写在前面
事情的起因是我想在 MacOS(arm)上使用 qemu虚拟化一个 Fedora 镜像, 我下载了 cloud 的 qcow2 版本, 但是用户名和密码一直找不到, 后来看论坛说用户名是 fedora 而密码是没有, 是通过 cloud-init 构建的镜像…
又是未知领域, 开始 hack!
环境:
Mac m1 with brew qemu
cloud-init 官方 demo
首先当然是跑一下 cloud-init 官方的例子, 如下:
Core tutorial with QEMU - cloud-init 23.3.3 documentation;
qemu-system-x86_64 \-net nic \-net user \-machine accel=kvm:tcg \-cpu host \-m 512 \-nographic \-hda jammy-server-cloudimg-amd64.img \-smbios type=1,serial=ds='nocloud;s=http://10.0.2.2:8000/'
不得不说这个官方 demo 写的还是差点, 密码设置的配置出了问题(感觉可能是版本导致的), 折腾了半天才搞定, 还得多查日志啊…
首先需要下载镜像:
wget https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img
默认是 22.04 的Cloud 版镜像
第一种方法
但是直接登录 还是登不上去, 后来看文档发现需要把原始数据即 meta-data, user-data, vendor-data三个文件导入到镜像中, 并且是同级目录下:
==> cat user-data
#cloud-config
password: passw0rd
chpasswd: { expire: False }
ssh_pwauth: True
ssh_pwauth: (boolean/string) Sets whether or not to accept password authentication.
truewill enable password auth.falsewill disable. Default is to leave the value unchanged. In order for this config to be applied, SSH may need to be restarted. On systemd systems, this restart will only happen if the SSH service has already been started. On non-systemd systems, a restart will be attempted regardless of the service state…Changed in version 22.3. Use of non-boolean values for this field is deprecated.
chpasswd: (object)
expire: (boolean) Whether to expire all user passwords such that a password will need to be reset on the user’s next login. Default:
trueusers: (array of object) This key represents a list of existing users to set passwords for. Each item under users contains the following required keys:
nameandpasswordor in the case of a randomly generated password,nameandtype. Thetypekey has a default value ofhash, and may alternatively be set totextorRANDOM.list: (string/array) List of
username:passwordpairs. Each user will have the corresponding password set. A password can be randomly generated by specifyingRANDOMorRas a user’s password. A hashed password, created by a tool likemkpasswd, can be specified. A regex (r'\$(1|2a|2y|5|6)(\$.+){2}') is used to determine if a password value should be treated as a hash.Deprecated in version 22.2. Use
usersinstead.password: (string) Set the default user’s password. Ignored if
chpasswdlistis used上面的默认配置总结就是, 开启了 ssh 密码鉴权, 不需要每次都设置新密码(密码永不失效, 也就意味着第一次登录镜像之后后续都采用这个密码), 密码需要是 8 位(试出来的, 文档没写)
还有:
==> cat meta-data
instance-id: iid-local01
local-hostname: cloudimg
这部分主要就是设置主机名, 没什么要说的, 实例 id 看起来不会在后面用到.
最后是:
touch vendor-data
没啥luan用
然后新开一个终端窗口, 执行 Python 的 Webserver: (这一步主要是为了让 cloud-init 镜像能够读取到配置)
python3 -m http.server --directory .
默认开启的端口是 8000, 即得开一下防火墙对应端口
然后才能执行:
qemu-system-x86_64 \-net nic \-net user \-machine accel=tcg \-cpu qemu64 \-m 512 \-nographic \-hda jammy-server-cloudimg-amd64.img \-smbios type=1,serial=ds='nocloud;s=http://10.0.2.2:8000/' \-nic user,hostfwd=tcp::60022-:22
略作改动,
- 我的机器不支持 x86_64, 所以没法用 Linux 的 kvm 加速(当然主要是 Mac 的缘故)
- cpu 采用 qemu64, 道理同上
- 最后防止登不上, 可以用 ssh + 端口映射
命令执行中会出现一些日志信息, 可以重定向然后便于之后 Debug.
此时 Python 的 server 那边就显示数据被读取了:
::ffff:127.0.0.1 - - [10/Nov/2023 16:09:44] "GET /meta-data HTTP/1.1" 200 - ::ffff:127.0.0.1 - - [10/Nov/2023 16:09:44] "GET /user-data HTTP/1.1" 200 - ::ffff:127.0.0.1 - - [10/Nov/2023 16:09:44] "GET /vendor-data HTTP/1.1" 200 -开机时候的日志也显示读取了外部数据源:
[ 106.358323] cloud-init[830]: Cloud-init v. 23.3.1-0ubuntu1~22.04.1 finished at Fri, 10 Nov 2023 08:11:01 +0000. Datasource DataSourceNoCloudNet [seed=dmi,http://10.0.2.2:8000/]
搞定这些其实就可以连接了, 可以通过 ssh:
ssh ubuntu@localhost -p 60022
如果遇到了登不上的情况, 提示:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:xxx. Please contact your system administrator. Add correct host key in /Users/xxx/.ssh/known_hosts to get rid of this message.可能是之前的 虚拟机登录条目写入了
~/.ssh/known_hosts, 这时候需要手动清理一下, 删除 localhost 相关的条目.
或者直接在命令行界面登录, 输入用户名和密码:
ubuntu #镜像默认的用户名
passw0rd # 刚才设置的密码
我比较推荐的还是直接ssh 登录, 毕竟都是终端操作.
第二种方法
可以将上面提到的三个配置导入 iso 镜像文件, 然后通过 qemu 的-cdrom选项导入, 用这种方法读取密码信息, 那么参考一下别人在 MacOS 下打包 iso 的方式, 可以用
mkisofs -output cidata.iso -volid cidata -joliet -rock user-data meta-data
然后:
qemu-system-x86_64 \-net nic \-net user \-machine accel=tcg \-cpu qemu64 \-m 512 \-nographic \-hda jammy-server-cloudimg-amd64.img \-cdrom cidata.iso
一个坑
我比较喜欢短一些的密码, 因为都是在本机测试, 不会担心密码安全问题, 但是这却导致了一个坑:
[ 26.496289] cloud-init[513]: 2023-11-10 08:03:24,758 - schema.py[WARNING]: Invalid cloud-config provided: Please run 'sudo cloud-init schema --system' to see the schema errors.
设置了四位数字的密码, 提示配置出错了…
应该老老实实用官方 demo 推荐的8 位密码, 最好包含字母和数字…
例如:
passw0rd
真的离谱, 不过后来测试不加数字也行, 但是不能是纯数字
退出 qemu 命令行
如果不想用sudo poweroff, 还可以用快捷键:
通过C-a x完成.
关于 multipass
本来以为 multipass 使用了 Ubuntu 的特制虚拟化方法, 结果底层调用的竟然还是 qemu 引擎, 那么这个程序其实就是基于 qemu 的一层封装了.
==> multipass find
Image Aliases Version Description
20.04 focal 20231011 Ubuntu 20.04 LTS
22.04 jammy,lts 20231026 Ubuntu 22.04 LTS
23.04 lunar 20231025 Ubuntu 23.04Blueprint Aliases Version Description
anbox-cloud-appliance latest Anbox Cloud Appliance
charm-dev latest A development and testing environment for charmers
docker 0.4 A Docker environment with Portainer and related tools
jellyfin latest Jellyfin is a Free Software Media System that puts you in control of managing and streaming your media.
minikube latest minikube is local Kubernetes
ros-noetic 0.1 A development and testing environment for ROS Noetic.
ros2-humble 0.1 A development and testing environment for ROS 2 Humble.
hack 一下 multipass
首先找到 iso 配置, 然后挂载(通过 sudo):
sudo hdiutil mount "/var/root/Library/Application Support/multipassd/qemu/vault/instances/vm1/cloud-init-config.iso"
# 取消挂载
sudo hdiutil unmount /dev/disk5# "/dev/disk5" unmounted successfully.
配置文件
meta-data
#cloud-config
instance-id: vm1
local-hostname: vm1
cloud-name: multipass
user-data
#cloud-config
{}
vendor-data
#cloud-config
growpart:mode: autodevices: [/]ignore_growroot_disabled: false
users:- default
manage_etc_hosts: true
ssh_authorized_keys:- ssh-rsa AAAA ubuntu@localhost
timezone: Asia/Shanghai
system_info:default_user:name: ubuntu
write_files:- path: /etc/pollinate/add-user-agentcontent: "multipass/version/1.12.2+mac # written by Multipass\nmultipass/driver/qemu-8.0.0 # written by Multipass\nmultipass/host/osx-13.6 # written by Multipass\nmultipass/alias/jammy # written by Multipass\n"调用方式
/Library/Application Support/com.canonical.multipass/bin/qemu-system-aarch64 \-machine virt,gic-version=3 \-accel hvf \-drive file=/Library/Application Support/com.canonical.multipass/bin/../Resources/qemu/edk2-aarch64-code.fd,if=pflash,format=raw,readonly=on \-cpu host \-nic vmnet-shared,model=virtio-net-pci,mac=52:54:00:44:96:59 \-device virtio-scsi-pci,id=scsi0 \-drive file=/var/root/Library/Application Support/multipassd/qemu/vault/instances/vm1/ubuntu-22.04-server-cloudimg-arm64.img,if=none,format=qcow2,discard=unmap,id=hda \-device scsi-hd,drive=hda,bus=scsi0.0 \-smp 2 \-m 2048M \-qmp stdio \-chardev null,id=char0 \-serial chardev:char0 \-nographic \-cdrom /var/root/Library/Application Support/multipassd/qemu/vault/instances/vm1/cloud-init-config.iso
Fedora Cloud edition 实战
有了上面的分析, 其实就可以挖掘出 Fedora 的登录之法了.
amd64
先下个镜像
wget https://mirror.nyist.edu.cn/fedora/releases/39/Cloud/aarch64/images/Fedora-Cloud-Base-39-1.5.x86_64.qcow2
然后开整:
直接复用前面配好的 cidata.iso 文件即可:
diskfile="$HOME/code/cloudinit_test/fedora/Fedora-Cloud-Base-39-1.5.x86_64.qcow2"
qemu-system-x86_64 \-m 2G \-smp 3 \-drive file=${diskfile},if=virtio,cache=none \-nic user,hostfwd=tcp::60024-:8000,hostfwd=tcp::60022-:22 \-accel tcg \-cpu qemu64 \-machine q35 \-cdrom cidata.iso
然后连接:
ssh fedora@localhost -p 60022
#密码就是 cidata.iso 中 user-data 文件配置的密码, 这里就是 password
或者直接用户名密码登录也可以, 舒舒服服.
arm64
wget https://mirror.nyist.edu.cn/fedora/releases/39/Cloud/aarch64/images/Fedora-Cloud-Base-39-1.5.aarch64.qcow2
这里有点奇怪, Fedora 的 cloud版进不去, 感觉是 MacOS 硬件适配的问题, 下次再试吧.
diskfile="$HOME/code/cloudinit_test/fedora/Fedora-Cloud-Base-39-1.5.aarch64.qcow2"qemu-system-aarch64 \-m 2G \-smp 3 \-drive file=${diskfile},if=virtio,cache=none \-nic user,hostfwd=tcp::60024-:8000,hostfwd=tcp::60022-:22 \-accel hvf \-cpu host \-machine virt \-cdrom cidata.iso
)
