From 48707b7691db7dc21d9780547cced3ba91d76bfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20Ganne?= Date: Mon, 7 Dec 2020 12:04:23 +0100 Subject: [PATCH] add vagrant playground --- vagrant/Corefile | 6 +++++ vagrant/README | 11 +++++++++ vagrant/Vagrantfile | 53 +++++++++++++++++++++++++++++++++++++++++ vagrant/add.sh | 39 ++++++++++++++++++++++++++++++ vagrant/setup.sh | 58 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 167 insertions(+) create mode 100644 vagrant/Corefile create mode 100644 vagrant/README create mode 100644 vagrant/Vagrantfile create mode 100755 vagrant/add.sh create mode 100755 vagrant/setup.sh diff --git a/vagrant/Corefile b/vagrant/Corefile new file mode 100644 index 0000000..03d208b --- /dev/null +++ b/vagrant/Corefile @@ -0,0 +1,6 @@ +.:5353 { + debug + bind 127.0.0.1 + bind 192.168.100.10 + wgsd example.com. wg0 +} diff --git a/vagrant/README b/vagrant/README new file mode 100644 index 0000000..609648e --- /dev/null +++ b/vagrant/README @@ -0,0 +1,11 @@ +Quick start instructions + +Clone & build wgsd: +~# go get github.com/jwhited/wgsd + +Start and provision VMs with Vagrant: +~# cd ~/go/src/github.com/jwhited/wgsd/vagrant +~# vagrant up + +Setup Wireguard Mesh: +~# ./setup.sh diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile new file mode 100644 index 0000000..d8bba50 --- /dev/null +++ b/vagrant/Vagrantfile @@ -0,0 +1,53 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure("2") do |config| + + config.trigger.before :up do |trigger| + trigger.run = {inline: "cp -uvf ../../../../../bin/coredns ../../../../../bin/wgsd-client ."} + end + + config.vm.box = "ubuntu/focal64" + + config.vm.synced_folder ".", "/vagrant", type: "rsync" + + config.vm.provision "shell", inline: <<-SHELL + apt-get -y update + apt-get -y install wireguard + SHELL + + config.vm.define "registry" do |registry| + registry.vm.hostname = "registry" + registry.vm.network "private_network", ip: "192.168.33.10" + registry.vm.provision "shell", inline: <<-SHELL + wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey + cat > /etc/wireguard/wg0.conf << EOF +[Interface] +PrivateKey = $(cat /etc/wireguard/privatekey) +Address = 192.168.100.10/24 +SaveConfig = True +ListenPort = 51820 +EOF + chmod 600 /etc/wireguard/{privatekey,wg0.conf} + chmod 644 /etc/wireguard/publickey + chmod 711 /etc/wireguard + systemctl enable wg-quick@wg0 + systemctl start wg-quick@wg0 + cat > /etc/rc.local << EOF +#!/bin/sh +/vagrant/coredns -conf /vagrant/Corefile | logger & +EOF + chmod 755 /etc/rc.local + sleep 1 + /etc/rc.local + SHELL + end + + (1..4).each do |i| + config.vm.define "client-#{i}" do |client| + client.vm.hostname = "client-#{i}" + client.vm.network "private_network", ip: "192.168.33.10#{i}" + end + end + +end diff --git a/vagrant/add.sh b/vagrant/add.sh new file mode 100755 index 0000000..29e9b5a --- /dev/null +++ b/vagrant/add.sh @@ -0,0 +1,39 @@ +#!/bin/sh +set -eux + +# +# on-board a new client +# connect it to the registry +# + +VM=$1 +ADDR=$2 + +SERVER_KEY=$(vagrant ssh registry -- cat /etc/wireguard/publickey) + +vagrant ssh $VM -- sudo bash -s << EOF +wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey +# linux config +cat > /etc/wireguard/wg0.conf << CLIENTEOF +[Interface] +PrivateKey = \$(cat /etc/wireguard/privatekey) +Address = $ADDR/24 +SaveConfig = True +ListenPort = 51820 +[Peer] +PublicKey = $SERVER_KEY +Endpoint = 192.168.33.10:51820 +AllowedIPs = 192.168.100.10/32 +CLIENTEOF +chmod 600 /etc/wireguard/{privatekey,wg0.conf} +chmod 644 /etc/wireguard/publickey +chmod 711 /etc/wireguard +EOF + +CLIENT_KEY=$(vagrant ssh $VM -- cat /etc/wireguard/publickey) + +vagrant ssh registry -- sudo wg set wg0 peer $CLIENT_KEY allowed-ips $ADDR/32 + +vagrant ssh $VM -- sudo systemctl enable wg-quick@wg0 +vagrant ssh $VM -- sudo systemctl restart wg-quick@wg0 +vagrant ssh $VM -- ping -c2 192.168.100.10 diff --git a/vagrant/setup.sh b/vagrant/setup.sh new file mode 100755 index 0000000..0b98a3e --- /dev/null +++ b/vagrant/setup.sh @@ -0,0 +1,58 @@ +#!/bin/bash +set -eux + +# +# connect clients to the registry +# setup mesh between clients +# + +MYDIR="$(dirname "$(readlink -f "$0")")" + +# setup each client to connect to the registry (on-boarding) +"$MYDIR"/add.sh client-1 192.168.100.101 +"$MYDIR"/add.sh client-2 192.168.100.102 +"$MYDIR"/add.sh client-3 192.168.100.103 +"$MYDIR"/add.sh client-4 192.168.100.104 + +# setup mesh connections between clients +KEY1="$(vagrant ssh client-1 -- cat /etc/wireguard/publickey)" +KEY2="$(vagrant ssh client-2 -- cat /etc/wireguard/publickey)" +KEY3="$(vagrant ssh client-3 -- cat /etc/wireguard/publickey)" +KEY4="$(vagrant ssh client-4 -- cat /etc/wireguard/publickey)" +vagrant ssh client-1 -- sudo bash -s << EOF +wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32 +wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32 +wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32 +EOF +vagrant ssh client-2 -- sudo bash -s << EOF +wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32 +wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32 +wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32 +EOF +vagrant ssh client-3 -- sudo bash -s << EOF +wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32 +wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32 +wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32 +EOF +vagrant ssh client-4 -- sudo bash -s << EOF +wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32 +wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32 +wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32 +EOF +# wgsd magic +vagrant ssh client-1 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com. +vagrant ssh client-2 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com. +vagrant ssh client-3 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com. +# client-4 has been connected to 1/2/3 at this point + +# smoke-test: ping working means both directions work, no need for all combinations +vagrant ssh client-1 -- bash -s << EOF +ping -c2 192.168.100.102 +ping -c2 192.168.100.103 +ping -c2 192.168.100.104 +EOF +vagrant ssh client-2 -- bash -s << EOF +ping -c2 192.168.100.103 +ping -c2 192.168.100.104 +EOF +vagrant ssh client-3 -- ping -c2 192.168.100.104