-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsetup.sh
executable file
·323 lines (297 loc) · 10.9 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
#!/bin/bash
# SPDX-license-identifier: Apache-2.0
##############################################################################
# Copyright (c) 2019,2022
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
set -o nounset
set -o errexit
set -o pipefail
msg="Summary \n"
export PKG_VAGRANT_VERSION=${PKG_VAGRANT_VERSION:-2.4.1}
export PKG_VIRTUALBOX_VERSION=6.1
if [ "${DEBUG:-false}" == "true" ]; then
set -o xtrace
export PKG_DEBUG=true
fi
function _reload_grub {
if command -v clr-boot-manager; then
sudo clr-boot-manager update
elif command -v grub-mkconfig; then
sudo grub-mkconfig -o /boot/grub/grub.cfg
sudo update-grub
elif command -v grub2-mkconfig; then
grub_cfg="$(sudo readlink -f /etc/grub2.cfg)"
if dmesg | grep EFI; then
grub_cfg="/boot/efi/EFI/centos/grub.cfg"
fi
sudo grub2-mkconfig -o "$grub_cfg"
fi
}
function _enable_dnssec {
if [ -f /etc/dnsmasq.d/libvirt-daemon ] && ! grep -q "^dnssec$" /etc/dnsmasq.d/libvirt-daemon; then
msg+="- INFO: DNSSEC was enabled in dnsmasq service\n"
echo dnssec | sudo tee --append /etc/dnsmasq.d/libvirt-daemon
fi
}
function _enable_iommu {
if ! iommu_support=$(sudo virt-host-validate qemu | grep 'Checking for device assignment IOMMU support'); then
echo "- WARN - IOMMU support checker reported: $(awk -F':' '{print $3}' <<<"$iommu_support")"
fi
if sudo virt-host-validate qemu | grep -q 'Checking if IOMMU is enabled by kernel'; then
return
fi
if [[ ${ID,,} == *clear-linux-os* ]]; then
mkdir -p /etc/kernel/cmdline.d
echo "intel_iommu=on" | sudo tee /etc/kernel/cmdline.d/enable-iommu.conf
else
if [ -f /etc/default/grub ] && [[ "$(grep "GRUB_CMDLINE_LINUX=" /etc/default/grub)" != *intel_iommu=on* ]]; then
sudo sed -i "s|^GRUB_CMDLINE_LINUX=\(.*\)\"|GRUB_CMDLINE_LINUX=\1 intel_iommu=on\"|g" /etc/default/grub
fi
fi
_reload_grub
msg+="- WARN: IOMMU was enabled and requires to reboot the server to take effect\n"
}
function _enable_nested_virtualization {
vendor_id=$(lscpu | grep "Vendor ID")
if [[ $vendor_id == *GenuineIntel* ]]; then
if [ -f /sys/module/kvm_intel/parameters/nested ]; then
kvm_ok=$(cat /sys/module/kvm_intel/parameters/nested)
if [[ $kvm_ok == 'N' ]]; then
msg+="- INFO: Intel Nested-Virtualization was enabled\n"
sudo rmmod kvm-intel
echo 'options kvm-intel nested=y' | sudo tee --append /etc/modprobe.d/dist.conf
sudo modprobe kvm-intel
fi
fi
else
if [ -f /sys/module/kvm_amd/parameters/nested ]; then
kvm_ok=$(cat /sys/module/kvm_amd/parameters/nested)
if [[ $kvm_ok == '0' ]]; then
msg+="- INFO: AMD Nested-Virtualization was enabled\n"
sudo rmmod kvm-amd
echo 'options kvm-amd nested=1' | sudo tee --append /etc/modprobe.d/dist.conf
sudo modprobe kvm-amd
fi
fi
fi
sudo modprobe vhost_net
}
function _enable_rc_local {
if [ ! -f /etc/rc.d/rc.local ]; then
sudo mkdir -p /etc/rc.d/
echo '#!/bin/bash' | sudo tee /etc/rc.d/rc.local
fi
if [ ! -f /etc/systemd/system/rc-local.service ]; then
