Re: [CentOS-virt] Script for making a KVM VM from a kickstart

[Nico Kadel-Garcia]

On Sat, Jan 15, 2022 at 6:30 PM Wynona Stacy Lockwood
 wrote:
>
> I am very interested. Something like this in EPEL or even just a repo 
> somewhere would be awesome!

If it's a script, in the short term, perhaps https://gist.github.com/
would be a good place to start.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Centos + VM + public ip

[Nico Kadel-Garcia]

On Mon, Sep 7, 2020 at 12:24 PM Yoram Halberstam
 wrote:
>
> Hi,
>
> I've got a dedicated server with OVH and I'd like to host a public VM. I'd 
> like Centos OS 7 or 8, I installed KVM already, I got the VM and bought the 
> IP and created a virtual mac id. I know I have to bridge it somehow but I 
> can't seem to find a proper tutorial. Do you know where to start?

Don't  you need to talk to OVH about this? I know how I'd do it in my
own network setups, or AWS, or Google, but I'm sure these folks have
their own tools.

It's not an OS problem, it's a classic IT problem. Just the sort of
thing that DevOps would set up standards and basic practices for.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] AMI for CentOS 8 and 7.7

[Nico Kadel-Garcia]

On Thu, Oct 3, 2019 at 5:02 AM Nils Meyer  wrote:
>
> Hi centos-virt,
>
> I hope I picked the correct mailing list.
>
> I was wondering whether there is a plan to get CentOS 8 and perhaps 7.7
> AMI for use with AWS.

If you're in a rush, you can build an OS image with a local
virtualization tool (such as VirtualBox or VMWare Player) and import
it. Did that recently.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Mitel only supported VMware virtualization platform for some CentOS servers based products

[Nico Kadel-Garcia]

On Thu, Jul 12, 2018 at 10:11 AM, Jean-Marc Liger
 wrote:
> Hi,
>
> I finaly find enough legal stuff, from the French government
> recommandations, to qualify our CentOS KVM/libvirt as a platform we can use.
>
> By the way the legal advisory of KVM is not as the save level as its
> technical quality :
>
>
> Le 11/07/2018 à 18:07, Jean-Marc Liger a écrit :
>
> Hi,
>
> Some Mitel products, which are CentOS 6.x or 7.x servers based with some
> telephony services added, are only supported on VMware virtualisation
> platform, even all if theses CentOS guests are certified on last
> CentOS/Redhat Virtualization or Microsoft Hyper V platforms.
>
> So, at he moment we have three bad choices :
> - Migrate part of our virtualization services from KVM/libvirt to VMware ;
> - Install Mitel concerned product on a physical server ;
> - Stay on KVM/libvirt and lose Mitel support for this product.
>
> I'm seeking for technical/legal arguments which could help us to stay on
> KVM/libvirt without losing Mitel support.
>
> Regards,

Turn it around, maybe? Call Mitel and explain that you've benefited
profoundly from the KVM virtualization stack, which is open source
much as RHEL and CentOS are? In fact, if you can invest in some
license, get RHEL licensed systems and get Red Hat involved. I've been
at some virtualization evaluation meetings in my time, and it's
important to bring compelling benefits to one virtualization toolkit
or another, not merely the licensing cost.

One of the issues for telephony applications is latency: another is
the consistency of latency, that spotty phase delays in processing can
seriously confuse audio signals. That's actually quite tricky to
ensure in a virtualized environment, especially if you're not generous
in the resources allocated for each VM. Performance can get *very* odd
as you start saturating your hypervisors' networks or RAM or CPU
resources. So I'm not personally shocked that a certification might
exist only for the one technology that the testing or certification
had available. It's exactly what I'd want to talk to the testing group
about.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] AWS c5d.9/18xlarge instances not supported

[Nico Kadel-Garcia]

On Sat, Jul 14, 2018 at 3:11 PM, Henry Finucane  wrote:
> On Sat, Jul 14, 2018 at 5:22 AM Nico Kadel-Garcia  wrote:
>> See above. Also, the base CentOS 7 3.10.0 kernel is becoming a bit
>> dated: it's 5 years old now. If you have time: can you set up a
>> smaller instance, do kernel updates on top of a CentOs 7 AMI, and see
>> if *that* AMI is compatible with the new instances? Might make for an
>> interesting test and get you a working AMI.
>
> I did this with CentOS 6 at some point, and it's worth noting that
> you'll have to build your own AMI from scratch, you can't just update
> the existing AMI- the base AMI's lack of support "taints" derived
> ones.

There Are Ways(tm). One of my favorite is to link a LiveDVD image to
the VM built from the messed up or out of date OS image, mount the
storage for the messy host, and do the updates on a chroot cage to
*that*. In this case, there instances of the same class, just
different sizes, that are apparently tested and approved. I'd stage a
build to one of the approved instance types and do the updates
*there*, then take a snapshot.

> I used packer's chroot builder, it was pretty reasonable and you can
> find examples online to help you get started.

Heh. I wrote tools that did something like this for hardware testing,
creating a base tarball image much like "mock" does and applying it to
new hadware configurations from DHCP and kickstart, and even one that
could be downloaded and run to upgrade from a local tarball. That was
in... 2000, and was used on roughly 20,000 systems that year for an OS
update. It's still faster than most virtualization "disk image" based
clones from a golden image.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] AWS c5d.9/18xlarge instances not supported

[Nico Kadel-Garcia]

On Sat, Jul 14, 2018 at 7:41 AM, Jens-Uwe Schluessler
 wrote:
> Hi,
>
> why are larger AWS instances c5d.9xlarge and c5d.18xlarge (NVMe SSD
> attached) NOT supported by Centos7 AMI,

It wouldn't be the first time. I had problems with the i3 instances
when they first came out, and I've been dealing with kernel/hardware
incompatibilities with Linux kernels since 2000. New hardware, and
even new virtualization toolkits that interact with both the
supporting hardware and the virtualization layer, can have startling
interactions. That's why testing is so critical.

> while smaller instances (e.g. c5d.4xlarge) are supported?
>
> Also regular c5.9/18xlarge are supported.

See above. Also, the base CentOS 7 3.10.0 kernel is becoming a bit
dated: it's 5 years old now. If you have time: can you set up a
smaller instance, do kernel updates on top of a CentOs 7 AMI, and see
if *that* AMI is compatible with the new instances? Might make for an
interesting test and get you a working AMI.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] AWS EC2 - CentOS 6 + 7 AMIs for new g3.* instance types?

[Nico Kadel-Garcia]

On Wed, Jul 26, 2017 at 7:10 PM, Johnny Hughes  wrote:
> On 07/26/2017 09:29 AM, Stephan Koledin wrote:
>> Some additional info...
>>
>> AFAIK, the AMIs I'm referring to are owned/maintained by the CentOS
>> team, not by AWS. Details and suggestions to contact this list for
>> assistance are published at both https://wiki.centos.org/Cloud/AWS and
>> https://wiki.centos.org/Cloud/AWS
>>
>> Basically, the maintainer of the Centos.org AWS account just needs to
>> add/approve the current AMIs for the g3.* instance types. Should be a
>> purely administrative action.
>>
>
> AWS is under instruction to 'enable all instance types and enable all
> zones, as they come up'.  Basically, we create the images for AWS and
> they should be enabled everywhere.  We will take a look and see if we
> can see anything, but they should already have permission to add to
> every type.

Cool. Is there a document or list showing compatibility with instance
types? I've had some difficulties with the i3 instances. There's a
ticket about this at
https://bugs.centos.org/view.php?id=12883=1 .
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Pair-bonding on virtualized servers, particularly on CentOS 7

[Nico Kadel-Garcia]

Is anyone out there using pair-bonding on CentOS 7? I'm particularly
looking at systems where one VM network port is tied to one bridge,
tied to one port on the hypervisor, and one network port on the VM
tied to t he other bridge tied to th e other port on the hypervisor,
for failover in a VM that can be exposed directly to the local
network.

I'm also dealing with pair bonding of they hypervisor, even if the
VM's are NAT'ed, and wonder if anyone wants to share testing confgs
and notes for CentOS 7. I published notes on KVM bridging, pair
bonding, and even tagged VLAN's for CentOS 5 and 6 years ago, but
CentOS 7 has proven to be trickier, and I'm wondering if anyone else
doing virtualization has spent cycles on this.

I think I've gotten the setup on the hypervisor automated, but don't
have much space or time to run tests. I'm happy to share tools and
access to tools under an open source license.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Centos 6.9 AWS Images and c4-8xlarge

[Nico Kadel-Garcia]

On Thu, Apr 13, 2017 at 5:07 PM, John Peacock
<john.peac...@messagesystems.com> wrote:
> Initial testing shows that AMI to work with c4.8xlarge.  We have very few
> resources in us-east-1, so I'm creating a snapshot then copying that to
> us-west-2 for further testing.
>
> Thanks
>
> John

Yay! I've been very happy so far with CentOS 6.9, and am glad to see
an AWS image for it that I can use for some testing.

         Nico Kadel-Garcia <nka...@gmail.com>
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS AMI's published to AWS

[Nico Kadel-Garcia]

On Tue, Jan 24, 2017 at 6:09 PM, Wesley Novack  wrote:
> Greetings! Can someone please explain the process for publishing CentOS 7
> AMI's to AWS?
>
> I see the "official" CentOS marketplace page here:
> https://aws.amazon.com/marketplace/pp/B00O7WM7QW
>
> However, if I select us-west-2 and launch based on the current AMI that was
> released on 2/26/2016, I see that it is CentOS 7.2.1511 at boot up.

I'd welcome information, too. I'd particularly like to understand why
enhanced networking has been so difficult for the CentOS 7 images
recently, I was recently asked to look at it.


> Do new AMI's get published on a particular cadence? Eg; will there be an AMI
> for 7.3.1611, for example?
>
> I realize that we could do a yum update, but we'd prefer to start off new
> hosts on the latest version without needing to do a yum update and then save
> our own image.
>
> Any insight is appreciated and thank you!
>
> --
>
> Thank you,
> Wes Novack
>
>
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
>
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Updating PXE documentation for CentOS wiki

[Nico Kadel-Garcia]

Thanks. Perhaps that could be made even more explicit, or reject names
that do *not* match that format?

I have my own long-founded opinions about using CamElcAsE for anything.

On Fri, Aug 19, 2016 at 7:53 AM, Johnny Hughes <joh...@centos.org> wrote:
> On 08/18/2016 05:57 PM, Nico Kadel-Garcia wrote:
>> I was just looking at the CentOS Wiki at
>> https://wiki.centos.org/HowTos/PXE/PXE_Setup, and it's pretty
>> seriously out of date. It neglects the existence of the
>> "syslinux-tftpboot" RPM, and the hand editing of xinetd config files
>> for tftpd ignores the availability of "chkconfig" and "service" to
>> manage that service.
>>
>> For more sophisticated users, it doesn't mention "never, never, never
>> set your default menu to install an OS by default, because you *will*
>> accidentally wipe servers that select PXE boot first before local disk
>> as their boot media". Nor does it mention the difficulties with PXE
>> and NAT based virtual host, nor how to verify the TFTP service's basic
>> operation, nor the difficulty of maintaining multiple PXE configs when
>> the main rsync mirrors only publish the most recent CentOS.
>>
>> I'm happy to add that sort of thing to the wiki, but I'm finding the
>> "Set up an account" page confusing. Is "FirstnameLastname" supposed to
>> be your mandated login name?
>
> Yes, FirsnameLastname (CamelCase, no space) is the correct format.
>
>
>
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
>
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Updating PXE documentation for CentOS wiki

[Nico Kadel-Garcia]

I was just looking at the CentOS Wiki at
https://wiki.centos.org/HowTos/PXE/PXE_Setup, and it's pretty
seriously out of date. It neglects the existence of the
"syslinux-tftpboot" RPM, and the hand editing of xinetd config files
for tftpd ignores the availability of "chkconfig" and "service" to
manage that service.

For more sophisticated users, it doesn't mention "never, never, never
set your default menu to install an OS by default, because you *will*
accidentally wipe servers that select PXE boot first before local disk
as their boot media". Nor does it mention the difficulties with PXE
and NAT based virtual host, nor how to verify the TFTP service's basic
operation, nor the difficulty of maintaining multiple PXE configs when
the main rsync mirrors only publish the most recent CentOS.

I'm happy to add that sort of thing to the wiki, but I'm finding the
"Set up an account" page confusing. Is "FirstnameLastname" supposed to
be your mandated login name?
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Lost a NIC on start

[Nico Kadel-Garcia]

On Tue, Aug 2, 2016 at 4:12 AM, Günther J.  wrote:
> Hello,
>
> CentOS 7.2
>
> I have a big Problem with libvirt or KVM, my Virtual Hosts lost sometime a NIC
> on start.

What does "lose a NIC" mean? Does it mean that device doesn't show up
at all, and is not apparent with "/sbin/ifconfig -a" ? Or does it mean
that the device is not properly configured with IP address and
connected to the local network?

I've certainly noticed with various virtualization systems and CentOS
6 that sometimes DHCP doesn't get configured in the very short time
between the VM booting and the prompt being available. It always
recovers with a "/sbin/service network restart".

> I have configured 4 NIC on the Virtual host two passthru and 2 virtual, on
> start most time i lost a virtual NIC :-(
>
> So after a reboot I have to check always is all running and working.?
>
> with a "virsh reboot " in the most time it come back ?
>
> Have any a Idea why ?
>
> I found nothing in the Logs :-(.
>
> --
> mit freundlichen Grüßen / best regards,
>
>   Günther J. Niederwimmer
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] [CentOS-devel] docker and docker-latest packages on CentOS Virt SIG

[Nico Kadel-Garcia]

On Mon, Jun 13, 2016 at 7:26 AM, George Dunlap <dunl...@umich.edu> wrote:
> On Mon, Jun 13, 2016 at 12:23 PM, Nico Kadel-Garcia <nka...@gmail.com> wrote:

>> I pesonally do this kind of backporting, a *lot* with Perl and Python
>> modules. They're often sadly out of date on a RHEL production grade
>> system, but switching to a Fedora base for your production
>> environments can get really flakey, really fast due to the immense
>> churn of that operating system.
>
> Right, so one of the basic nice things about the CentOS SIGs is that
> all the stuff you don't need to be current can be RHEL-stable, and the
> handful of things you do want to be current can be fresh.
>
> My main question is whether explicitly calling it "Fedora" is the
> right thing to do (even if in practice it's just a re-build of the
> Fedora package).

I thinki it would get confusing fast. Let the '%changelog' in the
.spec file show the Fedora history, RPM 'release' reflect that it's a
more recent version and published by a CentOS SIG.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] [CentOS-devel] docker and docker-latest packages on CentOS Virt SIG

[Nico Kadel-Garcia]

On Mon, Jun 13, 2016 at 6:39 AM, George Dunlap  wrote:
> On Fri, Jun 10, 2016 at 9:11 PM, Lokesh Mandvekar
>  wrote:
>> Moving this discussion to centos-virt@ as it's upto the SIG to decide on
>> how this moves ahead.
>>
>> I'm hoping to have 2 new koji tag sets:
>>
>> virt7-docker-fedora-* (will have fedora rpms rebuilt)
>> virt7-docker-el-* (will have rhel candidate builds before they are released
>> or land in centos extras)
>>
>> The -el-* repos will help to have Virt SIG as sort of an upstream and early 
>> QA
>> for both RHEL and CentOS extras.
>>
>> If the SIG is ok with it, I'll check with CBS guys to create these 2 tags.
>>
>> See below message to centos-devel@ and
>> http://centos-devel.1051824.n5.nabble.com/CentOS-devel-docker-and-docker-latest-packages-on-CentOS-Virt-SIG-td5712734.html
>> for background
>
> I think having the RHEL version makes sense; but I'm not sure exactly
> what we gain from having a version labelled "fedora".  If someone
> wanted the Fedora docker, why wouldn't they just install Fedora?  And
> if in this case "Fedora" really just stands for "Recently stable
> docker", then we should probably just come up with another name for it
> that describes it better (even if in the end it turns out to be a
> straight re-building of the Fedora RPM).

I pesonally do this kind of backporting, a *lot* with Perl and Python
modules. They're often sadly out of date on a RHEL production grade
system, but switching to a Fedora base for your production
environments can get really flakey, really fast due to the immense
churn of that operating system.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 7 AMI on AWS GovCloud region

[Nico Kadel-Garcia]

On Fri, Oct 2, 2015 at 7:53 AM, Karanbir Singh  wrote:
> On 28/09/15 14:55, Patrick Varilly wrote:
>> Hi,
>>
>> I'm working on building a cluster on AWS atop CentOS 7.  For
>> development, I've been working in the eu-west-1 (Ireland) region, where
>> the AWS MarketPlace provides an official CentOS 7 AMI (ami-e4ff5c93).
>> However, the production deployment is taking place in AWS's GovCloud
>> region for regulatory reasons, and there, I couldn't find an official
>> CentOS 7 AMI.
>>
>> Are there plans to provide an official CentOS 7 AMI for the GovCloud
>> soon?  Or instructions on how the official AMIs are built?  I'm happy to
>> help build an AMI for public use following the instructions if someone
>> can point me in the right direction.
>>
>> Thanks for your help,
>
> let me bring this up with the amp folks and see what they say, i bet the
> govcloud needs a lot more paperwork etc to get setup from our side. but
> lets find out,

I'm curious, too. I'd like to encourage making the basic AMI's a bit
larger, and activating enhanced networking by default fore the CentOS
6 and CentOS 7 public AMI's.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Beta CentOS 7 Xen packages available

[Nico Kadel-Garcia]

On Tue, Sep 8, 2015 at 7:02 AM, George Dunlap  wrote:

> * Apparent lack of testing by the community. About a month after the
> C7 "beta", I was about to announce an actual release, when I happened
> to discover that HVM guests wouldn't boot -- not under any
> configuration.  This is really basic core functionality that nobody at
> all had tested (or if they had they hadn't complained).  This
> convinced me that I couldn't rely on community testing, and prompted
> me to spend some time writing an automated test suite that would at
> least do a basic smoke-test for a number of configurations.  I've got
> this working for the core xen package, but I was planning on extending
> it to libvirt before declaring CentOS 7 "ready".

A lot of it is market forces. A lot of people who used to run their
own VM's have basically given up, and allow AWS or similar services to
do it for them. Learning a few command line tools is often a *lot*
faster, and cheaper, than running your own virtualization
infrastructure. Heck, I *published* the first public RPM's for Xen,
way back in 1997 before it was bought by Citrix, and I don't have the
time and hardware in hand to do it anymore!

I'm also afraid a lot of us have basically given up on CentOS 7, while
the developer community deals with all the multiple OS issues of the
systemd reworking of network and init configuration, the-arranged
"/bin" versus "/usr/bin" overlap of component locations, and the
profound lack of EPEL for CentOS 6 or Fedora published perl and python
modules ported to CentOS 7. That's not a CentOS team issue, that's a
RHEL issue, but it's profoundly lowering interest in both hypervisors
and VM's that are CentOS 7 based.

> I would be happy to have help improving the packages.  I would be
> *very* happy to have help maintaining the Xen4CentOS packages, and I
> would be *delighted* if someone wanted to take over maintainership of
> the packages entirely.
>
> FYI I have just finished rebasing things to 4.6-rc2 (there are
> packages in virt7-xen-46-candidate now), and am in the process of
> switching things over to systemd.

And that is one of the parts that is sucking away testing time on a
lot of open source or freeware projects. The systemd integration of
init scripts, networking tools, and the /bin symlink to /usr/bin have
been breaking a *lot* of previously stable components. A lot of us are
basically giving CentOS 7 a miss until and unless the rest of the
stable server community can catch up with the environment changes.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Enabling enhanced neetworking for CentOS 6 bqse images in AWS

[Nico Kadel-Garcia]

I've made a few OS's from the the CentOS 6 base images in AWS, and
they're working quite wwell. But I'm reaalizing that they do not have
the enhanced networking enabled by default. And I'm also realizing
that I have to  *stop* the OS in AWS terms, enable network enhanced
networking manually, and lose all the contengs of my ephemereal
storage when I do this.

Is there any reason not to enable enhanced networking by default, in
the base CentOS 6 image and same a painful and  painful step for AWS
users?
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] [CentOS-devel] Bridge Networking for Xen in Box proposal

[Nico Kadel-Garcia]

On Tue, May 26, 2015 at 6:49 AM, Gautam Malu
gautam.m...@research.iiit.ac.in wrote:
 Hi,

 I am doing xen in box gsoc project.

 The aim of the project is to have custom installer ISO which delivers xen
 stack running on c7 along with necessary bridge networking configuration.

 But I am getting confused over how to package bridge networking settings, so
 that I can deliver that during installation itself.
 I can use bridge-utils and package ifcfg-* files as differnet package. But
 for that I need to have the network information like how many NIC are
 present in the system, and which NIC is active is it eth0 or wlan0.

 I can probably write a script to set up bridge networking, which can be used
 to start bridge networking and stop, and ship that script as a package.

 Any suggestions?


 Best regards,
 Gautam Malu

Take a look at my old notes from 2012 about this sort of thing, for
CentOS 6 at 
https://wikis.uit.tufts.edu/confluence/display/TUSKpub/Configure+Pair+Bonding,+VLANs,+and+Bridges+for+KVM+Hypervisor

It will certainly need rewriting for CentOS 7 and NetworkManager, but
a KVM server ideally needs pair bonding to avoid any single network
piont being a single point of failure for the whole VLAN, and applying
multiple VLAN's on one device or on paired devices means VLAN tagging
to keep the VLAN traffic correctly segregated. While there are many
upstream Red Hat published guidelines on each indivudual feature of
that, NetworkManager certainly didn't encompass setting up all of them
at the time: I'm curious whether it does a better job now!
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] iTunes

[Nico Kadel-Garcia]

On Sat, May 9, 2015 at 4:37 AM, ToddAndMargo toddandma...@zoho.com wrote:
 Hi All,

 I am putting together a high end workstation quote for a customer. He is
 going to want a Virtual Machine, specifically so he can run iTunes (his wife
 buys music through iTunes and sync's them to her iPod).

For personal laptops or workstations, I tend to run Windows natively
for the raw speed of the native apps and to get the latest drivers,
and run Scientific Linux in VirtulalBox, which has worked very well. I
much prefer the user interface of Virtualbox to the virt-manager suite
for KVM or for Xen. It's just been easier, for me, to get tools like
the VMware clients or Xencenter for managing *other* virtual
environments to work well on Windows, and Outlook for Exchange servers
has been critical in too many environments.

SL runs very well and robustly in virtualization with all the
virtualization technologies.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS Images on AWS with partitions on /dev/xvda1 are awkwared to resize

[Nico Kadel-Garcia]

On Wed, Apr 29, 2015 at 11:33 PM, Kelly Prescott kpresc...@coolip.net wrote:
 to follow-up, I will give an example.
 Here is the listing for the official centos AMI:

 IMAGE   ami-96a818feaws-marketplace/CentOS 7 x86_64 (2014_09_29) EBS
 HVM-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-d2a117ba.2 aws-marketplace
 available   public  [marketplace: aw0evgkw8e5c1q413zgy5pjce]
 x86_64  machineebs  hvm xen
 BLOCKDEVICEMAPPING  EBS /dev/sda1   snap-591037fd   8
 false   standardNot Encrypted
 as you can see the block device mapping is by default set to
 BLOCKDEVICEMAPPING  EBS /dev/sda1   snap-591037fd   8
 false   standardNot Encrypted

 it is a standard volume, not encrypted, and 8 GB
 my modification consists in adding this to my run command for my ami launch:
  -b /dev/sda1=snap-591037fd:20:false:gp2

 I set the drive the same, the snapshot the same, and I give it 20GB instead
 of 8, I also use the gp2 type instead of the standard as well as telling it
 not to delete the volume when the instance terminates.

 Hope this helps.
 kp

Perhaps so, and I appreciate the pointer. I can try to work with that
to integrate command line based deployment and get this option.

So you're working from the command line tools in the EPEL 'cloud-init'
package, not the AWS GUI? Because when I tried expanding the size of
the base disk image in the GUI, I wound up with an an 8 Gig default
/dev/xvda1 on a 20 Gig /dev/xvda. That's why I was looking at how do
I resize this thing safel?

Unfortunately, it doesn't help a lot with what I already have built,
but could be useful going forward.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] CentOS Images on AWS with partitions on /dev/xvda1 are awkwared to resize

[Nico Kadel-Garcia]

I'm staring at the free CentOS images on AWS, and seeing that whoever
set those up elected to use a partition for /dev/xvda1 rather than
taking advantage of Amazon's tendency to use /dev/xvda, /dev/xvdb,
etc. for each disk and use those directly as a file system.

The result is that if you elect to allocate a larger base disk image,
for example allocating 50 Gig to allow local home directories or space
for mock or for bulky logs, and don't spend the time to select and
allocate new disk images, it's awkward to simply expand the /
partition. And with only 8 Gig allocated in the latest CentOS 6 images
that I see in AWS, it's possible to get pretty pressed for space
pretty quickly.

Now, AWS published guidelines on manipulating partition size, and
expanding a matching filesystem, but they're very clear to unmount
the parition before you touch it!!! That's a bit difficult to unmount
with a / partition, and they understandably don't have the kind of
boot from CD and work from the console setup I'd normally use for
that kind of work.

So: why did the creators of that CentOS AMI elect to use such a small
/ partition? And how dangerous is it, with the system essentially
idle, to use parted to expand the /dev/xvda1 parition and then use
resize2fs to expand the / file system while the system is alive?

Note that, because I'm a complete weasel, I know at least one way
around this: add a second disk, copy the OS to *that*, set grub to
boot from the second disk, reboot from that, paritition the first disk
as desired, copy the OS back, reset grub to boot from the first disk,
and pray. I've had good success with the approach in the past, and
have rebuilt rougly 15,000 Linux systems this way. But the work
predates CentOS, and I dont't want to go through that again.

So, has anyone resized / successfully and gracefully on AWS CentOS instances?

 Nico Kadel-Garcia
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS Images on AWS with partitions on /dev/xvda1 are awkwared to resize

[Nico Kadel-Garcia]

On Wed, Apr 29, 2015 at 11:24 PM, Kelly Prescott kpresc...@coolip.net wrote:
 This is not really a problem at all.
 when you launch your image for the first time, you can specify a larger /
 volume size and cloud-init-tools will take care of the rest.
 This is well documented in the AWS userguides.

 -- Kelly Prescott

I just had that discussion with an experienced AWS user, who hadn't
noticed that the documentation at
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/storage_expand_partition.html
says the following, very clearly:

  Unmount the partition if it is mounted. Run the umount command
with the value of MOUNTPOINT from the lsblk command. In this example,
the MOUNTPOINT value for the partition is /mnt.

Notice the unmount the parition part.  This is not feasible with a
/ partition unless you've booted from separate media and have
console access or remote SSH access with that separate media. I'm
experienced enough to actually configure a second disk and ensure
booting from *that* to re-arrange the primary disk's filesystems, but
I'm looking for a better way.

I'm also staring at the cloud-init docs you mentioned at
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonLinuxAMIBasics.html#CloudInit.
I see nothing about resizing the base OS image size, especially the
/ partition. Do you see something relevant?

Nico Kadel-Garcia
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Can we get a copy of ks.cfg for varous images into /root/ks.cfg?

[Nico Kadel-Garcia]

I've recently been dealing with various CentOS images on AWS, and am
being forcibly reminded that the /root/anaconda-ks.cfg has only a
passing resemblance to whatever the kickstart configuration file
actually contained. But getting a copy of the actual ks.cfg is
invaluable for updating and testing variations of the kickstart setup,
especially when manipulating disk partitioning or package selection.

In particular, anaconda-ks.cfg fails to include any but the first
'%post' script and discards all comments that may have been in the
original ks.cfg file. Coupled with the problems of
system-config-kickstart, and you have no provenance for the kickstart
file that was actually *used* to create a particular system.

For people building kickstart based environments, what would it take
to get you to put this in your ks.cfg?

%post
cp /tmp/ks.cfg /mnt/sysimage/root/ks.cfg
%end

For older releases, '%end' is not needed.

And before anyone asks, *YES* I've reached out to the anaconda
developers in the past about this. I can try again, but in the
meantime, it would really help me, and I think it would help others.

   Nico Kadel-Garcia
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 6 VM image for paravirtualizaton on CentOS Xen server

[Nico Kadel-Garcia]

On Wed, Mar 18, 2015 at 9:11 PM, Grant McWilliams
grantmasterfl...@gmail.com wrote:

 Nico,
I wrote tutorials on how to do this when I was using xen. I haven't used
 these tutorials in a couple of years but they worked then so they should
 still work now.  This is for an automated CentOS 6 (x86_64).

 http://grantmcwilliams.com/item/538-centos-6-virtual-machine-64-bit-installation-on-xen

 Grant McWilliams
 http://grantmcwilliams.com/

I'm reading your notes. They're not bad, but they make me nervous in a
number of ways.

* VM's should *always* be assigned stable, but unique MAC's for the
network devices. This prevents the udev settings, and tendency of
tools like NetworkManager and anaconda from being unable to configure
network devices that they've stored hard-coded MAC addresses for.
There is *no* GUI or built-in command line tool for clearing these,
you have to do it by hand. There are various ways to deal with this,
but allowing the virt-install or similar tools to assign a MAC *once*
and then locking it down in the config file is quite effective.

Pre-planning your MAC addresses also allows DHCP reservations to be
configured, very useful for PXE setups and stabilizing your DNS and
firewall configuraitons.

* Don't install rpmforge anymore by default: it's effectively moribund
since Dag Weiers moved on to other projects, and isn't getting
updates. You can now install EPEL with 'yum install epel-release, and
unless you need tools that overlap with CentOS tools it's much safer.
(I wrote the last few subversion RPM's for RPMforge, and have been
waiting way too long for updates to be accepted.)

* Frankly, the use of 'virt-install' with a --location setting to
point to the online kernels from a relevant source repository, and
some options to select a disk image size,  seems to skip gracefully
over all the manually build your disk image and manually edit your
/etc/xen/[config] file..


 Some people, when confronted with a problem, think I know, I'll use
 Windows.
 Now they have two problems.


