDATION_IP}"
+L2GATEWAY_CONFIG_STATIC_LEASES+=",${XRAY_MAC}=${XRAY_IP}"
+export L2GATEWAY_CONFIG_STATIC_LEASES
+
+# Forward l2gateway -> private vm
+L2GATEWAY_CONFIG_PORT_FORWARDS="metis:http=8001:${METIS_IP}:80"
+L2GATEWAY_CONFIG_PORT_FORWARDS+=",metis:ssh=2201:${METIS_IP}:22"
+L2GATEWAY_CONFIG_PORT_FORWARDS+=",foundation:http=8002:${FOUNDATION_IP}:8000"
+L2GATEWAY_CONFIG_PORT_FORWARDS+=",foundation:ssh=2202:${FOUNDATION_IP}:22"
+L2GATEWAY_CONFIG_PORT_FORWARDS+=",xray:http=8003:${XRAY_IP}:443"
+L2GATEWAY_CONFIG_PORT_FORWARDS+=",xray:ssh=2203:${XRAY_IP}:22"
+export L2GATEWAY_CONFIG_PORT_FORWARDS
+
+main() {
+	echo "Initializing dhcp installer..." >&2
+	curl "$REPO_BASE_URL/test-suite/l2gateway/install.sh" | sh 2>&1 | tee /root/install-l2gateway.log
+
+	echo "Initializing metis installer..." >&2
+	curl "$REPO_BASE_URL/test-suite/metis/install.sh" | sh 2>&1 | tee /root/install-metis.log
+
+	echo "Initializing foundation installer..." >&2
+	curl "$REPO_BASE_URL/test-suite/foundation/install.sh" | sh 2>&1 | tee /root/install-foundation.log
+
+	echo "Initializing x-ray installer..." >&2
+	curl "$REPO_BASE_URL/test-suite/x-ray/install.sh" | sh 2>&1 | tee /root/install-x-ray.log
+}
+
+main

files/test-suite/l2gateway/install-services.sh

@@ -0,0 +1,203 @@
+#!/bin/sh
+#
+# Setup and run a linux nat gateway server
+set -e
+
+export L2GATEWAY_DHCP_RANGE="${L2GATEWAY_DHCP_RANGE:-192.168.0.10,192.168.0.254}"
+export L2GATEWAY_EXTERNAL_IFACE="${L2GATEWAY_EXTERNAL_IFACE:-enp1s0}"
+export L2GATEWAY_INTERNAL_IP="${L2GATEWAY_INTERNAL_IP:-192.168.0.1}"
+export L2GATEWAY_INTERNAL_PREFIX="${L2GATEWAY_INTERNAL_PREFIX:-24}"
+export L2GATEWAY_INTERNAL_IFACE="${L2GATEWAY_INTERNAL_IFACE:-enp2s0}"
+export L2GATEWAY_INTERNAL_DNS1="${L2GATEWAY_INTERNAL_DNS1:-147.75.207.207}"
+export L2GATEWAY_INTERNAL_DNS2="${L2GATEWAY_INTERNAL_DNS1:-147.75.207.208}"
+
+log() {
+	echo "$(date +"[%Y-%m-%d %H:%M:%S]") $@" | tee -a /root/install-gateway.log >&2
+}
+
+setup_iptables() {
+	log "Replacing firewalld with iptables"
+	systemctl mask firewalld
+	systemctl stop firewalld
+	yum -y install iptables-services
+
+	systemctl enable iptables
+	systemctl start iptables
+
+	iptables -P INPUT ACCEPT
+	iptables -F
+	iptables -A INPUT -i lo -j ACCEPT
+	iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+	iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+	iptables -P INPUT DROP
+	iptables -P FORWARD DROP
+	iptables -P OUTPUT ACCEPT
+	iptables-save >/etc/sysconfig/iptables
+}
+
+configure_internal_iface() {
+	log "Configuring $L2GATEWAY_INTERNAL_IFACE as internal interface"
+
+	ip link set "$L2GATEWAY_INTERNAL_IFACE" down || true
+
+	cat <<EOF | tee "/etc/sysconfig/network-scripts/ifcfg-${L2GATEWAY_INTERNAL_IFACE}"
+NAME=${L2GATEWAY_INTERNAL_IFACE}
+DEVICE=${L2GATEWAY_INTERNAL_IFACE}
+TYPE=Ethernet
+BOOTPROTO=static
+IPADDR=${L2GATEWAY_INTERNAL_IP}
+PREFIX=${L2GATEWAY_INTERNAL_PREFIX}
