Deploying EVE-NG On Google Cloud Platform: Part 1

EVE-NG is a network emulation tool for building and configuring virtual network topologies (eve-ng.net).  It is typically used for building networking labs for certification study purposes or for proof-of-concept testing.  For a current project I am working on, I need to be able to spin up a multivendor network topology (eg. Juniper vMX, Arista vEOS, Cisco CSR 1000v) on Google Cloud Platform (GCP) in order to simulate different customer environments.  As a secondary objective, I would like to pursue some networking certifications and need to be able to spin up some basic testbeds to facilitate studying.  This blog post (Part 1 of a series) aims to share my learnings on getting EVE-NG installed in GCP.

Prerequisites

In the interest of brevity, it is assumed that you have a GCP Account setup and already have a GCP Project selected or created, in which to launch your VMs. If not, you can go to the Getting Started landing page in GCP Console: https://console.cloud.google.com/getting-started. From here you can create a brand new project by clicking on “Select a project” from the top header bar.

Creating A Custom Nested Ubuntu Image

Google Compute Engine supports nested virtualization, which basically allows you to run one or more virtual machines inside of a Compute Engine Linux VM (in our case, an Ubuntu VM).  In a nutshell, nested virtualization lets you run “VMs inside of VMs”.  The are a couple of caveats here:

  1. Nested virtualization is supported on any Linux VM running on an Intel Haswell CPU or newer.
  2. The VM instance you want to enable nested virtualization on has to use a custom “nested” image with a special license key that enables VMX (Virtual Machine Extensions).

Let’s go ahead and first create a custom nested image that is built from a base Ubuntu 16.04 image.  To do this, we need to first activate and launch  Cloud Shell by clicking on the “Activate Cloud Shell” icon in the top header bar of the “Compute Engine” landing page, as shown in the screenshot below.

Note: At the time of this writing, the EVE-NG install scripts fail when using Ubuntu 18.04 LTS … so be sure to use Ubuntu 16.04 LTS to create your custom nested image!

This will open up the Cloud Shell Terminal pane at the bottom of the landing page, as shown in the screenshot below.

We then issue the following “gcloud” command to create our nested image:

gcloud compute images create nested-ubuntu-xenial 
--source-image-family=ubuntu-1604-lts
--source-image-project=ubuntu-os-cloud
--licenses=https://compute.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx

Once the image has been created, the following output will be shown, with a “READY” status:

You should then be able to see the newly created image in the Compute Engine “Images” landing page as shown in the figure below.

Creating The VM

Now that we have created the custom nested image, the next step is to use this image to create and launch a new VM for EVE-NG.  To do this, go to the Compute Engine “VM instances” landing page and click on the “Create Instance” button from the top menu bar, as shown below.

In the “Create an instance” form, enter the following configuration details as shown in the figure below, and click on the “Create” button once done.

  • Name:  Specify a name for the VM (eg. “eve-ng”).
  • Region/Zone:  The GCP region and zone where the VM will be housed (eg.  “northamerica-northeast1” / “northamerica-northeast1-a”).
  • Machine configuration – Series:  The machine type family for the VM (eg. “N1”)
  • Machine type:  Select from one of the predefined machine types for the VM (eg. “n1-standard-8”), or specify your own with a custom number of vCPU cores and memory.
  • CPU Platform:  In order to ensure support for nested virtualization, be sure to select “Intel Haswell or later”.
  • Deploy a container image to this VM instance:  Be sure to leave this option unchecked.
  • Firewall – Allow HTTP traffic:  Select this option if using the Community version of EVE-NG.
  • Firewall – Allow HTTPS traffic:  Select this option if using the Pro version of EVE-NG.
  • IP Forwarding:  By default, a VM cannot forward a packet originated by another VM.  Select “On” to enable IP Forwarding to get around this restriction.
  • Boot disk:  Click on the “Change” button and follow the instructions immediately following the screenshot below.

The “Boot Disk” section (highlighted in orange in the above screenshot) is where we attach the custom nested Ubuntu VM image we created earlier.  Upon clicking on the “Change” button, we see the “Boot disk” popup window shown below.  Click on the “Custom images” tab, and for the “Image” dropdown field, select the “nested-ubuntu-bionic” image created earlier.  In addition, specify the desired size of the boot disk (eg. 100 GB) in the “Size (GB)” field.  Click on “Select” to save the changes and return back to the “Create an instance” form.

Verify The CPU Supports Nested Virtualization

As stated above, nested virtualization using KVM is only supported on Intel Haswell CPUs or newer.  KVM requires a CPU that supports hardware virtualization (ie. Intel VT-x or AMD-V).  To quickly check if our processor supports one of these, we can run the “egrep -c ‘(vmx|svm)’ /proc/cpuinfo” command and inspect the output:

openeye@eve-ng:~$ egrep -c '(vmx|svm)' /proc/cpuinfo
8

If the above command returns a 0, then that means your CPU does not support hardware virtualization.  Otherwise, if it returns a 1 or another number, then that means hardware virtualization is supported.

Another check we can run is to use the “kvm-ok” command to determine if the system can run hardware accelerated KVM VMs (ie. possesses virtualization technology).  To use this command, we first have to install the “cpu-checker” package:

openeye@eve-ng:~$ sudo apt-get install cpu-checker
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
msr-tools
The following NEW packages will be installed:
cpu-checker msr-tools
...
[ CONTENT OMITTED FOR BREVITY ]
...
Setting up cpu-checker (0.7-0ubuntu7) ...

Once “cpu-checker” has been installed, we can simply run “kvm-ok”:

openeye@eve-ng:~$ kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used

If we get an output like that shown above, then we are in good shape.  If, however, KVM acceleration is not supported on our system, then we will see an output like the following:

INFO: Your CPU does not support KVM extensions
KVM acceleration can NOT be used

Installing EVE-NG

Now we are ready to begin installation of EVE-NG.  First, we must SSH to our newly launched VM and jump to root using “sudo -i”.  Then, we launch one of two installation scripts, depending on whether we plan to install the EVE-NG Professional edition or the EVE-NG Community edition:

  • For the Professional edition, run the following:

wget -O - https://www.eve-ng.net/repo/install-eve-pro.sh | bash -i

  • For the Community edition, run the following:

wget -O - https://www.eve-ng.net/repo/install-eve.sh | bash -i

For this blog post, we are going to install the Professional edition:

openeye@eve-ng:~$ sudo -i
root@eve-ng:~#
root@eve-ng:~# wget -O - https://www.eve-ng.net/repo/install-eve-pro.sh | bash -i
root@eve-ng:~# --2020-04-14 04:15:56-- https://www.eve-ng.net/repo/install-eve-pro.sh
Resolving www.eve-ng.net (www.eve-ng.net)... 51.89.118.57, 2001:41d0:701:1000::352
Connecting to www.eve-ng.net (www.eve-ng.net)|51.89.118.57|:443... connected.
HTTP request sent, awaiting response... 200 OK
...
[ CONTENT OMITTED FOR BREVITY ]
...
root@eve-ng:~# apt-get -y install software-properties-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
software-properties-common is already the newest version (0.96.20.9).
...
[ CONTENT OMITTED FOR BREVITY ]
...
root@eve-ng:~# #sudo add-apt-repository "deb [arch=amd64] http://www.eve-ng.net/repo xenial main"
root@eve-ng:~# echo "deb [arch=amd64] http://www.eve-ng.net/repo xenial main" > /etc/apt/sources.list.d/eve-ng.list
root@eve-ng:~# apt-get update
Hit:1 http://us-central1.gce.archive.ubuntu.com/ubuntu xenial InRelease
...
[ CONTENT OMITTED FOR BREVITY ]
...
root@eve-ng:~# /etc/init.d/mysql restart
[ ok ] Restarting mysql (via systemctl): mysql.service.
root@eve-ng:~# DEBIAN_FRONTEND=noninteractive apt-get -y install eve-ng-pro
Reading package lists... Done
Building dependency tree
Reading state information... Done
eve-ng-pro is already the newest version (2.0.6-44).
...
[ CONTENT OMITTED FOR BREVITY ]
...
root@eve-ng:~# rm -fr /var/lib/docker/aufs
rm: cannot remove '/var/lib/docker/aufs': Device or resource busy
root@eve-ng:~# DEBIAN_FRONTEND=noninteractive apt-get -y install eve-ng-pro
Reading package lists... Done
Building dependency tree
Reading state information... Done
eve-ng-pro is already the newest version (2.0.6-44).
...
[ CONTENT OMITTED FOR BREVITY ]
...
root@eve-ng:~# cp /lib/firmware/bnx2/*.fw /lib/firmware/4.9.40-eve-ng-ukms-2+/bnx2/
cp: target '/lib/firmware/4.9.40-eve-ng-ukms-2+/bnx2/' is not a directory
root@eve-ng:~# # Detect cloud
root@eve-ng:~#
root@eve-ng:~#
root@eve-ng:~# gcp_tune () {
> sed -i -e 's/NAME="ens.*/NAME="eth0"/' /etc/udev/rules.d/70-persistent-net.rules
> sed -i -e 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
> echo root:eve | chpasswd 2>&1 > /dev/null
> mv /boot/vmlinuz-*gcp /root
> update-grub2
> }
...
[ CONTENT OMITTED FOR BREVITY ]
...
root@eve-ng:~# exit
root@eve-ng:~#

After the above installation script completes execution, we update and upgrade our new EVE-NG, and reboot the system:

root@eve-ng:~# apt update
Hit:1 http://us-central1.gce.archive.ubuntu.com/ubuntu xenial InRelease
Hit:2 http://us-central1.gce.archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:3 http://us-central1.gce.archive.ubuntu.com/ubuntu xenial-backports InRelease
Hit:4 http://archive.canonical.com/ubuntu xenial InRelease
Hit:5 http://security.ubuntu.com/ubuntu xenial-security InRelease
Hit:6 http://www.eve-ng.net/repo xenial InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.

root@eve-ng:~# apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

root@eve-ng:~# reboot
Connection to 10.128.100.202 closed by remote host.
Connection to 10.128.100.202 closed.

Once the system back up, login once again via SSH, and you should see the following IP setup wizard screen:

Important: Before typing anything in the screenshot above, you must first hit Ctrl+C and type “sudo -i” in order to become root (as shown below).  Then press Enter to continue.  You will then be returned back to the screen above, where you can then proceed to type in your new root password and hit Enter to continue.

You will once again be prompted to retype your root password, as shown below.  Press Enter to continue.

Next, you will be prompted to enter the hostname for the system, as shown below.  Type it in here (eg. “eve-ng”) and press Enter to continue.

After this, you will see a screen (see below) prompting for the DNS domain name.  Enter the domain name here (eg. “openeye.blog”) and press Enter to continue.

Important: in the next screen that appears (shown below), when prompted to use DHCP or Static IP Address, be sure to select DHCP and press Enter to continue.

In the next screen (shown below), we are prompted to enter the hostname or IP address of the NTP server.  In the example below, we leave the field empty and simply press Enter to continue.

Finally, in the last screen shown below, choose how the VM will connect to the Internet.  In the example below we select “direct connection” and press Enter to continue.

After the last screen above, the IP setup wizard exits and the system will reboot.  Wait for the system to come back online before continuing.  Once the EVE-NG VM reboots, we have to SSH back in and complete the installation by updating EVE and installing “eve-ng-dockers”.  We do this by becoming root and running the “apt update” and “apt install eve-ng-dockers” commands respectively.  This is shown below.

openeye@eve-ng:~$ sudo -i
root
root@eve-ng:~# apt update
Get:1 http://us-central1.gce.archive.ubuntu.com/ubuntu xenial InRelease [247 kB]
Get:2 http://us-central1.gce.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
...
[ CONTENT OMITTED FOR BREVITY ]
...
root@eve-ng:~# apt install eve-ng-dockers
Reading package lists... Done
Building dependency tree
Reading state information... Done
...
[ CONTENT OMITTED FOR BREVITY ]
...
e0a006d696bd: Pull complete
221e4c7769f6: Pull complete
857522cf97c9: Pull complete
f7c7d419cd63: Pull complete
Digest: sha256:f2145661266dd9e624ff05a5246d89e3f88a9fad2c0829f8945dce35e1ba09cd
Status: Downloaded newer image for eveng/eve-gui-server:1.25
Untagged: eveng/eve-gui-server:1.25
Untagged: eveng/eve-gui-server@sha256:f2145661266dd9e624ff05a5246d89e3f88a9fad2c0829f8945dce35e1ba09cd
root@eve-ng:~#

And that’s it!  EVE-NG should now be up and running.  Simply point your browser to https://<your_vm_ip_address&gt;, and you should see the following login screen, shown below.  Note the following default login credentials (be sure to change these upon first login):

  • Default Username = admin
  • Default Password = eve

In the next blog post, Part 2 of this series, we will explore how to create a simple network topology using EVE-NG and how we can connect this virtual topology to other external server VMs (outside of EVE-NG) in our larger GCP environment.

Advertisements

One comment

Leave a Reply