Overview

This document explains how you can use fireguard on example of helloVM which is VM with Alpine Linux.

Create an origin VM

fireguard allows you to create a new VMs based on origin VM. So let's first create it.

Create origin VM folder and cd into it:

mkdir helloVM cd helloVM/2

Download the kernel for a VM:

curl -fsSL -o hello-vmlinux.bin https://github.com/lambdaprime/fireguard/raw/master/origin/alpinelinux-3.8-kernel4.14/hello-vmlinux.bin

Download storage with Alpine Linux:

curl -fsSL -o hello-rootfs.ext4 https://github.com/lambdaprime/fireguard/raw/master/origin/alpinelinux-3.8-kernel4.14/hello-rootfs.ext4

Create a vm_config.json

cat > vm_config.json <<EOF { "logger": { "log_fifo": "/dev/null", "metrics_fifo": "/dev/null" }, "boot-source": { "kernel_image_path": "hello-vmlinux.bin", "boot_args": "console=ttyS0 reboot=k panic=1 pci=off ipv6.disable=1" }, "drives": [ { "drive_id": "rootfs", "path_on_host": "hello-rootfs.ext4", "is_root_device": true, "is_read_only": false } ], "machine-config": { "vcpu_count": 1, "mem_size_mib": 1000, "ht_enabled": true }, "actions": { "action_type": "InstanceStart" } } EOF

Test that origin VM works (credentials root/root):

rm /tmp/firecracker.sock; firecracker --api-sock /tmp/firecracker.sock --config-file vm_config.json

Configure fireguard

cat > ~/.fireguard <<EOF originVm = <HELLOVM_ORIGIN> hostIface = <HOST_IFACE> EOF

Where:

HELLOVM_ORIGIN -- path to the helloVM folder where origin VM is located (was created earlier)
HOST_IFACE -- host OS external network interface name (so VMs can access Internet)

Manage multiple VMs

Create VMs:

fireguard vm create

Creating new VM...
id: vm-1
home folder: ***/stage/vm-1
socket: ***/stage/vm-1/firecracker.sock
state: STOPPED
pid: Optional.empty
vmConfig: path: ***/stage/vm-1/vm_config.json
memoryGb: 1
vcpu: 1
hostIface: Optional.empty
mac: Optional.empty

fireguard vm create

Creating new VM...
id: vm-2
home folder: ***/stage/vm-2
socket: ***/stage/vm-2/firecracker.sock
state: STOPPED
pid: Optional.empty
vmConfig: path: ***/stage/vm-2/vm_config.json
memoryGb: 1
vcpu: 1
hostIface: Optional.empty
mac: Optional.empty

Start all VMs:

fireguard vm startAll

Starting VM with id vm-1...

Starting VM with id vm-2...

Connect to VM:

screen -ls

There are screens on:
	3945.vm-1	(01/24/20 22:03:16)	(Detached)
	3942.vm-2	(01/24/20 22:03:16)	(Detached)

screen -r vm-1

Network setup

This covers network setup under Ubuntu.

First disable ufw:

ufw disable systemctl stop ufw reboot

Then create a new network:

fireguard net create 10.1.2.0 255.255.255.0

Creating new network...
id: net-1
subnet: /10.1.2.0
netmask: /255.255.255.0
ifaces: []

Attach VMs to it:

fireguard net attach vm-1 net-1

Attaching vm-1 to net-1 network...

fireguard net attach vm-2 net-1

Attaching vm-2 to net-1 network...

Restart the VMs:

fireguard vm stopAll

Stopping VM with id vm-1...

Stopping VM with id vm-2...

fireguard vm startAll

Starting VM with id vm-1...

Starting VM with id vm-2...

Then go inside of the VM (root/root) and start networking:

/etc/init.d/networking start

 * Starting networking ...
 *   eth0 ...
udhcpc: started, v1.28.4
udhcpc: sending discover
udhcpc: sending select for 10.1.2.2
udhcpc: lease of 10.1.2.2 obtained, lease time 43200
route: ioctl 0x890c failed: No such process                               [ ok ]

The VM will use dhcp client to talk to the fireguard managed dhcpd to obtain an IP address.

Once it is done you can test it:

ping google.com

PING google.com (172.217.3.206): 56 data bytes
64 bytes from 172.217.3.206: seq=0 ttl=53 time=11.697 ms
64 bytes from 172.217.3.206: seq=1 ttl=53 time=13.777 ms