#!/usr/bin/env bash
set -euC
################################################################################
## Constants
## FIXME: There seems to be a problem with file upload where the task is
## registered to `node051` no matter what node we are actually uploading to? For
## now, let us just use `node051` everywhere.
readonly node=node051
readonly tmpdir=/tmp/proxmox-provision-$RANDOM
mkdir $tmpdir
################################################################################
## Parse arguments
api_url=
username=
password=
vm_names=
debug=false
help () {
cat <<EOF
Usage: $0 [OPTION...] NAME [NAME...]
NAME is a string identifying the VM in the flake. This script will look for a
'vmOptions.<NAME>' and 'nixosConfigurations.<NAME>' to get the informations that
it needs.
Options:
--api-url STR Base URL of the Proxmox API (required)
--username STR Username, with provider (eg. niols@pve; required)
--password STR Password (required)
--debug Run this script in debug mode (default: $debug)
-h|-?|--help Show this help and exit
Options can also be provided by adding assignments to a '.proxmox' file in the
current working directory. For instance, it could contain:
api_url=https://192.168.51.81:8006/api2/json
username=mireille@pve
debug=true
Command line options take precedence over options found in the '.proxmox' file.
EOF
}
# shellcheck disable=SC2059
die () { printf '\033[31m'; printf "$@"; printf '\033[0m\n'; exit 2; }
# shellcheck disable=SC2059
die_with_help () { printf '\033[31m'; printf "$@"; printf '\033[0m\n\n'; help; exit 2; }
# shellcheck disable=SC2059
debug () { if $debug; then printf >&2 '\033[37m'; printf >&2 "$@"; printf >&2 '\033[0m\n'; fi }
if [ -f .proxmox ]; then
# shellcheck disable=SC1091
. "$PWD"/.proxmox
fi
while [ $# -gt 0 ]; do
argument=$1
shift
case $argument in
--api-url|--api_url) readonly api_url="$1"; shift ;;
--username) readonly username="$1"; shift ;;
--password) readonly password="$1"; shift ;;
--debug) debug=true ;;
-h|-\?|--help) help; exit 0 ;;
-*) die_with_help "Unknown argument: '%s'." "$argument" ;;
*) vm_names="$vm_names $argument" ;;
esac
done
if [ -z "$vm_names" ]; then
die_with_help "Required: at least one VM name."
fi
if [ -z "$api_url" ] || [ -z "$username" ] || [ -z "$password" ]; then
die_with_help "Required: '--api-url', '--username' and '--password'."
fi
## FIXME: When we figure out how to use other nodes than node051.
# if [ -z "$node" ]; then
# printf 'Picking random node...'
# proxmox GET "$api_url/nodes"
# node=$(from_response .data[].node | sort -R | head -n 1)
# printf " done. Picked '%s'.\n" "$node"
# fi
# readonly node
readonly debug
################################################################################
## Getting started
printf 'Authenticating...'
response=$(
http \
--verify no \
POST "$api_url/access/ticket" \
"username=$username" \
"password=$password"
)
ticket=$(echo "$response" | jq -r .data.ticket)
readonly ticket
csrf_token=$(echo "$response" | jq -r .data.CSRFPreventionToken)
readonly csrf_token
printf ' done.\n'
acquire_lock () {
until mkdir "$tmpdir/lock-$1" 2>/dev/null; do sleep 1; done
}
release_lock () {
rmdir "$tmpdir/lock-$1"
}
proxmox () {
acquire_lock proxmox
debug 'request %s' "$*"
response=$(
http \
--form \
--verify no \
--ignore-stdin \
"$@" \
"Cookie:PVEAuthCookie=$ticket" \
"CSRFPreventionToken:$csrf_token"
)
debug 'response to request %s:\n %s' "$*" "$response"
release_lock proxmox
echo "$response"
}
## Synchronous variant for when the `proxmox` function would just respond an
## UPID in the `data` JSON field.
proxmox_sync () (
response=$(proxmox "$@")
upid=$(echo "$response" | jq -r .data)
while :; do
response=$(proxmox GET "$api_url/nodes/$node/tasks/$upid/status")
status=$(echo "$response" | jq -r .data.status)
case $status in
running) sleep 1 ;;
stopped) break ;;
*) die "unexpected status: '%s'" "$status" ;;
esac
done
)
################################################################################
## Grab VM options
##
## Takes the name of the VM, grabs `.#vmOptions.<name>` and defines a bunch of
## global variables corresponding to all the options.
grab_vm_options () {
local options
vm_name=$1
printf 'Grabing VM options for VM %s...\n' "$vm_name"
options=$(
nix eval \
--impure --raw --expr "
builtins.toJSON (builtins.getFlake (builtins.toString ./.)).vmOptions.$vm_name
" \
--log-format raw --quiet
)
proxmox=$(echo "$options" | jq -r .proxmox)
vm_id=$(echo "$options" | jq -r .vmId)
description=$(echo "$options" | jq -r .description)
if [ "$proxmox" != fediversity ]; then
die "I do not know how to provision things that are not Fediversity VMs,
but I got proxmox = '%s' for VM %s." "$proxmox" "$vm_name"
fi
sockets=$(echo "$options" | jq -r .sockets)
cores=$(echo "$options" | jq -r .cores)
memory=$(echo "$options" | jq -r .memory)
disk_size=$(echo "$options" | jq -r .diskSize)
host_public_key=$(echo "$options" | jq -r .hostPublicKey)
host_private_key=$(echo "$options" | jq -r .unsafeHostPrivateKey)
if [ "$host_private_key" != null ] && [ "$host_public_key" = null ]; then
die 'I do not know what to do with a private key but no public key.'
fi
printf 'done grabing VM options for VM %s. Got:\n id: %d\n sockets: %d\n cores: %d\n memory: %d MiB\n disk size: %d GiB\n' \
"$vm_name" "$vm_id" "$sockets" "$cores" "$memory" "$disk_size"
}
################################################################################
## Build ISO
build_iso () {
local nix_host_keys
acquire_lock build
printf 'Building ISO for VM %s...\n' "$vm_name"
if [ "$host_private_key" != null ]; then
echo "$host_public_key" > "$tmpdir"/"$vm_name"_host_key.pub
echo "$host_private_key" > "$tmpdir"/"$vm_name"_host_key
nix_host_keys="
hostKeys.ed25519 = {
public = $tmpdir/${vm_name}_host_key.pub;
private = $tmpdir/${vm_name}_host_key;
};
"
else
nix_host_keys=
fi
nix build \
--impure --expr "
let flake = builtins.getFlake (builtins.toString ./.); in
flake.lib.makeInstallerIso {
nixosConfiguration = flake.nixosConfigurations.$vm_name;
nixpkgs = flake.inputs.nixpkgs;
$nix_host_keys
}
" \
--log-format raw --quiet \
--out-link "$tmpdir/installer-$vm_name"
# shellcheck disable=SC2181
if [ $? -ne 0 ]; then
die 'Something went wrong when building ISO for VM %s.
Check the Nix logs and fix things. Possibly there just is no NixOS configuration by that name?' \
"$vm_name"
fi
ln -sf "$tmpdir/installer-$vm_name/iso/installer.iso" "$tmpdir/installer-$vm_name.iso"
printf 'done building ISO for VM %s.\n' "$vm_name"
release_lock build
}
################################################################################
## Upload ISO
upload_iso () {
acquire_lock upload
printf 'Uploading ISO for VM %s...\n' "$vm_name"
proxmox_sync POST "$api_url/nodes/$node/storage/local/upload" \
"filename@$tmpdir/installer-$vm_name.iso" \
content==iso
printf 'done uploading ISO for VM %s.\n' "$vm_name"
release_lock upload
}
################################################################################
## Remove ISO
remove_iso () {
printf 'Removing ISO for VM %s...\n' "$vm_name"
proxmox_sync DELETE "$api_url/nodes/$node/storage/local/content/local:iso/installer-$vm_name.iso"
printf 'done removing ISO for VM %s.\n' "$vm_name"
}
################################################################################
## Create VM
create_vm () {
printf 'Creating VM %s...\n' "$vm_name"
proxmox_sync POST "$api_url/nodes/$node/qemu" \
\
vmid=="$vm_id" \
name=="$vm_name" \
pool==Fediversity \
description=="$description" \
\
ide2=="local:iso/installer-$vm_name.iso,media=cdrom" \
ostype==l26 \
\
bios==ovmf \
efidisk0=='linstor_storage:1,efitype=4m' \
agent==1 \
\
scsihw==virtio-scsi-single \
scsi0=="linstor_storage:$disk_size,discard=on,ssd=on,iothread=on" \
\
sockets=="$sockets" \
cores=="$cores" \
cpu==x86-64-v2-AES \
numa==1 \
\
memory=="$memory" \
\
net0=='virtio,bridge=vnet1306'
printf 'done creating VM %s.\n' "$vm_name"
}
################################################################################
## Install VM
install_vm () (
printf 'Installing VM %s...\n' "$vm_name"
proxmox_sync POST "$api_url/nodes/$node/qemu/$vm_id/status/start"
while :; do
response=$(proxmox GET "$api_url/nodes/$node/qemu/$vm_id/status/current")
status=$(echo "$response" | jq -r .data.status)
case $status in
running) sleep 1 ;;
stopped) break ;;
*) die " unexpected status: '%s'\n" "$status" ;;
esac
done
printf 'done installing VM %s.\n' "$vm_name"
)
################################################################################
## Start VM
start_vm () {
printf 'Starting VM %s...\n' "$vm_name"
proxmox_sync POST "$api_url/nodes/$node/qemu/$vm_id/config" \
ide2=='none,media=cdrom' \
net0=='virtio,bridge=vnet1305'
proxmox_sync POST "$api_url/nodes/$node/qemu/$vm_id/status/start"
printf 'done starting VM %s.\n' "$vm_name"
}
################################################################################
## Main loop
printf 'Provisioning VMs%s...\n' "$vm_names"
provision_vm () (
## Grab VM options and put them in global variables. NOTE: Mind the fact that
## we now run in a sub-shell, allowing us to define global variables without
## clashing with concurrent executions of `provision_vm`.
grab_vm_options "$1"
build_iso
upload_iso
create_vm
install_vm
start_vm
remove_iso
)
for vm_name in $vm_names; do
provision_vm "$vm_name" &
done
nb_errors=0
while :; do
wait -n && :
case $? in
0) ;;
127) break ;;
*) nb_errors=$((nb_errors + 1)) ;;
esac
done
if [ "$nb_errors" != 0 ]; then
die 'encountered %d errors while provisioning VMs%s.' "$nb_errors" "$vm_names"
fi
printf 'done provisioning VMs%s.\n' "$vm_names"
################################################################################
## Cleanup
rm -Rf $tmpdir
exit 0