50 lines
981 B
Ruby
50 lines
981 B
Ruby
#
|
|
# Cookbook:: kosmos_kvm
|
|
# Recipe:: host
|
|
#
|
|
|
|
package %w(virtinst libvirt-daemon-system)
|
|
|
|
directory "/var/lib/libvirt/images/base" do
|
|
recursive true
|
|
owner "libvirt-qemu"
|
|
group "kvm"
|
|
mode "0750"
|
|
end
|
|
|
|
# Base VM image
|
|
remote_file node["kosmos_kvm"]["host"]["qemu_base_image"]["path"] do
|
|
source node["kosmos_kvm"]["host"]["qemu_base_image"]["url"]
|
|
checksum node["kosmos_kvm"]["host"]["qemu_base_image"]["checksum"]
|
|
owner "libvirt-qemu"
|
|
group "kvm"
|
|
mode "0640"
|
|
end
|
|
|
|
template "/usr/local/sbin/create_vm" do
|
|
source "create_vm.erb"
|
|
mode "0750"
|
|
variables base_image_path: node["kosmos_kvm"]["host"]["qemu_base_image"]["path"]
|
|
end
|
|
|
|
firewall_rule 'ssh-alt-port' do
|
|
port [2222]
|
|
protocol :tcp
|
|
command :allow
|
|
end
|
|
|
|
%w{
|
|
10.0.0.0/8
|
|
172.16.0.0/12
|
|
192.168.0.0/16
|
|
100.64.0.0/10
|
|
}.each do |ip|
|
|
firewall_rule "unauthorized-private-network-#{ip}" do
|
|
interface "enp35s0"
|
|
destination ip
|
|
direction :out
|
|
protocol :none
|
|
command :deny
|
|
end
|
|
end
|