Tested platforms: Ubuntu, OpenSuse, Redhat
The goal is to take profit of docker containers to use inside GNS3 almost as a full-fledged linux endhost instead of using the very limited VPCS or an overkill virtual machine.
This includes a script to manage containers and set networking parameters using pipework.
Documentation and example are provided here (cciethebeginning.wordpress.com)
You will need: git, docker, pipework. and lxterminal.
1.git
sudo apt-get install git
2.Docker easy to install
docker -v
Docker version 1.8.1, build d12ea79
3.pipework, a simple yet powerful bash script, for advanced docker networking
sudo bash -c “curl https://raw.githubusercontent.com/jpetazzo/pipework/master/pipework > /usr/local/bin/pipework”
sudo chmod a+x /usr/local/bin/pipework
4.lxterminal
lxterminal is not required anymore, the script will detect the used terminal and use it to open interactive terminal access to containers.
To use docker as non-root user
sudo usermod -aG docker {user}
The script will automatically pull the latest images from DockerHUB, if they do not exist locally.
You can do it manually If you want:
docker pull ajnouri/dockervpc
docker pull quantumobject/docker-cacti
docker pull socketplane/openvswitch
After cloning the repository you can modify Dockerfile, to add your own tools or alleviate it, and rebuild it manually. Clone the repository
git clone https://github.com/AJNOURI/DockerVPC
cd DockerVPC
If you want to use public keys for SSH authentication you will have to generate or copy your own public key in the repository directory and build the image manually.
cp /home/user/.ssh/id_rsa.pub id_rsa.pub
or generate a special key pair:
ssh-keygen -t rsa
Now, build the image using the following command:
sudo docker build -t {image-tag} {location-of-Dockerfile}
ex:
sudo docker build -t dockervpc .
The image will be used to run any number of container with the same content:
~/DockerVPC$ ./startvpc.sh dockervpc pc1
Spawning a new container
non-network local connections being added to access control list
Container networking... \n
Continue? [Yy] [Nn] y
Enter Host bridge to connect the container to => br10
Enter a new interface inside the container to connect to host bridge => eth1
Enter IP address (without mask) for the container interface => 192.168.10.1
Enter the mask length => 24
Enter the next-hop IP (GNS3 device) => 192.168.10.254
br10 doesn’t exist
command: >> sudo pipework br10 -i eth1 a62dfeff0205 192.168.10.1/[email protected] << successfully executed.
Continue with network configuration[Cc], or quit[Qq]? q
~/DockerVPC$
These tools included in the image are available in all generated containers.
Tip: You can install other tools if you make the container reach Internet, either directly through host docker0 interface, or by connecting it to your GNS3 topology. Nevertheless, the container VirtualPC is as flexible as a Docker container can be. Docker container technology is developing very fast, so this image will be subject to changes as container capabilities grow.
Connect to the container using password-chalenge
- Start SSHD on the server container
root@pc2:/# /usr/sbin/sshd
The default SSH password for user root is gns3vpc
- From gns3 host
$ ssh [email protected]
The authenticity of host '172.17.0.3 (172.17.0.3)' can't be >established. ECDSA key fingerprint is >af:c3:85:55:5e:f5:66:cd:b5:99:8b:85:05:c5:27:42. Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/home/ajn/.ssh/known_hosts). [email protected]'s password: Last login: Sat Oct 17 14:42:30 2015 from 172.17.42.1 root@pc2:~#
- From another container
root@pc1:/# ssh [email protected]
[email protected]'s password: Last login: Sat Oct 17 14:45:16 2015 from 172.17.42.1 root@pc2:~#
Example of using ansible to manage multiple DockerVPCs
Let's start Apache on multiple containers
- Add container IP addresses in /etc/ansible/hosts
[containers]
172.17.0.1
172.17.0.2
- $ ansible containers -i /etc/ansible/hosts -m command -a “/usr/sbin/apachectl start” -u root
The authenticity of host ‘172.17.0.1 (172.17.0.1)’ can’t be established.
ECDSA key fingerprint is 60:e4:db:26:ac:0c:26:fe:53:0e:b1:86:12:28:55:35.
Are you sure you want to continue connecting (yes/no)? yes
The authenticity of host ‘172.17.0.2 (172.17.0.2)’ can’t be established.
ECDSA key fingerprint is 60:e4:db:26:ac:0c:26:fe:53:0e:b1:86:12:28:55:35.
Are you sure you want to continue connecting (yes/no)? yes
172.17.0.1 | success | rc=0 >>
172.17.0.2 | success | rc=0 >>
- More lightweight than Firefox and supports Java and html5, but still troubleshooting flash support.
Just start it:
qupzilla &
- Start Apache server:
/usr/sbin/apachectl start
- From another container connect to the server using curl , links2 or Qupzilla.
- From the running container, start the server component of Ostinato “drone” in the background, so you can continue to use the terminal:
drone &
- From Docker host (Your Desktop OS), start Ostinato client GUI and connect to containers IP running drone.
- Single UDP flow with constant inter-departure time between packets and constant packets size:
start the receiver on the destination host (10.0.0.3):
$ ./ITGRecv
- start the sender on the source host (10.0.0.4):
$ ./ITGSend -a 10.0.0.3 -sp 9400 -rp 9500 -C 100 -c 500 -t 20000 -x recv_log_file
- on the destination container (ex: 192.168.22.1):
iperf -s
- on the source container:
iperf -c 192.168.22.1
Inject thousands of routes into your GNS3 topology from any DockerVPC container.
- Simply start vlc with username vlc in background
su -c “vlc” -s /bin/sh vlc &
/media directory contains small video files in multiple formats to play with.
- A minimalistic browser (text+graphic mode).
Text mode:
links <url>
- Graphic mode:
links2 -g <url>
- On the server container create a user
root@vsftpd1:/# adduser user1
Adding useruser1’ ... Adding new group
user1’ (1001) ...
Adding new useruser1’ (1001) with group
user1’ ...
Creating home directory/home/user1’ ... Copying files from
/etc/skel’ ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for user1
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
root@vsftpd1:/#
- Enable sftpd:
root@vsftpd1:/# /usr/sbin/vsftpd
- On the client container:
(ex: 172.17.0.48 is IP of the server container)
root@pc1:/# ftp -n 172.17.0.48
Connected to 172.17.0.48.
220 (vsFTPd 3.0.2)
ftp> user
(username) user1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -a
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x 2 1001 1001 4096 Aug 07 06:48 .
drwxr-xr-x 5 0 0 4096 Aug 07 07:04 ..
-rw-r--r-- 1 1001 1001 220 Aug 07 06:48 .bash_logout
-rw-r--r-- 1 1001 1001 3637 Aug 07 06:48 .bashrc
-rw-r--r-- 1 1001 1001 675 Aug 07 06:48 .profile
226 Directory send OK.
ftp> pwd
257 “/home/user1”
ftp>
inetutils-traceroute, iputils-tracepath, mtr...i
https://registry.hub.docker.com/u/odiobill/vsftpd/
https://registry.hub.docker.com/u/jess/
https://github.com/alexismp/OpenJDK-Docker/blob/master/debian/Dockerfile
https://hub.docker.com/r/quantumobject/docker-cacti
https://github.com/socketplane/docker-ovs