+DEFROUTE=no
+ONBOOT=yes
+EOF
+
+	ip link set "$L2GATEWAY_INTERNAL_IFACE" up
+}
+
+install_dnsmasq() {
+	log "Installing dnsmasq"
+	yum -y install dnsmasq
+	cat <<EOF | tee /etc/dnsmasq.d/internal.conf
+dhcp-range=${L2GATEWAY_DHCP_RANGE},24h
+listen-address=${L2GATEWAY_INTERNAL_IP}
+interface=${L2GATEWAY_INTERNAL_IFACE}
+server=${L2GATEWAY_INTERNAL_DNS1}
+server=${L2GATEWAY_INTERNAL_DNS2}
+dhcp-option=option:router,${L2GATEWAY_INTERNAL_IP}
+dhcp-option=option:dns-server,${L2GATEWAY_INTERNAL_IP}
+EOF
+	systemctl enable dnsmasq
+	systemctl start dnsmasq
+
+	log "Setting up dhcp and dns iptables rules"
+	iptables -I INPUT -p udp --dport 53 -m comment --comment "Allow DNS" -j ACCEPT
+	iptables -I INPUT -p udp --dport 67 -m comment --comment "Allow DHCP" -j ACCEPT
+	iptables-save >/etc/sysconfig/iptables
+}
+
+setup_static_leases() {
+	log "Setting up static dhcp leases"
+
+	local static_leases="$L2GATEWAY_STATIC_LEASES"
+
+	while [ -n "$static_leases" ]; do
+		IFS=',' read -r slcfg static_leases <<<"$static_leases"
+		IFS='=' read -r mac_addr ip_addr <<<"$slcfg"
+
+		comment="$service IN $src_port:$dst_ip:$dst_port"
+
+		log "Setting static ip for $mac_addr to $ip_addr"
+		echo "dhcp-host=${mac_addr},${ip_addr}" >>/etc/dnsmasq.d/static-leases.conf
+	done
+}
+
+install_lease_api() {
+	log "Installing lease api"
+
+	yum -y install epel-release
+	yum -y install nginx
+	cat <<'EOF' | tee /bin/update-leases
+#!/bin/sh
+
+OUT_FILE="$1"; shift
+sleep_seconds="${1:-5}"
+
+LEASE_FILE="${LEASE_FILE:-/var/lib/dnsmasq/dnsmasq.leases}"
+
+if [ -z "$OUT_FILE" ]; then
+    echo "$0 OUT_FILE [REFRESH_DELAY]" 2>&1
+    exit 1
+fi
+
+while true; do
+    awk -F ' ' '{print $2"="$3}' "$LEASE_FILE" | tee "$OUT_FILE"
+    sleep "$sleep_seconds"
+done
+EOF
+	chmod +x /bin/update-leases
+
+	cat <<EOF | tee /usr/lib/systemd/system/watch-leases.service
+[Unit]
+Description=Watch dnsmasq leases and expose them over http endpoint
+After=network-online.target
+
+[Service]
+ExecStart=/bin/update-leases "/usr/share/nginx/html/leases"
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+EOF
+	systemctl enable watch-leases
+	systemctl start watch-leases
+
+	systemctl enable nginx
+	systemctl start nginx
+
+	log "Setting up http iptables rules"
+	iptables -I INPUT -p tcp --dport 80 -m comment --comment "Allow HTTP" -j ACCEPT
+	iptables-save >/etc/sysconfig/iptables
+}
+
+install_nat() {
+	log "Enabling ipv4 forwarding"
+	echo 'net.ipv4.ip_forward = 1' >>/etc/sysctl.conf
+	sysctl -p
+
+	log "Setting up nat iptables rules"
+	iptables -t nat -A POSTROUTING -o "$L2GATEWAY_EXTERNAL_IFACE" -j MASQUERADE
+	iptables -A FORWARD -i "$L2GATEWAY_EXTERNAL_IFACE" -o "$L2GATEWAY_INTERNAL_IFACE" -m state --state RELATED,ESTABLISHED -j ACCEPT
+	iptables -A FORWARD -i "$L2GATEWAY_INTERNAL_IFACE" -o "$L2GATEWAY_EXTERNAL_IFACE" -j ACCEPT
+	iptables-save >/etc/sysconfig/iptables
