Skip to main content

nebman nebula manager

Source

Tags:

I started using Nebula as my personal mesh/ vpn choice some time ago, I only have a few static machines in the mesh but one thing I wanted to do was to add any lab machines to the same mesh so I could access them all the time. This tended not to happen as I would spin a machine up for a week or so so I wouldn't go to the bother of creating certs, pushing them and setting up the service. nebman (Nebula Manager) is my attempt to simplify the process and ensure I can add all lab machines quickly.
The README on the nebman Github page lists some big caveats, primarily in it's current state it is fit for the purpose I have but I intend to develop it further to make it more robust and fit more use cases. This page is a walkthrough/ guide for using nebman in it's current state.

Run 1: Launch the script, we can see:

  • There is no DB before we run the script, it will be initialised on first run.
  • There is no cert folder or nebula files downloaded.
  • When we launch the script we see there are no entries in the new DB so we need to add some devices.

first run, initial run and endpoint config

Run 2: Launch the script, generate required certs and Ansible config:

  • We now have two clients in the DB and can list them.
  • We have no certs generated, lets generate them.
  • We have no Ansible configs generated, lets generate them.

second run, generate certs and Ansible config

Run 3: Time to run our playbook to deploy Nebula:

  • We can ssh to one of the clients and see no nebula interface configured.
  • We run the generated Ansible playbook.
  • We log back onto the client and see the nebula interface and confirm connectivity to the 2nd endpoint over the nebula mesh.

third run, run playbook and confirm nebula deployed

Run 4: Now for our primary use case, lets add a new endpoint:

  • We can ssh to the new endpoint and see no nebula interface configured.
  • Lets add the endpoint to nebman and generate certs and re-gen the ansible config.
  • Lets run the Ansible playbook again and confirm our new endpoint is on the Nebula mesh.

fourth run, adding a new endpoint to our environment

  • Note, I have UFW deployed on all endpoints, if you don't the playbook should still do everything required, it will just fail on the UFW config step.
  • Note, Recording and gif generation courtesy of the awesome asciinema e.g.
    • record: asciinema rec -i 1 ~/nebman4.cast --overwrite
    • convert ./agg ~/nebman4.cast ~/nebman4.gif