Site icon Karneliuk

New Year – new lab (Linux CentOS 7)

Hello my friend,

I hope you have begun the new year very good and is back to work, study, researches or just enjoying the life. I have spent some time over new year holidays (and after them as well) to rebuild by lab and now I’d like to share with you my notices.

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.

Brief description

In the very first article about connectivity Nokia (Alcatel-Lucent) VSR with Cisco IOS XRv I have shown some modification, which needs to be done in Linux with bridge and network interface configurations in order routers can reach each other. But I haven’t shown you the full picture how to establish the lab from the very beginning. And that’s actually what this article is about.

What we are going to test?

We will build the lab with CentOS 7 Linux, Nokia (Alactel-Lucent) VSRs and Cisco IOS XRv from scratches with the installation of all the related modules and their configuration.

Software version

The most important is the software version of the Linux host:

I have downloaded the latest version from the official website.

For the rest, we use the following versions of Nokia (Alcatel-Lucent) and Cisco routers:

What needs to be done

The following list of activities shows what we need to do in order to get working lab. Later I’ll show in details what exactly you need to type:

Let’s go step by step now.

All information provided can be used on “as is” basis, meaning your HW (server, PC, laptop) and even installed CentOS might have deviations. So, keep calm and troubleshoot then.

#1. Create VM

In general, the create process of VM is quite straightforward: you allocate as much resources as you can (or as you like). In order to have 2 VSRs running you need to allocate at least 4 GB RAM and 2CPU. There are two important points that you must take into account.

The first one is that you need to create 3 virtual NICs and assign them to the proper media. Typically, I use the first NIC for internet connectivity, that’s why it’s connected to NAT, whereas the rest two are connected according to my topology two vnet3 and vmnet4:

The second one is that we need to enable virtualization of CPU:

As soon as both these points are fulfilled, you start with installation of CentOS itself.

#2. Install CentOS7

I advise you to configure your NIC that is connected to NAT in order to provide Internet connectivity. This will help to configure proper time based on NTP just right now and for future it’s necessary as we’ll need to download a lot of packages from Internet.

In terms of installation package I have chosen “Server with GUI”, but I haven’t chosen any package to be installed:

I always chose GUI, because then I can surf in internet directly from VM when I need it without necessity to switch between host and VM. Also it eases process of copying files between VM and host, because quite often feature “shared folders” in VMWare player doesn’t work.

One important point: I have created a user called “aaa” with administrative rights and all the further configuration (and ansible plabooks) are done based on the assumption that we have “/home/aaa/” as a working folder, where it its related.

At my laptop it takes 5-10 minutes to install CentOS in VM, so you can take a coffee, tea, bear or whatever you prefer in this time of day. Just take your time J

#3. Update yum, install epel-repository and telnet

After installation is done you boot for the first time and ready to work. From what I have seen, CentOS performs update of the yum automatically on the first boot. It also takes some time, so I chose in menu restart with option “finalize installation and reboot”. I assume, if you haven’t configured connectivity to internet initially, you will need to perform this step manually after you do it:

$ sudo yum update

I’d recommend to issue this command in any case, just to avoid unpleasant surprises in future, if something haven’t been updated.

Then we install epel repository. A lot of useful programs (i.e. Ansible) is reachable through it, so do it. Also telnet isn’t installed by default, what is necessary to connect to Nokia (Alcatel-Lucent) VSRs on console port:

$ sudo yum install -y epel-release
$ sudo yum install -y telnet

“-y” is added in order to avoid manually confirming installation of each and every package.

After each package is installed, you will get notification

Complete successfully!

If you don’t get it for whatever reason, troubleshoot what is wrong.

#4. Install and configure FTP server

I use FTP server to store license files for Nokia (Alcatel-Lucent) VSRs. Also you could save it locally to the disk of each VSR, but I find FTP much more convenient. So, let’s install it:

$ sudo yum install -y vsftpd ftp

When it’s installed, we need to configure it in such a way that local Linux accounts are allowed to be used to access FTP server, whereas no anonymous are allowed:

$ sudo vim /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
chroot_local_user=YES
local_enable=YES
write_enable=YES

In my case I have changed value of “anonymous_enable” to “NO”, uncommented “chroot_local_user” and added two last strings.

