2015-02-17 Devops Briefing Paper - Learning Vyatta Devops... · February,%2015% Page3%of%50% %...

Devops – Briefing Paper Part 1: Building a test and demonstration Vyatta(VyOS) environment on Virtualbox to enable devops engineers to develop Vyatta skills before configuring services on SoftLayer.

Author: EJK Twitter: @eamonnkillian Web: www.eamonnkillian.com Date: Tuesday, 17th February 2015

Contents Introduction ................................................................................................................. 3 PART ONE ................................................................................................................... 4 Preparation: Installing VirtualBox (VBox) ..................................................................... 5 Step 1: Getting VyOS .................................................................................................. 6 Step 2: Configuring your VBox ................................................................................... 7 PART TWO ................................................................................................................ 27 Step 3: Installing VyOS .............................................................................................. 28 Step 4: Changing the Root User ............................................................................... 34 Step 5: Setting Up the Hostname & Domainname ................................................... 36 Step 6: Setting Up the Interfaces .............................................................................. 38 Step 7: Enable SSH ................................................................................................... 40 Step 8: Setting Up Routes ......................................................................................... 41 Step 9: RESET - If all else is failed :-( ......................................................................... 47 Conclusion ................................................................................................................ 50

February, 2015 of 50

Introduction This purpose of this paper is to outline the steps to:

1) Build a local Virtualbox based Vyatta(VyOS) machine; 2) Customize your Vyatta (VyOS) Virtualbox machine once its up and

running; 3) To help create an environment locally where devops/sys admins can

develop the necessary skills to utilize when working with production Vyatta instances on IBM SoftLayer.

The same commands (with slight adjustments for your own network IP addresses) can be used to set up an actual Vyatta(VyOS) machine on your LAN or to configure Vyatta services on IBM SoftLayer.

To do these types of technical tasks and to follow the steps in this Devops Guide precisely you will need the following:

1) VirtualBox v4.3.20 r96996; 2) Access to the Internet; 3) An iMac (27-inch, Late 2013); 4) OS X Yosemite 10.10.2

That said, Virtualbox can be utilized on Microsoft Windows or Linux desktop machines with some slight adjustments for the specifics of the host operating system. A video guide mirroring this document is provided on Youtube at this address: https://www.youtube.com/channel/UC2GorQbisaxmLREYmbBfn7A


PART ONE


Preparation: Installing VirtualBox (VBox) If you’ve never used VirtualBox it’s a virtualization software package for x86 and AMD64/Intel64-based computers from Oracle Corporation. It was created by innotek GmbH, then purchased in 2008 by Sun Microsystems, and now developed by Oracle. It’s free and can be downloaded from:

https://www.virtualbox.org/wiki/VirtualBox The best installation video tutorials I can find are here: Mac https://www.youtube.com/watch?v=65T12TqxjXo Windows https://www.youtube.com/watch?v=q0z8PMS9r40 Once VBox is installed we can begin to build virtual machines and test scripts for automation.


Step 1: Getting VyOS VyOS is an open source community fork of the Vyatta operating system. Both are Debian Linux operating system based machines that provide network appliance type functionality such as: routing, firewalling and VPNs. The VyOS wiki provides a window to learn more about the capabilities of VyOS and is also the main link to the source or iso distribution. Open a browser and navigate to http://vyos.net/wiki/Main_Page. At the time or writing the page looks like this:

On the right you can see a set of Download links that will initiate a web download of the relevant operating system version. In our case as we are installing into VBox we need to download the “Virtual 32-bit” version. Click on the link and the download will commence. At the bottom of your browser you should see something like this:


Step 2: Configuring your VBox With the iso/live CD image downloaded its time to set up the VBox. Start VBox and you should see something like this:

Note: I should explain I’ve been a VBox user for years so I have a lot of VBox machines already configured – as you can see some CentOS7, Windows, JunOS and Vyatta machines. If you have done a fresh or brand new install of VBox don’t worry if you have nothing under the left hand side of this image. That simply means you do not have any virtual machines configured yet and is as it should be for new installations.

The first thing we’re going to set up in VBox is a locked in private test LAN. What do I mean? Well one of the most impressive features and a critical reason for using VBox is that you can set up and configure your own private LAN to have machines talking between each other without compromising your actual LAN. To do this we need to open the VBox preferences from the main menu bar:


Choose “Preferences” then “Network” and then “Host-only Networks”:

Click the little adapter sign on the right with the ‘+’ plus sign to add “vboxnet0”:


Then double click the “vboxnet0” line:

By default, as you can see, VBox sets up this private network for the private Class C network 192.168.56.0. We could leave this but this can be changed so we’re going to change it to the private Class B network 172.16.0.0. Change the “IPv4 Address” line to be 172.16.0.2 and the mask to be 255.255.0.0:


Then click on “DHCP Server” to reveal this:

Click “Enable Server” and fill in the following details:


Click “okay” and we now have a private Class B network available. We can now add another new VBox network – this time a Class C network with a default mask of 255.255.255.0. Again from this window:

Click on the little interface on the right with the ‘+’ plus sign on it:

This adds a vboxnet1 network. Configure this by double clicking on the vboxnet1 line and it reveals a window like this:


This has the default Class C (note it may say 192.168.57.1 … this doesn’t matter) with a default IP address. Change this to 192.168.56.2:

Then click on the DHCP server, click enable tick box and fill it in with the following:

Now that we have two virtual networks configured we can install our Vyatta. In VBox click “New” and a new drop down entitled “Name and operating system” will slide down from the top of VBox. This allows you to choose the operating system and name it. It looks like this:


Fill in the drop down. For name you can have any name you like but for “Type” and “Version” you need to choose Linux and Debian (32 bit) like this:

Click continue and this will ask you to select the amount of memory for your virtual machine. Give this is a small local laboratory or development environment there’s no need for anything major here, so 256MB will be more than sufficient in the short term. You can adjust this later at anytime by


shutting down the virtual machine and clicking “Settings” and increasing (or decreasing) the memory. Afterwards click continue:

Next up is the hard drive, choose the middle option “Create a virtual hard drive now” like this and click create:

Another slide down will appear asking you what type of hard drive you want to create. These choices define the type of disk image that will appear as one big file on your machine. As can be seen from the choices VBox supports


many different types. The normal VBox image is a VDI file but you can choose from VMDK (Vmware) or VHD (Microsoft) or HDD (Parallels). For now unless you have other reasons choose VDI and click continue:

VBox has the ability to “thin provision” a disk. This means it will dynamically increase the size of the image file up to a maximum you set. Given the function of a VyOS and it being a router rather than an application server it won’t really require a dynamically allocated disk. Choose fixed size and click continue:


VBox will now ask you to identify the size of your disk image. As above this machine is a router and as such it will not require a great deal of actual disk space or image space, one gigabyte will be more than adequate, so move the slider to 1GB and click create:

This will bring up a status bar showing you the disk being created:

Then all windows will disappear leaving you with the main VBox menu. Now however a new machine will exist in the list called “New VyOS”:


Before we can build the operating system for this machine there are a few more critical steps to take. With your “New VyOS” highlighted click “Settings” to get this menu:


Click on “System” to reveal the motherboard and processor information.

The first task we need to complete here is to remove the “Floppy” as a boot choice. Un-tick the “Floppy” and use the arrows on the right to push it down the stack. This stack represents the boot order of our virtual machine so by default it tries Floppy then CD then Hard Disk. You should end up with this:


Then click processor to reveal a menu like this:

IMPORTANT: You need to tick the “Enable PAE/NX” box. Without this ticked the virtual machine will not boot. What on earth is PAE/NX – well Physical Address Extension (PAE) are features of the processor needed to run many operating systems. For instance Windows 8.1 or Ubuntu Server will also need this ticked. Ticking it determines whether the PAE and NX capabilities of the host CPU will be exposed to our virtual machine. Normally, if enabled and supported by the operating system, then even a 32-bit x86 CPU can access more than 4 GB of RAM. This is made possible by adding another 4 bits to memory addresses, so that with 36 bits, up to 64 GB can be addressed.


Next click on “Display”. Well this is a router, no GUI and only command line so we don’t need to waste memory on a graphics card. Choose 1MB if you don’t mind warnings or leave as 16MB if you have plenty of memory on your machine and don’t want to have warnings. Here’s both examples, either works. (Note the error at the bottom of the second picture! This error is about the display memory and appears in many of the pictures below. )

Next click on “Storage”. In this menu we will identify the iso / live CD we will be booting from initially.


Initially (as can be seen) there is no cd in the virtual drive. Click on the “Empty” CD and the “Attributes” changes:

Then click on the little CD icon on the right of the “IDE Secondary”:

This now enables us to choose a virtual CD or more precisely the iso file we downloaded earlier. Click “Choose a virtual CD/DVD disk file…”:


I stored my file in a Library directory – you may have left it in “Downloads”.

Choose our vyos-1.1.3-i586-virt.iso file and the “Storage” page should look like this:


Next click on “Audio” and un-click “Enable Audio” tick box. No need on our router for audio support.

Next is the network. So click on the “Network” tab and you will see a menu like this:


There are lots of choices for network and as you can see four separate adapters that can be configured. For now we’ll add two adapters based on the networks (vboxnet0 & vboxnet1) that we defined earlier. Choose/tick the enable box and choose “Host Only Adapter” (more on the rationale for this in Step 8 below). Here are our two adapters:

Lastly is the “Ports” and click “Enable Serial Port”:


We’re ready now to boot up our Vyatta/VyOS machine. Click okay and then click “Start” from the main VBox menu. You should see a console and the VyOS machine will begin to boot:

After a couple of minutes our VBox VyOS virtual machine has booted from CD to give this:


Log in as “vyos” with password “vyos” and run this command: vyos@vyos:~$ show interfaces

Hey presto! Our Vyatta/VyOS is fully up and running. Now we need to configure it.


PART TWO


Step 3: Installing VyOS We have VyOS up and running but we have still to install it to the hard disk of our virtual machine. To do this type: vyos@vyos:~$ install image

Say yes:


Hit return to choose the “Auto” default option:

Hit return again to choose the “sda” device to install onto and explicitly type “yes” in answer to the “This will destroy all data on /dev/sda” and hit return for default answer to “How big”:

You can have names for your images but for this choose the default “1.1.3”:


Accept the default configuration file of “/config/config.boot”. Take note of the “/opt/vyatta/etc/config.boot.default” file. This is useful to know about as it will be used later to reset the entire configuration back to default. Then enter a password for “vyos”. For now lets stick with “vyos” as the password. We will cover changing this password manually later.

Finally accept the default for where to install grub. GRUB stands for the GNU Grand Unified Bootloader and is a package from the GNU open source project that provides a user choice for booting.


That’s it. You should see a message saying “Done!”.

Now type: vyos@vyos:~$ poweroff Proceed with poweroff? (Yes/No) [No] yes


Why are we powering off rather than rebooting. This is just my preference to ensure we’re not going to reboot from the CD again. Once the machine disappears click on settings from the VBox menu

Choose “System” and unclick and arrow down the boot list the CD/DVD. You should have this:


Click “OK” and then “Start”. You will briefly see a GRUB menu like this:

Then the machine will fully boot to a login prompt:

That’s Step 3 complete. VyOS is now fully installed on your machine in a VBox.


Step 4: Changing the Root User Whether locally using your VBox machine or using a SoftLayer Vyatta probably one of the first things to know how to do after getting the operating system installed is to change the default user and password set up. The whole world knows that login “vyos” or “vyatta” with passwords “vyos” or “vyatta” are default settings so its worth immediately changing them. To do this for production you will need to liaise with your security department on usernames and passwords standards. Lets imagine our security department has said that we need to set our username as “vy-r1-rt” (our Vyatta, Router One and Root user) with password randomly generated of “yGJhgH%LJHWn@8^”. We can set this user up like this:

Logout and log back in as the new administrator with a strong password and check you can enter configuration mode:


With a successful new user created then we can delete the default user – in our case “vyos”:


Step 5: Setting Up the Hostname & Domainname Now our device is secure, the next most obvious thing to do is to name this machine and set up a domain name. To do this log in as the root and enter configuration mode then type:

The command & login prompts will change the next time we log in – like so:

For the domain name this is as simple, again from configuration mode do:


When we do a show system we see:


Step 6: Setting Up the Interfaces Now we get to the real thrust of this – setting up the interfaces. First of all lets check we have two interfaces:

There they are – two interfaces in states u/u (up/up) but they are not configured. So we want to configure the static ip address 172.16.0.1 on interface eth0:

Now we want to set up a static address on eth1:


We can now verify our external link eth0 from our host machine. In my case I open up a terminal on my iMac and I can ping the connection eth0 configured on our Vyatta/VyOS VBox machine – like this:

Note: Please ignore my third interface. It is in preparation for the next phase of setup in a subsequent document. Your machine will only have two interfaces if you followed this guide.


Step 7: Enable SSH Now we want to enable the iMac to secure shell (ssh) into our new VyOS VBox. To do this we type:

We can check this has worked from our terminal:


Step 8: Setting Up Routes In Step 2 that we configured and then used the “Host-Only Adapter” on our VyOS machine. We can now create some host machines to also use the private VBox networks. Why? Well the plan is to have a situation like this:

To create small non-memory intensive machines we can use Damn Small Linux (DSL) that still provides a nice usable GUI. This can be downloaded from:

è ftp://distro.ibiblio.org/pub/linux/distributions/damnsmall/current/ We will also create a Windows 7 machine that you can download from:

è https://www.modern.ie/en-us/virtualization-tools#downloads To utilize the downloaded images in VBox choose “New” from the VBox Manager to reveal the create new VM screen and fill in the details (once for Windows, and once for DSL):

On the next screen allow 256MB and 64MB respectively for Windows & DSL:


Then choose to “Use an existing virtual hard drive file” and navigate to the specific downloaded ‘.vdi’ file for Windows or DSL:

Please remember if you want to, you can use Ubuntu, Windows, OS-X, or any other operating system (that are supported) for the hosts that run on VBox. Then configure the networking like this:


Note: Remember to use the green recycle button to generate different Ethernet/MAC Addresses. If you don’t then they might both get the same IP address! Then start the DSL-Host1 and logged in as “root” to get this GUI:

We can open a terminal and check the IP address configuration and ping our Vyatta router on 172.16.0.1:


Now we can start the Windows 7 VM, open a command terminal and check its IP address using ‘ipconfig’:


So we now have our two hosts DSL & Windows on our private networks. They can both ping the router:

By default on our Vyatta ip forwarding already enabled:

So can they ping each other? Well no – not yet. The router is ready but on both Windows and DSL we cannot ping the other network. Why? Well out of the box we do not have a default route on either machine. So we need to tell Windows and DSL about they’re default route – like this:

Finally lets ‘ping’ test that our Vyatta is routing between its two directly connected networks:


And there we have it. Routing between the 172.16.0.0. and the 192.168.56.0 networks using a VyOS VBox.


Step 9: RESET - If all else is failed :-( Sometimes you may want to strip your Vyatta/VyOS back to its original starting point in order to ‘begin again’. To do this you can ‘load’ a default/vanilla configuration file and over write the config.boot file we have so far worked on. To make this more clear – currently our configuration file can be viewed by typing: vy-r1-rt@Router1$ show configuration This will output the contents of the config.boot file which is loaded at boot time. To reset this file to a default config, type: vy-r1-rt@Router1$ configure vy-r1-rt@Router1# load /opt/vyatta/etc/config.boot.default vy-r1-rt@Router1# commit vy-r1-rt@Router1# save vy-r1-rt@Router1# reboot


Notice you now have the default admin user ‘vyos’ back with password ‘vyos’:

Of course this means vy-r1-rt is no more and you cannot login as this user:


When you examine the interfaces they are not configured:

This allows you to practice configuring the VyOS/Vyatta over and over until you are comfortable with the commands. There are other ways to remove the configuration and as you get more comfortable with the VyOS/Vyatta a popular command line modus operandi is to live edit the config.boot file with ‘vi’ and to make the appropriate changes. Yet another mechanism is to use VBox to ‘clone’ a vanilla VyOS install i.e. stop after Step 2 and ‘clone’ the installed machine to a TEMPLATE-VYOS machine. This means you can ‘remove’ the one you’ve configured and just start a new VyOS at any time from the TEMPLATE.


Conclusion Now you have a complete VBox implementation of VyOS and some VMs that connect on specific networks you can begin to learn much more about Vyatta/VyOS and to begin to use:

§ Access Control Lists (ACLs);

§ Firewalls;

§ Etc. Perhaps an early test/lab would be to add another VBox network – vboxnet2 – and give it the address range of 10.0.0.0/8. Then add a new VyOS machine with two interfaces one on 192.168.56.0 and the other on the new 10.0.0.0 and to route from our 172.16.0.0 to the 10.0.0.0 through the 192.168.56.0 network. I hope you found this Devops - Briefing Paper useful. Comments and updates to [email protected] or tweet me on @eamonnkillian.

2015-02-17 Devops Briefing Paper - Learning Vyatta Devops... · February,%2015% Page3%of%50% %...

Documents

Transcript of 2015-02-17 Devops Briefing Paper - Learning Vyatta Devops... · February,%2015% Page3%of%50% %...