Archive March 2010
How to Setup KVM on Ubuntu Lucid
More than a year ago I wrote an article about Xen on Ubuntu Intrepid with the intention of blaming Ubuntu. I also clearly said, that I wouldn’t use Ubuntu anymore. This article turned out to be the most hit one on my blog. Maybe because the Ubuntu community directly links to it. Then, last Summer I wrote an article about alternatives to Xen, but I decided to wait and stay with Xen on my homeserver in the meantime. (Please keep in mind, all I use this for is for my private setups!). Last week I upgraded my Server’s hardware and also wanted to re-install it.
Xen still hasn’t made it into vanilla Kernel, it might make it into 2.6.34 or .35, but even if it does, I think it’s not even going to be close to being production ready. Plus most distributions release their next version in the next weeks/months and are already frozen, so they definitely will not ship with Xen. Well, the only real alternative is KVM. I didn’t like the idea of using KVM for a long time, but since almost every distribution now features KVM as their virtualization technique, I went with it. I also went with Ubuntu again (yeah blame me!). Why? Because their next release has long-term support, and I won’t have the time to upgrade it in the next 12-18 months. And what shall I say… I like it. Installation was kinda tricky on a software Raid0, but I was installing a development release, 1 week before the first Beta… and in the end it did work.
The server runs KVM now and it runs fast and stable. I have 4 virtual machines on it now. Installation of the guests using virt-installer and/or ubuntu-vm-builder was much easier and ended up with working VMs out of the box, whereas xen-create-image ended up with an unusable image on Intrepid, because the default console never showed up without tweaks. libvirt is also nice if you need it, but I really want to point out, that you can run KVM without libvirt just with the ‘kvm’ command!
I tagged this article ‘How-To’, but there are already many good KVM guides out there so I won’t write yet another one. I’ll just post a few hints to get KVM running with a bridged networking using libvirt.
First of all I removed /etc/libvirt/qemu/networks/default.xml to disable the dnsmasq features of libvirt. Then I created an LVM volume group where I wanted to place my machines at, but you can also use simple images on your filesystem. The next thing I did was setting up a bridge in /etc/network/interfaces:
auto br1
iface br1 inet dhcp
bridge_ports eth1
bridge_stp off
bridge_fd 0
bridge_maxwait 0
You can now simply create your virtual machine with this command:
virt-install -n $hostname -r 512 -c /home/shared/apps/os/ubuntu/lucid-server-amd64.iso --disk path=/dev/virtdisks/bender --network bridge=br1 --vnc --vnclisten=0.0.0.0 --noautoconsole --os-type linux --os-variant ubuntuLucid --accelerate
Now connect to your host using VNC and install as usual. Another way is to use ‘ubuntu-vm-builder’, but I simply didn’t try… Make sure you limit VNC access to localhost in /etc/libvirt/qemu/$hostname.xml after installation if your network is unsecure.
To make your domain autostart on boot use:
virsh autostart $hostname
This will copy the appropriate xml configuration file to /etc/libvirt/qemu/autostart/.
It’s as simple as that. Way easier than patching a kernel for Xen and all these things. I would have really loved to see Xen in vanilla Kernel a year ago or so, but it didn’t happen and KVM works well enough for me by now… plus you have the benefit of a working power-management.
Take care.
How to OpenVPN on OpenBSD as Layer2 VPN
Getting OpenVPN running on a recent OpenBSD pretty simple. I run OpenVPN 2.1 on OpenBSD-current as of 2010/03/10 (almost 4.7) with PSK as a layer2 VPN. Layer2 because I have some zeroconf/bonjour stuff running at my LAN and I want to connect to my iTunes shares through the VPN. I’ll make it very short: Install OpenVPN from packages (or ports if you want to), configure a bridge, create a PSK and create a simple config file.
