Setting up the Host Environment
Currently, only dashboard13 has been setup has a VM host. SLC5 has been installed there as well as version 3.2.6 of VirtualBox, our virtualization software. (More info on VirtualBox can be found here
.) This was the only combination of OS - VM, that worked well for us.
The procedure to set up a host is roughly the following: - Install VirtualBox (http://www.virtualbox.org/wiki/Downloads) on the host machine
- Register the virtual machines on LANDB (http://network.cern.ch). If the host is in your office, you can register the machines as normal machines. If the host is in the computing center, you have to ask the network people to register them as interfaces (see https://network.cern.ch/sc/fcgi/sc.fcgi?Action=SearchForDisplay&DeviceName=dashboard13)
- Enable traffic forwarding by setting the following line in
/etc/sysctl.confand restarting the network (service network restart)
# Controls IP packet forwarding net.ipv4.ip_forward = 1
- Reroute the traffic. Again, if the host is in your office, this might work out of the box. Otherwise, you might have to setup a local network between the host and the virtual nodes. This is an example for the six virtual machines that we setup in dashboard13
echo 1 > /proc/sys/net/ipv4/ip_forward PUBLICIP="128.142.195.58 128.142.195.59 128.142.195.60 128.142.195.61 128.142.195.62 128.142.195.63" PRIVATEIP="192.168.56.107 192.168.56.108 192.168.56.109 192.168.56.110 192.168.56.111 192.168.56.112" iptables -P FORWARD ACCEPT iptables -t nat -F for public in $PUBLICIP; do set -- $PRIVATEIP private=$1 shift PRIVATEIP="$*" echo "MAPPING $public to $private" iptables -t nat -A PREROUTING -i eth0 -d $public -j DNAT --to-destination $private iptables -t nat -A POSTROUTING -s $private -j MASQUERADE done exit
Setting up a Virtual Machine
- First things first, VirtualBox keeps disk images in the user's home directory — on
dashboard13, we use the userdboard— so make sure you are logged in as the correct user. - In
dashboard13there is a template disk image, scl5-dashboard.vdi, with SCL5 and some software installed and pointers to useful software repositories (dashboard included), that you can just replicate usingVBoxManage clonehd slc5.vdi <new machine>.vdi - If you don't have access it you'll have to create a new VM, create a new disk when prompted and install SLC yourself
- Type
VirtualBoxto acces the management UI and start the wizard to add a new VM. - Follow the steps, making sure that you set the right RAM size (2048 MB is our standard), and that you select the disk you just cloned. You'll notice that your newly replicated disk cannot be selected — first you need to tell VirtualBox about it. Just press the button next to the list of available disks to go to the dialog where you can add disks.
- Finish the wizard, but don't start the VM yet.
- In the VM properties, select the network settings and then set 'Attached to' to 'Host-only adapter'.
- Boot the machine using the UI, go to single mode (interrupt booting process pressing , then press 'a' to specify kernel parameters and add "single") and set the root password (passwd command)
- Edit the network configuration:
-
/etc/sysconfig/network:# set the hostname and the gateway HOSTNAME=<the hostname> GATEWAY=192.168.56.1
-
/etc/sysconfig/network-scripts/ifcfg-eth0# change the BOOTPROTO; set the ipaddr; set the netmask BOOTPROTO=none IPADDR=<ip-addr -- check the host's nat iptable> NETMASK=255.255.255.0
-
- Restart the network (
service network restart) and check for connectivity, both from the VM to the outside and vice-versa. - Edit NFS configuration, most probably it shuld be
dashboard14:/data/shared /nfs nfs ro 0 0
:-
mkdir /nfs -
vim /etc/fstab# add this line at the end of file <nfs-master>:<shared-folder> /nfs nfs ro 0 0
-
- Shutdown the VM
- Start the VM from the command line with
VBoxManage startvm --type headless <vm name>.
Adding Outside Access to a Virtual Machine
Due to security concerns, the VMs are not accessible outside the CERN network. To log in to a VM from the internet, you must uselxplus as an intermediate step. To provide access to your services on a virtual machine, you can set up a proxy on the VM host to reroute the traffic to the VM. - Add a DNS alias to your service to the VM host.
- Make sure the host supports Virtual Hosts — in
/etc/httpd/conf/httpd.confthe following line must be uncommented:NameVirtualHost *:80
- Set up a reverse proxy with your DNS alias to the VM, by creating a
.conffile in /etc/httpd/conf.d/.<VirtualHost *:80> ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://<VM IP>/ ProxyPassReverse / http://<VM IP>/ ServerName <DNS Alias>.cern.ch ServerAlias <DNS Alias> RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] </VirtualHost>
- SSL is not supported by the procedure above (need to have a look into it.)
- There can be only one service/alias per VM: The proxy has to address the VMs by ip and so you cannot setup virtual hosts in the VMs
- When an apache server receives a request for a virtual server it doesn't know it defaults to handle it with the first
<VirtualHost>clause it processed. To see which one is the default virtual server (and which virtual servers are currently defined) you can use[root@dashboard13 conf.d]# httpd -S VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: _default_:443 dashboard13.cern.ch (/etc/httpd/conf.d/ssl.conf:81) *:80 is a NameVirtualHost default server dashboard13.cern.ch (/etc/httpd/conf.d/dashboard.conf:1) port 80 namevhost dashboard13.cern.ch (/etc/httpd/conf.d/dashboard.conf:1) port 80 namevhost dashb-cms-jobsmry-test.cern.ch (/etc/httpd/conf.d/proxy_dashb-cms-jobsmry-test.conf:1) Syntax OK
Backing up and Restoring a Virtual Machine
VBoxManage snapshot - This command is used to control snapshots from the command line. A snapshot consists of a complete copy of the virtual machine settings, copied at the time when the snapshot was taken, and optionally a virtual machine saved state file if the snapshot was taken while the machine was running. To create a new snapshot, log in as 'dboard' user and run the following command:VBoxManage snapshot dashb-virtualXY take snapshot_nameWhere
'dashb-virtualXY'is the name of your virtual machine and
'snapshot_name'is any specified name for the snapshot. To restore a snapshot, log in as 'dboard' user and run the following command:
VBoxManage snapshot dashb-virtualXY restore snapshot_nameNote: You can take a snapshot at any time, even when the virtual machine is up and running, which is really convenient but you need to poweroff the machine first in order to restore it. -- EdwardKaravakis - 15-Nov-2010
- ArdaGrid Web
- ArdaGrid Web Home
- Changes
- Index
- Search
- ABATBEA
- ACPP
- ADCgroup
- AEGIS
- AfricaMap
- AgileInfrastructure
- ALICE
- AliceEbyE
- AliceSPD
- AliceSSD
- AliceTOF
- AliFemto
- ALPHA
- Altair
- ArdaGrid
- ASACUSA
- AthenaFCalTBAna
- Atlas
- AtlasLBNL
- AXIALPET
- CAE
- CALICE
- CDS
- CENF
- CERNSearch
- CLIC
- Cloud
- CloudServices
- CMS
- Controls
- CTA
- CvmFS
- DB
- DefaultWeb
- DESgroup
- DPHEP
- DM-LHC
- DSSGroup
- EGEE
- EgeePtf
- ELFms
- EMI
- ETICS
- FIOgroup
- FlukaTeam
- Frontier
- Gaudi
- GeneratorServices
- GuidesInfo
- HardwareLabs
- HCC
- HEPIX
- ILCBDSColl
- ILCTPC
- IMWG
- Inspire
- IPv6
- IT
- ItCommTeam
- ITCoord
- ITdeptTechForum
- ITDRP
- ITGT
- ITSDC
- LAr
- LCG
- LCGAAWorkbook
- Leade
- LHCAccess
- LHCAtHome
- LHCb
- LHCgas
- LHCONE
- LHCOPN
- LinuxSupport
- Main
- Medipix
- Messaging
- MPGD
- NA49
- NA61
- NA62
- NTOF
- Openlab
- PDBService
- Persistency
- PESgroup
- Plugins
- PSAccess
- PSBUpgrade
- R2Eproject
- RCTF
- RD42
- RFCond12
- RFLowLevel
- ROXIE
- Sandbox
- SocialActivities
- SPI
- SRMDev
- SSM
- Student
- SuperComputing
- Support
- SwfCatalogue
- TMVA
- TOTEM
- TWiki
- UNOSAT
- Virtualization
- VOBox
- WITCH
- XTCA
 |
|
Copyright &© 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback