Setup lab Openstack

To create a new eve-ng instance on Openstack infrastructure:

1. Login to Openstack via https://cloud.grid.pub.ro/ using login upb (same steps used for login to curs upb). You should be alreayd included in sred_prj (in case you do not have access, please contact @horia.stoenescu via Teams).

2. Go to instances and launch a new one using the following configuration:

- give it a specific name - Instance Name - for example: ion_popescu_eve_ng

- for Source, select image SRED eve-ng

- for flavor, select m1.sred_flavor (⚠️ lower ones will not work as image requires at least 60 GB of storage and 16GB of RAM)

- for network, select vlan9 (your VM should have IP 10.9.*.* after spawning the instance)

- for network ports and security groups keep default values

- in case you did not have already a key pair generated, create a new one, save the private key to your fep instance on path /root/.ssh/fep_rsa, and select it for the newly deployed instance

- the rest of configuration keep as it is

3. Wait for 2, 3 minutes for the instance to boot up, login using default credential root:eve (in case they did not work, wait some more minutes). After this, you will configure the instance from Console tab: add a root password, select dhcp, and default ntp server.

4. Login again to Console using the same credentials, find the ip address, and using ssh forward the port 80 of eve-ng platform to local one (let's say 8080):

ssh -i /path/to/ssh/private/key -L 127.0.0.1:8080:$IP-EVE-NG-INSTANCE:80 $USER-LDAP@fep.grid.pub.ro
# change IP-EVE-NG-INSTANCE and USER-LDAP with your personal values

5. At last, login to platform from browser using default credentials admin:eve and start working on lab exercises

6. (update) For connecting nodes to Internet, you cannot use Management/Cloud0/pnet0, as we require special permissions (enabling Promiscuous mode, forged arp packets, and mac address changes), and instead use a workaround to trick it by using Cloud1 (from here: https://www.youtube.com/watch?v=7CJR2l8VXM0&ab_channel=NetworkCollective).

Steps:

A. Configure interface pnet1 from /etc/network/interfaces as follows:

iface eth1 inet manual
auto pnet1
iface pnet1 inet static
    bridge_ports eth1
    bridge_stp off
    address 10.199.199.1
    netmask 255.255.255.0

Then, restart networking service:

systemctl restart networking.service

B. Enable ip forwarding by commenting from /etc/sysctl.conf:

# from sysctl.conf
net.ip4.ip_forward=1
# then
sysctl -p /etc/sysctl.conf

C. At last, add a rule for forwarding all packets via nat to pnet0 and make this configuration persistent:

iptables -t  nat -A POSTROUTING -s 10.199.199.0/24 -o pnet0 -j MASQUERADE
# install iptables-persistent
apt-get install -y iptables-persistent
# after a reboot, configuration should remain for nat chain
sred/setup_lab_openstack.txt · Last modified: 2024/12/03 19:53 by horia.stoenescu
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0