This document describes the steps to setup a virtual switch based testbed, deploy a T0 topology to it, and run a quick test to verify it is working as expected.
First, we need to prepare the host where we will be configuring the virtual testbed and running the tests.
-
Install Ubuntu AMD64 on your host or VM
- To setup a T0 topology, the server needs to have at least 20GB of memory free
- If the testbed host is a VM, then it must support nested virtualization
-
Prepare your environment based on different Ubuntu version, make sure that python and pip are installed
-
Option : If your host is Ubuntu 20.04
sudo apt install python3 python3-pip openssh-server
If the server was upgraded from Ubuntu 18.04, check the default python version using command
python --version
. If the default python version is still 2.x, replace it with python3 using symbolic link:sudo ln -sf /usr/bin/python3 /usr/bin/python
-
Option : If your host is Ubuntu 18.04
sudo apt install python python-pip openssh-server # v0.3.10 Jinja2 is required, lower version may cause uncompatible issue sudo pip install j2cli==0.3.10
-
-
Run the host setup script to install required packages and initialize the management bridge network
git clone https://github.com/sonic-net/sonic-mgmt
cd sonic-mgmt/ansible
sudo -H ./setup-management-network.sh
- Install Docker CE. Be sure to follow the post-install instructions so that you don't need sudo privileges to run docker commands.
We currently support EOS-based or SONiC VMs to simulate neighboring devices in the virtual testbed, much like we do for physical testbeds. To do so, we need to download the image to our testbed host.
- Download the vEOS image from Arista
- Copy below image files to
~/veos-vm/images
on your testbed host:Aboot-veos-serial-8.0.0.iso
vEOS-lab-4.20.15M.vmdk
- Download the cEOS image from Arista
- Import the cEOS image (it will take several minutes to import, so please be patient!)
docker import cEOS-lab-4.25.5.1M.tar.xz ceosimage:4.25.5.1M
After imported successfully, you can check it by 'docker images'
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ceosimage 4.25.5.1M fa0df4b01467 9 seconds ago 1.62GB
Note: For time being, the image might be updated, in that case you can't download the same version of image as in the instruction, please download the corresponding version(following Arista recommended release) of image and import it to your local docker repository. The actual image version that is needed in the installation process is defined in the file ansible/group_vars/all/ceos.yml, make sure you modify locally to keep it up with the image version you imported.
Note: Please also notice the type of the bit for the image, in the example above, it is a standard 32-bit image. Please import the right image as your needs.
-
Alternatively, you can host the cEOS image on a http server. Specify
vm_images_url
for downloading the image here. -
If a SAS key is required for downloading the cEOS image, specify
ceosimage_saskey
insonic-mgmt/ansible/vars/azure_storage.yml
.
If you want to skip downloading the image when the cEOS image is not imported locally, set skip_ceos_image_downloading
to true
in sonic-mgmt/ansible/group_vars/all/ceos.yml
. Then, when the cEOS image is not locally available, the scripts will not try to download it and will fail with an error message. Please use option 1 to download and import the cEOS image manually.
You need to prepare a sound SONiC image sonic-vs.img
in ~/veos-vm/images/
. We don't support to download sound sonic image right now, but for testing, you can also follow the section Download the sonic-vs image to download an available image and put it into the directory ~/veos-vm/images
To run the tests with a virtual SONiC device, we need a virtual SONiC image. The simplest way to do so is to download the latest succesful build.
- Download the sonic-vs image from here
wget "https://sonic-build.azurewebsites.net/api/sonic/artifacts?branchName=master&platform=vs&target=target/sonic-vs.img.gz" -O sonic-vs.img.gz
- Unzip the image and copy it into
~/sonic-vm/images/
and also~/veos-vm/images
gzip -d sonic-vs.img.gz
mkdir -p ~/sonic-vm/images
cp sonic-vs.img ~/sonic-vm/images
mkdir -p ~/veos-vm/images
mv sonic-vs.img ~/veos-vm/images
All testbed configuration steps and tests are run from a sonic-mgmt
docker container. This container has all the necessary packages and tools for SONiC testing so that test behavior is consistent between different developers and lab setups.
