Olive Install Complete Guide - JunOS 12.3R6 V1-1

1

Author : Tony Hill Version : 1-0 Date : 20th April 2014

1 Introduction This document is a complete, step-by-step guide for installing and configuring a JunOS Olive on a Ubuntu 14.04 LTS 64-bit system. The guide starts with setting up and installing a QEMU emulated FreeBSD virtual machine, progressing onto tailoring the JunOS installation package, followed by carrying out the JunOS installation itself and finally, setting up GNS3.

1.1 Host Computer Hardware & Software root@tony:~# lsb_release -a No LSB modules are available.

Distributor ID: Ubuntu

Description: Ubuntu 14.04 LTS

Release: 14.04

Codename: trusty

Figure-1

QEMU emulator version 1.7.91 (Debian 2.0.0~rc1+dfsg-0ubuntu3), Copyright (c) 2003-2008 Fabrice Bellard

openvpn:amd64/trusty 2.3.2-7ubuntu3 up to date

FreeBSD 4.11-RELEASE-i386-miniinst.iso http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/ISO-IMAGES/4.11/

GNS3 0.8.6

2

JunOS 12.3.R6.6 (legal copy)

1.2 Pre-Requisites 64-bit Ubuntu in order for the QEMU software to create images that can use more than

2047M of memory. QEMU running under 32-bit Ubuntu is only able to support 2047M of memory for each emulated machine.

QEMU emulator (apt-get install qemu) FreeBSD i386 ISO image Legal copy of JunOS router software (jinstall-12.3R6.6-export-signed.tgz) GNS3 (apt-get install gns3) A lot of patience, endless cups of coffee and a plentiful supply of hand-rolling tobacco

Note-1: I have not shown all of the package dependencies for brevity. However, once you have installed QEMU, issue the apt-get build-dep command to download the associated library and other files. Note-2: I am also running KVM on the host machine. However, it is not necessary to run KVM to complete this installation. Note-3: Follow these steps to the letter. Download the FreeBSD ISO image from the URL above, not from other links. There are quite a few ISO files around not all of which are exactly the same. Note-4: I have carried out some brutal hacks to the JunOS install package scripts to get the installation to work. The software developers would probably be horrified, but the end justifies the means and the result is a perfectly formed emulated router that supports most of the core routing functionality.

1.3 Top-Level Directories Open a terminal window. Create the following directories underneath your home folder (in my case the home directory is /home/tony):

JUNOS FREEBSD OLIVE

1.4 File Downloads Download the 4.11-RELEASE-i386-miniinst.iso from the following URL into the FREEBSD directory:

http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/ISO-IMAGES/4.11/

Download the jinstall-12.3R6.6-export-signed.tgz file into the JUNOS directory. Copy the FreeBSD ISO file and the JunOS files to the OLIVE directory. It's a good idea to work on copies of the original files so that you can always get back to a known position if things go awry.

3

2 FreeBSD Installation 2.1 Create the Virtual Disk Image 1. Change directory into the OLIVE directory. 2. Issue the following command to create a qcow2 format 16G disk image. Please note that the

disk image is initially very small (only about 197K) but it is allowed to grow to the specified size. The final disk image with both FreeBSD and JunOS installed is around 3.2G.

qemu-img create -f qcow2 freebsd-4.11.img 16384M

The OLIVE directory should now contain the following files: root@tony:~/OLIVE# ls l total 239368 -rw------- 1 root root 244912128 Apr 21 03:30 4.11-RELEASE-i386-miniinst.iso -rw-r--r-- 1 root root 197120 Apr 21 03:30 freebsd-4.11.img

2.2 Boot the Disk Image & Install FreeBSD 1. Start the virtual machine using the disk image as the hard disk and the FreeBSD ISO file as a

bootable CDROM. The virtual machine has 4096M of memory. The -boot d specifies that the machine should boot first from the CDROM drive.

qemu-system-x86_64 -m 4096M -hda freebsd-4.11.img -cdrom 4.11-RELEASE-i386-miniinst.iso -boot d

2. QEMU boots the virtual machine in a new window. The 4G of memory allocated is quite generous as the i386 FreeBSD machine can only see around 3G but the intention is to ensure that there is no resource bottleneck.

4

Figure-2 3. The machine boots from the CDROM and enters the installation dialogue. Press enter to skip

kernel configuration to continue booting the machine.

Figure-3 4. Select Begin a standard installation.

5

Figure-4 5. Select OK to proceed to the initial disk partitioning screen.

Figure-5 6. The initial partitioning screen is displayed.

6

Figure-6 7. Press A to select the entire virtual disk, press Q to finish. The actual partitions will be

created later.

Figure-7 8. Select Install a standard MBR (no boot manager).

7

Figure-8 9. You are now prompted to partition the disk. Hit OK.

Figure-9 10. Create the / partition. Press C, enter 4096M and hit OK.

8

Figure-10 11. Select A file system and hit OK.

Figure-11 12. Specify / as the mount point and hit OK.

9

Figure-12 13. Create the swap partition. Press C enter 4096M and hit OK.

Figure-13 14. Select A swap partition and hit OK.

10

Figure-14 15. Create the /config partition. Press C enter 1024M and hit OK.


11

Figure-16 17. Enter /config and hit OK.

Figure-17 18. Create the /var partition. Press C accept the value 14679873 blocks (7167M) and hit OK.

12


Figure-19 20. Enter /var and hit OK.

13

Figure-20 21. The partition table is now complete. The partitions must align exactly as shown i.e.

ad0s1a / 4096M ad0s1b swap 4096M ad0s1e /config 1024M ad0s1f /var 7167M

14

Figure-21 22. Press Q to finish. The next screen is displayed. Scroll down and select Minimal, hit the

space bar to mark it with an X. Hit TAB to move to the OK at the foot of the screen and hit Enter.

Figure-22 23. Select CD/DVD as the installation media and hit OK.

15

Figure-23 24. Hit Yes when presented with the Last Chance screen.

Figure-24 25. The file systems are created.

16

Figure-25 26. The files are copied to the virtual disk from the installation media.

Figure-26 27. The basic installation is complete. Hit OK.

