2016-03-21 11:36:25 +02:00
#!/bin/bash
#
# Copyright (C) 2015 GNS3 Technologies Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
2017-03-08 16:58:28 +02:00
# Install GNS3 on a remote Ubuntu LTS server
2016-03-21 11:36:25 +02:00
# This create a dedicated user and setup all the package
2016-05-18 12:23:45 +03:00
# and optionnaly a VPN
2016-03-21 11:36:25 +02:00
#
function help {
echo "Usage:" >& 2
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
echo "--with-openvpn: Install OpenVPN" >& 2
2016-03-25 20:13:49 +03:00
echo "--with-iou: Install IOU" >& 2
2018-01-18 05:43:04 +02:00
echo "--with-i386-repository: Add the i386 repositories required by IOU if they are not already available on the system. Warning: this will replace your source.list in order to use the official Ubuntu mirror" >& 2
2023-02-12 02:57:54 +02:00
echo "--with-welcome: Install GNS3-VM welcome.py script" >& 2
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
echo "--without-kvm: Disable KVM, required if system do not support it (limitation in some hypervisors and cloud providers). Warning: only disable KVM if strictly necessary as this will degrade performance" >& 2
2016-09-27 11:35:24 +03:00
echo "--unstable: Use the GNS3 unstable repository"
2016-03-21 11:36:25 +02:00
echo "--help: This help" >& 2
}
function log {
echo " => $1 " >& 2
}
2017-03-08 16:58:28 +02:00
lsb_release -d | grep "LTS" > /dev/null
2016-03-21 11:36:25 +02:00
if [ $? != 0 ]
then
2018-01-18 05:43:04 +02:00
echo "This script can only be run on a Linux Ubuntu LTS release"
2016-03-21 11:36:25 +02:00
exit 1
fi
# Read the options
USE_VPN = 0
2016-03-25 20:13:49 +03:00
USE_IOU = 0
2016-04-05 10:58:23 +03:00
I386_REPO = 0
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
DISABLE_KVM = 0
2016-09-27 11:35:24 +03:00
UNSTABLE = 0
2016-03-21 11:36:25 +02:00
2023-02-12 02:57:54 +02:00
TEMP = ` getopt -o h --long with-openvpn,with-iou,with-i386-repository,with-welcome,without-kvm,unstable,help -n 'gns3-remote-install.sh' -- " $@ " `
2016-03-21 11:36:25 +02:00
if [ $? != 0 ]
then
help
exit 1
fi
eval set -- " $TEMP "
# extract options and their arguments into variables.
while true ; do
case " $1 " in
--with-openvpn)
USE_VPN = 1
shift
; ;
2016-03-25 20:13:49 +03:00
--with-iou)
USE_IOU = 1
shift
; ;
2016-04-05 10:58:23 +03:00
--with-i386-repository)
I386_REPO = 1
shift
; ;
2023-02-12 02:57:54 +02:00
--with-welcome)
WELCOME_SETUP = 1
shift
; ;
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
--without-kvm)
DISABLE_KVM = 1
shift
; ;
2016-09-27 11:35:24 +03:00
--unstable)
UNSTABLE = 1
shift
; ;
2016-03-21 11:36:25 +02:00
-h| --help)
help
exit 1
; ;
--) shift ; break ; ;
*) echo " Internal error! $1 " ; exit 1 ; ;
esac
done
# Exit in case of error
set -e
export DEBIAN_FRONTEND = "noninteractive"
2018-08-28 13:41:06 +03:00
UBUNTU_CODENAME = ` lsb_release -c -s`
2017-03-08 16:58:28 +02:00
2016-03-21 11:36:25 +02:00
log "Add GNS3 repository"
