Quick Start
CONTENT
Overview
This document explains how you can use fireguard on example of helloVM which is VM with Alpine Linux.
Create an origin VM
fireguard allows you to create a new VMs based on origin VM. So let's first create it.
Create origin VM folder and cd into it:
mkdir helloVM
cd helloVM/
Download the kernel for a VM:
curl -fsSL -o hello-vmlinux.bin https://github.com/lambdaprime/fireguard/raw/master/origin/alpinelinux-3.8-kernel4.14/hello-vmlinux.bin
Download storage with Alpine Linux:
curl -fsSL -o hello-rootfs.ext4 https://github.com/lambdaprime/fireguard/raw/master/origin/alpinelinux-3.8-kernel4.14/hello-rootfs.ext4
Create a vm_config.json
cat > vm_config.json <<EOF
{
"logger": {
"log_fifo": "/dev/null",
"metrics_fifo": "/dev/null"
},
"boot-source": {
"kernel_image_path": "hello-vmlinux.bin",
"boot_args": "console=ttyS0 reboot=k panic=1 pci=off ipv6.disable=1"
},
"drives": [
{
"drive_id": "rootfs",
"path_on_host": "hello-rootfs.ext4",
"is_root_device": true,
"is_read_only": false
}
],
"machine-config": {
"vcpu_count": 1,
"mem_size_mib": 1000,
"ht_enabled": true
},
"actions": {
"action_type": "InstanceStart"
}
}
EOF
Test that origin VM works (credentials root/root):
rm /tmp/firecracker.sock; firecracker --api-sock /tmp/firecracker.sock --config-file vm_config.json
Configure fireguard
cat > ~/.fireguard <<EOF
originVm = <HELLOVM_ORIGIN>
hostIface = <HOST_IFACE>
EOF
Where:
- HELLOVM_ORIGIN -- path to the helloVM folder where origin VM is located (was created earlier)
- HOST_IFACE -- host OS external network interface name (so VMs can access Internet)
Manage multiple VMs
Create VMs:
% fireguard vm create
Creating new VM...
id: vm-1
home folder: ***/stage/vm-1
socket: ***/stage/vm-1/firecracker.sock
state: STOPPED
pid: Optional.empty
vmConfig: path: ***/stage/vm-1/vm_config.json
memoryGb: 1
vcpu: 1
hostIface: Optional.empty
mac: Optional.empty
% fireguard vm create
Creating new VM...
id: vm-2
home folder: ***/stage/vm-2
socket: ***/stage/vm-2/firecracker.sock
state: STOPPED
pid: Optional.empty
vmConfig: path: ***/stage/vm-2/vm_config.json
memoryGb: 1
vcpu: 1
hostIface: Optional.empty
mac: Optional.empty
Start all VMs:
% fireguard vm startAll
Starting VM with id vm-1...
Starting VM with id vm-2...
Connect to VM:
% screen -ls
There are screens on:
3945.vm-1 (01/24/20 22:03:16) (Detached)
3942.vm-2 (01/24/20 22:03:16) (Detached)
% screen -r vm-1
Network setup
This covers network setup under Ubuntu.
First disable ufw:
ufw disable
systemctl stop ufw
reboot
Then create a new network:
% fireguard net create 10.1.2.0 255.255.255.0
Creating new network...
id: net-1
subnet: /10.1.2.0
netmask: /255.255.255.0
ifaces: []
%
Attach VMs to it:
% fireguard net attach vm-1 net-1
Attaching vm-1 to net-1 network...
% fireguard net attach vm-2 net-1
Attaching vm-2 to net-1 network...
Restart the VMs:
% fireguard vm stopAll
Stopping VM with id vm-1...
Stopping VM with id vm-2...
% fireguard vm startAll
Starting VM with id vm-1...
Starting VM with id vm-2...
Then go inside of the VM and start networking
localhost:~# /etc/init.d/networking start
* Starting networking ...
* eth0 ...
udhcpc: started, v1.28.4
udhcpc: sending discover
udhcpc: sending select for 10.1.2.2
udhcpc: lease of 10.1.2.2 obtained, lease time 43200
route: ioctl 0x890c failed: No such process [ ok ]
The VM will use dhcp client to talk to the fireguard managed dhcpd to obtain an IP address.
Once it is done you can test it:
localhost:~# ping google.com
PING google.com (172.217.3.206): 56 data bytes
64 bytes from 172.217.3.206: seq=0 ttl=53 time=11.697 ms
64 bytes from 172.217.3.206: seq=1 ttl=53 time=13.777 ms