Sengoliloeng see se reretsoe mang?
Sehlooho sena se ka 'na sa thahasella batsamaisi ba tsamaiso ba tobaneng le mosebetsi oa ho theha tšebeletso ea "nako e le' ngoe" ea mosebetsi.
Prologue
Lefapha la ts'ehetso ea IT la k'hamphani e nyenyane e ntseng e tsoela pele ka matla e nang le marang-rang a manyenyane a libaka le ile la kōptjoa ho hlophisa "liteishene tsa ho itšebeletsa" bakeng sa ho sebelisoa ke bareki ba bona ba ka ntle. Liteishene tsena li ne li lokela ho sebelisoa bakeng sa ho ingolisa li-portal tsa k'hamphani tse kantle, ho khoasolla data ho tsoa lisebelisoa tsa kantle, le ho sebetsa le li-portal tsa mmuso.
Ntlha ea bohlokoa e ne e le taba ea hore boholo ba software e "lokiloe" bakeng sa MS Windows (mohlala, "Declaration"), 'me ho sa tsotellehe motsamao o lebisang ho lifomate tse bulehileng, MS Office e ntse e le eona maemo a ka sehloohong a phapanyetsano ea litokomane tsa elektronike. Kahoo, re ne re ke ke ra hana MS Windows ha re rarolla bothata bona.
Bothata bo boholo e ne e le monyetla oa ho bokella lintlha tse fapaneng ho tsoa ho mananeo a basebelisi, e leng se ka lebisang ho lutla ha bona ho batho ba boraro. . Empa ho fapana le quasi-state (setheo se ikemetseng sa mmuso) MFC, mekhatlo e seng ea mmuso e tla fuoa kotlo e boima haholo bakeng sa mefokolo e joalo. Bothata bo latelang bo boima ka ho fetesisa e ne e le tlhoko ea ho sebetsa le mecha ea litaba ea polokelo ea kantle, e neng e tla ba le sehlopha sa malware a kotsi. Monyetla oa hore malware a rekoe ho tsoa Marang-rang a ne a nkuoa a sa khonehe ka lebaka la lithibelo tsa ho kena Inthaneteng ho sebelisoa lethathamo le lesoeu la liaterese. rata sena:
Litlhoko tsa ts'ireletso ea tlhahisoleseling
- Kamora ts'ebeliso, data eohle ea mosebelisi (ho kenyeletsoa lifaele tsa nakoana le linotlolo tsa ngoliso) e tlameha ho hlakoloa.
- Lits'ebetso tsohle tse hlahisitsoeng ke mosebelisi li tlameha ho emisoa ha mosebetsi o phethetsoe.
- Ho fihlella marang-rang ka ho sebelisa lethathamo le lesoeu la liaterese.
- Lithibelo ho bokhoni ba ho sebelisa khoutu ea motho oa boraro.
- Haeba lenaneo le sa sebetse nako e fetang metsotso e 5, lenaneo le tlameha ho fela 'me seteishene se itlhoekise.
Litlhoko tsa bareki
- Palo ea liteishene tsa bareki ka lekala ha e fete 4.
- Nako e fokolang ea ho emela hore tsamaiso e be e loketse, ho tloha ha u "lula fatše" ho fihlela qalong ea ho sebetsa le software ea bareki.
- Monyetla oa ho hokahanya lisebelisoa tsa peripheral (li-scanner, li-flash drives) ka kotloloho ho tsoa sebakeng sa ho kenya "seteishene sa ho itšebeletsa".
- Litakatso tsa bareki
- Pontšo ea lisebelisoa tsa papatso (litšoantšo) ha e rarahaneng e sa sebetse.
Bohloko ba boqapi
Kamora ho bapala haholo ka li-livecds tsa Windows, re fihletse qeto e le 'ngoe ea hore tharollo e hlahisoang ha e khotsofatse bonyane lintlha tse 3 tsa bohlokoa. Li nka nako e telele ho kenya, kapa ha li phele, kapa ho itloaetsa ha bona ho ne ho amahanngoa le bohloko bo hlaha. Mohlomong ha rea batla hantle, 'me u ka khothaletsa sehlopha sa lisebelisoa, ke tla leboha.
Eaba re qala ho sheba VDI, empa bakeng sa mosebetsi ona litharollo tse ngata li theko e boima haholo kapa li hloka tlhokomelo e haufi. Empa ke ne ke batla sesebelisoa se bonolo, se nang le bonyane ba boselamose, mathata a mangata a ka rarolloang ka ho qalisa bocha / ho qala ts'ebeletso. Ka lehlohonolo, re ne re e-na le lisebelisoa tsa li-server, tsa maemo a tlaase makaleng, ho tloha ha tšebeletso e tlosoa, eo re neng re ka e sebelisa bakeng sa motheo oa theknoloji.
Ho ile ha etsahala’ng qetellong? Empa ha ke khone ho u bolella se ileng sa etsahala qetellong, hobane ke NDA, empa ha re ntse re batla re ile ra hlahisa leano le thahasellisang le ileng la iponahatsa hantle litekong tsa laboratori, le hoja le sa ka la kena tlhahiso.
Litlhaloso tse 'maloa: mongoli ha a bolele hore tharollo e reriloeng e rarolla ka botlalo mathata ohle a abetsoeng mme e etsa sena ka boithatelo le ka pina. Mongoli o lumellana esale pele le polelo ea hore Sein Englishe sprache ke zehr schlecht. Kaha tharollo ha e sa ntse e ntlafatsoa, u ke ke ua itšetleha ka ho lokisoa ha likokoana-hloko kapa phetoho ea ts'ebetso, ntho e 'ngoe le e' ngoe e matsohong a hau. Sengoli se nka hore bonyane u tloaelane le KVM mme u balile sengoloa sa tlhahlobo mabapi le protocol ea Spice mme o sebelitse hanyane le Centos kapa phepelo e 'ngoe ea GNU Linux.
Sehloohong sena, ke rata ho hlahloba motheo oa tharollo e hlahang, haholo-holo tšebelisano-'moho ea bareki le seva le bohlokoa ba lits'ebetso tsa potoloho ea bophelo ba mochini oa sebele ka har'a tharollo. Haeba sengoloa sena se khahla sechaba, ke tla hlalosa lintlha tsa ts'ebetso ea litšoantšo tse phelang bakeng sa ho theha bareki ba tšesaane ba thehiloeng ho Fedora le ho buisana ka lintlha tsa ho hlophisa mechini ea sebele le Li-server tsa KVM ho ntlafatsa tshebetso le tshireletso.