We have already started speaking about accounts. So, you can choose to use your user or create new one for VPN. I have decided the new latest option:

$ sudo useradd -d ‘/var/ftp/nokia’ -s /sbin/nologin nokia
$ sudo passwd nokia
$ mkdir -p /var/ftp/nokia

I have configured very easy password “nokianokia” for this user.

After the folder is created we need to put files with Nokia (Alcatel-Lucent) SR OS license there:

$ sudo copy /home/aaa/temp/sros14.lic /var/ftp/nokia/sros14.lic

As we do all the actions using “sudo”, the owner of the files is put as root. In order VSR can use this license, we need to change the owner and rights to this license file, so that it’s associated with “nokia” user. Here we go:

$ sudo chown -R nokia nokia ‘/var/ftp/nokia’
$ sudo chmod -R 775 ‘/var/ftp/nokia’
$ sudo groupadd ftpusers
$ sudo usermod -G ftpusers nokia

The configuration of the FTP server in our CentOS Linux server is almost done, so we need just to make sure FTP starts automatically during boot and launch it. There are some difference in syntax from CentOS 6 to CentOS 7, so you need to pay attention. The last thing is also to allow FTP service in firewall, which is enabled by default in our Linux:

$ sudo systemctl enable vsftpd
$ sudo systemctl start vsftpd
$ sudo firewall-cmd –permanent –add-port=21/tcp
$ sudo firewall-cmd –permanent –add-service=ftp
$ sudo firewall-cmd –reload

FTP configuration is done and we move to the next point.

#5. Install and configure KVM

Probably this is the quickest and the easiest chapter of the preparation of our lab. We tell CentOS 7 to install using yum all packages related to KVM/QEMU:

sudo yum install -y qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer

There should be definitely a lot of possibilities to fine tune something in this packages, but I haven’t changed anything and left default parameters

#6. Create appropriate network connections

This step will be always “setup” specific and you need to check your local setup. You remember, we have created 3 network connections. They names start with “ens” and then comes the number. I have tried to install CentOS 7 twice and both times I got different “ens” numbers. So first of all we check their names and associated MAC addresses:

$ ifconfig | grep “ens\|ether”
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:6b:7c:e2 txqueuelen 1000 (Ethernet)
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:6b:7c:ec txqueuelen 1000 (Ethernet)
ens35: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:6b:7c:f6 txqueuelen 1000 (Ethernet)

Then we properly tune configuration files of the interfaces and create corresponding bridges. For bridge 1 we have the following configuration:

$ cd /etc/sysconfig/network-scripts/
$ sudo vim ifcfg-br1
DEVICE=br1
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.0.0.254
PREFIX=24
ZONE=public
.
.
$ sudo vim ifcfg-ens34
DEVICE=ens34
BOOTPROTO=none
HWADDR=00:0c:29:6b:7c:ec
IPV6INIT=yes
ONBOOT=yes
NM_CONTROLLED=no
TYPE=Ethernet
BRIDGE=br1
IPV4_FAILURE_FATAL=yes

You remember, the first interface (ens33) has an IP address and used to connect our VM to internet.

For bridge 2 we deploy almost the same configuration, just changes IP, MAC and bridge ID:

$ sudo vim ifcfg-br2
DEVICE=br2
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.0.1.254
PREFIX=24
ZONE=public.
.
$ sudo vim ifcfg-ens35
DEVICE=ens35
BOOTPROTO=none
HWADDR=00:0c:29:6b:7c:f6
IPV6INIT=yes
ONBOOT=yes
NM_CONTROLLED=no
TYPE=Ethernet
BRIDGE=br2

IPV4_FAILURE_FATAL=yes

We also create one bridge that won’t have any physical interfrace attached in roder to provide out of band (OOB) communication for Nokia (Alcatel-Lucent) VSR routers through interface on CPM (BOF configuration):

$ sudo vim ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.1.1
PREFIX=24
ZONE=public

After you have made all the necessary configuration changes, restart network services in order to bring them in use and go to next point:

$ sudo systemctl restart network

#7. Create appropriate VMs

When we have done all the previous steps, like FTP, KVM and network connections, we define VM I will show you the most important parts of it. First of all, we go to the folder, where all KVM VMs should be located and create new VM:

$ cd /var/lib/libvirt/images/
$ sudo vim vsr14-r1.xml
<domain type=’kvm’>
<name>VSR1</name>
<uuid></uuid>
<memory>4194304</memory>
<currentMemory>4194304</currentMemory>
<cpu mode=’custom’ match=’minimum’>
<model>SandyBridge</model>
<vendor>Intel</vendor>
<feature policy=’require’ name=’x2apic’/>
</cpu>
<vcpu current=’4′>4</vcpu>
<os>
<type arch=’x86_64′ machine=’rhel6.0.0′>hvm</type>
<smbios mode=’sysinfo’/>
</os>
<sysinfo type=’smbios’>
<system>
<entry name=’product’>TIMOS:address=192.168.1.101/24@active static-route=192.168.0.0/16@192.168.1.1 license-file=ftp://nokia:nokianokia@192.168.1.1/sros14.lic slot=A chassis=SR-c7 card=cfm-xp isa/1=isa-tunnel</entry>
</system>
</sysinfo>
<clock offset=’utc’>
<timer name=’pit’ tickpolicy=’delay’/>
<timer name=’rtc’ tickpolicy=’delay’/>
</clock>
<devices>
<emulator>/usr/libexec/qemu-kvm</emulator>
<disk type=’file’ device=’disk’>
<driver name=’qemu’ type=’qcow2′ cache=’none’/>
<source file=’/var/lib/libvirt/images/SROS14R4-VSR1.qcow2’/>
<target dev=’hda’ bus=’virtio’/>
</disk>
<interface type=’bridge’>
<mac address=’FA:AC:A6:14:01:01’/>
<source bridge=’br0’/>
<model type=’virtio’/>
</interface>
<interface type=’bridge’>
<mac address=’FA:AC:A6:14:01:02’/>
<source bridge=’br1’/>
<model type=’virtio’/>
</interface>
<interface type=’bridge’>
<mac address=’FA:AC:A6:14:01:03’/>
<source bridge=’br2’/>
<model type=’virtio’/>
</interface>
<console type=’tcp’>
<source mode=’bind’ host=’0.0.0.0′ service=’2511’/>
<protocol type=’telnet’/>
<target type=’virtio’ port=’0’/>
</console>
</devices>
<seclabel type=’none’/>
</domain>

You must do “sudo” here, as the folder belongs to root.

In product configuration you can see the link to the FTP server/folder we have created in sub chapter 4. In order to login there, we have used created account and password. On the network side we map the first interface to bridge “br0”, because the first interface is the interface located on CPM, so it’s OOB. The rest of the interfaces we map to two bridges, so we can later play with network/access ports.

Also you see the name of the VM file (qcow2), so you need to put it to the same directory and make sure its name correct. I have changed the name from the standard one to make it readable and to distinguish between different VMs.

Now, when we have definied all the parameters in XML file of the VM, we create it:

$ sudo virsh define vsr14-r1.xml
[sudo] password for aaa:
Domain VSR1 defined from vsr14-r1.xml

In the same manner we create the second VM, just changes the name. IP, MAC, source file (you can duplicate initial one) and tcp port for console.

#8. Install and configure Ansible

If you have done previous tasks, the installation of the Ansible will be straightforward:

$ sudo yum install -y ansible

I have don installation just the last Friday, and I got the following version of Ansible:

$ ansible –version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/home/aaa/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

In config file I uncomment two strings, so that we Ansible works properly with Nokia (Alcatel-Lucent) VSR routers and Cisco IOS XRv routers:

$ sudo vim /etc/ansible/ansible.cfg
[paramiko]
look_for_keys = False
host_key_auto_add = True

After that, as I have done in the previous article (link), when I have create automation for launching my lab, we check the Ansible host file and “ordinary” linux host file:

$ sudo vim /etc/ansible/hosts
[linux]
localhost
.
[nokia]
SR1
SR2
.
[cisco]
XR3
XR4
$ sudo vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.101 SR1
192.168.1.102 SR2
192.168.1.111 XR3
192.168.1.112 XR4

The last action in this sub chapter is to unpack those playbooks to your home directory and update localhost.yml from folder “nodes” with proper names of your network interfaces: change eth2 to ensXX.

#9. Install vconfig:

The last point in the main program is to install the package that helps us to create VLANs and sub interfaces:

$ sudo yum install -y vconfig

#10. Install and configure ncclient (optional)

I have put this module as optional, because I haven’t it used before, but this module will be used in the later articles, because it’s used by Ansible to utilize NETCONF interface to routers. The installation is done in the following way:

$ sudo yum -y install python-pip
$ sudo pip install ncclient

Verification of installation

Once we are done, we have created the following lab:

On management host we have all our services up and running (FTP, Ansible, KVM, etc). SR1 and SR2 are KVM VM and will be started on this host, wheres XR3 and XR4, which are Cisco IOS XRv routers, are VMWare VMs and are connected through external interfaces “ens34” and “ens35” to the proper Linux bridges

If you have done everything correct, your lab will start working:

/home/aaa/ansible
[aaa@sandbox ansible]$ ansible-playbook default_lab_linux.yml
PLAY [linux] ************************************************************
TASK [READ PER-NODE PARAMETERS] *****************************************
ok: [localhost]
TASK [REMOVE OLD SSH KEYS] **********************************************
changed: [localhost]
TASK [LAUNCH VSR1 on KVM] ***********************************************
changed: [localhost]
TASK [LAUNCH VSR2 on KVM] ***********************************************
changed: [localhost]
TASK [ENABLE VLAN MODE] *************************************************
changed: [localhost]
TASK [CREATE CONNECTION SR1 TO SR2] *************************************
changed: [localhost]
TASK [command] **********************************************************
changed: [localhost]
TASK [command] **********************************************************
changed: [localhost]
TASK [command] **********************************************************
changed: [localhost]
TASK [command] **********************************************************
changed: [localhost]
TASK [command] **********************************************************
changed: [localhost]
TASK [command] **********************************************************
changed: [localhost]
TASK [command] **********************************************************
changed: [localhost]
…further output…

I have reduced the output of the playbook’s execution, because it’s really huge. Important is that VMs are created and sub interfaces with bridges as well.

Just when the KVM VMs are created, we can connect to it:

$ telnet 0.0.0.0 2511
Trying 0.0.0.0…
Connected to 0.0.0.0.
Escape character is ‘^]’.
.
Running in a KVM/QEMU virtual machine
ACPI: RSDP not found. Trying MP table
.
Total Memory: 3583MB Chassis Type: 0x26
TiMOS-V-14.0.R4 bootrom/i386 Nokia 7xxx ? Copyright (c) 2000-2016 Nokia.
All rights reserved. All use subject to applicable license agreements.
Built on Thu Jul 28 17:37:51 PDT 2016 by builder in /rel14.0/b1/R4/panos/main
Looking for boot parameters.

If FTP server and XML of the router is configured properly, the VSR will be able to obtain license:

A:vRR# show bof
=======================================================
BOF (Memory)
=======================================================
primary-image  cf3:\timos\i386-both.tim
primary-config cf3:\config.cfg
license-file   ftp://*:*@192.168.1.1/sros14.lic
address        192.168.1.101/24 active
static-route   192.168.0.0/16 next-hop 192.168.1.1
autonegotiate
duplex         full
speed          100
wait           3
persist        off
no li-local-save
no li-separate
no fips-140-2
console-speed  115200
=======================================================
.
.
A:vRR# show system license
=======================================================
Current License
=======================================================
License status : monitoring, valid license record
Time remaining : 75 days 3 hours
——————————————————-
License name : ***
License uuid : ***
Machine uuid : ***
License desc : ***
License prod : Virtual-SIM
License sros : TiMOS-[BC]-14.0.*
Current date : MON JAN 15 21:00:33 UTC 2018
Issue date   : *** UTC 2017
Start date   : *** UTC 2017
End date     : *** UTC 2018
=======================================================

That’s it. Our lab is ready:

The updated version of Ansible-playbooks is here: ansibl7.tar

Lessons learned

I have to rebuild Ansible playbooks, because in the version 2.4 (https://docs.ansible.com/ansible/2.4/porting_guide_2.4.html) and 2.3 (http://docs.ansible.com/ansible/latest/porting_guide_2.3.html) there are some changes in the modules. Refer to official documentation (http://docs.ansible.com/ansible/latest/modules_by_category.html).

Conclusion

Now I have updated lab with new Ansible, Python and other instruments, which is necessary to continue our journey into networking world. One of the reasons for updating CentOS was the problem with installation of OVS (link), which is interesting for me to play with. If I have positive experinse with it, I’ll wright some articles about it and I’ll replace my brctl with it. Take and good bye!

P.S.

If you have further questions or you need help with your networks, I’m happy to assist you, just send me message.

Support us






BR,

Anton Karneliuk

Exit mobile version