Linux. Running QEMU with (or without) ISO image and connecting block devices (HDD/SSD) of the host machine.
Feel free to share your feedback and report issues. Contributions are welcome.
Many Datacenters and Hosters have removed the OS installation from their media (ISO image).
And, most generally offer very little choice - Debian, Ubuntu, CentOS and nothing else.
This role will allow you to run the QEMU program with the Rescue server mode.
QEMU allows us to emulate a virtual machine, to which we will connect the ISO image as a CD-ROM and connecting block devices (HDD/SSD) of the host machine.
The role uses QEMU of two types - from the package base of the system and universal binary for Linux with statically compiled libraries.
The ISO image can be used as your favorite OS install disk, diagnostic disk, or other live operating system (Live-CD)
Sources for obtaining ISO image and QEMU universal binary - local system running Ansible, Rescue server mode itself and ftp/http(s).
There is no Internet inside the system running inside QEMU yet, but we will fix this in the next release.
To increase security for access to the system in QEMU, you can specify a whitelist of IP/networks through the iptables
firewall.
Linux system Debian or CentOS.
Installed packages on target hosts:
- python3
- python3-apt
Installed packages on the control node (Ansible):
- rsync
- sshpass
If you use password login to target hosts viassh
See the defaults/main.yml
and examples in vars:
lisoq_qemu_enable: false
Do I need to use and run QEMU. Without this option, the role can download the ISO image and configure the firewall.
lisoq_qemu_static_custom_enable: false
The option is responsible for using (or not) universal binary for Linux with statically compiled libraries.
If this variable is selected, then the other variable lisoq_qemu_install
will be disabled by the role itself.
lisoq_qemu_static_custom_local: ''
The local path on the Ansible host to the statically compiled QEMU archive(tar.gz).
lisoq_qemu_static_custom_url: 'https://support.org.ua/Soft/vKVM/orig/vkvm.tar.gz'
URL location with the statically compiled QEMU archive(tar.gz).
lisoq_qemu_static_custom_relative_dir: '/share/qemu/'
Relative path inside the statically compiled QEMU archive to auxiliary files (BIOS, keyboard layout etc).
lisoq_qemu_static_custom_uefi_url: 'https://support.org.ua/Soft/vKVM/orig/uefi.tar.gz'
Auxiliary UEFI BIOS archive URL to support block devices larger than 2 TiB.
lisoq_qemu_args_port_ssh: '1022'
External port for ssh forwarding to QEMU internal port 22
.
lisoq_qemu_args_port_rdp: '3389'
External port for RDP forwarding to internal QEMU port 3389
lisoq_qemu_args_port_vnc: '5901'
External port for forwarding VNC to internal QEMU port 5901
lisoq_qemu_vnc_type: 'local'
The variable controls how QEMU will "listen" for VNC connections.
The value of the local
variable is to listen only on localhost
.
The value of the share
variable is to listen on all IPs.
lisoq_qemu_install: false
Install QEMU from the package repository.
lisoq_qemu_ram: '1024'
How much RAM (in MiB) can you use inside QEMU.
lisoq_qemu_cpu: ''
How much CPU core can you use inside QEMU. By default ''
and role allocates all CPU cores for QEMU use.
lisoq_qemu_disk: ''
List of block disk devices to connect to QEMU. By default, the role mounts all found block devices from the host machine. You can specify your own list of block devices:
lisoq_qemu_disk:
- 'sda'
- 'sdb'
lisoq_qemu_exclude_disk:
- 'fd0'
- 'sr0'
List of block disk devices to be excluded from the lisoq_qemu_disk
list. The exclusion list usually contains FDD and CD-ROM devices.
You can override the variable yourself and add your own block devices to the exclusion list.
lisoq_qemu_exclude_disk_regular_list:
- 'fd'
- 'sr'
- 'dm-'
- 'loop'
A list of block devices without a numeric suffix to be excluded from the list for intra-OS connection in QEMU.
Based on the lisoq_qemu_exclude_disk_regular_list
variable inside the role, a regular expression will be generated.
lisoq_qemu_boot_cd: true
Whether to boot QEMU from CD-ROM (from our downloaded ISO image file lisoq_iso_file_...
).
If this parameter is set to false
, then QEMU will try to boot from the first block device specified.
lisoq_qemu_boot_once_cd: true
Whether to download once from CD-ROM (from our downloaded ISO image file lisoq_iso_file_...
).
Inside QEMU, you can choose to reboot
the virtual machine and then the system will try to boot from the HDDs, not from the CD-ROM.
To use service CDs where there is a large set of applications, and the need to reboot the virtual machine frequently, set the value to false
.
lisoq_iso_file_local: ''
Full path to the ISO image file on the host machine from which the Ansible role is run. There is support for symlinks and share partitions mounted on the host machine file system.
lisoq_iso_file_remote: ''
ISO image file location path on a remote host.
lisoq_iso_file_url: 'https://mfsbsd.vx.sk/files/iso/12/amd64/mfsbsd-12.2-RELEASE-amd64.iso'
URL location with ISO image file.
lisoq_iso_file_ssh_port: '22'
Sshd port that accepts connections inside ISO image.
lisoq_ramdisk_enable: false
Use (and create) RAM-disk partitions on the target system (before running QEMU).
lisoq_ramdisk_path: '/mnt'
The preferred path for the RAM-disk partition.
lisoq_ramdisk_another_path: '/tmp'
The alternative path for a RAM-disk partition if it is already in use internally. Subsequently, we will expand it to the desired size.
lisoq_ramdisk_size: '250'
The size of the RAM-disk partition in MiB (mebibytes).
lisoq_total_need_ram: '' # (lisoq_ramdisk_size + lisoq_qemu_ram) or min 250MiB - autodetect
The minimum amount of RAM on the target system in MiB (mebibytes). The sum of two components - lisoq_ramdisk_size
and lisoq_qemu_ram
.
lisoq_ramdisk_package_enable: false
Create a RAM disk to store packages on the system in directory /var/cache/yum
or /var/cache/apt
. Not all LiveCD systems have extra 200-400 MB to store the package base, that's why we use RAM-disk.
lisoq_ramdisk_package_size: '' # in MiB (mebibyte) - autodetect
The amount of MB of RAM that we can allocate for the correct installation of packages on the system. Empirically, it was found that you need a minimum of 300 MB. Afterwards, we can clean up this directory.
lisoq_ramdisk_package_purge: false
Clean up the packages directory. Use this option very carefully if you have to install additional packages to the system after completing the role.
lisoq_firewall_acl_enable: false
Allow ACLs to whitelist IP's/net's and some listening ports (for example, {{ lisoq_qemu_args_port_ssh }}
and {{ lisoq_qemu_args_port_vnc }}
). Connections from other IPs to these ports are dropped. Whitelists are separate for IPv4 and IPv6 networks.
lisoq_firewall_acl_ipv4_white:
- '127.0.0.0/8'
Default white list for IPv4 networks.
lisoq_firewall_acl_ipv6_white:
- '::1/128'
Default white list for IPv6 networks.
lisoq_qemu_args: '
-net nic
-rtc base=localtime
-M pc
-vga std
-daemonize
'
List of required command line arguments to run QEMU.
- Install the role
shell> ansible-galaxy role install click0.linux_run_iso_in_qemu
- Look variables, e.g. in
defaults/main.yml
You can override them in the playbook and inventory.
- hosts: rescue_servers
vars_files:
- vars/main.yml
roles:
- click0.linux_run_iso_in_qemu
Inside vars/main.yml
:
lisoq_qemu_enable: true
lisoq_qemu_static_custom_enable: true
lisoq_iso_file_url: 'https://mfsbsd.vx.sk/files/iso/12/amd64/mfsbsd-12.2-RELEASE-amd64.iso'
lisoq_qemu_vnc_type: 'share'
lisoq_qemu_boot_once_cd: false
lisoq_qemu_ram: '650'
lisoq_ramdisk_package_enable: false
lisoq_ramdisk_package_purge: false
lisoq_firewall_acl_ipv4_white:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '192.168.0.0/16'
lisoq_firewall_acl_ipv6_white: []
lisoq_firewall_acl_enable: true
- hosts: rescue_servers
vars_files:
- vars/main.yml
roles:
- click0.linux_run_iso_in_qemu
Inside vars/main.yml
:
lisoq_qemu_enable: true
lisoq_qemu_install: true
lisoq_qemu_ram: '1000'
lisoq_qemu_cpu: '2'
lisoq_iso_file_local: '../../files/ISO images/WinPE10_8_Strelec_2022.01.04.iso'
lisoq_qemu_vnc_type: 'share'
lisoq_ramdisk_enable: true
lisoq_ramdisk_size: '4100'
lisoq_firewall_acl_ipv4_white:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '192.168.0.0/16'
lisoq_firewall_acl_enable: true
- Test on a Linux LiveCD based:
- Debian
- Rocky Linux
- Alpine
- ArchLinux
- OpenWRT
- Set up Internet access inside QEMU
- Freshly installed on HDD a Debian "bullseye" 11
- On running from LiveCD Centos 7
None.
BSD 3-Clause
- Vladislav V. Prodan
<github.com/click0>
Contributions, issues and feature requests are welcome!
Feel free to check issues page.
Give a ⭐ if this project helped you!