+}
+
+setup_port_forwards() {
+	log "Setting up port forwarding"
+
+	local port_forwards="$L2GATEWAY_PORT_FORWARDS"
+	local comment=""
+
+	while [ -n "$port_forwards" ]; do
+		IFS=',' read -r pfcfg port_forwards <<<"$port_forwards"
+		IFS='=' read -r service ports <<<"$pfcfg"
+		IFS=':' read -r src_port dst_ip dst_port <<<"$ports"
+
+		comment="$service IN $src_port:$dst_ip:$dst_port"
+
+		log "Forwarding $comment"
+		iptables -I FORWARD -o ${L2GATEWAY_INTERNAL_IFACE} -d "$dst_ip" -m comment --comment "$comment" -j ACCEPT
+		iptables -t nat -I PREROUTING -p tcp --dport "$src_port" -j DNAT --to "${dst_ip}:${dst_port}" -m comment --comment "$comment"
+	done
+
+	if [ -n "$L2GATEWAY_PORT_FORWARDS" ]; then
+		iptables-save >/etc/sysconfig/iptables
+	fi
+}
+
+main() {
+	log "Setting up gateway server..."
+
+	setup_iptables
+
+	configure_internal_iface
+
+	install_dnsmasq
+
+	setup_static_leases
+
+	install_lease_api
+
+	install_nat
+
+	setup_port_forwards
+
+	log 'Installation complete!'
+
+	systemctl disable install-l2gateway
+	rm -f /usr/lib/systemd/system/install-l2gateway.service
+
+	poweroff
+}
+
+main

files/test-suite/l2gateway/install-vm.ks

@@ -0,0 +1,68 @@
+auth --enableshadow --passalgo=sha512
+url --url="https://download.rockylinux.org/pub/rocky/8/BaseOS/x86_64/os"
+
+rootpw --plaintext nutanix/4u
+text
+firewall --enabled --service=ssh
+firstboot --disabled
+eula --agreed
+ignoredisk --only-use=vda
+keyboard --vckeymap=us --xlayouts='us'
+lang en_US.UTF-8
+network  --bootproto=dhcp --device=link --activate --hostname=nutanix-gateway.localdomain
+reboot
+services --disabled="kdump" --enabled="sshd,rsyslog,chronyd"
+skipx
+
+timezone UTC --isUtc
+bootloader --append="console=tty0 console=ttyS0,115200n8 crashkernel=auto" --location=mbr --timeout=1 --boot-drive=vda
+zerombr
+clearpart --all --initlabel
+part / --fstype="xfs" --ondisk=vda --size=1 --grow
+
+%packages
+@core
+tar
+wget
+rsync
+%end
+
+%post
+for arg in $(cat /proc/cmdline); do
+    case "$arg" in
+        l2gateway-*)
+            varname=${arg%%=*}
+            varname=${varname//-/_}
+            varname=${varname^^}
+            newvar="${varname}=${arg#*=}"
+            echo "$newvar" >> /etc/default/install-l2gateway
+            export "$newvar"
+            ;;
+    esac
+done
+
+cat <<'EOF' | tee /bin/install-l2gateway.sh
+#!/bin/sh
+set -e
+
+curl "$L2GATEWAY_INSTALL_SERVICE_URL" | sh
+EOF
+
+chmod +x /bin/install-l2gateway.sh
+
+cat <<EOF | tee /usr/lib/systemd/system/install-l2gateway.service
+[Unit]
+Description=Install L2 Gateway.
+After=network-online.target
+
+[Service]
+EnvironmentFile=/etc/default/install-l2gateway
+ExecStart=/bin/install-l2gateway.sh
+Restart=no
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+ln -nsf /usr/lib/systemd/system/install-l2gateway.service /etc/systemd/system/multi-user.target.wants/install-l2gateway.service
+%end