From 6e4fa9b6a0b9ab1e1b1c0fef5aceefac284242b5 Mon Sep 17 00:00:00 2001 From: pa Date: Fri, 23 Aug 2024 12:51:33 +0200 Subject: [PATCH 01/21] init ubuntu host --- .../workflows/container_build_host_ubuntu.yml | 25 ++++++ .../host-ubuntu/.devcontainer/Dockerfile | 50 +++++++++++ .../.devcontainer/devcontainer.json | 26 ++++++ .../host-ubuntu/.devcontainer/entrypoint.sh | 83 +++++++++++++++++++ 4 files changed, 184 insertions(+) create mode 100644 .github/workflows/container_build_host_ubuntu.yml create mode 100644 containers/host-ubuntu/.devcontainer/Dockerfile create mode 100644 containers/host-ubuntu/.devcontainer/devcontainer.json create mode 100644 containers/host-ubuntu/.devcontainer/entrypoint.sh diff --git a/.github/workflows/container_build_host_ubuntu.yml b/.github/workflows/container_build_host_ubuntu.yml new file mode 100644 index 00000000..4c273a3e --- /dev/null +++ b/.github/workflows/container_build_host_ubuntu.yml @@ -0,0 +1,25 @@ +--- +name: Create Ubuntu host container image + +on: + push: + branches: ['**'] # branches will be filtered in the jobs + paths: + - .github/workflows/container_build_host_ubuntu.yml + - .github/workflows/container_build_child.yml + - containers/host-ubuntu/** + workflow_dispatch: + branches: ['**'] # branches will be filtered in the jobs + +jobs: + build-demo-container: + # fork - build container from any branch for testing + # parent repo - build on main branch only + if: github.repository != 'aristanetworks/acLabs' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/container_build_child.yml + with: + container_name: "host-ubuntu" + image_tags: "latest" + from_image: "ubuntu" + from_variant: "24.04" + username: "admin" diff --git a/containers/host-ubuntu/.devcontainer/Dockerfile b/containers/host-ubuntu/.devcontainer/Dockerfile new file mode 100644 index 00000000..8901c923 --- /dev/null +++ b/containers/host-ubuntu/.devcontainer/Dockerfile @@ -0,0 +1,50 @@ +ARG FROM_IMAGE +ARG FROM_VARIANT + +FROM ${FROM_IMAGE}:${FROM_VARIANT} + +# Install essential tools. +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + make \ + curl \ + git-all \ + python3 \ + python3-pip \ + sudo \ + wget \ + # TODO: have to review the bottom part later + ca-certificates \ + cdpr \ + dnsutils \ + dsniff \ + ipcalc \ + iperf \ + iperf3 \ + fping \ + gnupg \ + gsutil \ + ifenslave \ + inetutils-traceroute \ + iputils-* \ + libkrb5-dev \ + lldpd \ + locales \ + mtr \ + nano \ + net-tools \ + netplan.io \ + openssh-server \ + snapd \ + tzdata \ + ufw \ + vim + # no need to reduce the image size for now + # && rm -rf /var/lib/apt/lists/* \ + # && rm -Rf /usr/share/doc && rm -Rf /usr/share/man \ + # && apt-get clean + +COPY ./entrypoint.sh /bin/entrypoint.sh +RUN chmod +x /bin/entrypoint.sh + +ENTRYPOINT [ "/bin/entrypoint.sh" ] diff --git a/containers/host-ubuntu/.devcontainer/devcontainer.json b/containers/host-ubuntu/.devcontainer/devcontainer.json new file mode 100644 index 00000000..bf039772 --- /dev/null +++ b/containers/host-ubuntu/.devcontainer/devcontainer.json @@ -0,0 +1,26 @@ +{ + "build": { + "dockerfile": "./Dockerfile", + "context": ".", + "args": { + "FROM_IMAGE": "${localEnv:FROM_IMAGE}", + "FROM_VARIANT": "${localEnv:FROM_VARIANT}", + "USERNAME": "${localEnv:USERNAME}" + } + }, + "features": { + "ghcr.io/devcontainers/features/common-utils:2":{ + "installZsh": true, + "installOhMyZsh": true, + "configureZshAsDefaultShell": true, + "username": "${localEnv:USERNAME}", + "userUid": "${localEnv:UID}", + "userGid": "${localEnv:GID}", + // do not update packages to reduce build time + "upgradePackages": "false" + } + }, + + // Set `remoteUser` to `root` to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "${localEnv:USERNAME}" + } \ No newline at end of file diff --git a/containers/host-ubuntu/.devcontainer/entrypoint.sh b/containers/host-ubuntu/.devcontainer/entrypoint.sh new file mode 100644 index 00000000..3fcf2ace --- /dev/null +++ b/containers/host-ubuntu/.devcontainer/entrypoint.sh @@ -0,0 +1,83 @@ +#!/bin/sh + +UPLINK='eth1' + +# TMODE is expected to be set via the containerlab topology file prior to deployment +# Expected values are "lacp" or "static" or "active-backup" which will bond eth1 and eth2 +if [ -z "$TMODE" ]; then + TMODE='none' +fi + +# TACTIVE and TBACKUP to be set via the containerlab topology file for active-backup runner +# expected values are "eth1" or "eth2" default is "eth1" active and "eth2" backup +if [ -z "$TACTIVE" ]; then + TACTIVE='eth1' + TBACKUP='eth2' +elif [ "$TACTIVE" == 'eth1' ]; then + TBACKUP='eth2' +elif [ "$TACTIVE" == 'eth2' ]; then + TBACKUP='eth1' +fi + +if [ "$TMODE" == 'lacp' ]; then + + UPLINK='bond0' + + ip link set eth1 down + ip link set eth2 down + + ip link add ${UPLINK} type bond mode 802.3ad + + ip link set eth1 master ${UPLINK} + ip link set eth2 master ${UPLINK} + + RAND_HEX_1=$(openssl rand -hex 1) + RAND_HEX_2=$(openssl rand -hex 1) + BOND_MAC="c0:d6:82:00:${RAND_HEX_1}:${RAND_HEX_2}" + ip link set dev ${UPLINK} address $BOND_MAC + ip link set ${UPLINK} up + +elif ! [ -z "${PHONE}" ] ; then + + UPLINK='br0' + + # Create br0 + ip link add name br0 type bridge + + RAND_HEX_1=$(openssl rand -hex 1) + RAND_HEX_2=$(openssl rand -hex 1) + BOND_MAC="30:86:2d:00:${RAND_HEX_1}:${RAND_HEX_2}" + ip link set ${UPLINK} address $BOND_MAC + + # Disable STP, provide add'l visibility + ip link set ${UPLINK} type bridge stp_state 0 + ip link set ${UPLINK} type bridge vlan_stats_per_port 1 + + # Bring up Bridge Interface and add eth1 & eth2 (Note: eths must be UP to add) + ip link set dev ${UPLINK} up + ip link set eth1 master ${UPLINK} + ip link set eth2 master ${UPLINK} + + # Add Simple Multicast Support + #sysctl net.ipv4.conf.br0.mc_forwarding=1 + #sysctl net.ipv6.conf.br0.mc_forwarding=1 + ip link set ${UPLINK} type bridge mcast_stats_enabled 1 + + # Customize LLDP + # lldpcli configure ports eth1,eth2,br0 lldp status rx-only +fi + +# configure IP addresses and routes +if ! [ -z "${IPV4}" ]; then + ip addr add ${IPV4} dev ${UPLINK} +fi + +if ! [ -z "${IPV6}" ]; then + ip -6 addr add ${IPV6} dev ${UPLINK} +fi + +if ! [ -z "${GW}" ]; then + # add default route + ip route add default via ${GW} dev ${UPLINK} + ip route add 224.0.0.0/4 via ${GW} dev ${UPLINK} +fi From 6481751052b97abb81748b8f64cedbee7e2c7468 Mon Sep 17 00:00:00 2001 From: pa Date: Fri, 23 Aug 2024 12:52:03 +0200 Subject: [PATCH 02/21] switch domain-a lab to ubuntu --- labs/techlib-vxlan-domain-a/clab/topology.clab.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/labs/techlib-vxlan-domain-a/clab/topology.clab.yml b/labs/techlib-vxlan-domain-a/clab/topology.clab.yml index 69a54102..3c794bdc 100644 --- a/labs/techlib-vxlan-domain-a/clab/topology.clab.yml +++ b/labs/techlib-vxlan-domain-a/clab/topology.clab.yml @@ -21,7 +21,7 @@ topology: ceos: image: arista/ceos:4.32.1F linux: - image: ghcr.io/aristanetworks/aclabs/host-alpine:latest + image: ghcr.io/aristanetworks/aclabs/host-ubuntu:latest nodes: ############################################################### From 8f26a49bb03e04db79d53c9a763c74c69668a250 Mon Sep 17 00:00:00 2001 From: pa Date: Fri, 23 Aug 2024 13:39:41 +0200 Subject: [PATCH 03/21] fix uid and gid --- .github/workflows/container_build_host_ubuntu.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/container_build_host_ubuntu.yml b/.github/workflows/container_build_host_ubuntu.yml index 4c273a3e..af9a0fc6 100644 --- a/.github/workflows/container_build_host_ubuntu.yml +++ b/.github/workflows/container_build_host_ubuntu.yml @@ -23,3 +23,5 @@ jobs: from_image: "ubuntu" from_variant: "24.04" username: "admin" + UID: "1001" + GID: "1001" From 49d5f9e6f3825adcb3a27d52c8a40a6bf9eaee96 Mon Sep 17 00:00:00 2001 From: pa Date: Fri, 23 Aug 2024 13:49:34 +0200 Subject: [PATCH 04/21] fix to user_id and group_id --- .github/workflows/container_build_host_ubuntu.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/container_build_host_ubuntu.yml b/.github/workflows/container_build_host_ubuntu.yml index af9a0fc6..9ac54701 100644 --- a/.github/workflows/container_build_host_ubuntu.yml +++ b/.github/workflows/container_build_host_ubuntu.yml @@ -23,5 +23,5 @@ jobs: from_image: "ubuntu" from_variant: "24.04" username: "admin" - UID: "1001" - GID: "1001" + user_id: "1001" + group_id: "1001" From 689a1bccf328c2cacc480896bd4e5550979750f4 Mon Sep 17 00:00:00 2001 From: pa Date: Fri, 23 Aug 2024 14:10:24 +0200 Subject: [PATCH 05/21] add UID and GID to args --- containers/host-ubuntu/.devcontainer/devcontainer.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/containers/host-ubuntu/.devcontainer/devcontainer.json b/containers/host-ubuntu/.devcontainer/devcontainer.json index bf039772..c6ad06fc 100644 --- a/containers/host-ubuntu/.devcontainer/devcontainer.json +++ b/containers/host-ubuntu/.devcontainer/devcontainer.json @@ -5,7 +5,9 @@ "args": { "FROM_IMAGE": "${localEnv:FROM_IMAGE}", "FROM_VARIANT": "${localEnv:FROM_VARIANT}", - "USERNAME": "${localEnv:USERNAME}" + "USERNAME": "${localEnv:USERNAME}", + "UID": "${localEnv:UID}", + "GID": "${localEnv:GID}" } }, "features": { From e9a7f3ae362d04276cd7c340e26dd9bd396d244f Mon Sep 17 00:00:00 2001 From: pa Date: Fri, 23 Aug 2024 14:48:51 +0200 Subject: [PATCH 06/21] unplug custom entrypoint --- containers/host-ubuntu/.devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/host-ubuntu/.devcontainer/Dockerfile b/containers/host-ubuntu/.devcontainer/Dockerfile index 8901c923..a4612f95 100644 --- a/containers/host-ubuntu/.devcontainer/Dockerfile +++ b/containers/host-ubuntu/.devcontainer/Dockerfile @@ -47,4 +47,4 @@ RUN apt-get update \ COPY ./entrypoint.sh /bin/entrypoint.sh RUN chmod +x /bin/entrypoint.sh -ENTRYPOINT [ "/bin/entrypoint.sh" ] +# ENTRYPOINT [ "/bin/entrypoint.sh" ] From 9a7d1e5304d57db7b866dff0160088459ed4b012 Mon Sep 17 00:00:00 2001 From: pa Date: Fri, 23 Aug 2024 14:52:30 +0200 Subject: [PATCH 07/21] add env vars --- labs/techlib-vxlan-domain-a/clab/topology.clab.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/labs/techlib-vxlan-domain-a/clab/topology.clab.yml b/labs/techlib-vxlan-domain-a/clab/topology.clab.yml index 3c794bdc..86ee053f 100644 --- a/labs/techlib-vxlan-domain-a/clab/topology.clab.yml +++ b/labs/techlib-vxlan-domain-a/clab/topology.clab.yml @@ -112,6 +112,10 @@ topology: HostA1: kind: linux mgmt-ipv4: 172.100.100.201 + env: + TMODE: lacp + IP4: 172.100.100.201 + GW: 172.100.100.1 # exec: # - bash /usr/local/bin/hostnetconfig.sh -b -i4 10.10.10.101/24 -i6 2001:db8:10:10::101/64 -g 10.10.10.1 From 653295682ecec392041d9fb098c820a109b5e009 Mon Sep 17 00:00:00 2001 From: pa Date: Mon, 26 Aug 2024 10:29:51 +0200 Subject: [PATCH 08/21] switch script from shell to bash --- containers/host-ubuntu/.devcontainer/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/host-ubuntu/.devcontainer/entrypoint.sh b/containers/host-ubuntu/.devcontainer/entrypoint.sh index 3fcf2ace..0e0b54f6 100644 --- a/containers/host-ubuntu/.devcontainer/entrypoint.sh +++ b/containers/host-ubuntu/.devcontainer/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash UPLINK='eth1' From 279c457bf9f88c769fcd8d6de15687b370c3d8ed Mon Sep 17 00:00:00 2001 From: pa Date: Mon, 26 Aug 2024 12:25:03 +0200 Subject: [PATCH 09/21] add host env vars --- .../clab/topology.clab.yml | 30 +++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/labs/techlib-vxlan-domain-a/clab/topology.clab.yml b/labs/techlib-vxlan-domain-a/clab/topology.clab.yml index 86ee053f..17b8aad2 100644 --- a/labs/techlib-vxlan-domain-a/clab/topology.clab.yml +++ b/labs/techlib-vxlan-domain-a/clab/topology.clab.yml @@ -114,38 +114,64 @@ topology: mgmt-ipv4: 172.100.100.201 env: TMODE: lacp - IP4: 172.100.100.201 - GW: 172.100.100.1 + IP4: 10.10.10.101/24 + GW: 10.10.10.1 + IPV6: 2001:db8:10:10::101/64 # exec: # - bash /usr/local/bin/hostnetconfig.sh -b -i4 10.10.10.101/24 -i6 2001:db8:10:10::101/64 -g 10.10.10.1 HostA2: kind: linux mgmt-ipv4: 172.100.100.202 + env: + TMODE: lacp + IP4: 10.30.30.101/24 + GW: 10.30.30.1 + IPV6: 2001:db8:30:30::101/64 # exec: # - bash /usr/local/bin/hostnetconfig.sh -b -i4 10.30.30.101/24 -i6 2001:db8:30:30::101/64 -g 10.30.30.1 HostA3: kind: linux mgmt-ipv4: 172.100.100.203 + env: + TMODE: lacp + IP4: 10.50.50.101/24 + GW: 10.50.50.1 + IPV6: 2001:db8:50:50::101/64 # exec: # - bash /usr/local/bin/hostnetconfig.sh -i4 10.50.50.101/24 -i6 2001:db8:50:50::101/64 -g 10.50.50.1 HostA4: kind: linux mgmt-ipv4: 172.100.100.204 + env: + TMODE: lacp + IP4: 10.10.10.102/24 + GW: 10.10.10.1 + IPV6: 2001:db8:10:10::102/64 # exec: # - bash /usr/local/bin/hostnetconfig.sh -b -i4 10.10.10.102/24 -i6 2001:db8:10:10::102/64 -g 10.10.10.1 HostA5: kind: linux mgmt-ipv4: 172.100.100.205 + env: + TMODE: lacp + IP4: 10.30.30.102/24 + GW: 10.30.30.1 + IPV6: 2001:db8:30:30::102/64 # exec: # - bash /usr/local/bin/hostnetconfig.sh -i4 10.30.30.102/24 -i6 2001:db8:30:30::102/64 -g 10.30.30.1 HostA6: kind: linux mgmt-ipv4: 172.100.100.206 + env: + TMODE: lacp + IP4: 10.70.70.101/24 + GW: 10.70.70.1 + IPV6: 2001:db8:70:70::101/64 # exec: # - bash /usr/local/bin/hostnetconfig.sh -b -i4 10.70.70.101/24 -i6 2001:db8:70:70::101/64 -g 10.70.70.1 From e7f4ac8d5b547009117d12507cd35c67119a31fa Mon Sep 17 00:00:00 2001 From: pa Date: Mon, 26 Aug 2024 16:54:15 +0200 Subject: [PATCH 10/21] bugfixes and re-enable entrypoint --- .../host-ubuntu/.devcontainer/Dockerfile | 2 +- .../host-ubuntu/.devcontainer/entrypoint.sh | 22 ++++++++++--------- .../clab/topology.clab.yml | 18 ++++++++++----- 3 files changed, 25 insertions(+), 17 deletions(-) diff --git a/containers/host-ubuntu/.devcontainer/Dockerfile b/containers/host-ubuntu/.devcontainer/Dockerfile index a4612f95..8901c923 100644 --- a/containers/host-ubuntu/.devcontainer/Dockerfile +++ b/containers/host-ubuntu/.devcontainer/Dockerfile @@ -47,4 +47,4 @@ RUN apt-get update \ COPY ./entrypoint.sh /bin/entrypoint.sh RUN chmod +x /bin/entrypoint.sh -# ENTRYPOINT [ "/bin/entrypoint.sh" ] +ENTRYPOINT [ "/bin/entrypoint.sh" ] diff --git a/containers/host-ubuntu/.devcontainer/entrypoint.sh b/containers/host-ubuntu/.devcontainer/entrypoint.sh index 0e0b54f6..08e5c899 100644 --- a/containers/host-ubuntu/.devcontainer/entrypoint.sh +++ b/containers/host-ubuntu/.devcontainer/entrypoint.sh @@ -31,10 +31,11 @@ if [ "$TMODE" == 'lacp' ]; then ip link set eth1 master ${UPLINK} ip link set eth2 master ${UPLINK} - RAND_HEX_1=$(openssl rand -hex 1) - RAND_HEX_2=$(openssl rand -hex 1) - BOND_MAC="c0:d6:82:00:${RAND_HEX_1}:${RAND_HEX_2}" - ip link set dev ${UPLINK} address $BOND_MAC + # RAND_HEX_1=$(openssl rand -hex 1) + # RAND_HEX_2=$(openssl rand -hex 1) + # BOND_MAC="c0:d6:82:00:${RAND_HEX_1}:${RAND_HEX_2}" + # ip link set dev ${UPLINK} address $BOND_MAC + ip link set dev ${UPLINK} address "c0:d6:82:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" ip link set ${UPLINK} up elif ! [ -z "${PHONE}" ] ; then @@ -44,10 +45,11 @@ elif ! [ -z "${PHONE}" ] ; then # Create br0 ip link add name br0 type bridge - RAND_HEX_1=$(openssl rand -hex 1) - RAND_HEX_2=$(openssl rand -hex 1) - BOND_MAC="30:86:2d:00:${RAND_HEX_1}:${RAND_HEX_2}" - ip link set ${UPLINK} address $BOND_MAC + # RAND_HEX_1=$(openssl rand -hex 1) + # RAND_HEX_2=$(openssl rand -hex 1) + # BOND_MAC="30:86:2d:00:${RAND_HEX_1}:${RAND_HEX_2}" + # ip link set ${UPLINK} address $BOND_MAC + ip link set dev ${UPLINK} address "c0:d6:82:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" # Disable STP, provide add'l visibility ip link set ${UPLINK} type bridge stp_state 0 @@ -77,7 +79,7 @@ if ! [ -z "${IPV6}" ]; then fi if ! [ -z "${GW}" ]; then - # add default route - ip route add default via ${GW} dev ${UPLINK} + # add static routes + ip route add ${STATIC_ROUTE} via ${GW} dev ${UPLINK} ip route add 224.0.0.0/4 via ${GW} dev ${UPLINK} fi diff --git a/labs/techlib-vxlan-domain-a/clab/topology.clab.yml b/labs/techlib-vxlan-domain-a/clab/topology.clab.yml index 17b8aad2..0c3cb01a 100644 --- a/labs/techlib-vxlan-domain-a/clab/topology.clab.yml +++ b/labs/techlib-vxlan-domain-a/clab/topology.clab.yml @@ -114,7 +114,8 @@ topology: mgmt-ipv4: 172.100.100.201 env: TMODE: lacp - IP4: 10.10.10.101/24 + IPV4: 10.10.10.101/24 + STATIC_ROUTE: 10.0.0.0/8 GW: 10.10.10.1 IPV6: 2001:db8:10:10::101/64 # exec: @@ -125,7 +126,8 @@ topology: mgmt-ipv4: 172.100.100.202 env: TMODE: lacp - IP4: 10.30.30.101/24 + IPV4: 10.30.30.101/24 + STATIC_ROUTE: 10.0.0.0/8 GW: 10.30.30.1 IPV6: 2001:db8:30:30::101/64 # exec: @@ -136,7 +138,8 @@ topology: mgmt-ipv4: 172.100.100.203 env: TMODE: lacp - IP4: 10.50.50.101/24 + IPV4: 10.50.50.101/24 + STATIC_ROUTE: 10.0.0.0/8 GW: 10.50.50.1 IPV6: 2001:db8:50:50::101/64 # exec: @@ -147,7 +150,8 @@ topology: mgmt-ipv4: 172.100.100.204 env: TMODE: lacp - IP4: 10.10.10.102/24 + IPV4: 10.10.10.102/24 + STATIC_ROUTE: 10.0.0.0/8 GW: 10.10.10.1 IPV6: 2001:db8:10:10::102/64 # exec: @@ -158,7 +162,8 @@ topology: mgmt-ipv4: 172.100.100.205 env: TMODE: lacp - IP4: 10.30.30.102/24 + IPV4: 10.30.30.102/24 + STATIC_ROUTE: 10.0.0.0/8 GW: 10.30.30.1 IPV6: 2001:db8:30:30::102/64 # exec: @@ -169,7 +174,8 @@ topology: mgmt-ipv4: 172.100.100.206 env: TMODE: lacp - IP4: 10.70.70.101/24 + IPV4: 10.70.70.101/24 + STATIC_ROUTE: 10.0.0.0/8 GW: 10.70.70.1 IPV6: 2001:db8:70:70::101/64 # exec: From 4c1ccd8f00fd4d04cd6ace2d779a9f67a379eb57 Mon Sep 17 00:00:00 2001 From: pa Date: Mon, 26 Aug 2024 17:00:37 +0200 Subject: [PATCH 11/21] add sshd --- containers/host-ubuntu/.devcontainer/devcontainer.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/containers/host-ubuntu/.devcontainer/devcontainer.json b/containers/host-ubuntu/.devcontainer/devcontainer.json index c6ad06fc..ca405a45 100644 --- a/containers/host-ubuntu/.devcontainer/devcontainer.json +++ b/containers/host-ubuntu/.devcontainer/devcontainer.json @@ -20,6 +20,10 @@ "userGid": "${localEnv:GID}", // do not update packages to reduce build time "upgradePackages": "false" + }, + // Add sshd + "ghcr.io/devcontainers/features/sshd:1": { + "version": "latest" } }, From b3ad40780d1536d0e774f289170fdb6ea0beba9d Mon Sep 17 00:00:00 2001 From: pa Date: Mon, 26 Aug 2024 17:26:32 +0200 Subject: [PATCH 12/21] disable entrypoint again --- containers/host-ubuntu/.devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/host-ubuntu/.devcontainer/Dockerfile b/containers/host-ubuntu/.devcontainer/Dockerfile index 8901c923..a4612f95 100644 --- a/containers/host-ubuntu/.devcontainer/Dockerfile +++ b/containers/host-ubuntu/.devcontainer/Dockerfile @@ -47,4 +47,4 @@ RUN apt-get update \ COPY ./entrypoint.sh /bin/entrypoint.sh RUN chmod +x /bin/entrypoint.sh -ENTRYPOINT [ "/bin/entrypoint.sh" ] +# ENTRYPOINT [ "/bin/entrypoint.sh" ] From e4384412bdafb431713d8d1f811d051e2708c490 Mon Sep 17 00:00:00 2001 From: pa Date: Mon, 26 Aug 2024 17:28:30 +0200 Subject: [PATCH 13/21] fix entrypoint --- containers/host-ubuntu/.devcontainer/Dockerfile | 2 +- containers/host-ubuntu/.devcontainer/entrypoint.sh | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/containers/host-ubuntu/.devcontainer/Dockerfile b/containers/host-ubuntu/.devcontainer/Dockerfile index a4612f95..8901c923 100644 --- a/containers/host-ubuntu/.devcontainer/Dockerfile +++ b/containers/host-ubuntu/.devcontainer/Dockerfile @@ -47,4 +47,4 @@ RUN apt-get update \ COPY ./entrypoint.sh /bin/entrypoint.sh RUN chmod +x /bin/entrypoint.sh -# ENTRYPOINT [ "/bin/entrypoint.sh" ] +ENTRYPOINT [ "/bin/entrypoint.sh" ] diff --git a/containers/host-ubuntu/.devcontainer/entrypoint.sh b/containers/host-ubuntu/.devcontainer/entrypoint.sh index 08e5c899..2f224018 100644 --- a/containers/host-ubuntu/.devcontainer/entrypoint.sh +++ b/containers/host-ubuntu/.devcontainer/entrypoint.sh @@ -83,3 +83,15 @@ if ! [ -z "${GW}" ]; then ip route add ${STATIC_ROUTE} via ${GW} dev ${UPLINK} ip route add 224.0.0.0/4 via ${GW} dev ${UPLINK} fi + +# Execute command from docker cli if any. +if [ ${@+True} ]; then + exec "$@" +# Otherwise just enter sh or zsh. +else + if [ -f "/bin/zsh" ]; then + exec zsh + else + exec sh + fi +fi From 749b1651ba0f56336769bf377db0789d0e0bd1e5 Mon Sep 17 00:00:00 2001 From: pa Date: Tue, 27 Aug 2024 08:22:05 +0200 Subject: [PATCH 14/21] fix phone mac --- containers/host-ubuntu/.devcontainer/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/host-ubuntu/.devcontainer/entrypoint.sh b/containers/host-ubuntu/.devcontainer/entrypoint.sh index 2f224018..c65591ce 100644 --- a/containers/host-ubuntu/.devcontainer/entrypoint.sh +++ b/containers/host-ubuntu/.devcontainer/entrypoint.sh @@ -49,7 +49,7 @@ elif ! [ -z "${PHONE}" ] ; then # RAND_HEX_2=$(openssl rand -hex 1) # BOND_MAC="30:86:2d:00:${RAND_HEX_1}:${RAND_HEX_2}" # ip link set ${UPLINK} address $BOND_MAC - ip link set dev ${UPLINK} address "c0:d6:82:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" + ip link set dev ${UPLINK} address "30:86:2d:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" # Disable STP, provide add'l visibility ip link set ${UPLINK} type bridge stp_state 0 From 272e0be413fd72673cf3da210554b5d1aba14ac1 Mon Sep 17 00:00:00 2001 From: pa Date: Tue, 27 Aug 2024 09:03:06 +0200 Subject: [PATCH 15/21] update ssh --- containers/host-ubuntu/.devcontainer/Dockerfile | 2 +- containers/host-ubuntu/.devcontainer/devcontainer.json | 8 ++++---- containers/host-ubuntu/.devcontainer/entrypoint.sh | 7 +++++++ 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/containers/host-ubuntu/.devcontainer/Dockerfile b/containers/host-ubuntu/.devcontainer/Dockerfile index 8901c923..1b4f61a7 100644 --- a/containers/host-ubuntu/.devcontainer/Dockerfile +++ b/containers/host-ubuntu/.devcontainer/Dockerfile @@ -37,7 +37,7 @@ RUN apt-get update \ openssh-server \ snapd \ tzdata \ - ufw \ + # ufw \ vim # no need to reduce the image size for now # && rm -rf /var/lib/apt/lists/* \ diff --git a/containers/host-ubuntu/.devcontainer/devcontainer.json b/containers/host-ubuntu/.devcontainer/devcontainer.json index ca405a45..a4bd21bb 100644 --- a/containers/host-ubuntu/.devcontainer/devcontainer.json +++ b/containers/host-ubuntu/.devcontainer/devcontainer.json @@ -20,11 +20,11 @@ "userGid": "${localEnv:GID}", // do not update packages to reduce build time "upgradePackages": "false" - }, - // Add sshd - "ghcr.io/devcontainers/features/sshd:1": { - "version": "latest" } + // Add sshd + // "ghcr.io/devcontainers/features/sshd:1": { + // "version": "latest" + // } }, // Set `remoteUser` to `root` to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. diff --git a/containers/host-ubuntu/.devcontainer/entrypoint.sh b/containers/host-ubuntu/.devcontainer/entrypoint.sh index c65591ce..66dac0cf 100644 --- a/containers/host-ubuntu/.devcontainer/entrypoint.sh +++ b/containers/host-ubuntu/.devcontainer/entrypoint.sh @@ -1,5 +1,12 @@ #!/bin/bash +# set admin password for SSH access +if [ -z "${SSH_PASSWORD}" ]; then + SSH_PASSWORD='admin' +fi + +echo "admin:${SSH_PASSWORD}" | chpasswd + UPLINK='eth1' # TMODE is expected to be set via the containerlab topology file prior to deployment From 08afe7f207750a17057fcf5b70cb36321096a5c0 Mon Sep 17 00:00:00 2001 From: pa Date: Tue, 27 Aug 2024 09:05:52 +0200 Subject: [PATCH 16/21] switch username --- containers/host-ubuntu/.devcontainer/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/containers/host-ubuntu/.devcontainer/Dockerfile b/containers/host-ubuntu/.devcontainer/Dockerfile index 1b4f61a7..56af1b03 100644 --- a/containers/host-ubuntu/.devcontainer/Dockerfile +++ b/containers/host-ubuntu/.devcontainer/Dockerfile @@ -3,6 +3,8 @@ ARG FROM_VARIANT FROM ${FROM_IMAGE}:${FROM_VARIANT} +ARG USERNAME + # Install essential tools. RUN apt-get update \ && apt-get install -y --no-install-recommends \ @@ -47,4 +49,6 @@ RUN apt-get update \ COPY ./entrypoint.sh /bin/entrypoint.sh RUN chmod +x /bin/entrypoint.sh +USER ${USERNAME} + ENTRYPOINT [ "/bin/entrypoint.sh" ] From 534faff526c85f038e4af70d7e2c0438f6a865d1 Mon Sep 17 00:00:00 2001 From: pa Date: Tue, 27 Aug 2024 10:32:39 +0200 Subject: [PATCH 17/21] start ssh --- containers/host-ubuntu/.devcontainer/entrypoint.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/containers/host-ubuntu/.devcontainer/entrypoint.sh b/containers/host-ubuntu/.devcontainer/entrypoint.sh index 66dac0cf..b37822b7 100644 --- a/containers/host-ubuntu/.devcontainer/entrypoint.sh +++ b/containers/host-ubuntu/.devcontainer/entrypoint.sh @@ -7,6 +7,9 @@ fi echo "admin:${SSH_PASSWORD}" | chpasswd +# start SSH server +service ssh start + UPLINK='eth1' # TMODE is expected to be set via the containerlab topology file prior to deployment From e989605ca94c0ae88d9a396faa6703498048ec32 Mon Sep 17 00:00:00 2001 From: pa Date: Tue, 27 Aug 2024 11:13:12 +0200 Subject: [PATCH 18/21] add sudo to ssh start --- containers/host-ubuntu/.devcontainer/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/host-ubuntu/.devcontainer/entrypoint.sh b/containers/host-ubuntu/.devcontainer/entrypoint.sh index b37822b7..a4838f33 100644 --- a/containers/host-ubuntu/.devcontainer/entrypoint.sh +++ b/containers/host-ubuntu/.devcontainer/entrypoint.sh @@ -8,7 +8,7 @@ fi echo "admin:${SSH_PASSWORD}" | chpasswd # start SSH server -service ssh start +sudo service ssh start UPLINK='eth1' From 8ccaeb664fa9674e7946546240af0946ccbebdd5 Mon Sep 17 00:00:00 2001 From: pa Date: Tue, 27 Aug 2024 11:33:31 +0200 Subject: [PATCH 19/21] add sudo to chpasswd --- containers/host-ubuntu/.devcontainer/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/host-ubuntu/.devcontainer/entrypoint.sh b/containers/host-ubuntu/.devcontainer/entrypoint.sh index a4838f33..b93ae686 100644 --- a/containers/host-ubuntu/.devcontainer/entrypoint.sh +++ b/containers/host-ubuntu/.devcontainer/entrypoint.sh @@ -5,7 +5,7 @@ if [ -z "${SSH_PASSWORD}" ]; then SSH_PASSWORD='admin' fi -echo "admin:${SSH_PASSWORD}" | chpasswd +echo "admin:${SSH_PASSWORD}" | sudo chpasswd # start SSH server sudo service ssh start From 5853ea506a674e5ce1dbc64c4b5c0412041303aa Mon Sep 17 00:00:00 2001 From: pa Date: Tue, 27 Aug 2024 12:01:32 +0200 Subject: [PATCH 20/21] add sudo to entrypoint --- .../host-ubuntu/.devcontainer/entrypoint.sh | 43 +++++++++++-------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/containers/host-ubuntu/.devcontainer/entrypoint.sh b/containers/host-ubuntu/.devcontainer/entrypoint.sh index b93ae686..2ab7ebcb 100644 --- a/containers/host-ubuntu/.devcontainer/entrypoint.sh +++ b/containers/host-ubuntu/.devcontainer/entrypoint.sh @@ -1,5 +1,10 @@ #!/bin/bash +# preserve environment variables +if [ "$(id -u)" != "0" ]; then + exec sudo --preserve-env=TMODE,TACTIVE,TBACKUP,SSH_PASSWORD,IPV4,IPV6,GW,STATIC_ROUTE "$0" "$@" +fi + # set admin password for SSH access if [ -z "${SSH_PASSWORD}" ]; then SSH_PASSWORD='admin' @@ -33,47 +38,47 @@ if [ "$TMODE" == 'lacp' ]; then UPLINK='bond0' - ip link set eth1 down - ip link set eth2 down + sudo ip link set eth1 down + sudo ip link set eth2 down - ip link add ${UPLINK} type bond mode 802.3ad + sudo ip link add ${UPLINK} type bond mode 802.3ad - ip link set eth1 master ${UPLINK} - ip link set eth2 master ${UPLINK} + sudo ip link set eth1 master ${UPLINK} + sudo ip link set eth2 master ${UPLINK} # RAND_HEX_1=$(openssl rand -hex 1) # RAND_HEX_2=$(openssl rand -hex 1) # BOND_MAC="c0:d6:82:00:${RAND_HEX_1}:${RAND_HEX_2}" # ip link set dev ${UPLINK} address $BOND_MAC - ip link set dev ${UPLINK} address "c0:d6:82:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" - ip link set ${UPLINK} up + sudo ip