 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt

___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 6 VM image for paravirtualizaton on CentOS Xen server

[Nico Kadel-Garcia]

On Mon, Mar 16, 2015 at 4:02 AM, Manuel Wolfshant
wo...@nobugconsulting.ro wrote:

 Quote from an actual installation:

 [root@xenh4 ~]# history| grep virt
 virt-install  -n dhcpdns -p -r 1024 --os-type=linux --vnc -f
 /var/lib/xen/images/dhcpdns -s 2 -l
 http://192.168.50.40/mrepo/centos6-i386/disc1 -x
 ks=ftp://192.168.50.40/linux/ks-minimalC6-xen.cfg;

 [root@xenh4 ~]# uname -a
 Linux xenh4 2.6.18-400.1.1.el5xen #1 SMP Thu Dec 18 02:18:37 EST 2014 i686
 i686 i386 GNU/Linux

 https://github.com/CentOS/Community-Kickstarts/blob/master/ks-minimalC6.cfg
 is quite close to the above mentioned ks-minimalC6-xen.cfg ( actually both
 are descendants of the same template of mine )

Thanks The key, hinted at by various notes in this thread, was the
use of the --location to point to a network accessibleinstallation
repository. I'm afraid that the Xen wiki directions about --location
are a bit unclear about the need for this to be the base of a
deployment directory, one that *must* have a working subdirectory
called 'imagex/xen' with the relevant files in it. I admint, I have to
just love hardcoded, hidden requirements!!!

I'll point out for others who may need to image systems quickly that
it's often more effective, especially in terms of speed and external
bandwidth, to use an internal mirror as you did. I'll also point out
that it can be awfully handy to keep such a mirror up-to-date and use
it your local configurations. I publish such scripts at
https://github.com/nkadel/nkadel-rsync-scripts, in case anyone else
wants them.

I'll also mention my old habit in ks.cfg files of doing this, to hang
onto the actual ks.cfg instead of the confused and '%pre' and '%post'
stripped, anaconda reverse engineered oddness in
/root/anaconda-ks.cfg.

%pre
 cp -f /tmp/ks.cfg /mnt/sysimage/root/ks.cfg
%end
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 6 VM image for paravirtualizaton on CentOS Xen server

[Nico Kadel-Garcia]

On Sun, Mar 15, 2015 at 3:17 PM, Pasi Kärkkäinen pa...@iki.fi wrote:
 On Thu, Mar 12, 2015 at 10:34:39PM -0400, Nico Kadel-Garcia wrote:
 I'm looking at a CentOS 5  Xen server that I'd really like to put some
 more recent VM's. There are reasons not to touch it at the moment, so
 I can't upgrade it in place today.

 Has anyone successfully installed a CentOS 6 VM, paravirtualized, on a
 CentOS 5 Xen server , without significant Xen upgrades? If so, can I
 get a copy from a reputable source, or one that I can review before
 using? I'm having a bit of difficulty arranging a PXE enironment to do
 a paraviirtualized installation with, and there are apparently
 difficulties doing a paravirtualzed system with CD or DVD installation
 with Xen.

   Nico Kadel-Garcia nka...@gmail.com

 Yep, CentOS 6 VMs run just fine on CentOS 5 Xen host.

I've got CentOS VM's running fine, and have done them before. But
previously, I deployed the same base OS on the VM as on the Xen
server, so paravirtualization posed few risks. And I had control of
the DHCP setup. so I could trivially set up a tftp server to do a
non-CD installation, because Xen, at last look, doesn't support
installing a paravirtualized host from a CD image.

So I'm right back to my effectively unanswered original questions. So
please: I asked a very specific pair of questions, and they remain
unanswered. CentOS 5 Xen server (hypervisor, or Dom0, whatever we want
to call it this week): Does CentOS 6 work, paravirtualized, on such a
server? And given my deployment issues, does anyone have a base OS
image I can get a copy of?
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 6 VM image for paravirtualizaton on CentOS Xen server

[Nico Kadel-Garcia]

On Sun, Mar 15, 2015 at 8:26 PM, Sarah Newman s...@prgmr.com wrote:
 On 03/15/2015 03:25 PM, Nico Kadel-Garcia wrote:
 So I'm right back to my effectively unanswered original questions. So
 please: I asked a very specific pair of questions, and they remain
 unanswered. CentOS 5 Xen server (hypervisor, or Dom0, whatever we want
 to call it this week): Does CentOS 6 work, paravirtualized, on such a
 server? And given my deployment issues, does anyone have a base OS
 image I can get a copy of?

 I'm not sure why you need tftp to do a net install assuming you control the 
 guest configuration.

 How about

 kernel = file from 
 https://mirrors.kernel.org/centos/6/os/i386/images/pxeboot/vmlinuz
 ramdisk = file from 
 https://mirrors.kernel.org/centos/6/os/i386/images/pxeboot/initrd.img
 extra = console=hvc0
 memory = 512 or larger

 --Sarah

I'll be happy to try this. Thank you for the pointer. Are you
confident that 'console=hvc0' is the right installation time message
for this? And will I be able to access a CD or DVD image for actual OS
installation with these options?

I'd really prefer to work from 'virsh' than from hand-writing xl
configuration files.When I last did this sort of thing, I worked from
a PXE environment that I controlled and could reserve DHCP settings
based on MAC addresses, and tune PXE to boot from disk by default but
allow users to select a clean re-install of the operating system they
wanted.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 6 VM image for paravirtualizaton on CentOS Xen server

[Nico Kadel-Garcia]

On Sun, Mar 15, 2015 at 8:11 PM, Peter pe...@pajamian.dhs.org wrote:
 On 03/16/2015 11:25 AM, Nico Kadel-Garcia wrote:
 I've got CentOS VM's running fine, and have done them before. But
 previously, I deployed the same base OS on the VM as on the Xen
 server, so paravirtualization posed few risks. And I had control of
 the DHCP setup. so I could trivially set up a tftp server to do a
 non-CD installation, because Xen, at last look, doesn't support
 installing a paravirtualized host from a CD image.

 It does as long as (1) the kernel has Xen PV support (CentOS 6 standard
 kernel does) and (2) it has the necessary drivers in the initrd (I think
 this is where the CD image is lacking), then you should, in theory, be
 able to pv-grub boot to the CD.  Alternatively you can boot to the CD on

Not according to the Xen guidelines I was finding. If they're
incorrect, *for a CentOS 5 Xen hypervisor*, I'd love to be able to use
that. Unfortunately, one of the banes of my technology existence is
when people say that works great! and just look on Google,!, and
the answer they vaguely remember does not actually include the
situation I desdcribed.

 another box first, copy the kernel off to a USB stick, and generate a
 new initrd with the xen drivers included, then put those on the Xen host
 and boot to the VM CD image using those in the kernel= and initrd= lines
 in the domain.cfg file.

Ouch. I've hand-modified CD and DVD images in the past, it's a pain
the neck, It's been compunded by the insistece that the  compressed
vmlinuz file is, itself, named vmlinuz instead of vmlinuz.gz,
which always struck me as fairly nutty.

 The other way is to boot to the CD as an HVM domain and install, then
 convert it to a PV domain afterwards, which is not all that difficult to do.

This would probably be safest for me right now, since I have a
testable HVM instance of CentOS 6 to copy and work with. I'm not
finding any good guidelines for migrating from HVM to
paravirtualizaton for old Xen environments. Have you seen any, or done
this process? The notes I find often include extraneous and hopefully
unnecessary steps, such as http://support.citrix.com/article/CTX121875
saying. It's legible, but leaves out the kind of incompatibility
issues that I;ve been concerned about hopping from a Xen server on
CentOS 5.x to a CentOS 6.x guest.

 There is a third way which involves using yum to install the @core group
 plus kernel to an image, then tweak and boot to that as a PV domain.
 This is how I have done it in the past.

I'm sorry, but what? Are you building a chroot cage yourself, such as
using 'mock', or are you starting with someone else's working
para-virtualized image? (See my notes above).

 So I'm right back to my effectively unanswered original questions. So
 please: I asked a very specific pair of questions, and they remain
 unanswered. CentOS 5 Xen server (hypervisor, or Dom0, whatever we want
 to call it this week): Does CentOS 6 work, paravirtualized, on such a
 server?

 Yes, I have done that until I upgraded the CentOS 5 host to CentOS 6 a
 couple years ago.

Thanks! THAT is one of the questions I really wanted an answer for.

 And given my deployment issues, does anyone have a base OS
 image I can get a copy of?

 Sorry my image templates that I use are highly customized for my own
 work, but I have told you three different ways to accomplish it above.

Well, dang!
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] CentOS 6 VM image for paravirtualizaton on CentOS Xen server

[Nico Kadel-Garcia]

I'm looking at a CentOS 5  Xen server that I'd really like to put some
more recent VM's. There are reasons not to touch it at the moment, so
I can't upgrade it in place today.

Has anyone successfully installed a CentOS 6 VM, paravirtualized, on a
CentOS 5 Xen server , without significant Xen upgrades? If so, can I
get a copy from a reputable source, or one that I can review before
using? I'm having a bit of difficulty arranging a PXE enironment to do
a paraviirtualized installation with, and there are apparently
difficulties doing a paravirtualzed system with CD or DVD installation
with Xen.

  Nico Kadel-Garcia nka...@gmail.com
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Upgrading Xen 3 on SL 5 server with CentOS 5 and SL 5

[Nico Kadel-Garcia]

On Mon, Mar 9, 2015 at 2:01 PM, George Dunlap dunl...@umich.edu wrote:
 On Mon, Feb 23, 2015 at 9:49 PM, Nico Kadel-Garcia nka...@gmail.com wrote:
 On Sun, Feb 22, 2015 at 4:41 PM, Pasi Kärkkäinen pa...@iki.fi wrote:
 On Fri, Feb 20, 2015 at 10:07:54AM -0500, Nico Kadel-Garcia wrote:
 Sorry about the accidental bulky quoting! Boston public transit is still 
 slow from storms, and I'm using my phone right now.

 Also, has Xen console access gotten any better for fully virtualized 
 guests? I've just been forcibly reminded how awkward it was to access the 
 Linux installation screens to manipulate kickstart setups.


 I haven't had problems accessing the graphical console of PV or HVM guests. 
 I'm usually using virt-viewer to use the VNC console.

 -- Pasi

 I was referring to the TTY text console, the one that allows
 manipulation of boot options. It looks like it's still pretty awkward.

 What's awkward about it?  When I've passed serial=pty in the HVM
 config file and run xl console, everything seems to work pretty well
 for me.


And playing with the grub settings. And making sure that the installer
correctly handles serial access, which tends to confuse the heck out
of anaconda, and has only gotten worse with the pointlessly and
insistently graphical installers in CentOS 7.

I'm not blaming the CentOS team, this came from Fedora upstream to RHEL.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Upgrading Xen 3 on SL 5 server with CentOS 5 and SL 5

[Nico Kadel-Garcia]

On Sun, Feb 22, 2015 at 4:41 PM, Pasi Kärkkäinen pa...@iki.fi wrote:
 On Fri, Feb 20, 2015 at 10:07:54AM -0500, Nico Kadel-Garcia wrote:
 Sorry about the accidental bulky quoting! Boston public transit is still 
 slow from storms, and I'm using my phone right now.

 Also, has Xen console access gotten any better for fully virtualized guests? 
 I've just been forcibly reminded how awkward it was to access the Linux 
 installation screens to manipulate kickstart setups.


 I haven't had problems accessing the graphical console of PV or HVM guests. 
 I'm usually using virt-viewer to use the VNC console.

 -- Pasi

I was referring to the TTY text console, the one that allows
manipulation of boot options. It looks like it's still pretty awkward.

Either way, I'm alive right now with fully virtualized CentOS 6
installations. I'd love to switch them to be paravirtualized for the
performance benefits, especially since I can't do CD based
installations of new hosts on para-virtualized setups, and I don't
have a PXE server running for this setup.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Using network-script with Xen 4.4.1 (aka what will I do without xend?)

[Nico Kadel-Garcia]

On Fri, Jan 30, 2015 at 4:39 PM, George Dunlap dunl...@umich.edu wrote:
 On Thu, Jan 29, 2015 at 11:28 AM, Gene gh5...@gmail.com wrote:
 I have seen those documents, I did not see anything that indicates how
 _automatic_ bridge configuration could be enabled with xl.

 For my specific set up I have two bridges (xenbr0 - peth0  xenbr1 -
 peth1).  If I have to configure this manually with ifcfg scripts I will, but
 if an automatic method is provided or is possible with xl I'd prefer to use
 that.

 Thanks Gene -- I'll add a note about the transition to network-scripts
 in the CentOS migrating to xl document.

And coming around again: if you need pair bonding and VLAN tagging,
the best guideline is probably my old one: for KVM at
https://wikis.uit.tufts.edu/confluence/display/TUSKpub/Configure+Pair+Bonding,+VLANs,+and+Bridges+for+KVM+Hypervisor

The more recent versions of NetworkManager for RHEL 7 and Fedora
apparently support VLAN tagging and pair bonding, but the interface is
poor. If you want it to be robust and reliable for virtualization
server, I'll urge you to set NM_CONTROLLED=no in
/etc/sysconfig/network, so it's inherited by default for all network
ports.

I'e some long rants about the unsuitability of NetworkManager for
servers we could expolore some time if you need it. But especially for
a virtualizaton server as opposed to a guest VM, It's dangerously
destabilizing
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Domain Controllers virtualized KVM

[Nico Kadel-Garcia]

On Wed, Oct 15, 2014 at 10:04 AM, David Vrabel david.vra...@citrix.com wrote:
 On 15/10/14 09:54, Andry Michaelidou wrote:
 Hello to you all!

 We are implementing here at the University KVM virtualization for our
 servers and services and i was wondering if anyone virtualized domain
 cotrollers to KVM.
 Does anyone done this before? Any advice?

 If you need to support restoring your Windows domain controller VM from
 a snapshot or you need to live migrate it then you need Server 2012 and
 a hypervisor that provides a VM generation ID.

 I don't believe KVM supports this and it's only available in Xen in the
 upcoming Xen 4.5 release.

 David

Samba also works fine in virtualization. I've been publishing tools to
build Samba 4.1, capable of acting as a fairly drop-in replacement for
Active Directory,  for RHEL 6 (and thus compatible with CentOS and
Scientific Linux 6) over at  My toolkit is over at
https://github.com/nkadel/samba4repo.

If you've worked your way up to CentOS 7, RHEL 7, etc., Samba 4.1.1 is
built-in and much easier to update as needed.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Domain Controllers virtualized KVM

[Nico Kadel-Garcia]

On Thu, Oct 16, 2014 at 8:37 AM, Alain Péan alain.p...@lpn.cnrs.fr wrote:
 Le 16/10/2014 14:21, Nico Kadel-Garcia a écrit :

 If you've worked your way up to CentOS 7, RHEL 7, etc., Samba 4.1.1 is
 built-in and much easier to update as needed.


