SI455 – Advanced Computer Networking Lab1: Creating a Virtual Network (v1.1)

advertisement
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
SI455 – Advanced Computer Networking
Lab1: Creating a Virtual Network (v1.1)
Due 16 Jan by start of class
Glossary
CLASS: refers to all students in a single section.
TEAM: refers to a team of 4-5 students.
STUDENT: refers to an individual within a team.
HOST OS: the operating system of the physical PC that each student is using
GUEST OS: the operating system that is running within a Virtual Machine
VIRTUAL NETWORK: refers to the virtual machines running in the vSphere server
PC: the physical workstation for each student
For Lab 1, each student must complete the following six tasks and complete the checklist at
the end of this document. Hand in the completed checklist to your instructor. Be prepared to
show your instructor your running network the day that the lab is due.
Goals
By the end of this Lab, each student should:
1. be able to log into the vSphere virtual network,
2. be able to create a VM on their host OS from a downloaded ISO file,
3. be able to convert & upload their VM to the vSphere virtual network,
4. be able to connect their VM to a virtual switch
5. be able to create a Linux DHCP server
6. be able to set either a static or dynamic IP address for machines in the virtual network
Background
We will be building a network of Virtual Machines this semester. Each group will create a
separate network for this first lab. In later labs, we will connect the groups’ networks to each
other and make some services available publicly. We will eventually be attacking and
defending these networks.
The goal of these labs is for each student to be able to perform all of the tasks required to
build and maintain a complete network for a small organization.
1
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
Big-Picture goals for this lab
It is important that you understand why you are performing the tasks in this lab. Here are the
big-picture steps that you need to achieve:
1. Build a Linux VM on your local machine. ISOs are available from the Internet. You
need to be able to download one and build a VM locally. This is a skill that you
previously used in IC322. You can use VMware Player to build your VM.
2. Patch and update the VM. Our virtual network does not have access to the Internet.
Once you upload it to carol, you will not be able to add new software. For now, your
VMs must be built while on your local machine.
3. Convert & upload the VM to carol. The files that create a local VM are formatted
differently for use with VMware Player than for ESXi. Use the “VMware vCenter
Converter Standalone Client” to both convert and upload your files.
4. Connect your new VM to your group’s network. You will need to create a virtual
switch in the ESXi server for your group, and connect your VMs to your group’s
switch. Once you set your IP addresses properly your VMs should be able to
communicate.
5. Add a DHCP server. This will allow your workstations to use dynamic IP addresses.
6. Add a webserver. This is just to give your network a reason to exist.
Here is an overview of the network that your group will build by the end of this lab:
• Each group is named after a color (red, green, blue, gold)
• Where the word “color” appears below, substitute your actual group’s name.
e.g. “color1” → red1, blue1, green1 or gold1
“colorweb” → redweb, blueweb, greenweb, or goldweb
• “colorN” represents the Ubuntu workstations for each member of the group.
2
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
Task 1: Build a User Workstation (Each group member builds their own)
This task will walk you through downloading and installing the VMs for your personal
workstations. Each student will have their own Linux workstation in the virtual network. We
will use Ubuntu Server 12.04 - a popular version of Linux that is considered easy to install
and maintain. The Server version is command-line only and does not come with a built-in
GUI. We will be installing LXDE for an X11 desktop environment.
1. Human coordination. Each workstation in your group needs a name and IP address. You
will need to assign machine names amongst yourselves (e.g. red1, red2, etc.) and agree to a
static IP addressing system that you can use until you get your DHCP server operational.
2. Start the vSphere client software
a. Login to your classroom PC
b. Click (Start→All Programs→VMware→VMware
vSphere Client)
c. Enter “gertie.cs.usna.edu” for IP address
d. Enter your ACADEMY user name
e. Enter your ACADEMY password
f. Do not select “Use Windows session credentials”
g. Click “Login”
h. Accept/install any required certificates
VMware tip:
When you see a file named *.iso, that
file was created by taking a snapshot
of a complete CD or DVD. We
usually use ISO files rather than
actual CDs to install new OSs, since
they are easier to obtain. When we
load an OS from an ISO, we are
simulating putting an install disk in
the drive and rebooting the machine.
3. Create a Linux VM
a. Create a directory on your Desktop named
NOTE:
“SI455Lab1”.
The 64-bit version would normally
b. Download an ISO file. Go to the following URL
be preferable, but trying it resulted in
in a browser on your host machine:
some installation errors. The 32-bit
http://www.ubuntu.com/download/server. Under
version will be easier for us to build
"Choose your flavour", select "32-bit". Click "Get
and maintain.
Ubuntu". You may be taken to a screen that asks
for a donation. Linux is free to download, so this
is not required. Click "Not now, take me to the download" to continue. Save the ISO
file in the default location: C:\Users\<loginname>\Downloads\.
c. Start the VMware player (Start→All Programs→VMware→VMware Player)
d. Click "Create a New Virtual Machine"
e. Click on "Installer disc image file (iso)"
f. Click "Browse" and select your ISO file from the Downloads directory. Click "Next".
g. "Personalize Linux page": By default, Ubuntu does not use a "root" account - the first
user-account created is automatically a regular user who gain root privileges by
running “sudo”.
3
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
i. Enter your actual full name
ii. For username, use your last name (max 32 characters)
iii. Pick a unique password - do not recycle one you have used before
iv. Click "Next" when done
h. "Name the virtual machine":
i. Pick a unique name for each machine in your Team
ii. Under location, Browse to your private Desktop SI455Lab1 directory.
iii. Create a subdirectory with your machine name. Select it.
iv. Click "Next"
VMware tip:
i. "Specify Disk Capacity" page: This indicates
VMware gives you lots of popups
how much space will be taken up by the virtual
asking you to upgrade or install more
hard drive. Normally you want to take the
software. Disregard all of them.
default value, but since we are not going to
install much new software or load files, we can
use a lot less. Reduce it to 5.0GB and click "Next".
j. "Ready to Create Virtual Machine" page: This shows the settings for virtual memory,
CPUs, peripherals, etc. Click "Finish" to accept the defaults. Your computer is going
to spend several minutes installing.
4. Login. When installation complete, your VM will prompt you for your password.
5. Update VM.
a. Download list of updatable packages with “sudo apt-get update”
b. Install new packages with “sudo apt-get upgrade”
6. Install a windows manager on the VM. The “Ubuntu Desktop” version of the Os comes
with the “Gnome” windows manager with the “Unity” add-on. This is too large for our tastes
– it is hard to build a VM with Gnome that requires less than 12GB. We are going to use the
LXDE windows manager, which is more bare-bones.
a. Type “df .” to check the space available on the main partition. It should show about
4GB allocated and 2.7GB still available.
b. Type “sudo apt-get install lxde”
c. Type “sudo reboot” to reboot in the windowed environment
d. Put the terminal icon on the desktop:
i. Click the “Start” icon in the lower-left corner of the VM’s desktop
ii. Select “Accessories”
iii. RMB on “LXTerminal”
iv. LMB on “Add to desktop”
e. Double-click the “LXTerminal” icon on the desktop to open a terminal
4
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
f. Type “df .” to check the space available on the main partition. It should show about
4GB allocated and 2.3GB still available. Adding the LXDE windows manager took
up about 0.4GB of disk space.
7. Install miscellaneous other packages the VM. For security reasons, we cannot give Internet
access to the VMs on carol. For now, we are going to need to install any software we need on
our VMs before we upload them to our ESXi server. Install the following packages:
a. sudo apt-get install nmap
b. sudo apt-get install openssh-server
c. sudo apt-get install gedit
d. sudo apt-get install python-scapy
e. sudo apt-get install wireshark
f. sudo apt-get install thunderbird
g. Type “df .” to check the space available on the main partition. It should show about
4GB allocated and 2.0GB still available. Adding these packages took up about 0.3GB
of disk space.
8. Cleanup the install files. The apt-get command downloads *.deb files from an Internet
repository. It stores the install files in /var/cache/apt/archives. You should occasionally clean
this directory out to free up space.
a. Run “ls –al /var/cache/apt/archives/”. You should see about 100
*.deb files.
b. Run “sudo apt-get clean” to delete the installation files.
c. Run “ls –al /var/cache/apt/archives/”. The directory should be mostly
empty..
d. Type “df .” to check the space available on the main partition. It should show about
4GB allocated and 2.2GB still available. Removing the installation files freed about
0.2GB of disk space.