2016-09-27 11:35:24 +03:00
2017-03-08 16:58:28 +02:00
if [ " $UBUNTU_CODENAME " = = "trusty" ]
2016-09-27 11:35:24 +03:00
then
2017-03-08 16:58:28 +02:00
if [ $UNSTABLE = = 1 ]
then
cat <<EOFLIST > /etc/apt/sources.list.d/gns3.list
deb http://ppa.launchpad.net/gns3/unstable/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/unstable/ubuntu $UBUNTU_CODENAME main
deb http://ppa.launchpad.net/gns3/qemu/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/qemu/ubuntu $UBUNTU_CODENAME main
EOFLIST
else
cat <<EOFLIST > /etc/apt/sources.list.d/gns3.list
deb http://ppa.launchpad.net/gns3/ppa/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/ppa/ubuntu $UBUNTU_CODENAME main
deb http://ppa.launchpad.net/gns3/qemu/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/qemu/ubuntu $UBUNTU_CODENAME main
2016-09-27 11:35:24 +03:00
EOFLIST
2017-03-08 16:58:28 +02:00
fi
2016-09-27 11:35:24 +03:00
else
2017-03-08 16:58:28 +02:00
if [ $UNSTABLE = = 1 ]
then
cat <<EOFLIST > /etc/apt/sources.list.d/gns3.list
deb http://ppa.launchpad.net/gns3/unstable/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/unstable/ubuntu $UBUNTU_CODENAME main
EOFLIST
else
cat <<EOFLIST > /etc/apt/sources.list.d/gns3.list
2017-03-08 19:15:43 +02:00
deb http://ppa.launchpad.net/gns3/ppa/ubuntu $UBUNTU_CODENAME main
deb-src http://ppa.launchpad.net/gns3/ppa/ubuntu $UBUNTU_CODENAME main
2016-03-25 20:13:49 +03:00
EOFLIST
2017-03-08 16:58:28 +02:00
fi
2016-09-27 11:35:24 +03:00
fi
2016-03-21 11:36:25 +02:00
2016-04-05 10:58:23 +03:00
if [ $I386_REPO = = 1 ]
then
cat <<EOFLIST2 >> /etc/apt/sources.list
###### Ubuntu Main Repos
2017-03-08 16:58:28 +02:00
deb http://archive.ubuntu.com/ubuntu/ $UBUNTU_CODENAME main universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ $UBUNTU_CODENAME main universe multiverse
2016-04-05 10:58:23 +03:00
###### Ubuntu Update Repos
2017-03-08 16:58:28 +02:00
deb http://archive.ubuntu.com/ubuntu/ ${ UBUNTU_CODENAME } -security main universe multiverse
deb http://archive.ubuntu.com/ubuntu/ ${ UBUNTU_CODENAME } -updates main universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ ${ UBUNTU_CODENAME } -security main universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ ${ UBUNTU_CODENAME } -updates main universe multiverse
2016-04-05 10:58:23 +03:00
EOFLIST2
fi
2018-08-28 13:27:08 +03:00
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A2E3EF7B
2016-03-21 11:36:25 +02:00
log "Update system packages"
apt-get update
log "Upgrade packages"
2017-05-26 11:29:33 +03:00
apt-get upgrade --yes --force-yes -o Dpkg::Options::= "--force-confdef" -o Dpkg::Options::= "--force-confold"
2016-03-21 11:36:25 +02:00
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
log "Install GNS3 packages"
2016-03-21 11:36:25 +02:00
apt-get install -y gns3-server
log "Create user GNS3 with /opt/gns3 as home directory"
if [ ! -d "/opt/gns3/" ]
then
useradd -d /opt/gns3/ -m gns3
fi
2017-05-26 11:47:25 +03:00
