Example usage of the dlan ansible role.
This demo repository will let you quickly bring up some VMs, to test out the dlan ansible module with a sample configuration. This repo is for demo only, do not use as a reference for a real world setup as there are some dangerous simplifications for the sake of convenience (e.g. ssh host key checking is disabled in the ansible config, wireguard keys are committed plaintext in the repo, etc).
Instructions:
- Install the required dependencies:
- Terraform 0.12+, and the terraform libvirt provider
- Ansible 2.9+,
curl,libguestfs-tools, libvirt - You should have passwordless sudo access to command
virt-copy-in(or, if your sudo installation supports credential caching, runsudo -i truebefore running terraform commands)
- In the terraform dir, run
terraform init && terraform applyto bring the instances up.- If needed, tune the network ranges if required, in the
network.tffile. - This will also download and prepare OpenWrt's kernel and disk images.
- Gotcha: you may need to re-run this if you need the VMs again after rebooting your machine, as the libvirt networks tend to forget the IP static leases.
- If needed, tune the network ranges if required, in the
- Install the dlan module and configure the hosts. This is a multi-step process. While in the
ansibledir:- Populate the
dlan_authorized_keysvariable, ingroup_vars/all.yml, with your own ssh key. - If you edited the network ranges in terraform, you should also do it in the
dlan_linksvariables underhost_vars, and in the inventory. - Run
ansible-galaxy install -r requirements.ymlto download the dlan module - Run
ansible-playbook -t bootstrap local.ymlto prepare the test instances for ansible execution - Run
ansible-playbook -D local.ymlfor actually configuring the instances
- Populate the
After doing the above, the virtual overlay network will look as follows:
Note that the testbed consists only of routers, there are no client hosts in the private networks. If you'd like to test that out as well (e.g. is the DHCP server of the routers working? Will dnsmasq correctly create a DNS entry for this host?), you can just manually spawn a VM in libvirt, and attach it to any router's private network.
After waiting a bit for OSPF to converge, you can verify that the following is possible:
- You can ping openwrt-2 from openwrt-0. Connect to openwrt-0 with
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null [email protected]and then runping openwrt-2.lan.- It's worth noting that the
openwrt-2.lanloopkup is delegated to openwrt-2 itself, which gives back its loopback address10.1.1.3. - You can verify with tcpdump that these packets are indeed travelling through the VXLAN tunnels.
echo "show ospf topology ospf4" | birdcwill show the topology of the network as learned by the bird daemon.
- It's worth noting that the
- From your host machine, curl the exposed services on each of the VMs' external IPs. E.g.
curl 192.168.123.100:8080- As defined in the
dlan_proxyvariable, port 8080 exposes the nginx stub of the host you're making the request to. Port 8081 will round-robin through the nginx stub endpoints of all routers. - Also hostnames could have been used for port's 8081 config (e.g.
openwrt-0.laninstead of10.1.1.1), but these names are not available on the first ansible run due to DNS delegation not being ready yet, and this prevents nginx from starting (it will try to resolve the names at launch time and fail). Also note that if you use the routers' hostname in the upstreams, each router will be proxied to twice in a row in each full round-robin iteration, as the hostnames return two IPs, one IPv4 and one IPv6.
- As defined in the
If during your tests you run into any networking issue and can't access an instance anymore, you can just open a VM's virtual terminal an press enter, and a root shell will be available to check what's wrong. But starting from scratch is always an option, simply run terraform destroy && terraform apply from the terraform directory.