9. Upload the VM to carol. This step will copy your VM up to carol and reconfigure the
*.vmx files from the VMware Player to the ESXi format. You will still have your local copy
of the VM on your machine after this step, but the two VMs will not be connected in any
way.
a. Logout of the VM. Click “Start→Logout→Shutdown”
b. Start the vCenter Converter. Click “Start→All Programs→VMware→VMware
vCenter Converter Standalone Client”.
c. Select “Connect to a local server”
d. Click “Login”
e. Click “Convert Machine”
f. Conversion Step 1: Source System
5
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
g.
h.
i.
j.
k.
l.
i. Set “Select Source type” to “VMware Workstation or other VMware virtual
machine”
ii. Click “Browse” and select the *.vmx file for the VM that you created. Click
“Open”.
iii. Click “Next”
Conversion Step 2: Destination System
i. Set “Select destination type” to “VMware Infrastructure virtual machine”
ii. Set “Server” to “gertie.cs.usna.edu”
iii. Set “User name” to your Academy login name (e.g. m179999)
iv. Set “Password” to your Academy password
v. Click “Next”
Conversion Step 3: Destination Virtual Machine
i. Select the folder with your group’s color it the “SI455 Adv Networks” tree
ii. Click “Next”
Conversion Step 4: Destination Location
i. In the “Datastore” section, set the droplist to “Datastore1”.
ii. Click “Next”
Conversion Step 5: Options
i. Click “Next”
Conversion Step 6: Summary
i. Click “Finish”
The converter should spend several minutes converting and uploading your files. Do
not make any changes to the VM until the upload is complete.
10. Verify that your VM uploaded correctly. Use the vSphere Client for this step.
a. Set the vSphere GUI to display the list of VMs and templates. Click “Inventory” in
the GUI bar and select “Inventory→VMs and Templates”. The bar should now look
like this:
b. The tree on the left of the screen shows the list of available VMs and some
organizational folders. Open your group’s folder under “CAROL/SI455 Adv
Networks”.
c. LMB on the name of your VM in the tree to select it
d. Select the “Summary” tab in the main window
e. Check the following on the Summary page:
i. “Guest OS” should show “Ubuntu Linux (32-bit)”
ii. “State” should show “Powered Off”. We can only change the network switch
while VM is powered off, so leave it off for now.
iii. “Storage” should show that your VM is on DataStore1. If it is in the wrong
place, then RMB on the name of your VM in the tree and select “Delete from
6
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
Disk”. This will remove it from the incorrect drive. You will need to upload it
again using the converter. Make sure that you select the correct upload drive.
iv. “Network” shows the switch that your VM is connected to. It defaults to the
first item in the list. We will change it to your group’s switch next.
f. Connect your VM to your group’s switch
i. Click “Edit Settings”
ii. Click “Network adapter 1”
iii. In the “Network Connection” droplist, select the switch that has your group’s
name in it. The options are redprivate/greenprivate/blueprivate/goldprivate.
iv. Click OK.
v. vSphere will take a minute to reconfigure your VM. Verify that the
“Network” box in the Summary page shows your group’s switch.
11. Turn on your VM
a. There are three different ways to do this:
i. In the summary page, click “Power On”
ii. In the tree on the left of the page, RMB your VM’s name and select
“Power→Power ON”
iii. In the tree on the left of the page, LMB your VM’s name and press “Ctrl B”
b. Click on the “Console” tab to see your VM’s screen. It will go through the boot
process and give you a login prompt.
c. To get a separate window, click on this button just above the main window:
d. Login to your VM
e. Press “Ctrl-Alt-Enter” to enter/exit full-screen mode. Once we start using this VM as
our main OS, we are going to want keep in in full-screen mode and forget about both
our host and vSphere.
f. You can change the monitor size with Start→Preferences→Monitor Settings. (NOTE:
Check the current resolution of the Host OS. You can set the Guest OS to the same
resolution in fullscreen mode.)
12. Set your LAN IP address. At this point, let’s forget about out Host OS and vSphere.
Maximize your Guest OS.
We are going to use a network address of 10.10.1.0 and a netmask of 255.255.255.0. All of
your group’s IP addresses will look like this: 10.10.1.X. For our preliminary setup, we are
going to use static IP addresses for the user workstations, where X >200. Once we get a
DHCP server running, we will shift these to dynamic addresses. Your group should decide
which workstation gets which IP address and write them down to avoid confusion.
a. Open a terminal window
7
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
b. cd /etc/network/
c. sudo gedit interfaces
d. Edit the interfaces file to look like the file below. Set the “address” value in your file
to whatever IP address you selected for your personal VM.
# The loopback network interface
auto lo
iface lo inet loopback
# The Ethernet network interface
auto eth0
iface eth0 inet static
address 10.10.1.201
netmask 255.255.255.0
e.
f.
g.
h.
Close the editor when done.
Run “sudo /etc/init.d/networking restart” to apply these changes.
Run “ifconfig” to check that eth0 is online.
Ping your own IP address and another group member’s to verify that you are
connected.
8
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
Task 2: Build a Webserver (One per group)
This task will walk you through creating the VM for your group’s webserver. Two group
members can work on this together while the other two build the DHCP server in Task 3.
We are going to use the same version of Ubuntu that we used for the user workstations, except
we are not going to load a windows manager. You have already done some of these steps, so the
second time should be easier.
1. Build a new VM for your server.
a. Follow steps 3-5 from Task 1 above. The following steps are slightly different this
time:
i. Step 3b: You have already downloaded the ISO – no need to do it again.
ii. Step 3g: Do not use your own name for the server. Use “owner” for the login
name, and select a password that they entire group will know.
iii. Step 3h: Name the machine your team’s color plus the word “web”
(redweb/greenweb/blueweb/goldweb)
b. Stop after Step 5b. Do NOT install the lxde windows manager.
2. Install packages the VM. Install the following packages:
a. sudo apt-get install openssh-server
b. sudo apt-get install mysql-server mysql-client
i. You will be prompted to create a password for the MySQL administrative
user. Create one for the group and write it down. The MySQL user name is
“root”.
c. sudo apt-get install apache2
d. sudo apt-get install php5 libapache2-mod-php5
e. sudo apt-get clean
f. Run “df .”. You should have about 2.7GB of disk space available. This is more
than enough for a webserver.
g. Run “nano”. This is just to check that we have an editor that does not require a
windowed environment. (You cannot run gedit without a GUI.) You will need to use
either nano or vi to edit files on this machine. Press Ctrl-x to exit nano.
3. Upload the webserver to carol.
a. Follow steps 10-12 from Task 1 above. The following steps are slightly different this
time:
i. Step 10a: Run “sudo shutdown –h now” to logout and power off from
the command-line.
4. Set the webserver’s IP address. We are going to use static IP addresses for the servers, and
dynamic addresses for the workstations.
a. Select the webserver in vSphere and login to it.
9
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
b. cd /etc/network/
c. sudo nano interfaces
d. Edit the interfaces file to look like the image below. The address is the same
(10.10.1.10) for each group’s web server.
e. Press Ctrl-o to save
f. Press Ctrl-x to exit nano
g. Run “sudo /etc/init.d/networking restart” to apply these changes.
h. Run “ifconfig” to check that eth0 is online.
i. Ping one of the user workstations to verify that the server is online.
5. Turn on the server’s ssh daemon. This is the last time we will access this server by logging
into its console from vSphere. The proper way to access a server is to ssh from a user
workstation. We need to turn on the ssh server first.
a. Run “sudo start ssh”
b. Close the server’s vSphere console window. We will not need it again.
6. Verify that the webserver is serving pages. The apache2 webserver turns on by default. If
it is working, then the page should be visible from a workstation.
a. Login to one of your user workstations in vSphere.
b. Start the Chromium browser (It is one of the icons along the bottom of the taskbar)
c. Enter “10.10.1.10” in the browser’s URL bar. You should see the default message “It
Works!” if the webserver is running. This is the default page.
7. Login to the webserver with ssh. Run the following from one of the user workstations.
a. “ssh owner@10.10.1.10”
i. Type “yes” to accept the connection
ii. Enter the password for the server when prompted.
b. You should now have a shell on the server. The only way to tell right now is to run
“ifconfig” and check the IP address. Any commands that you type here will run
on the webserver, not your own workstation.
c. Type “exit” to leave the ssh session and return to your workstation. Run
“ifconfig” again to verify that you are now back on your workstation.
10
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
Task 3: Build a DHCP server (One per group)
This task will walk you through creating the VM for your group’s DHCP server. Two group
members can work on this together while the other two build the webserver in Task 2.
We are going to use the same version of Ubuntu that we used for the user workstations, except
we are not going to load a windows manager. You have already done some of these steps, so the
second time should be easier.
8. Build a new VM for your server.
a. Follow steps 3-5 from Task 1 above. The following steps are slightly different this
time:
i. Step 3b: You have already downloaded the ISO – no need to do it again.
ii. Step 3g: Do not use your own name for the server. Use “owner” for the login
name, and select a password that they entire group will know.
iii. Step 3h: Name the machine your team’s color plus the word “dhcp”
(reddhcp/greendhcp /bluedhcp /golddhcp)
b. Stop after Step 5b. Do NOT install the lxde windows manager.
9. Install packages the VM. Install the following packages:
a. sudo apt-get install openssh-server
b. sudo apt-get install isc-dhcp-server
c. sudo apt-get clean
d. Run “df .”. You should have about 2.8GB of disk space available. This is way
more than enough for a DHCP server.
e. Run “nano”. This is just to check that we have an editor that does not require a
windowed environment. (You cannot run gedit without a GUI.) You will need to use
either nano or vi to edit files on this machine. Press Ctrl-x to exit nano.
10. Upload the DHCP server to carol.
a. Follow steps 10-12 from Task 1 above. The following steps are slightly different this
time:
i. Step 10a: Run “sudo shutdown –h now” to logout and power off from
the command-line.
11. Set the DHCP server’s IP address. We are going to use static IP addresses for the servers,
and dynamic addresses for the workstations.
a. Select the webserver in vSphere and login to it.
b. cd /etc/network/
c. sudo nano interfaces
d. Edit the interfaces file to look like the image below. The address is the same
(10.10.1.5) for each group’s DHCP server.
11
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
e. Press Ctrl-o to save
f. Press Ctrl-x to exit nano
g. Run “sudo /etc/init.d/networking restart” to apply these changes.
h. Run “ifconfig” to check that eth0 is online.
i. Ping one of the user workstations to verify that the server is online.
12. Turn on the server’s ssh daemon. This is the last time we will access this server by logging
into its console from vSphere. The proper way to access a server is to ssh from a user
workstation. We need to turn on the ssh server first.
a. Run “sudo start ssh”
b. Close the server’s vSphere console window. We will not need it again.
13. Login to the DHCP server with ssh. Run the following from one of the user workstations.
a. “ssh owner@10.10.1.5”
i. Type “yes” to accept the connection
ii. Enter the password for the server when prompted.
b. You should now have a shell on the server. The only way to tell right now is to run
“ifconfig” and check the IP address. Any commands that you type here will run
on the DHCP server, not your own workstation.
c. Type “exit” to leave the ssh session and return to your workstation. Run
“ifconfig” again to verify that you are now back on your workstation.
14. Configure the DHCP server. This server will give out dynamic IP addresses to each of the
workstations. We need to (a) configure the DHCP server to know which IP addresses to give
out and (b) reconfigure the workstations to use dynamic addresses instead of static.
The DHCP config instructions are here: https://help.ubuntu.com/12.04/serverguide/dhcp.html
You will edit the dhcpd.conf file in one of these steps. Begin by deleting all of the lines from
the default version of that file. (Most of it is actually commented out already.) Using the
format given from the webpage above, add the following data to the file:
subnet:
10.10.1.0
netmask:
255.255.255.0
range:
10.10.1.100 10.10.1.199
We do not have a router or DNS set up yet, so leave those options out.
12
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
15. Configure the workstation for dynamic addressing. You will need to make these changes
on each workstation.
a. Edit the /etc/network/interfaces file on each workstation and set then to the following:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
b. Run “sudo /etc/init.d/networking restart” to apply these changes.
c. Run “ifconfig” to check that eth0 is online. Verify that your new IP addresses are
in the range 10.10.1.100-10.10.1.199.
13
Collaboration Policy: CP-9 (Work in groups, hand in a group submission)
Name: ____________________ Section: ___________ Team: _______________________
SI455 – Computer Networking
Lab 1 Checklist
Fill in the table below to verify that you have successfully built your network.
• Column(2) – enter the IP address as reported by ifconfig, on the eth0 interface.
• Column(3) – Run the “ping” command on all of the IP addresses from Column 2. Put
a YES in the box if the ping returned successfully.
• Column(4) – Verify connectivity with the webserver by retrieving its webpage. For the
workstations, run the local browser. For the servers, run the wget command with the
webserver’s IP address. This should download the index.html file. If the page is
successfully retrieved, put a YES in the box.
• Column(5) – Verify whether DHCP is working properly. If the IP address of the
workstations was granted by the DHCP server and not created statically, then put a
YES in the box.
(1) Machine
Name
(2) IP Address
(3) Ping all 6
machines
(4) Retrieve
page from
webserver
(5) DHCP
functioning
properly
Workstation 1
Workstation 2
Workstation 3
Workstation 4
Webserver
DHCP server
Hand in this sheet at the start of class on the day that the lab is due. Be prepared to
demonstrate your functioning network as well.
14
Download