-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathVagrantfile
207 lines (162 loc) · 7.09 KB
/
Vagrantfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
# -*- mode: ruby -*-
# vi: set ft=ruby :
require 'pp'
DEBIAN_BOX = "debian/bookworm64"
COMMON_MESSAGE = "To setup Margay (if not done already):
vagrant ssh <mgy OR mgy_downstr>
sudo -i
bash -c \"$(wget -O - https://raw.githubusercontent.com/vemarsas/margay/master/setup)\"
# See also https://github.com/vemarsas/margay/blob/master/README.md"
ENABLE_PASSWD = <<-END
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
systemctl restart sshd.service
END
# Ex. allow_promisc mgy, [2, 3, 4], :allow_vms
# (NIC ID=1 is generally the default/NAT interface)
# The third arg may also be :allow_all or :deny
def allow_promisc(vmcfg, nicids, allow=:allow_vms)
vmcfg.vm.provider "virtualbox" do |vb|
nicids.each do |i|
vb.customize ["modifyvm", :id, "--nicpromisc#{i}", allow.to_s.gsub('_', '-')]
end
end
end
=begin
TOPOLOGY
default/NAT
|
(eth0)
-------- -----
| CLIENT |---default(vlan1?)_access---(eth1)| MGY |(eth3)---vlan2_access
-------- -----
(eth2)
|
vlan_trunk (vlans 1, 2)
|
(eth1)
-------------
default/NAT---(eth0)| MGY_DOWNSTR |
-------------
(eth2) (eth3)
| |
downstr_vlan_1_access downstr_vlan_2_access
Of course, VLAN IDs 1, 2 are purely conventional/examples: they are not enforced in this Vagrantfile.
A simpler topology with no VLANs will be just MGY and CLIENT (e.g. to test Raidus/Chilli and no 802.1Q involved).
That was indeed the original design.
=end
Vagrant.configure("2") do |config|
config.vm.define "mgy", primary: true do |mgy|
mgy.vm.box = DEBIAN_BOX
mgy.vm.hostname = "mgy"
mgy.vm.synced_folder ".", "/vagrant", disabled: true
mgy.vm.network "forwarded_port", guest: 22, host: 2222
mgy.vm.network "forwarded_port", guest: 4567, host: 4567
mgy.vm.network "forwarded_port", guest: 443, host: 4443
# NIC #1 is the default NAT interface, with forwarded ports above
# NIC #2
mgy.vm.network "private_network", # may also be used as vlan 1 access
auto_config: false, # or will reset what margay-persist has configured on the interface
virtualbox__intnet: "default_access"
# NIC #3
mgy.vm.network "private_network",
auto_config: false, # or will reset what margay-persist has configured on the interface
virtualbox__intnet: "vlan_trunk"
# NIC #4
mgy.vm.network "private_network",
auto_config: false, # or will reset what margay-persist has configured on the interface
virtualbox__intnet: "vlan2_access"
# If we ever want bridges to work...
allow_promisc mgy, [2, 3, 4], :allow_vms
mgy.vm.provision "shell", inline: ENABLE_PASSWD
mgy.vm.post_up_message = [
COMMON_MESSAGE,
'After Margay setup:',
'SSH: port 2222 @localhost, user: "onboard", password: "onboard"',
'Margay web: http://localhost:4567 or https://localhost:4443'
].join("\n")
end
config.vm.define "mgy_downstr", autostart: false do |mgy_downstr| # downstream switch, currently a mgy, could be an Arista, Cisco, etc.
mgy_downstr.vm.box = DEBIAN_BOX
mgy_downstr.vm.hostname = "mgy-downstr"
mgy_downstr.vm.synced_folder ".", "/vagrant", disabled: true
mgy_downstr.vm.network "forwarded_port", guest: 22, host: 2223
mgy_downstr.vm.network "forwarded_port", guest: 4567, host: 4568
mgy_downstr.vm.network "forwarded_port", guest: 443, host: 4444
# NIC #1 is the default NAT interface, with forwarded ports above
# NIC #2
mgy_downstr.vm.network "private_network",
auto_config: false, # or will reset what margay-persist has configured on the interface
virtualbox__intnet: "vlan_trunk"
# NIC #3
mgy_downstr.vm.network "private_network",
auto_config: false, # or will reset what margay-persist has configured on the interface
virtualbox__intnet: "downstr_vlan_1_access"
# NIC #4
mgy_downstr.vm.network "private_network",
auto_config: false, # or will reset what margay-persist has configured on the interface
virtualbox__intnet: "downstr_vlan_2_access"
allow_promisc mgy_downstr, [2, 3, 4], :allow_vms
mgy_downstr.vm.provision "shell", inline: ENABLE_PASSWD
mgy_downstr.vm.post_up_message = [
COMMON_MESSAGE,
'After Margay setup:',
'SSH: port 2223 @localhost, user: "onboard", password: "onboard"',
'Margay web: http://localhost:4568 or https://localhost:4444'
].join("\n")
end
# The client machine may be any OS, but for economy of storage and download time,
# it's based on the same base box.
config.vm.define "client", autostart: false do |mgyc|
mgyc.vm.box = DEBIAN_BOX
mgyc.vm.hostname = "mgyclient"
mgyc.vm.network "private_network",
auto_config: false,
# Vagrant auto_config would otherwise mess things up here,
# modifying /etc/network/interfaces so to remove the default gw from
# margay (ordinary DHCP or chillispot).
virtualbox__intnet: "default_access"
mgyc.vm.provider "virtualbox" do |vb|
vb.gui = true
# https://stackoverflow.com/a/24253435
vb.customize ["modifyvm", :id, "--vram", "16"]
end
mgyc.vm.provision "shell", inline: <<-EOF
# restore default VBox NAT interface networking (if it has been disabled previously to use margay-connected interface eth1)
ip link set up dev eth0
# ASSUME dhclient is the dhcp client
if (ps aux | grep dhclient | grep eth0 | grep -v grep); then
if (ip route | grep default | grep -v grep); then
ip route replace default via 10.0.2.2 dev eth0
else
ip route add default via 10.0.2.2 dev eth0
fi
else
dhclient eth0
fi
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get -y upgrade
apt-get install -y lightdm openbox lxterminal psmisc firefox-esr
systemctl start lightdm
# Remove default Internet connection, it will use the second interface behind
# margay (now that provisioning is done and software downloaded).
cat > /etc/network/interfaces <<EOFF
# Auto-generated by a custom Vagrant provisioner for margay client.
# source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# Default VBox NAT
auto eth0
iface eth0 inet dhcp
pre-up sleep 2
post-up ip route del default dev \\$IFACE || true
# Interface connected to Margay
auto eth1
iface eth1 inet dhcp
EOFF
systemctl restart networking
echo "vagrant:vagrant" | chpasswd
EOF
end
end