From 0d80b0a47f9023c30c29d9e33876f9f4f1f2904c Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 12:02:58 +0200 Subject: [PATCH 01/17] Debug --- run/run.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/run/run.sh b/run/run.sh index 69dc254..2df11db 100755 --- a/run/run.sh +++ b/run/run.sh @@ -70,10 +70,7 @@ EXTRA_OPTS="$EXTRA_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,ad ARGS="${DEF_OPTS} ${CPU_OPTS} ${RAM_OPTS} ${MAC_OPTS} ${MON_OPTS} ${SERIAL_OPTS} ${NET_OPTS} ${DISK_OPTS} ${EXTRA_OPTS}" ARGS=$(echo "$ARGS" | sed 's/\t/ /g' | tr -s ' ') -if [ "$DEBUG" = "Y" ]; then - echo -n "qemu-system-x86_64 " - echo "${ARGS}" && echo -fi +[ "$DEBUG" = "Y" ] && echo "qemu-system-x86_64 ${ARGS}" && echo set -m ( From a8a20d4dc95ef7a063edec425c3b3d878c7250e4 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 13:51:56 +0200 Subject: [PATCH 02/17] Update readme.md --- readme.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/readme.md b/readme.md index 3d4a49c..c914288 100644 --- a/readme.md +++ b/readme.md @@ -176,10 +176,6 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti There are only three minor differences: the Virtual Machine Manager package is not provided, Surveillance Station doesn't include any free licenses, and logging in to your Synology account is not supported. -## Acknowledgments - -Based on an [article](https://jxcn.org/2022/04/vdsm-first-try/) by JXCN. - ## Disclaimer Only run this container on Synology hardware, any other use is not permitted and might not be legal. From f8292e55b8b45e9de2c3ed7fc95a4c70827ddf1d Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 14:31:53 +0200 Subject: [PATCH 03/17] OCD --- run/serial.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/serial.sh b/run/serial.sh index 13dd2c3..d0e62af 100644 --- a/run/serial.sh +++ b/run/serial.sh @@ -26,9 +26,9 @@ HOST_ARGS+=("-cpu_arch=${HOST_CPU}") [ -n "$CPU_CORES" ] && HOST_ARGS+=("-cpu=${CPU_CORES}") [ -n "$HOST_BUILD" ] && HOST_ARGS+=("-build=${HOST_BUILD}") [ -n "$HOST_SERIAL" ] && HOST_ARGS+=("-hostsn=${HOST_SERIAL}") -[ -n "$HOST_TIMESTAMP" ] && HOST_ARGS+=("-ts=${HOST_TIMESTAMP}") [ -n "$GUEST_SERIAL" ] && HOST_ARGS+=("-guestsn=${GUEST_SERIAL}") [ -n "$HOST_VERSION" ] && HOST_ARGS+=("-version=${HOST_VERSION}") +[ -n "$HOST_TIMESTAMP" ] && HOST_ARGS+=("-ts=${HOST_TIMESTAMP}") if [ "$DEBUG" = "Y" ]; then echo -n "./run/host.bin " From 732dc47d144122056940f3fab70b56ebb5f18ef8 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 17:32:26 +0200 Subject: [PATCH 04/17] Shellcheck --- .github/workflows/check.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 7a708f6..5b68df0 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -9,6 +9,10 @@ jobs: steps: - uses: actions/checkout@v3 - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master -env: - SHELLCHECK_OPTS: -x -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064 + uses: luizm/action-sh-checker@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SHELLCHECK_OPTS: -x -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064 + SHFMT_OPTS: -s + with: + sh_checker_comment: true From 94040d6da2120d050a9b97983e0d7f19eb8b59fc Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 17:39:23 +0200 Subject: [PATCH 05/17] Shellcheck --- .github/workflows/check.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 5b68df0..fe7a5e6 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -16,3 +16,5 @@ jobs: SHFMT_OPTS: -s with: sh_checker_comment: true + sh_checker_shfmt_disable: true + sh_checker_checkbashisms_enable: true From 4f6e923f22714cba203ba5b95af85931fc4e864d Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 17:41:42 +0200 Subject: [PATCH 06/17] Shellcheck --- .github/workflows/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index fe7a5e6..328018e 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -17,4 +17,4 @@ jobs: with: sh_checker_comment: true sh_checker_shfmt_disable: true - sh_checker_checkbashisms_enable: true + sh_checker_checkbashisms_enable: false From 4ea7ae62d658218a9aeac3b338d63d1579885b8c Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 17:43:52 +0200 Subject: [PATCH 07/17] Shellcheck --- .github/workflows/test.