当前位置:   article > 正文

StrongSwan虚拟测试环境搭建

StrongSwan虚拟测试环境搭建

全新安装的Ubuntu系统,版本:

$ cat /etc/issue
Ubuntu 18.04.3 LTS \n \l

$ 
  • 1
  • 2
  • 3
  • 4

StrongSwan的版本为: 5.8.1。

在搭建环境之前,更新一个apt系统,将sources.list文件中的如下行增加universe,以防在安装过程中找不到包。

$ sudo vi /etc/apt/sources.list
 
deb http://archive.ubuntu.com/ubuntu bionic main universe
deb http://archive.ubuntu.com/ubuntu bionic-security main universe
deb http://archive.ubuntu.com/ubuntu bionic-updates main universe 
 
$ sudo apt update
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7

获取StrongSwan源码包:

$ wget https://download.strongswan.org/strongswan-5.8.1.tar.bz2
$ tar -xf strongswan-5.8.1.tar.bz2 
  • 1
  • 2

测试拓扑图如下:

在这里插入图片描述

编译安装StrongSwan:

$ sudo apt  install  gcc make
$ sudo apt  install  libgmp3-dev   // configure操作需要gmp库 
$
$ cd strongswan-5.8.1
$ ./configure
$ make
$ sudo make install
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7

之后,安装测试环境所需的依赖包:

$ sudo apt-get install libssl-dev git
$ sudo apt-get install debootstrap  parted qemu-kvm e2fsprogs libvirt-bin
$ sudo apt-get install flex bison   // 编译内核使用
$ sudo apt-get install libelf-dev git
  • 1
  • 2
  • 3
  • 4

安装python相关包:

$ sudo apt-get install python python-pip libqt5organizer5 libnss-myhostname  unity-schemas virtualenv
  • 1

升级pip,遇到以下问题:

$ pip install --upgrade pip
$
$ pip install --upgrade wheel     
Traceback (most recent call last):
  File "/usr/bin/pip", line 9, in <module>
    from pip import main
ImportError: cannot import name main
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7

修改/usr/bin/pip文件:

from pip import main
if __name__ == '__main__':
    sys.exit(main())
	
修改为:

from pip import __main__
if __name__ == '__main__':
    sys.exit(__main__._main())
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

再次安装wheel和setuptools:

$ sudo apt install wheel  python-setuptools
  • 1

运行测试环境搭建脚本make-testing:

$ cd testing/
$ sudo ./make-testing
  • 1
  • 2

在运行make-testing脚本时,一直遇到找不到bdist_wheel的问题,安装了以上的python相关包之后,问题得以解决:

$ python
Python 2.7.15+ (default, Jul  9 2019, 16:51:35) 
[GCC 7.4.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>  
>>> 
>>> from wheel import bdist_wheel
>>> 
>>> bdist_wheel
<module 'wheel.bdist_wheel' from '/home/kai/.local/lib/python2.7/site-packages/wheel/bdist_wheel.pyc'>
>>> 
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

之后遇到找不到StrongSwan证书的问题,手动执行testing/scripts目录下build-certs脚本:

$ sudo apt install bindfs 
$
$ sudo ./scripts/build-certs
  • 1
  • 2
  • 3

最后,运行testing目录下的脚本start-testing,启动测试环境:

$ sudo ./start-testing
  • 1

一开始运行时遇到moon和sun虚拟机不能启动的问题,日志信息如下:

virsh create /home/unknown/work/strongswan-5.8.1/testing/config/kvm/sun.xml
error: Failed to create domain from /home/unknown/work/strongswan-5.8.1/testing/config/kvm/sun.xml
error: the CPU is incompatible with host CPU: Host CPU does not provide required features: monitor
  • 1
  • 2
  • 3

将这两个虚拟机的配置与alice虚拟机配置比较,发现前两者多出了以下的cpu相关配置:

$ vi testing/config/kvm/sun.xml 

  <cpu>
    <model fallback='allow'>core2duo</model>
    <feature policy='optional' name='aes'/>
    <feature policy='optional' name='pclmuldq'/>
  </cpu>
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7

删除了以上的几行之后,moon和sun可正常启动,但是还不知道由什么影响,后续进行测试。 另外,在启动测试虚拟环境时,遇到以下的警告信息,但是不影响正常启动,也就没有去解决:

$ sudo vi  /var/log/libvirt/qemu/alice.log 
  
2019-09-16T10:37:06.897218Z qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.80000001H:ECX.svm [bit 2]
  • 1
  • 2
  • 3

虚拟测试环境编译脚本make-testing,分为四个阶段。testing.conf文件可配置四个阶段的开启和关闭,如下配置,如果baseimage和rootimage阶段已经编译完成,在guestkernel阶段出现问题,可使用如下配置重新执行make-testing脚本,而不被重新执行前两个阶段的构建,节省时间:

# Enable particular steps in the make-testing
#
: ${ENABLE_BUILD_BASEIMAGE=no}
: ${ENABLE_BUILD_ROOTIMAGE=no}
: ${ENABLE_BUILD_GUESTKERNEL=yes}
: ${ENABLE_BUILD_GUESTIMAGES=yes}
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6

测试环境中的虚拟机的IP地址也在testing.conf中配置,默认如下:

: ${HOSTNAMEIPV4="\
alice,10.1.0.10,192.168.0.50 \
venus,10.1.0.20 \
moon,192.168.0.1,10.1.0.1 \
carol,192.168.0.100,10.3.0.1 \
winnetou,192.168.0.150 \
dave,192.168.0.200,10.3.0.2 \
sun,192.168.0.2,10.2.0.1 \
bob,10.2.0.10"}
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

可通过SSH登录各个虚拟机,root用户无密码, 如登录carol虚拟机:

$ ssh root@192.168.0.100
The authenticity of host '192.168.0.100 (192.168.0.100)' can't be established.
ECDSA key fingerprint is SHA256:t1b5dEQjOrAZ7GWTFJx1S1+VxqDfPYSFW93zFI3RcaU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.100' (ECDSA) to the list of known hosts.
carol:~#
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6

END

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/爱喝兽奶帝天荒/article/detail/739246
推荐阅读
相关标签
  

闽ICP备14008679号