sudo bash -c 'cat << EOL > /etc/systemd/system/rc-local.service
[Unit]
Description=/etc/rc.d/rc.local Compatibility
ConditionPathExists=/etc/rc.d/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.d/rc.local
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
EOL'
fi
sudo chmod +x /etc/rc.d/rc.local
sudo systemctl --now enable rc-local
}
function _create_sriov_vfs {
_enable_rc_local
for nic in $(sudo lshw -C network -short | grep Connection | awk '{ print $2 }'); do
if [ -e "/sys/class/net/$nic/device/sriov_numvfs" ] && grep -e up "/sys/class/net/$nic/operstate" >/dev/null; then
sriov_numvfs=$(cat "/sys/class/net/$nic/device/sriov_totalvfs")
echo 0 | sudo tee "/sys/class/net/$nic/device/sriov_numvfs"
echo "$sriov_numvfs" | sudo tee "/sys/class/net/$nic/device/sriov_numvfs"
if ! grep "$nic/device/sriov_numvf" /etc/rc.d/rc.local; then
echo "echo '$sriov_numvfs' > /sys/class/net/$nic/device/sriov_numvfs" | sudo tee --append /etc/rc.d/rc.local
fi
msg+="- INFO: $sriov_numvfs SR-IOV Virtual Functions enabled on $nic\n"
fi
done
}
function _vercmp {
local v1=$1
local op=$2
local v2=$3
local result
# sort the two numbers with sort's "-V" argument. Based on if v2
# swapped places with v1, we can determine ordering.
result=$(echo -e "$v1\n$v2" | sort -V | head -1)
case $op in
"==")
[ "$v1" = "$v2" ]
return
;;
">")
[ "$v1" != "$v2" ] && [ "$result" = "$v2" ]
return
;;
"<")
[ "$v1" != "$v2" ] && [ "$result" = "$v1" ]
return
;;
">=")
[ "$result" = "$v2" ]
return
;;
"<=")
[ "$result" = "$v1" ]
return
;;
*)
echo "unrecognised op: $op"
exit 1
;;
esac
}
function _check_qemu {
if command -v qemu-system-x86_64; then
qemu_version_installed=$(qemu-system-x86_64 --version | perl -pe '($_)=/([0-9]+([.][0-9]+)+)/')
if _vercmp "${qemu_version_installed}" '>' "2.6.0"; then
if [ -f /etc/libvirt/qemu.conf ]; then
# Permissions required to enable Pmem in QEMU
sudo sed -i 's/#security_driver .*/security_driver = "none"/' /etc/libvirt/qemu.conf
fi
if [ -f /etc/apparmor.d/abstractions/libvirt-qemu ]; then
sudo sed -i "s| /{dev,run}/shm .*| /{dev,run}/shm rw,|" /etc/apparmor.d/abstractions/libvirt-qemu
fi
sudo systemctl restart libvirtd
else
# NOTE: PMEM in QEMU (https://nvdimm.wiki.kernel.org/pmem_in_qemu)
msg+="- WARN: PMEM support in QEMU is available since 2.6.0"
msg+=" version. This host server is using the ${qemu_version_installed} version.\n"
fi
fi
}
function _exit_trap() {
if [[ ${DEBUG:-false} == "true" ]]; then
set +o xtrace
fi
printf "CPU usage: "
grep 'cpu ' /proc/stat | awk '{usage=($2+$4)*100/($2+$4+$5)} END {print usage " %"}'
printf "Memory free(Kb): "
awk -v low="$(grep low /proc/zoneinfo | awk '{k+=$2}END{print k}')" '{a[$1]=$2} END{ print a["MemFree:"]+a["Active(file):"]+a["Inactive(file):"]+a["SReclaimable:"]-(12*low);}' /proc/meminfo
echo "Environment variables:"
printenv
}
function _check_reqs {
if ! sudo -n "true"; then
echo ""
echo "passwordless sudo is needed for '$(id -nu)' user."
echo "Please fix your /etc/sudoers file. You likely want an"
echo "entry like the following one..."
