This document describes the steps to setup the testbed and deploy a topology.
- Install Ubuntu 20.04 amd64 on the server. (ubuntu-20.04.1-live-server-amd64.iso)
- Install Ubuntu prerequisites
sudo apt -y update sudo apt -y upgrade sudo apt -y install \ python3 \ python-is-python3 \ python3-pip \ curl \ git \ openssh-server \ make
- Install Python prerequisites
sudo pip3 install j2cli
- Install Docker (all credits to https://docs.docker.com/engine/install/ubuntu/ )
sudo apt-get remove docker docker-engine docker.io containerd runc sudo apt-get update sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg-agent \ software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo apt-key fingerprint 0EBFCD88 sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io sudo docker run hello-world
- add your user to docker group
sudo usermod -aG docker $USER
- add your user to docker group
- enable root (optional)
sudo apt -y mc /etc/ssh/sshd_config PermitRootLogin yes sudo passwd (YourPaSsWoRd) sudo systemctl restart sshd
- reboot
- at minimum terminate ssh connection or log out and log back in
- this is needed for the permissions to be update, otherwise next step will fail
The PTF docker container is used to send and receive data plane packets to the DUT.
-
Build
docker-ptf
imagegit clone --recursive https://github.com/sonic-net/sonic-buildimage.git cd sonic-buildimage make configure PLATFORM=vs ;#takes about 1 hour or more make target/docker-ptf.gz
You can also download a pre-built
docker-ptf
image here. -
Setup your own Docker Registry and upload
docker-ptf
to your registry.
Managing the testbed and running tests requires various dependencies to be installed and configured. We have built a docker-sonic-mgmt
image that takes care of these dependencies so you can use ansible-playbook
, pytest
, and spytest
.
-
Build
docker-sonic-mgmt
image from scratch:git clone --recursive https://github.com/sonic-net/sonic-buildimage.git cd sonic-buildimage make configure PLATFORM=generic make target/docker-sonic-mgmt.gz
You can also download a pre-built
docker-sonic-mgmt
image here. -
Clone the
sonic-mgmt
repo into your working directory:git clone https://github.com/sonic-net/sonic-mgmt
-
Setup management port configuration using this sample
/etc/network/interfaces
:# replace ma0 with eno1 or your server management nic root@server-1:~# cat /etc/network/interfaces # The management network interface auto ma0 iface ma0 inet manual # Server, VM and PTF management interface auto br1 iface br1 inet static bridge_ports ma0 bridge_stp off bridge_maxwait 0 bridge_fd 0 address 10.250.0.245 netmask 255.255.255.0 network 10.250.0.0 broadcast 10.250.0.255 gateway 10.250.0.1 dns-nameservers 10.250.0.1 10.250.0.2 # dns-* options are implemented by the resolvconf package, if installed
for netplan users
network: version: 2 ethernets: ma0: dhcp4: false dhcp6: false bridges: br1: interfaces: [ma0] addresses: [10.250.0.245/24] gateway4: 10.250.0.1 mtu: 1500 nameservers: addresses: [10.250.0.1, 10.250.0.2] parameters: stp: false forward-delay: 0 max-age: 0 dhcp4: no dhcp6: no
Since the bridge is assigned a virtual ip address, it is better to have one more management network interface (e.g. ma1) so that you can access your server from your lab.
alternatively use this script but settings will be lost on reboot
sudo bash ./sonic-mgmt/ansible/setup-management-network.sh
-
Reboot the setup just to be sure the networking is ok
-
Create a
docker-sonic-mgmt
container. Note that you must mount your clone ofsonic-mgmt
inside the container to access the deployment and testing scripts:docker load < docker-sonic-mgmt.gz docker load < docker-ptf.gz docker run -v $PWD:/data -it docker-sonic-mgmt bash cd /data/sonic-mgmt
NOTE: From this point on, all steps are ran inside the docker-sonic-mgmt
container.
Once you are in the docker container, you need to modify the testbed configuration files to reflect your lab setup.
-
Server
-
Update the server management IP in
ansible/veos
. -
Update the testbed server credentials in
ansible/group_vars/vm_host/creds.yml
. -
Update the server network configuration for the VM and PTF management interfaces in
ansible/host_vars/STR-ACS-SERV-01.yml
.external_port
: server trunk port name (connected to the fanout switch)mgmt_gw
: ip of the gateway for the VM management interfacesmgmt_prefixlen
: prefixlen for the management interfaces
-
Check that ansible can reach this host:
ansible -m ping -i veos vm_host_1
-
-
VMs
-
Download vEOS-lab image from Arista.
-
Copy these image files to
~/veos-vm/images
on your testbed server:Aboot-veos-serial-8.0.0.iso
vEOS-lab-4.20.15M.vmdk
-
Update /ansible/group_vars/vm_host/main.yml with the location of the veos files or veos file name if you downloaded a different version
-
Update the VM IP addresses in the
ansible/veos
inventory file. These IP addresses should be in the management subnet defined above. -
Update the VM credentials in
ansible/group_vars/eos/creds.yml
.
cat <<EOT >> /data/sonic-mgmt/ansible/group_vars/eos/creds.yml --- ansible_password: '123456' ansible_user: admin EOT
-
-
PTF Docker
- Update the docker registry information in
vars/docker_registry.yml
.
- Update the docker registry information in
-
Start the VMs:
# /data/sonic-mgmt/ansible ./testbed-cli.sh start-vms server_1 password.txt
Please note:
password.txt
is the ansible vault password file name/path. Ansible allows users to useansible-vault
to encrypt password files. By default, this shell script requires a password file. If you are not usingansible-vault
, just create an empty file and pass the file name to the command line. The file name and location is created and maintained by the user.echo "" > ./password.txt
-
Check that all the VMs are up and running:
ansible -m ping -i veos server_1
You need to specify all physical connections that exist in the lab before deploying the fanout and running the tests.
Please follow the "Testbed Physical Topology" section of the Configuration Guide to prepare your lab connection graph file.
We are using Arista switches as the fanout switches in our lab. So, the playbook under roles/fanout
is for deploying fanout (leaf) switch Vlan configurations on Arista devices only. If you are using other types of fanout switches, you can manually configure the Vlan configurations on the switch, or you can deploy a regular Layer-2 switch configuration.
Our fanout switches deploy using the Arista switch's eosadmin shell login. If you have an Arista switch as your fanout and you want to run fanout/tasks/main.yml
to deploy the switch, please scp
the roles/fanout/template/rc.eos
file to the Arista switch flash, and make sure that you can login to the shell with fanout_admin_user/fanout_admin_password
.
TODO:
- Improve testbed root fanout switch configuration method.
- Update the inventory file format. Some of the early fanout definition files have duplicated fields with the inventory file. We should adopt a new inventory file and improve the lab graph.
- Update
testbed.csv
with your data. At the least, you should update the PTF management interface settings. - To deploy a topology run:
./testbed-cli.sh add-topo vms-t1 ~/.password
- To remove a topology run:
./testbed-cli.sh remove-topo vms-t1 ~/.password
NOTE: The last step in testbed-cli.sh
is trying to re-deploy the Vlan range in the root fanout switch to match the VLAN range specified in the topology. In other words, it's trying to change the "allowed" Vlan for the Arista switch ports. If you have a different type of switch, this may or may not work. Please review the steps and update accordingly if necessary. If you comment out the last step, you may manually swap Vlan ranges in the root fanout to make the testbed topology switch work.
Please follow the "Device Minigraph Generation and Deployment" section of the Device Minigraph Generation and Deployment to finish minigraph deployment.