How to create a VyOS Box Image

If you have been following along with the posts so far, you will know that we are using Vagrant to help automate the provision of VNFs within VirtualBox.

Vagrant uses “Box” files as a template to spin up multiple copies of a Virtual Machine (VM). To re-use this VyOS VM, we need to convert it into a re-usable Box image.

Box files have a few requirements that should be applied to the VM to operate correctly. These are:

• The first interface (management) is set to get its address from DHCP.
• There is a user called vagrant configured with a password of “vagrant”.
• Vagrant must be able to SSH to the VM.
• There is a default SSH key applied to the “vagrant” user.

So, let’s configure these settings on our newly created VyOS image. We’ll start with DHCP. Enter the commands below in the VyOS CLI:

vyos@vyos:~$ configure
[edit]
vyos@vyos# set interfaces ethernet eth0 address dhcp
[edit]
vyos@vyos# set interfaces ethernet eth0 description Management
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vyos@vyos# exit
exit
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0             192.168.56.103/24                 u/u  Management
lo               127.0.0.1/8                       u/u
                 ::1/128

When you enter “configure” mode on VyOS, the commands you enter do not take effect until you enter the command “commit”. The config is now live after entering “commit”; however, it will be lost upon reboot. To save the config, we type “save”.

Now that we have DHCP configured on our eth0 interface, let’s set up the “vagrant” user and SSH.

vyos@vyos:~$ configure
[edit]
vyos@vyos# set system login user vagrant authentication plaintext-password vagrant
[edit]
vyos@vyos# set service ssh port 22
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vyos@vyos# exit
exit

Open up a WSL2 terminal (either in Windows Terminal, VSCode or by searching “Ubuntu” in the start menu”) and try SSHing to the VyOS VM (if asked to trust the host, type “yes”):

nfvdev@ubuntu:/mnt/c/Users/nfvdev$ ssh vagrant@192.168.56.103
Welcome to VyOS
vagrant@192.168.56.103's password:
Linux vyos 5.4.142-amd64-vyos #1 SMP Thu Aug 19 20:24:01 UTC 2021 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jan  3 11:22:04 2022 from 192.168.56.1
vagrant@vyos:~$

Now are are logged in with the “vagrant” user, we have no need for the “vyos” user, so we can delete it.

vagrant@vyos:~$ configure
[edit]
vagrant@vyos# delete system login user vyos
[edit]
vagrant@vyos# commit
[edit]
vagrant@vyos# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vagrant@vyos# exit
exit

Finally, we should add the Vagrant default SSH key into the vagrant user to log in without using a password. The Vagrant default SSH key can be found at https://github.com/hashicorp/vagrant/blob/master/keys/vagrant.pub.

Note: This is very insecure and should not be used in a production environment.

vagrant@vyos:~$ configure
[edit]
vagrant@vyos# set system login user vagrant authentication public-keys vagrant type ssh-rsa
[edit]
vagrant@vyos# set system login user vagrant authentication public-keys vagrant key "AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ=="
vagrant@vyos# compare
[edit system login user vagrant authentication]
+public-keys vagrant {
+    key AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==
+    type ssh-rsa
+}
vagrant@vyos# commit
[edit]
vagrant@vyos# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vagrant@vyos# exit
exit

Great, that should be it. Let’s test it out.

nfvdev@ubuntu:/mnt/c/Users/nfvdev$ ssh -i .vagrant.d/insecure_private_key vagrant@192.168.56.103
Welcome to VyOS
Linux vyos 5.4.142-amd64-vyos #1 SMP Thu Aug 19 20:24:01 UTC 2021 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jan  3 11:25:24 2022 from 192.168.56.1
vagrant@vyos:~$

Awesome, we logged into VyOS without a password using the Vagrant insure private key.