echo ""
echo "$(id -nu) ALL=(ALL) NOPASSWD: ALL"
exit 1
fi
}
function _install_deps {
CONFIGURE_ARGS="with-libvirt-include=/usr/include/libvirt"
# shellcheck disable=SC1091
source /etc/os-release || source /usr/lib/os-release
case ${ID,,} in
*suse*)
if [ "${PROVIDER}" == "libvirt" ]; then
# https://github.com/hashicorp/vagrant/issues/12138
export PKG_VAGRANT_VERSION=2.2.13
fi
sudo zypper -n ref
INSTALLER_CMD="sudo -H -E zypper -q install -y --no-recommends"
CONFIGURE_ARGS+=" with-libvirt-lib=/usr/lib64"
;;
ubuntu | debian)
echo '* libraries/restart-without-asking boolean true' | sudo debconf-set-selections
sudo apt-get update
INSTALLER_CMD="sudo -H -E apt-get -y -q=3 install"
CONFIGURE_ARGS+=" with-libvirt-lib=/usr/lib"
;;
rhel | centos | fedora | rocky)
PKG_MANAGER=$(command -v dnf || command -v yum)
INSTALLER_CMD="sudo -H -E ${PKG_MANAGER} -q -y install"
if ! sudo "$PKG_MANAGER" repolist | grep "epel/"; then
$INSTALLER_CMD epel-release
fi
sudo "$PKG_MANAGER" updateinfo --assumeyes
CONFIGURE_ARGS+=" with-libvirt-lib=/usr/lib64"
;;
esac
export CONFIGURE_ARGS
pkgs="vagrant"
group="vboxusers"
case ${PROVIDER} in
virtualbox)
pkgs+=" virtualbox"
;;
libvirt)
$INSTALLER_CMD qemu || :
pkgs+=" bridge-utils dnsmasq ebtables libvirt"
pkgs+=" qemu-kvm ruby-devel gcc nfs make libguestfs"
pkgs+=" pkgconf"
if ! [[ "centos rocky" =~ (^|[[:space:]])${ID,,}($|[[:space:]]) ]]; then
pkgs+=" qemu-utils"
fi
# Make kernel image world-readable required for supermin
if command -v dpkg-statoverride; then
sudo dpkg-statoverride --update --add root root 0644 "/boot/vmlinuz-$(uname -r)" || :
fi
group="kvm"
;;
esac
if [ "${CREATE_SRIOV_VFS:-false}" == "true" ]; then
pkgs+=" sysfsutils lshw"
fi
curl -fsSL http://bit.ly/install_pkg | PKG="$pkgs" PKG_UPDATE=true bash
msg+="- INFO: Installing vagrant $PKG_VAGRANT_VERSION\n"
if (! groups | grep -q "$group") || (! getent group "$group" | grep -q "$USER"); then
msg+="- INFO: Adding $USER to $group group\n"
sudo usermod -aG "$group" "$USER"
fi
}
function _install_plugins {
if [ -n "${HTTP_PROXY-}" ] || [ -n "${HTTPS_PROXY-}" ] || [ -n "${NO_PROXY-}" ]; then
vagrant plugin install vagrant-proxyconf
fi
if [ "${PROVIDER}" == "libvirt" ]; then
msg+="- INFO: Installing vagrant-libvirt plugin\n"
# NOTE: Use workaround https://github.com/hashicorp/vagrant/issues/12445
if _vercmp "${PKG_VAGRANT_VERSION}" '==' "2.2.17"; then
sudo ln -s /opt/vagrant/embedded/include/ruby-3.0.0/ruby/st.h /opt/vagrant/embedded/include/ruby-3.0.0/st.h
export CFLAGS="-I/opt/vagrant/embedded/include/ruby-3.0.0/ruby"
fi
vagrant plugin install vagrant-libvirt
unset CFLAGS
_check_qemu
_enable_iommu
_enable_dnssec
_enable_nested_virtualization
fi
vagrant plugin install vagrant-reload
vagrant plugin install vagrant-packet
vagrant plugin install vagrant-google
}
function _configure_addons {
if [ "${CREATE_SRIOV_VFS:-false}" == "true" ]; then
_create_sriov_vfs
msg+="- INFO: SR-IOV Virtual Functions were created\n"
fi
}
function main {
_check_reqs
trap _exit_trap ERR
trap 'echo -e $msg' EXIT
_install_deps
_install_plugins
_configure_addons
}
if [[ ${__name__:-"__main__"} == "__main__" ]]; then
main
fi