Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add vagrant playground #28

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add vagrant playground #28

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions vagrant/Corefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
.:5353 {
debug
bind 127.0.0.1
bind 192.168.100.10
wgsd example.com. wg0
}
11 changes: 11 additions & 0 deletions vagrant/README
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
Quick start instructions

Clone & build wgsd:
~# go get github.com/jwhited/wgsd

Start and provision VMs with Vagrant:
~# cd ~/go/src/github.com/jwhited/wgsd/vagrant
~# vagrant up

Setup Wireguard Mesh:
~# ./setup.sh
53 changes: 53 additions & 0 deletions vagrant/Vagrantfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|

config.trigger.before :up do |trigger|
trigger.run = {inline: "cp -uvf ../../../../../bin/coredns ../../../../../bin/wgsd-client ."}
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

on Darwin I get this error:

% vagrant up
Bringing machine 'registry' up with 'virtualbox' provider...
Bringing machine 'client-1' up with 'virtualbox' provider...
Bringing machine 'client-2' up with 'virtualbox' provider...
Bringing machine 'client-3' up with 'virtualbox' provider...
Bringing machine 'client-4' up with 'virtualbox' provider...
==> registry: Running action triggers before up ...
==> registry: Running trigger...
    registry: Running local: Inline script
    registry: cp -uvf ../../../../../bin/coredns ../../../../../bin/wgsd-client .
    registry: /bin/cp: illegal option -- u

I imagine this won't work unless the host is a Linux kernel. Instead of copying binaries from the host, can we build within setup.sh so that the Vagrantfile is portable across host OS? That also removes any cross compilation confusion.

end

config.vm.box = "ubuntu/focal64"

config.vm.synced_folder ".", "/vagrant", type: "rsync"

config.vm.provision "shell", inline: <<-SHELL
apt-get -y update
apt-get -y install wireguard
SHELL

config.vm.define "registry" do |registry|
registry.vm.hostname = "registry"
registry.vm.network "private_network", ip: "192.168.33.10"
registry.vm.provision "shell", inline: <<-SHELL
wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
cat > /etc/wireguard/wg0.conf << EOF
[Interface]
PrivateKey = $(cat /etc/wireguard/privatekey)
Address = 192.168.100.10/24
SaveConfig = True
ListenPort = 51820
EOF
chmod 600 /etc/wireguard/{privatekey,wg0.conf}
chmod 644 /etc/wireguard/publickey
chmod 711 /etc/wireguard
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
cat > /etc/rc.local << EOF
#!/bin/sh
/vagrant/coredns -conf /vagrant/Corefile | logger &
EOF
chmod 755 /etc/rc.local
sleep 1
/etc/rc.local
SHELL
end

(1..4).each do |i|
config.vm.define "client-#{i}" do |client|
client.vm.hostname = "client-#{i}"
client.vm.network "private_network", ip: "192.168.33.10#{i}"
end
end

end
39 changes: 39 additions & 0 deletions vagrant/add.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#!/bin/sh
set -eux

#
# on-board a new client
# connect it to the registry
#

VM=$1
ADDR=$2

SERVER_KEY=$(vagrant ssh registry -- cat /etc/wireguard/publickey)

vagrant ssh $VM -- sudo bash -s << EOF
wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
# linux config
cat > /etc/wireguard/wg0.conf << CLIENTEOF
[Interface]
PrivateKey = \$(cat /etc/wireguard/privatekey)
Address = $ADDR/24
SaveConfig = True
ListenPort = 51820
[Peer]
PublicKey = $SERVER_KEY
Endpoint = 192.168.33.10:51820
AllowedIPs = 192.168.100.10/32
CLIENTEOF
chmod 600 /etc/wireguard/{privatekey,wg0.conf}
chmod 644 /etc/wireguard/publickey
chmod 711 /etc/wireguard
EOF

CLIENT_KEY=$(vagrant ssh $VM -- cat /etc/wireguard/publickey)

vagrant ssh registry -- sudo wg set wg0 peer $CLIENT_KEY allowed-ips $ADDR/32

vagrant ssh $VM -- sudo systemctl enable wg-quick@wg0
vagrant ssh $VM -- sudo systemctl restart wg-quick@wg0
vagrant ssh $VM -- ping -c2 192.168.100.10
58 changes: 58 additions & 0 deletions vagrant/setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
#!/bin/bash
set -eux

#
# connect clients to the registry
# setup mesh between clients
#

MYDIR="$(dirname "$(readlink -f "$0")")"

# setup each client to connect to the registry (on-boarding)
"$MYDIR"/add.sh client-1 192.168.100.101
"$MYDIR"/add.sh client-2 192.168.100.102
"$MYDIR"/add.sh client-3 192.168.100.103
"$MYDIR"/add.sh client-4 192.168.100.104

# setup mesh connections between clients
KEY1="$(vagrant ssh client-1 -- cat /etc/wireguard/publickey)"
KEY2="$(vagrant ssh client-2 -- cat /etc/wireguard/publickey)"
KEY3="$(vagrant ssh client-3 -- cat /etc/wireguard/publickey)"
KEY4="$(vagrant ssh client-4 -- cat /etc/wireguard/publickey)"
vagrant ssh client-1 -- sudo bash -s << EOF
wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32
wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32
wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32
EOF
vagrant ssh client-2 -- sudo bash -s << EOF
wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32
wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32
wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32
EOF
vagrant ssh client-3 -- sudo bash -s << EOF
wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32
wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32
wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32
EOF
vagrant ssh client-4 -- sudo bash -s << EOF
wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32
wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32
wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32
EOF
# wgsd magic
vagrant ssh client-1 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com.
vagrant ssh client-2 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com.
vagrant ssh client-3 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com.
# client-4 has been connected to 1/2/3 at this point

# smoke-test: ping working means both directions work, no need for all combinations
vagrant ssh client-1 -- bash -s << EOF
ping -c2 192.168.100.102
ping -c2 192.168.100.103
ping -c2 192.168.100.104
EOF
vagrant ssh client-2 -- bash -s << EOF
ping -c2 192.168.100.103
ping -c2 192.168.100.104
EOF
vagrant ssh client-3 -- ping -c2 192.168.100.104