pkg_add http://ftp.openbsd.org/pub/OpenBSD/4.7/packages/amd64/openvpn-2.1.0.tgz ifconfig tun0 create ifconfig bridge0 create add fxp0 tun0 openvpn --genkey --secret /etc/openvpn/server.key
Paste this to /etc/openvpn/server.conf:
proto tcp-server port 1194 dev tun0 dev-type tap secret /etc/openvpn/server.key push "route 10.1.0.0 255.255.0.0 10.1.16.1" persist-key persist-tun ping-timer-rem keepalive 10 60 user _openvpn group _openvpn
To make OpenVPN start on boot create /etc/hostname.bridge0 with:
add fxp0 add tun0 up
And /etc/hostname.tun0 with: (I had to set link0 to get it working)
up link0 !/usr/local/sbin/openvpn --daemon --config /etc/openvpn/server.conf
That’s it. You can reboot to test if it’s working or just run OpenVPN with
/usr/local/sbin/openvpn --daemon --config /etc/openvpn/server.conf
A simple client configuration would look like:
proto tcp-client dev tap remote you.example.org 1194 secret ./your.key persist-key persist-tun ping-timer-rem keepalive 10 60
Hint: Use DynDNS or something similar to use OpenVPN with a dynamically assigned IP-Address.
How to Setup Ubuntu Lucid as a TimeMachine Server
I think starting with Lucid, Ubuntu ships netatalk 2.0.5 which makes setting up Linux as a TimeMachine server much easier. You no longer have to compile on you own nor do you have to create the sparsebundle.
Just install netatalk and avahi-daemon if you want to, add options:tm to AppleVolumes.default and you’re done.
aptitude install netatalk echo /home/shared/timemachine "TM" options:tm >> /etc/netatalk/AppleVolumes.default
If you want the service to be advertised on your LAN also install avahi-daemon and create /etc/avahi/services/afpd.service with this content:
<?xml version="1.0" standalone='no'?><!--*-nxml-*--> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name replace-wildcards="yes">%h</name> <service> <type>_afpovertcp._tcp</type> <port>548</port> </service> </service-group>
Now you have to point TimeMachine to the TM share and that’s it. As long as you have a server with enough free space running at you LAN that saved you a lot of bucks compared to buying a TimeCapsule.
OpenBSD on the Intel D410PT
Recently my gateway died. I not even had to replace the cf-card, but the entire unit. The old Intel D945GCLF2 just was unstable after the outtage. Last year Intel came up with some nicer layouts of their Atom boards and they now have totally fanless and pretty green devices. I bought the Intel D410PT because it’s cheap (around 60€), fanless and doesn’t need much energy.
Assembled with PicoPSU-90, 1Gb of DDR2-800 RAM, a CF-to-SATA adapter, a 4Gb SanDisk UltraII and a dual-port Intel FastE nic, I installed OpenBSD-current as of 2010/03/09 (aka 4.7) to it.
To cool this thing I added two 40mm fans to the right of the board, cooling the PSU and the chipsets.