log "Add GNS3 to the ubridge group"
usermod -aG ubridge gns3
2016-03-21 11:36:25 +02:00
log "Install docker"
if [ ! -f "/usr/bin/docker" ]
then
curl -sSL https://get.docker.com | bash
fi
log "Add GNS3 to the docker group"
usermod -aG docker gns3
2016-03-25 20:13:49 +03:00
if [ $USE_IOU = = 1 ]
then
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
log "Setup IOU"
2016-03-25 20:13:49 +03:00
dpkg --add-architecture i386
apt-get update
2016-03-21 11:36:25 +02:00
2016-03-25 20:13:49 +03:00
apt-get install -y gns3-iou
2016-03-21 11:36:25 +02:00
2016-03-25 20:13:49 +03:00
# Force the host name to gns3vm
2016-09-27 11:40:58 +03:00
echo gns3vm > /etc/hostname
2021-08-01 23:21:50 +03:00
hostname gns3vm
HOSTNAME = $( hostname)
2016-03-21 11:36:25 +02:00
2016-03-25 20:13:49 +03:00
# Force hostid for IOU
dd if = /dev/zero bs = 4 count = 1 of = /etc/hostid
# Block iou call. The server is down
echo "127.0.0.254 xml.cisco.com" | tee --append /etc/hosts
fi
2016-03-21 11:36:25 +02:00
log "Add gns3 to the kvm group"
usermod -aG kvm gns3
log "Setup GNS3 server"
2016-03-25 20:13:49 +03:00
mkdir -p /etc/gns3
cat <<EOFC > /etc/gns3/gns3_server.conf
2016-03-21 11:36:25 +02:00
[ Server]
host = 0.0.0.0
2016-03-25 17:31:17 +03:00
port = 3080
2016-03-21 11:36:25 +02:00
images_path = /opt/gns3/images
projects_path = /opt/gns3/projects
2017-07-19 12:44:05 +03:00
appliances_path = /opt/gns3/appliances
configs_path = /opt/gns3/configs
2016-03-21 11:36:25 +02:00
report_errors = True
[ Qemu]
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
enable_hardware_acceleration = True
require_hardware_acceleration = True
2016-03-25 20:13:49 +03:00
EOFC
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
if [ $DISABLE_KVM = = 1 ]
then
log "Disable KVM support"
sed -i 's/hardware_acceleration = True/hardware_acceleration = False/g' /etc/gns3/gns3_server.conf
fi
2016-03-25 20:13:49 +03:00
chown -R gns3:gns3 /etc/gns3
chmod -R 700 /etc/gns3
2016-03-21 11:36:25 +02:00
2017-03-08 16:58:28 +02:00
if [ " $UBUNTU_CODENAME " = = "trusty" ]
then
2016-03-25 20:13:49 +03:00
cat <<EOFI > /etc/init/gns3.conf
2016-03-21 11:36:25 +02:00
description "GNS3 server"
author "GNS3 Team"
start on filesystem or runlevel [ 2345]
stop on runlevel [ 016]
respawn
console log
script
exec start-stop-daemon --start --make-pidfile --pidfile /var/run/gns3.pid --chuid gns3 --exec "/usr/bin/gns3server"
end script
pre-start script
echo "" > /var/log/upstart/gns3.log
echo "[`date`] GNS3 Starting"
end script
pre-stop script
echo "[`date`] GNS3 Stopping"
end script
2016-03-25 20:13:49 +03:00
EOFI
2016-03-21 11:36:25 +02:00
chown root:root /etc/init/gns3.conf
chmod 644 /etc/init/gns3.conf
log "Start GNS3 service"
set +e
service gns3 stop
set -e
service gns3 start
2017-03-08 16:58:28 +02:00
else
# Install systemd service
cat <<EOFI > /lib/systemd/system/gns3.service
[ Unit]
Description = GNS3 server
2019-11-01 09:23:52 +02:00
After = network-online.target
