-
Notifications
You must be signed in to change notification settings - Fork 232
Setup on Virtual Machine
Gatekeeper can be run on machines that support KVM and libvirt. Even if your computer or server does not have a network card that Gatekeeper supports, you can still run Gatekeeper in a VM using the virtio paravirtualized driver.
Note that KVM is mainly for Linux environments only, and installing the Gatekeeper VM below will require around 20 GB of storage.
Follow the steps here to install KVM and libvirt in a Debian/Ubuntu environment. In particular, you'll need to make sure your CPU supports virtualization, install the needed packages, and users to groups. You do not need to do the optional step of installing virt-manager.
You'll also need an image for the virtual machine. We recommend using Ubuntu Live Server:
wget http://releases.ubuntu.com/bionic/ubuntu-18.04.1-live-server-amd64.iso
Create a VM named gk, with 2048 MB of RAM, 20 GB of storage, and an Ubuntu 18.04 image file (downloaded in the previous step) using the following command:
sudo virt-install --connect qemu:///system -n gk -r 2048 -f gk.qcow2 -s 20 -c ubuntu-18.04.1-live-server-amd64.iso --vnc --noautoconsole
While the virt-install command is running, you'll need to connect to the VM to complete the installation. If you're creating the VM locally and have access to a graphical console, you can simply run:
virt-viewer -c qemu:///system gk
If you are creating a VM on a remote server (host.example.com) and are connected over SSH, you can run:
virt-viewer --connect qemu+ssh://[email protected]/system gk
Where user is your identity on host.example.com. You'll need to enter your password twice and then a virtual console should open.
Follow the default steps to setting up the VM.
DPDK requires the use of hugepages. To set them up on the VM, run the following command:
$ echo 1024 | sudo tee /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
Then, the configuration files need to be altered in the following ways:
In lua/if_map.lua, set the mapping for enp0s8 to be "net_af_packet0" and the mapping for enp0s9 to be "net_af_packet1." It should look like:
return {
["enp0s3"] = "0000:00:03.0",
["enp0s8"] = "net_af_packet0",
["enp0s9"] = "net_af_packet1",
["enp0s10"] = "0000:00:0a.0",
["enp0s16"] = "0000:00:10.0",
}
If running gatekeeper as a Gatekeeper server, then open lua/gatekeeper_config.lua and set n_lcores to 1. If running gatekeeper as a Grantor server, open lua/gt.lua and set n_lcores to 1 there instead.
In lua/net.lua, set front_ports to be {"enp0s8"} and back_ports to be {"enp0s9"}. Then, front_mtu and back_mtu to be 1500 (or no more than 1500).
In lua/cps.lua, set kni_kmod_path to be /home/vagrant/gatekeeper/dependencies/dpdk/build/kmod/rte_kni.ko:
local kni_kmod_path = /home/vagrant/gatekeeper/dependencies/dpdk/build/kmod/rte_kni.ko
Since the interfaces on the VM do not support DPDK drivers, we must use virtual devices and the AF_PACKET driver. To do so, run Gatekeeper with the following command:
$ sudo ./build/gatekeeper --vdev net_af_packet0,iface=enp0s8 --vdev net_af_packet1,iface=enp0s9