「体験しながら学ぶネットワーク管理技術入門」のテストネットワークをtinetからcontainerlabへ変える実験:2日目
今朝も4時前に助手の猫さんが起こしてくれました。小腹が空いて起こしに来る時刻が安定してきたようです。ご飯を食べた後、かみさんの布団で一緒に寝るのも同じです。
テストネットワークをtinetからcontainerlabへ変換する続きです。
まずは、昨日出ていたエラーが気になったので調べました。
どうやらR2,R3,R4にデフォルトゲートウェイを設定するところでエラーになっているようです。
ERRO[0019] Failed to execute command "ip route add default via 10.2.0.1" on the node "R2". rc=2,
stdout:
stderr:
RTNETLINK answers: File existsです。docker execを使って手動で実行しても同じエラーがでました。
$docker exec -it clab-test-R2 /bin/bash
root@R2:/# ip route add default via 10.2.0.1
RTNETLINK answers: File existsGoogleさんに聞いてみると、どうやら同じ設定が既にある時にこのエラーがでるらしいです。設定されているルートを確認してみると
root@R2:/# ip route show
default via 172.20.20.1 dev eth0
10.2.0.0/24 dev net0 proto kernel scope link src 10.2.0.2
172.20.20.0/24 dev eth0 proto kernel scope link src 172.20.20.5defaultが既に設定されています。containerlabのマニュアル
を読むと管理用のネットワークが自動で作成されるようで、その時defaulltのルートも設定されるようです。
なので、このコマンドを
#ip route add 10.0.0.0/8 via 10.2.0.1にすれば、通信できるようになりました。
スッキリしました。
さて、本題です。
「体験しながら学ぶネットワーク管理技術入門」のテストネットワークの構築ファイルを
からダウンロードしてspec_01.yamlを変換してみました。
変換自体は、うまくいきましたが、起動してみるとpanic発生です。
WARN[0452] Failed to parse the command string: sed -i "/access_log/i \ \ \ \ \ \ \ \ log_format custom '\"\\" \"\\" \"\\" \"\\" \"\\" \"\\" \"\\"';" /etc/nginx/nginx.conf, EOF found when expecting closing quote
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1bfd8d1]
goroutine 38 [running]:
github.com/srl-labs/containerlab/clab/exec.(*ExecCmd).GetCmd(...)
github.com/srl-labs/containerlab/clab/exec/exec.go:96
github.com/srl-labs/containerlab/runtime/docker.(*DockerRuntime).Exec(0xc000519770, {0x3aca9f0, 0xc000156e10}, {0xc00011d660, 0xd}, 0x0)
github.com/srl-labs/containerlab/runtime/docker/docker.go:823 +0x1d1
github.com/srl-labs/containerlab/nodes.(*DefaultNode).RunExec(0xc000a291e0, {0x3aca9f0, 0xc000156e10}, 0x0)
github.com/srl-labs/containerlab/nodes/default_node.go:455 +0x8e
github.com/srl-labs/containerlab/nodes.(*DefaultNode).RunExecFromConfig(0xc000a291e0, {0x3aca9f0, 0xc000156e10}, 0xc0009c7500)
github.com/srl-labs/containerlab/nodes/default_node.go:237 +0x176
github.com/srl-labs/containerlab/clab.(*CLab).scheduleNodes.func1(0x0, 0xc0001681e0, 0xc000142b00?)
github.com/srl-labs/containerlab/clab/clab.go:630 +0x8be
created by github.com/srl-labs/containerlab/clab.(*CLab).scheduleNodes in goroutine 1
github.com/srl-labs/containerlab/clab/clab.go:686 +0x154Webサーバーの設定ファイルを作成しているところで、文字列を括る"の数が合わないようです。
アクセスログを出力する設定のようなので、
とりあえず、起動できました。
containerlabで出力した構成図は
です。ちょと嬉しいです。
でも、containerlabが自動で追加する管理ネットワークの設定の影響で、閉じたテストネットワークになっていません。cl1からインターネットに接続できてしまいました。
今朝は2つの問題を見つけました。
コンテナで実行(exec)するコマンドの文字列のエスケープがおかしくなる
管理ネットワークを自動追加する影響でインターネットと繋がってしまう。(ルートとDNSサーバーの設定の問題)
とりあえず、今朝は、ここまでにします。
明日に続く
変換して、起動できたcontainerlabのトポロジーファイルを載せておきます。
name: test
topology:
nodes:
rt2:
kind: linux
image: sphalerite1313/frr
exec:
- sed -i 's/ospfd=no/ospfd=yes/g' /etc/frr/daemons
- sed -i 's/ospf6d=no/ospf6d=yes/g' /etc/frr/daemons
- /etc/init.d/frr start
- ip addr add 10.1.1.246/30 dev net0
- ip addr add 10.1.1.250/30 dev net1
- ip addr add 10.1.1.254/30 dev net2
- ethtool -K net0 tx off rx off tso off gso off gro off
- ethtool -K net1 tx off rx off tso off gso off gro off
- ethtool -K net2 tx off rx off tso off gso off gro off
- vtysh -c "conf t" -c "ip route 10.1.3.0 255.255.255.0 10.1.1.253" -c "router ospf" -c "redistribute static" -c "network 10.1.1.246/32 area 0" -c "network 10.1.1.250/32 area 0" -c "network 10.1.1.254/32 area 0" -c "interface net0" -c "ip ospf passive" -c "interface net2" -c "ip ospf passive"
rt3:
kind: linux
image: sphalerite1313/frr
exec:
- sed -i 's/ospfd=no/ospfd=yes/g' /etc/frr/daemons
- sed -i 's/ospf6d=no/ospf6d=yes/g' /etc/frr/daemons
- /etc/init.d/frr start
- ip addr add 10.1.1.249/30 dev net0
- ip addr add 10.1.2.254/24 dev net1
- ethtool -K net0 tx off rx off tso off gso off gro off
- ethtool -K net0 tx off rx off tso off gso off gro off
- vtysh -c "conf t" -c "router ospf" -c "network 10.1.1.249/32 area 0" -c "network 10.1.2.254/32 area 0" -c "interface net1" -c "ip ospf passive"
ns1:
kind: linux
image: sphalerite1313/unbound
exec:
- ip addr add 10.1.2.53/24 dev net0
- route add default gw 10.1.2.254
- ethtool -K net0 tx off rx off tso off gso off gro off
- bash -c "echo -e 'server":" ' >> /etc/unbound/unbound.conf"
- bash -c "echo -e ' interface":" 0.0.0.0 ' >> /etc/unbound/unbound.conf"
- bash -c "echo -e ' access-control":" 0.0.0.0/0 allow ' >> /etc/unbound/unbound.conf"
- bash -c "echo -e ' do-ip6":" no ' >> /etc/unbound/unbound.conf"
- bash -c "echo -e ' root-hints":" /etc/unbound/root.hints ' >> /etc/unbound/unbound.conf"
- bash -c "echo -e 'remote-control":" ' >> /etc/unbound/unbound.conf"
- bash -c "echo -e ' control-enable":" yes ' >> /etc/unbound/unbound.conf"
- bash -c "echo -e '. 3600000 NS ns.root-servers.net. ' >> /etc/unbound/root.hints"
- bash -c "echo -e 'ns.root-servers.net. 3600000 A 10.1.3.51 ' >> /etc/unbound/root.hints"
- bash -c "echo -e 'ROOT_TRUST_ANCHOR_UPDATE=false ' >> /etc/default/unbound"
- sed -i 's/auto-trust-anchor-file/# auto-trust-anchor-file/g' /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
- /etc/init.d/unbound start
- dd bs=1KB count=10 if=/dev/zero of=/var/tmp/10KB
fw1:
kind: linux
image: sphalerite1313/frr-iptables
exec:
- /etc/init.d/frr start
- ip link set dev net1 address 02:42:ac:00:12:54
- ip addr add 10.1.1.253/30 dev net0
- ip addr add 172.16.1.254/24 dev net1
- bash -c "echo -e '172.16.2.1 sv1.example.com ' >> /etc/hosts"
- bash -c "echo -e '172.16.2.2 sv2.example.com ' >> /etc/hosts"
- vtysh -c "conf t" -c "ip route 0.0.0.0/0 10.1.1.254" -c "ip route 172.16.2.0/24 172.16.1.253" -c "ip route 172.16.3.0/24 172.16.1.253"
- ethtool -K net0 tx off rx off tso off gso off gro off
- ethtool -K net1 tx off rx off tso off gso off gro off
- iptables -t nat -A PREROUTING -d 10.1.3.1 -j DNAT --to 172.16.2.1
- iptables -t nat -A PREROUTING -d 10.1.3.2 -j DNAT --to 172.16.2.2
- iptables -t nat -A PREROUTING -d 10.1.3.51 -j DNAT --to 172.16.3.51
- iptables -t nat -A PREROUTING -d 10.1.3.52 -j DNAT --to 172.16.3.52
- iptables -t nat -A PREROUTING -d 10.1.3.53 -j DNAT --to 172.16.3.53
- iptables -t nat -A PREROUTING -d 10.1.3.12 -j DNAT --to 172.16.3.12
- iptables -t nat -A PREROUTING -d 10.1.3.34 -j DNAT --to 172.16.3.34
- iptables -t filter -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- iptables -t filter -A FORWARD -m conntrack --ctstate NEW -p icmp -m icmp --icmp-type echo-request -j ACCEPT
- iptables -t filter -A FORWARD -m conntrack --ctstate NEW -d 172.16.3.51 -p udp -m udp --dport 53 -j ACCEPT
- iptables -t filter -A FORWARD -m conntrack --ctstate NEW -d 172.16.3.51 -p tcp -m tcp --dport 53 -j ACCEPT
- iptables -t filter -A FORWARD -m conntrack --ctstate NEW -d 172.16.3.52 -p udp -m udp --dport 53 -j ACCEPT
- iptables -t filter -A FORWARD -m conntrack --ctstate NEW -d 172.16.3.52 -p tcp -m tcp --dport 53 -j ACCEPT
- iptables -t filter -A FORWARD -m conntrack --ctstate NEW -d 172.16.3.53 -p udp -m udp --dport 53 -j ACCEPT
- iptables -t filter -A FORWARD -m conntrack --ctstate NEW -d 172.16.3.53 -p tcp -m tcp --dport 53 -j ACCEPT
- iptables -t filter -A FORWARD -m conntrack --ctstate NEW -d 172.16.3.12 -p tcp -m tcp --dport 80 -j ACCEPT
- iptables -t filter -A FORWARD -m conntrack --ctstate NEW -d 172.16.3.34 -p tcp -m tcp --dport 80 -j ACCEPT
- iptables -t filter -A FORWARD -m conntrack --ctstate NEW -d 172.16.3.12 -p tcp -m tcp --dport 443 -j ACCEPT
- iptables -t filter -P FORWARD DROP
sw2:
kind: linux
image: sphalerite1313/ovs
exec:
- ovs-vsctl add-br sw2 -- set bridge sw2 datapath_type=netdev
- ovs-vsctl add-port sw2 port1 tag=2
- ovs-vsctl add-port sw2 port2 tag=2
- ovs-vsctl add-port sw2 port3 tag=1 vlan_mode=native-untagged trunks=2
- ovs-vsctl add-port sw2 port4 tag=1
- ethtool -K port1 tx off rx off tso off gso off gro off
- ethtool -K port2 tx off rx off tso off gso off gro off
- ethtool -K port3 tx off rx off tso off gso off gro off
- ethtool -K port4 tx off rx off tso off gso off gro off
lb1:
kind: linux
image: sphalerite1313/haproxy-bind
exec:
- ip link add link net0 name net0.2 type vlan id 2
- ip link set dev net0.2 up
- ip link set dev net0 address 02:42:ac:00:12:53
- ip link set dev net0.2 address 02:42:ac:00:22:54
- ip addr add 172.16.1.253/24 dev net0
- ip addr add 172.16.2.254/24 dev net0.2
- ip addr add 172.16.3.12/32 dev lo:12
- ip addr add 172.16.3.34/32 dev lo:34
- ip addr add 172.16.3.51/32 dev lo:51
- ip addr add 172.16.3.52/32 dev lo:52
- ip addr add 172.16.3.53/32 dev lo:53
- route add default gw 172.16.1.254
- ethtool -K net0 tx off rx off tso off gso off gro off
- /etc/init.d/rsyslog start
- /etc/init.d/rsyslog force-reload
- openssl req -subj '/CN=www.example.com/C=JP' -new -newkey rsa:2048 -sha256 -days 36500 -nodes -x509 -keyout /etc/ssl/private/server.key -out /etc/ssl/private/server.crt
- bash -c "cat /etc/ssl/private/server.crt /etc/ssl/private/server.key > /etc/ssl/private/server.pem"
- bash -c "echo -e ' ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e 'frontend www-front ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' bind 172.16.3.12":"80 ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' bind 172.16.3.12":"443 ssl crt /etc/ssl/private/server.pem ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' default_backend www-back ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e 'backend www-back ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' balance roundrobin ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' server sv1 172.16.2.1":"80 check inter 5000 fall 3 rise 2 ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' server sv2 172.16.2.2":"80 check inter 5000 fall 3 rise 2 ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' http-request set-header x-forwarded-proto http if !{ ssl_fc } ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' http-request set-header x-forwarded-proto https if { ssl_fc } ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' option forwardfor ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' option httpchk GET / HTTP/1.1 ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' http-check send hdr Host www.example.com ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' http-check expect status 200 ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e 'frontend www2-front ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' bind 172.16.3.34":"80 ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' default_backend www2-back ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' capture cookie SERVER len 32 ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e 'backend www2-back ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' balance roundrobin ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' cookie SERVER insert indirect nocache ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' server sv1 172.16.2.3":"80 track www-back/sv1 cookie sv1 ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' server sv2 172.16.2.4":"80 track www-back/sv2 cookie sv2 ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' http-request set-header x-forwarded-proto http ' >> /etc/haproxy/haproxy.cfg"
- bash -c "echo -e ' option forwardfor ' >> /etc/haproxy/haproxy.cfg"
- /etc/init.d/haproxy start
- rm -f /etc/bind/named.conf /etc/bind/named.conf.options
- bash -c "echo -e 'include \"/etc/bind/named.conf.options\"; ' >> /etc/bind/named.conf"
- bash -c "echo -e 'include \"/etc/bind/named.conf.root\"; ' >> /etc/bind/named.conf"
- bash -c "echo -e 'include \"/etc/bind/named.conf.com\"; ' >> /etc/bind/named.conf"
- bash -c "echo -e 'include \"/etc/bind/named.conf.example\"; ' >> /etc/bind/named.conf"
- bash -c "echo -e 'options { ' >> /etc/bind/named.conf.options"
- bash -c "echo -e ' directory \"/var/cache/bind\"; ' >> /etc/bind/named.conf.options"
- bash -c "echo -e ' dnssec-validation no; ' >> /etc/bind/named.conf.options"
- bash -c "echo -e ' listen-on-v6 { none; }; ' >> /etc/bind/named.conf.options"
- bash -c "echo -e ' listen-on port 53 { 127.0.0.1; 172.16.3.51; 172.16.3.52; 172.16.3.53; }; ' >> /etc/bind/named.conf.options"
- bash -c "echo -e '}; ' >> /etc/bind/named.conf.options"
- bash -c "echo -e 'view \"root\" { ' >> /etc/bind/named.conf.root"
- bash -c "echo -e 'match-destinations { 172.16.3.51; }; ' >> /etc/bind/named.conf.root"
- bash -c "echo -e 'recursion no; ' >> /etc/bind/named.conf.root"
- bash -c "echo -e ' zone \".\" IN { ' >> /etc/bind/named.conf.root"
- bash -c "echo -e ' type master; ' >> /etc/bind/named.conf.root"
- bash -c "echo -e ' file \"/etc/bind/db.root\"; ' >> /etc/bind/named.conf.root"
- bash -c "echo -e ' allow-transfer { none; }; ' >> /etc/bind/named.conf.root"
- bash -c "echo -e ' }; ' >> /etc/bind/named.conf.root"
- bash -c "echo -e '}; ' >> /etc/bind/named.conf.root"
- bash -c "echo -e 'view \"com\" { ' >> /etc/bind/named.conf.com"
- bash -c "echo -e 'match-destinations { 172.16.3.52; }; ' >> /etc/bind/named.conf.com"
- bash -c "echo -e 'recursion no; ' >> /etc/bind/named.conf.com"
- bash -c "echo -e ' zone \"com\" IN { ' >> /etc/bind/named.conf.com"
- bash -c "echo -e ' type master; ' >> /etc/bind/named.conf.com"
- bash -c "echo -e ' file \"/etc/bind/db.com\"; ' >> /etc/bind/named.conf.com"
- bash -c "echo -e ' allow-transfer { none; }; ' >> /etc/bind/named.conf.com"
- bash -c "echo -e ' }; ' >> /etc/bind/named.conf.com"
- bash -c "echo -e '}; ' >> /etc/bind/named.conf.com"
- bash -c "echo -e 'view \"in.example\" { ' >> /etc/bind/named.conf.example"
- bash -c "echo -e 'match-clients { 172.16.0.0/12; }; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e 'recursion no; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e ' zone \"example.com\" IN { ' >> /etc/bind/named.conf.example"
- bash -c "echo -e ' type master; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e ' file \"/etc/bind/db.in.example.com\"; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e ' allow-transfer { none; }; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e ' }; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e '}; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e 'view \"ex.example\" { ' >> /etc/bind/named.conf.example"
- bash -c "echo -e 'match-clients { any; }; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e 'recursion no; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e ' zone \"example.com\" IN { ' >> /etc/bind/named.conf.example"
- bash -c "echo -e ' type master; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e ' file \"/etc/bind/db.ex.example.com\"; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e ' allow-transfer { none; }; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e ' }; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e '}; ' >> /etc/bind/named.conf.example"
- bash -c "echo -e '\$ORIGIN . ' >> /etc/bind/db.root"
- bash -c "echo -e '\$TTL 300 ' >> /etc/bind/db.root"
- bash -c "echo -e '@ IN SOA ns.root-servers.net. admin 1 1800 900 604800 86400 ' >> /etc/bind/db.root"
- bash -c "echo -e ' IN NS ns.root-servers.net. ' >> /etc/bind/db.root"
- bash -c "echo -e ' IN A 10.1.3.51 ' >> /etc/bind/db.root"
- bash -c "echo -e 'net. IN NS ns.root-servers.net. ' >> /etc/bind/db.root"
- bash -c "echo -e 'ns.root-servers.net. IN A 10.1.3.51 ' >> /etc/bind/db.root"
- bash -c "echo -e 'com. IN NS ns.gtld-servers.net. ' >> /etc/bind/db.root"
- bash -c "echo -e 'ns.gtld-servers.net. IN A 10.1.3.52 ' >> /etc/bind/db.root"
- bash -c "echo -e '\$ORIGIN com. ' >> /etc/bind/db.com"
- bash -c "echo -e '\$TTL 300 ' >> /etc/bind/db.com"
- bash -c "echo -e '@ IN SOA ns.gtld-servers.net. admin 1 1800 900 604800 86400 ' >> /etc/bind/db.com"
- bash -c "echo -e ' IN NS ns.gtld-servers.net. ' >> /etc/bind/db.com"
- bash -c "echo -e ' IN A 10.1.3.52 ' >> /etc/bind/db.com"
- bash -c "echo -e 'example.com. IN NS lb1.example.com. ' >> /etc/bind/db.com"
- bash -c "echo -e 'lb1.example.com. IN A 10.1.3.53 ' >> /etc/bind/db.com"
- bash -c "echo -e '\$ORIGIN example.com. ' >> /etc/bind/db.ex.example.com"
- bash -c "echo -e '\$TTL 300 ' >> /etc/bind/db.ex.example.com"
- bash -c "echo -e '@ IN SOA lb1.example.com. admin 1 1800 900 604800 86400 ' >> /etc/bind/db.ex.example.com"
- bash -c "echo -e ' IN NS lb1.example.com. ' >> /etc/bind/db.ex.example.com"
- bash -c "echo -e ' IN A 10.1.3.53 ' >> /etc/bind/db.ex.example.com"
- bash -c "echo -e 'lb1 IN A 10.1.3.53 ' >> /etc/bind/db.ex.example.com"
- bash -c "echo -e 'sv1 IN A 10.1.3.1 ' >> /etc/bind/db.ex.example.com"
- bash -c "echo -e 'sv2 IN A 10.1.3.2 ' >> /etc/bind/db.ex.example.com"
- bash -c "echo -e 'www IN A 10.1.3.12 ' >> /etc/bind/db.ex.example.com"
- bash -c "echo -e 'www2 IN A 10.1.3.34 ' >> /etc/bind/db.ex.example.com"
- bash -c "echo -e '\$ORIGIN example.com. ' >> /etc/bind/db.in.example.com"
- bash -c "echo -e '\$TTL 300 ' >> /etc/bind/db.in.example.com"
- bash -c "echo -e '@ IN SOA lb1.example.com. admin 1 1800 900 604800 86400 ' >> /etc/bind/db.in.example.com"
- bash -c "echo -e ' IN NS lb1.example.com. ' >> /etc/bind/db.in.example.com"
- bash -c "echo -e ' IN A 172.16.3.53 ' >> /etc/bind/db.in.example.com"
- bash -c "echo -e 'lb1 IN A 172.16.3.53 ' >> /etc/bind/db.in.example.com"
- bash -c "echo -e 'sv1 IN A 172.16.3.1 ' >> /etc/bind/db.in.example.com"
- bash -c "echo -e 'sv2 IN A 172.16.3.2 ' >> /etc/bind/db.in.example.com"
- bash -c "echo -e 'www IN A 172.16.3.12 ' >> /etc/bind/db.in.example.com"
- bash -c "echo -e 'www2 IN A 172.16.3.34 ' >> /etc/bind/db.in.example.com"
- named -c /etc/bind/named.conf -n 1
sv1:
kind: linux
image: sphalerite1313/nginx
exec:
- ip link set dev net0 address 02:42:ac:00:20:01
- ip addr add 172.16.2.1/24 dev net0
- ip addr add 172.16.2.3/24 dev net0
- route add default gw 172.16.2.254
- ethtool -K net0 tx off rx off tso off gso off gro off
- openssl req -subj '/CN=sv1.example.com/C=JP' -new -newkey rsa:2048 -sha256 -days 36500 -nodes -x509 -keyout /etc/ssl/private/server.key -out /etc/ssl/private/server.crt
- openssl dhparam -out /etc/ssl/dhparam.pem 2048
# - sed -i "/access_log/i \ \ \ \ \ \ \ \ log_format custom '\"\$time_local\" \"\$remote_addr\" \"\$request\" \"\$status\" \"\$http_user_agent\" \"\$http_x_forwarded_for\" \"\$http_x_forwarded_proto\"';" /etc/nginx/nginx.conf
# - sed -i 's/access\.log/access\.log custom/g' /etc/nginx/nginx.conf
- rm -f /etc/nginx/sites-available/default
- bash -c "echo -e 'server { ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' listen 172.16.2.1":"80; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' listen 172.16.2.1":"443 ssl http2; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' listen 172.16.2.3":"80; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' server_name sv1.example.com; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' ssl_certificate /etc/ssl/private/server.crt; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' ssl_certificate_key /etc/ssl/private/server.key; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' ssl_protocols TLSv1.2; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' ssl_dhparam /etc/ssl/dhparam.pem; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256":"ECDHE-RSA-AES128-GCM-SHA256":"ECDHE-ECDSA-AES256-GCM-SHA384":"ECDHE-RSA-AES256-GCM-SHA384":"ECDHE-ECDSA-CHACHA20-POLY1305":"ECDHE-RSA-CHACHA20-POLY1305":"DHE-RSA-AES128-GCM-SHA256":"DHE-RSA-AES256-GCM-SHA384":"DHE-RSA-CHACHA20-POLY1305;' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' root /var/www/html; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' index index.html; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e '} ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e 'sv1.example.com' > /var/www/html/index.html"
- /etc/init.d/nginx start
sv2:
kind: linux
image: sphalerite1313/nginx
exec:
- ip link set dev net0 address 02:42:ac:00:20:02
- ip addr add 172.16.2.2/24 dev net0
- ip addr add 172.16.2.4/24 dev net0
- route add default gw 172.16.2.254
- ethtool -K net0 tx off rx off tso off gso off gro off
- openssl req -subj '/CN=sv2.example.com/C=JP' -new -newkey rsa:2048 -sha256 -days 36500 -nodes -x509 -keyout /etc/ssl/private/server.key -out /etc/ssl/private/server.crt
- openssl dhparam -out /etc/ssl/dhparam.pem 2048
# - sed -i "/access_log/i \ \ \ \ \ \ \ \ log_format custom '\"\$time_local\" \"\$remote_addr\" \"\$request\" \"\$status\" \"\$http_user_agent\" \"\$http_x_forwarded_for\" \"\$http_x_forwarded_proto\"';" /etc/nginx/nginx.conf
# - sed -i 's/access\.log/access\.log custom/g' /etc/nginx/nginx.conf
- rm -f /etc/nginx/sites-available/default
- bash -c "echo -e 'server { ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' listen 172.16.2.2":"80; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' listen 172.16.2.2":"443 ssl http2; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' listen 172.16.2.4":"80; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' server_name sv2.example.com; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' ssl_certificate /etc/ssl/private/server.crt; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' ssl_certificate_key /etc/ssl/private/server.key; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' ssl_protocols TLSv1.2; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' ssl_dhparam /etc/ssl/dhparam.pem; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256":"ECDHE-RSA-AES128-GCM-SHA256":"ECDHE-ECDSA-AES256-GCM-SHA384":"ECDHE-RSA-AES256-GCM-SHA384":"ECDHE-ECDSA-CHACHA20-POLY1305":"ECDHE-RSA-CHACHA20-POLY1305":"DHE-RSA-AES128-GCM-SHA256":"DHE-RSA-AES256-GCM-SHA384":"DHE-RSA-CHACHA20-POLY1305;' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' root /var/www/html; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e ' index index.html; ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e '} ' >> /etc/nginx/sites-available/default"
- bash -c "echo -e 'sv2.example.com' > /var/www/html/index.html"
- /etc/init.d/nginx start
rt1:
kind: linux
image: sphalerite1313/frr-iptables-dnsmasq
exec:
- /etc/init.d/frr start
- ip link set dev net1 address 02:42:ac:01:12:54
- ip addr add 10.1.1.245/30 dev net0
- ip addr add 192.168.11.254/24 dev net1
- ethtool -K net0 tx off rx off tso off gso off gro off
- ethtool -K net1 tx off rx off tso off gso off gro off
- bash -c "echo -e 'interface=net1 ' >> /etc/dnsmasq.conf"
- bash -c "echo -e 'dhcp-option=3,192.168.11.254 ' >> /etc/dnsmasq.conf"
- bash -c "echo -e 'dhcp-option=6,192.168.11.254 ' >> /etc/dnsmasq.conf"
- bash -c "echo -e 'dhcp-range=192.168.11.1,192.168.11.99,1h ' >> /etc/dnsmasq.conf"
- bash -c "echo -e 'dhcp-range=192.168.11.101,192.168.11.253,1h ' >> /etc/dnsmasq.conf"
- bash -c "echo -e 'dhcp-host=02":"42":"ac":"01":"10":"01,192.168.11.1 ' >> /etc/dnsmasq.conf"
- bash -c "echo -e 'dhcp-host=02":"42":"ac":"01":"10":"02,192.168.11.2 ' >> /etc/dnsmasq.conf"
- bash -c "echo -e 'cache-size=0 ' >> /etc/dnsmasq.conf"
- vtysh -c "conf t" -c "ip route 0.0.0.0/0 10.1.1.246"
- iptables -t nat -A POSTROUTING -s 192.168.11.0/24 -j MASQUERADE
- /etc/init.d/dnsmasq start
sw1:
kind: linux
image: sphalerite1313/ovs
exec:
- ovs-vsctl add-br sw1 -- set bridge sw1 datapath_type=netdev
- ovs-vsctl add-port sw1 port1
- ovs-vsctl add-port sw1 port2
- ovs-vsctl add-port sw1 port3
- ovs-vsctl add-port sw1 port4
- ethtool -K port1 tx off rx off tso off gso off gro off
- ethtool -K port2 tx off rx off tso off gso off gro off
- ethtool -K port3 tx off rx off tso off gso off gro off
- ethtool -K port4 tx off rx off tso off gso off gro off
cl1:
kind: linux
image: sphalerite1313/dhclient
exec:
- ip link set dev net0 address 02:42:ac:01:10:01
- ethtool -K net0 tx off rx off tso off gso off gro off
- sed -i 's/mv -f \$new_resolv_conf \$resolv_conf/cat \$new_resolv_conf > \/etc\/resolv.conf \&\& rm -f \$new_resolv_conf/g' /sbin/dhclient-script
- dhclient net0
- arp -s 192.168.11.2 02:42:ac:01:10:02 dev net0
cl2:
kind: linux
image: sphalerite1313/dhclient
exec:
- ip link set dev net0 address 02:42:ac:01:10:02
- ethtool -K net0 tx off rx off tso off gso off gro off
- sed -i 's/mv -f \$new_resolv_conf \$resolv_conf/cat \$new_resolv_conf > \/etc\/resolv.conf \&\& rm -f \$new_resolv_conf/g' /sbin/dhclient-script
- dhclient net0
- arp -s 192.168.11.1 02:42:ac:01:10:01 dev net0
cl3:
kind: linux
image: sphalerite1313/base
exec:
- ip link set dev net0 address 02:42:ac:01:11:00
- ip addr add 192.168.11.100/24 dev net0
- route add default gw 192.168.11.254
- ethtool -K net0 tx off rx off tso off gso off gro off
links:
- endpoints: ["rt2:net0","rt1:net0"]
- endpoints: ["rt2:net1","rt3:net0"]
- endpoints: ["rt2:net2","fw1:net0"]
- endpoints: ["rt3:net1","ns1:net0"]
- endpoints: ["fw1:net1","sw2:port4"]
- endpoints: ["sw2:port1","sv1:net0"]
- endpoints: ["sw2:port2","sv2:net0"]
- endpoints: ["sw2:port3","lb1:net0"]
- endpoints: ["rt1:net1","sw1:port4"]
- endpoints: ["sw1:port1","cl1:net0"]
- endpoints: ["sw1:port2","cl2:net0"]
- endpoints: ["sw1:port3","cl3:net0"]
いいなと思ったら応援しよう!
