Skip to content
This repository was archived by the owner on Mar 1, 2026. It is now read-only.

Testing the Data Capsule

Jump to bottom
Suraj Gupta Gudla edited this page Apr 7, 2022 · 4 revisions
  • After the successful execution of the Ansible playbook, we know that the host machine instance is set up properly.
  • In order to create and run the Data Capsule as a guest inside the host machine, one would need the DC Guest VM image created. Therefore the image must be copied to the host machine.
  • In order to test the setup, first, you need to log in to the host machine as the dc-host user. All the DC maintenance would be done via the dc-user. The way it’s setup, the dc-host user should not need sudo passwords. The default password for the root user is ‘test’.

Steps:

1. Copy the DC VM guest image to a specific path on the host machine,

$ sudo scp -i <path/to/keyfile> <path/to/image> dc-host@<public DNS address of the instance>:/home/dc-host/ubuntuImage

2. Once the image is copied, SSH into the host machine using “dc-host” as the username.

$ ssh -i <path/to/keyfile.pem> dc-host@<host instance IP address>

Enter the password as "test" if prompted on the terminal.

3. Create the Data Capsule VM inside the host machine

bash /home/dc-host-bin/createvm.sh --wdir <VM_working_dir> --image <path_to_image> --ncpu <no_of_cpus> --mem <memory_in_GB> --vnc <vnc_port> --ssh <ssh_port> --volsize <size_of_mounted_volume> --loginid <vnc_login_id> --loginpwd <vnc_login_pwd>

Example:

bash /home/dc-host-bin/createvm.sh --wdir /home/dc-host/data --image /home/dc-host/images/ubuntuImage --ncpu 2 --mem 2G --vnc 16022 --ssh 16024 --volsize 10G --loginid test --loginpwd test123

4. Start the Data capsule VM inside the host machine

  • Maintenance Mode
bash /home/dc-host-bin/startvm.sh --wdir /home/dc-host/data --mode m --policy /home/dc-host-bin/maintenance_mode.fw

To connect to the DC in the maintenance mode, you can either use SSH or VNC. The connection details for these are provided in the DC creation step. ex:

ssh dcuser@<host_ip> -p <ssh_port>
  • Secure mode
bash /home/dc-host-bin/startvm.sh --wdir /home/dc-host/data --mode s --policy /home/dc-host-bin/secure_mode.fw

5. Stop the DC VM

bash /home/dc-host-bin/stopvm.sh --wdir /home/dc-host/data

6. Testing the Data Capsule

Google DNS server can serve as a secure service to test restricted access to. Hence, in the maintenance mode, all calls to and from the IP ‘8.8.8.8’ are blocked. In the secure mode, connection to it is enabled, but the rest of the internet is blocked. To test this,

  • Start the DC in maintenance mode.
  • Then open a terminal and ping 8.8.8.8. You should not have access to that.
  • You can also use telnet to access port 53. telnet 8.8.8.8 53

So the commands involving 8.8.8.8 server would fail in the maintenance mode. But you should be able to ping other services such as google.com and others. Hence ping google.com would work.

  • Stop the DC and start it in secure mode.
  • telnet 8.8.8.8 53 In this mode, the command would be a success because we have only allowed 8.8.8.8 port 53 to be connected in this mode. But you should not be able to connect to (ping/tcp/ssh ..etc) to other resources such as google.com. Hence ping google.com would fail.

Clone this wiki locally