Introduction
The example setup script in this article is referred to by the Clavister Getting Started Guide for cOS Core running under KVM on an x86 platform. The script is written in bash and is not supported by Clavister. It is provided only as a reference example and it can be freely used, modified or redistributed, subject to the GPL open source license. The script should be adaptable for use with KVM running under most Linux distributions.
prepare.sh
#!/bin/bash
clear
echo "# :'######::'##::::::::::'###::::'##::::'##:'####::'######::'########:'########:'########::
# '##... ##: ##:::::::::'## ##::: ##:::: ##:. ##::'##... ##:... ##..:: ##.....:: ##.... ##:
# ##:::..:: ##::::::::'##:. ##:: ##:::: ##:: ##:: ##:::..::::: ##:::: ##::::::: ##:::: ##:
# ##::::::: ##:::::::'##:::. ##: ##:::: ##:: ##::. ######::::: ##:::: ######::: ########::
# ##::::::: ##::::::: #########:. ##:: ##::: ##:::..... ##:::: ##:::: ##...:::: ##.. ##:::
# ##::: ##: ##::::::: ##.... ##::. ## ##:::: ##::'##::: ##:::: ##:::: ##::::::: ##::. ##::
# . ######:: ########: ##:::: ##:::. ###::::'####:. ######::::: ##:::: ########: ##:::. ##:
# :......:::........::..:::::..:::::...:::::....:::......::::::..:::::........::..::::v0.09"
echo " "
echo "This script will create a virtual Clavister security gateway running under KVM."
echo "All questions asked by the script must be answered."
echo "It is assumed that KVM is installed plus either Open vSwitch or bridge-utils."
echo "Script help can be found in the Clavister Getting Started Guide for KVM."
echo " "
if=$(ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
echo "The IPs detected on this computer are: " $if
echo " "
echo -n "Enter the IP address for VNC access to the security gateway: "
read ip
echo " "
echo -n "Enter the VNC listening port number. Any Linux firewall, such as iptables, must allow traffic on this port: "
read port
check_port=$(netstat -ln | grep ":$port " | grep 'LISTEN')
while [ "${check_port}" != "" ]
do
echo "That port is already in use!"
echo -n "Choose another port number: "
read port
check_port=$(netstat -ln | grep ":$port " | grep 'LISTEN')
done
echo "VNC access set to: " $ip":"$port
echo " "
echo "Enter the name of the new security gateway. "
echo -n "This will also be the name of the XML configuration file created: "
read name
echo " "
Dist=$(cat /etc/*-release | grep debian)
if [ -z "$Dist" ]; then
emu1=$(whereis qemu-kvm | awk '{ print $2}')
emu2=$(whereis qemu-system-x86_64 | awk '{ print $2}')
emu3=$(whereis kvm-spice | awk '{ print $2}')
if [ "${emu1}" != "" ]; then
emu=$emu1
elif [ "${emu2}" != "" ]; then
emu=$emu2
elif [ "${emu3}" != "" ]; then
emu=$emu3
fi
else
emu1=$(which qemu-system-x86_64 | awk '{ print $1}')
emu2=$(which qemu-kvm | awk '{ print $1}')
emu3=$(which kvm-spice | awk '{ print $1}')
if [ "${emu1}" != "" ]; then
emu=$emu1
elif [ "${emu2}" != "" ]; then
emu=$emu2
elif [ "${emu3}" != "" ]; then
emu=$emu3
fi
fi
###### User choise between openswitch or bridge-utilities##############
echo "Is Open vSwitch or bridge-utils going to be used for networking? "
echo "1) bridge-utils"
echo "2) Open vSwitch"
echo -n "Enter Choice:"
read -e input
if [[ $input = '1' ]]; then
#### jump to openswitch###
echo " "
echo "##################################################################################################"
echo "Clavister Virtual Security Gateways use three pre-configured virtual interfaces: If1, If2 and If3.
Virtual interfaces must be mapped to the available Linux bridges or physical adapters.
In SR-IOV mode, please refer to the KVM manual for physical adapters or adapters."