 But at this time, it seems that the Samba version shipped with RHEL7 and
 CentOS7 does not support Active Directory role, because Samba uses Heimdal
 kerberos implementation, and Red Hat uses elsewhre MIT kerberos, so no
 AD/kerberos emulation in RHEL7 Samba 4 for now.
 http://lists.centos.org/pipermail/centos/2014-September/145613.html

 Samba Team seems to work on a switch to use either Heimdal or MIT kerberos,
 and then it should be available in RHEL.

 Alain

I'd forgotten that was still going on for the upstream Samba. The one
at Sernet, available at http://www.enterprisesamba.com/news/, may be
more capable. I've not personally tried it on CentOS 7.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] How do I do Centos 7 p2v migration?

[Nico Kadel-Garcia]

On Thu, Aug 21, 2014 at 7:25 PM, SilverTip257 silvertip...@gmail.com wrote:
 On Tue, Aug 19, 2014 at 1:21 PM, m...@tdiehl.org wrote:

 Hi,

 I am trying to figure out how to do p2v and v2v migrations on a Centos 7
 kvm
 host. With previous versions there was virt-p2v but that does not seem to
 exist
 with Centos-7.

 I realize that if I am using shared storage, I can do live migrations but
 that does not help with p2v migrations.

 Does anyone know what the recommended procedure is for migrating either
 physical or virtual machines to Centos-7 is?


 While maybe not officially recommended, you could rsync [0] the OS over.

If you go this route, boot with a Live DVD and make a tarball, or use
star to make an SELinux aware tarball. That way, you have a copy to
store, label, and unpack into a chroot cage and edit and propagate
elsewhere, as needed.

Rsync can be efficient, but transmitting and uncompressing a tarball
is *much faster*. Put it in the swap partition temporarily, if you
need to.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] How do I do Centos 7 p2v migration?

[Nico Kadel-Garcia]

On Wed, Aug 20, 2014 at 9:54 AM,  m...@tdiehl.org wrote:
 On Tue, 19 Aug 2014, Gilberto Nunes wrote:

 Hi

 I do this last week, and I use CloneZilla to generate a file image from a
 phisical server running Ubuntu and after that, used Clonezilla to restore
 into KVM hypervisor with no tears...

 Thanks for the info. I was kinda hoping for a solution using tools that are
 supplied with Centos but this sounds feasible so I will give it a try.

One of my favorite approaches, which is *FAST*, is to take the live
server down and make tarballs of all its relevant filesystems with a
live CD, and possibly an NFS share. Store the tarballs for reference,
and use a live CD or PXE toolkit to allow access to the disk images in
the new virtual machine.

Then create partitions as needed, mount them, untar the contents onto
the partitions, and edit the mounted /etc/fstab. Also do a grub
install inside the chroot cage, and unless your underlying
virtualization.

Reboot from the new disk image, and voila. Working virtual
environment. It can take tuning to automate or optimize it, to install
virtualization toolkits or best configure the network, but I've
installed roughly. 18,000 systems this way, for both
virtualization and hardware operating systems. The tarballs allow
excellent source control of the underlying system, and easy tuning of
the base OS image: just untar them and do a 'chroot' into them, and do
manual editing or yum install or whatever. Exit the chroot, and tar
them back up, and deploy with the new image.

This is generally *MUCH, MUCH* faster than replicating disk images or
doing a pre-configured kickstart installation.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Can KVM and VirtualBox co-exist on same host?

[Nico Kadel-Garcia]

On Tue, Jul 22, 2014 at 8:45 AM, James B. Byrne byrn...@harte-lyne.ca wrote:
 CentOS-6.5
 VirtualBox-4.3.14

 Is it possible, and if so advisable, to run KVM and VirtualBox guests on the
 same host system?

Never tried it. It sounds like a  really, really bad idea.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Preferred method of provisioning VM images

[Nico Kadel-Garcia]

On Thu, Jun 19, 2014 at 7:39 AM, George Dunlap dunl...@umich.edu wrote:
 On Wed, Jun 18, 2014 at 2:48 PM, Sven Kieske s.kie...@mittwald.de wrote:
 I just dived a little in virt-builder and here are my findings:

 1. It's awesome!

 Am 18.06.2014 12:46, schrieb George Dunlap:
 So it looks like we might want to recommend three potential paths we
 could recommend people to explore:

 1) For basic CentOS VMs, use a CentOS-provided cloud image, with our
 custom metadata tweaking script.

 2. Why create a custom script if maybe virt-builder can handle it?
I don't know if you can point virt-builder to other images than
 those on libguestfs.org, but this should be possible, include an centos
 cloud-image on libguestfs.org and just use virt-builder

 You can point virt-builder to another repo; and in fact, the guys on
 the libguestfs development list said that them hosting their own
 template repo was meant to be a temporary measure, and that long-term
 they'd like to see distros hosting their own templates.

 But as to why, did you miss that yum install libguestfs wants to
 bring in an *additional* 178 packages, more than doubling the size of
 a base installation? :-)

Building stripped OS images is an art form. In fact, if you want to
get *really* dirty, don't use disk images. Use a local chroot cage to
install an OS image from an initial minimal tarball, and use tools
like kickstart to pre-partition the disk and run theset steps..

1) Configure disk.
 a( Use parted in CentOS 6, or fdisk in CentOS 5 to pre-align
partitions on the 4096 byte block boundaries. All VM's that might run
on NetApp or other 4096 byte block drive back end storage needs this,
and better safe than sorry.
2) Obtain tarball, for example by downloading it into the swap
partition if your installer doesn't have a local copy on a DVD image
or local NFS share.
3) Configure /etc/fstab in the chroot cage. (Don't even put one in the
tarball, it's not needed!)
4) Configure /etc/syscontig/network-scripts/ifcfg-eth0 in the tarball,
as needed, for network layout.
a) Pay attention to /etc/udev.d/rules/70-persistent-net-rules,
which will reset your network device numbering.
b) It's usually safest to just delete it for VM and server images.
5) Run grub-install for the relevant bood disk, from inside the
chroot cage, to make it bootable.
6: Clear the installation tarball and run mkswap on the swap partition.

I don't know why most VM environments don't use a separate disk image
for swap, anyway, burying it inside your LVM setup makes it much more
onerous to efficiently cut free or resize without disturbing the rest
of your system. And it makes a thin-provisioned disk automatically
much bulkier, instead just leave out swap from published OS disk
images. But that's a very separate issue.

Now, when I first did this sort of thing, it was to shrink a corporate
Red Hat 5.2 build onto an installable CD. (Not RHEL. .2 Red Hat 5.2)
The original engineer had been using dd'd and gzipped disk images, of
different sizes for different disk drives, and trying to put them on
the same CD, and always starting over by zeroing the disk and putting
new images on it to make any changes, then dd'ing and re-compressing
the disk image. Including *swap*!  The same sort of wasted disk,
written but uncleared blocks, swap space, and other issues exist for
VM images, and a lot of the resulting image size is entirely unneeded
for OS installations. Getting the original OS image tarball can be
pesky: I had to install an OS, reboot with a rescue CD, and tarball
the contents of the disk partitions. I got it down so small it fit on
a buisness card CD.

But these days, guess what? mock already does most of this work for
me!!! Take a good look at the stored initialization tarballs for
mock, and they have *exactly* this sort of content. They have some
extra components for RPM building, but you can enter the chroot cage
and strip those right out, along with unnecessary log files, by
staying at run level 1 while in the tarball. I applaud the mock
authors for their work creating well defined workable chroot cages,
and take other advantage of them for testing components.

The initial setup takes some knowledge, and it's no longer just plug
in this disk image and be done, you need a working tool like a PXE
environment and a selection of pre-configured kickstart files with
'%pre scripts, or an installer CD or DVD or USB image with a
kickstart script set up, to make it efficient But it scales *really
well*. I helped do 13,000 systems in one month this way, back in 2002,
and the technique has proven invaluable for prototyping new,
completely defined, completely reviewable OS images ever since.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Finally switching from Xen to KVM - question about networking

[Nico Kadel-Garcia]

On Tue, Jun 10, 2014 at 10:03 AM, Steve Campbell campb...@cnpapers.com wrote:
 I had so much trouble putting Centos 6 guest VMs on a Centos 5 host that
 I finally switched to a Centos 6 host.

 I've not needed more that test VMs, so I've used Virtual Machine Manager
 on the old system, which worked pretty well, so I decided to create my
 first KVM guest machine. I noticed when I created it, I only had the
 options of NAT for my network interface, so I used that (obvious).

 Well, after starting the VM, I find I don't have connectivity with that
 interface. Reading, I find examples where I need to create bridges
 perhaps. Xen did most of this for me, so it's a little new to me.

 Can anyone throw me a clue, please?

 steve campbell
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt

For full-blown pair-bonding, trunked VLAN's, and KVM bridges, you want
my old notes at
https://wikis.uit.tufts.edu/confluence/display/TUSKpub/Configure+Pair+Bonding,+VLANs,+and+Bridges+for+KVM+Hypervisor.

Just dial back on any features you don't need in your environment. And
rip all NetworkManager based components kicking and screaming the !@#$
out of any KVM server, it is *NOT* your friend.

  sudo yum remove *NetworkManager*
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen DomU supoprt in RHEL 7 and the CentOS Plan

[Nico Kadel-Garcia]

On Mon, Jun 2, 2014 at 1:17 AM, Lars Kurth lars.ku...@xen.org wrote:
 On 28/05/2014 16:16, Konrad Rzeszutek Wilk wrote:

 Perhaps I am missing something obvious here? Could you please
 enlighten me?
 Konrad,
 you are absolutely correct. The discussion on XenServer / XenCenter is
 off-topic really.
 Lars

I'm afraid I brought it up, concerned about the lack of open source or
freeware availability of the upstrream code base. My awareness of
Citrix's cooperation with open source and freeware developers was out
of date. It's nice to see that Citrix and the main Xen contributors
are working well in git: the availability of good management tools
(such as I'm hearing about with Xenserver)  is a vital aspect of any
large scale virtualization environment.

I do hope the RHEL 7, and thus CentOS 7, base releases of these tools
will be as up to date and well integrated as possible.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] xen setup documentation for centos?

[Nico Kadel-Garcia]

On Sun, Jun 1, 2014 at 8:45 PM, lee l...@yun.yagibdah.de wrote:
 Hi,

 what is the proposed way to create domU guests on centos 6.5?  At first
 I tried to follow the documentation on the xen project website which
 recommends using xl.  I created a config file and ended up with getting
 a message that the kernel is not bootable when trying to create a guest.
 I also had to stop some daemon (xend?) because it said that xl isn`t
 compatible with it and the daemon must be stopped first.

 Then I followed redhat documentation which suggests to use virt-manager
 --- which doesn`t work because servers don`t have GUIs.  So I finally
 managed to create a guest with virt-install.  I can start and stop the
 guest (which is also running centos), though I don`t think this is the
 right way to create one.

 So how exactly are you supposed to create guests?


Servers *can* have GUI's. Even if you don't want to install the full
Gnome/KDE/display manager toolkits, it's possible to set up enough to
run X based applications form another host. And virt-manager can be
run from a client, with authenticated access to the libvirt server,
though I've generally not done that.

If you don't want to bother with that, you'll need to learn 'virsh',
which is the actual tool that libvirt uses to do almost everything.

 Now I can`t get the networking to work.  I`ve been reading lots of
 documentation and still don`t understand how that is supposed to work.
 As far as I understand, you get three different network interfaces:


 dom0: a bridge (virbr0)
 dom0: a virtual network interface (vifN.X)
 domU: a virtual network interface which doesn`t appear to be virtual to
   domU

[Xen specific network questions skipped, I've not been using Xen lately]

 Do I have to set up shorewall (or the like) on dom0 to be able to handle
 network access for guests?  Would I need to create a bridge for every
 guest to be able to handle them separately for firewalling purposes
 because otherwise packets circumvent firewall rules by directly going
 over the bridge?  If so, why are bridges needed?

You need to pick. One approach is to set up a bridged connection with
one VM, with a second localized VLAN connection, and run shorewall or
other firewalls on that VM to manage connections to the rest of the
VM's. This leaves your bandwidth trapped at the capacity of that
firewall VM, but it's not an uncommon soluiton, especially when
running complex firewalls and/or proxies in small environments.

Whether you need bridges then depends on where your firewall is. If it
lives on another host on your network, yes, your guests need bridges.
If it's on a VM with two connections, as I described above, it's
potentially much easier to set up on a single firewall VM. But
migrating the firewall among multiple VM servers means establishing,
and maintaining, a multiple VM server internal network, and if doing
that, *THOSE* might mandate bridges.

 I would understand doing things like adding those guests that are
 visible to the LAN only to the same bridge to have them all reachable
 likewise.  When doing that, it would seem to make sense to use a
 different subnet for guests in the DMZ.

It Depends(tm).

 All the documentation tells you many different things, none of them work
 and it`s totally confusing.  Is there any /good/ documentation
 somewhere?

I suggest what you need to accomplish first. Do you have, or want to
build, firewalls? Are you isolating DMZ hosts or public facing
webservers that need heightened isolation and security?
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen DomU supoprt in RHEL 7 and the CentOS Plan

[Nico Kadel-Garcia]

On Fri, May 23, 2014 at 10:59 AM, Major Hayden ma...@mhtx.net wrote:
 On May 23, 2014, at 9:13, Simon Rowe simon.r...@eu.citrix.com wrote:

 Why do you say that? My minimal testing of the rc doesn't show any
 problems installing on Xen 4.4

 I had the same results as Simon.

 Running RHEL7rc as a domU on a machine running a Fedora-based Xen hypervisor 
 works fine.

 However, there is no Xen *dom0* support in RHEL7rc.  There are no tools 
 either.  Last time I checked, Xen support wasn't evenincluded with libvirt on 
 RHEL7rc. :/

Given Red Hat's focus on and direct freeware support of KVM, why
should they burn cycles on open source integration of a product that
has a closed source upstream vendor at Citrix? They'd be much better
off spending the engineering time on libvirt and getting the
NetworkManager configuration tools to correctly support KVM compatible
bridging or ordinary network pair bonding, jumbo frames, and VLAN
tagging. None of that was working correctly on CentOS 6 or RHEL 6
without hand editing config files, which would be overwritten and
scrambled by using NetworkManager to configure anything. I've not
spent time with the latest NetworkManager on the RHEL 7 betas, and
would be very curious to see if they've gotten *that* straightened
out.

In Red Hat's position, I'd contact Citrix and get *them* to do the
testing and debugging, which they'll need to do for their commercial
products, anyway. That might get into interesting open source
licensing issues, but it's a lot cheaper than replicating testing labs
and doing Citrix's work for them.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen DomU supoprt in RHEL 7 and the CentOS Plan

[Nico Kadel-Garcia]

I'd not realized Citrix had shifted their publication model. If what
is on github is what they use for production, *good*. Are there any
major components left that are missing from github?

On Sun, May 25, 2014 at 10:25 AM, Antony Messerli
amess...@rackspace.com wrote:
 Just for clarification sake, Xen is now part of the Linux Foundation and
 XenServer itself is open source as well.

 Pretty much all of the bits to generate the XenServer build and all
 development of the Citrix product are done on Github now.

 I get the push to use KVM but given the amount of interest and use there was
 on CentOS 6 with Xen, I believe the effort will still be made to get it into
 CentOS 7, which is why it would be nice if it was upstream as well.