- Run the
setup-container.sh
in the root directory of the sonic-mgmt repository:
cd sonic-mgmt
./setup-container.sh -n <container name> -d /data
- From now on, all steps are running inside the sonic-mgmt docker, unless otherwise specified.
You can enter your sonic-mgmt container with the following command:
docker exec -it <container name> bash
You will find your sonic-mgmt directory mounted at /data/sonic-mgmt
:
$ ls /data/sonic-mgmt/
LICENSE README.md __pycache__ ansible docs lgtm.yml setup-container.sh spytest test_reporting tests
In order to configure the testbed on your host automatically, Ansible needs to be able to SSH into it without a password prompt. The setup-container
script from the previous step will setup all the necessary SSH keys for you, but there are a few more modifications needed to make Ansible work:
- Modify
/data/sonic-mgmt/ansible/veos_vtb
to use the user name (e.g.foo
) you want to use to login to the host machine (this can be your username on the host)
STR-ACS-VSERV-01:
ansible_host: 172.17.0.1
ansible_user: use_own_value
vm_host_user: foo
- Modify
/data/sonic-mgmt/ansible/ansible.cfg
to uncomment the two lines:
become_user='root'
become_ask_pass=False
- Modify
/data/sonic-mgmt/ansible/group_vars/vm_host/creds.yml
to use the username (e.g.foo
) and password (e.g.foo123
) you want to use to login to the host machine (this can be your username and sudo password on the host)
vm_host_user: foo
vm_host_password: foo123
vm_host_become_password: foo123
- Note: If the above three modifcations are done correctly, use
git diff
command and it will show an output like given below:
foo@sonic:/data/sonic-mgmt/ansible$ git diff
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index bc48c9ba..023dfe46 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -169,8 +169,8 @@ fact_caching_timeout = 86400
[privilege_escalation]
#become=True
become_method='sudo'
-#become_user='root'
-#become_ask_pass=False
+become_user='root'
+become_ask_pass=False
[paramiko_connection]
diff --git a/ansible/group_vars/vm_host/creds.yml b/ansible/group_vars/vm_host/creds.yml
index 029ab9a6..e00d3852 100644
--- a/ansible/group_vars/vm_host/creds.yml
+++ b/ansible/group_vars/vm_host/creds.yml
@@ -1,4 +1,4 @@
-vm_host_user: use_own_value
-vm_host_password: use_own_value
-vm_host_become_password: use_own_value
+vm_host_user: foo
+vm_host_password: foo123
+vm_host_become_password: foo123
diff --git a/ansible/veos_vtb b/ansible/veos_vtb
index 3e7b3c4e..edabfc40 100644
--- a/ansible/veos_vtb
+++ b/ansible/veos_vtb
@@ -258,7 +258,7 @@ vm_host_1:
STR-ACS-VSERV-01:
ansible_host: 172.17.0.1
ansible_user: use_own_value
- vm_host_user: use_own_value
+ vm_host_user: foo
vms_1:
hosts:
-
Create a dummy
password.txt
file under/data/sonic-mgmt/ansible
-
Note: Here,
password.txt
is the Ansible Vault password file. Ansible allows users to use Ansible Vault to encrypt password files.By default, the testbed scripts require a password file. If you are not using Ansible Vault, you can create a file with a dummy password (e.g.
abc
) and pass the filename to the command line. The file name and location is created and maintained by the user.
-
-
On the host, run
sudo visudo
and add the following line at the end:
foo ALL=(ALL) NOPASSWD:ALL
-
Verify that you can login into the host (e.g.
ssh [email protected]
, if the default docker bridge IP is172.18.0.1/16
, follow https://docs.docker.com/network/bridge/#configure-the-default-bridge-network to change it to172.17.0.1/16
, delete the currentsonic-mgmt
docker using commanddocker rm -f <sonic-mgmt_container_name>
, then start over from step 1 of section Setup sonic-mgmt docker ) from thesonic-mgmt
container without any password prompt. -
Verify that you can use
sudo
without a password prompt inside the host (e.g.sudo bash
).
(Skip this step if you are using cEOS - the containers will be automatically setup in a later step.)
Now we need to spin up some VMs on the host to act as neighboring devices to our virtual SONiC switch.
- Start the VMs:
./testbed-cli.sh -m veos_vtb -n 4 start-vms server_1 password.txt
If you use SONiC image as the neighbor devices (Not DUT), you need to add extra parameters -k vsonic
so that this command is ./testbed-cli.sh -m veos_vtb -n 4 -k vsonic start-vms server_1 password.txt
. Of course, if you want to stop VMs, you also need to append these parameters after original command.
- Reminder: By default, this shell script requires a password file. If you are not using Ansible Vault, just create a file with a dummy password and pass the filename to the command line.
- Check that all VMs are up and running.
For the EOS-based VMs Note: The passwd is
123456
.
$ ansible -m ping -i veos_vtb server_1 -u root -k
VM0102 | SUCCESS => {
"changed": false,
"ping": "pong"
}
VM0101 | SUCCESS => {
"changed": false,
"ping": "pong"
}
STR-ACS-VSERV-01 | SUCCESS => {
"changed": false,
"ping": "pong"
}
VM0103 | SUCCESS => {
"changed": false,
"ping": "pong"
}
VM0100 | SUCCESS => {
"changed": false,
"ping": "pong"
}
For the SONiC VMs Note: The passwd is password
.
$ ansible -m ping -i veos_vtb server_1 -u admin -k
VM0102 | SUCCESS => {
"changed": false,
"ping": "pong"
}
VM0101 | SUCCESS => {
"changed": false,
"ping": "pong"
}
STR-ACS-VSERV-01 | SUCCESS => {
"changed": false,
"ping": "pong"
}
VM0103 | SUCCESS => {
"changed": false,
"ping": "pong"
}
VM0100 | SUCCESS => {
"changed": false,
"ping": "pong"
}
Now we're finally ready to deploy the topology for our testbed! Run the following command, depending on what type of EOS image you are using for your setup:
cd /data/sonic-mgmt/ansible
./testbed-cli.sh -t vtestbed.yaml -m veos_vtb add-topo vms-kvm-t0 password.txt
cd /data/sonic-mgmt/ansible
./testbed-cli.sh -t vtestbed.yaml -m veos_vtb -k ceos add-topo vms-kvm-t0 password.txt
Verify that the cEOS neighbors were created properly:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
575064498cbc ceosimage:4.23.2F "/sbin/init systemd.…" About a minute ago Up About a minute ceos_vms6-1_VM0103
d71b8970bcbb debian:jessie "bash" About a minute ago Up About a minute net_vms6-1_VM0103
3d2e5ecdd472 ceosimage:4.23.2F "/sbin/init systemd.…" About a minute ago Up About a minute ceos_vms6-1_VM0102
28d64c74fa54 debian:jessie "bash" About a minute ago Up About a minute net_vms6-1_VM0102
0fa067a47c7f ceosimage:4.23.2F "/sbin/init systemd.…" About a minute ago Up About a minute ceos_vms6-1_VM0101
47066451fa4c debian:jessie "bash" About a minute ago Up About a minute net_vms6-1_VM0101
e07bd0245bd9 ceosimage:4.23.2F "/sbin/init systemd.…" About a minute ago Up About a minute ceos_vms6-1_VM0100
4584820bf368 debian:jessie "bash" 7 minutes ago Up 7 minutes net_vms6-1_VM0100
c929c622232a sonicdev-microsoft.azurecr.io:443/docker-ptf:latest "/usr/local/bin/supe…" 7 minutes ago Up 7 minutes ptf_vms6-1
cd /data/sonic-mgmt/ansible
./testbed-cli.sh -t vtestbed.yaml -m veos_vtb -k vsonic add-topo vms-kvm-t0 password.txt
Once the topology has been created, we need to give the DUT an initial configuration.
