edge01: systemd unit for running RIPE Atlas anchor VM

Change-Id: I5d91c3b3075c404af92d40f33a48a487b84ec7a5
2020-12-10 15:38:29 +01:00 · 2020-12-10 15:38:29 +01:00 · c726798ef7
parent 76de8f860d
commit c726798ef7
4 changed files with 70 additions and 1 deletions
--- a/bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
+++ b/bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
@ -27,6 +27,7 @@
    { device = "/dev/disk/by-uuid/D8BA-345D";
      fsType = "vfat";
    };
+  hscloud.anchorvm.blkdev = "/dev/janusz-vg/ripeanchor";

  swapDevices =
    [ { device = "/dev/disk/by-uuid/5dadcff4-fcd4-4e8d-81f6-be68fb630396"; }
--- a/bgpwtf/machines/edge01.waw.bgp.wtf.nix
+++ b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
@ -22,7 +22,7 @@ in rec {

  imports = [
    ./modules/router.nix
-
+    ./modules/anchorvm.nix
    # Private configuration data - notably, customer data.
    ./secrets/plain/edge01.waw.bgp.wtf-private.nix
  ];
@ -129,9 +129,22 @@ in rec {
      ipv4.addresses = [ { address = "185.236.240.14"; prefixLength = 31; } ];
      ipv6.addresses = [ { address = "2a0d:eb00:2137:1::a"; prefixLength = 127; } ];
    };
+    # VM bridge
+    "br0" = {
+      ipv4.addresses = [ { address = "185.236.240.17"; prefixLength = 29; } ];
+      ipv6.addresses = [ { address = "2a0d:eb00:2137:3::1"; prefixLength = 64; } ];
+    };

    # Extra interface configs contained in //bgpwtf/machines/secrets/plain/edge01.waw.bgp.wtf-private.nix
  };
+  networking.bridges = {
+    "br0" = {
+      interfaces = [];
+    };
+  };
+  hscloud.anchorvm = {
+    bridge = "br0";
+  };

  hscloud.routing.enable = true;
  hscloud.routing.routerID = "185.236.240.1";
--- a/bgpwtf/machines/modules/anchorvm.nix
+++ b/bgpwtf/machines/modules/anchorvm.nix
@ -0,0 +1,44 @@
+# This module runs the RIPE anchor VM in a bare qemu.
+# It's expected that a storage LV is created independently and passed as blkdev.
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.hscloud.anchorvm;
+
+in {
+  options.hscloud.anchorvm = {
+    blkdev = mkOption {
+      type = types.str;
+      description = "Root block device";
+    };
+    bridge = mkOption {
+      type = types.str;
+      description = "bridge interface";
+    };
+    ram = mkOption {
+      type = types.int;
+      description = "memory allocated to the vm";
+      default = 2048;
+    };
+  };
+
+  config.systemd.services.anchorvm = {
+    wantedBy = [ "multi-user.target" ];
+    after = [
+      "network.target"
+    ];
+    serviceConfig = {
+      Type = "simple";
+      # spawn=allow needed for bridge helper
+      ExecStart = ''${pkgs.qemu}/bin/qemu-kvm \
+        -nographic -m ${toString cfg.ram} -smp 2 \
+        -drive file=${cfg.blkdev},if=virtio,cache=none,format=raw \
+        -nic bridge,br=${cfg.bridge},model=virtio-net-pci \
+        -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=allow,resourcecontrol=deny
+      '';
+      Restart = "always";
+    };
+  };
+}
--- a/bgpwtf/machines/tests/edge01-waw.nix
+++ b/bgpwtf/machines/tests/edge01-waw.nix
@ -163,6 +163,17 @@ test = import "${pkgsSrc}/nixos/tests/make-test-python.nix" ({ pkgs, libs, ... }
        "e4-oob" = { virtual = true; virtualType = "tap"; };
        "e7-dcsw" = { virtual = true; virtualType = "tap"; };
      };
+      hscloud.anchorvm = {
+        blkdev = "/anchor.img";
+        ram = 32;
+      };
+      systemd.services.anchorTestImg = {
+        requiredBy = [ "anchorvm.service" ];
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart = "${pkgs.coreutils}/bin/truncate -s 128m /anchor.img";
+        };
+      };
    };

    speaker = mkBGPSpeaker;