-
Notifications
You must be signed in to change notification settings - Fork 234
Setup on Virtual Machine
Gatekeeper can be run on machines that support KVM and libvirt. Even if your computer or server does not have a network card that Gatekeeper supports, you can still run Gatekeeper in a VM using the virtio paravirtualized driver.
Note that KVM is mainly for Linux environments only, and installing the Gatekeeper VM below will require around 20 GB of storage.
Follow the steps here to install KVM and libvirt in a Debian/Ubuntu environment. In particular, you'll need to make sure your CPU supports virtualization, install the needed packages, and users to groups. You do not need to do the optional step of installing virt-manager.
You'll also need an image for the virtual machine. We recommend using Ubuntu Live Server:
wget http://releases.ubuntu.com/bionic/ubuntu-18.04.1-live-server-amd64.iso
Create a VM named gk, with 2048 MB of RAM, 20 GB of storage, and an Ubuntu 18.04 image file (downloaded in the previous step) using the following command:
sudo virt-install --connect qemu:///system -n gk -r 2048 -f gk.qcow2 -s 20 -c ubuntu-18.04.1-live-server-amd64.iso --vnc --noautoconsole
While the virt-install command is running, you'll need to connect to the VM to complete the installation. If you're creating the VM locally and have access to a graphical console, you can simply run:
virt-viewer -c qemu:///system gk
If you are creating a VM on a remote server (host.example.com) and are connected over SSH, you can run:
virt-viewer --connect qemu+ssh://[email protected]/system gk
Where user is your identity on host.example.com. You'll need to enter your password twice and then a virtual console should open.
Follow the default steps to setting up the VM.
After the machine is finished installing, close out of the virt-viewer application. On the host where the VM is installed, shutdown the VM:
virsh shutdown gk
Check that it is shut down by running:
virsh list
If the machine is still running, it may need a less graceful shutdown, which you can do using:
virsh destroy gk
This command does not delete the VM, it just shuts it down.
While the VM is shut off, we need to edit some of its properties.
First, add two interfaces to the VM. These will be the front and back interfaces that Gatekeeper will use:
virsh attach-interface --domain gk --type network --source default --model virtio --mac 52:54:00:4b:73:5e --config virsh attach-interface --domain gk --type network --source default --model virtio --mac 52:54:00:4b:73:5f --config
The only difference between these two commands is the MAC address parameter.
Second, edit the VM's configuration file:
virsh edit gk
This command will open up the VM's configuration file. First, we need to change the number of virtual CPUs to match Gatekeeper's demands. Therefore, set the VM to have at least 6 VCPUs:
-<vcpu placement='static'>1</vcpu> +<vcpu placement='static'>6</vcpu>
Then, add the following driver element to both interface elements that we just added:
<interface type='network'>
<mac address='52:54:00:4b:73:5e'/>
<source network='default'/>
<model type='virtio'/>
+ <driver name='vhost' queues='6'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</interface>
<interface type='network'>
<mac address='52:54:00:4b:73:5f'/>
<source network='default'/>
<model type='virtio'/>
+ <driver name='vhost' queues='6'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</interface>
Save the file and exit. Bring the VM up:
virsh start gk
Find the IP address of the VM by running the following on the host:
virsh domifaddr gk
Then, from the host, ssh into the VM by using the username and password you set up:
ssh <username>@<ip address>
DPDK and Gatekeeper require the use of hugepages. To set them up on the VM, run the following command:
echo 256 | sudo tee /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
Next, obtain Gatekeeper:
git clone --recursive http://github.com/AltraMayor/gatekeeper.git
cd gatekeeper
. setup.sh
echo "export RTE_SDK=${RTE_SDK}" >> ${HOME}/.profile
echo "export RTE_TARGET=${RTE_TARGET}" >> ${HOME}/.profile
Then, you can compile Gatekeeper with:
make
Next, the configuration files need to be altered in the following ways:
1. If running gatekeeper as a Gatekeeper server, then open lua/gatekeeper_config.lua and set n_lcores to 1. If running gatekeeper as a Grantor server, open lua/gt.lua and set n_lcores to 1 there instead.
2. In lua/net.lua, set front_ports to be {"ens6"} and back_ports to be {"ens7"}. Set back_mtu to 1500.
3. In lua/cps.lua, set kni_kmod_path to use the correct path of your home folder in your VM. For example:
local kni_kmod_path = /home/john/gatekeeper/dependencies/dpdk/build/kmod/rte_kni.ko
Finally, bind the interfaces we created to a DPDK-compatible driver. From within the gatekeeper directory, do:
sudo ./dependencies/dpdk/usertools/dpdk-devbind.py --bind uio_pci_generic 00:06.0 sudo ./dependencies/dpdk/usertools/dpdk-devbind.py --bind uio_pci_generic 00:07.0
Gatekeeper can be run with the following command:
$ sudo ./build/gatekeeper