published: 11th of November 2021
I recently started working with Extrahop and wanted to make some labs to understand the product portfolio. I have EVE-NG already setup as a lab platform so I decided to build the labs on that.
Extrahop VMs do not have an EVE-NG template out of the box. In this post I will show you how to add Extrahop VMs as custom device types in EVE-NG.
The following software was used in this post.
This post assumes that you have downloaded the Extrahop appliances and they have been moved to the EVE-NG host in the /tmp/ directory. I used scp to transfer them from my MAC to the EVE-NG host. For example:
scp ~/Downloads/extrahop-eca-kvm-8.6.2.1446.tar.gz <user>@<eve-ip>:/tmp/
First up, lets add the VMs to EVE-NG. Base VM images are stored in the /opt/unetlab/addons/qemu/ directory.
The following steps will be completed from the /tmp/ directory.
Create a directory for the EDA.
mkdir /opt/unetlab/addons/qemu/eda-8.6.2.1446/Extract the EDA .tar file.
tar -xvf extrahop-eda-1100v-kvm-8.6.2.1446.tar.gzMove the boot and data disks to the EDA directory.
mv eda-1100v-kvm/extrahop-boot.qcow2 /opt/unetlab/addons/qemu/eda-8.6.2.1446/virtioa.qcow2
mv eda-1100v-kvm/extrahop-data.qcow2 /opt/unetlab/addons/qemu/eda-8.6.2.1446/virtiob.qcow2Create a third disk that will be used for on-box packet captures.
/opt/qemu/bin/qemu-img create -f qcow2 /opt/unetlab/addons/qemu/eda-8.6.2.1446/virtioc.qcow2 100GCreate a directory for the EXA.
mkdir /opt/unetlab/addons/qemu/exa-8.6.2.1446/Extract the EXA .tar file.
tar -xvf extrahop-exa-5100v-xs-kvm-8.6.2.1446.tar.gzMove the boot disk to the EXA directory.
/opt/qemu/bin/qemu-img create -f qcow2 /opt/unetlab/addons/qemu/exa-8.6.2.1446/virtiob.qcow2 100GCreate a second disk that will be used as a data store.
/opt/qemu/bin/qemu-img create -f qcow2 /opt/unetlab/addons/qemu/eda-8.6.2.1446/virtioc.qcow2 100GCreate a directory for the ECA.
mkdir /opt/unetlab/addons/qemu/eca-8.6.2.1446/Extract the ECA .tar file.
tar -xvf extrahop-eca-kvm-8.6.2.1446.tar.gzMove the boot and data disks to the ECA directory.
mv eca-kvm/extrahop-boot.qcow2 /opt/unetlab/addons/qemu/eca-8.6.2.1446/virtioa.qcow2
mv eca-kvm/extrahop-data.qcow2 /opt/unetlab/addons/qemu/eca-8.6.2.1446/virtiob.qcow2Create a directory for the ETA.
mkdir /opt/unetlab/addons/qemu/eta-8.6.2.1446/Extract the ETA .tar file.
tar -xvf extrahop-eta-1150v-vmware-8.6.2.1446.ovaConvert the boot and data disks from vmdk to qcow2 and move them to the ETA directory.
/opt/qemu/bin/qemu-img convert -p -f vmdk -O qcow2 extrahop-eta-1150v-vmware-disk1.vmdk /opt/unetlab/addons/qemu/eta-8.6.2.1446/virtioa.qcow2
/opt/qemu/bin/qemu-img convert -p -f vmdk -O qcow2 extrahop-eta-1150v-vmware-disk2.vmdk /opt/unetlab/addons/qemu/eta-8.6.2.1446/virtiob.qcow2Create a third disk that will be used as a packet capture store.
/opt/qemu/bin/qemu-img create -f qcow2 /opt/unetlab/addons/qemu/eta-8.6.2.1446/virtioc.qcow2 100GThat's it for the creation of the VM images. Next up we need to define some device templates.
Device templates are stored in the /opt/unetlab/html/templates/intel/ directory. For each device type, you need to add a yaml file to this directory that defines the devices default parameters.
Create a file named eda.yml in the /opt/unetlab/html/templates/intel/ directory with the following contents.
# /opt/unetlab/html/templates/intel/eda.yml
---
type: qemu
name: eda
cpulimit: 1
icon: vanalytic.png
cpu: 2
ram: 4096
eth_format: eth{0}
ethernet: 2
qemu_nic: virtio-net-pci
console: telnet
qemu_arch: x86_64
qemu_options: -machine type=pc,accel=kvm -cpu host,+ssse3 -vga std -usbdevice tablet -boot order=dcCreate a file named exa.yml in the /opt/unetlab/html/templates/intel/ directory with the following contents.
# /opt/unetlab/html/templates/intel/exa.yml
---
type: qemu
name: exa
cpulimit: 1
icon: vanalytic.png
cpu: 4
ram: 8192
eth_format: eth{0}
ethernet: 1
qemu_nic: virtio-net-pci
console: telnet
qemu_arch: x86_64
qemu_options: -machine type=pc,accel=kvm -cpu host,+ssse3 -vga std -usbdevice tablet -boot order=dcCreate a file named eca.yml in the /opt/unetlab/html/templates/intel/ directory with the following contents.
# /opt/unetlab/html/templates/intel/eca.yml
---
type: qemu
name: eca
cpulimit: 1
icon: vdirector.png
cpu: 2
ram: 4096
eth_format: eth{0}
ethernet: 2
qemu_nic: virtio-net-pci
console: telnet
qemu_arch: x86_64
qemu_options: -machine type=pc,accel=kvm -cpu host,+ssse3 -vga std -usbdevice tablet -boot order=dcCreate a file named eta.yml in the /opt/unetlab/html/templates/intel/ directory with the following contents.
# /opt/unetlab/html/templates/intel/eta.yml
---
type: qemu
name: eta
cpulimit: 1
icon: vanalytic.png
cpu: 2
ram: 16384
eth_format: eth{0}
ethernet: 2
qemu_nic: virtio-net-pci
console: telnet
qemu_arch: x86_64
qemu_options: -machine type=pc,accel=kvm -cpu host,+ssse3 -vga std -usbdevice tablet -boot order=dcCustom device types also need to be defined in the /opt/unetlab/html/includes/custom_templates.yml file. This allows them to be selected as devices from the web interface. Add the four appliance types to this file.
# /opt/unetlab/html/includes/custom_templates.yml
---
custom_templates:
- name: "eda"
listname: "Extrahop Discovery Appliance"
- name: "exa"
listname: "Extrahop Explore Appliance"
- name: "eca"
listname: "Extrahop Command Appliance"
- name: "eta"
listname: "Extrahop Trace Appliance"
...Finally, run the fix permissions script.
/opt/unetlab/wrappers/unl_wrapper -a fixpermissionsAnd thats it for the templates. If you browse to the web interface and start a lab, you will be able to add the Extrahop virtual appliances.
In this post, I covered the process to add Extrahop Discovery, Explore, Command and Trace virtual appliances to EVE-NG as custom device types. Time to get my lab on 🥳 Keep an eye out for future post around the Extrahop product portfolio.
https://jncie.eu/vsrx-3-0-template-for-eve-ng/
https://www.eve-ng.net/index.php/documentation/howtos/howto-add-cisco-viptela-images-set/
https://support.huaweicloud.com/intl/en-us/bestpractice-ims/ims_bp_0030.html