CentOS 5.5 + Open nebula

Posted on by

I recently had to install Open Nebula and use CentOS 5.5 as a host machine.

CentOS is quite old, and it made difficult the kvm setup. There are no such issues with CentOS 6. To make it work with Open Nebula (very nice cloud manager), here what I had to do:

  • Update kernel to latest release. KVM will not work correctly with old versions, and make sure to load kvm and kvm_intel (or amd) in the modules (you can check with modls, and add them with mod_probe
  • If kvm_intel fails to install, even after kernel upgrade, it could be related to multiple kernel instances still on the system. Check the path in the error message. If it shows a path to an older kernel release, uninstall packages of older kernels, then reinstall modules with modprobe. A reboot does not hurt…
  • Symlink /usr/libexec/qemu-kvm binary to /usr/bin/kvm
  • Configure KVM,… (qemu install, bridge setup etc…)
Regarding Open Nebula:
  • Add oneadmin to the kvm group
  • CentOS 5.5 does not provide setcap feature (package libcap2) to change capabilities for programs. As Open Nebula does not run as root by default (and this is better this way), the oneadmin user need to be able to modify a bridge (add a tap in bridge). To do so, he needs the net_cap capability on kvm. As it is available from CentOS 6 only, oneadmin must run the commands with root priviledges. To so so, add oneadmin to sudoers with no password.
  • In Open Nebula remote scripts (those installed on remote servers), update the commands in function exec_and_log (common scripts) as well as in deploy script, to add a sudo in front of the command.

 

 

Error: some host already uses address

Posted on by

I recently faced issues setting up a static ip address on CentOS in a private cloud. At boot time, I set up the Ethernet config with a static address but, at the time of the ifup command, I faced the error:

Error: some host already uses address xx.xx.xx.xx

My interface was up, but no ip address binded.

However this address was available….

After some Internet search I found this was due to arp stuff but could not find the real issue behind this. The strange thing is I got no issue with a Debian host using this address with the same kind of config.

While I could not fully understand what is going on, I could fix the problem with the following:

ifdown eth0
ifconfig eth0 -arp
ifup eth0

And the error disappeared….and my interface was correctly up.

As I said ealier, this does not explain what is going on. To help in your search, you may want to use arping:

arping xx.xx.xx.xx (ip address or mac address).

You should have only one answer. If you have multiple ones, an arp cache or a server may be wrong. My last issue was due to an ARP proxy (which should not have proxied). arping showed me my server and the proxy both answering to the request.

The arp command on a server will show the local arp cache (or arp my_ip_address).

 

How to filter a file content in bash/awk

Posted on by

When you need to filter the content of a file to keep only some pattern matching lines, one can use awk to do so:

awk  '/mypattern/ { print $0; }' myinputfile > myoutputfile

mypattern is a regular expression.
The output file will contain only the lines matching the pattern.

To search lines starting with Jane one can use:
awk  '/^Jane/ { print $0; }' myinputfile > myoutputfile

It is also possible to use environment variables:

export NAME=Jane
awk  '/^'$NAME'/ { print $0; }' myinputfile > myoutputfile

How to enable device mapper

Posted on by

Though a quick and easy task, error message on enabling device mapper did not help a lot when I faced it.
This looked like:

/proc/misc: No entry for device-mapper found
Failure to communicate with kernel device-mapper driver.
Check that device-mapper is available in the kernel.
device mapper prerequisites not met

Device mapper is available with Linux 2.6 kernels. It is used by many tools like LVM, grml-debootstrap and others.
To get more info on what is device mapper , one can look at Wikipedia

To enable the module:


modprobe dm-mod

Enable IP Forwarding to act as a Gateway on Debian

Posted on by

Set a Debian server to act as an IP gateway

Intro

It is possible to configure a server to act as an IP gateway to offer internet access to other servers. Those servers should declare your gateway server as a gateway in their route.
You can check the routes with the route command:

myserver#route
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth1
default mygateway.local 0.0.0.0 UG 0 0 0 eth1

Here, my gateway is the mygateway server.
To modify or add a route, see the route Linux man page.

On your gateway server, you should:

  • check your internet access (at least this server should have remote access)
  • set IP Forwarding (see next chapter)
  • you should also check your iptables rules, if any, to allow incoming traffic from other servers.

Enable IP Forwarding on the fly

As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly (without rebooting the system):

sysctl -w net.ipv4.ip_forward=1

or

echo 1 > /proc/sys/net/ipv4/ip_forward

the setting is changed instantly; the result will not be preserved after rebooting the system.

Permanent setting using /etc/sysctl.conf

If we want to make this configuration permanent the best way to do it is using the file/etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1

/etc/sysctl.conf: net.ipv4.ip_forward = 1

if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.

To enable the changes made in sysctl.conf you will need to run the command:

service networking restart

IP Forwarding instructions above kindly copied from: http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/

IP Forwarding on the same subnet

If the gateway have to relay traffic on the same subnet, then iptables must be used with masquerade (NAT) in addition to setting ip forwarding.
One can have a look at http://debianclusters.org/index.php/NAT_with_IPTables

setup of ldap login on Debian

Posted on by

To log with a remote LDAP, the server needs some packages:

apt-get install libpam-ldap libnss-ldap nscd

Then update the nsswitch.conf file and replace compat by files ldap
In vi, one can use

:g/compat/s//files ldap/g

Restart nscd service:

service nscd restart

Depending on remote LDAP, it may be needed to use host instead of uri ldap:// in /etc/pam_ldap.conf and /etc/libnss-ldap.conf .
I experienced errors with SUN Directory server with the ldap://.

That’s it, ldap access should work. You can test with:

id MYUSER

setup of KVM on Debian with a bridged network interface

Posted on by

This tutorial shows how to setup KVM on Debian and how to create a bridged ethernet interface, needed by the virtual machines to access the network.

Some commands/packages are not required specifically by KVM but usefull for setup and other tools.

1. Package installation:


apt-get install nfs-common
apt-get install kvm
apt-get install libvirt-bin
apt-get install libcap2-bin
apt-get install ruby
apt-get install virt-manager

If a specific user need access to CAP/KVM capabilities (open nebula user for example), add it to the security configuration,
in /etc/security/capability.conf add:

cap_net_admin MYUSER

Then add the user to the specific groups:

usermod -a -G libvirt MYUSER
usermod -a -G kvm MYUSER

Add modules:


setcap cap_net_admin=ei /usr/bin/qemu-system-x86_64
modprobe kvm
modprobe kvm-intel

2. Network bridge:

To create the bridge edit your network configuration file /etc/network/interfaces and replace/update parameters with your own network. A br0 interface, our bridge, is defined as the main interface, with bridge specific parameters. eth0 is added to the bridge.

auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.1.147
dns-search my.domain
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0

 

Restart the network with:

service networking restart

Your virtual machines should have access to the network via the br0 bridge after that.

Nice doc at http://wiki.debian.org/KVM