wip python port of VM management script

2024-06-02 23:25:05 +02:00 · 2024-06-02 23:25:05 +02:00 · eef84fb2b9
parent 5b3e79c671
commit eef84fb2b9
1 changed files with 255 additions and 0 deletions
--- a/src/vm-mgmt-py
+++ b/src/vm-mgmt-py
@ -0,0 +1,255 @@
+#!/usr/bin/env python3
+
+import os
+import re
+import shlex
+import socket
+import subprocess
+import sys
+import tomllib
+
+## BINARY PATHS
+
+IP = '/usr/bin/ip'
+MODPROBE = '/usr/bin/modprobe'
+MOUNT = '/usr/bin/mount'
+QEMU = '/usr/bin/qemu-system-x86_64'
+QEMU_NBD = '/usr/bin/qemu-nbd'
+SETPRIV = '/usr/bin/setpriv'
+SOCAT = '/usr/bin/socat'
+UMOUNT = '/usr/bin/umount'
+VIRTIOFSD = '/usr/lib/virtiofsd'
+
+## CONSTANTS
+
+CFG_BASE = '/srv/vm'
+RUN_BASE = '/run/vm'
+
+MAC_FMT = '52:54:00:00:00:{:02x}'
+IP4_FMT = '10.238.2.{:03d}'
+IP6_FMT = '2a00:5881:4008:46ff::2{:02x}'
+
+HOST_IP4 = '10.238.1.1'
+HOST_IP6 = '2a00:5881:4008:46ff::101'
+QEMU_USER = 'qemu'
+QEMU_GROUP = 'qemu'
+
+def exit_fail(msg):
+    print(f'[error] {msg}', file=sys.stderr)
+    sys.exit(1)
+
+def exit_ok(msg):
+    print(f'[info] {msg}', file=sys.stderr)
+    sys.exit(0)
+
+class VM:
+    def __init__(self, vm_name):
+        if not re.match(r'[a-zA-Z]+[0-9]*$', vm_name):
+            raise ValueError(f'bad VM name: {vm_name}')
+
+        self.name = vm_name
+
+        self.cfg_dir = os.path.join(CFG_BASE, vm_name)
+        self.run_dir = os.path.join(RUN_BASE, vm_name)
+
+        self.ifname = f'vm-{vm_name}'
+        self.cfg_path = os.path.join(self.cfg_dir, 'config.toml')
+        self.disk_path = os.path.join(self.cfg_dir, 'disk.qcow2')
+        self.console_path = os.path.join(self.run_dir, 'console.sock')
+        self.control_path = os.path.join(self.run_dir, 'monitor.sock')
+
+    def is_running(self):
+        return os.path.exists(self.control_path)
+
+    def check_running(self):
+        """Check if VM is running, if not fail gracefully."""
+
+        if not self.is_running():
+            exit_fail(f'control socket not found, is VM {self.name} running?')
+
+    def send_command(self, cmd):
+        """Send QEMU monitor command to VM.
+
+        See https://www.qemu.org/docs/master/system/monitor.html."""
+
+        self.check_running()
+
+        ctrl = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+        try:
+            ctrl.connect(self.control_path)
+        except Exception as err:
+            exit_fail(f'cannot connect to control socket: {err!s}')
+
+        data = cmd + '\n'
+        ctrl.sendall(data.encode('ascii'))
+
+        ctrl.close()
+
+    def do_mount(self):
+        if self.is_running():
+            exit_fail('cannot mount rootfs while VM is running')
+        if not os.getuid() == 0:
+            exit_fail('must be root (uid=0) to mount VM rootfs')
+        if not os.path.exists(self.disk_path):
+            exit_fail(f'VM rootfs image does not exist: {self.disk_path}')
+
+        mnt_path = os.path.join('/tmp', self.name)
+        if os.path.ismount(mnt_path):
+            exit_fail('VM rootfs is already mounted')
+        if os.path.exists(mnt_path):
+            exit_fail(f'stale mountpoint already exists, please clean-up: {mnt_path}')
+
+        subprocess.run([MODPROBE, 'nbd'])
+        subprocess.run([QEMU_NBD, '--connect=/dev/nbd0', self.disk_path])
+
+        os.mkdir(mnt_path)
+        subprocess.run([MOUNT, '/dev/nbd0p1', mnt_path])
+        subprocess.run([MOUNT, '-t', 'proc', os.path.join(mnt_path, 'proc')])
+        subprocess.run([MOUNT, '-t', 'sysfs', os.path.join(mnt_path, 'sys')])
+        subprocess.run([MOUNT, '--rbind', '/dev', os.path.join(mnt_path, 'dev')])
+        subprocess.run([MOUNT, '--make-rslave', mnt_path])
+
+        exit_ok(f'mounted VM rootfs at {mnt_path}')
+
+    def do_umount(self):
+        if self.is_running():
+            exit_fail('cannot unmount rootfs while VM is running')
+        if not os.getuid() == 0:
+            exit_fail('must be root (uid=0) to unmount VM rootfs')
+
+        mnt_path = os.path.join('/tmp', self.name)
+        if not os.path.exists(mnt_path):
+            exit_fail('mountpoint not found, is VM rootfs is mounted?')
