user-vms: refactor, add bastion backup and serve

2024-09-03 03:42:08 +01:00 · 2024-09-03 03:42:08 +01:00 · 87e07e0fb5
commit 87e07e0fb5
parent 58d0f8f803
6 changed files with 106 additions and 25 deletions
--- a/jobs/user-vms/README.md
+++ b/jobs/user-vms/README.md
@ -68,7 +68,7 @@ The VMs are configured with cloud-init. Their [docs](https://cloudinit.readthedo
          "virtio-net-pci,netdev=hn0,id=nic1,mac=52:54:84:ba:49:22", # make sure this MAC address is unique!!

          "-smbios",
-          "type=1,serial=ds=nocloud-net;s=http://136.206.16.5:8000/",
+          "type=1,serial=ds=nocloud-net;s=http://vm-resources.service.consul:8000/res/",
        ]
 ...
 ```
@ -77,7 +77,7 @@ The VMs are configured with cloud-init. Their [docs](https://cloudinit.readthedo
 Here in the args block:

 - we define that the VM will have a network device using the `virtio` driver, we pass it an `id` and a random ***unique*** MAC address
- we tell it to use `smbios` type 1 and to grab its `cloud-init` configs from `http://136.206.16.5:8000/`
+- we tell it to use `smbios` type 1 and to grab its `cloud-init` configs from `http://vm-resources.service.consul:8000/res/`

 > [!NOTE]
 > If you're running multiple VMs on the same network make sure to set different MAC addresses for each VM, otherwise you'll have a bad time.
--- a/jobs/user-vms/admin-exams.hcl
+++ b/jobs/user-vms/admin-exams.hcl
@ -12,10 +12,6 @@ job "admin-exams" {
    }

    task "ayden-vm" {
-      constraint {
-        attribute = "${attr.unique.hostname}"
-        value = "chell" # task must be scheduled on a host with the bridge device configured
-      }

      resources {
        cpu = 12000
@ -23,7 +19,7 @@ job "admin-exams" {
      }

      artifact {
-        source = "http://136.206.16.5:8000/base-images/debian-12-genericcloud-amd64-30G.qcow2"
+        source = "http://vm-resources.service.consul:8000/res/base-images/debian-12-genericcloud-amd64-30G.qcow2"
        destination = "local/ayden-vm.qcow2"
        mode = "file"
      }
@ -41,7 +37,7 @@ job "admin-exams" {
          "-device",
          "virtio-net-pci,netdev=hn0,id=nic1,mac=52:54:84:ba:49:20", # mac address must be unique or else you will regret it
          "-smbios",
-          "type=1,serial=ds=nocloud-net;s=http://136.206.16.5:8000/ayden-vm/",
+          "type=1,serial=ds=nocloud-net;s=http://vm-resources.service.consul:8000/res/ayden-vm/",
        ]
      }
    }
@ -58,10 +54,6 @@ job "admin-exams" {
    }

    task "hypnoant-vm" {
-      constraint {
-        attribute = "${attr.unique.hostname}"
-        value = "wheatley"
-      }

      resources {
        cpu = 12000
@ -69,7 +61,7 @@ job "admin-exams" {
      }

      artifact {
-        source = "http://136.206.16.5:8000/base-images/debian-12-genericcloud-amd64-30G.qcow2"
+        source = "http://vm-resources.service.consul:8000/res/base-images/debian-12-genericcloud-amd64-30G.qcow2"
        destination = "local/hypnoant-vm.qcow2"
        mode = "file"
      }
@ -87,7 +79,7 @@ job "admin-exams" {
          "-device",
          "virtio-net-pci,netdev=hn0,id=nic1,mac=52:54:84:ba:49:22",
          "-smbios",
-          "type=1,serial=ds=nocloud-net;s=http://136.206.16.5:8000/hypnoant-vm/",
+          "type=1,serial=ds=nocloud-net;s=http://vm-resources.service.consul:8000/res/hypnoant-vm/",
        ]
      }
    }
--- a/jobs/user-vms/bastion-vm-backup.hcl
+++ b/jobs/user-vms/bastion-vm-backup.hcl
@ -0,0 +1,64 @@
+job "bastion-vm-backup" {
+  datacenters = ["aperture"]
+  type        = "batch"
+
+  periodic {
+    crons            = ["0 */3 * * * *"]
+    prohibit_overlap = true
+  }
+
+  group "vm-backup" {
+
+    task "qcow-backup" {
+      driver = "raw_exec"
+
+      config {
+        command = "/bin/bash"
+        args    = ["local/script.sh"]
+      }
+
+      resources {
+        cpu    = 3000
+        memory = 1000
+      }
+
+      template {
+        data        = <<EOH
+#!/bin/bash
+
+path=/storage/backups/nomad/bastion-vm
+file=bastion-vm-$(date +%Y-%m-%d_%H-%M-%S).qcow2
+
+mkdir -p ${path}
+
+host=$(nomad job status -verbose bastion-vm | grep running | tail -n 1 | cut -d " " -f 7)
+
+alloc_id=$(nomad job status -verbose bastion-vm | grep running | tail -n 1 | cut -d " " -f 1)
+
+job_name=$(echo ${NOMAD_JOB_NAME} | cut -d "/" -f 1)
+
+echo "Backing up alloc id: ${alloc_id} on: ${host} to ${path}/${file}..."
+scp -B -i {{ key "bastion-vm/service/key" }} {{ key "bastion-vm/service/user" }}@${host}:/opt/nomad/alloc/${alloc_id}/bastion-vm/local/bastion-vm.qcow2 ${path}/${file}
+
+find ${path}/bastion-vm-* -ctime +2 -exec rm {} \; || true
+
+size=$(stat -c%s "${path}/${file}")
+
+if [ ${size} -gt 4000000000 ]; then # check if file exists and is not empty
+  echo "Updating latest symlink to ${file}..."
+  ln -sf ./${file} ${path}/bastion-vm-latest.qcow2
+  echo "Backup successful"
+  exit 0
+else
+  rm $file
+  curl -H "Content-Type: application/json" -d \
+  '{"content": "## <@&585512338728419341> `VM` backup for **'"${job_name}"'** has just **FAILED**\nFile name: `'"$file"'`\nDate: `'"$(TZ=Europe/Dublin date)"'`\nTurn off this script with `nomad job stop '"${job_name}"'` \n\n## Remember to restart this backup job when fixed!!!"}' \
+  {{ key "bastion-vm/webhook/discord" }}
+fi
+EOH
+        destination = "local/script.sh"
+      }
+    }
+  }
+}
+
--- a/jobs/user-vms/bastion-vm.hcl
+++ b/jobs/user-vms/bastion-vm.hcl
@ -12,18 +12,13 @@ job "bastion-vm" {
    }

    task "bastion-vm" {
-      constraint {
-        attribute = "${attr.unique.hostname}"
-        value = "chell"
-      }
-
      resources {
        cpu = 12000
        memory = 4096
      }

      artifact {
-        source = "http://10.10.0.5:8000/base-images/bastion-vm-latest.qcow2"
+        source = "http://vm-resources.service.consul:8000/bastion/bastion-vm-latest.qcow2"
        destination = "local/bastion-vm.qcow2"
        mode = "file"
      }
--- a/jobs/user-vms/distro-vm.hcl
+++ b/jobs/user-vms/distro-vm.hcl
@ -12,10 +12,6 @@ job "distro-vm" {
    }

    task "distro-vm" {
-      constraint {
-        attribute = "${attr.unique.hostname}"
-        value = "wheatley"
-      }

      resources {
        cpu = 12000
@ -23,7 +19,7 @@ job "distro-vm" {
      }

      artifact {
-        source = "http://136.206.16.5:8000/base-images/debian-12-genericcloud-amd64-30G.qcow2"
+        source = "http://vm-resources.service.consul:8000/res/base-images/debian-12-genericcloud-amd64-30G.qcow2"
        destination = "local/distro-vm.qcow2"
        mode = "file"
      }
--- a/jobs/user-vms/vm-resources.hcl
+++ b/jobs/user-vms/vm-resources.hcl
@ -0,0 +1,34 @@
+job "vm-resources" {
+  datacenters = ["aperture"]
+
+  type = "service"
+
+  group "vm-resources" {
+    count = 1
+
+    network {
+      port "http" {
+        static = "8000"
+        to = "80"
+      }
+    }
+
+    service {
+      name = "vm-resources"
+      port = "http"
+    }
+
+    task "resource-server" {
+      driver = "docker"
+
+      config {
+        image = "nginx"
+        ports = ["http"]
+        volumes = [
+          "/storage/nomad/vm-resources/:/usr/share/nginx/html/res",
+          "/storage/backups/nomad/bastion-vm:/usr/share/nginx/html/bastion",
+        ]
+      }
+    }
+  }
+}