August 2011

You are currently browsing the monthly archive for August 2011.

RedHat Enterprise Linux 6 doesn’t include Xen support out of the box.  Fedora and Ubuntu also feature KVM.  For a non-business user like myself, it was time to follow suit.  It was 8 hours worth of work and 26 virt-install attempts later, that I finally found the magic combo.

When reading this note that the machine that was used as a host is running CentOS 5.  There seem to be some changes between it and the packages that would come with a system based on RedHat Enterprise Linux 6.

Note: After writing this, it seems as though the greatest benefit would come from reading this completely, reading other resources, and then starting your migration.

Step 0: Copy

This step was easy.  My current virtual machines sit on a LVM partition.  After shutting down the virtual machines.  Running the dd command created a backup easily.

dd if=/dev/vms/webRoot of=/backups/webRoot.img

Step 1: Migration

Things went bad shortly thereafter. The initial plan was to run virt-v2v and simply migrate the a CentOS 4 virtual machine that was running as a web server. But, alas, I had committed a great configuration “error” that I wasn’t even aware of. Instead of having the LVM block devices represent an entire virtual disk, I had them configured to be just a partition. virt-v2v was unable to read the partition. At least, that was the last error that was given. I found virt-v2v to be unforgiving. The error messages that it produced were cryptic. I had to look at the perl scripts to actually see what it was failing on. After taking into acount that CentOS 4 was only going to be supported for another few months and the fact that I really wanted to install Scientific Linux for something, I did something that is usually not in my vocabulary….I gave up. The migration step was a failure. I’ve seen sites where people made it work (they were not using block devices as partitions as I was), it just didn’t work for me.

Step 2: Creating a new VM from an install disk

This isn’t hard to do, the part where this fell apart was that I was trying to do this in headless mode. The entire install was to be done from a console. Again, I’ve seen posts where people have this working. The man page for virt-install gives us a hint as to how to do this

–nographics
No graphical console will be allocated for the guest. Fully
virtualized guests (Xen FV or QEmu/KVM) will need to have a text
console configured on the first serial port in the guest (this can be
done via the –extra-args option). Xen PV will set this up
automatically. The command virsh console NAME can be used to
connect to the serial device.

It says we need to create a console to connect to. No problem. In fact, here is a sample command that _should_ work.

virt-install -v --connect qemu:///system -n vm24 -r 512 --vcpus=2 --disk="path=/var/lib/libvirt/images/vm24.qcow2,size=25" --location /var/lib/libvirt/images/SL-61-x86_64-2011-07-27-Install-DVD --os-type linux --os-variant rhel6 --accelerate --network=bridge:br0 --prompt --extra-args="text console=tty0 console=ttyS0,115200" --nographics

It almost does work, but something has happened to my drives!

This ended my first evening of work on the project.  It was an absolute failure.  The only work that was done was to discover out what didn’t work. I again gave up trying to do the install from the console.

Day two was much better.  Most example you will see on the internet for virt-install use vnc to provide a virtual monitor’s view into the installation.  This is the approach I now recommend.

If you were trying to do this completely headless from a console, good luck to you :). For everyone else, break down and run the following:

yum install virt-viewer xauth

Do not forget xauth! Without it ssh -X to your sever will not work! You will look for a solution and will find that people recommend running ssh -Y instead. The real problem is that you are missing xauth. (Yes, this did cost me an hour.)

Now run virt-install and leave off the –nographics and console part


virt-install -v --connect qemu:///system -n vm26 -r 1024 --vcpus=2 --disk="path=/var/lib/libvirt/images/vm26.qcow2,size=25" --cdrom /var/lib/libvirt/images/SL-61-x86_64-2011-07-27-Install-DVD.iso --os-type linux --accelerate --network=bridge:br0 --prompt --vnc

All of the drives are accessible. Hmmmm. I’m guessing that it works because of… well, I don’t know. Perhaps is has something to do with the cdrom drive being defined differently. It doesn’t make sense to further peruse this when the vnc method works just fine.

Step 3: OS install

This is done as normal. There were no installation modifications.

Step 4: Enable a console (not required)

VNC and virt-viewer work just find. But, I was used to running virsh console to get a console on machine that is able to see the machine’s startup output. The method for this varies by OS. For Scientific Linux 6, I this to the end of the kernel parameter in /etc/grub.conf

text console=tty0 console=ttyS0,115200

In debian squeeze, this line was modified in /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet text console=tty0,115200"

After running update-grub, the console worked.  Day (or should I type “night”) 2 was over and I had a working web server.

A note about transient domains

Are you getting this error:

“internal error cannot set autostart for transient domain”

When a domain is created just by running virsh create ${domain}.xml the domain is considered transient. The biggest issue with this is that it cannot be set to autostart with virsh autostart ${domainname}. Ensure that if you would like a domain to autostart, and you already have the xml file, run these commands
virsh define ${domain}.xml
virsh autostart ${domainname}

Then, the domain will be autostarted on boot. Run virsh start ${domainname} to start it up manually. This was somewhat talked about in the official documentation, but the actual commands that make it happen are not listed.

A Note About Paravirtualization

The virtual network and disk can be paravirtualized.    This will result in increased performance.  I’m actually writing this so I know how this can be done in the future.  This is covered extensively in other places.

Here are the guides to help make this happen ( guide1, guide2).

Additional Resources

This is not a complete resource. I haven’t even mentioned firewalling or bridging. These topics are covered in other places on the web pretty throughly.

A great guide to get you started can be found here.
You will most likely have to play with the VM’s XML.  The details are here.
Another conversion document that I found helpful can be found here.
Debian images that can be used with KVM can be found here.

Tags: ,

My OLPC XO-1 is staring at me.   It is appealing to my creativity.  It wants to be utilized. The problem is that I just can’t find a use for it.

This is the second one that I had purchased.  I bought one way back in the days of the original give one get one campaign.  That was before everyone was introduced to the netbook craze.  It served me well while I owned it.  It re-introduced me to the original Sim City 🙂 .  But, I had a laptop so why did I need this other device that didn’t have 1/3 of the power my laptop did?  I sold it about a year after purchase.

The hardware is still the best cost to benefit ratio that exists.  There are no other devices that have the same level of versatility and build quality.  That’s why I’m so confounded by the fact that after selling my original XO-1, and buying another a year later, that I still haven’t found a good use for the thing.  At this point, all I’ve done is give someone a free laptop and make several small donations to eBay.

The intent of the re-purchase was to provide a bastion host to my home network.  The USB ports would provide ethernet (with an adapter), and a USB hub with some USB to serial adapters could transform it into a cheap console server.  The low power usage of the device would mean that running it 24/7 wouldn’t cost much.  The great battery life makes it act as though it has a built-in UPS.   It was perfect for that particular task. That was the plan, anyway.

The reality is that having a bastion host on my home network is overkill to the power of 17.  At the moment, my personal time allocation prohibits me from taking on tasks that are larger than overkill to the 15th.  It didn’t take me long to see that if I was going to alter my home network to add a bastion host, the path to the Internet for every other device would have to change as well.   It just didn’t seem worth the cost of admission.   This is doubly true when I already have a sweet router setup running OpenWRT (a post on that setup is in the works).

The latest builds of software for the XO-1 are great.  The best change is that the software is built from the Fedora base (currently, Fedora 14).  That doesn’t mean much if all you want to do is install the base set of software.  However, if, say, you wanted to install a Zabbix agent for monitoring or OpenVPN to turn it into a VPN server, you can.  The possibilities are quite large.

But, it is still sitting here; just staring at me.  Perhaps it would be put to good use as an education tool for someone not fortunate enough to own a computer…

Tags:

Alas, poor me. Given an IP address that may modify itself over time. A web address would have to be altered time and time again in order to point to my home server. Thankfully, there are sites that will host a domain name and accept updates when they are notified of IP address changes. This is commonly referred to as Dynamic DNS

There are dozens of Dynamic DNS services on the Internet. To pick the right one, I gathered some requirements of my own:

  • It must be supported by OpenWRT’s DNS scripts  (dyndns.org, changeip.com, zoneedit.com, no-ip.com, freedns.afraid.org)
  • It must be free to use (changeip is only commercial, so it is out)
  • It must be able to use domain that I have already registered instead of using their own domain names(down to zoneedit.com and freedns.afraid.org)

Right now, I am trying out both zoneedit.com and freedns.afraid.org.  Here are some pros and cons with each service.  Some of these detail were unexpected.  Hopefully, this will help others who are facing similar problems.

When a domain is put on freedns.afraid.org, other registered members of the service are free to create subdomains off of your domain.  This is nice for people who are doing the subdomains, but horrible if you are trying to keep any type of brand consistency for your domain.  Someone can take anything.yourdomain.com and put whatever they want there.  In order to hide the domain from other users, a fee of $5 monthly must be paid.

The part about freedns.afraid.org that came as a present surprise is the update URL.  It doesn’t contain the account’s password.  Instead, it has a unique key in it.  That way, if the key to perform an update is compromised, the worst that can happen is someone else points the domain to a different web site.  The account itself is safe.  The attacker doesn’t even know the account name.

Zoneedit.com allows for two free domains before they start to charge a nominal fee.  The domains are yours and other users can’t create subdomains off of them.

The update URL for zoneedit.com contains the user name and password for the account.  Anyone listening to the traffic on the account can compromise the entire account.

Both services update the DNS record quickly after a change IP request is sent.

Both services have somewhat dated web pages.  The slight edge goes to freedns.afraid.org just because of how simple it is.

After all of that, it looks like zoneedit.com is the winner.  I don’t like my password existing in clear text anywhere; however, the traffic can be sent via SSL to protect it from simple traffic sniffing attacks.

Allowing other users create subdomains off of one of my domains does not appeal to me at all.  That is the only issue that disqualifies freedns.afraid.org.  It is otherwise a great service.

If there is something that you would like me to try out, or if there is another service that I missed, please drop me a comment.

Tags: , ,