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 288e420..050d2bf 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,18 +1,10 @@ on: - push: - branches-ignore: - - master - paths: - - '**/*.sh' - - '.github/workflows/test.yml' - - '.github/workflows/check.yml' - pull_request: paths: - '**/*.sh' - '.github/workflows/test.yml' - '.github/workflows/check.yml' - + name: "Test" permissions: {} From 815dc700008a0496f10c1d18d76e071703da3aff Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 17:55:51 +0200 Subject: [PATCH 08/17] Shellcheck --- .github/workflows/check.yml | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 328018e..1f49add 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -4,17 +4,6 @@ permissions: {} jobs: shellcheck: - name: shellcheck - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Run ShellCheck - uses: luizm/action-sh-checker@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SHELLCHECK_OPTS: -x -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064 - SHFMT_OPTS: -s - with: - sh_checker_comment: true - sh_checker_shfmt_disable: true - sh_checker_checkbashisms_enable: false + uses: ludeeus/action-shellcheck@master +env: + SHELLCHECK_OPTS: -x -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064 From e28b9c8fb40212963bf74753e75ffab07b34babe Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 17:57:32 +0200 Subject: [PATCH 09/17] Shellcheck --- .github/workflows/check.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 1f49add..f8cbf7c 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -4,6 +4,9 @@ permissions: {} jobs: shellcheck: - uses: ludeeus/action-shellcheck@master -env: - SHELLCHECK_OPTS: -x -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064 + name: shellcheck + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Run ShellCheck + uses: ludeeus/action-shellcheck@master From f6111227cecadb701966f4105408b4c09f0ad6ef Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 17:59:14 +0200 Subject: [PATCH 10/17] Shellcheck --- .github/workflows/check.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index f8cbf7c..0c9165c 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -10,3 +10,5 @@ jobs: - uses: actions/checkout@v3 - name: Run ShellCheck uses: ludeeus/action-shellcheck@master +env: + SHELLCHECK_OPTS: -x -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064 From a6e53bae4b100f4ae59422b1568e62717c7c8e56 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 18:59:26 +0200 Subject: [PATCH 11/17] Info --- run/network.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/run/network.sh b/run/network.sh index 15aab5b..a39d185 100644 --- a/run/network.sh +++ b/run/network.sh @@ -35,7 +35,7 @@ configureDHCP() { ip route add "${NETWORK}" dev "${VM_NET_VLAN}" metric 0 ip route add default via "${GATEWAY}" - echo "Info: Acquiring an IP address via DHCP using MAC address ${VM_NET_MAC}..." + echo "INFO: Acquiring an IP address via DHCP using MAC address ${VM_NET_MAC}..." ip l add link "${VM_NET_DEV}" name "${VM_NET_TAP}" address "${VM_NET_MAC}" type macvtap mode bridge || true ip l set "${VM_NET_TAP}" up @@ -46,7 +46,7 @@ configureDHCP() { DHCP_IP=$(dhclient -v "${VM_NET_TAP}" 2>&1 | grep ^bound | cut -d' ' -f3) if [[ "${DHCP_IP}" == [0-9.]* ]]; then - echo "Info: Successfully acquired IP ${DHCP_IP} from the DHCP server..." + echo "INFO: Successfully acquired IP ${DHCP_IP} from the DHCP server..." else echo "ERROR: Cannot acquire an IP address from the DHCP server" && exit 16 fi @@ -187,7 +187,7 @@ GATEWAY=$(ip r | grep default | awk '{print $3}') if [ "$DEBUG" = "Y" ]; then IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) - echo "Info: Container IP is ${IP} with gateway ${GATEWAY}" && echo + echo "INFO: Container IP is ${IP} with gateway ${GATEWAY}" && echo ifconfig ip route && echo From a2f33378cdaa3e55e20a357789c5e6743dff598d Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 19:20:02 +0200 Subject: [PATCH 12/17] Check NET_ADMIN flag --- run/network.sh | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/run/network.sh b/run/network.sh index a39d185..2acfd7f 100644 --- a/run/network.sh +++ b/run/network.sh @@ -25,7 +25,7 @@ configureDHCP() { NETWORK=$(ip -o route | grep "${VM_NET_DEV}" | grep -v default | awk '{print $1}') IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) - ip l add link "${VM_NET_DEV}" "${VM_NET_VLAN}" type macvlan mode bridge + ip link add link "${VM_NET_DEV}" "${VM_NET_VLAN}" type macvlan mode bridge ip address add "${IP}" dev "${VM_NET_VLAN}" ip link set dev "${VM_NET_VLAN}" up @@ -37,8 +37,8 @@ configureDHCP() { echo "INFO: Acquiring an IP address via DHCP using MAC address ${VM_NET_MAC}..." - ip l add link "${VM_NET_DEV}" name "${VM_NET_TAP}" address "${VM_NET_MAC}" type macvtap mode bridge || true - ip l set "${VM_NET_TAP}" up + ip link add link "${VM_NET_DEV}" name "${VM_NET_TAP}" address "${VM_NET_MAC}" type macvtap mode bridge || true + ip link set "${VM_NET_TAP}" up ip a flush "${VM_NET_DEV}" ip a flush "${VM_NET_TAP}" @@ -51,7 +51,7 @@ configureDHCP() { echo "ERROR: Cannot acquire an IP address from the DHCP server" && exit 16 fi - ip a flush "${VM_NET_TAP}" + ip address flush "${VM_NET_TAP}" TAP_NR=$(>"$TAP_PATH"; then - echo -n "ERROR: Please add the following docker variables to your container: " + echo -n "ERROR: Please add the following docker settings to your container: " echo "--device=/dev/vhost-net --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 fi @@ -83,8 +83,8 @@ configureDHCP() { fi if ! exec 40>>/dev/vhost-net; then - echo -n "ERROR: VHOST can not be found. Please add the following docker " - echo "variable to your container: --device=/dev/vhost-net" && exit 22 + echo -n "ERROR: VHOST can not be found. Please add the following " + echo "docker setting to your container: --device=/dev/vhost-net" && exit 22 fi # Store IP for Docker healthcheck @@ -98,7 +98,12 @@ configureNAT () { VM_NET_IP='20.20.20.21' #Create bridge with static IP for the VM guest - ip link add dev dockerbridge type bridge + + if ! ip link add dev dockerbridge type bridge > /dev/null 2>&1 ; then + echo -n "ERROR: Capability NET_ADMIN has not been set. Please add the " + echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 23 + fi + ip addr add ${VM_NET_IP%.*}.1/24 broadcast ${VM_NET_IP%.*}.255 dev dockerbridge ip link set dockerbridge up From 539df9df64fd2bcef52b53a3de4546530d8bc09b Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 19:29:18 +0200 Subject: [PATCH 13/17] Check NET_ADMIN --- run/network.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/run/network.sh b/run/network.sh index 2acfd7f..61033ed 100644 --- a/run/network.sh +++ b/run/network.sh @@ -25,7 +25,11 @@ configureDHCP() { NETWORK=$(ip -o route | grep "${VM_NET_DEV}" | grep -v default | awk '{print $1}') IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) - ip link add link "${VM_NET_DEV}" "${VM_NET_VLAN}" type macvlan mode bridge + if ! ip link add link "${VM_NET_DEV}" "${VM_NET_VLAN}" type macvlan mode bridge > /dev/null 2>&1 ; then + echo -n "ERROR: Capability NET_ADMIN has not been set. Please add the " + echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 15 + fi + ip address add "${IP}" dev "${VM_NET_VLAN}" ip link set dev "${VM_NET_VLAN}" up @@ -72,8 +76,8 @@ configureDHCP() { fi if ! exec 30>>"$TAP_PATH"; then - echo -n "ERROR: Please add the following docker settings to your container: " - echo "--device=/dev/vhost-net --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 + echo -n "ERROR: Cannot create TAP interface. Please add the following docker settings to your " + echo "container: --device-cgroup-rule='c ${MAJOR}:* rwm' --device=/dev/vhost-net" && exit 21 fi # Create /dev/vhost-net @@ -101,7 +105,7 @@ configureNAT () { if ! ip link add dev dockerbridge type bridge > /dev/null 2>&1 ; then echo -n "ERROR: Capability NET_ADMIN has not been set. Please add the " - echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 23 + echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 23 fi ip addr add ${VM_NET_IP%.*}.1/24 broadcast ${VM_NET_IP%.*}.255 dev dockerbridge From 34ec37a00e4d2b8857b1e127477e7f504e4f2e5a Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 19:32:59 +0200 Subject: [PATCH 14/17] Check NET_ADMIN --- run/network.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/run/network.sh b/run/network.sh index 61033ed..a7e047f 100644 --- a/run/network.sh +++ b/run/network.sh @@ -41,7 +41,11 @@ configureDHCP() { echo "INFO: Acquiring an IP address via DHCP using MAC address ${VM_NET_MAC}..." - ip link add link "${VM_NET_DEV}" name "${VM_NET_TAP}" address "${VM_NET_MAC}" type macvtap mode bridge || true + if ! ip link add link "${VM_NET_DEV}" name "${VM_NET_TAP}" address "${VM_NET_MAC}" type macvtap mode bridge > /dev/null 2>&1 ; then + echo -n "ERROR: Capability NET_ADMIN has not been set. Please add the " + echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 16 + fi + ip link set "${VM_NET_TAP}" up ip a flush "${VM_NET_DEV}" @@ -52,7 +56,7 @@ configureDHCP() { if [[ "${DHCP_IP}" == [0-9.]* ]]; then echo "INFO: Successfully acquired IP ${DHCP_IP} from the DHCP server..." else - echo "ERROR: Cannot acquire an IP address from the DHCP server" && exit 16 + echo "ERROR: Cannot acquire an IP address from the DHCP server" && exit 17 fi ip address flush "${VM_NET_TAP}" From 7a3712da130b314972408041c88816a167c13d17 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 19:39:31 +0200 Subject: [PATCH 15/17] Check NET_ADMIN flag --- run/network.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index a7e047f..5cc4d4e 100644 --- a/run/network.sh +++ b/run/network.sh @@ -45,7 +45,7 @@ configureDHCP() { echo -n "ERROR: Capability NET_ADMIN has not been set. Please add the " echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 16 fi - + ip link set "${VM_NET_TAP}" up ip a flush "${VM_NET_DEV}" From e36f7a72379e3d0435864af233f42b56ba8ae6f1 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 20:06:09 +0200 Subject: [PATCH 16/17] KVM --- run/run.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/run/run.sh b/run/run.sh index 2df11db..efcbac6 100755 --- a/run/run.sh +++ b/run/run.sh @@ -44,6 +44,7 @@ fi . /run/power.sh KVM_ERR="" +KVM_OPTS="" if [ -e /dev/kvm ] && sh -c 'echo -n > /dev/kvm' &> /dev/null; then if ! grep -q -e vmx -e svm /proc/cpuinfo; then @@ -56,9 +57,10 @@ fi if [ -n "${KVM_ERR}" ]; then echo "Error: KVM acceleration not detected ${KVM_ERR}, please enable it." [ "$DEBUG" != "Y" ] && exit 88 +else + KVM_OPTS=",accel=kvm -enable-kvm -cpu host" fi -KVM_OPTS=",accel=kvm -enable-kvm -cpu host" DEF_OPTS="-nographic -nodefaults -boot strict=on -display none" RAM_OPTS=$(echo "-m ${RAM_SIZE}" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g') CPU_OPTS="-smp ${CPU_CORES},sockets=1,dies=1,cores=${CPU_CORES},threads=1" From eae1bd31e22258f2d89367b1ec1ea881116055d8 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 27 Apr 2023 20:07:28 +0200 Subject: [PATCH 17/17] KVM --- run/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/run.sh b/run/run.sh index efcbac6..8f5d346 100755 --- a/run/run.sh +++ b/run/run.sh @@ -55,7 +55,7 @@ else fi if [ -n "${KVM_ERR}" ]; then - echo "Error: KVM acceleration not detected ${KVM_ERR}, please enable it." + echo "ERROR: KVM acceleration not detected ${KVM_ERR}, please enable it." [ "$DEBUG" != "Y" ] && exit 88 else KVM_OPTS=",accel=kvm -enable-kvm -cpu host"