2016-03-21 09:36:25 +00:00
#!/bin/bash
#
2024-12-22 13:26:24 +00:00
# Copyright (C) 2024 GNS3 Technologies Inc.
2016-03-21 09:36:25 +00:00
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
2024-12-22 13:26:24 +00:00
# Install GNS3 on a remote Ubuntu server
# This creates a dedicated user and setup all the packages
# and optionally a VPN
2016-03-21 09:36:25 +00:00
#
function help {
echo "Usage:" >& 2
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 19:03:48 +00:00
echo "--with-openvpn: Install OpenVPN" >& 2
2024-12-22 13:26:24 +00:00
echo "--with-iou: Install IOU support" >& 2
echo "--with-i386-repository: Add the i386 repositories required by IOU i386 images. This is not needed for recent x86_64 IOU images." >& 2
2023-02-12 00:57:54 +00:00
echo "--with-welcome: Install GNS3-VM welcome.py script" >& 2
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 19:03:48 +00:00
echo "--without-kvm: Disable KVM, required if system do not support it (limitation in some hypervisors and cloud providers). Warning: only disable KVM if strictly necessary as this will degrade performance" >& 2
2024-12-22 13:26:24 +00:00
echo "--unstable: Use the GNS3 unstable repository" >& 2
echo "--custom-repository <repository>: Use a custom repository" >& 2
2016-03-21 09:36:25 +00:00
echo "--help: This help" >& 2
}
function log {
echo " => $1 " >& 2
}
2017-03-08 14:58:28 +00:00
lsb_release -d | grep "LTS" > /dev/null
2016-03-21 09:36:25 +00:00
if [ $? != 0 ]
then
2018-01-18 03:43:04 +00:00
echo "This script can only be run on a Linux Ubuntu LTS release"
2016-03-21 09:36:25 +00:00
exit 1
fi
2024-12-22 13:26:24 +00:00
# Default repository
REPOSITORY = "ppa"
2016-03-21 09:36:25 +00:00
# Read the options
USE_VPN = 0
2016-03-25 17:13:49 +00:00
USE_IOU = 0
2016-04-05 07:58:23 +00:00
I386_REPO = 0
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 19:03:48 +00:00
DISABLE_KVM = 0
2023-03-23 11:59:20 +00:00
WELCOME_SETUP = 0
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
TEMP = ` getopt -o h --long with-openvpn,with-iou,with-i386-repository,with-welcome,without-kvm,unstable,custom-repository:,help -n 'gns3-remote-install.sh' -- " $@ " `
2016-03-21 09:36:25 +00:00
if [ $? != 0 ]
then
help
exit 1
fi
eval set -- " $TEMP "
# extract options and their arguments into variables.
while true ; do
case " $1 " in
--with-openvpn)
USE_VPN = 1
shift
; ;
2016-03-25 17:13:49 +00:00
--with-iou)
USE_IOU = 1
shift
; ;
2016-04-05 07:58:23 +00:00
--with-i386-repository)
I386_REPO = 1
shift
; ;
2023-02-12 00:57:54 +00:00
--with-welcome)
WELCOME_SETUP = 1
shift
; ;
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 19:03:48 +00:00
--without-kvm)
DISABLE_KVM = 1
shift
; ;
2016-09-27 08:35:24 +00:00
--unstable)
2024-12-22 13:26:24 +00:00
REPOSITORY = "unstable"
2016-09-27 08:35:24 +00:00
shift
; ;
2024-12-22 13:26:24 +00:00
--custom-repository)
REPOSITORY = " $2 "
shift 2
; ;
2016-03-21 09:36:25 +00:00
-h| --help)
help
exit 1
; ;
--) shift ; break ; ;
*) echo " Internal error! $1 " ; exit 1 ; ;
esac
done
# Exit in case of error
set -e
export DEBIAN_FRONTEND = "noninteractive"
2018-08-28 10:41:06 +00:00
UBUNTU_CODENAME = ` lsb_release -c -s`
2017-03-08 14:58:28 +00:00
2016-03-21 09:36:25 +00:00
log "Add GNS3 repository"
2016-09-27 08:35:24 +00:00
2024-12-22 13:26:24 +00:00
cat <<EOFLIST > /etc/apt/sources.list.d/gns3-ppa.sources
Types: deb
URIs: https://ppa.launchpadcontent.net/gns3/$REPOSITORY /ubuntu/
Suites: $UBUNTU_CODENAME
Components: main
Signed-By:
-----BEGIN PGP PUBLIC KEY BLOCK-----
.
mQINBGY0jSYBEADMH5CvX8ZVX4XzAxdQ2CmF7t86IjFnQgtI18Q19nVnpKEGNyB5
pgotDMzkhGnxuhvz2zE9PZhd8VgkodB81V607d/Dy8FfI7t1BVQhLvJDx0H/q6RE
n2y9WxiuBzTHitoQTCTY3hjcr7AUNFFI64gUqwbkQmYbCWWsYOlDpRSkWKg8P8WK
08RetwTI0Iwoz8j+BkbPlubuImiVfh1TeH23FBuGIwL1r1Cps0wel6JAi+jaU9WG
j8MX3mQYFTAtk7f1lRubqWosB/A4xIu609pF1e1tAkWAGltYAeoFhDn+PfA9KgmV
fvxfVR7zmxp31imTJgXgUFCz+H0Xb3vpve8XsrsHZUP6StJ3+6cFXjNBV6PuO1FT
JWp86a+AYHg7+sUWcoJRZPCTbb/pOcCa0q1ch5qcLkiYEOGK+pYhbPptq6y8IsJW
N6EDNCVvVqVyTJy14FZWoOqxcpUiDOQ+su28j8++V+PMo+FO3SQqwEZwJXk7LF/4
wUipDCUh/WNjDqqgmYLoO+ttiiJPbEw3jtbO+zopbzYpyEC1f06Nz7uz1daOIN3J
etFPzSqWCE7Eq+hoVmAAm8gVmQir3rFJbIGBAvAaOLQEOkUlOlS7AezqUhdyhGER
Zrvc3eNqxY7G61SEHipEJ7/hpcDq0RRWCXHsoQqyHaPje826n2pGkJYt4QARAQAB
tBZMYXVuY2hwYWQgUFBBIGZvciBHTlMziQJOBBMBCgA4FiEEuDqqv/vYLSG1Q8jq
hsIsLsaiTX8FAmY0jSYCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQhsIs
LsaiTX9z9xAAq1uHmRgfYmELS0cr2YEnTWHPVE6s95Qx+0cr5zzNeWfmoAS9uSyl
z8bCm+Q2ZapzU/nOtkozU+RGjgcRRTKMVTyS0PjFX22965xHCRWnw79fPyrYouUw
H2cAT8WSGYEeVAbqhJSns0RnDpXuaxmWE1wT+iitY/QAjeXo22Z2mjv2bFTitKbY
hZbE5Eu8Olc5YHCVI0ofq84/Ii921iMibU6EDMmm/iOnMK2uHGbC59t0YG8Rm7mK
uk6+TpxOULjFeCWSkF2Dr33m8JQmtYZuFUnmqWPuSdBo3J0O1b0qTg+EP9FbDAtj
CoEKT/V1ccMBd3r77o23CGsvpV7bzEU60A+NsU8vb/AkOmouYiF+qaYDFGZDfWhK
p1HFmd1kt7YdgxsmoKoFJkbt1bBdcFJLV0Jcad5sfArg2aFDYf2giMxAw4iQ+9jc
MCuwWxiqWicPqJ5erNTzVfayBkjuZqBDVTO9wmG3DL4QmNosIBS7kq+NGrT8Ql22
FqYfdIZJDlKVtJKHK8eKJSB0dbFawV2h5p/CvQlIm6nthg5FzOyjvCkPkvxvveq+
SuNxFEscumFCgo7j7RMWHW9HWK3TUvMmYLMVjxL8kXyCwknp9GklBQHA/IPxRa/2
eFqqkmVbmNAoMzzw5wqa/BPcFEbgn+E+TFyZqbzp0F4QzPJZFkz16SA=
= xnj5
-----END PGP PUBLIC KEY BLOCK-----
2016-09-27 08:35:24 +00:00
EOFLIST
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
log "Updating system packages and installing curl"
apt update
apt install -y curl
2016-04-05 07:58:23 +00:00
2024-12-22 13:26:24 +00:00
log "Upgrading packages"
apt upgrade --yes --force-yes -o Dpkg::Options::= "--force-confdef" -o Dpkg::Options::= "--force-confold"
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
log "Installing the GNS3 server and its dependencies"
apt install -y gns3-server
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
log "Creating user GNS3 with /opt/gns3 as home directory"
2023-10-30 15:00:45 +00:00
if [ ! -d "/opt/gns3" ]
2016-03-21 09:36:25 +00:00
then
2023-10-30 15:00:45 +00:00
useradd -m -d /opt/gns3 gns3
2016-03-21 09:36:25 +00:00
fi
2024-12-22 13:26:24 +00:00
log "Adding GNS3 to the ubridge group"
2017-05-26 08:47:25 +00:00
usermod -aG ubridge gns3
2024-12-22 13:26:24 +00:00
log "Installing Docker"
2016-03-21 09:36:25 +00:00
if [ ! -f "/usr/bin/docker" ]
then
curl -sSL https://get.docker.com | bash
fi
2024-12-22 13:26:24 +00:00
log "Adding GNS3 to the docker group"
2016-03-21 09:36:25 +00:00
usermod -aG docker gns3
2016-03-25 17:13:49 +00:00
if [ $USE_IOU = = 1 ]
then
2024-12-22 13:26:24 +00:00
log "Setting up IOU support"
if [ $I386_REPO = = 1 ]
then
log "Enabling i386 architecture for IOU support"
dpkg --add-architecture i386
apt update
fi
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
apt install -y gns3-iou
2016-03-21 09:36:25 +00:00
2016-03-25 17:13:49 +00:00
# Force the host name to gns3vm
2016-09-27 08:40:58 +00:00
echo gns3vm > /etc/hostname
2021-08-01 20:21:50 +00:00
hostname gns3vm
HOSTNAME = $( hostname)
2016-03-21 09:36:25 +00:00
2016-03-25 17:13:49 +00:00
# Force hostid for IOU
dd if = /dev/zero bs = 4 count = 1 of = /etc/hostid
2024-04-06 06:04:20 +00:00
# Block potential IOU phone home call (xml.cisco.com is not in use at this time)
2024-12-22 13:26:24 +00:00
log "Blocking IOU phone home call"
2024-04-20 08:45:28 +00:00
if [ " $UBUNTU_CODENAME " = = "focal" ]
then
iptables -I OUTPUT -p udp --dport 53 -m string --hex-string "|03|xml|05|cisco|03|com" --algo bm -j DROP
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
2024-12-22 13:26:24 +00:00
apt install -y iptables-persistent
2024-04-20 08:45:28 +00:00
else
echo "127.0.0.254 xml.cisco.com" | tee --append /etc/hosts
fi
2016-03-25 17:13:49 +00:00
fi
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
log "Adding gns3 to the kvm group"
2016-03-21 09:36:25 +00:00
usermod -aG kvm gns3
2024-12-22 13:26:24 +00:00
log "Setting up the GNS3 server configuration"
2016-03-21 09:36:25 +00:00
2016-03-25 17:13:49 +00:00
mkdir -p /etc/gns3
cat <<EOFC > /etc/gns3/gns3_server.conf
2016-03-21 09:36:25 +00:00
[ Server]
host = 0.0.0.0
2016-03-25 14:31:17 +00:00
port = 3080
2016-03-21 09:36:25 +00:00
images_path = /opt/gns3/images
projects_path = /opt/gns3/projects
2017-07-19 09:44:05 +00:00
appliances_path = /opt/gns3/appliances
configs_path = /opt/gns3/configs
2016-03-21 09:36:25 +00:00
report_errors = True
[ Qemu]
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 19:03:48 +00:00
enable_hardware_acceleration = True
require_hardware_acceleration = True
2016-03-25 17:13:49 +00:00
EOFC
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 19:03:48 +00:00
if [ $DISABLE_KVM = = 1 ]
then
2024-12-22 13:26:24 +00:00
log "Disabling KVM support"
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 19:03:48 +00:00
sed -i 's/hardware_acceleration = True/hardware_acceleration = False/g' /etc/gns3/gns3_server.conf
fi
2016-03-25 17:13:49 +00:00
chown -R gns3:gns3 /etc/gns3
chmod -R 700 /etc/gns3
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
log "Installing the GNS3 systemd service"
cat <<EOFI > /lib/systemd/system/gns3.service
2017-03-08 14:58:28 +00:00
[ Unit]
Description = GNS3 server
2019-11-01 07:23:52 +00:00
After = network-online.target
Wants = network-online.target
Conflicts = shutdown.target
2017-03-08 14:58:28 +00:00
[ Service]
User = gns3
Group = gns3
PermissionsStartOnly = true
2020-11-02 07:53:41 +00:00
EnvironmentFile = /etc/environment
2017-03-08 14:58:28 +00:00
ExecStartPre = /bin/mkdir -p /var/log/gns3 /var/run/gns3
ExecStartPre = /bin/chown -R gns3:gns3 /var/log/gns3 /var/run/gns3
2019-11-01 07:23:52 +00:00
ExecStart = /usr/bin/gns3server --log /var/log/gns3/gns3.log
2020-04-30 06:00:50 +00:00
ExecReload = /bin/kill -s HUP $MAINPID
2019-11-01 07:23:52 +00:00
Restart = on-failure
RestartSec = 5
2019-11-07 08:28:47 +00:00
LimitNOFILE = 16384
2017-03-08 14:58:28 +00:00
[ Install]
WantedBy = multi-user.target
EOFI
2024-12-22 13:26:24 +00:00
chmod 755 /lib/systemd/system/gns3.service
chown root:root /lib/systemd/system/gns3.service
log "Starting the GNS3 service"
systemctl enable gns3
systemctl start gns3
2017-03-08 14:58:28 +00:00
2024-12-22 13:26:24 +00:00
log "GNS3 has been installed with success"
2016-03-21 09:36:25 +00:00
2023-02-12 00:57:54 +00:00
if [ $WELCOME_SETUP = = 1 ]
then
2023-11-07 00:02:29 +00:00
cat <<EOFI > /etc/sudoers.d/gns3
gns3 ALL = ( ALL) NOPASSWD: /usr/bin/apt-key
gns3 ALL = ( ALL) NOPASSWD: /usr/bin/apt-get
gns3 ALL = ( ALL) NOPASSWD: /usr/sbin/reboot
EOFI
2024-12-22 13:26:24 +00:00
NEEDRESTART_MODE = a apt install -y net-tools
NEEDRESTART_MODE = a apt install -y dialog
NEEDRESTART_MODE = a apt install -y python3-dialog
2023-02-12 00:57:54 +00:00
2023-02-12 23:30:01 +00:00
#Pull down welcome script from repo
curl https://raw.githubusercontent.com/GNS3/gns3-server/master/scripts/welcome.py > /usr/local/bin/welcome.py
2023-02-12 02:00:37 +00:00
2023-02-12 03:23:45 +00:00
chmod 755 /usr/local/bin/welcome.py
chown gns3:gns3 /usr/local/bin/welcome.py
2023-02-12 00:57:54 +00:00
mkdir /etc/systemd/system/getty@tty1.service.d
cat <<EOFI > /etc/systemd/system/getty@tty1.service.d/override.conf
[ Service]
ExecStart =
ExecStart = -/sbin/agetty -a gns3 --noclear %I \$ TERM
EOFI
chmod 755 /etc/systemd/system/getty@tty1.service.d/override.conf
chown root:root /etc/systemd/system/getty@tty1.service.d/override.conf
2023-02-12 03:23:45 +00:00
echo "python3 /usr/local/bin/welcome.py" >> /opt/gns3/.bashrc
2023-02-12 19:21:01 +00:00
echo "gns3:gns3" | chpasswd
2023-02-12 04:24:23 +00:00
usermod --shell /bin/bash gns3
2023-02-12 07:48:17 +00:00
usermod -aG sudo gns3
2023-02-12 00:57:54 +00:00
fi
2016-03-21 09:36:25 +00:00
if [ $USE_VPN = = 1 ]
then
2024-12-22 13:26:24 +00:00
log "Setting up OpenVPN"
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
log "Changing the GNS3 server configuration to listen on VPN interface"
2016-03-21 09:36:25 +00:00
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 19:03:48 +00:00
sed -i 's/host = 0.0.0.0/host = 172.16.253.1/' /etc/gns3/gns3_server.conf
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
log "Installing the OpenVPN packages"
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
apt install -y openvpn uuid dnsutils nginx-light
2016-03-21 09:36:25 +00:00
2018-03-08 14:09:00 +00:00
MY_IP_ADDR = $( dig @ns1.google.com -t txt o-o.myaddr.l.google.com +short -4 | sed 's/"//g' )
2016-03-21 09:36:25 +00:00
log " IP detected: $MY_IP_ADDR "
UUID = $( uuid)
2024-12-22 13:26:24 +00:00
log "Updating motd"
2016-03-21 09:36:25 +00:00
2016-03-25 17:13:49 +00:00
cat <<EOFMOTD > /etc/update-motd.d/70-openvpn
2016-03-21 09:36:25 +00:00
#!/bin/sh
echo ""
echo "_______________________________________________________________________________________________"
echo "Download the VPN configuration here:"
echo " http:// $MY_IP_ADDR :8003/ $UUID / $HOSTNAME .ovpn "
echo ""
echo "And add it to your openvpn client."
echo ""
2024-12-22 13:26:24 +00:00
echo "apt remove nginx-light to disable the HTTP server."
2016-03-21 09:36:25 +00:00
echo "And remove this file with rm /etc/update-motd.d/70-openvpn"
2016-03-25 17:13:49 +00:00
EOFMOTD
2016-03-21 09:36:25 +00:00
chmod 755 /etc/update-motd.d/70-openvpn
mkdir -p /etc/openvpn/
[ -d /dev/net ] || mkdir -p /dev/net
[ -c /dev/net/tun ] || mknod /dev/net/tun c 10 200
2024-12-22 13:26:24 +00:00
log "Creating OpenVPN keys"
2016-03-21 09:36:25 +00:00
[ -f /etc/openvpn/dh.pem ] || openssl dhparam -out /etc/openvpn/dh.pem 2048
[ -f /etc/openvpn/key.pem ] || openssl genrsa -out /etc/openvpn/key.pem 2048
chmod 600 /etc/openvpn/key.pem
[ -f /etc/openvpn/csr.pem ] || openssl req -new -key /etc/openvpn/key.pem -out /etc/openvpn/csr.pem -subj /CN= OpenVPN/
[ -f /etc/openvpn/cert.pem ] || openssl x509 -req -in /etc/openvpn/csr.pem -out /etc/openvpn/cert.pem -signkey /etc/openvpn/key.pem -days 24855
2024-12-22 13:26:24 +00:00
log "Creating OpenVPN client configuration"
2016-03-25 17:13:49 +00:00
cat <<EOFCLIE NT > /root/client.ovpn
2016-03-21 09:36:25 +00:00
client
nobind
comp-lzo
dev tun
<key>
` cat /etc/openvpn/key.pem`
</key>
<cert>
` cat /etc/openvpn/cert.pem`
</cert>
<ca>
` cat /etc/openvpn/cert.pem`
</ca>
<dh>
` cat /etc/openvpn/dh.pem`
</dh>
<connection>
remote $MY_IP_ADDR 1194 udp
</connection>
2016-04-14 14:20:13 +00:00
EOFCLIENT
2016-03-21 09:36:25 +00:00
2016-04-14 14:20:13 +00:00
cat <<EOFUDP > /etc/openvpn/udp1194.conf
2016-03-21 09:36:25 +00:00
server 172.16.253.0 255.255.255.0
verb 3
duplicate-cn
comp-lzo
key key.pem
ca cert.pem
cert cert.pem
dh dh.pem
keepalive 10 60
persist-key
persist-tun
proto udp
port 1194
dev tun1194
status openvpn-status-1194.log
log-append /var/log/openvpn-udp1194.log
2016-04-14 14:20:13 +00:00
EOFUDP
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
log "Setting up an HTTP server for serving client certificate"
2016-03-21 09:36:25 +00:00
mkdir -p /usr/share/nginx/openvpn/$UUID
cp /root/client.ovpn /usr/share/nginx/openvpn/$UUID /$HOSTNAME .ovpn
touch /usr/share/nginx/openvpn/$UUID /index.html
touch /usr/share/nginx/openvpn/index.html
2016-04-14 14:20:13 +00:00
cat <<EOFNGINX > /etc/nginx/sites-available/openvpn
2016-03-21 09:36:25 +00:00
server {
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 19:03:48 +00:00
listen 8003;
2016-03-21 09:36:25 +00:00
root /usr/share/nginx/openvpn;
}
2016-04-14 14:20:13 +00:00
EOFNGINX
2016-03-21 09:36:25 +00:00
[ -f /etc/nginx/sites-enabled/openvpn ] || ln -s /etc/nginx/sites-available/openvpn /etc/nginx/sites-enabled/
service nginx stop
service nginx start
2024-12-22 13:26:24 +00:00
log "Restarting OpenVPN and GNS3"
2016-03-21 09:36:25 +00:00
set +e
service openvpn stop
service openvpn start
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 19:03:48 +00:00
service gns3 stop
service gns3 start
2016-03-21 09:36:25 +00:00
2024-12-22 13:26:24 +00:00
log " Please download http:// $MY_IP_ADDR :8003/ $UUID / $HOSTNAME .ovpn to setup your OpenVPN client after rebooting the server "
2016-03-21 09:36:25 +00:00
fi
2023-02-12 07:07:18 +00:00
if [ $WELCOME_SETUP = = 1 ]
then
2024-12-22 13:26:24 +00:00
NEEDRESTART_MODE = a apt update
NEEDRESTART_MODE = a apt upgrade
python3 -c 'import sys; sys.path.append("/usr/local/bin/"); import welcome; ws = welcome.Welcome_dialog(); ws.repair_remote_install()'
cd /opt/gns3
su gns3
2023-10-30 15:00:45 +00:00
fi