- Deploy the
minigraph.xml
to the DUT and save the configuration:
./testbed-cli.sh -t vtestbed.yaml -m veos_vtb deploy-mg vms-kvm-t0 veos_vtb password.txt
Verify the DUT is created successfully In your host run
~$ virsh list
Id Name State
-------------------------
3 vlab-01 running
Then you can try to login to your dut through the command and get logged in as shown below. For more information about how to get the DUT IP address, please refer to doc testbed.Example#access-the-dut
~$ ssh [email protected]
[email protected]'s password:
Linux vlab-01 4.19.0-12-2-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64
You are on
____ ___ _ _ _ ____
/ ___| / _ \| \ | (_)/ ___|
\___ \| | | | \| | | |
___) | |_| | |\ | | |___
|____/ \___/|_| \_|_|\____|
-- Software for Open Networking in the Cloud --
Unauthorized access and/or use are prohibited.
All access and/or use are subject to monitoring.
Help: http://azure.github.io/SONiC/
Last login: Thu Jul 29 03:55:53 2021 from 10.250.0.1
admin@vlab-01:~$ exit
- Verify that you can login to the SONiC KVM using Mgmt IP = 10.250.0.101 and admin:password.
ssh [email protected]
[email protected]'s password: password
- After logged in to the SONiC KVM, you should be able to see BGP sessions with:
show ip bgp sum
If neighbor devices are EOS:
admin@vlab-01:~$ show ip bgp sum
IPv4 Unicast Summary:
BGP router identifier 10.1.0.32, local AS number 65100 vrf-id 0
BGP table version 6405
RIB entries 12807, using 2458944 bytes of memory
Peers 4, using 87264 KiB of memory
Peer groups 4, using 256 bytes of memory
Neighbhor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd NeighborName
----------- --- ----- --------- --------- -------- ----- ------ --------- -------------- --------------
10.0.0.57 4 64600 3792 3792 0 0 0 00:29:24 6400 ARISTA01T1
10.0.0.59 4 64600 3792 3795 0 0 0 00:29:24 6400 ARISTA02T1
10.0.0.61 4 64600 3792 3792 0 0 0 00:29:24 6400 ARISTA03T1
10.0.0.63 4 64600 3795 3796 0 0 0 00:29:24 6400 ARISTA04T1
Total number of neighbors 4
If neighbor devices are SONiC
admin@vlab-01:~$ show ip bgp sum
IPv4 Unicast Summary:
BGP router identifier 10.1.0.32, local AS number 65100 vrf-id 0
BGP table version 3
RIB entries 5, using 920 bytes of memory
Peers 4, using 83680 KiB of memory
Peer groups 4, using 256 bytes of memory
Neighbhor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd NeighborName
----------- --- ----- --------- --------- -------- ----- ------ --------- -------------- --------------
10.0.0.57 4 64600 8 8 0 0 0 00:00:10 3 ARISTA01T1
10.0.0.59 4 64600 0 0 0 0 0 00:00:10 3 ARISTA02T1
10.0.0.61 4 64600 0 0 0 0 0 00:00:11 3 ARISTA03T1
10.0.0.63 4 64600 0 0 0 0 0 00:00:11 3 ARISTA04T1
Now that the testbed has been fully setup and configured, let's run a simple test to make sure everything is functioning as expected.
- Switch over to the
tests
directory:
cd sonic-mgmt/tests
- Run the following command to execute the
bgp_fact
test (including the pre/post setup steps):
If neighbor devices are EOS
./run_tests.sh -n vms-kvm-t0 -d vlab-01 -c bgp/test_bgp_fact.py -f vtestbed.yaml -i ../ansible/veos_vtb
If neighbor devices are SONiC
./run_tests.sh -n vms-kvm-t0 -d vlab-01 -c bgp/test_bgp_fact.py -f vtestbed.yaml -i ../ansible/veos_vtb -e "--neighbor_type=sonic"
You should see three sets of tests run and pass. You're now set up and ready to use the KVM testbed!
If you want to clear your testing environment, you can log into your mgmt docker that you created at step three in section README.testbed.VsSetup.md#prepare-testbed-host.
Then run command:
./testbed-cli.sh -t vtestbed.yaml -m veos_vtb -k ceos remove-topo vms-kvm-t0 password.txt