Deploy the VM

The VM image is provided as a gzip file. It should be decompressed to get the qcow2 image to deploy as a VM.

The FTAS VM has Aviz ONES integrated into it and will take some time to initialise after the first boot.

sonic@sonic-39:~$ gunzip -c ftas_ones_vmi_1.1.2.qcow2.gz > ftas_ones_vmi_1.1.2.qcow2
sonic@sonic-39:~$ ls -l
total 8302936
-rw-rw-r-- 1 sonic sonic 4929683456 Feb 21 06:21 ftas_ones_vmi_1.1.2.qcow2
-rw-rw-r-- 1 sonic sonic 3572510886 Feb 21 06:20 ftas_ones_vmi_1.1.2.qcow2.gz
sonic@sonic-39:~$ 

You can connect to the console port of the VM to see the installation logs.

Create the VM using GUI App virt-manager

If your host server has Ubuntu Desktop and virt-manager installed you can use it to deploy the VM. Make sure you can start the Virtual Machine Manager and that it connects successfully to the local hypervisor.

Figure 2: Virt-Manager

Creating a VM with virt-manager is very straightforward, Use the following steps to deploy the FTAS VM

• File -> New Virtual Machine -> Import existing disk image -> Forward

Figure 3: Create new VM from existing disk image

• Browse to the FTAS disk image location and select Ubuntu as the OS name

• Click "Forward" and select vCPU (min 2 cores) and Memory (4GB) for the VM

Figure 4: Set vCPU and memory

• Click "Forward", give your VM a name and check "Customize configuration before install"

• Select "NIC ...", in the "Network source" select the Linux bridge you created on the host machine

Figure 5: Network selection

• Apply the configuration and start the VM

Create the VM using XML configuration

• Create an XML configuration file from the following template

vi ftas.xml

<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  <name>FTAS_VM01</name>
  <memory unit='KiB'>4194304</memory>
  <currentMemory unit='KiB'>4194304</currentMemory>
  <vcpu placement='static'>4</vcpu>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='x86_64' machine='pc-i440fx-1.5'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='writeback'/>
      <source file='/home/oper/taas_vm/taas_vm_v3.qcow2' />
      <target bus='virtio' dev='vda'/>
    </disk>
    <serial type='pty'>
      <source path='/dev/pts/3'/>
      <target port='0'/>
    </serial>
    <!-- Management interface eth0 -->
    <interface type='network'>
	<model type='e1000' />
        <source network='br0'/>
        <address type='pci' domain='0x0000' bus='0x00' slot='0x00' function='0x0'/>
    </interface>
   <controller type='usb' index='0'/>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </memballoon>
  </devices>
</domain>

The below lines can be changed to customize the VM installation:

• Line #2 the Name of the VM

• Lines #3 & #4 the amount of System Memory for the VM

• Line #5 the number of vCPU Core for the VM

• Line #25 the Path to the qcow2 VM image file

• Line #35 the name of the Linux bridge on the host machine

• Create a Linux bridge configuration file (bridged-network.xml) for libvirt from the following template

vi bridged-network.xml

<network>
    <name>br0</name>
    <forward mode="bridge" />
    <bridge name="br0" />
</network>

• Line #4 the name of the Linux bridge on the host machine

• Define the Linux bridge for the VM

#Execute the below command to attach the VM to the Linux Bridge 
sonic@sonic-39:~$ virsh net-define bridged-network.xml
sonic@sonic-39:~$ virsh net-start br0
sonic@sonic-39:~$ virsh net-autostart br0
sonic@sonic-39:~$ virsh net-list
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 br0                  active     yes           yes

sonic@sonic-39:~$ 

• Start the VM

virsh create <VM XML configuration file>

#sonic@sonic-39:~$ virsh create ftas.xml 
#Domain FTAS_VM01 created from ftas.xml
#sonic@sonic-39:~$ 

If you see a permission error run the virsh command with sudo may fix the issue

• Check the VM status

sonic@sonic-39:~$ virsh list
 Id    Name                           State
----------------------------------------------------
 8     FTAS_VM01                      running
sonic@sonic-39:~$ 

Configure the IP address on the VM

1. If there is a DHCP server on the management network the VM will obtain its IP configuration from the DHCP server

2. If there is no DHCP server or you want to configure the IP address statically, Follow the below steps

• Enter VM console

sonic@sonic-39:~$ virsh console FTAS_VM01
Connected to domain ftas03
Escape character is ^]

ftasvm login: 