Ok, now it’s time to package everything up into a reusable Box file. Exit out of VyOS and run “vagrant package –base <name_of_vm> –output <name_of_output_file>.box”:

vagrant@vyos:~$ exit
logout
Connection to 192.168.56.103 closed.
nfvdev@ubuntu:/mnt/c/Users/nfvdev$ export VAGRANT_HOME="/mnt/c/Users/nfvdev/.vagrant.d"
nfvdev@ubuntu:/mnt/c/Users/nfvdev$ vagrant package --base vyos-1.3.0-rc6 --output vyos-1.3.0-rc6.box
==> vyos-1.3.0-rc6: Attempting graceful shutdown of VM...
    vyos-1.3.0-rc6: Guest communication could not be established! This is usually because
    vyos-1.3.0-rc6: SSH is not running, the authentication information was changed,
    vyos-1.3.0-rc6: or some other networking issue. Vagrant will force halt, if
    vyos-1.3.0-rc6: capable.
==> vyos-1.3.0-rc6: Forcing shutdown of VM...
==> vyos-1.3.0-rc6: Exporting VM...
==> vyos-1.3.0-rc6: Compressing package to: /mnt/c/Users/nfvdev/vyos-1.3.0-rc6.box
nfvdev@ubuntu:/mnt/c/Users/nfvdev$ export VAGRANT_HOME="~/.vagrant.d"

This creates a file called vyos-1.3.0-rc6.box for us to reuse. We can then test the box image by creating a Vagrantfile with the following contents. Entire file available at: https://github.com/nfvdev/nfvdev-blog/blob/main/03-how-to-create-a-vyos-box-image/single/Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
  config.ssh.insert_key = false # By default, Vagrant will try and change the insecure SSH key to a better one. This won't work for us as it does not know how to talk VyOS.
  config.vm.box = "vyos-1.3.0-rc6.box" # Use the vyos box image
  config.vm.synced_folder '.', '/vagrant', disabled: true # Disable shared folders
  config.vm.guest = :linux # Tell Vagrant that it is Linux so it doesn't error
end

And then type “vagrant up” to spin up the VM.

nfvdev@ubuntu:/mnt/c/Users/nfvdev$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Box 'vyos-1.3.0-rc6.box' could not be found. Attempting to find and install...
    default: Box Provider: virtualbox
    default: Box Version: >= 0
==> default: Box file was not detected as metadata. Adding it directly...
==> default: Adding box 'vyos-1.3.0-rc6.box' (v0) for provider: virtualbox
    default: Unpacking necessary files from: file://mnt/c/Users/nfvdev/vyos-1.3.0-rc6.box
==> default: Successfully added box 'vyos-1.3.0-rc6.box' (v0) for 'virtualbox'!
==> default: Importing base box 'vyos-1.3.0-rc6.box'...
==> default: Matching MAC address for NAT networking...
==> default: Setting the name of the VM: vyos
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 172.31.32.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: The guest additions on this VM do not match the installed version of
    default: VirtualBox! In most cases this is fine, but in rare cases it can
    default: prevent things such as shared folders from working properly. If you see
    default: shared folder errors, please make sure the guest additions within the
    default: virtual machine match the version of VirtualBox you have installed on
    default: your host and reload your VM.
    default:
    default: Guest Additions Version: 6.0.0 r127566
    default: VirtualBox Version: 6.1

Finally, we can check that Vagrant can SSH into the newly created VyOS VM:

nfvdev@ubuntu:/mnt/c/Users/nfvdev$ vagrant ssh default
Linux vyos 5.4.142-amd64-vyos #1 SMP Thu Aug 19 20:24:01 UTC 2021 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jan  3 11:42:47 2022 from 192.168.56.1
vagrant@vyos:~$

We can destroy the VM with “vagrant destroy” and remove our template VM.

nfvdev@ubuntu:/mnt/c/Users/nfvdev$ vagrant destroy
    vyos: Are you sure you want to destroy the 'vyos' VM? [y/N] y
==> vyos: Forcing shutdown of VM...
==> vyos: Destroying VM and associated drives...

VyOS Vagrant Mini-Lab

Now that we have our VyOS Box file created, we can use it in a mini-lab. This will set up 2 VyOS routers connected back to back and do some ping tests between them.

• In an empty folder, create a Vagrantfile with the contents from https://github.com/nfvdev/nfvdev-blog/blob/main/03-how-to-create-a-vyos-box-image/minilab/Vagrantfile
• Spin up the VMs with “vagrant up”
• SSH to vyos1 with “vagrant ssh vyos1” and configure it with the commands from https://github.com/nfvdev/nfvdev-blog/blob/main/03-how-to-create-a-vyos-box-image/minilab/vyos1.cfg
• SSH to vyos2 with “vagrant ssh vyos2” and configure it with the commands from https://github.com/nfvdev/nfvdev-blog/blob/main/03-how-to-create-a-vyos-box-image/minilab/vyos2.cfg
• From vyos2 check connectivity with “ping 10.100.1.1 interface 10.100.2.2” and “show ip ospf neighbor”
• Destroy the lab with “vagrant destroy -f”

nfvdev@ubuntu:~$ vagrant up
Bringing machine 'vyos1' up with 'virtualbox' provider...
Bringing machine 'vyos2' up with 'virtualbox' provider...
==> vyos1: Importing base box 'vyos-1.3.0-rc6.box'...
==> vyos1: Matching MAC address for NAT networking...
==> vyos1: Setting the name of the VM: minilab_vyos1_1641217782383_52453
==> vyos1: Clearing any previously set network interfaces...
==> vyos1: Preparing network interfaces based on configuration...
    vyos1: Adapter 1: nat
    vyos1: Adapter 2: intnet
    vyos1: Adapter 3: intnet
==> vyos1: Forwarding ports...
    vyos1: 22 (guest) => 2222 (host) (adapter 1)
    vyos1: 22 (guest) => 2222 (host) (adapter 1)
==> vyos1: Booting VM...
==> vyos1: Waiting for machine to boot. This may take a few minutes...
    vyos1: SSH address: 172.31.32.1:2222
    vyos1: SSH username: vagrant
    vyos1: SSH auth method: private key
==> vyos1: Machine booted and ready!
==> vyos1: Checking for guest additions in VM...
    vyos1: The guest additions on this VM do not match the installed version of
    vyos1: VirtualBox! In most cases this is fine, but in rare cases it can
    vyos1: prevent things such as shared folders from working properly. If you see
    vyos1: shared folder errors, please make sure the guest additions within the
    vyos1: virtual machine match the version of VirtualBox you have installed on
    vyos1: your host and reload your VM.
    vyos1:
    vyos1: Guest Additions Version: 6.0.0 r127566
    vyos1: VirtualBox Version: 6.1
==> vyos2: Importing base box 'vyos-1.3.0-rc6.box'...
==> vyos2: Matching MAC address for NAT networking...
==> vyos2: Setting the name of the VM: minilab_vyos2_1641217826981_65854
==> vyos2: Fixed port collision for 22 => 2222. Now on port 2200.
==> vyos2: Clearing any previously set network interfaces...
==> vyos2: Preparing network interfaces based on configuration...
    vyos2: Adapter 1: nat
    vyos2: Adapter 2: intnet
    vyos2: Adapter 3: intnet
==> vyos2: Forwarding ports...
    vyos2: 22 (guest) => 2200 (host) (adapter 1)
    vyos2: 22 (guest) => 2200 (host) (adapter 1)
==> vyos2: Booting VM...
==> vyos2: Waiting for machine to boot. This may take a few minutes...
    vyos2: SSH address: 172.31.32.1:2200
    vyos2: SSH username: vagrant
    vyos2: SSH auth method: private key
==> vyos2: Machine booted and ready!
==> vyos2: Checking for guest additions in VM...
    vyos2: The guest additions on this VM do not match the installed version of
    vyos2: VirtualBox! In most cases this is fine, but in rare cases it can
    vyos2: prevent things such as shared folders from working properly. If you see
    vyos2: shared folder errors, please make sure the guest additions within the
    vyos2: virtual machine match the version of VirtualBox you have installed on
    vyos2: your host and reload your VM.
    vyos2:
    vyos2: Guest Additions Version: 6.0.0 r127566
    vyos2: VirtualBox Version: 6.1
nfvdev@ubuntu:~$ vagrant ssh vyos1
Linux vyos 5.4.142-amd64-vyos #1 SMP Thu Aug 19 20:24:01 UTC 2021 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jan  3 11:42:47 2022 from 192.168.56.1
vagrant@vyos:~$ configure
ces ethernet eth1 address '10.100.12.1/24'
set interfaces ethernet eth1 description 'External'
set interfaces ethernet eth2 address '10.100.1.1/24'
set interfaces ethernet eth2 description 'Internal'
set protocols ospf area 0.0.0.0 network '10.100.12.0/24'
set protocols ospf area 1.1.1.1 network '10.100.1.0/24'
set protocols ospf passive-interface 'eth2'
commit
save
exit
exit[edit]
vagrant@vyos# set system host-name vyos1
[edit]
vagrant@vyos# set interfaces ethernet eth1 address '10.100.12.1/24'
[edit]
vagrant@vyos# set interfaces ethernet eth1 description 'External'
[edit]
vagrant@vyos# set interfaces ethernet eth2 address '10.100.1.1/24'
[edit]
vagrant@vyos# set interfaces ethernet eth2 description 'Internal'
[edit]
vagrant@vyos# set protocols ospf area 0.0.0.0 network '10.100.12.0/24'
[edit]
vagrant@vyos# set protocols ospf area 1.1.1.1 network '10.100.1.0/24'
[edit]
vagrant@vyos# set protocols ospf passive-interface 'eth2'
[edit]
vagrant@vyos# commit
[edit]
vagrant@vyos# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vagrant@vyos# exit
exit
vagrant@vyos:~$ exit
logout
Connection to 172.31.32.1 closed.
nfvdev@ubuntu:~$ vagrant ssh vyos2
Linux vyos 5.4.142-amd64-vyos #1 SMP Thu Aug 19 20:24:01 UTC 2021 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jan  3 11:42:47 2022 from 192.168.56.1
vagrant@vyos:~$ configure
.2 network '10.100.2.0/24'
set protocols ospf passive-interface 'eth2'
commit
save
exit
exit[edit]
vagrant@vyos# set system host-name vyos2
[edit]
vagrant@vyos# set interfaces ethernet eth1 address '10.100.12.2/24'
[edit]
vagrant@vyos# set interfaces ethernet eth1 description 'External'
[edit]
vagrant@vyos# set interfaces ethernet eth2 address '10.100.2.2/24'
[edit]
vagrant@vyos# set interfaces ethernet eth2 description 'Internal'
[edit]
vagrant@vyos# set protocols ospf area 0.0.0.0 network '10.100.12.0/24'
[edit]
vagrant@vyos# set protocols ospf area 2.2.2.2 network '10.100.2.0/24'
[edit]
vagrant@vyos# set protocols ospf passive-interface 'eth2'
[edit]
vagrant@vyos# commit
[edit]
vagrant@vyos# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vagrant@vyos# exit
exit
vagrant@vyos:~$ show ip ospf neighbor
Neighbor ID     Pri State           Dead Time Address         Interface                        RXmtL RqstL DBsmL
10.100.12.1       1 Full/Backup       38.555s 10.100.12.1     eth1:10.100.12.2                     0     0     0
vagrant@vyos:~$ ping 10.100.1.1 interface 10.100.2.2 count 5
PING 10.100.1.1 (10.100.1.1) from 10.100.2.2 : 56(84) bytes of data.
64 bytes from 10.100.1.1: icmp_seq=1 ttl=64 time=0.364 ms
64 bytes from 10.100.1.1: icmp_seq=2 ttl=64 time=0.796 ms
64 bytes from 10.100.1.1: icmp_seq=3 ttl=64 time=0.394 ms
64 bytes from 10.100.1.1: icmp_seq=4 ttl=64 time=0.369 ms
64 bytes from 10.100.1.1: icmp_seq=5 ttl=64 time=0.374 ms
--- 10.100.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 67ms
rtt min/avg/max/mdev = 0.364/0.459/0.796/0.169 ms
vagrant@vyos:~$ exit
logout
Connection to 172.31.32.1 closed.
nfvdev@ubuntu:~$ vagrant destroy -f
==> vyos2: Forcing shutdown of VM...
==> vyos2: Destroying VM and associated drives...
==> vyos1: Forcing shutdown of VM...
==> vyos1: Destroying VM and associated drives...