Hello ,

I want to learn about the bgp and routing , so this project offers a great opportunity. However , I am not able to create containers. It seems that a configuration is missing. Would you please direct me to the right path?

./the-internet create [path]
[Oct 5 23:41:37.194] Importing the router image
[Oct 5 23:41:37.307] New router image imported:
[Oct 5 23:41:37.307] Creating the containers
[Oct 5 23:41:37.320] Failed to configure container 'ctn-cto': not found
[Oct 5 23:41:37.353] Failed to create container 'bgp-ketchup01': Requested profile 'internet-base' doesn't exist
....
[Oct 5 23:41:39.652] Failed to create container 'bgp-marathon02': Requested profile 'internet-base' doesn't exist
[Oct 5 23:41:39.654] Failed to create container 'bgp-gss04': Requested profile 'internet-base' doesn't exist

uname -a
Linux 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

lxc info
apiextensions: []
apistatus: stable
apiversion: "1.0"
auth: trusted
environment:
addresses: []
architectures:
-x86_64
-i686
certificate: |
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
certificatefingerprint: da0b9b5bf9794138e7e17f70aa3bd66b22aa6cc8222f67ffb94fc5f90e318e51
driver: lxc
driverversion: 2.0.4
kernel: Linux
kernelarchitecture: x86_64
kernelversion: 4.4.0-38-generic
server: lxd
serverpid: 11294
serverversion: 2.0.4
storage: dir
storageversion: ""
config: {}
public: false

I decided to try "the-internet" on our internal openstack cloud.
My VM was again running 14.04 with all updated packages, 8 core, 16GB ram.

Installation as described for unprivileged containers and they work ok if done separately (re w/out the-internet)

As I know the "unprivileged" use of "the-internet" has a problem right now so I just used "the-internet" with sudo

$ sudo ./the-internet create
works...

$ sudo ./the-internet start
fails and displays the following errors (note this is just the tail end of - the-internet start output:

• ip link set dev eth0 up
• ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
• true

• ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/3.13.0-35-generic/modules.dep.bin'
  ip6tables v1.4.21: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
  Perhaps ip6tables or your kernel needs to be upgraded.
  usage: the-internet [-h]
  {create,destroy,list-routers,map,shell,start,stop,update}
  ...
  the-internet: error: Failed to run the command.

  I've checked everything I can think of and all the configs for nesting etc look correct

Myself and another engineer both encountered this and after some troubleshooting it appears to be some problem with IP6tables

We found that if we create ANY table entry then re-run $ sudo ./the-internet start
it will work.

So if we just added:
root@the-internet:/# sudo ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

then.. sudo ./the-internet start works.

So not sure if its a bug with ip6tables or with the-internet script but wanted to document it in case others run into it.

Brian

OS: CENTOS/UBUNTU
GO Version: 1.10

Build fails on command:
go get -v -x github.com/nsec/the-internet

Fails with: op.Metadata undefined (type lxd.Operation has no bfield or method Metadata)

Attempting to build the-internet as of 2016-12-28 fails with the following error.

nsec/the-internet/cmd_create.go:75: undefined: shared.Devices
nsec/the-internet/cmd_create.go:142: undefined: shared.Device
nsec/the-internet/cmd_create.go:151: undefined: shared.Device
nsec/the-internet/cmd_create.go:246: ct.Brief undefined (type *api.Container has no field or method Brief)
nsec/the-internet/cmd_create.go:279: ct.Brief undefined (type *api.Container has no field or method Brief)
nsec/the-internet/cmd_destroy.go:40: undefined: shared.ContainerInfo

I investigated if this was related to an API change in lxc/lxd so I rolled back lxd to 2.6 (by checking out the lxd-2.6 tag under my GOPATH) and sure enough it built. I retested with lxd-2.7 and it also worked.
(At the time master of github.com/lxc/lxd was 1a61f6841de9fd59f4999ae1dee768ecf4bbb775 from dated 2016-12-23)

With some quick bisecting, it pointed me to:

Author: @stgraber
Date: Wed Dec 21 18:03:46 2016 -0500

Move Device/Devices types to lxd package

We don't need any of their functions in the client code so move them to
be daemon-only and instead use generic go types in the client.

Should this be locked down to using lxd-2.7? Or are their alternates that exist in 2.7 that would also work with lxd-'next'?

OS: Ubuntu
LXC: 1.10

When running" the-internet start input/Northsec 15" command I receive
Failed to create container: : no root device could be found.

For each container it attempts to create

The current README file still has instructions that say the following but I don't think this is valid anymore with the update of "the-internet" to LXD & GO is it?

## Starting the whole thing

This tool is meant to be run on a machine or inside a container on whcih a LXD daemon is running.

Creating an Internet simulation is basically as simple as:

./the-internet create
./the-internet start
Generate an html/js map of your Internet with:

./the-internet generate-map
You can stop the simulation with:

./the-internet stop
Or create a new one by calling the start command again.

Finally, once you want it all off your disk, you can call:

./the-internet destroy

My system is ubuntu 14.04 x64 bit
32GB ram
8 core cpu
kernel 3.13
and all python3 required pkgs installed
I know unprivileged containers is working as I have been using that for a while now.

I was trying to create/start "the-internet"....

It creates the "master" container OK.... but then when "starting" the container I start seeing these "connection refused" messages ?

==> Creating a router template sub-container

$ ./the-internet create
.
.
lots of LXC container installation msgs.... then..
.
Setting up the GPG keyring
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs

You just created an Ubuntu container (release=trusty, arch=amd64, variant=default)
The default username/password is: ubuntu / ubuntu
To gain root privileges, please use sudo.

==> Starting the sub-container
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
^Clxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
^Clxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
lxc_container: Connection refused - failed to enter namespace
Traceback (most recent call last):
File "./the-internet", line 578, in create_sub_container
File "./the-internet", line 518, in start
main.Error: No IP address after 30s.
Error in sys.excepthook:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 63, in apport_excepthook
ImportError: No module named 'apport'

Original exception was:
Traceback (most recent call last):
File "./the-internet", line 578, in create_sub_container
File "./the-internet", line 518, in start
main.Error: No IP address after 30s.
Traceback (most recent call last):
File "./the-internet", line 986, in
args.func(args)
File "./the-internet", line 615, in create_container
env_policy=lxc.LXC_ATTACH_CLEAR_ENV)
KeyboardInterrupt