The default username is 'oper' with the default password 'oper@123'

• Check connections and devices

sudo nmcli con show

oper@ftasvm:~$ sudo nmcli con show
NAME                UUID                                  TYPE      DEVICE 
Wired connection 1  782de6d4-3867-3c5e-95fb-061ae39e5fae  ethernet  eth0   
oper@ftasvm:~$ 
# Capture the connection NAME of eth0 device

• Release IP assigned by DHCP

sudo dhclient -v -r

oper@ftasvm:~$ sudo dhclient -v -r
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/veth1dcacbe/b6:bc:e5:4a:7e:1f
Sending on   LPF/veth1dcacbe/b6:bc:e5:4a:7e:1f
<..>
Sending on   Socket/fallback
oper@ftasvm:~$ 

• Configure static IP for the connection

sudo nmcli con mod "Wired connection 1" ipv4.addresses <ip address>/<prefix>

#Example - sudo nmcli con mod "Wired connection 1" ipv4.addresses 192.168.0.37/24

• Set a default Gateway address

sudo nmcli connection modify "Wired connection 1" ipv4.gateway <GW Address>

#Example - sudo nmcli connection modify "Wired connection 1" ipv4.gateway 192.168.0.1

• Set the IP configuration mode to manual

sudo nmcli con mod "Wired connection 1" ipv4.method manual

• Reapply the configuration to the interface

sudo nmcli device reapply <dev_name>

#Example - sudo nmcli device reapply eth0

• Verify the IP address

#verify the IP address
ip a

oper@ftasvm:~$ ip a
<..>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:37:3c:5c brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.37/25 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::70a4:9f2e:658c:4d29/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
<..>
oper@ftasvm:~$ 


#Verify IP method
oper@ftasvm:~$ sudo nmcli -f ipv4.method con show "Wired connection 1"
ipv4.method:                            manual
oper@ftasvm:~$ 

Test FTAS VM reachability from outside the VM, if the VM is not reachable please check the access rule at the below location,

Host Machine

sonic@sonic-39:~$ cat /proc/sys/net/bridge/bridge-nf-call-iptables 
1
sonic@sonic-39:~$ 

If the above value is 1 please change it to 0 and the reachability issue should be resolved

Host Machine

sudo echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables 

There are some scaling scripts that require multiple network service servers (NTP, SYSLOG, TACACS+, etc.). In order to simulate this, we can add a secondary IP address to the VM NIC.

To add a secondary IP address, use the command

FTAS VM

sudo nmcli con mod "<con_name>" +ipv4.addresses <ip address>/<prefix>
#Example - sudo nmcli con mod "Wired connection 1" ipv4.addresses 192.168.0.42/24

# Reapply config
sudo nmcli device reapply <dev_name>
#Example - sudo nmcli device reapply eth0

# Show IP address to verify
ip a
# Restart docker containers so their services can listen on new IP addresses

Network services containers

The FTAS VM has docker containers running and the following docker images installed:

• DHCP container image ztp_dhcp(DHCP sevice)

oper@ftasvm:~$ docker images
REPOSITORY    TAG       IMAGE ID       CREATED        SIZE
ztp_dhcp      v1        599313a03bfb   41 hours ago   83.3MB
netservices   v1        8a9c98506637   41 hours ago   259MB
oper@ftasvm:~$ d

ztp_dhcp(DHCP) services are not run by default as it might conflict with DHCP running in the DC infra.

• Net Services container image netservices:v1 (NTP, SYSLOG, TACACS+ services). This container is run with the "--network=host" option. If you need to change the configurations of the services please find them in the following configuration files.

# NTP configuration file:
/etc/ntp.conf

# SYSLOG Configuration file
/etc/syslog-ng/conf.d/syslog_ng.conf

# Log files location:
/var/log/sonic_logs/<IP address of devices>.log

# TACACS+ configuraration
/etc/tacacs+/tac_plus.conf

Dockers running by default:

oper@ftasvm:~$ docker ps -a
CONTAINER ID   IMAGE            COMMAND                  CREATED        STATUS        PORTS     NAMES
8add12060a57   netservices:v1   "/usr/bin/supervisord"   41 hours ago   Up 41 hours             net_services
oper@ftasvm:~$