Open in app

Sign in

Write

Sign in

#1 LAVAEL: Localhost Setup

Vladyslav Diadenko
5 min readOct 20, 2024

--

In this first section, we’ll configure the localhost, which is the foundation for the lab environment. We’ll begin by installing the basic components that will be required throughout the lab. For this step, the FortiOS qcow2 file is required to set up the VM later in the guide. Simply name the file fortios.qcow2 (this name must be used). Please refer to online resources on how to obtain the FortiGate image free trial version (there are many YouTube videos available). The FortiGate version 7.0.14 will be used in this lab environment.

Install common components and setup local environment

First, update the package list and install the essential packages:

sudo apt update
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-dev python3-pip python3-apt gpg curl qemu-kvm libvirt-clients bridge-utils virtinst virt-manager build-essential libguestfs-tools git unzip openssh-client sshpass remmina

Next, use pip to install the specific version of Ansible Core:

pip3 install ansible-core==2.15.12

Install jinja2 and packaging packages:

pip3 install jinja2 packaging

To ensure proper permissions, add the current user to the kvm and libvirtgroups:

sudo usermod -a -G kvm "$(id -un)"
sudo usermod -a -G libvirt "$(id -un)"

At this stage, it’s best to either restart the system or use the newgrp command to switch to the kvm and libvirt groups in the current shell session. This allows the script to continue with the new group permissions, though it will open a new session:

newgrp kvm
newgrp libvirt

Ensure that the local bin directory is included in your PATH :

export PATH="$HOME/.local/bin:$PATH"

To persist this change, add it to your .bashrcfile if it is not already present:

echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc

Additionally, add the ANSIBLE_COLLECTIONS_PATHS environment variable to .bashrc :

echo 'export ANSIBLE_COLLECTIONS_PATHS="$HOME/.ansible/collections"' >> ~/.bashrc

Finally, apply the changes to the current session:

source ~/.bashrc

Install Vagran

Use the following wget command to download the Vagrant .deb package:

wget https://releases.hashicorp.com/vagrant/2.4.1/vagrant_2.4.1-1_amd64.deb

After downloading the package, install it using dpkg :

sudo dpkg -i vagrant_2.4.1-1_amd64.deb

If any dependency issues arise, you can resolve them with:

sudo apt-get install -f

Install cockpit

Load OS release information:

. /etc/os-release

Add the backports repository:

echo "deb http://deb.debian.org/debian ${VERSION_CODENAME}-backports main" | sudo tee /etc/apt/sources.list.d/backports.list

Update the package cache:

sudo apt update

Install Cockpit and Cockpit Machines from the backports:

sudo apt install -t ${VERSION_CODENAME}-backports cockpit cockpit-machines

Install packer

Add the HashiCorp GPG key:

sudo wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg --yes

Add the HashiCorp repository:

echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

Update the package index:

sudo apt update

Install Packer:

sudo apt install packer

Add Vagrant Debian and Windows boxes

Add Vagrant box debian/bullseye64 :

vagrant box add --provider libvirt debian/bullseye64

Add Vagrant box peru/windows-10-enterprise-x64-eval :

vagrant box add --provider libvirt peru/windows-10-enterprise-x64-eval

Install Python pip packages

pip3 install lxml pywinrm

Install ansible collections

Note: These collections are not required for this lab but will be used in future setups. I included them here for future reference.

Install community.libvirt collection

ansible-galaxy collection install community.libvirt:1.3.0

Install ansible.windows collection

ansible-galaxy collection install ansible.windows:2.4.0

Install chocolatey.chocolatey collection

ansible-galaxy collection install chocolatey.chocolatey:1.5.1

Install ansible.posix collection

ansible-galaxy collection install ansible.posix:1.5.4

Install fortinet.fortios collection

ansible-galaxy collection install fortinet.fortios:2.3.7

Install community.general collection

ansible-galaxy collection install community.general:9.2.0

Install Vagrant plugins

Install vagrant-libvirt plugin

vagrant plugin install vagrant-libvirt --plugin-version 0.9.0

Install winrm-elevated plugin

vagrant plugin install winrm-elevated --plugin-version 1.2.3

Install winrm plugin

vagrant plugin install winrm --plugin-version 2.3.6

Install vagrant-scp plugin

vagrant plugin install vagrant-scp --plugin-version 0.5.9

Install gem plugins

Install gem rexml

sudo gem install rexml

If Ruby is missing, run the following command to install it:

sudo apt install ruby

Install packer plugins

Install Packer QEMU plugin

packer plugins install github.com/hashicorp/qemu

Install Packer Vagrant plugin

packer plugins install github.com/hashicorp/vagrant

Setup networking

Create the lab_lan_users network. This network will not have a DHCP range attached, as the firewall will handle DHCP functionality. For the future Elastic Stack and Windows VM, a binding will be created for the MAC address to the IP addresses:

