2016-03-21 09:36:25 +00:00
#!/bin/bash
#
# Copyright (C) 2015 GNS3 Technologies Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
2017-03-08 14:58:28 +00:00
# Install GNS3 on a remote Ubuntu LTS server
2016-03-21 09:36:25 +00:00
# This create a dedicated user and setup all the package
2016-05-18 09:23:45 +00:00
# and optionnaly a VPN
2016-03-21 09:36:25 +00:00
#
function help {
echo "Usage:" >& 2
echo "--with-openvpn: Install Open VPN" >& 2
2016-03-25 17:13:49 +00:00
echo "--with-iou: Install IOU" >& 2
2018-01-18 03:43:04 +00:00
echo "--with-i386-repository: Add the i386 repositories required by IOU if they are not already available on the system. Warning: this will replace your source.list in order to use the official Ubuntu mirror" >& 2
2016-09-27 08:35:24 +00:00
echo "--unstable: Use the GNS3 unstable repository"
2016-03-21 09:36:25 +00:00
echo "--help: This help" >& 2
}
function log {
echo " => $1 " >& 2
}
2017-03-08 14:58:28 +00:00
lsb_release -d | grep "LTS" > /dev/null
2016-03-21 09:36:25 +00:00
if [ $? != 0 ]
then
2018-01-18 03:43:04 +00:00
echo "This script can only be run on a Linux Ubuntu LTS release"
2016-03-21 09:36:25 +00:00
exit 1
fi
# Read the options
USE_VPN = 0
2016-03-25 17:13:49 +00:00
USE_IOU = 0
2016-04-05 07:58:23 +00:00
I386_REPO = 0
2016-09-27 08:35:24 +00:00
UNSTABLE = 0
2016-03-21 09:36:25 +00:00
2016-09-27 08:35:24 +00:00
TEMP = ` getopt -o h --long with-openvpn,with-iou,with-i386-repository,unstable,help -n 'gns3-remote-install.sh' -- " $@ " `
2016-03-21 09:36:25 +00:00
if [ $? != 0 ]
then
help
exit 1
fi
eval set -- " $TEMP "
# extract options and their arguments into variables.
while true ; do
case " $1 " in
--with-openvpn)
USE_VPN = 1
shift
; ;
2016-03-25 17:13:49 +00:00
--with-iou)
USE_IOU = 1
shift
; ;
2016-04-05 07:58:23 +00:00
--with-i386-repository)
I386_REPO = 1
shift
; ;
2016-09-27 08:35:24 +00:00
--unstable)
UNSTABLE = 1
shift
; ;
2016-03-21 09:36:25 +00:00
-h| --help)
help
exit 1
; ;
--) shift ; break ; ;
*) echo " Internal error! $1 " ; exit 1 ; ;
esac
done
# Exit in case of error
set -e
export DEBIAN_FRONTEND = "noninteractive"
2017-03-08 14:58:28 +00:00
UBUNTU_VERSION = ` lsb_release -r -s`
if [ " $UBUNTU_VERSION " = = "14.04" ]
then
UBUNTU_CODENAME = "trusty"
else
UBUNTU_CODENAME = "xenial"
fi
2016-03-21 09:36:25 +00:00
log "Add GNS3 repository"
2016-09-27 08:35:24 +00:00
2017-03-08 14:58:28 +00:00
if [ " $UBUNTU_CODENAME " = = "trusty" ]
2016-09-27 08:35:24 +00:00
then
2017-03-08 14:58:28 +00:00
if [ $UNSTABLE = = 1 ]
then
cat <<EOFLIST > /etc/apt/sources.list.d/gns3.list
deb http://ppa.launchpad.net/gns3/unstable/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/unstable/ubuntu $UBUNTU_CODENAME main
deb http://ppa.launchpad.net/gns3/qemu/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/qemu/ubuntu $UBUNTU_CODENAME main
EOFLIST
else
cat <<EOFLIST > /etc/apt/sources.list.d/gns3.list
deb http://ppa.launchpad.net/gns3/ppa/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/ppa/ubuntu $UBUNTU_CODENAME main
deb http://ppa.launchpad.net/gns3/qemu/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/qemu/ubuntu $UBUNTU_CODENAME main