Haeba u nka pampiri e mebala,
Lipente, borashe le sekhomaretsi,
Le tsebo e eketsehileng...
U ka etsa li-ruble tse lekholo!
Setšoantšo le tlhaloso ea benche ea teko
Lisebelisoa tsohle li teng ka har'a marang-rang a lekala, ke mocha oa Inthanete feela o tsoelang ka ntle. Ho se ho bile le seva sa proxy nalaneng; ha se ntho e makatsang. Empa ke ho eona, har'a lintho tse ling, hore ho hlophisoa ha sephethephethe ho tloha mechineng ea sebele (abbr. VMs ka tlase ho mongolo) ho tla etsahala. Ha ho na letho le u thibelang ho beha ts'ebeletso ena ho seva sa KVM; ntho feela eo u hlokang ho e shebella ke hore na mojaro o ho subsystem ea disk o fetoha joang ho eona.
Client Station ha e le hantle ke "seteishene sa ho itšebeletsa", "sebaka se ka pele" sa ts'ebeletso ea rona. Ke li-nettops tsa Lenovo IdeaCentre. Ke eng e ntle ka yuniti ee? E, hoo e batlang e le motho e mong le e mong, haholo-holo o khahliloe ke palo e kholo ea lihokelo tsa USB le 'mali oa karete karolong e ka pele. Lenaneong la rona, karete ea SD e nang le tšireletso ea ho ngola ea hardware e nolofalitsoeng e kenngoa ho 'mali oa karete, eo ho eona ho tlalehiloeng setšoantšo se phelang se fetotsoeng sa Fedora 28. Ha e le hantle, mochine, keyboard le mouse li kopantsoe le nettop.
Switch ke sesebelisoa sa hardware sa boemo ba bobeli se sa tloaelehang, se emeng ka phaposing ea li-server le mabone a panyang. Ha e kopane le marang-rang leha e le afe ntle le marang-rang a "liteishene tsa boipheliso".
KVM_Server ke motheo oa leano; litekong tsa benche, Core 2 Quad Q9650 e nang le 8 GB ea RAM e ts'ehelitseng mechini e 3 e sebetsang ka kholiseho e nang le Windows 10. Disk subsystem - adaptec 3405 2 disks Raid 1 + SSD. Litekong tsa tšimo tsa Xeon 1220, LSI 9260 + SSD e tšehelitsoe habonolo 5-6 VMs. Re ne re tla fumana li-server ho tsoa litšebeletsong tse tlohetseng mosebetsi; ho ne ho ke ke ha e-ba le litšenyehelo tse ngata tsa chelete. Seva sena (li) se na le sistimi ea virtualization ea KVM e kentsoeng ka letamo la mochini la pompo_Vm.
Vm ke mochini o sebetsang, mokokotlo oa ts'ebeletso ea rona. Ke moo mosebetsi oa mosebedisi o etsahalang teng.
Enp5s0 ke sehokelo sa marang-rang se shebaneng le marang-rang a "liteishene tsa ho itšebeletsa", dhcpd, ntpd, httpd phela ho eona, 'me xinetd e mamela "signal" port.
Lo0 ke sebopeho sa pseudo loopback. Standard.
Spice_console - Ntho e khahlisang haholo, 'nete ke hore, ho fapana le RDP ea khale, ha o holisa sephutheloana sa protocol ea KVM + Spice, ho hlaha mokhatlo o mong - boema-kepe ba mochini o sebetsang. Ha e le hantle, ka ho hokahanya le koung ena ea TCP, re fumana Vm console, ntle le ho hokela Vm ka sebopeho sa eona sa marang-rang. Seva e nka holim'a litšebelisano tsohle le Vm bakeng sa phetiso ea matšoao. Analogue e haufi haholo ts'ebetsong ke IPKVM. Tseo. Setšoantšo sa VM monitor se fetisetsoa boema-kepeng bona, lintlha tse mabapi le motsamao oa litoeba le tsona li fetisetsoa ho eona, 'me (habohlokoa ka ho fetesisa) tšebelisano ka protocol ea Spice e u lumella ho tsamaisa lisebelisoa tsa USB ka mokhoa o sa reroang mochining o hlakileng, joalo ka ha sesebelisoa sena se hokahane. ho Vm ka boeona. E lekoa bakeng sa li-flash drive, li-scanner, lik'hamera tsa marang-rang.
Likarete tsa marang-rang tsa Vnet0, virbr0 le Vm li theha marang-rang a mechini e fumanehang.
Kamoo e sebetsang kateng
Ho tswa ho Client Station
Seteishene sa bareki se roala ka mokhoa oa graphical ho tloha setšoantšong se fetotsoeng se phelang sa Fedora 28, se fumana aterese ea IP ka dhcp ho tloha sebakeng sa aterese sa marang-rang 169.254.24.0/24. Nakong ea ts'ebetso ea ho jarolla, ho etsoa melao ea firewall e lumellang likhokahano ho "signal" le "spice" ports tsa seva. Kamora hore download e phethe, seteishene se emela hore mosebelisi oa "Client" a fane ka tumello. Ka mor'a tumello ea mosebedisi, "openbox" mookameli oa "desktop" oa qalisoa 'me autostart script e etsoa molemong oa mosebedisi ea lumelletsoeng. Har'a tse ling, mongolo oa autorun o tsamaisa script ea remote.sh.