Sensors:
hw.machine=amd64 hw.model=Intel(R) Atom(TM) CPU D410 @ 1.66GHz hw.ncpu=2 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=sd0 hw.diskcount=1 hw.sensors.cpu0.temp0=57.00 degC hw.sensors.cpu1.temp0=57.00 degC hw.sensors.lm1.temp0=42.00 degC hw.sensors.lm1.temp1=48.00 degC hw.sensors.lm1.fan0=1687 RPM hw.sensors.lm1.volt0=1.17 VDC (VCore) hw.sensors.lm1.volt1=3.95 VDC (+12V) hw.sensors.lm1.volt2=1.92 VDC (+3.3V) hw.sensors.lm1.volt3=5.04 VDC (+5V) hw.sensors.lm1.volt4=2.45 VDC (-12V) hw.sensors.lm1.volt5=5.07 VDC (5VSB) hw.sensors.lm1.volt6=0.05 VDC (VBAT) hw.cpuspeed=1666 hw.vendor=Intel Corporation hw.product=D410PT hw.uuid=c197189c-d5c3-11de-914c-000000000000 hw.physmem=1054441472 hw.usermem=1054363648 hw.ncpufound=2
Dmesg:
OpenBSD 4.7 (GENERIC.MP) #128: Tue Mar 9 09:54:33 MST 2010
deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1054441472 (1005MB)
avail mem = 1014898688 (967MB)
RTC BIOS diagnostic error 80<clock_battery>
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe0100 (24 entries)
bios0: vendor Intel Corp. version "MOPNV10N.86A.0159.2010.0104.1040" date 01/04/2010
bios0: Intel Corporation D410PT
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC MCFG HPET SSDT
acpi0: wakeup devices SLPB(S4) PS2M(S4) PS2K(S4) UAR1(S4) UAR2(S4) P32_(S4) ILAN(S4) PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) EHCI(S3) AZAL(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU D410 @ 1.66GHz, 1666.99 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR,NXE,LONG
cpu0: 512KB 64b/line 8-way L2 cache
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Atom(TM) CPU D410 @ 1.66GHz, 1666.69 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR,NXE,LONG
cpu1: 512KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 8 pa 0xfec00000, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 5 (P32_)
acpiprt1 at acpi0: bus 0 (PCI0)
acpiprt2 at acpi0: bus 1 (PEX0)
acpiprt3 at acpi0: bus 2 (PEX1)
acpiprt4 at acpi0: bus 3 (PEX2)
acpiprt5 at acpi0: bus 4 (PEX3)
acpicpu0 at acpi0: C1, PSS
acpicpu1 at acpi0: C1, PSS
acpibtn0 at acpi0: SLPB
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI Bridge" rev 0x00
vga1 at pci0 dev 2 function 0 "Intel Pineview Integrated Graphics Controller" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp at vga1 not configured
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: apic 8 int 17 (irq 255)
pci1 at ppb0 bus 1
re0 at pci1 dev 0 function 0 "Realtek 8101E" rev 0x02: RTL8102EL (0x2480), apic 8 int 16 (irq 11), address 00:27:0e:05:12:ca
rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x01: apic 8 int 16 (irq 255)
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x01: apic 8 int 18 (irq 255)
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x01: apic 8 int 19 (irq 255)
pci4 at ppb3 bus 4
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 8 int 23 (irq 9)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 8 int 19 (irq 10)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 8 int 18 (irq 11)
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 8 int 16 (irq 11)
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 8 int 23 (irq 9)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe1
pci5 at ppb4 bus 5
ppb5 at pci5 dev 0 function 0 "DEC 21154 PCI-PCI" rev 0x02
pci6 at ppb5 bus 6
fxp0 at pci6 dev 4 function 0 "Intel 8255x" rev 0x05, i82558: apic 8 int 21 (irq 9), address 00:50:8b:95:a4:d2
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
fxp1 at pci6 dev 5 function 0 "Intel 8255x" rev 0x05, i82558: apic 8 int 22 (irq 10), address 00:50:8b:95:a4:d3
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 0
pcib0 at pci0 dev 31 function 0 "Intel Tigerpoint LPC Controller" rev 0x01
ahci0 at pci0 dev 31 function 2 "Intel 82801GR AHCI" rev 0x01: apic 8 int 19 (irq 10), AHCI 1.1
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0: <ATA, SanDisk SDCFH2-0, HDX> SCSI3 0/direct fixed
sd0: 3919MB, 512 bytes/sec, 8027712 sec total
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: apic 8 int 19 (irq 10)
iic0 at ichiic0
spdmem0 at iic0 addr 0x51: 1GB DDR2 SDRAM non-parity PC2-6400CL5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
wbsio0 at isa0 port 0x4e/2: W83627THF rev 0x84
lm1 at wbsio0 port 0x290/8: W83627THF
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
root on sd0a swap on sd0b dump on sd0b
My blogging ideas for the next weeks…
Search Engine Optimization (SEO) is one of the biggest buzzwords when it comes to blogs or websites at all. I’m not a SEO guru and so this blog sadly doesn’t get many hits for my travel or photography articles (in fact it’s just 15% of total hits), but my geeky topics are what gets me many readers. For example: My Article about Xen on Ubuntu Intrepid gets about 150 hits per day. Having mostly technical readers isn’t a bad thing at all, but I didn’t post many technical articles this year and since I currently have many issues with my computers, I decided to post some of the interesting stuff to this blog in the next few weeks. My goal is to get more total readers, which might then also read my travel and photography articles. Some posts I have in mind are:
- OpenBSD on the Intel D410PT
- OpenVPN as a Layer2 VPN on OpenBSD
- Nginx performance as a reverse-proxy on OpenBSD
- Goodbye Xen, Hello KVM
- Fast MacOS X remote desktop (without VNC)
- Ubuntu Lucid as a TimeMachine server for MacOS X
Take care.