Wants = network-online.target
Conflicts = shutdown.target
2017-03-08 16:58:28 +02:00
[ Service]
User = gns3
Group = gns3
PermissionsStartOnly = true
2020-11-02 09:53:41 +02:00
EnvironmentFile = /etc/environment
2017-03-08 16:58:28 +02:00
ExecStartPre = /bin/mkdir -p /var/log/gns3 /var/run/gns3
ExecStartPre = /bin/chown -R gns3:gns3 /var/log/gns3 /var/run/gns3
2019-11-01 09:23:52 +02:00
ExecStart = /usr/bin/gns3server --log /var/log/gns3/gns3.log
2020-04-30 09:00:50 +03:00
ExecReload = /bin/kill -s HUP $MAINPID
2019-11-01 09:23:52 +02:00
Restart = on-failure
RestartSec = 5
2019-11-07 10:28:47 +02:00
LimitNOFILE = 16384
2017-03-08 16:58:28 +02:00
[ Install]
WantedBy = multi-user.target
EOFI
chmod 755 /lib/systemd/system/gns3.service
chown root:root /lib/systemd/system/gns3.service
log "Start GNS3 service"
systemctl enable gns3
systemctl start gns3
fi
2016-03-21 11:36:25 +02:00
log "GNS3 installed with success"
2023-02-12 02:57:54 +02:00
if [ $WELCOME_SETUP = = 1 ]
then
apt-get install -y net-tools
NEEDRESTART_MODE = a apt-get install -y python3-pip
NEEDRESTART_MODE = a pip install --no-input --upgrade pip
NEEDRESTART_MODE = a pip install --no-input pythondialog
curl https://raw.githubusercontent.com/Xatrekak/gns3-server/master/scripts/welcome.py > /usr/local/bin/welcome.sh
mkdir /etc/systemd/system/getty@tty1.service.d
cat <<EOFI > /etc/systemd/system/getty@tty1.service.d/override.conf
[ Service]
ExecStart =
ExecStart = -/sbin/agetty -a gns3 --noclear %I \$ TERM
EOFI
chmod 755 /etc/systemd/system/getty@tty1.service.d/override.conf
chown root:root /etc/systemd/system/getty@tty1.service.d/override.conf
echo "python3 welcome.py" >> /opt/gns3/.bashrc
fi
2016-03-21 11:36:25 +02:00
if [ $USE_VPN = = 1 ]
then
log "Setup VPN"
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
log "Change GNS3 to listen on VPN interface"
2016-03-21 11:36:25 +02:00
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
sed -i 's/host = 0.0.0.0/host = 172.16.253.1/' /etc/gns3/gns3_server.conf
2016-03-21 11:36:25 +02:00
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
log "Install packages for OpenVPN"
2016-03-21 11:36:25 +02:00
apt-get install -y \
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
openvpn \
uuid \
2016-03-21 11:36:25 +02:00
dnsutils \
nginx-light
2018-03-08 16:09:00 +02:00
MY_IP_ADDR = $( dig @ns1.google.com -t txt o-o.myaddr.l.google.com +short -4 | sed 's/"//g' )
2016-03-21 11:36:25 +02:00
log " IP detected: $MY_IP_ADDR "
UUID = $( uuid)
log "Update motd"
2016-03-25 20:13:49 +03:00
cat <<EOFMOTD > /etc/update-motd.d/70-openvpn
2016-03-21 11:36:25 +02:00
#!/bin/sh
echo ""
echo "_______________________________________________________________________________________________"
echo "Download the VPN configuration here:"
echo " http:// $MY_IP_ADDR :8003/ $UUID / $HOSTNAME .ovpn "
echo ""
echo "And add it to your openvpn client."
echo ""
echo "apt-get remove nginx-light to disable the HTTP server."
echo "And remove this file with rm /etc/update-motd.d/70-openvpn"
2016-03-25 20:13:49 +03:00
EOFMOTD
2016-03-21 11:36:25 +02:00
chmod 755 /etc/update-motd.d/70-openvpn
mkdir -p /etc/openvpn/
[ -d /dev/net ] || mkdir -p /dev/net
[ -c /dev/net/tun ] || mknod /dev/net/tun c 10 200
log "Create keys"
[ -f /etc/openvpn/dh.pem ] || openssl dhparam -out /etc/openvpn/dh.pem 2048
[ -f /etc/openvpn/key.pem ] || openssl genrsa -out /etc/openvpn/key.pem 2048
chmod 600 /etc/openvpn/key.pem
[ -f /etc/openvpn/csr.pem ] || openssl req -new -key /etc/openvpn/key.pem -out /etc/openvpn/csr.pem -subj /CN= OpenVPN/
[ -f /etc/openvpn/cert.pem ] || openssl x509 -req -in /etc/openvpn/csr.pem -out /etc/openvpn/cert.pem -signkey /etc/openvpn/key.pem -days 24855
log "Create client configuration"
2016-03-25 20:13:49 +03:00
cat <<EOFCLIE NT > /root/client.ovpn
2016-03-21 11:36:25 +02:00
client
nobind
comp-lzo
dev tun
<key>
` cat /etc/openvpn/key.pem`
</key>
<cert>
` cat /etc/openvpn/cert.pem`
</cert>
<ca>
` cat /etc/openvpn/cert.pem`
</ca>
<dh>
` cat /etc/openvpn/dh.pem`
</dh>
<connection>
remote $MY_IP_ADDR 1194 udp
</connection>
2016-04-14 17:20:13 +03:00
EOFCLIENT
2016-03-21 11:36:25 +02:00
2016-04-14 17:20:13 +03:00
cat <<EOFUDP > /etc/openvpn/udp1194.conf
2016-03-21 11:36:25 +02:00
server 172.16.253.0 255.255.255.0
verb 3
duplicate-cn
comp-lzo
key key.pem
ca cert.pem
cert cert.pem
dh dh.pem
keepalive 10 60
persist-key
persist-tun
proto udp
port 1194
dev tun1194
status openvpn-status-1194.log
log-append /var/log/openvpn-udp1194.log
2016-04-14 17:20:13 +03:00
EOFUDP
2016-03-21 11:36:25 +02:00
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
log "Setup HTTP server for serving client certificate"
2016-03-21 11:36:25 +02:00
mkdir -p /usr/share/nginx/openvpn/$UUID
cp /root/client.ovpn /usr/share/nginx/openvpn/$UUID /$HOSTNAME .ovpn
touch /usr/share/nginx/openvpn/$UUID /index.html
touch /usr/share/nginx/openvpn/index.html
2016-04-14 17:20:13 +03:00
cat <<EOFNGINX > /etc/nginx/sites-available/openvpn
2016-03-21 11:36:25 +02:00
server {
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
listen 8003;
2016-03-21 11:36:25 +02:00
root /usr/share/nginx/openvpn;
}
2016-04-14 17:20:13 +03:00
EOFNGINX
2016-03-21 11:36:25 +02:00
[ -f /etc/nginx/sites-enabled/openvpn ] || ln -s /etc/nginx/sites-available/openvpn /etc/nginx/sites-enabled/
service nginx stop
service nginx start
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
log "Restart OpenVPN and GNS3"
2016-03-21 11:36:25 +02:00
set +e
service openvpn stop
service openvpn start
Add option `--without-kvm`
Some cloud providers (example, AWS EC2 for non-metal instances) do not
support nested virtualization, as well as some hypervisors (example,
VirtualBox prior to 6.x, Hyper-V on AMD). Option `--without-kvm` can
be used to disable hardware acceleration in these scenarios. Otherwise,
user will receive error when trying to start Qemu-based devices.
Commit also: replace `enable_kvm` and `require_kvm` with newer config
options (`enable_hardware_acceleration` and
`require_hardware_acceleration`); and do some code refactors.
One can argue that, instead of prividing option `--without-kvm`, we
should check if system supports KVM and enable/disable hardware
acceleration accordingly. However, there is the case when the
hypervisor supports nested virtualization, but feature is just disabled.
The chosen approach for this case is to keep KVM enabled and let user
known (user will eventually receive an error) so user can fix it.
Otherwise, user might never know and suffer from performance
degradation.
2021-08-01 22:03:48 +03:00
service gns3 stop
service gns3 start
2016-03-21 11:36:25 +02:00
2016-04-14 17:16:31 +03:00
log " Download http:// $MY_IP_ADDR :8003/ $UUID / $HOSTNAME .ovpn to setup your OpenVPN client after rebooting the server "
2016-03-21 11:36:25 +02:00
fi