+        if not os.path.ismount(mnt_path):
+            exit_fail(f'stale mountpoint exists, please clean-up: {mnt_path}')
+
+        subprocess.run([UMOUNT, '--recursive', mnt_path])
+        os.rmdir(mnt_path)
+        subprocess.run([QEMU_NBD, '--disconnect', '/dev/nbd0'])
+        subprocess.run([RMMOD, 'nbd'])
+
+        exit_ok('unmounted VM rootfs\n')
+
+    def do_monitor(self):
+        self.check_running()
+        print(f'[info] connecting to QEMU monitor of VM: {self.name}')
+        print('[info] press ctrl-c to exit')
+        os.execv(SOCAT, ['socat', 'readline', f'unix-connect:{self.control_path}'])
+
+    def do_console(self):
+        self.check_running()
+        print(f'[info] connecting to console of VM: {self.name}')
+        print('[info] press ctrl-o to exit')
+        os.execv(SOCAT, ['socat', '-,escape=0x0f,raw,echo=0', f'unix-connect:{self.console_path}'])
+
+    def do_stop(self):
+        self.send_command('system_poweroff')
+        subprocess.run([IP, 'link', 'del', self.ifname])
+
+    def do_reload(self):
+        self.send_command('system_reset')
+
+    def do_start(self):
+        if self.is_running():
+            exit_fail('VM is already running')
+
+        if not os.path.exists(self.cfg_path):
+            exit_fail(f'VM config file does not exist: {self.cfg_path}')
+        if not os.path.exists(self.disk_path):
+            exit_fail(f'VM rootfs image does not exist: {self.disk_path}')
+
+        print('[info] loading config', file=sys.stderr)
+
+        try:
+            with open(self.cfg_path, 'r') as fd:
+                cfg = tomllib.load(fd)
+        except Exception as err:
+            exit_fail(f'could not load VM config file: {err!s}')
+
+        for k in ('id', 'vcpu_number', 'memory_size'):
+            if k not in cfg:
+                exit_fail(f'configuration: "{k}" is required')
+
+        vm_id = cfg['id']
+        vm_mem = cfg['memory_size']
+        vm_cpu = cfg['vcpu_number']
+
+        if not isinstance(vm_id, int):
+            exit_fail('configuration: "id" must be an integer')
+        if not isinstance(vm_cpu, int):
+            exit_fail('configuration: "vcpu_number" must be an integer')
+
+        shares = cfg.get('shares', [])
+        if not isinstance(shares, list):
+            exit_fail('configuration: "shares" must be an array')
+        for s in shares:
+            for k in ('tag', 'host_path'):
+                if k not in s:
+                    exit_fail(f'configuration: "[[shares]]" must contain key "{k}"')
+            if not re.match(r'[a-zA-Z]+[0-9]*', s['tag']):
+                exit_fail('configuration: "[[shares]].tag" is not valid')
+
+        extra_args = cfg.get('qemu_extra_args', '')
+        if not isinstance(extra_args, str):
+            exit_fail('configuration: "qemu_extra_args" must be a string')
+        try:
+            extra_args = shlex.split(extra_args)
+        except Exception as err:
+            exit_fail(f'error parsing "qemu_extra_args": {err!s}')
+
+        vm_mac = MAC_FMT.format(vm_id)
+        vm_ip4 = IP4_FMT.format(vm_id)
+        vm_ip6 = IP6_FMT.format(vm_id)
+
+        print('[info] starting network', file=sys.stderr)
+
+        subprocess.run([IP, 'tuntap', 'add', 'dev', self.ifname, 'mode', 'tag', 'group', QEMU_GROUP])
+        subprocess.run([IP, 'link', 'set', 'dev', self.ifname, 'up'])
+        subprocess.run([IP, 'address', 'add', HOST_IP4, 'dev', self.ifname])
+        subprocess.run([IP, 'address', 'add', HOST_IP6, 'dev', self.ifname])
+        subprocess.run([IP, 'route', 'add', vm_ip4, 'dev', self.ifname])
+        subprocess.run([IP, 'route', 'add', vm_ip6, 'dev', self.ifname])
+
+        print('[info] starting virtiofsd', file=sys.stderr)
+
+        for s in shares:
+            tag = s['tag']
+            path = s['host_path']
+            sock_path = os.path.join(self.run_dir, f'vhost-fs-{tag}.sock')
+
+            # spawn virtiofs server
+            subprocess.Popen([
+                VIRTIOFSD,
+                '--socket-path', sock_path,
+                '--socket-group', QEMU_GROUP,
+                '--shared-dir', path,
+                '--cache', 'always'])
+
+            # add extra qemu config
+            extra_args.extend([
+                '-chardev', f'socket,id=vhost-{tag},path={sock_path}',
+                '-device', f'vhost-user-fs-pci,queue-size=1024,chardev=vhost-{tag},tag={tag}'])
+
+        print('[info] starting qemu', file=sys.stderr)
+
+        mem_opt = ',share=on' if shares else ''
+
+        os.execv(SETPRIV,
+            [SETPRIV,
+             '--reuid', QEMU_USER, '--regid', QEMU_GROUP, '--init-groups',
+             '--inh-caps', '-all', '--reset-env',
+             QEMU,
+             '-nodefaults', '-no-user-config', '-nographics', '-enable-kvm', '-sandbox', 'on',
+             '-machine', 'pc', '-cpu', 'host', '-smp', vm_cpu, '-m', vm_mem,
+             '-monitor', f'unix:{self.control_path},server=on,wait=off',
+             '-serial', f'unix:{self.console_path},server=on,wait=off',
+             # memory
+             '-object', f'memory-backend-file,id=mem0,size={mem},mem-path=/dev/hugepages/qemu{mem_opt}',
+             '-numa', 'node,memdev=mem0',
+             # disk
+             '-drive', f'file={self.disk_path},format=qcow2,id=disk0,if=none',
+             '-device' 'virtio-blk-pci,drive=disk0',
+             # network
+             '-netdev', f'tap,id=net0,ifname={self.ifname},script=no,downscript=no,vhost=on',
+             '-device', f'virtio-net-pci,mac={vm_mac},netdev=net0',
+             *extra_args])