17

Figure-27 28. Respond No to all of the following questions:

SLIP/PPP network devices Function as a Network Gateway Configure inetd Anonymous FTP to the machine Configure NFS server Configure NFS client Select a default security profile (chose No for moderate security)

18

Figure-28 29. When the Moderate security screen appears hit OK.

Figure-29 30. Select No for customize system console settings.

19

Figure-30 31. Select No for set the time zone.

Figure-31 32. Select No for enable Linux binary compatibility.

20

Figure-32 33. Select No for USB mouse attachment.

Figure-33 34. Select No for the FreeBSD package collection.

21

Figure-34 35. Select No for adding user accounts.

Figure-35 36. Select OK to set the system manager's password. Enter the password, re-type it and

remember it.

22

Figure-36 37. Select No for visit the general configurations menu.

Figure-37 38. The main installation menu screen is re-displayed. Hit the TAB key to select Exit Install and

press Enter.

23

Figure-38 39. Select Yes to exit from the installation. A few seconds after you press Enter, the machine will

start to reboot. Note: To prevent the machine from rebooting back into the installation, press the CTRL+ALT+2 keys to exit from the machine to the QEMU emulator screen.

Figure-39 40. Enter quit and hit Enter. The window closes and the installation of FreeBSD 4.11 on the

virtual machine is complete. The freebsd-4.11.img virtual disk file has grown to around 349M with the FreeBSD OS installed.

24

Figure-40

2.3 Start the VM Locate the /usr/bin/true File The JunOS installation scripts run a binary programme called checkpic to determine PIC support for the platform on which the operating system is being installed. We will be using emulated interfaces so it is necessary to fool the installation process into thinking that it has run the checkpic programme successfully. The Linux /usr/bin/true binary always returns success when it exits so we need this file to copy it over the checkpic binary when we unpack the JunOS installation package later on. All Linux machines have a copy of the true binary file. However, it is vital that we use the true binary file obtained from the FreeBSD guest VM otherwise the installation will fail. 1. Open a terminal window on the host and boot the VM but this time we don't need to mount the

CDROM because the FreeBSD OS is installed.

qemu-system-x86_64 -m 4096M -hda freebsd-4.11.img

2. Log into the machine with username root and the system manager's password that was entered during the installation process.

Note: When you click inside the VM window the VM grabs the cursor. If you need to return to the hosts windowing system, hold the CTRL+ALT keys to release the cursor. 3. Locate the /usr/bin/true file:

# ls /usr/bin/true /usr/bin/true #

25

4. Shut down the guest VM. When the press any key to reboot message is displayed, exit the QEMU emulator using CTRL+ALT+2 and type in quit.

Figure-41

2.4 OpenVPN & TUN/TAP Interfaces OpenVPN is an open source application that allows secure point-to-point tunnels to be created between hosts at the same or different sites. In this case, we're using OpenVPN to allow the Ubuntu host computer to talk to the guest FreeBSD VM so that we can retrieve its /usr/bin/true binary file. The connection between the host and guest VM is bridged. The connectivity is shown below:

Host

HomeGW LAN [eth0][br1][tap0] [tap0]Guest .254 192.168.1.0 192.168.1.86 192.168.1.91

1. From a terminal window on the Ubuntu host, set up the bridge br1, physical eth0 and OpenVPN tap0 interfaces (on the host computer). Please note that these steps assume that there are no pre-existing bridge interfaces already running, which there will be if you are running KVM, for example. If there are pre-existing bridge interfaces, you must shut them down and delete them first.

2. Bring down the eth0 interface on the host:

26

root@tony:~# ifconfig eth0 down

3. Bring the eth0 interface back up with no IP address (please note that you may have to disable network manager to ensure that it doesn't automatically use DHCP to obtain an IP address for eth0).

root@tony:~# ifconfig eth0 0.0.0.0 promisc up root@tony:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:21:cc:69:71:e1 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:64869 errors:0 dropped:0 overruns:0 frame:0 TX packets:10029 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:17047282 (17.0 MB) TX bytes:1218466 (1.2 MB) Interrupt:20 Memory:f3900000-f3920000

4. Create an OpenVPN TAP interface that will be the end point of our tunnel to the guest VM. In this example I'm using tap0 as the tunnel device name for the Ubuntu host. The --mktun keyword makes the tunnel interface and sets it to ON:

root@tony:~# openvpn --mktun --dev tap0 Mon Apr 21 05:28:56 2014 TUN/TAP device tap0 opened Mon Apr 21 05:28:56 2014 Persist state set to: ON

5. Add a bridge interface (br1 in this example) and associate it with physical interface eth0 and tunnel interface tap0. This association between the bridge, physical and tunnel interfaces will allow us to bridge traffic between the Ubuntu host and the guest VM:

root@tony:~# brctl addbr br1 root@tony:~# brctl addif br1 eth0 root@tony:~# brctl addif br1 tap0

root@tony:~# brctl stp br1 off (optionalonly one bridge so turn off STP)

root@tony:~# brctl show bridge name bridge id STP enabled interfaces br1 8000.0021cc6971e1 no eth0 tap0

6. Bring the br1 interface up.

root@tony:~# ifconfig br1 0.0.0.0 promisc up root@tony:~# ifconfig br1 Link encap:Ethernet HWaddr 00:21:cc:69:71:e1 inet6 addr: fe80::221:ccff:fe69:71e1/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:260 errors:0 dropped:0 overruns:0 frame:0 TX packets:27 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0

27

RX bytes:14773 (14.7 KB) TX bytes:4203 (4.2 KB)

7. Bring the tap0 interface up:

root@tony:~# ifconfig tap0 0.0.0.0 promisc up

root@tony:~# ifconfig tap0 Link encap:Ethernet HWaddr ca:b1:16:ca:ec:ca UP BROADCAST PROMISC MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

8. Force a DHCP request on the br1 interface over the physical eth0 interface for br1 to obtain an IP address, default gateway and DNS information.

root@tony:~# dhclient -v br1 Internet Systems Consortium DHCP Client 4.2.4 Copyright 2004-2012 Internet Systems Consortium. All rights reserved.

For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/br1/00:21:cc:69:71:e1 Sending on LPF/br1/00:21:cc:69:71:e1 Sending on Socket/fallback DHCPREQUEST of 192.168.1.86 on br1 to 255.255.255.255 port 67(xid=0x24bcae5f) DHCPACK of 192.168.1.86 from 192.168.1.254 bound to 192.168.1.86 -- renewal in 32670 seconds.

root@tony:~# ifconfig br1 Link encap:Ethernet HWaddr 00:21:cc:69:71:e1 inet addr:192.168.1.86 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::221:ccff:fe69:71e1/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:808 errors:0 dropped:0 overruns:0 frame:0 TX packets:65 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:45322 (45.3 KB) TX bytes:11035 (11.0 KB)

The br1 interface's DHCP request has not only assigned an IP address (192.168.1.86) to br1, it has also established the default gateway for br1.

root@tony:~# openvpn --show-gateway Mon Apr 21 06:41:08 2014 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=br1 HWADDR=00:21:cc:69:71:e1

9. Re-start the guest FreeBSD VM telling it to use the tap0 interface as its NIC to communicate.

28

It is possible to use scripts to assign and to start / stop tunnel interfaces but in this example I am specifying explicitly that no scripts are being used.

root@tony:~# qemu-system-x86_64 -m 4096M -hda freebsd-4.11.img -net nic -net tap,ifname=tap0,script=no,downscript=no

Log into the guest VM when it has finished booting. Remember to use CTRL+ALT to escape from the cursor grab as and when required.

Figure-42 10. Note that the guest VMs em0 interface is active but it does not yet have any IP address

information.

29

Figure-43 11. Issuing a dhclient em0 command on the guest VM brings up the em0 interface.

Figure-44 12. The guest VM em0 interface now also has an IP address (192.168.1.91). The DHCP request

was tunnelled over the tap0 interface to the host computer's bridge interface, which broadcast the DHCP request to the Home GW on the LAN. The Home GW obliged and allocated an IP address to the guest VM.

The guest VM can now ping the host IP (192.168.1.86) and the Home GW IP (192.168.1.254).

30

Figure-45 13. In fact, the guest VM can also perform DNS look-ups to access the Internet.

Figure-46

2.5 Copying the True File to the Host Machine 1. SCP the file /usr/bin/true to the host computer and place it in the OLIVE directory.

31

Figure-47 It is now possible to start unpacking and configuring the JunOS installation package. Shut down the guest VM and exit the QEMU emulator using CTRL+ALT+2 and typing quit. 2. If you wish to remove the br1 and tap0 interfaces from the host computer: Bring down the

eth0, br1 and tap0 interfaces.

root@tony:~# ifconfig br1 down root@tony:~# ifconfig eth0 down root@tony:~# ifconfig tap0 down

3. Delete the br1 interface.

root@tony:~# brctl delbr br1 root@tony:~# brctl show bridge name bridge id STP enabled interfaces --------------------------------------------------------

4. Remove the tap0 tunnel interface.

root@tony:~# openvpn --rmtun --dev tap0 Mon Apr 21 07:10:15 2014 TUN/TAP device tap0 opened Mon Apr 21 07:10:15 2014 Persist state set to: OFF

5. Bring the eth0 interface back up.

root@tony:~# ifconfig eth0 up

32

3 JunOS Installation Process 3.1 Unpacking the Files & Changing Checksums The OLIVE directory should contain the following files:

root@tony:~/OLLIVE# ls -l total 1055672 -rw------- 1 root root 244912128 Apr 21 03:30 4.11-RELEASE-i386-miniinst.iso -rw-r--r-- 1 root root 349700096 Apr 21 07:05 freebsd-4.11.img -rw------- 1 root root 486446530 Apr 21 07:18 jinstall-12.3R6.6-export-signed.tgz -r-xr-xr-x 1 tony tony 2908 Apr 21 06:58 true

Where freebsd-4.11.img is the virtual disk image of the FreeBSD machine onto which we will install JunOS. The JunOS package is signed. This means that we must ensure that we modify carefully the various SHA1 and MD5 checksums as we progress with each change. Invalid hashes will result in the installation failing. Create the following directory structure underneath the OLIVE directory.

OLIVE

| temp1

| temp2

| |--------------------| temp3 temp4

| temp5

1. Unpack the jinstall-12.3R6.6-export-signed.tgz archive into subdirectory temp1 where -C means change to to unpack the files before returning to the current directory.

root@tony:~/OLIVE# tar -xvf jinstall-12.3R6.6-export-signed.tgz -C temp1 certs.pem +COMMENT +CONTENTS +DESC +INSTALL issu-indb.tgz jinstall-12.3R6.6-export.tgz jinstall-12.3R6.6-export.tgz.md5 jinstall-12.3R6.6-export.tgz.sha1 jinstall-12.3R6.6-export.tgz.sig

2. Change to the temp1 directory and unpack the jinstall-12.3R6.6-export.tgz archive into the

33

temp2 directory.

root@tony:~/OLIVE# cd temp1

root@tony:~/OLIVE/temp1# tar -xvf jinstall-12.3R6.6-export.tgz -C temp2 bootstrap-install-12.3R6.6.tar +COMMENT +CONTENTS +DEINSTALL +DESC +INSTALL jbundle-12.3R6.6-export.tgz pkgtools.tgz +REQUIRE

3. Change to the temp2 directory and unpack the jbundle-12.3R6.6-export.tgz archive to the temp3 directory and unpack the pkgtools.tgz archive to the temp4 directory. Note that there are 2 x pkgtools.tgz files in the installation packages. One is unpacked now to temp4, the other is unpacked to temp5 in the next step.

root@tony:~/OLIVE/temp1# cd temp2

root@tony:~/OLIVE/temp1/temp2# tar -xvf jbundle-12.3R6.6-export.tgz -C temp3 +clean.jboot +COMMENT +CONTENTS +DEINSTALL +DESC +INSTALL +install.jboot jbase-12.3R6.6.tgz jbase-12.3R6.6.tgz.sha1 jboot-12.3R6.6.tgz jboot-12.3R6.6.tgz.sha1 jdocs-12.3R6.6.tgz jdocs-12.3R6.6.tgz.sha1 jkernel-12.3R6.6.tgz jkernel-12.3R6.6.tgz.sha1 jpfe-12.3R6.6.tgz jpfe-12.3R6.6.tgz.sha1 jplatform-12.3R6.6.tgz jplatform-12.3R6.6.tgz.sha1 jroute-12.3R6.6.tgz jroute-12.3R6.6.tgz.sha1 jruntime-12.3R6.6.tgz jruntime-12.3R6.6.tgz.sha1 jservices-12.3R6.6.tgz jservices-12.3R6.6.tgz.sha1 pkgtools.tgz pkgtools.tgz.sha1 +REQUIRE +require.jboot

root@tony:~/OLIVE/temp1/temp2# tar -xvf pkgtools.tgz -C temp4 bin/ bin/checkpic pkg/

34

pkg/manifest.sig pkg/manifest.sha1 pkg/manifest.certs pkg/manifest

4. Change to the temp3 directory and unpack the pkgtools.tgz archive to the temp5 directory.

root@tony:~/OLIVE/temp1/temp2# cd temp3

root@tony:~/OLIVE/temp1/temp2/temp3# tar -xvf pkgtools.tgz -C temp5/ bin/ bin/checkpic pkg/ pkg/manifest.sig pkg/manifest.sha1 pkg/manifest.certs pkg/manifest

5. Change to the temp5 directory. Copy the ~/OLIVE/true file that we obtained from the FreeBSD guest VM to the bin subdirectory such that it overwrites the bin/checkpic file. Obtain the checksum of the new checkpic file:

root@tony:~/OLIVE/temp1/temp2/temp3# cd temp5

root@tony:~/OLIVE/temp1/temp2/temp3/temp5# cp ~/OLIVE/true bin/checkpic

root@tony:~/OLIVE/temp1/temp2/temp3/temp5# shasum bin/checkpic 21f98b3edcef39bfb0d7989664998c264a9a0cc8 bin/checkpic

6. Edit the pkg/manifest file, delete the old checksum and replace it with the new checkpic files checksum obtained above.

root@tony:~/OLIVE/temp1/temp2/temp3/temp5# more pkg/manifest pkg/manifest uid=0 gid=0 mode=444 pkg/manifest.sha1 uid=0 gid=0 mode=444 pkg/manifest.sig uid=0 gid=0 mode=444 pkg/manifest.certs uid=0 gid=0 mode=444 bin/checkpic sha1=21f98b3edcef39bfb0d7989664998c264a9a0cc8 uid=0 gid=0 mode=555

7. Because weve changed the manifest file, we need to obtain its new checksum and edit the the pkg/manifest.sha1 file to replace the old checksum.

root@tony:~/OLIVE/temp1/temp2/temp3/temp5# shasum pkg/manifest f4ac6c369d8d261f1e3dc61f361cb28f1678c1d0 pkg/manifest

root@tony:~/OLIVE/temp1/temp2/temp3/temp5# more pkg/manifest.sha1 f4ac6c369d8d261f1e3dc61f361cb28f1678c1d0

8. Our work in temp5 is done. Package everything back up into the pkgtools.tgz archive in directory temp3 above. Note use of the flags zcfv and the fact that unlike the unpack command they are not preceded with a - sign.

35

When done, change up to the temp3 directory and delete the temp5 directory.

root@tony:~/OLIVE/temp1/temp2/temp3/temp5# tar zcfv ../pkgtools.tgz * bin/ bin/checkpic pkg/ pkg/manifest.sig pkg/manifest.sha1 pkg/manifest.certs pkg/manifest

root@tony:~/OLIVE/temp1/temp2/temp3/temp5# cd ..

root@tony:~/OLIVE/temp1/temp2/temp3# rm -r temp5/

9. Now that we're back in the temp3 directory with the new pkgtools.tgz archive, we need to re-generate the pkgtools.tgz.sha1 file to hold a new checksum. We also need to edit the new pkgtools.tgz.sha1 file to remove some of the header information leaving only the checksum itself.

root@tony:~/OLIVE/temp1/temp2/temp3# openssl sha1 pkgtools.tgz > pkgtools.tgz.sha1

root@tony:~/OLIVE/temp1/temp2/temp3# more pkgtools.tgz.sha1 SHA1(pkgtools.tgz)= ef546536e4ff859d54e85a21df31b9ae5092b39b

After editing:

root@tony:~/OLIVE/temp1/temp2/temp3# more pkgtools.tgz.sha1 ef546536e4ff859d54e85a21df31b9ae5092b39b

10. Change up to the temp2 directory but do not delete the temp3 directory. We need to come back here later on to edit some of the installation scripts. When in the temp2 directory, change down to the temp4 directory. We need to repeat the process of replacing the checkpic file with the true file and re-generating new checksums.

root@tony:~/OLIVE/temp1/temp2/temp3# cd ..

root@tony:~/OLIVE/temp1/temp2# cd temp4

root@tony:~/OLIVE/temp1/temp2/temp4# ls bin pkg

root@tony:~/OLIVE/temp1/temp2/temp4# cp ~/OLIVE/true /bin/checkpic

root@tony:~/OLIVE/temp1/temp2/temp4# shasum bin/checkpic 21f98b3edcef39bfb0d7989664998c264a9a0cc8 bin/checkpic

36

root@tony:~/OLIVE/temp1/temp2/temp4# more pkg/manifest pkg/manifest uid=0 gid=0 mode=444 pkg/manifest.sha1 uid=0 gid=0 mode=444 pkg/manifest.sig uid=0 gid=0 mode=444 pkg/manifest.certs uid=0 gid=0 mode=444 bin/checkpic sha1=21f98b3edcef39bfb0d7989664998c264a9a0cc8 uid=0 gid=0 mode=555

root@tony:~/OLIVE/temp1/temp2/temp4# shasum pkg/manifest f4ac6c369d8d261f1e3dc61f361cb28f1678c1d0 pkg/manifest

root@tony:~/OLIVE/temp1/temp2/temp4# more pkg/manifest.sha1 f4ac6c369d8d261f1e3dc61f361cb28f1678c1d0