 From: Nico Kadel-Garcia nka...@gmail.com
 Sent: May 25, 2014 8:58 AM
 To: Discussion about the virtualization on CentOS
 Subject: Re: [CentOS-virt] Xen DomU supoprt in RHEL 7 and the CentOS Plan

 On Fri, May 23, 2014 at 10:59 AM, Major Hayden ma...@mhtx.net wrote:
 On May 23, 2014, at 9:13, Simon Rowe simon.r...@eu.citrix.com wrote:

 Why do you say that? My minimal testing of the rc doesn't show any
 problems installing on Xen 4.4

 I had the same results as Simon.

 Running RHEL7rc as a domU on a machine running a Fedora-based Xen
 hypervisor works fine.

 However, there is no Xen *dom0* support in RHEL7rc.  There are no tools
 either.  Last time I checked, Xen support wasn't evenincluded with libvirt
 on RHEL7rc. :/

 Given Red Hat's focus on and direct freeware support of KVM, why
 should they burn cycles on open source integration of a product that
 has a closed source upstream vendor at Citrix? They'd be much better
 off spending the engineering time on libvirt and getting the
 NetworkManager configuration tools to correctly support KVM compatible
 bridging or ordinary network pair bonding, jumbo frames, and VLAN
 tagging. None of that was working correctly on CentOS 6 or RHEL 6
 without hand editing config files, which would be overwritten and
 scrambled by using NetworkManager to configure anything. I've not
 spent time with the latest NetworkManager on the RHEL 7 betas, and
 would be very curious to see if they've gotten *that* straightened
 out.

 In Red Hat's position, I'd contact Citrix and get *them* to do the
 testing and debugging, which they'll need to do for their commercial
 products, anyway. That might get into interesting open source
 licensing issues, but it's a lot cheaper than replicating testing labs
 and doing Citrix's work for them.
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt

 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt

___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Cant boot a image

[Nico Kadel-Garcia]

gzipped image of *what*? Is it a gzipped copy of a disk image, which
you've added to the set of disks attached to your virtualized hosts? A
gzipped tarball of an operating systems's contents? And which
virtualization technology are you using? If it's a disk image, which
format is it?

On Fri, May 2, 2014 at 3:53 AM, mattias mjonsson1...@gmail.com wrote:
 Ii took a gzipped image
 And use gunzip to extract it
 But now i cant boot!
 Fdisk shows no partition table

 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] p2v conversion questions

[Nico Kadel-Garcia]

The best documentation is that if you don't personally care to burn
your time learning to do virtualization software integration from
source code, you use the RPM's from the upstream vendor. Red Hat's
notes are aimed at RHEL, and the CentOS 6.5 package are built form the
latest Red Hat published source with all the patches, integrated with
their virt-manager and KVM and other components. Don't do it from
scratch unless you care to spend development time on what should be a
plug and play operations.



On Thu, May 1, 2014 at 5:22 PM,  m...@tdiehl.org wrote:
 Hi,

 I am in the process of converting a w2k8 physical server to C6.5 kvm. In 
 reading
 https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/V2V_Guide/sect-V2V_Guide-Configuration_Changes-Configuration_Changes_for_Windows_Virtual_Machines.html
 It says that virtio-win rpm is required. I know that the virtio-win rpms are
 not available for Centos 6.5 but the drivers are available for download at
 https://alt.fedoraproject.org/pub/alt/virtio-win/latest/images/bin/

 My question is does any have anyone have any documentation that shows
 where I should put the virtio-win drivers in order to get a successful
 migration? Is there any better documentation that I should
 use to get the migration done?

 I have been googling all afternoon with no real progress. Some old threads I
 have found seem to indicate that /usr/share/virtio-win is the correct place
 but those threads are from 2011. I need to do the migration tomorrow and I
 would like to be as prepared as possible.

 Regards,

 --
 Tom m...@tdiehl.org   Spamtrap address
 me...@tdiehl.org
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Cant boot a image

[Nico Kadel-Garcia]

On Sat, May 3, 2014 at 2:54 PM, mattias mjonsson1...@gmail.com wrote:
 a qcow2
 Nico Kadel-Garcia skrev 2014-05-03 20:53:
 gzipped image of *what*? Is it a gzipped copy of a disk image, which
 you've added to the set of disks attached to your virtualized hosts? A
 gzipped tarball of an operating systems's contents? And which
 virtualization technology are you using? If it's a disk image, which
 format is it?

And the other questions? Which virtualization technology are you
using, and have you enabled the qcow2 uncimpressed image in your
configuration for your virtual host?
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Cant boot a image

[Nico Kadel-Garcia]

OK. Does the BIOS report the disk as perceived? Or does booting with a
live CD or DVD report the disk image as available? My concern is that
your gzipped gcow2 image is not what you think it is, and the disk
image is corrupted or invalid.

On Sat, May 3, 2014 at 2:59 PM, mattias mjonsson1...@gmail.com wrote:
 kvm
 i import it with virt-install
 Nico Kadel-Garcia skrev 2014-05-03 20:58:
 On Sat, May 3, 2014 at 2:54 PM, mattias mjonsson1...@gmail.com wrote:
 a qcow2
 Nico Kadel-Garcia skrev 2014-05-03 20:53:
 gzipped image of *what*? Is it a gzipped copy of a disk image, which
 you've added to the set of disks attached to your virtualized hosts? A
 gzipped tarball of an operating systems's contents? And which
 virtualization technology are you using? If it's a disk image, which
 format is it?
 And the other questions? Which virtualization technology are you
 using, and have you enabled the qcow2 uncimpressed image in your
 configuration for your virtual host?
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt

 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] VMs failing to restart

[Nico Kadel-Garcia]

On Thu, Mar 27, 2014 at 8:14 AM, Lars Hecking
lheck...@users.sourceforge.net wrote:
 Nico Kadel-Garcia writes:
 I published notes some time back about pair bonding for CentOS,
 applicable to Scientific Linux as well, t
 https://wikis.uit.tufts.edu/confluence/display/TUSKpub/Configure+Pair+Bonding,+VLANs,+and+Bridges+for+KVM+Hypervisor

 Show us your /etc/sysconfig/network-scripts/ifcfg-br0, if you would. I
 particularly want to see your BONDING_OPTS.

  That's in ifcfg-bond0. I use mode=0 (balance-rr), wheras your docs show
  mode=1 (active-backup).

Balance-rr is *NOT* your friend. Many upstream switches will have
serious problems with it.

  Will change that and see what the next reboot brings.

Please do.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] VMs failing to restart

[Nico Kadel-Garcia]

I published notes some time back about pair bonding for CentOS,
applicable to Scientific Linux as well, t
https://wikis.uit.tufts.edu/confluence/display/TUSKpub/Configure+Pair+Bonding,+VLANs,+and+Bridges+for+KVM+Hypervisor

Show us your /etc/sysconfig/network-scripts/ifcfg-br0, if you would. I
particularly want to see your BONDING_OPTS.



On Wed, Mar 26, 2014 at 6:24 PM, Lars Hecking
lheck...@users.sourceforge.net wrote:
 Nico Kadel-Garcia writes:
 NetworkManager and system-config-network do not really handle pair
 bonding very well, so you've obviously set it up by hand. this is the
 point where, getting a paid license RHEL license for your KVM server
 gets you direct access to their support team.

  My servers don't use NM. Cf. other discussions on the main centos list :)

 In particular, post your bridge settings. I think they should be set
 to failover, not to the other, more complex and load balanced
 settings, to avoid confusing your switches and possibly KVM clients.

  This? Or is there more information available?

 # brctl  show
 bridge name bridge id   STP enabled interfaces
 br0 8000.00215e4d349b   no  bond0
 vnet0
 vnet1
 vnet2
 vnet3
 vnet4
 vnet5
 vnet6
 virbr0  8000.525400825a69   yes virbr0-nic
 #

 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] VMs failing to restart

[Nico Kadel-Garcia]

NetworkManager and system-config-network do not really handle pair
bonding very well, so you've obviously set it up by hand. this is the
point where, getting a paid license RHEL license for your KVM server
gets you direct access to their support team.

In particular, post your bridge settings. I think they should be set
to failover, not to the other, more complex and load balanced
settings, to avoid confusing your switches and possibly KVM clients.

On Wed, Mar 26, 2014 at 7:20 AM, Lars Hecking
lheck...@users.sourceforge.net wrote:

  This is a problem I've had on and off under CentOS5 and CentOS6, with both
  xen and kvm. Currently, it happens consistently with kvm on 6.5, e.g. with
  every kernel update. I *think* it generally worked fine with the 6.4 kernels.

  There are 7 VMs running on a 6.5, x86_64, 8GB RAM host, each with 512MB RAM
  and using the e1000 NIC. I picked this specific NIC because the default does
  not allow reliable monitoring through SNMP (IIRC). The host has two bonded
  NICs with br0 running on top.

  When the host reboots, the VMs will generally hang bringing up the virtual
  NIC, and I need to go through several iterations of destroy/create, for each
  VM, to get them running. The always hang here (copypaste from console):

 ...
 Welcome to CentOS
 Starting udev: udev: starting version 147
 piix4_smbus :00:01.3: SMBus Host Controller at 0xb100, revision 0
 e1000: Intel(R) PRO/1000 Network Driver - version 7.3.21-k8-NAPI
 e1000: Copyright (c) 1999-2006 Intel Corporation.
 ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 11
 e1000 :00:03.0: PCI INT A - Link[LNKC] - GSI 11 (level, high) - IRQ 11
 e1000 :00:03.0: eth0: (PCI:33MHz:32-bit) 00:16:3e:52:e3:0b
 e1000 :00:03.0: eth0: Intel(R) PRO/1000 Network Connection

  Any suggestions on where to start looking?

 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Remove Centos from AWS marketplace

[Nico Kadel-Garcia]

On Sun, Mar 9, 2014 at 11:28 AM, Digimer li...@alteeve.ca wrote:
 Would you mind elaborating on this? If a snapshot is a point-in-time
 image of a VM (or even normal FS), why would DB backups be at risk
 (assuming things like fsync are used)?

 I'm asking in general terms... no idea if this is something AWS specific.

 digimer

It's a general issue. If a system snapshot is used to correctly
preserve both the disk image, and the state of the VM including
memory, well and good. The state is recoverable. There's always a risk
that interrupted network transactions left things in an unexpectedly
inconsistent state that the VM is not equipped to handle: I'm thinking
particularly of wget or other download transactions where the
download software was not intelligent enough to verify the download
before proceeding. I've been through this a lot lately with chef
software. It's compounded by network based filesystem transactions,
such as interactions with NFS or CIFS filesystems, which cannot be
synchronized with the OS snapshot.

But simply relying on the disk image from such an AWS snapshot,
without recovering the full system state, is a potential adventure.
I've not myself had opportunity to play with this kind of restoration,
so I'm uncertain whether AWS allows access to the plain disk image, or
automatically would bring the full VM state with it for re-activation
of the snapshot.   If you're just getting at the disk images, using
fsync before the snapshots is helpful, but any atomic transaction
that is in progress at the time of the disk image snapshot is not
verifiable in the atomicity of that transaction. This particularly
includes  precisely the sort of page mapped data, sitting in RAM,
that the fsync command helps write to disk.

And snapshots cheduled from outside controllers, such as automatic
snapshots, cannot be reliably synced with system specific fsync
database suspension commands without a great deal of integration
between the outside system, and the local host, that VM's are not
supposed to normally need. I went through great deal of this some
years back, shutting down databases, running LVM to get a disk
snapshot, then running rsnapshot against the *snapshot* to avoid
getting an inconsistent state of the database into the backup system.

And there are some *funky* databases out there. Ask sometime about the
Use hardlinked RCS files for source control of multiple project
branches sometime, if you'd like to wince a lot.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Problem with lvm disks assigned to kvm guests

[Nico Kadel-Garcia]

On Thu, Feb 6, 2014 at 6:17 AM, Dennis Jacobfeuerborn
denni...@conversis.de wrote:
 On 06.02.2014 12:05, C. L. Martinez wrote:
 On Thu, Feb 6, 2014 at 11:01 AM, Dennis Jacobfeuerborn


 Many thanks Dennis ... Then if I do:

 dd if=/dev/zero of=/dev/sdc1 bs=1M (it is a 1TiB disk), will erase all
 data and partitions created by the kvm guest??

 That should work although if you want to be really safe you should
 probably use /dev/urandom instead of /dev/zero as using random data is a
 better way to deal with the problem of data remanence:

 http://en.wikipedia.org/wiki/Data_remanence#Overwriting

 Regards,
Dennis

To avoid seeing the old partitions or boot loader, you can simply zero
the partition information. That will avoid the confusion, and it is
*much, much faster* than zeroing the whole disk.

  dd if=/dev/zero of=/dev/sdc1 count=100

/dev/urandom take *much* longer.. Also, that article you mention
merely describes the technique.  The *expense* of data recovery from
something that's been overwritten simply with zeroes or ones is
hideous, and the results quite poor according to previous analyses
I've seen. So while thousands of Google articles recommend for real
security, use /dev/urandom, it's extremely difficult to find any that
justify the expense and time.

If you really feel the need to do military grade scrubbing, use
dban, with the source code available at
http://sourceforge.net/projects/dban/files/dban/dban-2.2.8/.. It's at
the core of most disk erasure CD's and  USB stick tools that I've
seen..
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Hey

[Nico Kadel-Garcia]

On Tue, Jan 28, 2014 at 1:22 PM, Robert Dinse nan...@eskimo.com wrote:

   I've used both Xen and KVM and at least in benchmarks of applications I
 did here I didn't see much difference and since KVM is natively supported by
 RedHat, that's what I've been using.

I used to use Xen. As far as I can tell, I published the first SRPM's
for it, back when it was open entirely open source, before Citrix
bought it.  As far as I  can tell, the open source Xen suffers from
many of the same problems as KVM and qemu. Namely, the gui and command
line tool, libvirt, is poorly built overburdened debris that does
not fulfill *anyone's* standards of a good configuration tool,
especially the open source GUI guidelines written by Eric Raymond in
his Luxury of Ignorance essay.

That said, Xen suffers no more from it than KVM does. It also doesn't
have the stunningly painful requirements to override NetworkManager
and manually configure the bridge device, as documented by me years
ago at at 
https://wikis.uit.tufts.edu/confluence/display/TUSKpub/Configure+Pair+Bonding+and+Bridges+for+KVM+Hypervisor.


   Obviously on this list there is mostly Xen users, and I feel like I must
 be missing some great advantage so I am curious, those of you who prefer Xen,
 why?

Personally, I use Virtualbox or corporate supplied VMware these days.
Not becuase I don't like open source tools, but because I prefer to
spend my subtle confifation time more usefully than working through
libvirt and NetworkManager manual, poorly documented, unintegrated
confuiguration steps just to get things to work normally.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Loading a FreeBSD 10 VM on QEMU-KVM..

[Nico Kadel-Garcia]

Dude, do *not* run test VM's on a production environment. Can you run
a test install on your  personal machine, using VirtualBox, or KVM or
other tools, just to see if it works well with *any* virtualization
toolkit?

On Thu, Jan 16, 2014 at 5:18 AM, Howard Leadmon how...@leadmon.net wrote:
   I will probably get it up to 6.5 over the weekend, it’s pretty much
 because the host has established production VM’s running on the server, and
 I have to take a bunch of stuff offline to update.   Yes, I know that needs
 to get done during some weekend maintenance time..





 ---

 Howard Leadmon



 From: centos-virt-boun...@centos.org [mailto:centos-virt-boun...@centos.org]
 On Behalf Of Dima (Dan) Yasny
 Sent: Monday, January 13, 2014 11:56 PM


 To: Discussion about the virtualization on CentOS
 Subject: Re: [CentOS-virt] Loading a FreeBSD 10 VM on QEMU-KVM..



 Why 6.4 when 6.5 is out?



 Also, you haven't mentioned what type of storage you are using, have you
 tried both IDE and virtio?



 On Mon, Jan 13, 2014 at 8:52 PM, Howard Leadmon how...@leadmon.net wrote:


  I was trying to load a FreeBSD 10 VM on my CentOS 6.4 machine, and it keeps
 hanging and not completing the boot.   I have FBSD 9.x VM's running just
 fine, but if I try and load 10.x it's a no go.

 Attaching to the console using VNC, I see:


 gPXE (http://etherboot.org) - 00:04.0 C980 PCI2.10 PnP BBS PMM7FC0@20 C980

 Booting from DVD/CD...
 CD Loader 1.2

 Building the boot loader arguments
 Looking up the /BOOT/LOADER... Found
 Relocating the loader and the BTX



 That is it, at that point it just hangs.   I have tried from 2G RAM to 6G
 RAM for the VM, and from 1 to 4 CPU's, but no effect.  The FreeBSD lists
 said I should load a newer QEMU-KVM, that there are much newer releases but
 everything I have seen claims that is not a good idea, that RH does version
 numbering much differently.

 Has anyone run into this, or have any ideas on how to get past it, as I
 would love to load up the newest FBSD and give it a run as well..



 ---
 Howard Leadmon




 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt




 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt

___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Fwd: Building Xen on RHEL7

[Nico Kadel-Garcia]

My first thought on seeing this thread was Is there some reason to
compile from source, rather than from an SRPM, say those at
http://dev.centos.org/centos/6/xen-c6/SRPMS/ ?

I went ahead and grabbed RHEL 7 beta from
http://ftp.redhat.com/pub/redhat/rhel/beta/7/, where the actual
bootable iso's and accessible yum epository actually live, without the
burdensome RHEL registration process. I understand there are benefits
to registering a temporary license, just to be able to submit your
reports to the registered channels, but *sheesh*. The you must permit
our friends to spam you to register for a beta is nasty, which is why
I dug around for that  http://ftp.redhat.com/pub/redhat/rhel/beta/7
direct access. And it's a *lot* easier to use that website for
installation, or setting up a local mirror, than to register with RHEL
on this particular project. I love RHEL service and support pricing,
aand their software attitudes, I use them along with CentOS and
Scientific Linux for various projects, but their registratioin for
this project scared me of becuase of the let us spam you agreeement
required for registration.

After trying to build the SRPM's on RHEL 7 Beta myself I found that
the current CentOS Xen publisned SRPM's are quite good. And I say this
as the guy who first published SRPM's for Xen, while I was working for
the BBC some years back. I'd use the SRPM's over a source download and
compilation in a heartbeat. Unfortunately, they don't build on RHEL 7
Beta yet, but it looks like that's a compiler change problem, not an
SRPM problem per se. For any of the CentOS Xen project developers
here, they're good: Just grab the SRPM's and build up the toolchan in
the new environment.

But trying to build from the SRPM's resolved all the build dependency,
including satisfying the requirement for the openssl-devel and dev86
dependencies that you encountered. And the dev86 SRPM's published
there worked well, with the caveat that it did not have a gcc
dependencies, which I've added to a .spec file, and the .spec file for
dev86 and for Xen both have badly formatted dates in the %changelog
stanza. RHEL 7 is much less tolerant of this  than RHEL 6 was. Again,
I've edited some .spec files and will try to submit some patches if I
can fiind time.

Once I'd satisfied all the dependencies for the SRPM, I was able to
build the Xen 4.3.1  tarball pretty easily. It just didn't work well
to plug the tarball into the old  SRPM  and .spec file. A whole stack
of the patches have already been incorporated, such as almost all of
the xsa patches, and other patches  that were designed to optimize
RHEL/CentOS compilation just fail to install on the new codebase.
Updating to Xen 4.3.1 is its own whole project, on RHEL 7 or CentOs 6,
one I don't have time for myself and wish the project maintainers
great success with.

But with all that said: why are you bothering with Xen when RHEL and
thus CentOS have KVM support built right in? Is there some feature you
require that isn't available in the built-in KVM support?
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Fwd: Building Xen on RHEL7

[Nico Kadel-Garcia]

On Sun, Dec 22, 2013 at 1:30 AM, Peter pe...@pajamian.dhs.org wrote:
 On 12/22/2013 04:33 PM, Nico Kadel-Garcia wrote:
 My first thought on seeing this thread was Is there some reason to
 compile from source, rather than from an SRPM, say those at
 http://dev.centos.org/centos/6/xen-c6/SRPMS/ ?

 My thinking is that the sources from F19 would be better since RHEL7 is
 based on F19 they would be a lot closer to RHEL7 than the CentOS 6 Xen
 sources, although both would probably build with no modifications at all.

That's fair., and a good point. However, the CentOS 6 tools did have
some issues, as mentioned below..

 with the caveat that it did not have a gcc
 dependencies, which I've added to a .spec file,

 gcc is considered to be part of the standard build toolset and as such
 is not required to be listed as a dependency in any spec file.

Part of a standard build toolset or not, it needs to be mentioned. The
dev86 SRPM was pretty old, admittedly. But Fedora, and EPEL, and RHEL,
all build their  RPM's with mock and koji these days, and gcc is
*not* part of the basic build environment. There are reasons, having
to do with cross-compilation and alternative compiler toolchains. So
RHEL, Fedora, and EPEL RPM's all specify cc or gcc as needed,

Do take a good look at those Fedora SRPM's if you think I'm kidding..

 and the .spec file for
 dev86 and for Xen both have badly formatted dates in the %changelog
 stanza. RHEL 7 is much less tolerant of this  than RHEL 6 was. Again,
 I've edited some .spec files and will try to submit some patches if I
 can fiind time.

 The F19 spec files should be fully compliant with the EL7 guidelines.

Quite right, and good point. For the ctntos-virt world, I partly
thought I'd work from the centos-xen published tools. Again, you make
a good point..

 Once I'd satisfied all the dependencies for the SRPM, I was able to
 build the Xen 4.3.1  tarball pretty easily. It just didn't work well
 to plug the tarball into the old  SRPM  and .spec file.

 Admittedly F19 comes with Xen 4.2.3, rawhide comes with 4.3.1, though,
 and can probably be directly rebuilt for EL7 without any fuss.

 But with all that said: why are you bothering with Xen when RHEL and
 thus CentOS have KVM support built right in? Is there some feature you
 require that isn't available in the built-in KVM support?

 Some people like Xen, people like a choice, and it's not all that
 difficult to add Xen to EL7 anyways.  There's no reason to exclude it
 just because upstream made a political decision.

Sure. But don't make a choice just to make a different choice, and I'
didn't suggest excluding it. I was just asking why someone who was
unfamilar with RPM building was burning their cycles building from
scratch. I do it myself, but don't recommend it when there are tools
already availble. And you hd a *very* good point about working with
the Fedora tools!
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] proper bridging technoque

[Nico Kadel-Garcia]

Stay out of udev if you can. It's often overwritten by component
addition and manipulation MTU is parsed, and overridden, by options in
/etc/sysconfig/network-scripts/ifcfg-[device]. I find it much safer to
read and manage there, and if new devices are added or replaced, the
behavior is dominated by the HWADDR associated config files there,
no matter what udev thinks the device number or name should be..

On Wed, Nov 20, 2013 at 11:32 PM, Digimer li...@alteeve.ca wrote:
 On 20/11/13 23:03, Digimer wrote:
 On 20/11/13 20:49, aurfalien wrote:

 On Nov 20, 2013, at 4:47 PM, Digimer wrote:

 On 20/11/13 19:47, aurfalien wrote:

 On Nov 20, 2013, at 4:44 PM, Digimer wrote:

 On 20/11/13 19:25, aurfalien wrote:

 On Nov 20, 2013, at 4:13 PM, Digimer wrote:

 On 20/11/13 19:04, aurfalien wrote:
 Hi,

 Wondering if this is the proper bridging technique to use for 
 Centos6+KVM;

 http://wiki.centos.org/HowTos/KVM

 Before I embark on this again, I would like to do it by the book.

 Thanks in advance,

 - aurf

 Personally, I do this:

 https://alteeve.ca/w/2-Node_Red_Hat_KVM_Cluster_Tutorial#Configuring_The_Bridge

 It gives the VMs direct access to the outside network, as if they were
 normal servers. I've used this setup for years without issue under many
 different VMs with various OSes.

 cheers

 Many many thanks, will use it.

 Sounds like it will bode well concerning jumbo frames.

 - aurf

 Jumbo frames should be fine. I don't generally use it myself, but I have
 tested it with success. Just be sure to enable it on the bridge and
 slaved devices. Simply adding 'MTU=' to each ifcfg-x file should
 be sufficient.

 --
 Digimer

 Man, really sorry to bug as this seems begnin as I've done this numerous 
 time but on non bridged ints.

 When I add MTU=9000 to the bridged int, I get;

 RNETLINK answers invalid argument

 My phys int is showing jumbo but the bridged int is showing standard.

 No bother at all. It has been a bit since I tested it though, so I will
 have to experiment a bit myself

 Done!

 I remember the trick now; The bridge will take the MTU of the _lowest_
 MTU device connected to it. So in my case here, I up'ed the MTU of the
 backing ethX and bondY devices, but the bridge stayed at 1500.

 Trying to adjust it failed with 'SIOCSIFMTU: Invalid argument', which is
 the kernel's way of saying that the MTU is too large for the device
 (usually hit when surpassing the hardwares real MTU). Being a bridge
 though, this didn't make sense. When I up'ed the MTU of the vnetX
 devices though, the bridge jumped up on its own.

 So I suspect that if you do 'brctl show' and then check the MTU of the
 connected devices, one of them will still have a low MTU. Push it up and
 then do a non-fragmenting ping 28 bytes smaller than your MTU size. If
 the ping works, you know the MTU is increased.

 All this said, my experience with realtek NICs left me detesting them.
 I've seen cards advertised as supporting jumbo frames going up to
 silly sizes like 7200 only. Further, in benchmarks, the performance
 dropped over something like an MTU of 4000.

 If you want to determine the actual maximum MTU of a given interface,
 this might help;

 https://github.com/digimer/network_profiler/blob/master/network_profiler

 It's a little script that uses passwordless SSH between two nodes and
 automatically determines the maximum MTU between the two machines and
 then benchmarks at 100 byte intervals. When it's done, it spits out a
 graph showing the full and half-duplex results so you can see which MTU
 was the best to use.

 Once you've profiled the real devices, you can then work on the MTU of
 the higher-layer devices like bonds, bridges and virtual interfaces.

 hth

 Another update;

   To make sure the VMs' vnetX devices are created with a larger MTU, you
 *sill* need to update udev[1].

   Append to /etc/udev/rules.d/70-persistent-net.rules;

 
 # Make all VMs' vnetX devices come up with an MTU of 9000.
 SUBSYSTEM==net, ACTION==add, KERNEL==vnet*, ATTR{mtu}=9000
 

   Assuming you find that you can use an MTU of '9000', of course. No
 need to reboot or even restart networking. Just add that line and then
 provision/boot your VMs. If the VMs are already running, you can adjust
 the MTU of the existing 'vnetX' devices with:

 ifconfig vnetX mtu 9000

 Cheers!

 PS - Credit for the udev rule:

 http://linuxaleph.blogspot.ca/2013/01/how-to-network-jumbo-frames-to-kvm-guest.html

 --
 Digimer
 Papers and Projects: https://alteeve.ca/w/
 What if the cure for cancer is trapped in the mind of a person without
 access to education?
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] proper bridging technoque

[Nico Kadel-Garcia]

I was under the impression that the relevant MTU settings were on the
*node's* local ifcfg-eth* configurations. Did something change with
KVM internal networking in the last year?

On Thu, Nov 21, 2013 at 1:03 PM, Digimer li...@alteeve.ca wrote:
 The problem is that there are no ifcfg-vnetX config files. They are
 dynamically created as VMs are created or migrated to a node. You could
 manually (or via script) change the MTU, but that would mean that the
 MTU on the bridge would drop momentarily when new VMs start. This could
 break network traffic for any existing VMs (or real devices) using large
 frames.

 I'm not a fan of udev either, but in this case, it is the best option.
 Of course, I am certainly open to hearing alternative methods if they exist.

 On 21/11/13 08:39, Nico Kadel-Garcia wrote:
 Stay out of udev if you can. It's often overwritten by component
 addition and manipulation MTU is parsed, and overridden, by options in
 /etc/sysconfig/network-scripts/ifcfg-[device]. I find it much safer to
 read and manage there, and if new devices are added or replaced, the
 behavior is dominated by the HWADDR associated config files there,
 no matter what udev thinks the device number or name should be..

 snip


 Another update;

   To make sure the VMs' vnetX devices are created with a larger MTU, you
 *sill* need to update udev[1].

   Append to /etc/udev/rules.d/70-persistent-net.rules;

 
 # Make all VMs' vnetX devices come up with an MTU of 9000.
 SUBSYSTEM==net, ACTION==add, KERNEL==vnet*, ATTR{mtu}=9000
 

   Assuming you find that you can use an MTU of '9000', of course. No
 need to reboot or even restart networking. Just add that line and then
 provision/boot your VMs. If the VMs are already running, you can adjust
 the MTU of the existing 'vnetX' devices with:

 ifconfig vnetX mtu 9000

 Cheers!

 PS - Credit for the udev rule:

 http://linuxaleph.blogspot.ca/2013/01/how-to-network-jumbo-frames-to-kvm-guest.html

 --
 Digimer
 Papers and Projects: https://alteeve.ca/w/
 What if the cure for cancer is trapped in the mind of a person without
 access to education?
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt



 --
 Digimer
 Papers and Projects: https://alteeve.ca/w/
 What if the cure for cancer is trapped in the mind of a person without
 access to education?
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] proper bridging technoque

[Nico Kadel-Garcia]

This is int4eresting stuff. I do note that the virt-manager tool,
and NetworkManager, give *no* insight and detailed management
sufficient to resolve this stuff.  Note also that dancing through all
the hoops to get this working, end-to-end, is one of the big reasons
that most environments refuse to even *try* to use jumbo frames, as
helpful as they sometimes are to heavy data transfers.

On Thu, Nov 21, 2013 at 6:58 PM, Digimer li...@alteeve.ca wrote:
 On 21/11/13 18:20, aurfalien wrote:

 On Nov 21, 2013, at 2:45 PM, Digimer wrote:

 The 'vnetX' number doesn't relate to the interface, bridge or anything
 else. The vnetX number is a simple sequence that increments each time a
 VM is started. So don't think that you need 'vnet6'... it can be anything.