$HOME/.config/openbox/scripts/remote.sh
#!/bin/sh
server_ip=$(/usr/bin/cat /etc/client.conf |/usr/bin/grep "server_ip"
|/usr/bin/cut -d "=" -f2)
vdi_signal_port=$(/usr/bin/cat /etc/client.conf |/usr/bin/grep "vdi_signal_port"
|/usr/bin/cut -d "=" -f2)
vdi_spice_port=$(/usr/bin/cat /etc/client.conf |/usr/bin/grep "vdi_spice_port"
|/usr/bin/cut -d "=" -f2)
animation_folder=$(/usr/bin/cat /etc/client.conf |/usr/bin/grep "animation_folder"
|/usr/bin/cut -d "=" -f2)
process=/usr/bin/remote-viewer
while true
do
if [ -z `/usr/bin/pidof feh` ]
then
/usr/bin/echo $animation_folder
/usr/bin/feh -N -x -D1 $animation_folder &
else
/usr/bin/echo
fi
/usr/bin/nc -i 1 $server_ip $vdi_signal_port |while read line
do
if /usr/bin/echo "$line" |/usr/bin/grep "RULE ADDED, CONNECT NOW!"
then
/usr/bin/killall feh
pid_process=$($process "spice://$server_ip:$vdi_spice_port"
"--spice-disable-audio" "--spice-disable-effects=animation"
"--spice-preferred-compression=auto-glz" "-k"
"--kiosk-quit=on-disconnect" | /bin/echo $!)
/usr/bin/wait $pid_process
/usr/bin/killall -u $USER
exit
else
/usr/bin/echo $line >> /var/log/remote.log
fi
done
done
/etc/client.conf
server_ip=169.254.24.1
vdi_signal_port=5905
vdi_spice_port=5906
animation_folder=/usr/share/backgrounds/animation
background_folder=/usr/share/backgrounds2/fedora-workstation
Tlhaloso ea mefuta e fapaneng ea faele ea client.conf
server_ip - Aterese ea KVM_Server
vdi_signal_port - KVM_Server port moo xinetd "e lutseng"
vdi_spice_port - boema-kepe ba marang-rang ba KVM_Server moo kopo ea khokahano e tla fetisetsoa ho tsoa ho moreki ea shebelletseng hole ho ea boema-kepeng ba linoko tsa Vm e inehetseng (lintlha tse ka tlase)
animation_folder - foldara moo litšoantšo tsa ponts'o ea popo li nkuoang ho tsona.
background_folder - foldara eo litšoantšo li nkiloeng ho eona bakeng sa ho bonts'a lihlahiso boemong ba standby. Lintlha tse ling mabapi le lipopae karolong e latelang ea sengoloa.
Remote.sh script e nka litlhophiso ho tloha faeleng ea tlhophiso /etc/client.conf mme e sebelisa nc ho hokahanya le "vdi_signal_port" koung ea seva sa KVM mme e fumana molaetsa oa data ho tswa ho seva, eo har'a eona e lebeletseng melapo "RULE ADDED , KHOPALA HONA JOALE”. Ha mohala o hlokahalang o amoheloa, ts'ebetso ea "remote-viewer" e qalisoa ka mokhoa oa kiosk, ho theha khokahanyo ho "vdi_spice_port" seva sa port. Ts'ebetso ea sengoloa e emisitsoe ho fihlela sebali sa remoutu se qeta ho se etsa.
Remote-viewer e hokelang koung ea "vdi_spice_port", ka lebaka la ho fetisetsoa lehlakoreng la seva, e fihla boema-kepeng ba "spice_console" ea sebopeho sa lo0, ke hore. ho virtual machine console mme mosebetsi oa mosebedisi o etsahala ka ho toba. Ha a ntse a emetse khokahano, mosebelisi o bontšoa animation ea bullshit, ka sebopeho sa slide show ea lifaele tsa jpeg, tsela e eang bukeng e nang le litšoantšo e khethoa ke boleng ba animation_folder e fapaneng ho tsoa faeleng ea tlhophiso.
Haeba khokahanyo ea boema-kepe ba "spice_console" ea mochini e lahlehang, e leng sesupo sa ho tima/ho qala bocha ha mochini o sebetsang (ke hore, pheletso ea nako ea mosebelisi), lits'ebetso tsohle tse sebetsang molemong oa mosebelisi ea lumelletsoeng lia felisoa, e leng se lebisang pele. ho qala botjha ha lightdm le ho kgutlela skrineng sa tumello .
Ho tloha lehlakoreng la Seva ea KVM
Boema-kepe ba "signal" ea karete ea marang-rang, enp5s0 e emetse xinetd ho hokela. Kamora ho hokela boema-kepeng ba "signal", xinetd e bula sengoloa sa vm_manager.sh ntle le ho se fetisa litlhophiso life kapa life tsa ho kenya ebe e khutlisetsa sephetho sa mongolo ho Seshene sa Client nc.
/etc/xinetd.d/test-server
service vdi_signal
{
port = 5905
socket_type = stream
protocol = tcp
wait = no
user = root
server = /home/admin/scripts_vdi_new/vm_manager.sh
}
/home/admin/scripts_vdi_new/vm_manager.sh
#!/usr/bin/sh
#<SET LOCAL VARIABLES FOR SCRIPT>#
SRV_SCRIPTS_DIR=$(/usr/bin/cat /etc/vm_manager.conf
|/usr/bin/grep "srv_scripts_dir" |/usr/bin/cut -d "=" -f2)
/usr/bin/echo "SRV_SCRIPTS_DIR=$SRV_SCRIPTS_DIR"
export SRV_SCRIPTS_DIR=$SRV_SCRIPTS_DIR
SRV_POOL_SIZE=$(/usr/bin/cat /etc/vm_manager.conf
|/usr/bin/grep "srv_pool_size" |/usr/bin/cut -d "=" -f2)
/usr/bin/echo "SRV_POOL_SIZE=$SRV_POOL_SIZE"
export "SRV_POOL_SIZE=$SRV_POOL_SIZE"
SRV_START_PORT_POOL=$(/usr/bin/cat /etc/vm_manager.conf
|/usr/bin/grep "srv_start_port_pool" |/usr/bin/cut -d "=" -f2)
/usr/bin/echo SRV_START_PORT_POOL=$SRV_START_PORT_POOL
export SRV_START_PORT_POOL=$SRV_START_PORT_POOL
SRV_TMP_DIR=$(/usr/bin/cat /etc/vm_manager.conf
|/usr/bin/grep "srv_tmp_dir" |/usr/bin/cut -d "=" -f2)
/usr/bin/echo "SRV_TMP_DIR=$SRV_TMP_DIR"
export SRV_TMP_DIR=$SRV_TMP_DIR
