This Ansible collection includes several roles to deploy GNS3 servers.
This code was tested with playbooks located in the playbooks
folder. The Ansible Collection was not yet tested.
I use it to provide infrastructure labs through GNS3 to people I meet in my training classes.
Usualy, you can follow four steps to do it, as the four following playbooks :
playbooks/provision.yml
: Provision Scaleway C2 instances (cheapest) or Packet servers (premium).playbooks/install-gns3-server.yml
: Install gns3-server stack with libvirtd/qemu/kvm, docker, fail2ban, openvpn, routing.playbooks/synchronize-gns3-files.yml
: Synchronize S3 bucket with default GNS3 folders on servers (AWS S3 object storage).playbooks/send-credits.yml
: Send credits to users. Everyone receives an email message telling him how to install an OpenVPN client, how to connect to the GNS3 server tunnel with the attached file, and how to install and configure the GNS3 client.
You can deploy or deprovision the solution in one step with those two playbooks :
deploy.yml
: This playbook read the four playbooks above.deprovision.yml
: Deprovision (terminate) servers.
Install pip
and git
:
- How to install pip on Windows?
- How do I install pip on macOS or OS X?
- Proper way to install pip on Ubuntu
Download this repo :
git clone https://github.com/goffinet/ansible-install-gns3-server
Install requirements :
cd ansible-install-gns3-server
pip install -r requirements.txt
You will find some inventories inside the playbooks/inventories
folder.
Minimal (without any provision, sending mail and files synchronization) :
[gns3server]
gns3server0 ansible_host="172.16.31.0" mail_to="[email protected]"
gns3server1 ansible_host="172.16.31.1" mail_to="[email protected]"
[all:vars]
ansible_ssh_user=root
ansible_ssh_pass=testtest
ansible_port=22
Full (with all features) :
[gns3server]
gns3server0.mydomain.com mail_to="[email protected]" provider="scw" scw_type="C2S"
gns3server1.mydomain.com mail_to="[email protected]" provider="packet"
[all:vars]
zone="mydomain.com"
ansible_ssh_user=root
provider="scw" # packet
scw_type="C2M"
scw_region="par1"
scw_image_name="Ubuntu Bionic Beaver"
scw_image_arch="x86_64"
scw_image_size=10000000000
packet_facility="ams1"
packet_plan="t1.small.x86"
packet_os="ubuntu_18_04"
packet_project_id="88bd4dc8-8fe1-4130-8968-67147209365e"
But you must also set secret variables in a file playbooks/vars/secret.yml
as it :
---
# Cloudflare DNS entries update
cloudflare_account_email: "[email protected]"
cloudflare_account_api_token: "XXXXX"
# Scaleway ID
scw_api_token: "XXXXX"
scw_organization: "XXXXX"
# Packet ID
packet_auth_token: "XXXXX"
# Google Mail ID
mail_secret: "secret_password"
from_secret: "[email protected]"
to_secret: "[email protected]"
# S3 files synchronization
S3_URL: s3.fr-par.scw.cloud
S3_REGION: FR-PAR
S3_ACCESS_KEY: "XXXXX"
S3_SECRET_KEY: "XXXXX"
It is strongly recommended to encrypt this file :
ansible-vault encrypt playbooks/vars/secret.yml
Some main parameters are defined in the playbooks/vars/main.yml
variables file.