I am Nikon TV Spot with Robbie Williams
I really like this new TV spot! Very emotional. Different camera types for different purposes – I think Nikon did a great job with this ad.
Spring Cleaning Time for my Setup
Last month really was a bad month for my IT. In just two weeks, my gateways CF card died, my server’s PSU and HDD died and my main switch now has 4 of it’s 8 ports failing so I finally had to send it in for service. I had no Internet, I had no eMail, no Intranet and no VPN, but at least I had backups of my personal stuff!
The one good thing about all that is that I now had time to re-organize everything. A few years ago I was very paranoid and decided to put everything I need on my LAN. Storage, eMail servers, Bookmark synchronization, Calendars, Contacts and so on. To get that but still keep my LAN secure I used SSH tunnels, reverse proxies, virtual machines, subnet and vlan separation… My LAN consists of many single points of failure: A single Internet uplink, a single gateway, a single switch and a single server. Internet uplinks can go down, gateways can fail, switches can fail, servers can fail… all this leads to SSH tunnels going down which leads to services being unreachable even when the rest is back up.
Today I’m no longer that paranoid. I learned a lot and now decided to outsource the important stuff. I needed a solution suitable for a poor man which means I can’t afford redundant dedicated servers or even co-locations.
I already got to work with Google Apps and so I decided to mix it with shared-hostings and someself-hosting.
I’m mostly back up. My gateway is re-installed, serving me Internet access, firewalling, VPN and a reverse-proxy.
Sometime next week I’ll restore my Server to serve Files and the Intranet website, Databases and an internal Mail-relay, do backups and some other things using KVM instead of Xen (more on that to come!).
What do I want to tell you with all that? Be prepared. Have backups. Keep it simple.
Stay tuned. Some new tutorials and ideas about VPNs, certificates and my new little love nginx will follow.
Chris’ World Reloaded
Hey folks! Welcome to my new Blog.
Why the redesign? Well… during new year I thought to myself: “Damn, your blog looks crappy! 
And here we are now. This is the third revision of Chris’ World. Last month I put almost every free minute into the redesign of this blog. Why did it take so long? First of all, because very strange things happened with my computers & infrastructure and I had to put a lot of time to get this back working first. (More about that in the next post)
Then I encountered so many problems with WordPress, that I almost gave up the ghost! There were issues with my CSS customizations, the contact form didn’t send anything, the embedded videos were all gone and my articles were all bold so I had to review every single post because of the theme change. All in all it was a heck of work. From now on I’ll try to give my posts a cleaner structure and I won’t use the Visual editor in WP anymore, just causes too much hassle. But now it’s done and I’m happy it is.
Here’s what’s new:
- Page should now be W3 conform
- New Contact Page
- New Travel Page with interactive map
- Some other new pages and minor changes
- Advertisings (Sorry for that)
While I was reviewing all the posts I found it rather funny how I evolved. I was about to delete some of my very first posts in this blog, but then decided to keep them for archival reasons.
That’s it for today. Stay tuned and check back soon.
Ahh wait… in loving memory to the old layout: (Just kidding)
Search this Site
Hi, my name is Chris. I am a wannabe photog, traveler & geek that lives in Hesse, Germany. more about me...
follow me on TwitterMy flickr Fotos
Sponsoring