date=$(/usr/bin/date)
#</SET LOCAL VARIABLES FOR SCRIPT>#
/usr/bin/echo "# $date START EXECUTE VM_MANAGER.SH #"
make_connect_to_vm() {
#<READING CLEAR.LIST AND CHECK PORT FOR NETWORK STATE>#
/usr/bin/echo "READING CLEAN.LIST AND CHECK PORT STATE"
#<CHECK FOR NO ONE PORT IN CLEAR.LIST>#
if [ -z `/usr/bin/cat $SRV_TMP_DIR/clear.list` ]
then
/usr/bin/echo "NO AVALIBLE PORTS IN CLEAN.LIST FOUND"
/usr/bin/echo "Will try to make housekeeper, and create new vm"
make_housekeeper
else
#<MINIMUN ONE PORT IN CLEAR.LIST FOUND>#
/usr/bin/cat $SRV_TMP_DIR/clear.list |while read line
do
clear_vm_port=$(($line))
/bin/echo "FOUND PORT $clear_vm_port IN CLEAN.LIST. TRY NETSTAT"
"CHECK FOR PORT=$clear_vm_port"
#<NETSTAT LISTEN CHECK FOR PORT FROM CLEAN.LIST>#
if /usr/bin/netstat -lnt |/usr/bin/grep ":$clear_vm_port" > /dev/null
then
/bin/echo "$clear_vm_port IS LISTEN"
#<PORT IS LISTEN. CHECK FOR IS CONNECTED NOW>#
if /usr/bin/netstat -nt |/usr/bin/grep ":$clear_vm_port"
|/usr/bin/grep "ESTABLISHED" > /dev/null
then
#<PORT LISTEN AND ALREADY CONNECTED! MOVE PORT FROM CLEAR.LIST
# TO WASTE.LIST>#
/bin/echo "$clear_vm_port IS ALREADY CONNECTED, MOVE PORT TO WASTE.LIST"
/usr/bin/sed -i "/$clear_vm_port/d" $SRV_TMP_DIR/clear.list
/usr/bin/echo $clear_vm_port >> $SRV_TMP_DIR/waste.list
else
#<PORT LISTEN AND NO ONE CONNECT NOW. MOVE PORT FROM CLEAR.LIST TO
# CONN_WAIT.LIST AND CREATE IPTABLES RULES>##
/usr/bin/echo "OK, $clear_vm_port IS NOT ALREADY CONNECTED"
/usr/bin/sed -i "/$clear_vm_port/d" $SRV_TMP_DIR/clear.list
/usr/bin/echo $clear_vm_port >> $SRV_TMP_DIR/conn_wait.list
$SRV_SCRIPTS_DIR/vm_connect.sh $clear_vm_port
#<TRY TO CLEAN VM IN WASTE.LIST AND CREATE NEW WM>#
/bin/echo "TRY TO CLEAN VM IN WASTE.LIST AND CREATE NEW VM"
make_housekeeper
/usr/bin/echo "# $date STOP EXECUTE VM_MANAGER.SH#"
exit
fi
else
#<PORT IS NOT A LISTEN. MOVE PORT FROM CLEAR.LIST TO WASTE.LIST>#
/bin/echo " "$clear_vm_port" is NOT LISTEN. REMOVE PORT FROM CLEAR.LIST"
/usr/bin/sed -i "/$clear_vm_port/d" $SRV_TMP_DIR/clear.list
/usr/bin/echo $clear_vm_port >> $SRV_TMP_DIR/waste.list
make_housekeeper
fi
done
fi
}
make_housekeeper() {
/usr/bin/echo "=Execute housekeeper="
/usr/bin/cat $SRV_TMP_DIR/waste.list |while read line
do
/usr/bin/echo "$line"
if /usr/bin/netstat -lnt |/usr/bin/grep ":$line" > /dev/null
then
/bin/echo "port_alive, vm is running"
if /usr/bin/netstat -nt |/usr/bin/grep ":$line"
|/usr/bin/grep "ESTABLISHED" > /dev/null
then
/bin/echo "port_in_use can't delete vm!!!"
else
/bin/echo "port_not in use. Deleting vm"
/usr/bin/sed -i "/$line/d" $SRV_TMP_DIR/waste.list
/usr/bin/echo $line >> $SRV_TMP_DIR/recycle.list
$SRV_SCRIPTS_DIR/vm_delete.sh $line
fi
else
/usr/bin/echo "posible vm is already off. Deleting vm"
/usr/bin/echo "MOVE VM IN OFF STATE $line FROM WASTE.LIST TO"
"RECYCLE.LIST AND DELETE VM"
/usr/bin/sed -i "/$line/d" $SRV_TMP_DIR/waste.list
/usr/bin/echo $line >> $SRV_TMP_DIR/recycle.list
$SRV_SCRIPTS_DIR/vm_delete.sh "$line"
fi
done
create_clear_vm
}
create_clear_vm() {
/usr/bin/echo "=Create new VM="
while [ $SRV_POOL_SIZE -gt 0 ]
do
new_vm_port=$(($SRV_START_PORT_POOL+$SRV_POOL_SIZE))
/usr/bin/echo "new_vm_port=$new_vm_port"
if /usr/bin/grep "$new_vm_port" $SRV_TMP_DIR/clear.list > /dev/null
then
/usr/bin/echo "$new_vm_port port is already defined in clear.list"
else
if /usr/bin/grep "$new_vm_port" $SRV_TMP_DIR/waste.list > /dev/null
then
/usr/bin/echo "$new_vm_port port is already defined in waste.list"
else
if /usr/bin/grep "$new_vm_port" $SRV_TMP_DIR/recycle.list > /dev/null
then
/usr/bin/echo "$new_vm_port PORT IS ALREADY DEFINED IN RECYCLE LIST"
else
if /usr/bin/grep "$new_vm_port" $SRV_TMP_DIR/conn_wait.list > /dev/null
then
/usr/bin/echo "$new_vm_port PORT IS ALREADY DEFINED IN CONN_WAIT LIST"
else
/usr/bin/echo "PORT IN NOT DEFINED IN NO ONE LIST WILL CREATE"
"VM ON PORT $new_vm_port"
/usr/bin/echo $new_vm_port >> $SRV_TMP_DIR/recycle.list
$SRV_SCRIPTS_DIR/vm_create.sh $new_vm_port
fi
fi
fi
fi
SRV_POOL_SIZE=$(($SRV_POOL_SIZE-1))
done
/usr/bin/echo "# $date STOP EXECUTE VM_MANAGER.SH #"
}
make_connect_to_vm |/usr/bin/tee -a /var/log/vm_manager.log
/etc/vm_manager.confsrv_scripts_dir=/home/admin/scripts_vdi_new
srv_pool_size=4
srv_start_port_pool=5920
srv_tmp_dir=/tmp/vm_state
base_host=win10_2
input_iface=enp5s0
vdi_spice_port=5906
count_conn_tryes=10
Tlhaloso ea lintho tse fapaneng ho file ea tlhophiso ea vm_manager.conf
srv_scripts_dir — foldara moo mangolo a leng teng vm_manager.sh, vm_connect.sh, vm_delete.sh, vm_create.sh, vm_clear.sh
srv_pool_size - Vm pool size
srv_start_port_pool - kou ea ho qala, ka mor'a moo sebaka sa likou tsa linoko bakeng sa li-consoles tsa mochini o tla qala.
srv_tmp_dir - foldara bakeng sa ho boloka lifaele tsa nakoana
base_host - base Vm (setšoantšo sa khauta) moo li-clone tsa Vm li tla etsoa ka letamo
input_iface — sehokelo sa marang-rang sa seva, se shebaneng le Diteishene tsa bareki
vdi_spice_port - boema-kepe ba marang-rang ba seva moo kopo ea khokahano e tsoang ho moreki ea shebelletseng hole e tla fetisetsoa boema-kepeng ba linoko tsa Vm e inehetseng.
count_conn_tryes - nako ea ho ema, ka mor'a moo ho nkoa hore ha ho na khokahano ho Vm e etsahetseng (bakeng sa lintlha, sheba vm_connect.sh)
Sengoloa sa vm_manager.sh se bala faele ea tlhophiso ho tsoa faeleng ea vm_manager.conf mme e lekola boemo ba mechini e fumanehang ka har'a letamo ho latela li-parameter tse 'maloa, e leng: ke li-VM tse kae tse sebelisoang, hore na ho na le li-VM tse hloekileng tsa mahala. Ho etsa sena, e bala file e hlakileng.list, e nang le "spice_console" linomoro tsa koung tsa "sa tsoa bōptjoa" (sheba ka tlase VM pōpo cycle) le ho hlahloba hore na ho na le khokahanyo e tiileng le eona. Ha kou e nang le khokahano e tiileng ea marang-rang e fumanoa (eo ka ho feletseng e sa lokelang ho ba teng), temoso e tla hlahisoa 'me kou e fetisetsoa litšila.list Ha kou ea pele e tsoang ho clear.list faele e fumanoa eo ho se nang khokahano ho eona hajoale. , vm_manager.sh e letsetsa vm_connect.sh script mme e fetisetsa ho e fa nomoro ea boema-kepe bona joalo ka paramethara.
/home/admin/scripts_vdi_new/vm_connect.sh
#!/bin/sh
date=$(/usr/bin/date)
/usr/bin/echo "#" "$date" "START EXECUTE VM_CONNECT.SH#"
#<SET LOCAL VARIABLES FOR SCRIPT>#
free_port="$1"
input_iface=$(/usr/bin/cat /etc/vm_manager.conf |/usr/bin/grep "input_iface"
|/usr/bin/cut -d "=" -f2)
/usr/bin/echo "input_iface=$input_iface"
vdi_spice_port=$(/usr/bin/cat /etc/vm_manager.conf
|/usr/bin/grep "vdi_spice_port" |/usr/bin/cut -d "=" -f2)
/usr/bin/echo "vdi_spice_port=$vdi_spice_port"
count_conn_tryes=$(/usr/bin/cat /etc/vm_manager.conf
|/usr/bin/grep "count_conn_tryes" |/usr/bin/cut -d "=" -f2)
/usr/bin/echo "count_conn_tryes=$count_conn_tryes"
#</SET LOCAL VARIABLES FOR SCRIPT>#
#<CREATE IPTABLES RULES AND SEND SIGNAL TO CONNECT>#
/usr/bin/echo "create rule for port" $free_port
/usr/sbin/iptables -I INPUT -i $input_iface -p tcp -m tcp --dport
$free_port -j ACCEPT
/usr/sbin/iptables -I OUTPUT -o $input_iface -p tcp -m tcp --sport
$free_port -j ACCEPT
/usr/sbin/iptables -t nat -I PREROUTING -p tcp -i $input_iface --dport
$vdi_spice_port -j DNAT --to-destination 127.0.0.1:$free_port
/usr/bin/echo "RULE ADDED, CONNECT NOW!"
#</CREATE IPTABLES RULES AND SEND SIGNAL TO CONNECT>#
#<WAIT CONNECT ESTABLISHED AND ACTIVATE CONNECT TIMER>#
while [ $count_conn_tryes -gt 0 ]
do
if /usr/bin/netstat -nt |/usr/bin/grep ":$free_port"
|/usr/bin/grep "ESTABLISHED" > /dev/null
then
/bin/echo "$free_port NOW in use!!!"
/usr/bin/sleep 1s
/usr/sbin/iptables -t nat -D PREROUTING -p tcp -i $input_iface --dport
$vdi_spice_port -j DNAT --to-destination 127.0.0.1:$free_port
/usr/sbin/iptables -D INPUT -i $input_iface -p tcp -m tcp --dport
$free_port -j ACCEPT
/usr/sbin/iptables -D OUTPUT -o $input_iface -p tcp -m tcp --sport
$free_port -j ACCEPT
/usr/bin/sed -i "/$free_port/d" $SRV_TMP_DIR/conn_wait.list
/usr/bin/echo $free_port >> $SRV_TMP_DIR/waste.list
return
else
/usr/bin/echo "$free_port NOT IN USE"
/usr/bin/echo "RULE ADDED, CONNECT NOW!"
/usr/bin/sleep 1s
fi
count_conn_tryes=$((count_conn_tryes-1))
done
#</WAIT CONNECT ESTABLISED AND ACTIVATE CONNECT TIMER>#
#<IF COUNT HAS EXPIRED. REMOVE IPTABLES RULE AND REVERT
# VM TO CLEAR.LIST>#
/usr/bin/echo "REVERT IPTABLES RULE AND REVERT VM TO CLEAN
LIST $free_port"
/usr/sbin/iptables -t nat -D PREROUTING -p tcp -i $input_iface --dport
$vdi_spice_port -j DNAT --to-destination 127.0.0.1:$free_port
/usr/sbin/iptables -D INPUT -i $input_iface -p tcp -m tcp --dport $free_port
-j ACCEPT
/usr/sbin/iptables -D OUTPUT -o $input_iface -p tcp -m tcp --sport
$free_port -j ACCEPT
/usr/bin/sed -i "/$free_port/d" $SRV_TMP_DIR/conn_wait.list
/usr/bin/echo $free_port >> $SRV_TMP_DIR/clear.list
#</COUNT HAS EXPIRED. REMOVE IPTABLES RULE AND REVERT VM
#TO CLEAR.LIST>#
/usr/bin/echo "#" "$date" "END EXECUTE VM_CONNECT.SH#"
# Attention! Must Be! sysctl net.ipv4.conf.all.route_localnet=1
Sengoliloeng sa vm_connect.sh se hlahisa melao ea firewall e etsang hore ho tsamaisoe boema-kepe ba "vdi_spice_port" ea sebopeho sa enp5s0 ho "spice console port" ea VM e fumanehang ho lo0 server interface, e fetisitsoeng joalo ka paramethara ea ho qala. Boema-kepe bo fetisetsoa ho conn_wait.list, VM e nkuoa e emetse khokahano. Mongolo o reng "RULE ADDED, CONNECT NOW" o romelloa ho Seteishene sa Client boema-kepeng ba "signal" ea seva, e lebelletsoeng ke mongolo oa remote.sh o sebetsang ho eona. Potoloho ea ho leta ea khokahano e qala ka palo ea liteko tse khethiloeng ke boleng ba "count_conn_tryes" e fapaneng ho tsoa faeleng ea tlhophiso. Motsotsoana o mong le o mong mohala o reng "RULE ADDED, CONNECT NOW" o tla romelloa sebokeng sa nc 'me ho tla hlahlojoa boteng ba khokahanyo e thehiloeng ho "spice_console".
Haeba bakeng sa palo e behiloeng ea liteko, ha ho na khokahano e hlahang, "spice_console" boema-kepe bo khutlisetsoa ho clear.list. Ts'ebetso ea vm_connect.sh e felile, ts'ebetso ea vm_manager.sh e tla qala hape, e qalang potoloho ea ho hlakola.
Haeba khokahanyo ea Seteishene sa Client le koung ea "spice_console" sehokelong sa lo0 e fumanoa, melao ea firewall e etsang hore ho be le tsela e 'ngoe lipakeng tsa "spice" ea seva le boema-kepe ba "spice_console" e tla hlakoloa 'me khokahano e tsoela pele ho ts'oaroa ho sebelisoa firewall state. mokhoa oa ho lemoha. Haeba khokahano e robehile, ho ke ke ha khoneha ho theha khokahano hape le "spice_console" port. Kou ea "spice_console" e fetisetsoa ho waste.list, VM e nkoa e le "litšila" 'me e ke ke ea khona ho khutlela letamong la mechine e "hloekileng" ea sebele ntle le ho hloekisa. Ts'ebetso ea vm_connect.sh e qetella le ts'ebetso ea vm_manager.sh e qala hape, e qalang potoloho ea tlhoekiso.
Potoloho ea ho hloekisa e qala ka ho sheba faele ea waste.list, eo ho eona "spice_console" linomoro tsa koung ea mechine ea sebele eo khokahanyo e thehiloeng ho eona e fetisetsoang. Ho ba teng ha khokahano e sebetsang ho khethoa boema-kepe bo bong le bo bong ba "spice_console" ho tsoa lenaneng. Haeba ho se na khokahano, ho nahanoa hore mochini o ts'oanelang ha o sa sebelisoa mme boema-kepe bo fetisetsoa ho sebelisoa hape.lethathamo le mokhoa oa ho hlakola mochini o sebetsang (sheba ka tlase) oo kou ena e neng e le oa ona e qalisoa. Haeba khokahanyo ea marang-rang e sebetsang e fumanoa boema-kepeng, mochine o bonahalang o nkoa o ntse o sebelisoa 'me ha ho na khato e etsoang ho oona. Haeba boema-kepe bo sa mamele, VM e nkoa e koetsoe 'me ha e sa hlokahala. Boema-kepe bo fetisetsoa ho recycle.lenane la mme tshebetso ya ho phumula mochini wa sebele e qadile. Ho etsa sena, mongolo oa vm_delete.sh o bitsoa, moo nomoro ea "spice_console" e fetisetsoang e le parameter ho ea koung ea VM e lokelang ho tlosoa.
/home/admin/scripts_vdi_new/vm_delete.sh
#!/bin/sh
#<Set local VARIABLES>#
port_to_delete="$1"
date=$(/usr/bin/date)
#</Set local VARIABLES>#
/usr/bin/echo "# $date START EXECUTE VM_DELETE.SH#"
/usr/bin/echo "TRY DELETE VM ON PORT: $vm_port"
#<VM NAME SETUP>#
vm_name_part1=$(/usr/bin/cat /etc/vm_manager.conf |/usr/bin/grep 'base_host'
|/usr/bin/cut -d'=' -f2)
vm_name=$(/usr/bin/echo "$vm_name_part1""-""$port_to_delete")
#</VM NAME SETUP>#
#<SHUTDOWN AND DELETE VM>#
/usr/bin/virsh destroy $vm_name
/usr/bin/virsh undefine $vm_name
/usr/bin/rm -f /var/lib/libvirt/images_write/$vm_name.qcow2
/usr/bin/sed -i "/$port_to_delete/d" $SRV_TMP_DIR/recycle.list
#</SHUTDOWN AND DELETE VM>#
/usr/bin/echo "VM ON PORT $vm_port HAS BEEN DELETE AND REMOVE"
"FROM RECYCLE.LIST. EXIT FROM VM_DELETE.SH"
/usr/bin/echo "# $date STOP EXECUTE VM_DELETE.SH#"
exit
Ho hlakola mochini o sebetsang ke ts'ebetso e sa reng letho; sengoloa sa vm_delete.sh se khetha lebitso la mochini o teng o nang le boema-kepe bo fetisitsoeng joalo ka paramethara ea ho qala. VM e qobelloa ho emisa, VM e tlosoa ho hypervisor, 'me disk e thata ea VM ena e tlosoa. Boema-kepe ba "spice_console" bo tlositsoe ho recycle.list. Phethahatso ea vm_delete.sh e qetella, ts'ebetso ea vm_manager.sh e qala hape
Script ea vm_manager.sh, ha ho phetheloa ts'ebetso ea ho hloekisa mechine e sa hlokahaleng ho tloha lethathamong la waste.list, e qala potoloho ea ho theha mechine ea sebele ka letamong.
Ts'ebetso e qala ka ho tsebahatsa li-port "spice_console" tse fumanehang bakeng sa ho beoa. Ho etsa sena, ho ipapisitsoe le paramethara ea faele ea "srv_start_port_pool", e behang kou ea ho qala bakeng sa "spice_console" ea mochini oa "spice_console", le parameter "srv_pool_size", e khethollang palo e kholo ea mechini e fumanehang, likhetho tsohle tse ka khonehang tsa boema-kepe li ka etsoa. batlisisoa ka tatellano. Bakeng sa boema-kepe bo bong le bo bong, e batlisisoa ho clear.list, waste.list, conn_wait.list, recycle.list. Haeba boema-kepe bo fumanoa ho efe kapa efe ea lifaele tsena, boema-kepe bo nkoa bo phathahane 'me boa tloloa. Haeba boema-kepe bo sa fumanehe lifaeleng tse boletsoeng, bo kenyelletsoa faeleng ea recycle.list mme mokhoa oa ho theha mochini o mocha o qalang o qala. Ho etsa sena, script ea vm_create.sh e bitsoa, e fetisitsoeng e le parameter "spice_console" nomoro ea boema-kepe eo VM e lokelang ho e etsa.
/home/admin/scripts_vdi_new/vm_create.sh
#!/bin/sh
/usr/bin/echo "#" "$date" "START RUNNING VM_CREATE.SH#"
new_vm_port=$1
date=$(/usr/bin/date)
a=0
/usr/bin/echo SRV_TMP_DIR=$SRV_TMP_DIR
#<SET LOCAL VARIABLES FOR SCRIPT>#
base_host=$(/usr/bin/cat /etc/vm_manager.conf |/usr/bin/grep "base_host"
|/usr/bin/cut -d "=" -f2)
/usr/bin/echo "base_host=$base_host"
#</SET LOCAL VARIABLES FOR SCRIPT>#
hdd_image_locate() {
/bin/echo "Run STEP 1 - hdd_image_locate"
hdd_base_image=$(/usr/bin/virsh dumpxml $base_host
|/usr/bin/grep "source file" |/usr/bin/grep "qcow2" |/usr/bin/head -n 1
|/usr/bin/cut -d "'" -f2)
if [ -z "$hdd_base_image" ]
then
/bin/echo "base hdd image not found!"
else
/usr/bin/echo "hdd_base_image found is a $hdd_base_image. Run next step 2"
#< CHECK FOR SNAPSHOT ON BASE HDD >#
if [ 0 -eq `/usr/bin/qemu-img info "$hdd_base_image" | /usr/bin/grep -c "Snapshot"` ]
then
/usr/bin/echo "base image haven't snapshot, run NEXT STEP 3"
else
/usr/bin/echo "base hdd image have a snapshot, can't use this image"
exit
fi
#</ CHECK FOR SNAPSHOT ON BASE HDD >#
#< CHECK FOR HDD IMAGE IS LINK CLONE >#
if [ 0 -eq `/usr/bin/qemu-img info "$hdd_base_image" |/usr/bin/grep -c "backing file"
then
/usr/bin/echo "base image is not a linked clone, NEXT STEP 4"
/usr/bin/echo "Base image check complete!"
else
/usr/bin/echo "base hdd image is a linked clone, can't use this image"
exit
fi
fi
#</ CHECK FOR HDD IMAGE IS LINK CLONE >#
cloning
}
cloning() {
# <Step_1 turn the base VM off >#
/usr/bin/virsh shutdown $base_host > /dev/null 2>&1
# </Step_1 turn the base VM off >#
#<Create_vm_config>#
/usr/bin/echo "Free port for Spice VM is $new_vm_port"
#<Setup_name_for_new_VM>#
new_vm_name=$(/bin/echo $base_host"-"$new_vm_port)
#</Setup_name_for_new_VM>#
#<Make_base_config_as_clone_base_VM>#
/usr/bin/virsh dumpxml $base_host > $SRV_TMP_DIR/$new_vm_name.xml
#<Make_base_config_as_clone_base_VM>#
##<Setup_New_VM_Name_in_config>##
/usr/bin/sed -i "s%<name>$base_host</name>%<name>$new_vm_name</name>%g" $SRV_TMP_DIR/$new_vm_name.xml
#</Setup_New_VM_Name_in_config>#
#<UUID Changing>#
old_uuid=$(/usr/bin/cat $SRV_TMP_DIR/$new_vm_name.xml |/usr/bin/grep "<uuid>")
/usr/bin/echo old UUID $old_uuid
new_uuid_part1=$(/usr/bin/echo "$old_uuid" |/usr/bin/cut -d "-" -f 1,2)
new_uuid_part2=$(/usr/bin/echo "$old_uuid" |/usr/bin/cut -d "-" -f 4,5)
new_uuid=$(/bin/echo $new_uuid_part1"-"$new_vm_port"-"$new_uuid_part2)
/usr/bin/echo $new_uuid
/usr/bin/sed -i "s%$old_uuid%$new_uuid%g" $SRV_TMP_DIR/$new_vm_name.xml
#</UUID Changing>#
#<Spice port replace>#
old_spice_port=$(/usr/bin/cat $SRV_TMP_DIR/$new_vm_name.xml
|/usr/bin/grep "graphics type='spice' port=")
/bin/echo old spice port $old_spice_port
new_spice_port=$(/usr/bin/echo "<graphics type='spice' port='$new_vm_port' autoport='no' listen='127.0.0.1'>")
/bin/echo $new_spice_port
/usr/bin/sed -i "s%$old_spice_port%$new_spice_port%g" $SRV_TMP_DIR/$new_vm_name.xml
#</Spice port replace>#
#<MAC_ADDR_GENERATE>#
mac_new=$(/usr/bin/hexdump -n6 -e '/1 ":%02X"' /dev/random|/usr/bin/sed s/^://g)
/usr/bin/echo New Mac is $mac_new
#</MAC_ADDR_GENERATE>#
#<GET OLD MAC AND REPLACE>#
mac_old=$(/usr/bin/cat $SRV_TMP_DIR/$new_vm_name.xml |/usr/bin/grep "mac address=")
/usr/bin/echo old mac is $mac_old
/usr/bin/sed -i "s%$mac_old%$mac_new%g" $SRV_TMP_DIR/$new_vm_name.xml
#<GET OLD MAC AND REPLACE>#
#<new_disk_create>#
/usr/bin/qemu-img create -f qcow2 -b $hdd_base_image /var/lib/libvirt/images_write/$new_vm_name.qcow2
#</new_disk_create>#
#<attach_new_disk_in_confiig>#
/usr/bin/echo hdd base image is $hdd_base_image
/usr/bin/sed -i "s%<source file='$hdd_base_image'/>%<source file='/var/lib/libvirt/images_write/$new_vm_name.qcow2'/>%g" $SRV_TMP_DIR/$new_vm_name.xml
#</attach_new_disk_in_confiig>#
starting_vm
#</Create_vm config>#
}
starting_vm() {
/usr/bin/virsh define $SRV_TMP_DIR/$new_vm_name.xml
/usr/bin/virsh start $new_vm_name
while [ $a -ne 1 ]
do
if /usr/bin/virsh list --all |/usr/bin/grep "$new_vm_name" |/usr/bin/grep "running" > /dev/null 2>&1
then
a=1
/usr/bin/sed -i "/$new_vm_port/d" $SRV_TMP_DIR/recycle.list
/usr/bin/echo $new_vm_port >> $SRV_TMP_DIR/clear.list
/usr/bin/echo "#" "$date" "VM $new_vm_name IS STARTED #"
else
/usr/bin/echo "#VM $new_vm_name is not ready#"
a=0
/usr/bin/sleep 2s
fi
done
/usr/bin/echo "#$date EXIT FROM VM_CREATE.SH#"
exit
}
hdd_image_locate
Mokhoa oa ho theha mochine o mocha oa sebele
Sengoliloeng sa vm_create.sh se bala boleng ba "base_host" e feto-fetohang ho tsoa faeleng ea tlhophiso, e khethollang mohlala oa mochini o sebetsang motheong oa hore clone e tla etsoa. E khoasolla tlhophiso ea xml ea VM ho tsoa ho database ea hypervisor, e etsa letoto la licheke tsa qcow setšoantšong sa disk sa VM, 'me ha e phethiloe ka katleho, e theha faele ea tlhophiso ea xml bakeng sa VM e ncha le setšoantšo sa "clone e hokahaneng" ea e ncha. VM. Ka mor'a moo, xml config ea VM e ncha e kenngoa ka har'a database ea hypervisor 'me VM e qala. Sebaka sa "spice_console" se tlositsoe ho tloha recycle.list ho ea clear.list. Ts'ebetso ea vm_create.sh e ea fella 'me ts'ebetso ea vm_manager.sh e fela.
Nakong e tlang ha u hokahanya, ntho e 'ngoe le e' ngoe e qala ho tloha qalong.
Bakeng sa maemo a tšohanyetso, kit e kenyelletsa sengoloa sa vm_clear.sh, se tsamaeang ka likhoka ho pholletsa le li-VM tsohle ho tsoa letamong ebe se li hlakola, se beha lenane la boleng ho zero. Ho e bitsa nakong ea boot phase ho u lumella ho qala (tlasa) VDI ka letlapa le hloekileng.
/home/admin/scripts_vdi_new/vm_clear.sh
#!/usr/bin/sh
#set VARIABLES#
SRV_SCRIPTS_DIR=$(/usr/bin/cat /etc/vm_manager.conf
|/usr/bin/grep "srv_scripts_dir" |/usr/bin/cut -d "=" -f2)
/usr/bin/echo "SRV_SCRIPTS_DIR=$SRV_SCRIPTS_DIR"
export SRV_SCRIPTS_DIR=$SRV_SCRIPTS_DIR
SRV_TMP_DIR=$(/usr/bin/cat /etc/vm_manager.conf
|/usr/bin/grep "srv_tmp_dir" |/usr/bin/cut -d "=" -f2)
/usr/bin/echo "SRV_TMP_DIR=$SRV_TMP_DIR"
export SRV_TMP_DIR=$SRV_TMP_DIR
SRV_POOL_SIZE=$(/usr/bin/cat /etc/vm_manager.conf
|/usr/bin/grep "srv_pool_size" |/usr/bin/cut -d "=" -f2)
/usr/bin/echo "SRV_POOL_SIZE=$SRV_POOL_SIZE"
SRV_START_PORT_POOL=$(/usr/bin/cat /etc/vm_manager.conf
|/usr/bin/grep "srv_start_port_pool" |/usr/bin/cut -d "=" -f2)
/usr/bin/echo SRV_START_PORT_POOL=$SRV_START_PORT_POOL
#Set VARIABLES#
/usr/bin/echo "= Cleanup ALL VM="
/usr/bin/mkdir $SRV_TMP_DIR
/usr/sbin/service iptables restart
/usr/bin/cat /dev/null > $SRV_TMP_DIR/clear.list
/usr/bin/cat /dev/null > $SRV_TMP_DIR/waste.list
/usr/bin/cat /dev/null > $SRV_TMP_DIR/recycle.list
/usr/bin/cat /dev/null > $SRV_TMP_DIR/conn_wait.list
port_to_delete=$(($SRV_START_PORT_POOL+$SRV_POOL_SIZE))
while [ "$port_to_delete" -gt "$SRV_START_PORT_POOL" ]
do
$SRV_SCRIPTS_DIR/vm_delete.sh $port_to_delete
port_to_delete=$(($port_to_delete-1))
done
/usr/bin/echo "= EXIT FROM VM_CLEAR.SH="
Ka sena ke rata ho qetella karolo ea pele ea pale ea ka. Lintlha tse ka holimo li lokela ho lekana bakeng sa batsamaisi ba sistimi ho leka underVDI ka ts'ebetso. Haeba sechaba se fumana sehlooho sena se khahla, karolong ea bobeli ke tla bua ka ho fetola livecd ea Fedora le ho e fetola kiosk.
Source: www.habr.com
