jv
/
my-homelab-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add stopped OpenWrt VM command
Homelab Main / deploy (push) Successful in 1m20s Details

This commit is contained in:
juvdiaz 2026-05-28 09:35:29 -06:00
parent 912ccc14f6
commit 072bcfdbc8
3 changed files with 47 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -116,12 +116,14 @@ pipeline keeps the template current and leaves VMID `9010` alone. Set
slot, or set `LAB_PIMOX_WORKER_COUNT=2` to manage the second slot while still slot, or set `LAB_PIMOX_WORKER_COUNT=2` to manage the second slot while still
skipping the first. skipping the first.
OpenWrt firewall VM automation is opt-in because it attaches to both WAN and OpenWrt firewall VM automation is available as a standalone command because it
LAN bridges. Set `LAB_OPENWRT_VM=true` after `vmbr1` already exists on the attaches to both WAN and LAN bridges. Run `./lab.sh openwrt` after `vmbr1`
Orange Pi. The pipeline downloads the OpenWrt ARM SystemReady EFI image, writes already exists on the Orange Pi. The pipeline downloads the OpenWrt ARM
basic WAN/LAN/firewall config into the image, imports it as VM `9050`, attaches SystemReady EFI image, writes basic WAN/LAN/firewall config into the image,
`vmbr0` as WAN and `vmbr1` as LAN, and stores the VM disk on `nvme_thin_pool`. imports it as VM `9100`, attaches `vmbr0` as WAN and `vmbr1` as LAN, and stores
It does not use the Debian Kubernetes golden-node template for OpenWrt. the VM disk on `nvme_thin_pool`. It leaves the VM stopped and not enabled for
host boot by default. It does not use the Debian Kubernetes golden-node template
for OpenWrt.
The website and demos images default to `linux/arm64` because both deployments The website and demos images default to `linux/arm64` because both deployments
are pinned to the Raspberry Pi worker. Override with `WEBSITE_IMAGE_PLATFORMS` are pinned to the Raspberry Pi worker. Override with `WEBSITE_IMAGE_PLATFORMS`

18
bootstrap/provisioning/README.md
View File

@ -135,35 +135,39 @@ OpenWrt is not built from the Debian golden-node template. The Kubernetes
template remains Debian-only; OpenWrt uses the upstream ARM SystemReady template remains Debian-only; OpenWrt uses the upstream ARM SystemReady
`armsr/armv8` combined EFI image instead. `armsr/armv8` combined EFI image instead.
The OpenWrt path is disabled by default. Enable it only after `vmbr1` exists on The OpenWrt path is separate from the Kubernetes worker template. Run it only
the Pimox host and the second NIC/LAN side is safe to use: after `vmbr1` exists on the Pimox host and the second NIC/LAN side is safe to
use:
```bash ```bash
LAB_OPENWRT_VM=true ./lab.sh up ./lab.sh openwrt
``` ```
Defaults: Defaults:
- VMID `9050` - VMID `9100`
- VM name `openwrt-firewall` - VM name `openwrt-firewall`
- disk storage `nvme_thin_pool` - disk storage `nvme_thin_pool`
- WAN bridge `vmbr0` - WAN bridge `vmbr0`
- LAN bridge `vmbr1` - LAN bridge `vmbr1`
- LAN address `192.168.50.1/24` - LAN address `192.168.50.1/24`
- LAN DHCP disabled by default - LAN DHCP disabled by default
- VM start disabled by default
- VM onboot disabled by default
- OpenWrt version `24.10.6` - OpenWrt version `24.10.6`
Useful overrides: Useful overrides:
```bash ```bash
LAB_OPENWRT_VMID=9050 LAB_OPENWRT_VMID=9100
LAB_OPENWRT_STORAGE=nvme_thin_pool LAB_OPENWRT_STORAGE=nvme_thin_pool
LAB_OPENWRT_WAN_BRIDGE=vmbr0 LAB_OPENWRT_WAN_BRIDGE=vmbr0
LAB_OPENWRT_LAN_BRIDGE=vmbr1 LAB_OPENWRT_LAN_BRIDGE=vmbr1
LAB_OPENWRT_LAN_IP=192.168.50.1 LAB_OPENWRT_LAN_IP=192.168.50.1
LAB_OPENWRT_LAN_NETMASK=255.255.255.0 LAB_OPENWRT_LAN_NETMASK=255.255.255.0
LAB_OPENWRT_LAN_DHCP_ENABLED=true LAB_OPENWRT_LAN_DHCP_ENABLED=false
LAB_OPENWRT_START=true LAB_OPENWRT_START=false
LAB_OPENWRT_ONBOOT=false
LAB_OPENWRT_VERSION=24.10.6 LAB_OPENWRT_VERSION=24.10.6
LAB_OPENWRT_IMAGE_URL=https://downloads.openwrt.org/releases/24.10.6/targets/armsr/armv8/openwrt-24.10.6-armsr-armv8-generic-ext4-combined-efi.img.gz LAB_OPENWRT_IMAGE_URL=https://downloads.openwrt.org/releases/24.10.6/targets/armsr/armv8/openwrt-24.10.6-armsr-armv8-generic-ext4-combined-efi.img.gz
``` ```

33
lab.sh
View File

@ -844,7 +844,7 @@ run_openwrt_pipeline() {
local pimox_user="${LAB_PIMOX_USER:-${TF_VAR_pimox_user:-jv}}" local pimox_user="${LAB_PIMOX_USER:-${TF_VAR_pimox_user:-jv}}"
local pimox_key="${LAB_PIMOX_SSH_KEY_PATH:-${TF_VAR_pimox_ssh_key_path:-/home/jv/.ssh/id_ed25519}}" local pimox_key="${LAB_PIMOX_SSH_KEY_PATH:-${TF_VAR_pimox_ssh_key_path:-/home/jv/.ssh/id_ed25519}}"
local qm_bin="${LAB_PIMOX_QM_BIN:-${TF_VAR_pimox_qm_bin:-/usr/sbin/qm}}" local qm_bin="${LAB_PIMOX_QM_BIN:-${TF_VAR_pimox_qm_bin:-/usr/sbin/qm}}"
local vmid="${LAB_OPENWRT_VMID:-9050}" local vmid="${LAB_OPENWRT_VMID:-9100}"
local vm_name="${LAB_OPENWRT_NAME:-openwrt-firewall}" local vm_name="${LAB_OPENWRT_NAME:-openwrt-firewall}"
local storage="${LAB_OPENWRT_STORAGE:-nvme_thin_pool}" local storage="${LAB_OPENWRT_STORAGE:-nvme_thin_pool}"
local wan_bridge="${LAB_OPENWRT_WAN_BRIDGE:-vmbr0}" local wan_bridge="${LAB_OPENWRT_WAN_BRIDGE:-vmbr0}"
@ -856,11 +856,13 @@ run_openwrt_pipeline() {
local lan_ip="${LAB_OPENWRT_LAN_IP:-192.168.50.1}" local lan_ip="${LAB_OPENWRT_LAN_IP:-192.168.50.1}"
local lan_netmask="${LAB_OPENWRT_LAN_NETMASK:-255.255.255.0}" local lan_netmask="${LAB_OPENWRT_LAN_NETMASK:-255.255.255.0}"
local lan_dhcp_enabled="${LAB_OPENWRT_LAN_DHCP_ENABLED:-false}" local lan_dhcp_enabled="${LAB_OPENWRT_LAN_DHCP_ENABLED:-false}"
local start_vm="${LAB_OPENWRT_START:-true}" local start_vm="${LAB_OPENWRT_START:-false}"
local onboot="${LAB_OPENWRT_ONBOOT:-false}"
local root_key_path="${LAB_OPENWRT_ROOT_SSH_PUBLIC_KEY_PATH:-${pimox_key}.pub}" local root_key_path="${LAB_OPENWRT_ROOT_SSH_PUBLIC_KEY_PATH:-${pimox_key}.pub}"
local root_key_b64="" local root_key_b64=""
local lan_dhcp_ignore="1" local lan_dhcp_ignore="1"
local start_vm_flag="false" local start_vm_flag="false"
local onboot_flag="0"
if disabled_value "${mode}"; then if disabled_value "${mode}"; then
return 0 return 0
@ -896,9 +898,20 @@ run_openwrt_pipeline() {
if truthy "${lan_dhcp_enabled}"; then if truthy "${lan_dhcp_enabled}"; then
lan_dhcp_ignore="0" lan_dhcp_ignore="0"
fi fi
if ! truthy "${start_vm}" && ! disabled_value "${start_vm}"; then
echo "LAB_OPENWRT_START must be true or false." >&2
exit 1
fi
if truthy "${start_vm}"; then if truthy "${start_vm}"; then
start_vm_flag="true" start_vm_flag="true"
fi fi
if ! truthy "${onboot}" && ! disabled_value "${onboot}"; then
echo "LAB_OPENWRT_ONBOOT must be true or false." >&2
exit 1
fi
if truthy "${onboot}"; then
onboot_flag="1"
fi
if [[ -r "${root_key_path}" ]]; then if [[ -r "${root_key_path}" ]]; then
root_key_b64="$(base64 <"${root_key_path}" | tr -d '\n')" root_key_b64="$(base64 <"${root_key_path}" | tr -d '\n')"
fi fi
@ -919,6 +932,7 @@ lan_ip="${lan_ip}"
lan_netmask="${lan_netmask}" lan_netmask="${lan_netmask}"
lan_dhcp_ignore="${lan_dhcp_ignore}" lan_dhcp_ignore="${lan_dhcp_ignore}"
start_vm="${start_vm_flag}" start_vm="${start_vm_flag}"
onboot="${onboot_flag}"
root_key_b64="${root_key_b64}" root_key_b64="${root_key_b64}"
qm_cmd="${qm_bin}" qm_cmd="${qm_bin}"
@ -966,7 +980,7 @@ if sudo "\$qm_cmd" status "\$vmid" >/dev/null 2>&1; then
--net1 "virtio,bridge=\$lan_bridge" \\ --net1 "virtio,bridge=\$lan_bridge" \\
--cores "\$cores" \\ --cores "\$cores" \\
--memory "\$memory" \\ --memory "\$memory" \\
--onboot 1 --onboot "\$onboot"
if [ "\$start_vm" = "true" ] && sudo "\$qm_cmd" status "\$vmid" | grep -q 'status: stopped'; then if [ "\$start_vm" = "true" ] && sudo "\$qm_cmd" status "\$vmid" | grep -q 'status: stopped'; then
sudo "\$qm_cmd" start "\$vmid" sudo "\$qm_cmd" start "\$vmid"
fi fi
@ -1142,7 +1156,7 @@ sudo "\$qm_cmd" create "\$vmid" \\
--scsihw virtio-scsi-pci \\ --scsihw virtio-scsi-pci \\
--sockets 1 \\ --sockets 1 \\
--vga virtio \\ --vga virtio \\
--onboot 1 --onboot "\$onboot"
sudo "\$qm_cmd" set "\$vmid" --efidisk0 "\$storage:1,efitype=4m,pre-enrolled-keys=0" sudo "\$qm_cmd" set "\$vmid" --efidisk0 "\$storage:1,efitype=4m,pre-enrolled-keys=0"
sudo "\$qm_cmd" importdisk "\$vmid" "\$tmp_dir/openwrt.img" "\$storage" --format raw >/dev/null sudo "\$qm_cmd" importdisk "\$vmid" "\$tmp_dir/openwrt.img" "\$storage" --format raw >/dev/null
@ -1160,6 +1174,12 @@ fi
EOF EOF
} }
openwrt() {
require_debian_server "openwrt"
LAB_OPENWRT_VM=true run_openwrt_pipeline
}
cleanup_calico_links() { cleanup_calico_links() {
ip link show | awk -F: '/^[0-9]+: cali/ {print $2}' | cut -d@ -f1 | xargs -r -n1 sudo ip link delete 2>/dev/null || true ip link show | awk -F: '/^[0-9]+: cali/ {print $2}' | cut -d@ -f1 | xargs -r -n1 sudo ip link delete 2>/dev/null || true
sudo ip link delete vxlan.calico 2>/dev/null || true sudo ip link delete vxlan.calico 2>/dev/null || true
@ -2741,11 +2761,14 @@ case "${1:-}" in
install-gitea-runner) install-gitea-runner)
install_gitea_runner "${2:-}" install_gitea_runner "${2:-}"
;; ;;
openwrt)
openwrt
;;
nuke) nuke)
nuke nuke
;; ;;
*) *)
echo "Usage: $0 {up|rebuild-cluster|apps|deploy-gitea|bootstrap-gitea-repo|backup-gitea|drill-gitea-restore|install-gitea-runner|nuke}" echo "Usage: $0 {up|rebuild-cluster|apps|deploy-gitea|bootstrap-gitea-repo|backup-gitea|drill-gitea-restore|install-gitea-runner|openwrt|nuke}"
exit 1 exit 1
;; ;;
esac esac