cat <<EOF > /tmp/lab_lan_users.xml
<network>
  <name>lab_lan_users</name>
  <bridge name='virbr100'/>
  <forward mode='none'/>
  <ip address='192.168.100.1' netmask='255.255.255.0'>
    <dhcp>
      <host mac='52:54:00:00:01:05' ip='192.168.100.50'/>
      <host mac='52:54:00:00:01:06' ip='192.168.100.10'/>
    </dhcp>
  </ip>
</network>
EOF

virsh net-define /tmp/lab_lan_users.xml
virsh net-start lab_lan_users
virsh net-autostart lab_lan_users

Create lab_wan network:

cat <<EOF > /tmp/lab_wan.xml
<network>
  <name>lab_wan</name>
  <bridge name='virbr200'/>
  <forward mode='none'/>
  <ip address='192.0.2.1' netmask='255.255.255.240'>
    <dhcp>
      <range start='192.0.2.2' end='192.0.2.5'/>
    </dhcp>
  </ip>
</network>
EOF

virsh net-define /tmp/lab_wan.xml
virsh net-start lab_wan
virsh net-autostart lab_wan

Create lab_access network:

cat <<EOF > /tmp/lab_access.xml
<network>
  <name>lab_access</name>
  <bridge name='virbr123'/>
  <forward mode='nat'/>
  <ip address='192.168.123.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.123.100' end='192.168.123.254'/>
    </dhcp>
  </ip>
</network>
EOF

virsh net-define /tmp/lab_access.xml
virsh net-start lab_access
virsh net-autostart lab_access

Create lab_wan_adversary network:

cat <<EOF > /tmp/lab_wan_adversary.xml
<network>
  <name>lab_wan_adversary</name>
  <bridge name='virbr300'/>
  <forward mode='none'/>
  <ip address='203.0.113.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='203.0.113.2' end='203.0.113.14'/>
    </dhcp>
  </ip>
</network>
EOF

virsh net-define /tmp/lab_wan_adversary.xml
virsh net-start lab_wan_adversary
virsh net-autostart lab_wan_adversary

Create lab_wan_srv network:

cat <<EOF > /tmp/lab_wan_srv.xml
<network>
  <name>lab_wan_srv</name>
  <bridge name='virbr400'/>
  <forward mode='none'/>
  <ip address='198.51.100.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='198.51.100.2' end='198.51.100.14'/>
    </dhcp>
  </ip>
</network>
EOF

virsh net-define /tmp/lab_wan_srv.xml
virsh net-start lab_wan_srv
virsh net-autostart lab_wan_srv

The provided DHCP range in some XML configuration files is required only for Vagrant VM setup operations. The network configuration on each VM will be modified during the lab installation.

Ensure that all networks are active and set to autostart:

Create Fortigate box

Copy fortios.qcow2 to /var/lib/libvirt/images/

sudo cp ./fortios.qcow2 /var/lib/libvirt/images/

Change ownership of fortios.qcow2:

sudo chown libvirt-qemu:kvm /var/lib/libvirt/images/fortios.qcow2

Ensure fortios.qcow2 is executable:

sudo chmod u+x /var/lib/libvirt/images/fortios.qcow2

Clone fortigate-vagrant-libvirt repository:

git clone https://github.com/celeroon/fortigate-vagrant-libvirt.git

Change directory:

cd fortigate-vagrant-libvirt

Build FortiGate using packer:

packer build -var "version=7.0.14" fortigate-ssl.pkr.hcl

Move the built .box file to /var/lib/libvirt/images/:

sudo mv ./builds/fortinet-fortigate-7.0.14.box /var/lib/libvirt/images/

Move fortigate.json to /var/lib/libvirt/images/:

sudo mv ./src/fortigate.json /var/lib/libvirt/images/

Update version and URL in fortigate.json

sudo sed -i 's/"version": "VER"/"version": "7.0.14"/; s#"url": "file://HOME/boxes/fortinet-fortigate-VER.box"#"url": "file:///var/lib/libvirt/images/fortinet-fortigate-7.0.14.box"#' /var/lib/libvirt/images/fortigate.json

Add FortiGate Vagrant box

vagrant box add --box-version 7.0.14 /var/lib/libvirt/images/fortigate.json

Thanks to https://github.com/mweisel for providing the instructions!

Vagrant
Hashicorp Packer
Virsh
Fortigate

--

--

Vladyslav Diadenko

Written by Vladyslav Diadenko

12 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams