Setting up the Host Environment

Currently, only dashboard13 has been setup has a VM host. SLC5 has been installed there as well as version 3.2.6 of VirtualBox, our virtualization software. (More info on VirtualBox can be found here.) This was the only combination of OS - VM, that worked well for us.

The procedure to set up a host is roughly the following:

# Controls IP packet forwarding
net.ipv4.ip_forward = 1
  • Reroute the traffic. Again, if the host is in your office, this might work out of the box. Otherwise, you might have to setup a local network between the host and the virtual nodes. This is an example for the six virtual machines that we setup in dashboard13
echo 1 > /proc/sys/net/ipv4/ip_forward


iptables -t nat -F

for public in $PUBLICIP;
  set -- $PRIVATEIP

  echo "MAPPING $public to $private"
  iptables -t nat -A PREROUTING -i eth0 -d $public -j DNAT --to-destination $private
  iptables -t nat -A POSTROUTING -s $private -j MASQUERADE


Setting up a Virtual Machine

  • First things first, VirtualBox keeps disk images in the user's home directory — on dashboard13, we use the user dboard — so make sure you are logged in as the correct user.
  • In dashboard13 there is a template disk image, scl5-dashboard.vdi, with SCL5 and some software installed and pointers to useful software repositories (dashboard included), that you can just replicate using VBoxManage clonehd slc5.vdi  <new machine>.vdi
  • If you don't have access it you'll have to create a new VM, create a new disk when prompted and install SLC yourself
  • Type VirtualBox to acces the management UI and start the wizard to add a new VM.
  • Follow the steps, making sure that you set the right RAM size (2048 MB is our standard), and that you select the disk you just cloned. You'll notice that your newly replicated disk cannot be selected — first you need to tell VirtualBox about it. Just press the button next to the list of available disks to go to the dialog where you can add disks.
  • Finish the wizard, but don't start the VM yet.
  • In the VM properties, select the network settings and then set 'Attached to' to 'Host-only adapter'.
  • Boot the machine using the UI, go to single mode (interrupt booting process pressing , then press 'a' to specify kernel parameters and add "single") and set the root password (passwd command)
  • Edit the network configuration:
    1. /etc/sysconfig/network:
      # set the hostname and the gateway
      HOSTNAME=<the hostname>
    2. /etc/sysconfig/network-scripts/ifcfg-eth0
      # change the BOOTPROTO; set the ipaddr; set the netmask
      IPADDR=<ip-addr -- check the host's nat iptable>
  • Restart the network (service network restart) and check for connectivity, both from the VM to the outside and vice-versa.
  • Edit NFS configuration, most probably it shuld be
    dashboard14:/data/shared /nfs nfs ro 0 0
    1. mkdir /nfs
    2. vim /etc/fstab
      # add this line at the end of file
      <nfs-master>:<shared-folder> /nfs nfs ro 0 0
  • Shutdown the VM
  • Start the VM from the command line with VBoxManage startvm --type headless <vm name>.

Adding Outside Access to a Virtual Machine

Due to security concerns, the VMs are not accessible outside the CERN network. To log in to a VM from the internet, you must use lxplus as an intermediate step. To provide access to your services on a virtual machine, you can set up a proxy on the VM host to reroute the traffic to the VM.

  • Add a DNS alias to your service to the VM host.
  • Make sure the host supports Virtual Hosts — in /etc/httpd/conf/httpd.conf the following line must be uncommented:
    NameVirtualHost *:80
  • Set up a reverse proxy with your DNS alias to the VM, by creating a .conf file in /etc/httpd/conf.d/.
    <VirtualHost *:80>
        ProxyRequests Off
        <Proxy *>
          Order deny,allow
          Allow from all
        ProxyPass / http://<VM IP>/
        ProxyPassReverse / http://<VM IP>/
        ServerName <DNS Alias>
        ServerAlias <DNS Alias>
        RewriteEngine on
        RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
        RewriteRule .* - [F]

A few notes:

  • SSL is not supported by the procedure above (need to have a look into it.)
  • There can be only one service/alias per VM: The proxy has to address the VMs by ip and so you cannot setup virtual hosts in the VMs
  • When an apache server receives a request for a virtual server it doesn't know it defaults to handle it with the first <VirtualHost> clause it processed. To see which one is the default virtual server (and which virtual servers are currently defined) you can use
    [root@dashboard13 conf.d]# httpd -S
    VirtualHost configuration:
    wildcard NameVirtualHosts and _default_ servers:
    _default_:443 (/etc/httpd/conf.d/ssl.conf:81)
    *:80                   is a NameVirtualHost
            default server (/etc/httpd/conf.d/dashboard.conf:1)
            port 80 namevhost (/etc/httpd/conf.d/dashboard.conf:1)
            port 80 namevhost (/etc/httpd/conf.d/proxy_dashb-cms-jobsmry-test.conf:1)
    Syntax OK
-- MarcoDevesasCampos - 27-Jul-2010

Backing up and Restoring a Virtual Machine

VBoxManage snapshot - This command is used to control snapshots from the command line. A snapshot consists of a complete copy of the virtual machine settings, copied at the time when the snapshot was taken, and optionally a virtual machine saved state file if the snapshot was taken while the machine was running.

To create a new snapshot, log in as 'dboard' user and run the following command:

VBoxManage snapshot dashb-virtualXY take snapshot_name
is the name of your virtual machine and
is any specified name for the snapshot.

To restore a snapshot, log in as 'dboard' user and run the following command:

VBoxManage snapshot dashb-virtualXY restore snapshot_name
Note: You can take a snapshot at any time, even when the virtual machine is up and running, which is really convenient but you need to poweroff the machine first in order to restore it.

-- EdwardKaravakis - 15-Nov-2010

Edit | Attach | Watch | Print version | History: r10 < r9 < r8 < r7 < r6 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r10 - 2010-12-03 - unknown
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    ArdaGrid All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback