Service VMs

Service VMs can be used to provide, as you’ve probably guessed, services to the VMs. These could include, e.g., mail servers, file sharing services like Samba or FTP, or just other participants to mimic network activity.

name: Docker-compose config
description: Configuration file for integration of Docker containers in ForTrace++
author: Mr. X
root: /var/tmp/ForTrace_Service_VM_scenario
domain:
  - examples/Service_VM/win10.yaml
service_vms:
  docker_compose: path/to/docker_compose_dir

root: This key identifies the configuration as a root-configuration
domain: List of domains to participate in this scenario
service_vms: Dict with different methods to configure and set up service VMs (the possible entries are discussed in the sections below)

Docker containers

The fortrace.core.simulation_monitor.SimulationMonitor offers native support for integration of Docker containers in a scenario.

There are some preliminary requirements to make the Docker containers discoverable for the VMs. The network of the Docker containers has to use the same IP range as the libvirt network of the VMs. The figure below shows the default network configuration of libvirt. Thus, we create a network with the following command, called service-vm-net. It is important to use the driver macvlan, so the containers can connect directly to the physical network.

alt text — libvirt default network configuration

Warning

If you decide to change the name of the created docker network, make sure to update it in the docker-compose file as well.

$ docker network create --driver=macvlan --subnet=192.168.122.0/24 -o parent=virbr0 service-vm-net

default network of libvirt. Notice in this screenshot the name of the created network device virbr0 and in the IPv4 configuration section the value of the network 192.168.122.0/24, which must be supplied as the value for the subnet option in the command for the creation of the Docker network.

Docker-compose

The code block below shows the root configuration file of a scenario involving a docker-compose file.

service_vms:
  docker_compose: examples/Service_VM/docker_compose

docker_compose: Path, relative to ForTrace++’s root directory, pointing to the directory containing the ‘compose.yaml’ file

The SimulationMonitor automatically runs docker-compose in the pre-scenario step. In the listing below you can see an example docker-compose file, which starts a container running a Samba server. See the Compose file reference for more information about the structure of this file. The content of the configuration depends mainly on the Docker container. The configurations can regularly be found on dockerhub, e.g., the config for the dockurr/samba container.

Other services can be added by providing more configurations in the services section. Very often you will find the template for the compose file on Dockerhub and can simply add it to the local compose file.

Note

Just remember to always add the networks entry to the Docker container, so it can be discovered by other VMs.

services:
  samba:
    image: dockurr/samba
    container_name: samba
    environment:
      USER: "samba"
      PASS: "secret"
    ports:
      - "445:445"
    networks:
      - service-vm-net
    volumes:
      - ../shared_dir:/storage
networks:
  service-vm-net:
    external: true

Docker containers

Custom docker containers can be integrated into the scenario also through the docker-compose file, below the services section. The networks section from above has to remain in place. You can find more details and a good example in the Compose Build Specification.

The example below assumes the following directory structure:

docker_compose
|- compose.yaml
|- alpine_test
    |- Dockerfile

The content of the compose.yaml file:

services:
  ping_google:
    build: alpine_test
    networks:
      - service-vm-net
networks:
  service-vm-net:
    external: true

ping_google: This is the name of the service to be started by docker-compose
build: Specify here the path to the directory of the Dockerfile, relative to the compose.yaml file you are writing this line to (or specify the context variable, which defaults to ..)
networks: Make the container discoverable by other VMs

The content of the custom Dockerfile in the directory alpine_test:

FROM alpine:latest

RUN ping -c 32 google.com

Other VMs

This is currently not supported but planned for future releases. One possibility would be to include the Service VM as a normal domain and boot it right at the beginning, so it can offer its service.