link set dev ${UPLINK} address "c0:d6:82:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" + sudo ip link set ${UPLINK} up elif ! [ -z "${PHONE}" ] ; then UPLINK='br0' # Create br0 - ip link add name br0 type bridge + sudo ip link add name br0 type bridge # RAND_HEX_1=$(openssl rand -hex 1) # RAND_HEX_2=$(openssl rand -hex 1) # BOND_MAC="30:86:2d:00:${RAND_HEX_1}:${RAND_HEX_2}" # ip link set ${UPLINK} address $BOND_MAC - ip link set dev ${UPLINK} address "30:86:2d:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" + sudo ip link set dev ${UPLINK} address "30:86:2d:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" # Disable STP, provide add'l visibility - ip link set ${UPLINK} type bridge stp_state 0 - ip link set ${UPLINK} type bridge vlan_stats_per_port 1 + sudo ip link set ${UPLINK} type bridge stp_state 0 + sudo ip link set ${UPLINK} type bridge vlan_stats_per_port 1 # Bring up Bridge Interface and add eth1 & eth2 (Note: eths must be UP to add) - ip link set dev ${UPLINK} up - ip link set eth1 master ${UPLINK} - ip link set eth2 master ${UPLINK} + sudo ip link set dev ${UPLINK} up + sudo ip link set eth1 master ${UPLINK} + sudo ip link set eth2 master ${UPLINK} # Add Simple Multicast Support #sysctl net.ipv4.conf.br0.mc_forwarding=1 #sysctl net.ipv6.conf.br0.mc_forwarding=1 - ip link set ${UPLINK} type bridge mcast_stats_enabled 1 + sudo ip link set ${UPLINK} type bridge mcast_stats_enabled 1 # Customize LLDP # lldpcli configure ports eth1,eth2,br0 lldp status rx-only @@ -81,17 +86,17 @@ fi # configure IP addresses and routes if ! [ -z "${IPV4}" ]; then - ip addr add ${IPV4} dev ${UPLINK} + sudo ip addr add ${IPV4} dev ${UPLINK} fi if ! [ -z "${IPV6}" ]; then - ip -6 addr add ${IPV6} dev ${UPLINK} + sudo ip -6 addr add ${IPV6} dev ${UPLINK} fi if ! [ -z "${GW}" ]; then # add static routes - ip route add ${STATIC_ROUTE} via ${GW} dev ${UPLINK} - ip route add 224.0.0.0/4 via ${GW} dev ${UPLINK} + sudo ip route add ${STATIC_ROUTE} via ${GW} dev ${UPLINK} + sudo ip route add 224.0.0.0/4 via ${GW} dev ${UPLINK} fi # Execute command from docker cli if any. From 32e4fccb6827725857c99d201d73a656648ee92a Mon Sep 17 00:00:00 2001 From: pa Date: Tue, 27 Aug 2024 12:27:05 +0200 Subject: [PATCH 21/21] add env var to set mac --- .../host-ubuntu/.devcontainer/entrypoint.sh | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/containers/host-ubuntu/.devcontainer/entrypoint.sh b/containers/host-ubuntu/.devcontainer/entrypoint.sh index 2ab7ebcb..1e46b0ca 100644 --- a/containers/host-ubuntu/.devcontainer/entrypoint.sh +++ b/containers/host-ubuntu/.devcontainer/entrypoint.sh @@ -46,11 +46,10 @@ if [ "$TMODE" == 'lacp' ]; then sudo ip link set eth1 master ${UPLINK} sudo ip link set eth2 master ${UPLINK} - # RAND_HEX_1=$(openssl rand -hex 1) - # RAND_HEX_2=$(openssl rand -hex 1) - # BOND_MAC="c0:d6:82:00:${RAND_HEX_1}:${RAND_HEX_2}" - # ip link set dev ${UPLINK} address $BOND_MAC - sudo ip link set dev ${UPLINK} address "c0:d6:82:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" + if [ -z "$UPLINK_MAC" ]; then + UPLINK_MAC="c0:d6:82:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" + fi + sudo ip link set dev ${UPLINK} address "${UPLINK_MAC}" sudo ip link set ${UPLINK} up elif ! [ -z "${PHONE}" ] ; then @@ -60,11 +59,10 @@ elif ! [ -z "${PHONE}" ] ; then # Create br0 sudo ip link add name br0 type bridge - # RAND_HEX_1=$(openssl rand -hex 1) - # RAND_HEX_2=$(openssl rand -hex 1) - # BOND_MAC="30:86:2d:00:${RAND_HEX_1}:${RAND_HEX_2}" - # ip link set ${UPLINK} address $BOND_MAC - sudo ip link set dev ${UPLINK} address "30:86:2d:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" + if [ -z "$UPLINK_MAC" ]; then + UPLINK_MAC="30:86:2d:00:$(openssl rand -hex 1):$(openssl rand -hex 1)" + fi + sudo ip link set dev ${UPLINK} address "${UPLINK_MAC}" # Disable STP, provide add'l visibility sudo ip link set ${UPLINK} type bridge stp_state 0