---
## General variables
# EasyRSA variables
easyrsa_generate_dh: true
easyrsa_servers:
- name: server
easyrsa_clients:
- name: client
easyrsa_pki_dir: /etc/easyrsa/pki
# OpenVPN variables
openvpn_use_pam: false
openvpn_client_to_client: false
openvpn_comp_lzo: false
openvpn_unified_client_profiles: true
openvpn_keydir: "{{ easyrsa_pki_dir }}"
openvpn_clients: "{{ easyrsa_clients }}"
openvpn_download_clients: true
openvpn_download_dir: /tmp/
openvpn_server: 172.16.253.0 255.255.255.0
openvpn_route_traffic: true
openvpn_route_ranges:
- 192.168.122.0 255.255.255.0
# Docker variables
docker_users:
- gns3
# GNS3-server variables
gns3s_host: "172.16.253.1"
gns3s_port: "3080"
gns3s_home: /home/gns3/
# Files synchronization
gns3s_files:
- s3src: s3://labimages/gns3/images
s3dst: "{{ gns3s_home }}"
- s3src: s3://labimages/gns3/projects
s3dst: "{{ gns3s_home }}"
# - s3src: s3://labimages/gns3/appliances
# s3dst: /usr/share/gns3/gns3-server/lib/python3.6/site-packages/gns3server
easyrsa_conf_req_country: FR
easyrsa_conf_req_cn: "{{ inventory_hostname }}"
easyrsa_conf_req_province: "Paris"
easyrsa_conf_req_city: "Paris"
easyrsa_conf_req_org: "GNS3 labs"
easyrsa_conf_req_email: "root@{{ inventory_hostname }}"
easyrsa_conf_req_ou: "gns3labs"
If you already have a server on the hand, you can avoid the playbooks/provision.yml
playbook.
I use Cloudflare API with my domain to provide an easy name to remember for management. I you do not use a Cloudflare managed zone, please define the public IP address of your server in the ansible_host
inventory variable.
GNS3 is in constant development but we need a robust installation with dev or stable latest releases. The latest Ubuntu Bionic can use the GNS3 Release Team PPA repos. No need to support any virtualbox, vpcs or IOU in my scenarios. KVM and Docker are sufficient.
You can choose several Scaleway servers scw_type
:
- "C2S"
- "C2M"
- "C2L"
- "DEV1-S" (only for my own convenience)
Note: Scaleway offers also "premium" bare metal category. The provision function should be supported by a tool such as Terraform and integrated with Ansible configuration management. Terraform can be more "agile" for multi-vendors servers.
Or you can choose Packet servers packet_type
:
- "t1.small.x86" (default)
- "c1.small.x86"
- "t3.small.x86"
- "c3.small.x86"
Or you can choose any baremetal service provider, any real server or virtual machine (with nested virtualization) with a minimal Ubuntu Bionic (18.04) installation to use the following playbooks.
Roles embedded in the playbooks/install-gns3-server.yml
playbook :
- "create a ca" (nkakouros.easyrsa)
- "install openvpn" (Stouts.openvpn)
- "install libvirtd" (install-libvirtd)
- "install docker-engine" (geerlingguy.docker)
- "install gns3-server" (install-gns3-server)
- "install fail2ban" (install-fail2ban)
- "enable routing" (enable-routing)
The playbooks/synchronize-gns3-files.yml
synchronize several S3 bucket folder to the destination server. I use thoses variables to transfer my images and my projects to the servers (playbooks/vars/main.yml
) :
gns3s_files:
- s3src: s3://labimages/gns3/images
s3dst: "{{ gns3s_home }}"
- s3src: s3://labimages/gns3/projects
s3dst: "{{ gns3s_home }}"
Do not forget to fix and to protect the S3 credits :
# S3 files synchronization
S3_URL: s3.fr-par.scw.cloud
S3_REGION: FR-PAR
S3_ACCESS_KEY: "XXXXX"
S3_SECRET_KEY: "XXXXX"
The playbooks/send-credits.yml
playbook send a custom message in french or in english with the OpenVPN connexion file and the process to install and configure an Openvpn client and the GNS3 client software.
Do not forget to fix and to protect the mail credits :
# Google Mail ID
mail_secret: "secret_password"
from_secret: "[email protected]"
to_secret: "[email protected]"
[defaults]
inventory = ./inventories/hosts
#inventory=./inventories/scaleway_inventory.yml
private_key_file = ~/.ssh/id_rsa
forks = 16
#strategy = free
gathering = explicit
become = True
host_key_checking = False
ssh_args = -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
log_path = ./ansible.log
enable_plugins = host_list, script, yaml, ini, auto
vault_password_file = ~/.vault_passwords.txt
#display_ok_hosts = no
#display_skipped_hosts = no
callback_whitelist = profile_tasks
#[callback_profile_tasks]
#task_output_limit = 100