2016-09-27 08:35:24 +00:00
EOFLIST
2017-03-08 14:58:28 +00:00
fi
2016-09-27 08:35:24 +00:00
else
2017-03-08 14:58:28 +00:00
if [ $UNSTABLE = = 1 ]
then
cat <<EOFLIST > /etc/apt/sources.list.d/gns3.list
deb http://ppa.launchpad.net/gns3/unstable/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/unstable/ubuntu $UBUNTU_CODENAME main
EOFLIST
else
cat <<EOFLIST > /etc/apt/sources.list.d/gns3.list
2017-03-08 17:15:43 +00:00
deb http://ppa.launchpad.net/gns3/ppa/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/ppa/ubuntu $UBUNTU_CODENAME main
2016-03-25 17:13:49 +00:00
EOFLIST
2017-03-08 14:58:28 +00:00
fi
2016-09-27 08:35:24 +00:00
fi
2016-03-21 09:36:25 +00:00
2016-04-05 07:58:23 +00:00
if [ $I386_REPO = = 1 ]
then
cat <<EOFLIST2 >> /etc/apt/sources.list
###### Ubuntu Main Repos
2017-03-08 14:58:28 +00:00
deb http://archive.ubuntu.com/ubuntu/ $UBUNTU_CODENAME main universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ $UBUNTU_CODENAME main universe multiverse
2016-04-05 07:58:23 +00:00
###### Ubuntu Update Repos
2017-03-08 14:58:28 +00:00
deb http://archive.ubuntu.com/ubuntu/ ${ UBUNTU_CODENAME } -security main universe multiverse
deb http://archive.ubuntu.com/ubuntu/ ${ UBUNTU_CODENAME } -updates main universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ ${ UBUNTU_CODENAME } -security main universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ ${ UBUNTU_CODENAME } -updates main universe multiverse
2016-04-05 07:58:23 +00:00
EOFLIST2
fi
2016-03-21 09:36:25 +00:00
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A2E3EF7B
log "Update system packages"
apt-get update
log "Upgrade packages"
2017-05-26 08:29:33 +00:00
apt-get upgrade --yes --force-yes -o Dpkg::Options::= "--force-confdef" -o Dpkg::Options::= "--force-confold"
2016-03-21 09:36:25 +00:00
2016-05-18 09:23:45 +00:00
log " Install GNS3 packages"
2016-03-21 09:36:25 +00:00
apt-get install -y gns3-server
log "Create user GNS3 with /opt/gns3 as home directory"
if [ ! -d "/opt/gns3/" ]
then
useradd -d /opt/gns3/ -m gns3
fi
2017-05-26 08:47:25 +00:00
log "Add GNS3 to the ubridge group"
usermod -aG ubridge gns3
2016-03-21 09:36:25 +00:00
log "Install docker"
if [ ! -f "/usr/bin/docker" ]
then
curl -sSL https://get.docker.com | bash
fi
log "Add GNS3 to the docker group"
usermod -aG docker gns3
2016-03-25 17:13:49 +00:00
if [ $USE_IOU = = 1 ]
then
log "IOU setup"
dpkg --add-architecture i386
apt-get update
2016-03-21 09:36:25 +00:00
2016-03-25 17:13:49 +00:00
apt-get install -y gns3-iou
2016-03-21 09:36:25 +00:00
2016-03-25 17:13:49 +00:00
# Force the host name to gns3vm
2016-09-27 08:40:58 +00:00
echo gns3vm > /etc/hostname
2016-03-21 09:36:25 +00:00
2016-03-25 17:13:49 +00:00
# Force hostid for IOU
dd if = /dev/zero bs = 4 count = 1 of = /etc/hostid
# Block iou call. The server is down
echo "127.0.0.254 xml.cisco.com" | tee --append /etc/hosts
fi
2016-03-21 09:36:25 +00:00
log "Add gns3 to the kvm group"
usermod -aG kvm gns3
log "Setup GNS3 server"
2016-03-25 17:13:49 +00:00
mkdir -p /etc/gns3
cat <<EOFC > /etc/gns3/gns3_server.conf
2016-03-21 09:36:25 +00:00
[ Server]
host = 0.0.0.0
2016-03-25 14:31:17 +00:00
port = 3080
2016-03-21 09:36:25 +00:00
images_path = /opt/gns3/images
projects_path = /opt/gns3/projects
2017-07-19 09:44:05 +00:00
appliances_path = /opt/gns3/appliances
configs_path = /opt/gns3/configs
2016-03-21 09:36:25 +00:00
report_errors = True
[ Qemu]
enable_kvm = True
2017-11-19 05:39:37 +00:00
require_kvm = True
2016-03-25 17:13:49 +00:00
EOFC
chown -R gns3:gns3 /etc/gns3
chmod -R 700 /etc/gns3
2016-03-21 09:36:25 +00:00
2017-03-08 14:58:28 +00:00
if [ " $UBUNTU_CODENAME " = = "trusty" ]
then
2016-03-25 17:13:49 +00:00
cat <<EOFI > /etc/init/gns3.conf
2016-03-21 09:36:25 +00:00
description "GNS3 server"
author "GNS3 Team"
start on filesystem or runlevel [ 2345]
stop on runlevel [ 016]
respawn
console log
script
exec start-stop-daemon --start --make-pidfile --pidfile /var/run/gns3.pid --chuid gns3 --exec "/usr/bin/gns3server"
end script
pre-start script
echo "" > /var/log/upstart/gns3.log
echo "[`date`] GNS3 Starting"
end script
pre-stop script
echo "[`date`] GNS3 Stopping"
end script
2016-03-25 17:13:49 +00:00
EOFI
2016-03-21 09:36:25 +00:00
chown root:root /etc/init/gns3.conf
chmod 644 /etc/init/gns3.conf
log "Start GNS3 service"
set +e
service gns3 stop
set -e
service gns3 start
2017-03-08 14:58:28 +00:00
else
# Install systemd service
cat <<EOFI > /lib/systemd/system/gns3.service
[ Unit]
Description = GNS3 server
[ Service]
Type = forking
User = gns3
Group = gns3
PermissionsStartOnly = true
ExecStartPre = /bin/mkdir -p /var/log/gns3 /var/run/gns3
ExecStartPre = /bin/chown -R gns3:gns3 /var/log/gns3 /var/run/gns3
ExecStart = /usr/bin/gns3server --log /var/log/gns3/gns3.log \
--pid /var/run/gns3/gns3.pid --daemon
Restart = on-abort
PIDFile = /var/run/gns3/gns3.pid
[ Install]
WantedBy = multi-user.target
EOFI
chmod 755 /lib/systemd/system/gns3.service
chown root:root /lib/systemd/system/gns3.service
log "Start GNS3 service"
systemctl enable gns3
systemctl start gns3
fi
2016-03-21 09:36:25 +00:00
log "GNS3 installed with success"
if [ $USE_VPN = = 1 ]
then
log "Setup VPN"
2016-03-25 17:13:49 +00:00
cat <<EOFSE RVER > /etc/gns3/gns3_server.conf
2016-03-21 09:36:25 +00:00
[ Server]
host = 172.16.253.1
2016-03-25 14:31:17 +00:00
port = 3080
2016-03-21 09:36:25 +00:00
images_path = /opt/gns3/images
projects_path = /opt/gns3/projects
report_errors = True
[ Qemu]
enable_kvm = True
2017-11-19 05:39:37 +00:00
require_kvm = True
2016-03-25 17:13:49 +00:00
EOFSERVER
2016-03-21 09:36:25 +00:00
log "Install packages for Open VPN"
apt-get install -y \
openvpn \
uuid \
dnsutils \
nginx-light
2018-03-08 14:09:00 +00:00
MY_IP_ADDR = $( dig @ns1.google.com -t txt o-o.myaddr.l.google.com +short -4 | sed 's/"//g' )
2016-03-21 09:36:25 +00:00
log " IP detected: $MY_IP_ADDR "
UUID = $( uuid)
log "Update motd"
2016-03-25 17:13:49 +00:00
cat <<EOFMOTD > /etc/update-motd.d/70-openvpn
2016-03-21 09:36:25 +00:00
#!/bin/sh
echo ""
echo "_______________________________________________________________________________________________"
echo "Download the VPN configuration here:"
echo " http:// $MY_IP_ADDR :8003/ $UUID / $HOSTNAME .ovpn "
echo ""
echo "And add it to your openvpn client."
echo ""
echo "apt-get remove nginx-light to disable the HTTP server."
echo "And remove this file with rm /etc/update-motd.d/70-openvpn"
2016-03-25 17:13:49 +00:00
EOFMOTD
2016-03-21 09:36:25 +00:00
chmod 755 /etc/update-motd.d/70-openvpn
mkdir -p /etc/openvpn/
[ -d /dev/net ] || mkdir -p /dev/net
[ -c /dev/net/tun ] || mknod /dev/net/tun c 10 200
log "Create keys"
[ -f /etc/openvpn/dh.pem ] || openssl dhparam -out /etc/openvpn/dh.pem 2048
[ -f /etc/openvpn/key.pem ] || openssl genrsa -out /etc/openvpn/key.pem 2048
chmod 600 /etc/openvpn/key.pem
[ -f /etc/openvpn/csr.pem ] || openssl req -new -key /etc/openvpn/key.pem -out /etc/openvpn/csr.pem -subj /CN= OpenVPN/
[ -f /etc/openvpn/cert.pem ] || openssl x509 -req -in /etc/openvpn/csr.pem -out /etc/openvpn/cert.pem -signkey /etc/openvpn/key.pem -days 24855
log "Create client configuration"
2016-03-25 17:13:49 +00:00
cat <<EOFCLIE NT > /root/client.ovpn
2016-03-21 09:36:25 +00:00
client
nobind
comp-lzo
dev tun
<key>
` cat /etc/openvpn/key.pem`
</key>
<cert>
` cat /etc/openvpn/cert.pem`
</cert>
<ca>
` cat /etc/openvpn/cert.pem`
</ca>
<dh>
` cat /etc/openvpn/dh.pem`
</dh>
<connection>
remote $MY_IP_ADDR 1194 udp
</connection>
2016-04-14 14:20:13 +00:00
EOFCLIENT
2016-03-21 09:36:25 +00:00
2016-04-14 14:20:13 +00:00
cat <<EOFUDP > /etc/openvpn/udp1194.conf
2016-03-21 09:36:25 +00:00
server 172.16.253.0 255.255.255.0
verb 3
duplicate-cn
comp-lzo
key key.pem
ca cert.pem
cert cert.pem
dh dh.pem
keepalive 10 60
persist-key
persist-tun
proto udp
port 1194
dev tun1194
status openvpn-status-1194.log
log-append /var/log/openvpn-udp1194.log
2016-04-14 14:20:13 +00:00
EOFUDP
2016-03-21 09:36:25 +00:00
echo "Setup HTTP server for serving client certificate"
mkdir -p /usr/share/nginx/openvpn/$UUID
cp /root/client.ovpn /usr/share/nginx/openvpn/$UUID /$HOSTNAME .ovpn
touch /usr/share/nginx/openvpn/$UUID /index.html
touch /usr/share/nginx/openvpn/index.html
2016-04-14 14:20:13 +00:00
cat <<EOFNGINX > /etc/nginx/sites-available/openvpn
2016-03-21 09:36:25 +00:00
server {
listen 8003;
root /usr/share/nginx/openvpn;
}
2016-04-14 14:20:13 +00:00
EOFNGINX
2016-03-21 09:36:25 +00:00
[ -f /etc/nginx/sites-enabled/openvpn ] || ln -s /etc/nginx/sites-available/openvpn /etc/nginx/sites-enabled/
service nginx stop
service nginx start
log "Restart OpenVPN"
set +e
service openvpn stop
service openvpn start
2016-04-14 14:16:31 +00:00
log " Download http:// $MY_IP_ADDR :8003/ $UUID / $HOSTNAME .ovpn to setup your OpenVPN client after rebooting the server "
2016-03-21 09:36:25 +00:00
fi