11. Package up the files into the pkgtools.tgz archive in the temp2 directory above. Change up to the temp2 directory and delete the temp4 directory.

root@tony:~/OLIVE/temp1/temp2/temp4# tar zcfv ../pkgtools.tgz * bin/ bin/checkpic pkg/ pkg/manifest.sig pkg/manifest.sha1 pkg/manifest.certs pkg/manifest

root@tony:~/OLIVE/temp1/temp2/temp4# cd ..

root@tony:~/OLIVE/temp1/temp2# rm -r temp4

12. We are now left with the following directories. The next step is to edit the installation scripts.

OLIVE

| temp1

| temp2

| temp3

3.2 Edit the Installation Scripts 3.2.1 temp1 Directory Files

+INSTALL Change directory to OLIVE/temp1. Issue the following sed command to change all

37

occurrences of olive to Olive i.e. anything that begins with a lower-case o must be changed to an upper-case O. Note that the names of the script files begin with + so it is only these that we are interested in.

sed -i "s|olive|Olive|g" +*

Edit the +INSTALL file and carry out the following changes. Note that some commands (such as more) on files beginning with special characters (such as +) don't work. However, you can edit the file using a built-in text editor or use vi. You can also cat the file to examine its contents. If you have any problems, move the file to a different name, edit it and move it back again. Change the existing +INSTALL script using the following in blue, exactly as shown. It is necessary to extract the jinstall files to the jinstall_pkg directory and comment out the rm line to leave the jinstall-12.3R6.6-export.tgz archive in place. Later on, we will install the packages using the jinstall-12.3R6.6-export.tgz archive rather than installing from the directory. Some versions of BSD will not install from a directory preferring instead to install from an archive file.

inner=jinstall_pkg extractInner() { DebugOn extractInner if [ -s jinstall-12.3R6.6-export.tgz ]; then mkdir -p $inner tar -zxf jinstall-12.3R6.6-export.tgz -C $inner # save space now... # rm jinstall-12.3R6.6-export.tgz fi DebugOff extractInner }

Force the installation by referencing the archive. Comment out the pkg_add line that references $inner and add the line that contains the full jinstall archive file name.

extractInner if [ -d $etc_pkgdir/$pkgname ] ; then # see if the package will be happy before we de-install RunREQUIRE || exit 1 echo "Auto-deleting old $pkgname..." PKG_UPGRADE=: pkg_delete $pkgname fi echo "Adding jinstall..." # pkg_add $PKG_FORCE $inner || fail=1 pkg_add $PKG_FORCE jinstall-12.3R6.6-export.tgz

Change the re_model and re_name to Olive rather than allowing the script to use the FreeBSD sysctl kernel parameters. The installation scripts frequently reference the sysctl parameters hw.product.model, hw.re.name and he.re.model. The goofy thing is that these parameters simply don't exist on the various versions of FreeBSD that I experimented with. It isn't necessary to change all occurrences of product_model. Some oid unknown error messages are displayed during installation but this does not prevent the installation from

38

succeeding. However, it is essential to replace the occurrences below, particularly for the re_name and re_model variables otherwise the installation fails. I experimented replacing these unknown FreeBSD sysctl OIDs with known ones, such as kern.hostname but the installation failed at the back-end of the jinstall process. The installation succeeds if you make the following changes in blue.

platform_check() { DebugOn platform_check

# product_model=`sysctl -n hw.product.model` product_model="Olive" # re_model=`sysctl -n hw.re.model`-i re_model="Olive" case "$1:$product_model:$re_model" in *:Olive) ;; # ok jseries:j[1-9][0-9][0-9][0-9]:*) ;; # ok

check_arch_compatibility() { # re_name=`/sbin/sysctl -n hw.re.name 2>/dev/null` re_name="Olive" if [ -z "$re_name" ]; then Error "hw.re.name sysctl not supported." fi

3.2.2 temp2 Directory Files +INSTALL Change directory to temp2. Issue the following sed command to change all occurrences of olive to Olive.


This section of the +INSTALL file in the temp2 directory is shafted. It tries to compute the available disk space in the root partition. Different versions of FreeBSD return different formatted output when the disklabel (a.k.a. bsdlabel) command is used within the script. Other script items are broken. For example, the disklabel command issued on disk partition ad0s1a fails. It must be issued using the disk name ad0s1 without the partition letter. The script attempts to remove the partition letter using ${rootdev%a} but this statement doesn't work for the version of FreeBSD we are using. Also, the output of the disklabel command is piped to sed. Unfortunately, the sed search and replacement command doesn't work either. Rather than trying to fix something that is so badly broken for this version of FreeBSD, I decided to just hard-code the number of root partition blocks in the script. I obtained this figure from logging into the guest and issuing the disklabel command manually. Also, I don't care that I'm specifying one parameter in blocks when the comparison is done with megabytes. The important thing is that the difference is greater than 256M.

rootdev_min=256 # allow 10% slop to account for different manufacturers.

39

rootdev_minsz=`expr $ $rootdev_min \* 90 / 100 $ \* 2048` echo "ROOT DEV MIN SIZE = "$rootdev_minsz # rootdev_size=`disklabel ${rootdev%a} | sed -n '/sectors.unit:/s,.*:,,p'` rootdev_size=8388608 echo "ROOT DEV SIZE = "$rootdev_size if [ $rootdev_size -lt $rootdev_minsz ]; then warn warn "This installation will not succeed." warn "The boot device is less than ${rootdev_min}M." warn "A hardware upgrade is required." warn exit 1 fi

Change re_name and re_model.



check_arch_compatibility() { # re_name=`/sbin/sysctl -n hw.re.name 2>/dev/null` re_name="Olive" if [ -z "$re_name" ]; then Error "kern.hostname sysctl not supported." fi

+REQUIRE rootdev_min=256 # allow 10% slop to account for different manufacturers. rootdev_minsz=`expr $ $rootdev_min \* 90 / 100 $ \* 2048` echo "ROOT DEV MIN SIZE = "$rootdev_minsz # rootdev_size=`disklabel ${rootdev%a} | sed n '/sectors.unit:/s,.*:,,p'` rootdev_size=8388608 echo "ROOT DEV SIZE = "$rootdev_size if [ $rootdev_size -lt $rootdev_minsz ]; then warn warn "This installation will not succeed." warn "The boot device is less than ${rootdev_min}M." warn "A hardware upgrade is required." warn

exit 1 fi


# product_model=`sysctl -n hw.product.model`

40

product_model="Olive" # re_model=`sysctl -n hw.re.model`-i re_model="Olive" case "$1:$product_model:$re_model" in *:Olive) ;; # ok jseries:j[1-9][0-9][0-9][0-9]:*) ;; # ok


+DEINSTALL rootdev_min=256 # allow 10% slop to account for different manufacturers. rootdev_minsz=`expr $ $rootdev_min \* 90 / 100 $ \* 2048` echo "ROOT DEV MIN SIZE = "$rootdev_minsz # rootdev_size=`disklabel ${rootdev%a} | sed -n '/sectors.unit:/s,.*:,,p'` rootdev_size=8388608 echo "ROOT DEV SIZE = "$rootdev_size if [ $rootdev_size -lt $rootdev_minsz ]; then warn warn "This installation will not succeed." warn "The boot device is less than ${rootdev_min}M." warn "A hardware upgrade is required." warn

exit 1 fi




3.2.3 temp3 Directory Files Change directory to temp3. Issue the following sed command to change all occurrences of olive to Olive.

41


+INSTALL platform_check() { DebugOn platform_check



+REQUIRE platform_check() { DebugOn platform_check



+DEINSTALL FILE platform_check() { DebugOn platform_check

# product_model=`sysctl -n hw.product.model` product_model="Olive" # re_model=`sysctl -n hw.re.model`-i re_model="Olive"

42

case "$1:$product_model:$re_model" in *:Olive) ;; # ok jseries:j[1-9][0-9][0-9][0-9]:*) ;; # ok


3.3 Re-Package the Script Files 1. Change to the temp3 directory. Re-pack all the files into the jbundle-12.3R6.6-export.tgz

archive in the temp2 directory above. Recall that we have already re-generated the SHA1 checksum for the pkgtools.tgz file in this directory so no further tinkering with checksums is needed. When complete, change up to the temp2 directory and delete the temp3 directory.

root@tony:~/OLIVE/temp1/temp2/temp3# root@tony:~/OLIVE/temp1/temp2/temp3# tar zcfv ../jbundle-12.3R6.6-export.tgz * +clean.jboot +COMMENT +CONTENTS +DEINSTALL +DESC +INSTALL +install.jboot jbase-12.3R6.6.tgz jbase-12.3R6.6.tgz.sha1 jboot-12.3R6.6.tgz jboot-12.3R6.6.tgz.sha1 jdocs-12.3R6.6.tgz jdocs-12.3R6.6.tgz.sha1 jkernel-12.3R6.6.tgz jkernel-12.3R6.6.tgz.sha1 jpfe-12.3R6.6.tgz jpfe-12.3R6.6.tgz.sha1 jplatform-12.3R6.6.tgz jplatform-12.3R6.6.tgz.sha1 jroute-12.3R6.6.tgz jroute-12.3R6.6.tgz.sha1 jruntime-12.3R6.6.tgz jruntime-12.3R6.6.tgz.sha1 jservices-12.3R6.6.tgz jservices-12.3R6.6.tgz.sha1 pkgtools.tgz pkgtools.tgz.sha1 +REQUIRE +require.jboot

root@tony:~/OLIVE/temp1/temp2/temp3# cd .. root@tony:~/OLIVE/temp1/temp2# rm -r temp3/

2. From the temp2 directory, re-pack all the files to the jinstall-12.3R6.6-export.tgz archive in the temp1 directory above. Once complete, change up to the temp1 directory and delete the temp2 directory.

43

root@tony:~/OLIVE/temp1/temp2# tar zcvf ../jinstall-12.3R6.6-export.tgz * bootstrap-install-12.3R6.6.tar +COMMENT +CONTENTS +DEINSTALL +DESC +INSTALL jbundle-12.3R6.6-export.tgz pkgtools.tgz +REQUIRE

root@tony:~/OLIVE/temp1/temp2# cd .. root@tony:~/OLIVE/temp1# rm -r temp2/

3. This next operation requires a bit more care. In the temp1 directory the jinstall-12.3R6.6-export.tgz file has both SHA1 and MD5 checksum files associated with it. Re-generate the checksum files, edit them to remove the header information and re-package everything up to the main jinstall-12.3R6.6-export-signed.tgz archive in the OLIVE directory above.

root@tony:~/OLIVE/temp1# openssl sha1 jinstall-12.3R6.6-export.tgz > jinstall-12.3R6.6-export.tgz.sha1

root@tony:~/OLIVE/temp1# openssl md5 jinstall-12.3R6.6-export.tgz > jinstall-12.3R6.6-export.tgz.md5

Before editing: root@tony:~/OLIVE/temp1# more jinstall-12.3R6.6-export.tgz.sha1 SHA1(jinstall-12.3R6.6-export.tgz)= f8b32bd90f200f70b4336f41e37eefe1be545ee6

root@tony:~/OLIVE/temp1# more jinstall-12.3R6.6-export.tgz.md5 MD5(jinstall-12.3R6.6-export.tgz)= 52399a9f7774b9a92f139ad898bd7e03

After editing: root@tony:~/OLIVE/temp1# more jinstall-12.3R6.6-export.tgz.sha1 f8b32bd90f200f70b4336f41e37eefe1be545ee6

root@tony:~/OLIVE/temp1# more jinstall-12.3R6.6-export.tgz.md5 52399a9f7774b9a92f139ad898bd7e03

root@tony:~/OLIVE/temp1# tar zcfv ../jinstall-12.3R6.6-export-signed.tgz * certs.pem +COMMENT +CONTENTS +DESC +INSTALL issu-indb.tgz jinstall-12.3R6.6-export.tgz jinstall-12.3R6.6-export.tgz.md5 jinstall-12.3R6.6-export.tgz.sha1 jinstall-12.3R6.6-export.tgz.sig

root@tony:~/OLIVE/temp1# cd .. root@tony:~/OLIVE# rm -r temp1

44

root@tony:~/OLIVE# ls -l total 1055672 -rw------- 1 root root 244912128 Apr 21 03:30 4.11-RELEASE-i386-miniinst.iso -rw-r--r-- 1 root root 349700096 Apr 21 07:05 freebsd-4.11.img -rw------- 1 root root 486446535 Apr 21 09:49 jinstall-12.3R6.6-export-signed.tgz -r-xr-xr-x 1 tony tony 2908 Apr 21 06:58 true

3.4 Installing JunOS on the FreeBSD Guest VM 1. In the OLIVE directory, create a JunOS ISO file from the jinstall-12.3R6.6-export.tgz file. The

JunOS ISO file is mounted as a CDROM on the FreeBSD VM to install JunOS. Use the -R Rock Ridge extension parameter.

root@tony:~/OLIVE# mkisofs -R -o junos-12.3R6.6.iso jinstall-12.3R6.6-export-signed.tgz

I: -input-charset not specified, using utf-8 (detected in locale settings) 2.10% done, estimate finish Mon Apr 21 09:57:10 2014 4.21% done, estimate finish Mon Apr 21 09:57:10 2014 6.31% done, estimate finish Mon Apr 21 09:57:10 2014 8.42% done, estimate finish Mon Apr 21 09:57:10 2014 10.52% done, estimate finish Mon Apr 21 09:57:10 2014 12.62% done, estimate finish Mon Apr 21 09:57:10 2014 14.72% done, estimate finish Mon Apr 21 09:57:10 2014 16.83% done, estimate finish Mon Apr 21 09:57:10 2014 18.93% done, estimate finish Mon Apr 21 09:57:10 2014 21.04% done, estimate finish Mon Apr 21 09:57:10 2014 23.14% done, estimate finish Mon Apr 21 09:57:10 2014 25.25% done, estimate finish Mon Apr 21 09:57:10 2014 27.35% done, estimate finish Mon Apr 21 09:57:10 2014 29.45% done, estimate finish Mon Apr 21 09:57:10 2014 31.55% done, estimate finish Mon Apr 21 09:57:10 2014 33.66% done, estimate finish Mon Apr 21 09:57:10 2014 35.76% done, estimate finish Mon Apr 21 09:57:10 2014 37.87% done, estimate finish Mon Apr 21 09:57:10 2014 39.97% done, estimate finish Mon Apr 21 09:57:10 2014 42.07% done, estimate finish Mon Apr 21 09:57:10 2014 44.17% done, estimate finish Mon Apr 21 09:57:10 2014 46.28% done, estimate finish Mon Apr 21 09:57:10 2014 48.38% done, estimate finish Mon Apr 21 09:57:10 2014 50.49% done, estimate finish Mon Apr 21 09:57:10 2014 52.59% done, estimate finish Mon Apr 21 09:57:10 2014 54.70% done, estimate finish Mon Apr 21 09:57:10 2014 56.80% done, estimate finish Mon Apr 21 09:57:10 2014 58.90% done, estimate finish Mon Apr 21 09:57:10 2014 61.00% done, estimate finish Mon Apr 21 09:57:10 2014 63.11% done, estimate finish Mon Apr 21 09:57:10 2014 65.21% done, estimate finish Mon Apr 21 09:57:10 2014 67.32% done, estimate finish Mon Apr 21 09:57:10 2014 69.42% done, estimate finish Mon Apr 21 09:57:10 2014 71.52% done, estimate finish Mon Apr 21 09:57:11 2014 73.62% done, estimate finish Mon Apr 21 09:57:11 2014 75.73% done, estimate finish Mon Apr 21 09:57:11 2014 77.83% done, estimate finish Mon Apr 21 09:57:11 2014 79.94% done, estimate finish Mon Apr 21 09:57:11 2014 82.04% done, estimate finish Mon Apr 21 09:57:11 2014 84.14% done, estimate finish Mon Apr 21 09:57:11 2014

45

86.24% done, estimate finish Mon Apr 21 09:57:11 2014 88.35% done, estimate finish Mon Apr 21 09:57:11 2014 90.45% done, estimate finish Mon Apr 21 09:57:11 2014 92.56% done, estimate finish Mon Apr 21 09:57:11 2014 94.66% done, estimate finish Mon Apr 21 09:57:11 2014 96.77% done, estimate finish Mon Apr 21 09:57:11 2014 98.87% done, estimate finish Mon Apr 21 09:57:11 2014 Total translation table size: 0 Total rockridge attributes bytes: 276 Total directory bytes: 0 Path table size(bytes): 10 Max brk space used 0 237698 extents written (464 MB)

2. Boot the FreeBSD guest VM specifying the JunOS ISO image on the CDROM drive.

root@tony:~/OLIVE# qemu-system-x86_64 -m 4096M -hda freebsd-4.11.img -cdrom junos-12.3R6.6.iso

Figure-48 3. Log in as root and mount the CDROM drive. Once again, remember the CTRL+ALT keys to

exit the cursor grab mode of the guest VM if needed.

46

Figure 4-9 4. Start the installation using the -f force flag. The overall installation takes quite a long time

approximately 30 to 40 minutes. Stay close to the screen if you can to observe any errors. Press CTRL-T to see how the installation is progressing.

Figure-50 5. As expected, some sysctl: unknown oid messages are displayed for hw.product.model.

47

Figure-51 6. The jinstall package checksum is fine. Our hard work has paid off.

Figure-52 7. The installation now starts the jinstall installation Adding jinstall.

48

Figure-53 8. Note the ROOT DEV MIN SIZE and ROOT DEV SIZE values that are displayed. These are

the strings and values that we added to the +INSTALL script earlier.

Figure-54 9. The first part of the installation completes and a reboot required message is displayed. We are

not out of the woods yet as most of the main installation and post-installation checks still need to be carried out.

49

Figure-55 10. IMPORTANT. Shut down the FreeBSD guest VM in an orderly fashion using the halt

command.

Figure-56 11. Press the CTRL+ALT+2 keys and quit to exit the QEMU emulator completely.

50

Figure-57 12. Re-boot the FreeBSD guest VM with console access on port 3001. When you issue the

following command the guest VM will start to boot but will hang until you Telnet to it using PUTTY.

root@tony:~/OLIVE#qemu-system-x86_64 -m 4096M -hda freebsd-4.11.img -serial telnet:0.0.0.0:3001,server

QEMU waiting for connection on: telnet:0.0.0.0:3001,server

13. Open PUTTY and Telnet to 127.0.0.1 port 3001.

51

Figure-58 14. A QEMU emulator window opens together with a PUTTY console window.

52

Figure-59

Figure-60 15. The installation proceeds. It takes a while longer. The jbase package is being added in this

phase.

53

Figure-61 16. Individual package checksums are verified. If any of these is wrong the installation fails.

54

Figure-62 17. A message is displayed stating that the router needs to reboot. It will reboot itself after

completing further installation steps.

55

Figure-63 18. Loads of services are installed.

56

Figure-64 19. Finally, the router reboots of its own accord.

57

Figure-65 20. The reboot completes, ready for login with username root no password.

58

Figure-66 21. Log in and carry out a few basic checks processes, file system, interfaces, access to the CLI

etc.

59

Figure-67 22. File system looks rosy.

60

Figure-68 23. We're not done yet. We need to shut down the router and configure GNS3. In the meantime,

take a look at how it's affecting host computer resources. A few spikes but not too bad overall CPU and memory wise. Although this reasonably low resource usage changes when we run more than one JunOS router in GNS3.

61

Figure-69 24. Halt the router. Exit the QEMU emulator before it has a chance to reboot using the usual

CTRL+ALT+2 to quit the emulator.

62

Figure-70 25. The file freebsd-4.11.img is the router's operating system file. You can rename this to

whatever you wish. I have renamed it to junos-12.3R6.6.img for use in GNS3.

4 Setting up GNS3 1. Open a terminal window on the host computer. Find the file qemuwrapper.py and copy it to

keep a backup copy just in case.

root@tony:~/OLIVE# ls /usr/share/gns3/qemuwrapper.py /usr/share/gns3/qemuwrapper.py

root@tony:~/OLIVE# cp /usr/share/gns3/qemuwrapper.py /usr/share/gns3/qemuwrapper.py.original

2. Edit the file /usr/share/gns3/qemuwrapper.py and change the variables shown in blue to the following values (these apply to the Linux implementation of GNS3):

if platform.system() == 'Windows': if os.path.exists('Qemu\qemu-system-i386w.exe'):

63

QEMU_PATH = "Qemu\qemu-system-i386w.exe" QEMU_IMG_PATH = "Qemu\qemu-img.exe" else: # For now we ship Qemu 0.11.0 in the all-in-one QEMU_PATH = "qemu.exe" QEMU_IMG_PATH = "qemu-img.exe" else: QEMU_PATH = "qemu-system-x86_64" QEMU_IMG_PATH = "/usr/bin/qemu-img"

3. Start GNS3.

Figure-71 4. Select Edit --> Preferences --> Qemu Settings. Set the following:

Path to qemu: qemu-system-x86_64 Path to qemu-img: qemu-img

The rest are default values that should be OK. Click the Test Settings button. The tests pass. Ignore the pemu message in red, this relates to emulated PIX firewall software, which we haven't installed. Click Apply.

64

Figure-72 5. Select the JunOS tab. Enter a device description and the location of where the JunOS image

will reside. In this example I renamed the file freebsd-4.11.img to junos-12.3R6.6.img and copied it to the /home/tony/GNS3/Images directory, the default location for GNS3 images. You can set the path to your Images and Projects directories in the General --> General Settings tab. Allocate the RAM to the device. You will probably find that 2048M is sufficient. Allocate the number of interfaces. These are configured on the router as em0 to em5. Leave the NIC model as e1000 and click Save, then click Apply.

65

Figure-73 6. Navigate to the General --> Terminal Settings tab. Select Putty (Linux/BSD) as the

terminal type and click Use. In the Terminal command: field, enter putty -telnet %h %p. Note that you can add other PUTTY parameters to this line if you wish. Always click Apply after any changes otherwise they will be lost.

66

Figure-74 7. Create a couple of routers by dragging them from the left-hand pane and dropping them in the

work area.

67

Figure-75 8. Connect the routers together by clicking on the connection icon in the the left-most pane.

Move the cursor over the first router and click. A drop down box showing interfaces em0 to em5 is displayed. Click the interface you want, drag the line to the second router and repeat the process. The interfaces stay red until the routers are started. Un-click the connector icon when the connection(s) have been added.

68

Figure-76 9. Right click each router and select Start. Two guest VM windows appear. Minimise these.

69

Figure-77 10. Console to the router(s). Right click on a router and select Console from the drop-down

menu, or click the terminal icon in the top menu bar. The PUTTY terminal opens and the routers continue their boot process.

70

Figure-78 11. Start configuring. Remember to shut down the routers in an orderly fashion when you have

finished, much as you would with real devices. Also, once the routers have halted, exit from the QEMU emulators using CTRL+ALT+2 and remember to right-click and stop the routers in GNS3. You can save topologies with the associated configurations as well as being able to create labelled topologies and network diagrams in the GNS3 work space.

71

Figure-79

5 VERDICT The FreeBSD VM could have been configured with less memory and disk space. The memory can be tweaked in the GNS3 settings. However, the JunOS 12.3R6.6 image (JTAC recommended) is not lightweight and 2 x routers is probably all that the host could handle in anger. The main advantage of using a larger Olive in GNS3 is that you can verify syntax as well as basic functionality. I have yet to mix this Olive with smaller Cisco devices to gauge performance, although I have configured up to 4 x JunOS 10.1R1.8 devices in a topology and up to 6 x Cisco 2600 devices in a separate topology. Performance was not great, but acceptable.

Olive Install Complete Guide - JunOS 12.3R6 V1-1

Documents

Transcript of Olive Install Complete Guide - JunOS 12.3R6 V1-1