Friday, May 18, 2012

Ubuntu 12.04 KVM server

To get my main server up to date, decided to push everything to the backup server and start fresh with 12.04 KVM server which I will manage remotely via virt-manager, libvirt, SSH, etc.

Hardware

HP DL365 with Two dual-core AMD Opteron 2x 1.8 GHz processors, 8 Gig ram, Raid hard drives

Base Install

Basically, get the core OS up from newly burned Ubuntu 12.04 Server x64 disk

  • Partitioning: Guided - use entire disk and set up LVM
  • Security updates automatically
  • Select software to install:
    • OpenSSH server
    • Virtual Machine host
  • Reboot
  • logon remotely from terminal on main computer
    • ssh user@ipaddressofserver
  • apply any updates
    • sudo apt-get update
    • sudo apt-get upgrade
  • peg DHCP address on home router so I always have the same address then do the following
    • sudo /etc/init.d/networking restart
Virsh and Virt-manager

Getting Virsh and Virt-manager working
  • Test at this point to see if I can list virtual machines
  • Check for and install missing packages
    • sudo apt-get install ubuntu-vm-builder
    • virsh -c qemu:///system list
      • still error
    • Performed the following to fix group permissions, then signed out and back in
      • sudo adduser [user] kvm (not sure if needed)
      • sudo adduser [user] libvirtd
    • virsh -c qemu:///system list
      • this shows (an empty) list of machines and their state, so everything appears to be in place
    • Install virt-manager locally on the server to allow ssh windowing into it.  This would not be needed for simply accessing from virt-manager installed on another machine.
      • sudo apt-get install virt-manager
Bridge Networking
  • Use the following to show bridges
    • brctl show
      • shows virbr0, but this is not the bridge I need to be connected to eth0
  • setup proper bridged network as follows:
    • sudo nano /etc/network/interfaces
    • change the following lines
      • auto eth0
      • iface eth0 inet dhcp
        • to
      • auto eth0
      • iface eth0 inet manual
    • add the following lines to the file
      • auto br0
      • iface br0 inet dhcp
        • bridge_ports eth0
        • bridge_fd 0
        • bridge_stp off
        • bridge_maxwait 0
  • Save file then test as follows
    • sudo /etc/init.d/networking restart
    • ifconfig
      • shows proper bridge setup as expected

Second NIC
The second physical NIC is not showing up when I run ifconfig and I am unable to configure it.   That is I see eth0, but no eth1.  (answer, was just command it up via: sudo ifconfig eth1 up)

  • run command: sudo lshw
    • it shows first NIC as follows:
 *-network
                description: Ethernet interface
                product: NetXtreme II BCM5708 Gigabit Ethernet
                vendor: Broadcom Corporation
                physical id: 0
                bus info: pci@0000:0a:00.0
                logical name: eth0
                version: 12
                serial: 00:1b:78:ce:e6:88
                size: 100Mbit/s
                capacity: 1Gbit/s
                width: 64 bits
                clock: 66MHz
                capabilities: pcix pm vpd msi bus_master cap_list rom ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
                configuration: autonegotiation=on broadcast=yes driver=bnx2 driverversion=2.1.11 duplex=full firmware=bc 1.9.6 latency=64 link=yes mingnt=64 multicast=yes port=twisted pair speed=100Mbit/s
                resources: irq:49 memory:f8000000-f9ffffff memory:fc000000-fc000
    • Second NIC as:
*-network DISABLED
                description: Ethernet interface
                product: NetXtreme II BCM5708 Gigabit Ethernet
                vendor: Broadcom Corporation
                physical id: 0
                bus info: pci@0000:0c:00.0
                logical name: eth1
                version: 12
                serial: 00:1b:78:ce:e6:8a
                capacity: 1Gbit/s
                width: 64 bits
                clock: 66MHz
                capabilities: pcix pm vpd msi bus_master cap_list rom ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
                configuration: autonegotiation=on broadcast=yes driver=bnx2 driverversion=2.1.11 duplex=half firmware=bc 1.9.6 latency=64 link=no mingnt=64 multicast=yes port=twisted pair
                resources: irq:28 memory:fa000000-fbffffff memory:fc100000-fc1007ff
  • the command: sudo lspci     gives the following lines
0a:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet (rev 12)
0b:00.0 PCI bridge: Broadcom EPB PCI-Express to PCI-X Bridge (rev c3)
0c:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet (rev 12)
0d:00.0 PCI bridge: Broadcom EPB PCI-Express to PCI-X Bridge (rev b4)
0e:04.0 PCI bridge: Broadcom BCM5785 [HT1000] PCI/PCI-X Bridge (rev b2)

  • sudo ifconfig eth1 up   ... to try and start eth1
    • success, now eth1 is shown in list of interfaces with ifconfig with it's MAC address, no networking yet, so edit interfaces as follows:
  • Network need for DRBL/Clonezilla server:  need br1 to connect physical nic 2 (eth1) to internal bridge and allow DRBL/Clonezilla server to act as DHCP server.   I believe this requires me to setup eth1 as DHCP client or pegged IP address.... I will first try to setup as DHCP client and see if br1 can get IP address from virtual computer (versus external DHCP server).  If this works it would be option A below, otherwise I would need something like option B, but with a different ip address on the same subnet and no DHCP server stuff. 
  • OPTION A: Setup eth1 and br1 as DHCP client
    , so I will use the br1 to connect DRBL DHCP server to external clients on seperate physical switch connected to nic 2
    • Quick test is to setup eth1 and br1 just as I have eth0 and br0
    • sudo nano /etc/network/interfaces  -- add the following lines
      • # secondary network interface (nic 2)
      • auto eth1
      • iface eth1 inet manual

      • #Bridged network for eth1
      • auto br1
      • iface br1 inet dhcp
        • bridge_ports eth1
        • bridge_fd 0
        • bridge_stp off
        • bridge_maxwait 0
    • sudo /etc/init.d/networking restart  -- to restart interfaces
    • sudo ifconfig  -- to view interfaces
      • looks correct with br1 getting ip address from my DHCP server and eth1 being linked with the same MAC address
  • OPTION B: Setup eth 1 and br1 as DHCP server    -- not doing for now since I now recall DRBL/Clonezilla prefers to have DHCP server setup directly on second interface, so I do not need DHCP service from KVM server
    • I want to have nic 2 of the server be on a natted subnet for purposes such as testing and clonezilla reformatting of computers, so the setup will look a bit different from the primary interface.....
    • sudo nano /etc/network/interfaces     -- modify to add eth1 as second bridged interface so I can us it from virtual machines and connect a switched physical subnet as well -- add the lines:
      • # secondary network interface (nic 2)
      • auto eth1
      • iface eth1 inet manual

      • #Bridged network for eth1
      • auto br1
      • iface br1 inet static
        • address 172.30.50.1
        • network 172.30.50.0
        • netmask 255.255.255.0
        • broadcast 172.30.50.1
        • gateway 172.30.50.1
        • bridge_ports eth1
        • bridge_fd 9
        • bridge_hello 2
        • bridge_maxage 12
        • bridge_stp off
    • sudo /etc/init.d/networking/restart  -- 
      • gives error: Failed to bring up br1
      • RTNETLINK aswers: File exists
    • tried to fix as follows:
      • sudo ifdown eth1
      • sudo /etc/init.d/networking restart (still gives same error)
      • sudo ifup eth1 (states already up)
    • sudo ifconfig  
      • shows that things look as they should:
      • br1 and eth1 have same MAC address
      • br1 has address given, etc
    • OK, so now I need to install DHCP server and define it
      •  (install dhcp3-server)
      • configure /etc/default/dhcp3-server)
Adding Storage 
FreeNas Server setup - Setup NFS shares on freenas server to be shared with KVM servers

  • log into FreeNas web interface using the admin password
  • Go to Services -- NFS
    • Settings
      • set number of servers (depending on maximum concurrent clients)
    • Shares - add new  -- this director for isos of install disks
      • Path = /mnt/store/isosserver (wherever you have the files you want to share)
      • Map all users to root = whatever you need
      • Authorized network = portion of my internal network I want to have access
      • comment = isoserver
      • all dirs = unchecked
      • Read only = what you need
      • Quiet = unchecked
    • Shares - add new   --this directory for existing virtual machine images 
      • Path = /mnt/store/vms
      • comment = virtual machines
      • other settings same as above
    • click on apply changes button !

Virt-manager Settings - adding shared drive

  • Right click a KVM host and select details
  • Select the Storage tab
  • click the plus icon in lower left of window to add a new pool
    • Name = shared-virtual-machines
    • Type = netfs: Network Exported Directory
    • Target Path = keep default = /var/lib/libvirt/images/shared-virtual-machines
    • Format = auto
    • Host Name: [IP address of server]
    • Source Path = /mnt/store/isosserver
  • repeat for /mnt/store/vms


Move VMs from other Servers
I have some virtual machines on older serves I want to move here.  Following are steps I took:







.........


Testing Out

Connecting from Another Machine
  • Do I need to do this???????  I did for 11.04 server
    • on Server
      • log into server
      • sudo apt-get install nfs-common   =installs nfs-common which was not installed on my default server setup
Good References:


Posted by at 1 comment:

Wednesday, May 16, 2012

Zentyal Server for Home

Outlines my install of Zentyal for my Home Internet and phone server
 - plus documentation of various test configs


Zentyal Gateway setup: As DHCP server, typical install
  • Start with a simple Gateway setup with the following modules
    • Network, Firewall, DHCP, DNS, Backup, Events, Logs, Monioring
  • Follow more or less this guide: http://trac.zentyal.org/wiki/Documentation/Community/HowTo/GatewaySetup
  •  Enable the above listed modules
  • Network -- Interfaces
    • set eth0 to be external interface, in my case I will be using behind the router (for now) so set method to DHCP and selected External (WAN).
    • set internal interface which to Static, in my case I am using eth4 and 172.30.40.1 with netmask of 255.255.255.0
    • I will use the other ethernet ports at a later point for further testing.
  • Network -- Gateways
    • In my casey this should be setup automatically based on DHCP information received as my External interface is DHCP.
    • In my setup it shows my router's IP address through eth0, enabled, the default, with a weight of 1.  It is the only Gateway listed.
    • This can be manually adjusted if neededor desired.  Also, infocan be added for Proxy server configuration and traffic balance and WAN failover settings for multiple External connection environments.
  • Software Management -- Zentyal Components.  
    • Ensure DHCP and DNS services are enabled. 
  • Network -- DNS
    • DNS service acts as a caching server, which improves DNS lookup times.
    • The first listing should be 127.0.0.1 which references Zentyal's DNS service.
    • Additional DNS servers can be added after this entry as needed.
    • My setup works correctly only when I add my router (WAN DHCP server) listed as a second DNS server. 
  • DHCP (under Infrastructure)
    • In my case I am setting up eth4
      • default gateway: Zentyal
      • Search domain: none
      • Primary nameserver: Zentyal DNS (to use Zentyal as a cache DNS server)
      • Secondary nameserver: [blank]
      • NTP server: none
      • WINS server: none
    • setup a range of IP addresses available to be used by the DHCP server, name the range whatever you want
      • I set a range named "default"
  • HTTP Proxy -- General
    • HTTP Proxy allows the following:
      • Web Caching, allowing repeat web content to be reused rather than using additional bandwidth, for example if 10 people go to Gmail or E-week all the non users specific information will be loaded from local storage rather than from a server on the Internet, thus reducing bandwidth. 
      • Allows filtering and banning of certain content.
    • Setup as follows
      • Transparent proxy checked. This allows for Zentyal to be used as a proxy server without changing settings on local computers.  This requires that Internet traffic comes in the External interface on the Zentyal server and out via one or more internal interface(s).
      • Ad Blocking: undecided whether to check or not, will not for now, then check it later to see if I have problems with anything.
      • Port: I kept the default of 3128, since I checked transparent proxy, all the Internet traffic requested on internal  network automatically gets re-directed from port 80 to port 3128 of the Zentyal server.   
      • Added an appropriate cache file size. The larger the size, the more information will be saved on the server.  If you prefer to always be sure you have the latest info, set this low, if you want to conserve bandwidth, set it high.  I set it at 2 Gig for now.
      • Default Policy: This is the filter policy which is applied if incoming traffic doesn't meet a specific Object or Group policy.  I set this to "filter", but in a high security environment, you might prefer "always deny".  If you have users and groups setup you can use an "authorize & ____" option.
      • Cache exemptions: these are for adding web sites that you never want to cache, like up to the minute news web sites.  I added netflix and facebook here.
    • Module Status
      • Enable Users and Groups
      • Enable HTTP Proxy
  • HTTP Proxy --  Filter Profiles
    • You can add various filter profiles here, each one with its own rules
    • default filter group is used if the default policy set above is "filter" and there are no specific policies invoked via Object or Group policy sections
    • Object policy and Group policy is where you setup rules for which filter policy to use for specific groups of people or objects (i.e. computers via IP addressing schema).
    • Tested setup and use of default filter as follows
      • Click on Configure Default filter button
      • Add Domain and URL rule of always deny yahoo.com
      • Went to another web browser, tried accessing yahoo.com and was served a Zentyal - Access Denied page
      • WORKS
    • Now, modify default filter profile how you like, then create new filter profiles as desired and finally create groups of users or objects and tie them to your desired filter profile for that group.
      • As an example, for your young child's computer you can block social web sites by creating a "young" filter policy, then create a "young" object (or user) group and adding that computer (or user) to that group and tying the group to the
      • You could then let everyone else use the "default" filter and block hate, scam and porn web sites, or whatever you wish.
  • Antivirus:  
    • Enable via Module Status
      • This will check downloads for viruses and block infected content
  • Firewall - I will configure this at a later point in my testing

Adding Bridged Networking
In order to roll out Zentyal to the rest of my network, I decided to try out Bridged networking, thus keeping my main router as DHCP server

  • Network -- Interfaces
    • eth3 changed 
      • Method = Bridged
      • Bridge = new
    • save so br1 shows up
    • br1 changed
      • Method = DHCP
    • eth3 changed
      • Bridge = br1
      • External = unchecked
    • eth0 changed
      • Method = Bridged
      • External = checked
      • Bridge = br1
    • change and save changes
  • plugged in office part of my house to eth3 and tested with the following observations
    • DHCP service from router on External interface of Zentyal worked well
    • filtering worked as expected
    • Network -- Gateways now shows br1 Interface
    • Computers connencted via eth3 do not show up on dashboard
    • communication between hosts on lan side of Zentyal worked without problems
    • communicating between Zentyal's lan and wan of Zentyal (even though computers on same sub-net as far as router is concerned) required firewall rules as follows: [I think this is a fairly unusual and poor configuration, only existing because of intermediate testing, but I am documenting required firewall rules anyway.]
      • Firewall rules to allow a certain port from wan to lan side computer
        • firewall -- packet filter -- filtering from external to internal  (this rule was not needed and did not work alone, port forward rule was better approach)
          • decision = accpet
          • source = any
          • destination = any
          • service = Minecraft (added service for ports 25565 & 25566)
          • description = Minecraft allow
        • firewall -- port forward
          • interface = br1
          • original destination = [IP of Minecraft Server]
          • Protocol = tcp/ip
          • original destination port = port range 25565 to 25566
          • source = any
          • destination ip = [IP of Minecraft server]
          • Port = same
          • replace source address = not checked
          • log = not checked
          • description = Minecraft
  • Go live - bridged and DHCP servered mixed environment
    • all house now on Zentyal lan 
    • All wired connections via bridged networking to eth3
    • Wireless via fixed/DHCP server on eth4
      • this keeps my wireless guests on separate sub-net with default firewall stops
    • Ran into some problems - after a couple hours some of the computers could not reach the DHCP server.  no time to fix now, so reverted back to only wireless internal to Zentyal.  Will problem solve later
    • Could be GATEWAY ISSUE  -- CONCLUSION: was a problem but did not solve this particular problem
      • while looking through setup, I noticed that the Gateway settings were changed in that my router IP address was no longer listed as the default gateway (no checkbox).  Verified the following settings:
        • Enabled = checked
        • Name = name give by zentyal
        • interface = br1 (in my case)
        • Weight = 1
        • default =  checked
      • not sure when this got un-checked in the first place, probably with some setup problem
      • Fixed, but problem still exists of bridged ports not accessing DHCP server/router
    • Could be a WAN SETTING issue -- CONCLUSION: not problem, was correct
      • Interface for eth0 may need to be taken off of WAN setting (box un-checked) for DHCP and DNS services to flow through properly. (Though perhaps we could create firewall rules to allow such traffic.)
      • Some documentation did not show WAN setting checked for connection to router, so tried to change and run, but as I suspected, this did not work properly:  After de-selecting WAN for eth0, I failed to get access to the Internet on my wireless (using eth4 with DHCP from Zentyal)
    • Could be FIREWALL ISSUE.  Add a rule as follows for next time I switch over to live:
      • CONCLUSION - this works, particularly the DHCP return service and rule was needed
      • Firewall -- Packet Filter -- External networks to Internal Networks
        • Add new
          • Decision = Accept
          • Source = any
          • Destination = any
          • Service = dhcp
          • Description = Allow dhcp
      • TEST - still not connecting to DHCP service, maybe I need port forwarding rule.... or DHCP return port rule as follows
      • DHCP service on port 67 was already setup, added service definition for port 68
      • Network -- Services    Add new service definition
        • Add new
          • Service name = dhcp return
          • Description = dhcp request return
        • Configuration - Add new
          • Protocol = TCP/UDP
          • Source port = Any
          • Destination port = Single port = 68
      • Firewall -- Packet Filter - External to Internal     New firewall rule
        • Add new
          • Decision = Accept
          • Source = any
          • Destination = any
          • Service = dhcp return
          • Description = Allow dhcp return
      • So far network working correctly!
Enable Other Modules - sometimes need to reboot Zentyal for proper functionality after enabling modules

  • Module Status : Enable the following modules
    • Enabled the modules: IDS, VPN, Traffic Shaping, Users & Groups, VoIP, Bandwidth Monitor, FTP, Jabber, File Sharing & Printer Sharing
    • Backup Configuration locally and remote via System -- Import/Export Configuration
  • Software Management -- Zentyal Components
    • Select Virtualization Manager to install
    • Apply changes and Save
  • Module Status : Enable Virtual Machines and save changes

VoIP Configuration
It seems to me that Zentyal is either in transition or has two very different methods of registering phones.  Prior version of Zentyal had all phone configuration through the User and Groups settings, now it seems the best and most complete registration of telephones is done via VoIP -- Phones settings.   This new interface allows you to setup phones independent of setting up users.  That is you don't need to create dummy users for phones for which you don't want to associate a real user.

Problem I am having is in setting up phones which are provisioned via the Users and Groups section.  I set everything up according to documentation, then I can make outgoing calls, but when I try to call that exentsion I get the message: "The person at extension .... is unavailable".  These extensions also no longer register in the VoIP users section of the Dashboard.  Below I outline the setting I have for these.
  • VoIP -- General (mostly defaults)
    • General Configuration
      • Enable demo extensions  = checked
        • These are different than what is listed in the help file
          • *4 for Music on Hold
          • *6 for Echo test
      • Enable outgoing calls = not checked (for now)
      • VoIP domains = zentyal (default for now)
    • SIP provider
      • leave all blank for now
    • NAT configuration
      • none in my config, so leave default value of no
    • Local Networks
      • none for now.  This is important to identify if non-natted (i.e. routed) networks are available and will be use for phones
  • VoIP -- Phones     WORKING
    Phones seem to be allotted extension only in the range 4000 to 7999,  Prior ranges of 1000 to 3999 do not seem to work at this time and seem to be designated for use in the Users and Groups VoIP setup, which appears broken.   Following is how I correctly setup VoIP phones
    • New Phone
      • Enabled = checked
      • Extension = 4001 [any # between 4000 and 7999]
      • Voicemail = 5001
      • Email notified = blank for now ---- need to test
      • Description = [left blank]
    • Tried setting up extension in the 1000 to 1999 range and would get a busy signal when trying to call the phone.  I did this as part of a test trying to get Users and Groups defined phone configurations working.  See my notes below.  The result that calls can be made from the phone, but not to the phone is similar, but the result of another person trying to call this phone varies depending on where it was defined.
  • Users and Groups   NOT WORKING
    This is my attempt to get Users for VoIP phones working.  So far this is unsuccessful.
    I have set up the following Users to try and get VoIP working for users
    • Phone 2
      • first name = phone
      • last name = 1012
      • comment = [blank]
      • user quota = 100 [default]
      • password = password I used in the phone setup
      • User groups = voip [a group I setup for voip users]
      • Asterisk user account = enabled
      • Extension = 1012
      • remaining settings are not important
    • phone1 
      • same as above, but with extension = 1001 as well as last name = 1001
    • Users and Groups -- Groups: VoIP
      • Asterisk Group queue = Enabled
      • Exetension = 9001
      • Sharing directory Name = voip
    • Results 
      • This user can make calls to other phones and test extensions, but can not receive calls .... Attempts result in caller getting the message "the person at extension .... is unavailable".
      • Tried setting up replicated settings in VoIP -- Phones: with same extension and password.  Got the same results, no change.
  • VoIP AND Firewall Issues  (no longer needed after abandoned pass-through config)
    For setu643p in pass through configuration, need to setup Firewall rule to allow VoIP from external network to internal network if you want phones with IP addresses assigned by your router external to Zentyal to be able to communicate with Zentyal server and phones on Internal networks.  Warning: firewall rule defined below may be too loose for your safety needs.
    • Firewall -- Packet Filter -- from external to internal networks
      • Decision = Accept
      • Source = Any
      • Destination = Any
      • Service = VoIP
      • Description = "VoIP from external"
    • Firewall -- Packet Filter -- from external network to Zentyal (may also need)
      • Decision = Accept
      • Source = Any
      • Service = VoIP
    • ALSO ... Added rule on external router to route traffic headed to Internal Zentyal network (172.30.40.1) to Zentyal's External IP address
  • VoIP -- Meetings
    Meetings work as group extensions......

  • VoIP tricks
    • Demo extensions
      • *6 is echo test
      • *4 is Music on Hold
  • Music on Hold setup
  • Voicemail setup
Notes on phones:
  • Web setup at http://[ipaddress]
  • Default Grandstream web access password: admin 
  • Default Grandstream phone access password: 123
    • GXP285 setup
      • Basic Settings
        • dynamically assigned DHCP
      • Advanced settings
        • nothing unusual
      • Account
        • Account Name:
        • SIP Server: 172.30.40.1:5060
        • Outbound Proxy: 172.30.40.1:5060
        • SIP User ID: 4001
        • Authenticate ID: 4001
        • Authenticate Password: 4001123 = [account#]123   (for testing)
        • Name: 4001
    • GXP201 setup
      • same except account use 4002 for name, and ID fields


Minecraft Port Configuration 
I want to open up the Minecraft game port to be allowed.

The following configuration is for Minecraft server located within Zentyal's Internal network, but given IP address from router external to Zentyal (pass through configuration).  A port forward was given at the router level to accept this traffic to the router's external address and forward it to the IP Address of Minecraft Server
  • Network -- Services
    • Add New
      • Service name = "Minecraft"
      • Description = 25565
      • Configuration
        • Protocol = TCP/UDP
        • Source port = port range = from 25565 to 25566  (any should also work)
        • Destination port = port range = from 25565 to 25566
  • Pass Through Configuration
    • Firewall -- Port Forwarding
      • Add new
        • Interface = br1
        • Original destination = IP Address of Minecraft Server
        • Protol = TCP/UDP
        • Original destination port = single port = 25565
        • Source = Any
        • Destination IP = IP Address of Minecraft Server
        • Port = Same
        • Replace source address = NOT checked
    • Firewall -- Packet Filter -- from external to internal networks
      • Add new
        • Decision = accpet
        • Source = any
        • Destination = any
        • Service = Minecraft (I configured above)
        • Description = "Allow Minecraft"
  • New Configuration with all network internal to Zentyal
    • Changes to my Router
      • remove Route to my internal IP addresses
      • Add Port forward from enternal my router to Zentyal 
        • using port 25565 for traffic to primary Minecraft server
        • using port 25566 for traffic to secondary Minecraft server
        • Accept rule for each friend we allow to our Minecraft servers.. individually directed to Zentyal IP address at one of the above ports depending on where they are playing
    • Firewall -- Port Forwarding
      • Add new
        • Interface = eth0
        • Original destination = Zentyal
        • Protol = TCP/UDP
        • Original destination port = single port = 25565
        • Source = Any
        • Destination IP = IP Address of Primary Minecraft Server
        • Port = Same
        • Replace source address = NOT checked
    • Firewall -- Port Forwarding
      • Add new
        • Interface = eth0
        • Original destination = Zentyal
        • Protol = TCP/UDP
        • Original destination port = single port = 25566
        • Source = Any
        • Destination IP = IP Address of Secondary Minecraft Server
        • Port = 25565
        • Replace source address = NOT checked
FTP Configuration 
I want to open up FTP to be accessible by anyone for now
  • Annonymos access = Read/Write
  • SSL Support = Allow SSL
  • Tried to Connect from laptop using FileZilla on 172.30.40.1 port 22
    • Get authentication failed (hmm, so much for Annonymous)
    • Added username and password for administrator, now works fine
  • Looking for where to upload OS install images and Hard Drive images for use by Virtual Machine module.... for now used /home/[user]/Downloads
  • Default libvirt storage location of Disk images is /var/lib/libvirt/images, but I don't see any new images created here.  I think I will upload a Linux Mint LXDE machine I already have into here.

Converting From Bridged to Standard Configuration
To better keep track of registered computers and control more of my network from Zentyal, I decided to use Zentyal for DHCP server on my principle network.  Setup as follows

  • Network -- Interfaces
    • eth2 (the interface I will switch the cable to after configured)
      • method = Static
      • External = NOT checked
      • IP address = 173.30.44.1
      • Netmask = 255.255.255.0
  • Network -- Objects
    This is where I want to configure the computers and servers I always want to give the same IP address to.  As an EXAMPLE
    • Add New
      • Name = HP Printer
        • Members -- add new
          • Name = HP Printer
          • IP address = 172.30.44.9
          • MAC address = [device MAC with colons]
  • DHCP  -- Choose interface eth2
    • Default gateway = Zentyal
    • Search domain = None
    • Primary nameserver = local Zentyal DNS
    • Secondary nameserver = [blank]
    • NTP Server = None
    • WINS Server = None
    • Ranges ... Add New
      • Name = free range
      • from = 172.30.44.64
      • to = 172.30.44.127  (this equals 172.30.44.64/26)
    • Fixed addresses .. Add new
      • Object = HP Printer
      • Description = [ip address] -- this is for quick reference and can be blank or whatever
  • Went live with this change... no problems so far... slight change is that I switched eth2 and eth4 so eth4 is for wired and eth2 being used for wireless.  not of consequence here.
  • Removing Firewall Rules that were needed for Bridged Mode, but no longer needed:
    • Firewall -- Packet Filter - External to internal
      • remove Minecraft service allow (now have port forward rule)
      • Remove eBox administration allow (for now only accessing from internal)
      • Remove VOIP allow (all phones internal to Zentyal)
      • Remove DHCP allow (no longer need to access External DHCP server)
      • Remove DHCP return allow (see above)
      • (this leaves no rules in this section)
    • Firewall -- Packet Filter -- External to Zentyal
      • (no changes)





Virtual Machines
Virtual Machines on Zentyal still seem to be a work in progress.  Here are my notes on trying them out (unsuccessfully so far).
  • Virtual Machines : Add New
    • Name LM-lxde
    • Auto start = not checked
    • System Settings: 
      • OS = i686 compatible
      • Base Memory = 512
    • Network Settings:
      • Add New Bridged to br1
    • Device Settings:
      • Add New Hard Drive
        • Drive type = Hard Disk
        • Action = create new disk
        • Name= LM-lxde
        • Size = 8000 MB (no thin provisioning option in the GUI)
      • Add New CD drive
        • Drive type = CD/DVD
        • Path =/home/[user]/Downloads/linuxmint-11-lxde-cd-32bit.iso
    • Starting it... Lights come up and all, but I cannot view the virtual machine in the console.  Hmmmm.....
    • Tried connecting from Virt-manager on my computer
      • signed into server with standard username and password
      • can see virtual machines, edit them, control them
      • can NOT view them in console... errors with the message "Error: viewer connection to hypervisor host got refused or disconnected!"
    • Install virt-manager on server and try
      • connect to ssh session with server
        • sudo ssh [user]@[serverip]
        • sudo apt-get install virt-manager
      • connect to virt-manager session on server as follows in a new terminal window
        • ssh -X user@serverip  (ssh with X session enabled)
        • virt-manager (to open virt-manager)
      • This allows me to see virtual machine, pause it, and presumably manipulate it in other ways
      • Can NOT view in console.  I am asked for a password then given "tcp/ip error: VNC connection to hypervisor host got refused or disconnected!"
      • searching online, this seems to be a broader issue with Ubuntu, though I do not experience it on my ubuntu server, anyway, trying virtual box for now as follows
  • Alternate is to install Virtualbox as described here:  http://forum.zentyal.org/index.php/topic,8969.msg42447.html#msg42447
    • Deleted Virtual machine I created
    • in Zentyal: Software management -- Zentyal Components -- delete
      • selected Virtualization manager and chose delete button
    • in SSH command line session: (from terminal: ssh user@zentyalip)
      • sudo apt-get remove virt-manager
      • sudo apt-get remove libvirt-bin
      • sudo apt-get install virtualbox-ose
        • get Fail message stating "No suitable module for running kernel found"

  • General notes:
    • On my computer images are stored at: /var/lib/libvirt/images
    • copied images from my computer to user download directory of Zentyal as follows
      • ssh ipaddress
      • scp root@ipaddress:/var/lib/libvirt/images/MineOS-CRUX.img /home/chenier/Downloads/
Misc Items
  • HTTPS service for firewall rules
    • to make it easier to create firewall rules to block certain https traffic, create a service definition as follows
    • Network -- Services  add new
      • service name = https
      • save and click configuation
        • Protocol = TCP/UDP
        • Source Port = any
        • Destination Port = Single port 443
    • save configuration
  • Needed firewall rule to logon to Zentyal from computer on bridged network.  I setup the following rules after which I was alble to login.
    • Firewall -- Packet Filter -- Internal networks to Zentyal
      • Add New
        • Source = Accept
        • Source = Any
        • Service = https
    • Firewall -- Packet Filter -- external Networks to Zentyal
      • Add New
        • Decision = Accept
        • Source = Source IP = IP of my computer
        • Service = https
    • Firewall -- Packet Filter -- external to internal networks
      • Add New (maybe not needed)
        • Decistion = Accept
        • Source = any
        • Destination = any
        • service = eBox administration

Updating
Decided to update with community updates for for now instead of purchasing subscription.
  • Software Management -- Zentyal Components
    • Software Management -- Settings
      • Enable Automatic security updates daily at 2:38 am
    • Software Management -- System Updates
      • select all and choose to update
    • Software Management -- Zentyal components -- Update
      • select 
        • Core 2.2.4 to 2.2.7
      • click on update and confirm
      • click on save changes
      • select (after everything finishes)
        • Antivirus 2.2 to 2.2.1
        • Backup 2.2.2 to 2.2.4
        • Common Library 2.2.2 to 2.2.3
        • Monitor 2.2.1 to 2.2.3
        • Software Management 2.2.2 to 2.2.4
        • VPN Service 2.2 to 2.2.1
        • (save other updates for another day :)
      • click on update and confirm
      • click on save changes
    • Reboot server just to be sure everything is straightened out

Identify  and Peg Network Objects
In order to peg DHCP addresses to specific computers/appliances while using dynamic DHCP on device, need to identify and peg devices on the server side.  This is a two step process.  A) Define Network Object for the unique MAC address with defined single IP address then B)Make static route in DHCP server.  Details follow for one example on my network:
  • Network -- Objects  : Add new
    • Name = phone 4001
      • members (Add new)
        • Name = phone 4001
        • IP address = CIDR = 172.30.40.41/32  (this is single IP address)
        • MAC address = (Mac for phone, copied and pasted from Dashboard)
        • (obviously, MAC address is required when desiring to peg specific devise to single IP address)
  • DHCP --  choose static interface (eth4 in my example)
    • Fixed addresses (at bottom of page)  -- Add new
      • Object = phone 4001
      • Description = (optional, but I put the pegged IP address for reference)


Configure Storage and Printers
Configure Virtual Machines
Configure Users
Configure phone advanced features
Posted by at 1 comment:

Saturday, January 14, 2012

Virt-manager KVM with Ubuntu 11.10 server

After deciding on Virt-manager to manage KVM based virtual machines on my local computer and servers, I started in on the task as follows:

Hardware
Desktop: Linux Mint 11 x64  AMD triple core
Server 1: HP DL365 two dual core, 8 gig ram, raid 1 with 500gb drives
Server 2: AMD dual core desktop with 4 Gig ram, 1 T hard drive

Setup Desktop for KVM


I decided to also prepare my main personal computer to host virtual machines and be controlled by ConVirt 2.0, that way I can move VM's from the server to my PC and vice-versa.  Generally followed: https://help.ubuntu.com/community/KVM/Installation  
  • sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils
    • This installed core packages needed for KVM
  • sudo apt-get install virt-viewer
    • so I can view virtual machine instances on computer outside of ConVirt
  • log out, then back in to affect new user group changes
  • virsh -c qemu:///system list
    • this command shows virtual machines (currently none), but also verifies the install went well
  • sudo apt-get install virt-manager
    • installs GUI tool to manage virtual machines (outside of ConVirt)
    • Works well, setup a 
To Allow Bridging to my Computer, needed to do the following based on:  http://doc.ubuntu.com/ubuntu/serverguide/C/network-configuration.html#bridging
  • gksudo gedit /etc/network/interfaces
    • allows editing of interfaces to define bridge interface
    • Added the following lines to the file
      • auto eth0
      • iface eth0 inet manual
      • #this line was changed from ...inet dhcp

      • auto br0
      • iface br0 inet dhcp
        • bridge_ports eth0
        • bridge_stp off
        • bridge_fd 0
        • bridge_maxwait 0
  • sudo /etc/init.d/networking restart 
  • This is not working yet!!!  found the following:  https://help.ubuntu.com/community/KVM/Networking   *** most helpful article found ****
    • Bridged networking does not work by default, so need to do some further setup
    • sudo apt-get install libcap2-bin
    • sudo setcap cap_net_admin=ei /usr/bin/qemu-system-x86_64   (did not work, hmmm)
    • sudo setcap cap_net_admin=ei /usr/bin/qemu
    • gksudo gedit /etc/security/capability.conf
      • add line
        • cap_net_admin    chenier
  • This was not successful, though bridge br0 is now working properly, the network is not working properly for the main computer.  --- br0 and eth0 are showing same ip address and MAC address. also, the computer says the wired network device is not managed.  Also, running /etc/init.d/networking restart gives message "...is deprecated because it may not enable again some interfaces... *Reconfiguring network interfaces... RTNETLINK answers: No such process; ssh stop/waiting; ssh start/running, process 3083; ssh stop/waiting; ssh start/running, process 3199"
  • Still problems, tried the cap_net 64 command and it did not throw an error this time
  • also changed /etc/network/interfaces line 
    • from..... iface eth0 inet dhcp
    • to....       iface eth0 inet manual
  • Now when rebooting everything works fine, with the exception that the gui networking device manager does not see or control eth0... is this now a function of capnet???  Actually, probably part of the following two points.
  • no prob, the command ifconfig shows proper connetion of br0 and any new VM I create connects to my DHCP server to get its IP address, so it appears all is well.  
  • Also, now ifconfig shows no IP address for my eth0, just for my br0, but I usnderstand that this is normal and that eth0 automatically gets its traffic through br0.
  • I am a bit concerned about the SSH information given when restarting networking (sudo /etc/init.d/networking restart) still gives the messages "ssh stop/waiting; ssh start/running, process 3083; ssh stop/waiting; ssh start/running, process 3199".  Maybe this is part of the RTNETLINK process and is normal.  I will want to verify this on the server install.
  • In this guide: https://help.ubuntu.com/8.04/serverguide/C/libvirt.html it states that the dhcdb daemon will need to be stopped and disabled if used (Desktop installs like mine).  It says to do the following:
    • sudo /etc/init.d/dhcdbd stop
      • this supposedly shuts down the service, but the command was not found on my computer and indeed the file /etc/init.d/dhcdbd is non-existent so apparently my version of Linux Mint uses something else.
  • Alternate configuration of /etc/network/interfaces was found at the bottom of this page: https://help.ubuntu.com/community/BridgingNetworkInterfaces
    • /etc/network/interfaces to read:
      • auto eth1
      • iface eth1 inet manual
      • up ip link set eth1 up
      •  
      • auto br0
      • iface br0 inet manual
        • bridge_ports eth1
        • bridge_fd 0
        • bridge_hello 2
        • bridge_maxage 12
        • bridge_stp off
    • I have not tried this yet, but suppose it will work also, since I currently have not problems, no need to try here.  The point of my eth0 having no separate IP address listed is normal as eth0 traffic routes through br0.
  • THE COMMAND brctl gives access to control and view bridge functions.  Typing brctl directly gives command options and man brctl give more help :)
  • more on bridging: http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#Does_DHCP_work_over.2Fthrough_a_bridge.3F
  • For advanced bridging info and vlan bridging: http://blog.loftninjas.org/2008/08/11/enterprise-networking-with-kvm-and-libvirt/
    • discusses configuring libvert networking in the following files
      • /etc/libvirt/qemu/networks/default.xml
        • opening this file on my computer shows the network configuration of my virtual bridge virbr0, which I have not yet used for a virtual machine as I am mostly using the standard bridged network
      • /etc/libvirt/qemu/domain.xml
        • on my computer, this is blank
      • Discusses how to define vlan bridges
      • Shows examples of configuration of domain.xml and /etc/newtork/interfaces files for  creating subinterfaces
    • points to libvirt networking documentation: http://libvirt.org/formatnetwork.html


Setup Servers for KVM


Main Help References




Server 1 HP DL365 
  • Server Info:
    • Raid Controller: HP Smart Array E200i, 500 Gb sata drives in bay 2 & 4 mirrored with spare drive in bay 1
    • dual CPU each with dual core 1.8 GHz, 2MB L2 Cache
    • 8 Gb RAM
  • Install Ubuntu 10.10 AMD x64 as usual with the following notable configurations
    • choose software
      • OpenSSH server
      • Virtual Machine host
    • test SSH login from Desktop
      • ssh user@serverip
      • successfully logged in
    • Update and upgrade
      • sudo apt-get update
      • sudo apt-ger upgrade
    • Install a few additional packages
      • sudo apt-get install ubuntu-vm-builder
        • to install custom Ubuntu servers ad-hoc
      • sudo apt-get install libcap2-bin
        • needed for proper bridge networking
      • sudo setcap cap_net_admin=ei /usr/bin/qemu-system-x86_64
        • gives qemu cap net admin inheritability
    • configure cap_net_admin
      • sudo nano /etc/security/capability.conf
        • edit the capability file to give inheritance to cap_net_admin for the listed user by adding the following line
        • cap_net_admin     chenier
    • Change networking to allow bridged networking
      • sudo nano /etc/networking/interfaces
        • modify the interfaces configuration by modifying as follows
          • #primary networking interface
          • auto eth0
          • iface eth0 inet manual
          •  
          • #bridged networking using eth0
          • auto br0
          • iface br0 inet dhcp
            • bridge_ports eth0
            • bridge_stp off
            • bridge_fd 0
            • bridge_maxwait 0
      • sudo /etc/init.d/networking restart
        • this re-initializes the networking interfaces
        • now shows br0 bridge with IP address and same MAC address as eth0 and eth0 without ip address... looks correct
      • ADD ETH1 INTERFACE... not showing up....
    • Add virt-manager so it can be started via ssh -X from a workstation
      • sudo apt-get install virt-manager
      • this is optional as remote access to the server can be obtained from a local copy of virt-viewer on a workstation, however this allows desktops without virt-viewer, but an X windows environment to manage virtual machines
    • reboot to test everything and allow for proper groups to be created (libvirtd)
    • Test that KVM is working properly
      • virsh -c qemu:///system list
      • this shows an output of all running VMs, currently none, but the headers appear
    • Test starting virt-manager remotely.  Run the following from a desktop with X windows installed
      • ssh -X user@server
      • virt-manager
  • I got an error when trying to install a Virtual machine on this host via virt-manager local on my desktop (remote host):
    • After setting up  install parameters and selecting begin install, I got the following message:
      • Unable to complete install: 'Requested operation is not valid: domain is already running'  Traceback (most recent call last):    File "/usr/share/virt-manager/virtManager/asyncjob.py", line 45, in cb_wrapper   callback(asyncjob, *args, **kwargs)  File "/usr/share/virt-manager/virtManager/create.py", line 1633, in do_install      vm.startup()  File "/usr/share/virt-manager/virtManager/domain.py", line 1048, in startup    self._backend.create()  File "/usr/lib/python2.7/dist-packages/libvirt.py", line 330, in create    if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)libvirtError: Requested operation is not valid: domain is already running
      • I backed out and discovered that the machine was already running and I was able to open a virt-console instance of it.
    • this error was not a show stopper, just annoying and I see it is documented:  





Server 2: AMD 

  •   error
    • kvm: 1502: cpu0 unhandled rdmsr: 0xc0010001
    • kvm: 1614: cpu0 unhandled rdmsr:









Converting VirtualBox VMs for use by  KVM & Virt-manager
I had a couple VirtualBox based virtual machines I wanted to keep.  Following are the steps I took:

  • Resources: 
  • From Terminal, convert hard drive first to raw format, then to qcow format
    • VBoxManage clonehd --format RAW /directory/of/diskimage/imagename.vdi /new/directory/and/name.img
      • command that converts from VDI format to raw, takes a while
    • qemu-img convert -f raw /directory/ofraw/file/filename.img -O qcow2 /new/directory/filename.qcow
      • command to convert raw image to qcow format, takes a while also with no update in terminal, but you can see the file size grow if you open a file browser
  • Create virtual machine from the image
    • move image to location of disk images on the local machine
      • /var/lib/libvirt/images on my machine
  • THIS STEP NO LONGER NEEDED.... bug was aparently fixed. --  Change hard drive settings - virt-manager hard drive settings need to be changed for the hard drive before it will read it correctly, done as follows
    • virsh -c qemu:///session list --all
    • virsh -c qemu:///system list --all
      • depends on if your virtual machine is in the system account or your user account
      • this shows a list of your VMs
    • virsh -c qemu:///system dumpxml XP2 > ~/Desktop/XP2.xml
      • this placed the config file on my desktop
      • upon inspection, I found that the file correctly identifies the image as qcow2, so this bug must be fixed and my error starting the virtual machine is another problem
    • virsh -c qemu:///system define ~/Desktop/XP2.xml
      • uploads the VM config file
    • Windows XP give me the BSOD upon start right after loading d344bus.sys which seems to be part of daemon tools (virtual CD emulator I use for XP).  Perahaps this program is incompatible with new hardware required for or selected for KVM, but not sure if it is worth messing with at this point.



Various Hints in Virt-Manager Interface

  • Share Desktop Files with Servers via virt-manger (useful for mounting iso images from your desktop)
    • Getting Desktop Shares available via Virt-manager GUI
    • http://www.techotopia.com/index.php/Sharing_Ubuntu_11.04_Folders_with_Remote_Linux_and_UNIX_Systems
    •  on Desktop
      • sudo apt-get istall nfs-kernel-server   =installs nfs server package, which is not installed by default on Linux Mint... go figure
      • Service nfs-kernel-server status   = showed "nfsd running" message ... if not see above document to fix
      • define shares from the /etc/exports file
        • gksudo gedit /etc/exports
        • add share lines as per documentation included in comments in file or via above reference
      • sudo exportfs -a    
      • sudo exportfs
        • returns exported files information (to verify)
      • Firewall configuration changes if needed (not needed in default setup of Linux Mint)
    • on Server
      • log into server
      • sudo apt-get install nfs-common   =installs nfs-common which was not installed on my default server setup

Posted by at No comments:

Saturday, December 31, 2011

Ubuntu 10.10 KVM Server Managed by ConVirt

Project Successful, but abandoned in lieu of virt-manager VMM


Findings:  I will abandon use of ConVirt 2.0 in favor of virt-manager.
ConVirt is not for the faint at heart and imho its limitations and challenges overshadow its advantages at this point in time.  Keep watching, though, maybe someday, if they stick with it they will have a world class Opensource Hypervisor!



Pro's of virt-manager over ConVirt 2.0
  • Cleaner interface
  • Lower footprint and easier setup
  • Does everything a small shop needs
  • More options on disk management
  • No need to have a VM running constantly just for running the interface
  • Much more active development
  • Simple server configuration with minimal extra packets and processes running at host level
Cons of virt-manager
  • Need to run from within linux (or Mac via ssh -X with virt-manager installed on server)
    • if you have Linux or Mac anyway, not a big deal - or you could create a VM dedicated to running virt-manager, which is in effect what ConVirt required anyway.
    • you could set it up to tunnel in remotely and run virt-manager via remote x session
  • no gui network setup tools, need to be done in config files or via commands --- for now!
    • simple bridging or NATing is easy though
Pro's of ConVirt 2.0
  • Web interface - log in from anywhere
  • Better statistics
  • live-migration - yes but virt-manager also does this handily now
Cons of ConVirt 2.0
  • No longer seems to be focus on Convirture... now Enterprise Cloud ... will product fade away?
  • Complicated setup
  • Disorganized GUI
  • Few extra real features for the fuss
  • Requires root login to all managed servers



Overview of Tasks
  1. Prepare Server
    • Install Ubuntu 10.10
    • Install ConVirt tools
    • 1.5 - prepare PC to host virtual machines via KVM
  2. Prepare Machine for receiving ConVirt 2.0
    • Use existing computer or virtual machine or prepare virtual machine manually
  3. Install ConVirt 2.0 (CMS)on a separate machine
    • Install ConVirt 2.0 Framework on the above machine, specifically this refers to installing the Convirt Management Server on the machine used to manage the Convirt enabled managed servers
    • 3.5 - setup Convirt to connect to managed servers
  4. Exploring vir-manager VMM as alternative
1)  Prepare Server
Starting with Ubuntu Server 64 bit 10.10.  Roughly following this guide:  https://help.ubuntu.com/community/KVM

  • Install Ubuntu 64bit Server 10.10 using appropriate options and the following:
    • choose to apply security updates automatically
    • choose software to install: 
      • OpenSSH server
      • Virtual Machine host
  • Install ConVirt tools http://www.convirture.com/wiki/index.php?title=Convirt2_Installation#Preparing_Managed_Servers
    • installed packages the document suggested I require
      • sudo apt-get install ssh kvm socat dnsmasq umo-utilities lvm2 expect
      • many but not all of these packets were not yet installed
    • run the convirt-tool script which "creates appropriate public bridges, required scripts and writes a summary of its operations to the /var/cache/convirt/server_info file"
      • enable root account https://help.ubuntu.com/community/RootSudo
        • sudo passwd root
        • (could I have done this using a persistent root login via [sudo -i] command?)
      • used wget to download tarball and unpacked it (tar -xzf convirture-tools-2.0.1.tar.gz)
      • message regarding using convirt tools given with command ./convirt-tool -h
        • shows qemu-kvm-0.12.5, Ubuntu 10.10, Kerneel 2.6.34-11, etc
      • ./convirt-tool install_dependencies
        • checks dependencies
        • installs kpartx & python-pexpect
      • brctl show
        • shows bridges, in my case virbr0 is currently setup, of course I will want to setup a br0 or the like which is linked to eth0
      • ./convirt-tool setup
        • this ran through the setup very fast, but 
        • when I ran the brctl show command again I see 
          • br0 attached to eth0
          • virbr0
      • nano /etc/network/interfaces
        • wanted to see the network setup out of curiosity, which looks much like the one I setup on my PC:
        • (loopback stuff, then:)
        • auto eth0
        • iface eth0 inet manual
        •  
        • auto br0
        • iface br0 inet dhcp
          • bridge_ports eth0
          • bridge_fd 0
          • bridge_stp off
          • bridge_maxwait 0
      • ifconfig
        • shows br0 with ip address of server and eth0 with no ip address... as expected since it connects through the bridge, also shows the virbr0
        • nothing to do here
      • nano /etc/libvirt/qemu/networks/default.xml
        • shows the virtbr0 interface 
        • nothing to do here
    • Adding to the CMS - done after setting up the CMS as a virtual machine
      • see below
    • VNC setup
      • done, see below
1.5) Prepare PC to also host Virtual machines under KVM
 I decided to also prepare my main personal computer to host virtual machines and be controlled by ConVirt 2.0, that way I can move VM's from the server to my PC and vice-versa.  Generally followed: https://help.ubuntu.com/community/KVM/Installation  
  • sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils
    • This installed core packages needed for KVM
  • sudo apt-get install virt-viewer
    • so I can view virtual machine instances on computer outside of ConVirt
  • log out, then back in to affect new user group changes
  • virsh -c qemu:///system list
    • this command shows virtual machines (currently none), but also verifies the install went well
  • sudo apt-get install virt-manager
    • installs GUI tool to manage virtual machines (outside of ConVirt)
    • Works well, setup a 
To Allow Bridging to my Computer, needed to do the following based on:  http://doc.ubuntu.com/ubuntu/serverguide/C/network-configuration.html#bridging
  • gksudo gedit /etc/network/interfaces
    • allows editing of interfaces to define bridge interface
    • Added the following lines to the file
      • auto eth0
      • iface eth0 inet manual
      • #this line was changed from ...inet dhcp

      • auto br0
      • iface br0 inet dhcp
        • bridge_ports eth0
        • bridge_stp off
        • bridge_fd 0
        • bridge_maxwait 0
  • sudo /etc/init.d/networking restart 
  • This is not working yet!!!  found the following:  https://help.ubuntu.com/community/KVM/Networking   *** most helpful article found ****
    • Bridged networking does not work by default, so need to do some further setup
    • sudo apt-get install libcap2-bin
    • sudo setcap cap_net_admin=ei /usr/bin/qemu-system-x86_64   (did not work, hmmm)
    • sudo setcap cap_net_admin=ei /usr/bin/qemu
    • gksudo gedit /etc/security/capability.conf
      • add line
        • cap_net_admin    chenier
  • This was not successful, though bridge br0 is now working properly, the network is not working properly for the main computer.  --- br0 and eth0 are showing same ip address and MAC address. also, the computer says the wired network device is not managed.  Also, running /etc/init.d/networking restart gives message "...is deprecated because it may not enable again some interfaces... *Reconfiguring network interfaces... RTNETLINK answers: No such process; ssh stop/waiting; ssh start/running, process 3083; ssh stop/waiting; ssh start/running, process 3199"
  • Still problems, tried the cap_net 64 command and it did not throw an error this time
  • also changed /etc/network/interfaces line 
    • from..... iface eth0 inet dhcp
    • to....       iface eth0 inet manual
  • Now when rebooting everything works fine, with the exception that the gui networking device manager does not see or control eth0... is this now a function of capnet???  Actually, probably part of the following two points.
  • no prob, the command ifconfig shows proper connetion of br0 and any new VM I create connects to my DHCP server to get its IP address, so it appears all is well.  
  • Also, now ifconfig shows no IP address for my eth0, just for my br0, but I usnderstand that this is normal and that eth0 automatically gets its traffic through br0.
  • I am a bit concerned about the SSH information given when restarting networking (sudo /etc/init.d/networking restart) still gives the messages "ssh stop/waiting; ssh start/running, process 3083; ssh stop/waiting; ssh start/running, process 3199".  Maybe this is part of the RTNETLINK process and is normal.  I will want to verify this on the server install.
  • In this guide: https://help.ubuntu.com/8.04/serverguide/C/libvirt.html it states that the dhcdb daemon will need to be stopped and disabled if used (Desktop installs like mine).  It says to do the following:
    • sudo /etc/init.d/dhcdbd stop
      • this supposedly shuts down the service, but the command was not found on my computer and indeed the file /etc/init.d/dhcdbd is non-existent so apparently my version of Linux Mint uses something else.
  • Alternate configuration of /etc/network/interfaces was found at the bottom of this page: https://help.ubuntu.com/community/BridgingNetworkInterfaces
    • /etc/network/interfaces to read:
      • auto eth1
      • iface eth1 inet manual
      • up ip link set eth1 up
      •  
      • auto br0
      • iface br0 inet manual
        • bridge_ports eth1
        • bridge_fd 0
        • bridge_hello 2
        • bridge_maxage 12
        • bridge_stp off
    • I have not tried this yet, but suppose it will work also, since I currently have not problems, no need to try here.  The point of my eth0 having no separate IP address listed is normal as eth0 traffic routes through br0.
  • THE COMMAND brctl gives access to control and view bridge functions.  Typing brctl directly gives command options and man brctl give more help :)
  • more on bridging: http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#Does_DHCP_work_over.2Fthrough_a_bridge.3F
  • For advanced bridging info and vlan bridging: http://blog.loftninjas.org/2008/08/11/enterprise-networking-with-kvm-and-libvirt/
    • discusses configuring libvert networking in the following files
      • /etc/libvirt/qemu/networks/default.xml
        • opening this file on my computer shows the network configuration of my virtual bridge virbr0, which I have not yet used for a virtual machine as I am mostly using the standard bridged network
      • /etc/libvirt/qemu/domain.xml
        • on my computer, this is blank
      • Discusses how to define vlan bridges
      • Shows examples of configuration of domain.xml and /etc/newtork/interfaces files for  creating subinterfaces
    • points to libvirt networking documentation: http://libvirt.org/formatnetwork.html


2) Prepare Machine for receiving ConVirt 2.0
Decided to create a VM on my desktop for this.  Its creation is straight forward using Virtual Machine Manager.  I created a VM of Linux Mint 11 64bit Gnome, which is akin to my desktop setup.

OK, that did not work, so need to install an earlier version of Ubuntu as Linux mint 11 is based on 11.04 and the script only accounts for versions up to ubuntu 10.10, so maybe I will install an Ubuntu server as a VM on my desktop.... done... selecting only openSSH server for install.....
hmmmm, after trying the step by step convirt install, it failed, maybe they wanted ubuntu desktop instead of server....

Could try with an Ubuntu 10.04 desktop, then use the partner directory..... perhaps should have tried this first!

In the process of doing the above, I discovered that Virtual Machine Manager can connect to Virtual Machines on my server directly.... though right now it seems to have trouble connecting to local storage on the server.... likely some configuration changes needed.  If ConVirt 2.0 seems to be too unstable or difficult to use, maybe vanilla Virtual Machine Manager will do the trick... Guess I don't really have a need for the fancy stuff like live migration anyway...


3) Install ConVirt 2.0 CMS software 
on the VM inside my Linux Mint machine, I will follow the instructions at: http://www.convirture.com/wiki/index.php?title=C2_ubuntu_installation
I may later install the CMS directly on my desktop, but don't want to risk messing up my desktop configuration untill I have a bit more experience with ConVirt.

  • did wget for 3 files and untarred the first
  • ran first command of install_dependencies and ran into an error with libc6-xen not being installable.... may either have to manually go through the setup or use another virutual machine of an earlier distribution.
So, starting again on the Ubuntu Server 10.10 x64 VM created above, with only OpenSSH server installed.
  • sudo apt-get install wget sudo
    • this updated the sudo package
  • wget the 3 files
  • tar -xzf convirt-install-2.0.1.tar.gz
    • untars in the home directory
  • sudo ./convirt-install/install/cms/scripts/install_dependencies
    • installs the dependencies
    • entered "convirt" as the mysql root crediential, will change later
  • Setup innodb buffer and memory pool
    • found the my.cnf configturation file in different location than specified in instructions.  Was found in directory /etc/mysql
    • this file states at the top that golbal options are setup in file and user-specific are setup in ~/.my.cnf ... since this machine is only for CMS, I will set it up globally by adding the two lines to  /etc/mysql/my.cnf  in the mysqld section
      • sudo nano /etc/mysql/my.cnf
        • innodb_buffer_pool_size=1G
        • innodb_additional_mem_pool_size=20M
    • sudo /etc/init.d/mysql restart
      • restarts mysql... convirt instructions had typos here
    • untar the CMS tarball... done
    • TurboGears setup gives some errors:
      • EnvironmentError: mysql_config not found
      • Error: installing mysql-python
      • Error: Failed creating Turbogears2 environment
    • Whatever we do now probably will not work without fixing these errors,however
    • setup sql database
    • Run setup convirt ... which throws more errors about dependencies.... maybe they meant to install this on Ubuntu desktop edition, rather than server edition.
    • GRRRRR, getting frustrated

Maybe I will just install the appliance disk.... Now downloading on KVM server
  • Downloaded the server, then unpacked it, but could not start it using instructions on Convirt website, rather completed remote control setup of managed server using Virtual Machine Manager.  
    • tar -jxf convirt-appliance-2.0.1.tbz2
      • unpacked file
    • then created directory /mnt/sotrage/vm_disks
    • moved disk there (c2_appliance.disk.xm)
  • apt-get install chkconfig
    • installed chkconfig, but it did no good as the point was to turn on libvirtd, but it was not installed , however another service must be in its place
  • http://virt-manager.org/page/RemoteSSH used this guide to setup remote management over SSH, but did not need to turn on the service libvirtd (must be by another name on ubuntu server)  Could have used other VMM remote management protocols **** http://virt-manager.org/page/Main_Page
  • opened the machine via Virtual Machine Manager
    • define new storage pool for server connecting directory /mnt/storage/vm_disks to storage pool called vm_disks
    • created new virtual machine by importing existing disk image and defining the server, then starting
    • login as cms with password convirt
    • login with new credentials
    • start convirt
      • cd ~/convirt
      • ./convirt-ctl start
    • Start web browers on another computer and point to
      • http://[ip address of CMS]:8081
      • default credentials is admin:admin
      • change default credentials
3.5) Setup Convirt CMS to connect to managed servers
  • Start web browers on another computer and point to
    • http://[ip address of CMS]:8081
    • default credentials is admin:admin
    • change default credentials 
      • admin
      • my new password
  • Connecting
    • Created new server Pool by right clicking the data center
    • added server by right clicking the pool and adding, including credentials and connection info
    • installed VNC viewer and keys from CMS to server plus opened VNC ports
    • Things are running well, and I can install new machines and configure storage pools, etc.
    • However, I am finding that virt-manager VMM native to linux is now just as powerful and combine it with virsh shell, more so.  
    • ConVirt's formatting and arrangement seems a little disorganized and dated.  For example, settings for new virtual machines are not as well presented as in virt-manager and certainly not close to that of VirtualBox or 


4) Connecting Virtual Machine Manager (virt-manager) on desktop computer to Server
  • https://help.ubuntu.com/community/KVM/Networking?highlight=%28%5CbCategoryVirtualization%5Cb%29
    • installed libcap2-bin package
    • give qemu the inheritable CAP_NET_ADMIN capability as described
    • edited /usr/bin/qemu as suggested
  • Able to now define storage devices, create new virtual machines, etc.
  • Bridge networking works well on the server.

  • Running Virt-manger on server from another computer:  Curiosity based test.... if I was on another (linux) computer and did not have virt-manager installed, could I still manage virtual machines on the server?
    • ssh user@serverip  =to log into server from console on laptop
    • sudo apt-get install virt-manager =to install VMM gui
    • exit =to get out of ssh tunnel
    • ssh -X user@serverip  =to get back in with X shell enabled
    • vir-manager =to open vir-manager..... works well and I can connect to the server and see VMs and settings I applied remotely from virt-manager on my desktop computer.


Conclusion:

I will abandon ConVirt 2.0 and utilize Virt-manager.  

Pro's of virt-manager over ConVirt 2.0
  • Cleaner interface
  • Lower footprint and easier setup
  • Does everything a small shop needs
  • More options on disk management
  • No need to have a VM running constantly just for running the interface
  • Much more active development
  • Simple server configuration with minimal extra packets and processes running at host level
Cons of virt-manager
  • Need to run from within linux (or Mac via ssh -X with virt-manager installed on server)
    • if you have Linux or Mac anyway, not a big deal - or you could create a VM dedicated to running virt-manager, which is in effect what ConVirt required anyway.
    • you could set it up to tunnel in remotely and run virt-manager via remote x session
  • no gui network setup tools, need to be done in config files or via commands --- for now!
    • simple bridging or NATing is easy though
Pro's of ConVirt 2.0
  • Web interface - log in from anywhere
  • Better statistics
  • live-migration - not any more as virt-manager does this handily now
Cons of ConVirt 2.0
  • No longer seems to be focus on Convirture... now Enterprise Cloud ... will product fade away?
  • Complicated setup
  • Disorganized GUI
  • Few extra real features for the fuss
  • Requires root login to all managed servers


Posted by at No comments:

Tuesday, August 23, 2011

Upgrade to LM11 desktop from W7 laptop =keep

My Win 7 laptop was zippy a couple years ago with 8 Gig Ram, fast single core processor. Win 7 updates and a couple years of use have taken its toll on current speed so that now I struggle sometimes listen to streaming music while entering receipts into a database. Don't get me started about my frustrations about trying to watch Netflix or Hulu and do ANYTHING else. Used to work fine even on dual monitors. On the plus side, I am more productive while doing the anything else, but then again sometimes it is nice to mostly relax while doing a little mundane business accounting in the evening.

So I decided to drop my laptop and move to a faster desktop running Linux Mint 11 (Gnome, 64bit). I already use Linux Mint LXDE on several older laptops at home which were bogging down with Win XP, but now are quite zippy, thanks to LXDE's responsive GUI. I also have a couple desktops for the kids to play on which dual boot XP and Linux Mint 9 (Gnome, 64bit) which I have been very happy with, especially the Linux Mint 9 portion of that.

OK, so down to it.
Install:
Standard DVD install. Started off trying to use bios (software) raid after determining Linux Mint does not have Linux RAID options in the setup menu as is available during the Ubuntu Server install process. Maybe I could setup Linux software raid using PartitionMagic or SystemRescueCD, but unsure. I got bogged down in implementation of the bios software raid, specifically in setting up the boot manager, so after thinking about it decided to install to a single hard drive, which will be more energy efficient anyway, then setup regularly scheduled backups using a rsync type product.

Syncing and Bacup:
First needed to get my files from my Win 7 laptop.

Failed Attempt - But only because not mounted locally, so LuckyBackup cannot reach them
start by trying to mount by GVFS
GVFS moutn
install needed programs and add self to fuse group, then log off and on
sudo apt-get install gvfs-bin sudo gpasswd -a [user] fuse
open the samba share in Nautilus via File/Connect to Server... then select Windows share and put in computer info, then unmount and mount from terminal


MOUNT FROM TERMINAL
gvfs-mount smb://[ip address]/share_name

Create script with the above command 

#! /bin/sh
gvfs-mount smb://[ip address]/share_name


You need to logoff and login again for the group to actually change.

this allowed me to mount samba shares, but not to local directory, so lucky backup which does not directly support samba was not able to use these mounts.

Final  Working Solution for Mounting Samba Shares:
referenced:

temporary local mount created with:
sudo mount -t cifs
sudo mount -t cifs //172.30.30.104/homeshare /home/chenier/LanShare/homeshare_104
sudo mount -t cifs //172.30.30.50/data /home/chenier/LanShare/data_50

then
created credentials file entries

edited /etc/fstab [sudo gedit etc/fstab] by adding the following lines:
did not work
#samba mount for Win7 laptop using hidden username and password
//172.30.30.50/data /home/chenier/LanShare/data_50 cifs credentials=/home/chenier/.smbcredentials,dmask=777,fmask=777 0 0

this works
#samba mount for Win7 laptop using hidden username and password
//172.30.30.50/data /home/chenier/LanShare/data_50 cifs username=chenier,password=[password],iocharset=utf8,file_mode=0777,dir_mode=0777 0 0

Change Samba Shares for new FreeNAS storage device -- alternately could have used SSH for share
Able to see Samba shares on the FreeNAS storage device via Nautilis, so do the following to mount to permanent location for backup software access

  • mkdir /home/chenier/LanShare/data_20
    • creates the directory used for sharing
  • sudo gedit /etc/fstab
    • comment out the Windows 7 share, no longer needed
    • add the following 2 lines:
    • #samba mount for FreeNAS storage
    • //172.30.30.20/mnt/store /home/chenier/LanShare/data_20 cifs username=[user], password=[pass], iocharset=utf8,file_mode=0777,dir_mode=0777 0 0
    • alternates of the above that worked when guests allowed on Samba share are:
      • //172.30.30.20/mnt/store /home/chenier/LanShare/data_20 cifs 0 0
      • //172.30.30.20/mnt/store /home/chenier/LanShare/data_20 cifs guest,uid=1000,iocharset=uif8,codepage=unicode,unicode 0 0
    • using this last option for now as I am not getting the results I want for file permissions otherwise.
    • save file and exit gedit
  • sudo mount -a
    • remounts everything
Changed network layout so edit one more time:
  • gksudo gedit/etc/fstab
    • change IP address of FreeNAS storage device to the new one
    • saved file
  • sudo mount -a   = to remount everything
  • success
Sharing Directories as NFS
I will use this to access some files on my computer with my KVM servers.  Resource for this: http://www.techotopia.com/index.php/Sharing_Ubuntu_11.04_Folders_with_Remote_Linux_and_UNIX_Systems

  • on Desktop
    • sudo apt-get istall nfs-kernel-server   =installs nfs server package, which is not installed by default on Linux Mint... go figure
    • Service nfs-kernel-server status   = showed "nfsd running" message ... if not see above document to fix
    • define shares from the /etc/exports file
      • gksudo gedit /etc/exports
      • add share lines as per documentation included in comments in file or via above reference
    • sudo exportfs -a    
    • sudo exportfs
      • returns exported files information (to verify)
    • Firewall configuration changes if needed (not needed in default setup of Linux Mint)
  • on Server
    • log into server
    • sudo apt-get install nfs-common   =installs nfs-common which was not installed on my default server setup
Playing Amazon Prime Videos




Install OpenProj
Ubuntu/Linux Mint does not yet have link to openproject install via Software manager so use:
wget http://nchc.dl.sourceforge.net/sourceforge/openproj/openproj_1.4-2.deb
sudo dpkg -i openproj_1.4-2.deb

Install ClamTK
This is the front end for ClamAV, installed so I can scan files on removable media for viruses as I have several Windows computers at home.

Other Programs Installed:

  • BibleTime - very nice bible, etc reading program
  • Calibre - ebook management software to sync with and manage ebooks for my Sony reader.... I actually have not tested this yet for syncing, but I can add my titles just fine.  I intend to test next time I want to sync.  Looks like a very nice application with cool features like converting books and sharing with multiple devises.
  • ClamTK - Antivirus front end
  • Dia - Diagram editor -- although, the Google docs program, LucidChart is even better!
  • DigiKam - I use this program for batch renaming my photos to something based on the day it was taken.
  • Filelight - (not necessary) nice light weight disk usage analysis tool, but Disk Usage Analyzer (Baobab 2.32.0) works just as well or better even, so did not need this extra program... though will keep using it on lighter weight installations.
  • FileZilla - Very nice tool for moving files from local to remote locations using SSH and other connection schemes.
  • FreeMind -  mind mapping tool
  • Furious ISO mount - for mounting virtual disks
  • Guake Terminal - terminal access using f12 and more -- very nice!  Set it to launch when I log in.
  • Hamster-applet (or Time Tracker) - Keeps track of time spent on various tasks while on computer
  • KeePass X - nifty password storage program
  • LibreOffice 3.5.3.2 - latest version right now.... installed by adding additional repository - see Ubuntu help sources for how to do this -- do not try adding .deb packages from LibreOffice web site as it is too time consuming and confusing
  • LuckyBackup - very nice rsync based backup utility
  • MySQL stuff:  see my blog on MySQL setup :)
  • OpenProj - see above
  • PuTTy - for those times I want an SSH session outside of terminal (I prefer this for just a couple things)
  • Remmina - Remote desktop application with support for VNC, RDP, SSH and more
  • SweetHome 3D - not a great program, but good for a free layout/design program
  • Vinagre - another remote desktop application, mainly for VNC.... works very nice in Gnome.
  • Xournal - cool program for mixing hand writing and text together... too bad there isn't a cloud version yet or it doesn't work with google docs.
  • Xiphos Bible Guide - another bible study tool

Stuff I tried and didn't like
Either these apps were not for me or did not work well on my version of mint

  • aclock - graphics poor, menu system broken in this Gnome, so hard to close, gets in the way.
  • Krusader - twin panel file management a little too old school for my tastes, plus added a lot of KDE desktop stuff I didn't need otherwise.  I also generally use Filezilla for moving stuff from local to remote locations.
  • Tomboy Notes - very nice program.... just not how I organize my thoughts.

Various References:





Posted by at No comments:
Subscribe to: Posts (Atom)