fix(asav): get builds working and asav booting

cisco/asav/README.md

@@ -8,21 +8,34 @@ Put the .qcow2 file in this directory and run `make docker-image` and
 you should be good to go. The resulting image is called `vr-asav`. You can tag
 it with something else if you want, like `my-repo.example.com/vr-asav` and then
 push it to your repo. The tag is the same as the version of the ASAv image, so
-if you have asav9-18-2.qcow2 your final docker image will be called
-vr-asav:9-18-2
+if you have asav9-23-1.qcow2 your final docker image will be called
+vr-asav:9-23-1.
 
 Please note that you will always need to specify version when starting your
 router as the "latest" tag is not added to any images since it has no meaning
 in this context.
 
-It's been tested to boot and respond to SSH with:
+It's been tested to boot and respond to SSH/telnet with:
 
- * 9.18.2 (asav9-18-2.qcow2)
+ * 9.23.1 (asav9-23-1.qcow2)
 
 Usage
 -----
 ```
-docker run -d --privileged --name my-asav-firewall vr-asav
+# Start a container with the ASAv image
+docker run -d --privileged --name my-asav-firewall vrnetlab/cisco_asav:9-23-1
+
+# Get the docker container's IP address
+docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' my-asav-firewall
+
+# Follow the boot process, including SSH configuration, this may take a while
+docker logs -f my-asav-firewall
+
+# After the ASAv has booted, SSH to it using the configured credentials
+ssh vrnetlab@<docker-ip> # password: VR-netlab9
+
+# Alternatively, you can connect to the console with telnet if you have issues with SSH
+telnet <docker-ip> 5000
 ```
 
 Interface mapping
@@ -52,4 +65,4 @@ Disk: <500MB
 FUAQ - Frequently or Unfrequently Asked Questions
 -------------------------------------------------
 ##### Q: Has this been extensively tested?
-A: Nope. 
+A: Nope.

cisco/asav/docker/Dockerfile

@@ -1,22 +1,8 @@
-FROM ubuntu:20.04 
-MAINTAINER Kristian Larsson <[email protected]>
-
-ENV DEBIAN_FRONTEND=noninteractive
+FROM ghcr.io/srl-labs/vrnetlab-base:0.2.1
 
 RUN apt-get update -qy \
- && apt-get upgrade -qy \
  && apt-get install -y \
-    bridge-utils \
-    iproute2 \
-    python3-ipy \
-    socat \
-    qemu-kvm \
-    tcpdump \
-    ssh \ 
-    inetutils-ping \
-    dnsutils \
-    telnet \
-    genisoimage \
+    python3 \
  && rm -rf /var/lib/apt/lists/*
 
 ARG VERSION
@@ -25,6 +11,7 @@ ARG IMAGE
 COPY $IMAGE* /
 COPY *.py /
 
-EXPOSE 22 161/udp 830 5000 10000-10099
+EXPOSE 22 80 443 161/udp 830 5000 10000-10099
+
 HEALTHCHECK CMD ["/healthcheck.py"]
 ENTRYPOINT ["/launch.py"]

cisco/asav/docker/launch.py

@@ -37,15 +37,16 @@ def trace(self, message, *args, **kws):
 
 
 class ASAv_vm(vrnetlab.VM):
-    def __init__(self, username, password, install_mode=False):
+    def __init__(self, username, password, conn_mode, install_mode=False):
         for e in os.listdir("/"):
             if re.search(".qcow2$", e):
                 disk_image = "/" + e
 
         super(ASAv_vm, self).__init__(
-            username, password, disk_image=disk_image, ram=2048
+            username, password, disk_image=disk_image, ram=2048, cpu="Nehalem"
         )
         self.nic_type = "e1000"
+        self.conn_mode = conn_mode
         self.install_mode = install_mode
         self.num_nics = 8
 
@@ -110,31 +111,47 @@ def bootstrap_config(self):
         self.wait_write(
             "username %s password %s privilege 15" % (self.username, self.password)
         )
+
+        # Configure management interface
         self.wait_write("interface Management0/0")
         self.wait_write("nameif management")
+        self.wait_write("security-level 100")
         self.wait_write("ip address 10.0.0.15 255.255.255.0")
         self.wait_write("no shutdown")
-        self.wait_write("ssh 0.0.0.0 0.0.0.0 management")
-        self.wait_write("ssh version 2")
+        self.wait_write("exit")
+
+        # Add default route to allow external connectivity
+        self.wait_write("route management 0.0.0.0 0.0.0.0 10.0.0.2 1")
+
+        # Create access-list to allow SSH traffic
+        self.wait_write("access-list MGMT_IN extended permit tcp any any eq ssh")
+        self.wait_write("access-group MGMT_IN in interface management")
+
+        # Configure SSH with ECDSA key generation
+        self.wait_write("crypto key generate ecdsa elliptic-curve 256")
         self.wait_write("ssh key-exchange group dh-group14-sha256")
-        self.wait_write("crypto key generate ecdsa")
-        self.wait_write("write")
+        self.wait_write("ssh 0.0.0.0 0.0.0.0 management")
+        self.wait_write("no ssh stricthostkeycheck")
+        self.wait_write("ssh timeout 60")
+
+        # Save configuration
+        self.wait_write("write memory")
         self.wait_write("end")
         self.wait_write("\r", None)
 
 
 class ASAv(vrnetlab.VR):
-    def __init__(self, username, password):
+    def __init__(self, username, password, conn_mode):
         super(ASAv, self).__init__(username, password)
-        self.vms = [ASAv_vm(username, password)]
+        self.vms = [ASAv_vm(username, password, conn_mode)]
 
 
 class ASAv_installer(ASAv):
     """ASAv installer"""
 
-    def __init__(self, username, password):
-        super(ASAv, self).__init__(username, password)
-        self.vms = [ASAv_vm(username, password, install_mode=True)]
+    def __init__(self, username, password, conn_mode):
+        super(ASAv_installer, self).__init__(username, password, conn_mode)
+        self.vms = [ASAv_vm(username, password, conn_mode, install_mode=True)]
 
     def install(self):
         self.logger.info("Installing ASAv")
@@ -167,8 +184,8 @@ def install(self):
         logger.setLevel(1)
 
     if args.install:
-        vr = ASAv_installer(args.username, args.password)
+        vr = ASAv_installer(args.username, args.password, "tc")
         vr.install()
     else:
-        vr = ASAv(args.username, args.password)
+        vr = ASAv(args.username, args.password, "tc")
         vr.start()