The script to run strongswan vpnaas driver quickly(by quqi99)
来源:互联网 发布:淘宝上的电器是正品吗 编辑:程序博客网 时间:2024/04/30 21:42
作者:张华 发表于:2015-03-18
版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明
( http://blog.csdn.net/quqi99 )
1, use root account to add sudo access for common account.
STACK_USER=`whoami`
echo "$STACK_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
2, configure correct locale
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8
sudo dpkg-reconfigure locales
3, install git
sudo apt-get install git
4, use common account to create rsa key if that was not generated before.
ssh-keygen -t rsa
5, for ubuntu 14.10 use 'sudo start apparmor ACTION=reload', for 14.04 use 'sudo service apparmor reload'
sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.charon /etc/apparmor.d/disable/
sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.stroke /etc/apparmor.d/disable/
# NOTE: Due to https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1387220
# one must use 'sudo start apparmor ACTION=reload' for Ubuntu 14.10
sudo service apparmor reload
6, use common account (NOTE: not root account) to run the following script
./run_vpn_demo.sh all
You can run strongswan vpn quickly with 5 minutes by just running this script './run_vpn_demo.sh all' in ubuntu 14.04.
$cat run_vpn_demo.sh
#!/bin/bash
function install_all_in_one_openstack_by_devstack
{
root_dir=`pwd`
git clone https://github.com/openstack-dev/devstack.git
cd ${root_dir}/devstack
rm -rf ${root_dir}/devstack/localrc
HOST_IP=172.16.1.1
SERVICE_HOST=$HOST_IP
DEST=$root_dir
cat >> ${root_dir}/devstack/localrc << EOF
#OFFLINE=True
DEST=$DEST
IPSEC_PACKAGE=strongswan
sudo route del -net 10.0.1.0/24 gw 192.168.101.3
sudo apt-get install openvswitch-switch qemu-kvm libvirt-bin
sudo ovs-vsctl -- --may-exist add-br br-phy
sudo ifconfig br-phy 172.16.1.1/24
ENABLED_SERVICES=rabbit,mysql,key,g-api,g-reg,tempest
ENABLED_SERVICES+=,n-api,n-crt,n-obj,n-cpu,n-cond,n-sch
ENABLED_SERVICES+=,cinder,c-api,c-vol,c-sch
ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta,neutron,q-lbaas,q-fwaas,q-vpn
ENABLED_SERVICES+=,horizon
ENABLED_SERVICES+=,s-proxy,s-object,s-container,s-account
VOLUME_BACKING_FILE_SIZE=500M
SWIFT_HASH=66a3d6b56c1f479c8b4e70ab5c2000f5
SWIFT_REPLICAS=1
SWIFT_DATA_DIR=$DEST/data/swift
HOST_IP=$HOST_IP
SERVICE_HOST=$HOST_IP
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
GLANCE_HOSTPORT=$SERVICE_HOST:9292
Q_HOST=$SERVICE_HOST
FIXED_RANGE=10.0.1.0/24
FLOATING_RANGE=192.168.101.0/24
Q_FLOATING_ALLOCATION_POOL=start=192.168.101.3,end=192.168.101.100
PUBLIC_NETWORK_GATEWAY=192.168.101.1
NETWORK_GATEWAY=10.0.1.1
PUBLIC_BRIDGE=br-ex
# sudo ovs-vsctl add-port br-ex eth0
OVS_PHYSICAL_BRIDGE=br-phy
DATABASE_USER=root
DATABASE_PASSWORD=password
ADMIN_PASSWORD=password
SERVICE_PASSWORD=password
RABBIT_PASSWORD=password
SERVICE_TOKEN=ADMIN
LOGFILE=$DEST/logs/stack.log
ENABLE_DEBUG_LOG_LEVEL=False
SYSLOG=False
SCREEN_LOGDIR=$DEST/logs
LOG_COLOR=False
Q_USE_DEBUG_COMMAND=False
APACHE_ENABLED_SERVICES+=keystone
KEYSTONE_TOKEN_FORMAT=uuid
USE_SSL=False
disable_service tls-proxy
IMAGE_URLS+=",http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img"
EOF
sudo chmod +x ${root_dir}/devstack/localrc
FORCE=yes ${root_dir}/devstack/stack.sh
cat >> env << EOF
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_TENANT_NAME=demo
export OS_AUTH_URL=http://172.16.1.1:5000/v2.0
export OS_AUTH_STRATEGY=keystone
EOF
sudo chmod +x ${root_dir}/devstack/env
}
function create_network_staffs_on_east_and_west
{
source ${root_dir}/devstack/env
export TENANT_ID=$(keystone tenant-list |grep ' admin ' |awk '{print $2}')
export EXT_NET_ID=$(neutron net-list |grep ' public ' |awk '{print $2}')
neutron net-create vpn-net-east --provider:network_type vxlan --provider:segmentation_id 1012
neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 --gateway 10.0.2.1 vpn-net-east 10.0.2.0/24
neutron router-create --tenant_id $TENANT_ID vpn-router-east
export EAST_ROUTER_ID=$(neutron router-list |grep ' vpn-router-east ' |awk '{print $2}')
export EAST_SUBNET_ID=$(neutron subnet-list |grep '10.0.2.0/24' |awk '{print $2}')
neutron router-interface-add $EAST_ROUTER_ID $EAST_SUBNET_ID
neutron router-gateway-set $EAST_ROUTER_ID $EXT_NET_ID
neutron net-create vpn-net-west --provider:network_type vxlan --provider:segmentation_id 1013
neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 --gateway 10.0.3.1 vpn-net-west 10.0.3.0/24
neutron router-create --tenant_id $TENANT_ID vpn-router-west
export WEST_ROUTER_ID=$(neutron router-list |grep ' vpn-router-west ' |awk '{print $2}')
export WEST_SUBNET_ID=$(neutron subnet-list |grep '10.0.3.0/24' |awk '{print $2}')
neutron router-interface-add $WEST_ROUTER_ID $WEST_SUBNET_ID
neutron router-gateway-set $WEST_ROUTER_ID $EXT_NET_ID
}
function create_two_VMs_on_east_and_west
{
source ${root_dir}/devstack/env
nova keypair-add --pub_key ~/.ssh/id_rsa.pub mykey
export IMAGE_ID=$(nova image-list |grep 'cirros' |awk '{print $2}')
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
export EAST_NET_ID=$(neutron net-list |grep ' vpn-net-east ' |awk '{print $2}')
time nova boot --poll --key_name mykey --image $IMAGE_ID --flavor 1 --nic net-id=$EAST_NET_ID vpn-vm-east
export EAST_VM_ID=$(nova list |grep 'vpn-vm-east' |awk '{print $2}')
FLOATING_IP_EAST=$(nova floating-ip-create |grep ' public ' |awk '{print $4}')
nova add-floating-ip $EAST_VM_ID $FLOATING_IP_EAST
export WEST_NET_ID=$(neutron net-list |grep ' vpn-net-west ' |awk '{print $2}')
time nova boot --poll --key_name mykey --image $IMAGE_ID --flavor 1 --nic net-id=$WEST_NET_ID vpn-vm-west
export WEST_VM_ID=$(nova list |grep 'vpn-vm-west' |awk '{print $2}')
export FLOATING_IP_WEST=$(nova floating-ip-create |grep 'public' |awk '{print $4}')
nova add-floating-ip $WEST_VM_ID $FLOATING_IP_WEST
}
function create_vpn_staffs_on_east_and_west
{
source ${root_dir}/devstack/env
export EAST_EXT_IP=$(neutron router-show vpn-router-east |grep 'external_gateway_info' |grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
export WEST_EXT_IP=$(neutron router-show vpn-router-west |grep 'external_gateway_info' |grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
neutron vpn-ikepolicy-create ikepolicy1
neutron vpn-ipsecpolicy-create ipsecpolicy1
neutron vpn-service-create --name vpn-east --description "VPN EAST" $EAST_ROUTER_ID $EAST_SUBNET_ID
neutron ipsec-site-connection-create --name vpn_conn_east --vpnservice-id vpn-east --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address $WEST_EXT_IP --peer-id $WEST_EXT_IP --peer-cidr 10.0.3.0/24 --psk password
neutron vpn-service-create --name vpn-west --description "VPN WEST" $WEST_ROUTER_ID $WEST_SUBNET_ID
neutron ipsec-site-connection-create --name vpn_conn_west --vpnservice-id vpn-west --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address $EAST_EXT_IP --peer-id $EAST_EXT_IP --peer-cidr 10.0.2.0/24 --psk password
}
function install
{
install_all_in_one_openstack_by_devstack
create_network_staffs_on_east_and_west
create_two_VMs_on_east_and_west
create_vpn_staffs_on_east_and_west
}
function uninstall
{
root_dir=$1
${root_dir}/devstack/unstack.sh
}
function status
{
root_dir=$1
source ${root_dir}/devstack/env
neutron ipsec-site-connection-list
neutron vpn-service-list
}
function disable
{
root_dir=$1
source ${root_dir}/devstack/env
neutron vpn-service-update --admin_state_up=False `neutron vpn-service-list |grep 'vpn-east' |awk '{print $2}'`
}
function enable
{
root_dir=$1
source ${root_dir}/devstack/env
neutron vpn-service-update --admin_state_up=True `neutron vpn-service-list |grep 'vpn-east' |awk '{print $2}'`
}
function ping
{
FLOATING_IP_EAST=$(nova list |grep 'vpn-vm-east' |awk -F ',' '{print $2}' |awk '{print $1}')
VM_WEST_IP=$(nova list |grep 'vpn-vm-west' |awk -F '=' '{print $2}' |awk -F ',' '{print $1}')
ssh -o StrictHostKeyChecking=no -i mykey cirros@$FLOATING_IP_EAST ping $VM_WEST_IP
}
function debug
{
export EAST_ROUTER_ID=$(neutron router-list |grep ' vpn-router-east ' |awk '{print $2}')
export WEST_ROUTER_ID=$(neutron router-list |grep ' vpn-router-west ' |awk '{print $2}')
sudo ip netns exec qrouter-$EAST_ROUTER_ID iptables -nL -t nat |grep ipsec
sudo ip netns exec qrouter-$WEST_ROUTER_ID iptables -nL -t nat |grep ipsec
sudo ip netns exec qrouter-$EAST_ROUTER_ID ip route list table 220
sudo ip netns exec qrouter-$WEST_ROUTER_ID ip route list table 220
sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf ip netns exec qrouter-$EAST_ROUTER_ID neutron-vpn-netns-wrapper --mount_paths=/etc:/opt/stack/data/neutron/ipsec/$EAST_ROUTER_ID/etc,/var/run:/opt/stack/data/neutron/ipsec/$EAST_ROUTER_ID/var/run --cmd=ipsec,status
sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf ip netns exec qrouter-$WEST_ROUTER_ID neutron-vpn-netns-wrapper --mount_paths=/etc:/opt/stack/data/neutron/ipsec/$WEST_ROUTER_ID/etc,/var/run:/opt/stack/data/neutron/ipsec/$WEST_ROUTER_ID/var/run --cmd=ipsec,status
}
function usage
{
echo "Usage: ./run_demo.sh <command>"
echo "<commands>"
echo "install: install all-in-one openstack env, and configure vpn env with two tunnels in two routers"
echo "uninstall: uninstall devstack"
echo "status: the status of vpnservice and ipsec-site-connection"
echo "disable disable a vpnservice"
echo "enable enable a vpnservice"
echo "ssh ssh into one vm"
echo "debug debug"
echo "all all"
}
ROOT_DIR=`pwd`
function all
{
install
status $ROOT_DIR
debug
ping
status $ROOT_DIR
debug
}
if [ ! -f ~/.ssh/id_rsa.pub ]; then
echo "your ~/.ssh/id_rsa.pub doesn't exsit, pls use 'ssh-keygen -t rsa' command to create it first, exit..."
exit
fi
case "$1" in
'install') install
;;
'uninstall') uninstall $ROOT_DIR
;;
'status') status $ROOT_DIR
;;
'disable') disable $ROOT_DIR
;;
'enable') enable $ROOT_DIR
;;
'ping') ping
;;
'debug') debug
;;
'all') all
;;
*) usage
;;
esac
- The script to run strongswan vpnaas driver quickly(by quqi99)
- How to run strongswan vpnaas driver (by quqi99)
- The script to install openvpn (by quqi99)
- How to test VPNaaS using two KVM VMs (by quqi99)
- OpenStack IPSec VPNaaS ( by quqi99 )
- The script to install openconnect vpn (by quqi99)
- ovs conntrack based firewall driver (by quqi99)
- Using MAAS + Juju to speed up the cloud deployment under the VMs (by quqi99)
- How to get to the point quickly?
- The path to the driver executable must be set by the webdriver.gecko.driver system property
- The path to the driver executable must be set by the webdriver.gecko.driver system property
- Perform a bisect test to identify the kernel problem (by quqi99)
- unable to run run-cds-tool script
- How to test Heat (by quqi99)
- How to debug QEMU (by quqi99)
- Cannot run in Excel by Driver Connection
- java.lang.IllegalStateException: The path to the driver executable must be set by the webdriver.gec
- How To Call Run() Method of the Microsoft Script Control in C++
- 人脸和性别识别(基于OpenCV)
- RPC 之 windows上使用thrift
- Android - Intent 基础、技巧汇总
- Java并发合集
- ie 11 与 ie 8 css 解析点一个不同点
- The script to run strongswan vpnaas driver quickly(by quqi99)
- usb无法识别怎么连接真机编译
- Spark Streaming 再学习
- LVS+keeplived+nginx+apache搭建高可用、高性能php集群
- makefile调试
- radon变换
- 【java编程】字符编码之加密解密
- 机器学习Python实现AdaBoost
- 图文:CentOS 下对 Nginx + Tomcat 配置 SSL 实现服务器 / 客户端双向认证
