diff --git a/README.md b/README.md index 1a5766e..68c50b4 100644 --- a/README.md +++ b/README.md @@ -27,4 +27,6 @@ ebtables -A FORWARD -p arp --arp-op Request --arp-ip-dst 240.0.0.1 -j DROP ebtables -L --Lc genisoimage -output seed.iso -volid cidata -joliet -rock meta-data user-data network-config + +socat -,raw,echo=0 unix-connect:/tmp/vm-monitor.sock ``` \ No newline at end of file diff --git a/frr/daemons b/frr/daemons new file mode 100644 index 0000000..2469907 --- /dev/null +++ b/frr/daemons @@ -0,0 +1,126 @@ +# This file tells the frr package which daemons to start. +# +# Sample configurations for these daemons can be found in +# /usr/share/doc/frr/examples/. +# +# ATTENTION: +# +# When activating a daemon for the first time, a config file, even if it is +# empty, has to be present *and* be owned by the user and group "frr", else +# the daemon will not be started by /etc/init.d/frr. The permissions should +# be u=rw,g=r,o=. +# When using "vtysh" such a config file is also needed. It should be owned by +# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. +# +# The watchfrr, zebra and staticd daemons are always started. +# +bgpd=yes +ospfd=no +ospf6d=no +ripd=no +ripngd=no +isisd=no +pimd=no +pim6d=no +ldpd=no +nhrpd=no +eigrpd=no +babeld=no +sharpd=no +pbrd=no +bfdd=no +fabricd=no +vrrpd=no +pathd=no + +# +# If this option is set the /etc/init.d/frr script automatically loads +# the config via "vtysh -b" when the servers are started. +# Check /etc/pam.d/frr if you intend to use "vtysh"! +# +vtysh_enable=yes +zebra_options=" -A 127.0.0.1 -s 90000000" +mgmtd_options=" -A 127.0.0.1" +bgpd_options=" -A 127.0.0.1" +ospfd_options=" -A 127.0.0.1" +ospf6d_options=" -A ::1" +ripd_options=" -A 127.0.0.1" +ripngd_options=" -A ::1" +isisd_options=" -A 127.0.0.1" +pimd_options=" -A 127.0.0.1" +pim6d_options=" -A ::1" +ldpd_options=" -A 127.0.0.1" +nhrpd_options=" -A 127.0.0.1" +eigrpd_options=" -A 127.0.0.1" +babeld_options=" -A 127.0.0.1" +sharpd_options=" -A 127.0.0.1" +pbrd_options=" -A 127.0.0.1" +staticd_options="-A 127.0.0.1" +bfdd_options=" -A 127.0.0.1" +fabricd_options="-A 127.0.0.1" +vrrpd_options=" -A 127.0.0.1" +pathd_options=" -A 127.0.0.1" + + +# If you want to pass a common option to all daemons, you can use the +# "frr_global_options" variable. +# +#frr_global_options="" + + +# The list of daemons to watch is automatically generated by the init script. +# This variable can be used to pass options to watchfrr that will be passed +# prior to the daemon list. +# +# To make watchfrr create/join the specified netns, add the the "--netns" +# option here. It will only have an effect in /etc/frr//daemons, and +# you need to start FRR with "/usr/lib/frr/frrinit.sh start ". +# +#watchfrr_options="" + + +# configuration profile +# +#frr_profile="traditional" +#frr_profile="datacenter" + + +# This is the maximum number of FD's that will be available. Upon startup this +# is read by the control files and ulimit is called. Uncomment and use a +# reasonable value for your setup if you are expecting a large number of peers +# in say BGP. +# +#MAX_FDS=1024 + +# Uncomment this option if you want to run FRR as a non-root user. Note that +# you should know what you are doing since most of the daemons need root +# to work. This could be useful if you want to run FRR in a container +# for instance. +# FRR_NO_ROOT="yes" + +# For any daemon, you can specify a "wrap" command to start instead of starting +# the daemon directly. This will simply be prepended to the daemon invocation. +# These variables have the form daemon_wrap, where 'daemon' is the name of the +# daemon (the same pattern as the daemon_options variables). +# +# Note that when daemons are started, they are told to daemonize with the `-d` +# option. This has several implications. For one, the init script expects that +# when it invokes a daemon, the invocation returns immediately. If you add a +# wrap command here, it must comply with this expectation and daemonize as +# well, or the init script will never return. Furthermore, because daemons are +# themselves daemonized with -d, you must ensure that your wrapper command is +# capable of following child processes after a fork() if you need it to do so. +# +# If your desired wrapper does not support daemonization, you can wrap it with +# a utility program that daemonizes programs, such as 'daemonize'. An example +# of this might look like: +# +# bgpd_wrap="/usr/bin/daemonize /usr/bin/mywrapper" +# +# This is particularly useful for programs which record processes but lack +# daemonization options, such as perf and rr. +# +# If you wish to wrap all daemons in the same way, you may set the "all_wrap" +# variable. +# +#all_wrap="" \ No newline at end of file diff --git a/frr/local/frr.conf b/frr/local/frr.conf new file mode 100644 index 0000000..83336d5 --- /dev/null +++ b/frr/local/frr.conf @@ -0,0 +1,25 @@ +# default to using syslog. /etc/rsyslog.d/45-frr.conf places the log in +# /var/log/frr/frr.log +# +# Note: +# FRR's configuration shell, vtysh, dynamically edits the live, in-memory +# configuration while FRR is running. When instructed, vtysh will persist the +# live configuration to this file, overwriting its contents. If you want to +# avoid this, you can edit this file manually before starting FRR, or instruct +# vtysh to write configuration to a different file. +log syslog informational +router bgp 65000 + bgp router-id 192.168.14.103 + no bgp default ipv4-unicast + neighbor fabric peer-group + neighbor fabric remote-as 65000 + neighbor fabric capability extended-nexthop + ! BGP sessions with route reflectors + neighbor 192.168.14.100 peer-group fabric + ! + address-family l2vpn evpn + neighbor fabric activate + advertise-all-vni + exit-address-family + ! +! \ No newline at end of file diff --git a/frr/route_reflector/frr.conf b/frr/route_reflector/frr.conf new file mode 100644 index 0000000..e69de29 diff --git a/seed/user-data b/seed/user-data index d9f4f50..ef42d83 100644 --- a/seed/user-data +++ b/seed/user-data @@ -5,4 +5,6 @@ users: passwd: "$5$K4nmmwy8HXUZvUbL$8987jEXLGdXyXhF5WPbscg5PjCXqN3jOo6lcjWXg5IC" doas: [permit nopass nicolas] ssh_authorized_keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDNxP6+vpKgqLfQ4aA90MezAkqgBtwXYWnhNQznXH6bU root@lab3 \ No newline at end of file + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDNxP6+vpKgqLfQ4aA90MezAkqgBtwXYWnhNQznXH6bU root@lab3 +ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDNxP6+vpKgqLfQ4aA90MezAkqgBtwXYWnhNQznXH6bU root@lab3 \ No newline at end of file