So far, we have discussed both the manual and Docker methods of installing VyControl. The manual method consists of cloning the VyOS git repository and installing Python dependencies in a virtual environment. The Docker method is based on downloding VyControl Docker image from Docker hub and launching the container. In both cases, VyOS controller is running on a separate computer and accesses VyOS instance over the LAN / WAN.
This tutorial provides configuration steps for running the VyControl Docker container on VyOS instance. In other words, the Docker is hosted on stand-alone VyOS instance itself. In order to do it, Docker must be installed on the VyoS router. However, this topic is not covered in the tutorial. If you have any problems, read my Docker on VyoS installation guide which describes the installation process in detail.
Picture 1 - Network Topology with VyOS Router Hosting Docker Container
Our goal is to clone the VyControl git repository into Debian 10 Linux and make the required changes to the configuration files. Then we will create a Docker image that contains our changes. The image will be saved to a tar file and copied to the VyOS instance over the LAN using the scp tool. Finally, we will extract the Docker image and launch our container on the VyOS router.
Host:
- OS: Debian 10 Buster
- Hypervisor: Oracle VirtualBox 6.1.18
- RAM: 16GB
- NIC: wlp3s0, IP 172.17.101.7/16
Guest VirtualBOx VM:
- RAM: 4096 MB
- OS: VyOS 1.4-rolling-202103120218
- NICs: eth0, eth1, eth2, eth3
- NIC eth0: 172.17.100.99/16
- Installed Software:
-- Docker version 20.10.5, build 55c4c88
-- docker-compose version 1.28.5, build c4eb3a1f
Docker Container on VirtualBox VM (VyOS):
-- VyControl: 20.05.10
1. VyOS Configuration
IP address and static default route configuration:
vyos@vyos:~$ configure
[edit]
vyos@vyos# set interfaces ethernet eth0 address '172.17.100.99/24'
vyos@vyos# set protocols static route 0.0.0.0/0 next-hop 172.17.100.1
vyos@vyos# set service ssh listen-address '172.17.100.99'
vyos@vyos# set system name-server '8.8.8.8'
HTTPS API Configuration:
VyControl requires the latest VyOS API (VyOS version 1.3+ rolling release) supported by the latest VyOS rolling release ISO image.
vyos@vyos# set service https api keys id my_id key 'my_secret_key'
vyos@vyos# set service https certificates system-generated-certificate lifetime '65535'
vyos@vyos# set service https virtual-host vyos1 listen-address '172.17.100.99'
vyos@vyos# set service https virtual-host vyos1 listen-port '6443'
vyos@vyos# set service https virtual-host vyos1 server-name 'vyos1.example.com'
vyos@vyos# commit
vyos@vyos# save
vyos@vyos# exit
2. Creating VyOS Docker Image on Debian 10 (Host)
2. 1 Clone VyOS Git repository
brezular@freepc:~$ sudo apt install git
brezular@freepc:~$ git clone https://github.com/vycontrol/vycontrol.git
2.2. Check Listening Socket
Make sure that the Django web server running inside the container is configured to listen on socket 0.0.0.0:8000. This is specified in the Dockerfile.
Switch to the directory vycontrol:
brezular@freepc:~$ cd vycontrol
brezular@freepc:~/vycontrol$ grep '0.0.0.0:8000' Dockerfile
CMD ["runserver", "0.0.0.0:8000"]
2.3 Add Host IP Address to Allowed Hosts
Add the IP address of the Ethernet interface to the file setting.py. In our case, it is the IP address of the interface eth0 - 172.17.100.99.
brezular@freepc:~/vycontrol$ sed -i "s/ALLOWED_HOSTS = \['127.0.0.1'\]/ALLOWED_HOSTS = \['127.0.0.1', '172.17.100.99'\]/g" vycontrol/vycontrol/settings.py
2.4 Build VyControl Image and Export Image to Tar Archive
We are going to create a new VyControl image with the modified file settings.py. We will copy the image to the VyOS instance in the following section.
brezular@freepc:~/vycontrol$ docker-compose build
When finished, the image is ready being copied to VyOS (Picture 2).
$ docker images
Picture 2 - VyControl Docker Image on Debian 10
Save Docker image - vycontrol to the tar archive and copy the image to our VyOS router via SSH.
brezular@freepc:~/vycontrol$ sudo docker save -o docker.tar vycontrol
brezular@freepc:~/vycontrol$ scp -rv docker.tar vyos@172.17.100.99:
3. Load VyControl Docker Image
Login to VyOS CLI and load Docker Image with the command:
vyos@vyos:~$ sudo docker load -i docker.tar
Check if image exists:
vyos@vyos:~$ docker images
Picture 3 - VyControl Docker Image Loaded on VyOS
4. Run VyControl Container
Run container with published container's port 8000 to the host port 8000, host-ip 0.0.0.0.
vyos@vyos:~$ sudo docker run -p 8000:8000 -t vycontrol
-p, --publish Publish a container's port(s) to the host
-t, --tty Allocate a pseudo-TTY
vycontrol - name of the Docker image
On Debian Linux, open web browser and navigate to http://172.17.100.99:8000.
Picture 4 - VyControl WEB UI
Create a new user for VyControl WEB UI administration and add a new instance. lick test button to test connectivity from VyControl to VyOS (Picture 5).
Picture 5 - Checking Connectivity from VyControl to VyOS
5. Replace Database Inside VyControl Docker Container
VyControl use SQLite database and it is stored in the directory /code as db.sqlite3. If you want to replace the database with a new database e.g. db-new.sqlite3, just copy db-new.sqlite3 to the existing container d43cf0daa424 (check with docker ps command).
vyos@vyos:~$ sudo docker cp db-new.sqlite3 d43cf0daa424:/code/db.sqlite3
End.