echo "##################################################################################################"
brctl_check=$(brctl show | awk '{ print $1 }' | awk '{if(NR>1)print}')
if [ -z "$brctl_check" ]; then
echo "No bridges found! - Aborting Setup in 5 sec. "
echo "Please download and install bridge-utils for networking. "
sleep 5
exit 1
else
echo "The following bridges were found:"
fi
echo ""
brctl show | awk '{ print $1 }' | awk '{if(NR>1)print}' > brctl
filename=./brctl
count=$(cat $filename | wc -l)
declare -a array1
array1=( `cat "$filename"`)
nr=0
for i in $(eval echo "{1..$count}")
do
br_iface=${array1[$nr]}
echo "Bridge interface: " $br_iface
nr=$(($nr + 1))
array10=${array1[0]}
array11=${array1[1]}
array12=${array1[2]}
done
if [ -z "$array11" ] && [ -z "$array12" ]; then
array11=${array1[0]}
array12=${array1[0]}
fi
if [ -z "$array12" ]; then
array12=${array1[1]}
fi
echo " "
echo "The following interface to bridge mapping will be used:"
echo "cOS Core interface Mapped bridge"
echo "------------------ -----------------"
echo " If1<------------->$array10"
echo " If2<------------->$array11"
echo " If3<------------->$array12"
echo " "
echo "Do you want to map the bridges in that order? "
echo "y) Yes"
echo "n) No"
echo -n "Enter Choice: "
read -e input
echo
if [[ $input = 'n' ]]; then
echo -n "Virtual security gateway If1 bridge: "
read array10
echo -n "Virtual security gateway If2 bridge: "
read array11
echo -n "Virtual security gateway If3 bridge: "
read array12
echo "The following interface to bridge mapping will be used:"
echo "cOS Core interface Mapped bridge"
echo "------------------ ------------------"
echo " If1<------------->$array10"
echo " If2<------------->$array11"
echo " If3<------------->$array12"
else [[ $input = 'y' ]];
fi
emu1=$(whereis qemu-kvm | awk '{ print $2}')
emu2=$(whereis qemu-system-x86_64 | awk '{ print $2}')
emu3=$(whereis kvm-spice | awk '{ print $2}')
if [ "${emu1}" != "" ]; then
emu=$emu1
elif [ "${emu2}" != "" ]; then
emu=$emu2
elif [ "${emu3}" != "" ]; then
emu=$emu3
fi
echo " "
echo "Emulator: "$emu
source_file=$(pwd)
echo "Path: "$source_file
machine=pc
echo "Machine: "$machine
echo " "
echo "Is all the above information correct? "
echo "y) Yes"
echo "n) No"
echo -n "Enter choice: "
read -e input
echo
if [[ $input = 'n' ]]; then
exit 1
else [[ $input = 'y' ]];
fi
echo "<domain type='kvm' id='34'>
<name>$name</name>
<memory unit='KiB'>262144</memory>
<currentMemory unit='KiB'>262144</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='$machine'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>$emu</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='none' io='native'/>
<source file='$source_file/Core-clone.img'/>
<target dev='hda' bus='ide'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<interface type='bridge'>
<source bridge='$array10'/>
<model type='virtio'/>
<driver name='vhost' txmode='timer' ioeventfd='on' event_idx='off'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x13' function='0x0'/>
</interface>
<interface type='bridge'>
<source bridge='$array11'/>
<model type='virtio'/>
<driver name='vhost' txmode='timer' ioeventfd='on' event_idx='off'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</interface>
<interface type='bridge'>
<source bridge='$array12'/>
<model type='virtio'/>
<driver name='vhost' txmode='timer' ioeventfd='on' event_idx='off'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</interface>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='$port' autoport='no' listen='$ip'>
<listen type='address' address='$ip'/>
</graphics>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</memballoon>
</devices>
</domain>" > ./$name.xml
rm -rf ./brctl
echo ""
echo "The file $name.xml that defines the virtual security gateway has been created!"
echo "Do you want to add this security gateway to KVM now? "
echo "y) Yes"
echo "n) No"
echo -n "Enter a choice: "
read -e input
echo
if [[ $input = 'y' ]]; then
define=$(virsh define $name.xml)
else [[ $input = 'n' ]];
echo "Not added! You will need to create the virtual machine manually using virsh with $name.xml."
exit 1
fi
echo $define
if [ -z "$define" ]; then
echo " "
else
echo "Do you want to start up the security gateway now? "
echo "y) Yes"
echo "n) No"
echo -n "Enter a choice: "
read -e input
echo
if [[ $input = 'y' ]]; then
Start=$(virsh start $name)
echo "Security gateway $name started!"
else [[ $input = 'n' ]];
echo " "
fi
fi
exit 1
###############Open vSwitch config###########################
else [[ $input = '2' ]];
echo " "
echo "##################################################################################################"
echo "Clavister Virtual Security Gateways use three pre-configured virtual interfaces: If1, If2 and If3.
Virtual interfaces must be mapped to the available Linux bridges or physical adapters.
In SR-IOV mode, please refer to the KVM manual for physical adapters or adapters."
echo "##################################################################################################"
Openvswitch=$(lsmod | grep openvswitch | awk '{if(NR<2)print}')
if [ -z "$Openvswitch" ]; then
echo "No bridges found! - Aborting setup in 5 sec. "
echo "Please download and install Open vSwitch for networking. "
sleep 5
exit 1
else
echo ""
fi
echo ""
Vhost_net=$(lsmod | grep vhost_net | awk '{ print $1 }' | awk '{if(NR<2)print}')
if [ -z "$Vhost_net" ]; then
echo "vhost_net module not loaded. "
echo "Attempting to load module..."
modprobe vhost_net
sleep 2
fi
Vhost_net=$(lsmod | grep vhost_net | awk '{ print $1 }' | awk '{if(NR<2)print}')
if [ -z "$Vhost_net" ]; then
echo "vhost_net module not loaded. "
echo "Aborting setup! "
else
echo "vhost_net module loaded. "
fi
echo ""
echo "The following bridges were found: "
ovs-vsctl list-br | awk '{ print $1 }' | awk '{if(NR>0)print}' > openvswitch
filename=./openvswitch
count=$(cat $filename | wc -l)
declare -a array1
array1=( `cat "$filename"`)
nr=0
for i in $(eval echo "{1..$count}")
do
br_iface=${array1[$nr]}
echo "Bridge interface: " $br_iface
nr=$(($nr + 1))
array10=${array1[0]}
array11=${array1[1]}
array12=${array1[2]}
done
if [ -z "$array11" ] && [ -z "$array12" ]; then
array11=${array1[0]}
array12=${array1[0]}
fi
if [ -z "$array12" ]; then
array12=${array1[1]}
fi
echo " "
echo "The following interface to bridge mapping will be used:"
echo "cOS Core interface Mapped bridge"
echo "------------------ -----------------"
echo " If1<------------->$array10"
echo " If2<------------->$array11"
echo " If3<------------->$array12"
echo " "
echo "Do you want to add the bridges in that order? "
echo "y) Yes"
echo "n) No"
echo -n "Enter a choice: "
read -e input
echo
if [[ $input = 'n' ]]; then
echo -n "Virtual security gateway If1 bridge: "
read array10
echo -n "Virtual security gateway If2 bridge: "
read array11
echo -n "Virtual security gateway If3 bridge: "
read array12
echo "The following interface to bridge mapping will be used:"
echo "cOS Core interface Mapped bridge"
echo "------------------ ------------------"
echo " If1<------------->$array10"
echo " If2<------------->$array11"
echo " If3<------------->$array12"
else [[ $input = 'y' ]];
fi
echo " "
echo "Emulator: "$emu
source_file=$(pwd)
echo "Path: "$source_file
machine=pc
echo "Machine: "$machine
echo " "
echo "Is all the above information correct? "
echo "y) Yes"
echo "n) No"
echo -n "Enter Choice: "
read -e input
echo
if [[ $input = 'n' ]]; then
exit 1
else [[ $input = 'y' ]];
fi
echo "<domain type='kvm' id='34'>
<name>$name</name>
<memory unit='KiB'>262144</memory>
<currentMemory unit='KiB'>262144</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='$machine'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>$emu</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='none' io='native'/>
<source file='$source_file/Core-clone.img'/>
<target dev='hda' bus='ide'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<interface type='bridge'>
<source bridge='$array10'/>
<virtualport type='openvswitch'>
</virtualport>
<model type='virtio'/>
<driver name='vhost' txmode='timer' ioeventfd='on' event_idx='off'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x13' function='0x0'/>
</interface>
<interface type='bridge'>
<source bridge='$array11'/>
<virtualport type='openvswitch'>
</virtualport>
<model type='virtio'/>
<driver name='vhost' txmode='timer' ioeventfd='on' event_idx='off'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</interface>
<interface type='bridge'>
<source bridge='$array12'/>
<virtualport type='openvswitch'>
</virtualport>
<model type='virtio'/>
<driver name='vhost' txmode='timer' ioeventfd='on' event_idx='off'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</interface>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='$port' autoport='no' listen='$ip'>
<listen type='address' address='$ip'/>
</graphics>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</memballoon>
</devices>
</domain>" > ./$name.xml
rm -rf ./openvswitch
echo ""
echo "The file $name.xml that defines the virtual security gateway has been created."
echo "Do you want to add this security gateway to KVM now? "
echo "y) Yes"
echo "n) No"
echo -n "Enter a choice: "
read -e input
echo
if [[ $input = 'y' ]]; then
define=$(virsh define $name.xml)
else [[ $input = 'n' ]];
echo "Not added! You will need to create the virtual machine manually using virsh with $name.xml."
exit 1
fi
echo $define
if [ -z "$define" ]; then
echo " "
else
echo "Do you want to start up the security gateway? "
echo "y) Yes"
echo "n) No"
echo -n "Enter a choice: "
read -e input
echo
if [[ $input = 'y' ]]; then
Start=$(virsh start $name)
echo "Security gateway started!"
else [[ $input = 'n' ]];
echo " "
fi
fi
fi
exit 1
Related articles
Running cOS Core 14.00 on M1 based Apple Devices with QEMU
24 Nov, 2021 core arm kvm
24 Nov, 2021 core arm kvm
NetWall virtual firewall creation under KVM on ARM
20 May, 2021 kvm core arm coscore netwall
20 May, 2021 kvm core arm coscore netwall
How many vCPUs and how much memory do the different NetWall Virtual Appliances support?
20 Mar, 2024 arm x86 core kvm vmware hyperv
20 Mar, 2024 arm x86 core kvm vmware hyperv