 The 'brctl show' output from earlier showed that both vnet0 and vnet1
 were connected to br0. You can try using the bridge utils to remove them
 from br0 and connect them to br6 as a test.

 --
 Digimer

 Well, when I remove vnet1 from br0 and add vnet1 to br1, I loose 
 connectivity with my VMs.

 No biggy so I reboot my entire host.

 Then vnet1 show back under br0.

 I just don't understand enough about this to get a clue, depressing.

 - aurf

 Think of each bridge as if it were a physical switch.

 When you detached vnet1 from br0, you unplugged it from a switch. When
 you attached it to br1, you plugged it into another switch.

 If there is no connection out to your network/internet on a given
 switch, then anything plugged into that switch will go nowhere. Same
 with bridges.

 You seemed to indicate earlier that the main connection was on br6. Is
 this true? If so, then switch br6 is the switch with the uplink to
 your network. Plug a VM into it and you can route out through it.

 When you rebooted the VM, the hypervisor read the definition file. That
 definition file says to plug in the server to br0. So it makes sense
 that the reboot reconnected it to br0.

 If you want to use jumbo frames on the br0 switch, you need to set the
 larger MTU on the interfaces are all set to your desired MTU size.

 --
 Digimer
 Papers and Projects: https://alteeve.ca/w/
 What if the cure for cancer is trapped in the mind of a person without
 access to education?
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] proper bridging technoque

[Nico Kadel-Garcia]

I wrote this last year. I've found no other description that lays out
the difficulties of KVM bridges,  tagged VLAN's, and pair bonding.

https://wikis.uit.tufts.edu/confluence/display/TUSKpub/Configure+Pair+Bonding,+VLANs,+and+Bridges+for+KVM+Hypervisor

I'm not working for that university anymore, so I've not had an
opportunity to update it. But it's pretty complete. The anaconda with
its internal use of NetworkManager tools that come from upstream
*cannot be convinced* to properly configure these settings, they're
simply not available setup options. You have to set them up manually
on the KVM server after basic OS installation.

These are some of the reasons I reject NetworkManager for any server
setups or virtualization environments. It lacks the most basic setup
features such as pair bonding or bridge setups, and I've not yet seen
evidence of improvement in the upstream codebase.

Nico Kadel-Garcia



On Wed, Nov 20, 2013 at 7:04 PM, aurfalien aurfal...@gmail.com wrote:
 Hi,

 Wondering if this is the proper bridging technique to use for Centos6+KVM;

 http://wiki.centos.org/HowTos/KVM

 Before I embark on this again, I would like to do it by the book.

 Thanks in advance,

 - aurf
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM virtual machine and SAN storage with FC

[Nico Kadel-Garcia]

On Sat, Jul 6, 2013 at 8:30 AM, Thomas Göttgens tgoettg...@gmail.com wrote:
 Hi,

 while i am using mysql_mmm myself, it does has ist quirks and tends to get
 the odd node out of sync, especially if your run additional slaves connected
 to the master-master setup. You might have a look at galera cluster which is
 available standalone or as part of a special version of MariaDB. I have had
 a good experience with it, although it's innoDB only for now.

Heh. For good reason. MyISAM is being deprecated, by a lot of
developers, for a lot of reasons. Keeping the transactions atomic is
apparently a *big* MyISAM problem, and exacerbated by clustering
software.

I am curious about the multiple slave problem you mention. If this is
a reasonable group to detail it, do tell!
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM virtual machine and SAN storage with FC

[Nico Kadel-Garcia]

On Thu, Jul 4, 2013 at 12:44 AM, denis bahati djbah...@yahoo.co.uk wrote:
 Hi Brett,

 On my plan is as follows:

 I have two machine (Server) that will host two VM each. One for database and
 one for application. Then the two machine will provide (Load Balance and
 High availability). My intention is that all application files and data file
 for the database should reside on the SAN storage for easy access and
 update.

Don't... do this. Two database clients writing to the same database
filesystem back ends, simultaneously, is an enormous source of excited
sounding flow charts and proposals which simply do not work and are
very, very likely to corrupt your database beyond recover. These
problems have been examined, for *decades* with shared home
directories and saved email and for high performance or clustered
databases that need to not have split brain skew, It Does Not Work.

Set up a proper database *cluster* with distinct back ends.

 Therefore the storage should be accessible to both VMs through mounting the
 SAN storage to the VMs. The connection between SAN storage and the servers
 is through Fiber Channel.

Survey says *bzzzt*. See above for databases. For shared storage, you
should really be using some sort of network based access to a
filesystem back end. NetApp and EMC spend *billions* in research
building high availability shared storage, and even they don't pull
stunts like this the last I looked. I can vaguely imagine one of the
hosts doing write access and the other having read-only access. But
really, most databases today support good clustering configurations
that avoid precisely these issues.

 I have seen somewhere talking about DM-Multipath but i dont know if this can
 help or the use of VT-d if can help. I will also appreciate if you provide
 some links to give me insight of how to do this.

Multipath does not mean multiple clients of the same hardware
storage. That's effectively like letting two kernels write to the
same actual disk at the same time, and it's quite dangerous.

Now, if you want each client to access their own fiber channel disk
resource, that should be workable. Even if you have to mount the fiber
channel resources on the KVM host, and make disk images for the KVM
guest, that should at least get you a testable resource. But the
normal approach is have a fiber channel storage server that makes disk
images available via NFS, so that the guest VM's can be migrated from
one server to another with the shared storage more safely.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Can't build 5.9 with KVM on a 6.3 host - DHCP hang?

[Nico Kadel-Garcia]

On Fri, Feb 8, 2013 at 12:13 PM, Stephen Harris li...@spuddy.org wrote:
 On Fri, Feb 08, 2013 at 11:53:24AM -0500, Nico Kadel-Garcia wrote:
 On Fri, Feb 8, 2013 at 11:04 AM, Stephen Harris li...@spuddy.org wrote:
  During the build (via a serial console) we get
input: ImExPS/2 Generic Explorer Mouse as /class/input/input1
running install...
running /sbin/loader
Sending request for IP information for eth0...
Determining host name and domain...
Sending request for IP information for eth0...
Determining host name and domain...

 you do this from virt-manager so you can track the graphical outputs
 more fully, since serial console tends to be pretty limited?

 Ah, that helped!  I used a graphics console and now it reports a useful
 error; my kickstart file for RH5 had mistakenly coded 5.8 into the
 paths, rather than using the symlink I maintain.  This didn't show in
 the text installer, but did when I used the graphics console.

So it wasn't the KVM at all, just the kickstart file and a lack of
error messages from anaconda.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] KVM virtio block layer - is TRIM/DISCARD supported?

[Nico Kadel-Garcia]

On Sat, Feb 2, 2013 at 5:12 AM, Dmitry E. Mikhailov
d.mikhai...@infocommunications.ru wrote:
 Hi,

 One question please:

 If I use SSD as a storage on a host machine, does KVM's virtio I/O layer
 pass the TRIM/DISCARD commands to the SSD?

Doesn't look like it, *yet*. That looks like it came out in the 2.6.33
kernels, the upstream vendor for CentOS has only gotten up to 2.6.32.
I wouldn't necessarily call it stable for production use until it's
been out for a while.


 I guess the question would be twofold:
 1) is TRIM supported/forwarded if only one LVM'ed partition of SSD is
 forwarded?
 2) is TRIM supported/forwarded if full SSD is forwarded (i.e. /dev/sdX)

See above.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] virt-manager

[Nico Kadel-Garcia]

On Wed, Jan 23, 2013 at 7:42 AM, Zoltan Frombach zol...@frombach.com wrote:
 I run an Ubuntu VM under windows. Inside that, I use virt-manager to
 manage a remote Linux running KVM + libvirt.
 This way you do not need to have X on the remote box.

 Zoltan

 On 1/23/2013 10:49 AM, Nux! wrote:
 On 23.01.2013 05:45, mattias wrote:
 are there any windows based software to administer an kvm hhost?
 e.g create edit machines
 no web based

It can also be run via a local SSH server (such as the one built into
CygWin) by logging in remotely to the KVM server. You *will* need to
be sure that the KVM server has enough X utilities to actually run X
services this way, including tools such as xorg-x11-xauth and maybe
the editor or X terminal of your choice. But no, there is not really a
virt-manager directly built for Windows.

For general Windows access to X applications on Linux servers, I
really recommend the NX system from www.nomachine.com.  It's highly
optimized, has good resource management for the X sessions, allows you
to reconnect to an interrupted NX session without los of state, the
Windows client is good if you make sure to install all the optional
fonts, there are free software versions of most of it, the security
models are surprisingly good, and it's much more bandwidth efficient
and robust than a plain X application over SSH session.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] virt-manager

[Nico Kadel-Garcia]

On Wed, Jan 23, 2013 at 8:37 AM, Rainer Traut tr...@gmx.de wrote:
 Am 23.01.2013 14:15, schrieb Nico Kadel-Garcia:
 On Wed, Jan 23, 2013 at 7:42 AM, Zoltan Frombach zol...@frombach.com wrote:
 I run an Ubuntu VM under windows. Inside that, I use virt-manager to
 manage a remote Linux running KVM + libvirt.
 This way you do not need to have X on the remote box.

 Zoltan

 On 1/23/2013 10:49 AM, Nux! wrote:
 On 23.01.2013 05:45, mattias wrote:
 are there any windows based software to administer an kvm hhost?
 e.g create edit machines
 no web based

 It can also be run via a local SSH server (such as the one built into
 CygWin) by logging in remotely to the KVM server. You *will* need to
 be sure that the KVM server has enough X utilities to actually run X
 services this way, including tools such as xorg-x11-xauth and maybe
 the editor or X terminal of your choice. But no, there is not really a
 virt-manager directly built for Windows.

 And then?
 Ok rhetorical question, you mean local X server like xming:
 http://www.straightrunning.com/XmingNotes/

 SSH client is of your personal choice (putty, ZOC) and this way you can
 avoid Cygwin.

Yes, I meant a local X server. You're quite correct, thank you.

I've used Xming: I wasn't wildly impressed, but I'm a bit harsh on X
applications, and found the bandwidth optimization and ability to
reconnect to lost sessions or to share sessions provided by NX
software and its variants to be invaluable.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Upgrading libvirt and qemu to latest version

[Nico Kadel-Garcia]

I was trying this recently, along with virt-manager, anaconda, and 
system-config-kickstart. It can get into dependency hell. It's off my personal 
project list for now, but I'd start by grabbing the new Fedora 18 SRPM, and 
backporting it if possible.

Nico Kadel-Garcia
Email: nico.ka...@tufts.edu
Sent from iPhone

On Jan 19, 2013, at 21:12, Peter Smith peterfru...@gmail.com wrote:

 Hi,
 
 I am considering upgrading the libvirt to v0.10.1 and qemu-kvm to v1.2
 qemu version because they are  recommended by Ceph. I am wondering
 does CentOS kernel support upstream qemu well? And are there rpms for
 theses version somewhere? or I have to build myself?
 
 Thanks.
 Peter
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] xen device mapping/translation

[Nico Kadel-Garcia]

On Tue, Jan 15, 2013 at 8:39 PM, Luis Fernando Alen
luis.a...@izap.com.brwrote:

 Thank you, Andy.

 I tried to apply the patch you guys mentioned by compiling the module
 following instructions at
 http://wiki.centos.org/HowTos/BuildingKernelModules#head-d2e4c05886f94c701e4ae74387d41d8c40c25d01,
 but it didn't work.

 I've been struggling with it for the last 8 hours and no luck so far.

 I really don't know what's wrong. I'm not a linux kernel developer and I'm
 most likely failing because of something stupid.

 I know this must not the right place to ask for help on such matters, but
 if you guys could shed some light here, I'd really appreciate that.

 Well, if you're up to it, here's the situation:

 Looks like the module compilation worked (no errors or warnings occurred
 when I followed the instructions at the centos wiki), but I'm unable to
 load the new module to my running kernel.


If you're building a new kernel, you should really give it a new name and
fully install it as a distinct kernel. The safest way to do this is to work
from the SRPM, put the patch in *there* and  update the Release:
number in the kenrel.spec file This will avoid precisely the issues you
described.

Do you need a walkt hrough on rebuilding a package from SRPM's?


 I even copied the compiled and patched module to
 /lib/modules/2.6.32-279.19.1.el6.x86_64/kernel/drivers/block/ (overwrote
 the original) and /lib/modules/2.6.32-279.19.1.el6.x86_64/extra and
 rebooted the instance...

 Also, dmesg does not complain about a thing...

 *# modinfo
 /lib/modules/2.6.32-279.19.1.el6.x86_64/kernel/drivers/block/xen-blkfront.ko
 *
 *filename:
 /lib/modules/2.6.32-279.19.1.el6.x86_64/kernel/drivers/block/xen-blkfront.ko
 *
 *alias:  xenblk*
 *alias:  xen:vbd*
 *alias:  block-major-202-**
 *license:GPL*
 *description:Xen virtual block device frontend*
 *srcversion: B00B4183E470515A96DA320*
 *depends:*
 *vermagic:   2.6.32-279.19.1.el6.x86_64 SMP mod_unload modversions *
 *parm:   sda_is_xvda:sdX in guest config translates to xvdX, not
 xvd(X+4) (bool)*
 *
 *
 *# uname -r*
 *2.6.32-279.19.1.el6.x86_64*

 I also tried to remove the module and insert the patched one with insmod,
 but modprobe and rmmod are unable to unload it. They say it's in use.

 *# lsmod |grep blkfront*
 *xen_blkfront   15495  1 *

 I don't know what this 1 stands for, but if I were to guess, I'd say
 it's something unremovable...

 Please let me know if you need any other information.

 Thanks,





 Luis Alen
 www.izap.com.br
 Ligue com tarifa local de todo o Brasil 4020.3000



 On Tue, Jan 15, 2013 at 4:13 PM, Andy Grimm agr...@gmail.com wrote:

 See https://bugzilla.redhat.com/show_bug.cgi?id=729586

 On Tue, Jan 15, 2013 at 1:10 PM, Luis Fernando Alen 
 luis.a...@izap.com.br wrote:

 Hello, list.

 Yesterday I was pleased to see that Centos has released official images
 at the aws marketplace. Nice job.

 Today I started playing with the Centos 6.3 image (
 https://aws.amazon.com/marketplace/pp/B00A6L6F9I, on which I plan to
 deploy a gluster cluster in production soon) and noticed a weird thing.

 EBS Volumes attached to sdX are translated to xvdY at the OS level.
 However, after a few research and IRC chat, I figured out that it's not
 weird, it's actually a normal and expected behavior (thanks for your help,
 z00dax).

 sdX is actually mapped to xvdX+4. There is a consistent offset of 4.
 Suppose you attach an ebs volume to /dev/sdf. It'll be translated to xvdj
 at the OS level. sdg to xvdk, sdh to xvdl and so on.

 Allright. After having figured the mystery out, it became easy to work
 on automations that deal with ebs volumes and file systems, such as volumes
 created, attached and mounted on the fly, snapshots that freeze file
 systems and so on...

 However, I really do think to myself: Wouldn't it be cleaner if the
 image use simple translation (sdX to xvdX)? If I'm not wrong, Rightscale
 uses this on their Centos images and it's much simpler. There's no extra
 work needed to deal with that 4 offset when you want to automate things.

 Is there a reasonable reason for the 4 offset which makes it
 unchangeable?

 It's just a thought. I think it's worth considering it..

 Luis Alen
 www.izap.com.br
 Ligue com tarifa local de todo o Brasil 4020.3000


 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt



 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt



 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt


___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] xen device mapping/translation

[Nico Kadel-Garcia]

On Wed, Jan 16, 2013 at 10:04 AM, Luis Fernando Alen
luis.a...@izap.com.brwrote:

 Andy,

 Actually I'm not trying to build a whole new kernel. I'm just trying to
 apply the patched module into my actual kernel.

 Does this patch really requires a kernel rebuild, or you mean building a
 new one will save me from the trouble of applying the module into the
 running kernel?


Since you're replacing a critical, actively used component, you're going to
have adventures if you try to just slide it into place in your existing
kernel. You'll be much server if you simply build a new kernel.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] virt-manager

[Nico Kadel-Garcia]

On Wed, Jan 16, 2013 at 7:12 PM, mattias m...@mjw.se wrote:
 can i connect to a libvirt-host over internet?
 it work with ssh
 but with tcp?

SSH works over TCP. Yes, virt-manager and various display technologies
associated with KVM and libvert work very well over SSH. It's a bit
awkward to manage in terms of security: you either need to log in as
yourself, with an X server tunning locally and and forwarded over SSH
and with root login on the remote host, or you need to active
privileges in libvirt to support members of a libvirt group  to
access and make the connections as yourself.

Unfortunately, from my tests, sudo and virt-manager do not work well together.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] mirroring people.centos.org

[Nico Kadel-Garcia]

On Mon, Jan 7, 2013 at 6:38 AM, Karanbir Singh mail-li...@karan.org wrote:
 On 01/05/2013 03:47 PM, Carl T. Miller wrote:
 Is there an easy way to mirror people.centos.org?

 I tried rsync people.centos.org:: and it gives some disclaimers
 followed by a null list of available modules.

 Are you sure you want to get 2.8 TiB of content ?

 I've got an ugly workaround using wget, but would prefer to use rsync.

 Select the repo you want / need, and use reposync. Remember that
 anything on people.centos.org is just a personal build. Its not release,
 and its not supported, and most likely will get no updates security or
 otherwise.

Karanbir, rsync from a local repository is easily scripted to pull
only what's wanted. reposync only pulls only RPM's, you have to run
repodata correctly after it's run, and it doesn't get all the
components for PXE builds in their normal layout.

rsync is your *friend* fo this, if carefully tuned to get only the
material you want. If you have to use HTTP or FTP because rsync isn't
available, the lftp program has excellent scripting and the ability
to mirror a remote site, much, much more cleanly and efficiently than
wget.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Time

[Nico Kadel-Garcia]

On Jan 2, 2013, at 19:27, James B. Byrne byrn...@harte-lyne.ca wrote:

 I do that as well.  However, I run one on each host just to serve its
 own guests and configure the host to run off our central ntp server.

Unfortunately, before our upstream vendor's OS release 6, ntp.conf
listed several loopback addresses by default. These allowed a confused
ntpd to basically marry its siblings and eventually crossbreed itself
to a fairly stange state. But it will report ntpd as active, which is
why the Nagios check chek_ntp_)time  actually compares the time to a
known good upstream NTP service.

 4.  On each guest have a cron job that checks for ntpd at regular
 intervals which reports failures and restarts the time service as
 necessary. We use:
  JOBNAME=Check ntpd status and restart if required ; \
ntpstat  /dev/null  \
if [[ $? -gt 0 ]]; then /sbin/service ntpd start; fi
 Why not configure the ntpd daemon and stick with that?
 It does update on its own [1]. And ntpstat prints out the interval,
 which matches the one mentioned at [1].
 I don't believe the ntpstat script/job is necessary (I've never had to
 do more than set ntpd to run after configuring the servers it should
 poll).

See above. The 'check_ntp_time' tool is much more flexible and complete.
itten does work. It's part of the nagios-plugions-ntp package,
available from EPEL and RPMforge.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] domU doesn't see all memory

[Nico Kadel-Garcia]

On Wed, Jan 2, 2013 at 3:29 AM,  s...@cyon.ch wrote:
 Hi,

 I'm running CentOS 6.2 x86_64 as xen guest on a CentOS 5.7 dom0.
 The host is running 2.6.18-274.7.1.el5xen, the guest
 2.6.32-220.2.1.el6.x86_64.

 Memory for domU is set to 1024 MB and xm list shows these 1024 MB.
 But free -m on the guest system shows only 652 MB.
 When I set up a CentOS 5.x guest with 1024 MB free -m shoes 1024 MB.

 Anyone else seeing this? Any ideas on how to fix it?

Start out by doing all the updates to both the Hyperviisor and the
guest. There have been ongoing improvements to kernels, and to
libvirt, and ongoing security updates for numerous packages. You
should realy be at CentOS 6.3 and CentOS5.8, respectively: CentOS 6.2
and CentOS 5.7 aren't even available on the main download mirrors,
anymore.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Time

[Nico Kadel-Garcia]

On Wed, Jan 2, 2013 at 3:53 AM, Robert Dinse nan...@eskimo.com wrote:

  Friday, I moved our servers to a new co-lo facility and ran into an
 interesting problem with virtual machines.

  I did an orderly shutdown of the CentOS 6.3 host, and it in turn suspends
 all the guests.  It took about an hour and a half to move and fire up the 
 host.

Suspends? Or shuts down? There's a big difference, and I don't think
you'd have seen this problem with  the gu4ests shutdown.

  The guests, being suspended, were then an hour and a half behind and it
 seems ntpd does not want to correct more than 1000 seconds of error so it 
 would
 not automatically adjust the clocks.

ntpd is sometimes too smart for its own good. However, rdate -s
time.mit.edu or other rdate server works very well and doesn't have
the problems with not being able to run ntpdate while the ntpd is
running.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Package lists for Cloud images

[Nico Kadel-Garcia]

On Thu, Oct 4, 2012 at 7:31 AM, Nux! n...@li.nux.ro wrote:
 On 04.10.2012 11:55, Stephen Harris wrote:
 On Thu, Oct 04, 2012 at 11:27:40AM +0100, Nux! wrote:
 http://li.nux.ro/download/openstack/ks/centos6_x86_64_minimal.ks

 Suggestions on how to improve it welcome.

 Why do you need to do the extend filesystem stuff?
 Or is this a mis-feature of openstack that you're having to work
 around?

 Stephen,

 This ks will generate a template to be used to deploy virtual machine
 on openstack (well, can be used anywhere kvm+virtio) and as such the
 template should be able to expand itself on the new virtual disk (it
 will basically be dd-ed to a new, larger file to be used for a VM).
 Indeed it's a misfeature of openstack as they could have used
 virt-resize to do all this..

The generated template left in /root/anaconda-ks.cfg is mangled
fiction. It's what Anaconda deduced the actual ks.cfg contained, and
throws out a tremendous amount of useful information, especially but
not only the actual '%post' and '%pre' scripting executed. It's one of
Anaconda's great flaws.

By default, add this or something like it to your kickstart files to
save your actual ks.cfg file.

%post --nochroot
cp /tmp/ks.cfg /mnt/sysimage/root/ks.cfg
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Package lists for Cloud images

[Nico Kadel-Garcia]

On Wed, Oct 3, 2012 at 12:29 PM, Karanbir Singh mail-li...@karan.org wrote:
 hi Guys,

 As we get ready to start publishing Cloud Images ( or rather images
 consumable in various virt platforms, including public and private
 clouds ) - it would be great to have a baseline package manifest worked
 out.

 What / how many images should we build. At this time we were thinking of
 doing :

 - CentOS-5 32bit minimal
 - CentOS-6 32bit minimal

 - CentOS-5 64bit minimal
 - CentOS-6 64bit minimal

 - CentOS-5 64bit LAMP
 - CentOS-6 64bit LAMP


Funny you should ask!! I'm on an open source project that does
precisely this. It depends heavily on whether you're using standard
packages from CentOS itself, or whether you use Perl modules, Nagios,
NRPE, or other tools such as git or puppet that are not in the bae
upstream packages from the upstream vendor.

So a base LAMP install for me would absolutely contain epel-release,
installed by hook or by crook, and the rpmforge-release package with
/etc/yum.repos.d/rpmforge.repo disabled by default. It would also
include postfix, rather than sendmail, for ease of management, and
would include emacs and xorg-x11-xauth to allow X based Emacs
sessions, which are often more useful than pure screen sessions, and
I'd actually consider installing firefox in order to be able to run a
remote web browser and see what shows up on the server itself. That's
incredibly useful when people are doing odd things to firewalls
and you want to make sure it's actually displaying content.

curl as well as wget is very useful. So is lynx, for text based
web checking, and the tools for whatever source control you feel
useful, especially including the 'rcs' package for local file
management. (That was invaluable today, as I was manipulating
/etc/sysconfig/network-scripts files for funky network setups.)


 What would be the minimal functional requirements people would expect
 from these images ? and what rpms should be installed ? Should root
 login be enabled or should we require people to go in via a 'centos'
 user. Should the image be self-updating, or should we have a post-login
 message that indicates outstanding updates ?

Root should be disabled, if feasible. I'm afraid that many sites don't
handle such passwords well. Local user management can be awkward. Ask
sometime about Kerberos authentication and local account management,
I've got a lot of recent experience with these and Centrify's AD based
account management.

The Nagios check-updates plugin is priceless for notifying a central
NOC of required updates: rather than self updating.

Post install scripting, or system management, to set the 'root' alias
is critical. Again, ask about that if curious: handling Postfix based
smarthost setups, but making sure cron jobs for 'root' go to the right
external email address, is a bit of an advenure.


 --
 Karanbir Singh
 +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
 ICQ: 2522219| Yahoo IM: z00dax  | Gtalk: z00dax
 GnuPG Key : http://www.karan.org/publickey.asc
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] centos 5.8 libvirt disk options

[Nico Kadel-Garcia]

Nico Kadel-Garcia
Email: nico.ka...@tufts.edu
Sent from iPhone

On Sep 27, 2012, at 20:41, Philip Durbin philipdur...@gmail.com wrote:

 how about this?
 
 virt-v2v -ic 'esx://my-vmware-hypervisor.example.com' -os default --network 
 default my-vm
 
 via http://irclog.perlgeek.de/crimsonfu/2012-05-24#i_5632151
 
 
 On Sep 27, 2012, at 8:20 PM, Bill Campbell cen...@celestial.com wrote:
 
 I am attempting to use libvirtd/kvm on CentOS 5.latest to migrate a SCO
 OpenServer 5.0.6a VM from the old VMware server.

Seriously, don't. Update the OpenServer to 5.0.7 if at all possible, and work 
from CentOS 6 if you can. The driver updates for 5.0.7 made a huge difference 
for VMware based virtualization, and working with out of date server and guest 
OS components is begging for pain.

Have you read the old VMware knowledge base articles about getting the 5.0.7 
boot floppy, which can be helpful,


 I have converted the multiple vmdk disk files to a single file, then used
 qemu-img convert to create files for libvirtd, both qcow2 and raw formats.
 
 After many attempts to get this working I'm up against what appears to be a
 brick wall.
 
  + The VMware VMs are using straight 'ide' HD emulation which has been
working well for several years.
 
  + The 'ide' on libvirtd appears to map to SATA which isn't supported by
OSR5.  I've tried doing a fresh install from CDROM, but the
installation fails to find the hard disk.  I might be able to find the
appropriate BTLD for this, but that won't help migrating existing VMs.
 
  + When I tried using 'scsi' libvirtd says this isn't supported.  This
would be my preferred emulation as we have used SCSI drives since the
early days of Xenix on Tandy hardware.
 
  + The final problem if these are solved is that SCO is funny about its
drive geometry, and the current versions of libvirtd and qemu don't
appear to support the geometry allowing one to specify heads,
cylinders, etc.
 
 Am I going to have to resort to using VMware workstation for this?
 
 Bill
 -- 
 INTERNET:   b...@celestial.com  Bill Campbell; Celestial Software LLC
 URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
 Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
 Fax:(206) 232-9186  Skype: jwccsllc (206) 855-5792
 
 Good decisions should be rewarded and bad decisions should be
 punished. The market does just that with its profits and losses. 
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
 ___
 CentOS-virt mailing list
 CentOS-virt@centos.org
 http://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Walkthrough available for bonding, bridging, and VLAN's?

[Nico Kadel-Garcia]

Silvertip257, when you did this CentOS 6/KVM/bonding/bridging, did you
ever get all the parts playing together correctlhy?

I'm facing a setup with only two NIC's, and need for multiple trunked
VLAN access, and bonded pairs, and KVM based bridges to get the VM's
with exposed IP addresses. I can get basically any 2 out of the 3
server network components working, binding, VLAN's, or KVM bridging,
but attempts to pull all together on CentOS 6.3 fails. I'm finding
numerous partial references, and a lot of speculation of this setup
should work!, but no cases of anyone actually doing it. And I'm
unable to reach out to the upstream vendor directly until some
paperwork gets straightened out.

(And oh, I've been away from CentOS for a while, but am in the midst
of deploying about 50 CentOS VM's on KVM virtualization if I can *get
this working*)
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] Door not hitting me on my way out

[Nico Kadel-Garcia]

Sorry, folks. I wish our release developers well, and hope that they
can open up their processes to allow much needed community involvment.
But I've hopped to Scientific Linux and find it much more usable due
to their willingness to publish updates even without the entire new
release bundled, and the much timelier updates from the upstream
vendor. php53 and bind97 are directly available for their verison 5.x
release, and their version 6.0 has now taken over my testing
environments. This makes EPEL's version of drupal, and various Samba 4
testing accessible, and I don't have to waste my time on backports
that will be replaced by a release that is further, and further, and
further behind.

Perhaps in the future the configuration of the build and patch
environments can be opened up, or the patching going on for the
package rebundling can be published in just the way people with RHEL
would publish their kernel patches, rather than presenting merely the
results. But such ideas have been rejected as unnecessary, and even
the suggestion was rejected with hostility.

I know very well how much work such projects take, and regret that I
was unable to assist further. My tweaks and bundles will now be going
over to Fedora and Scientific Linux, rather than here or in the
developer's list.

Nico Kadel-Garcia
nka...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] figuring out LogVol details for mount

[Nico Kadel-Garcia]

On Thu, Mar 31, 2011 at 8:50 PM, Winter win...@frostmarch.com wrote:
 On 3/31/2011 6:22 PM, neubyr wrote:
 Hi,

 I need to mount a LVM in rescue mode to create a new initrd image. I
 am not sure how do I fond out which LogVol is to be mounted. How do I
 find it out?  In most of the configs I have used LogVol00 with ext3
 filesystem which contains OS install. This particular system is not
 installed by me and I am not sure how do I find it out. I did try 'lvm
 lvs' command, but probably that's not the right command here. Any
 help?

 --
 thanks,
 neuby.r.

 Good evening, Neuby

 When you boot into rescue mode are you given the option to
 continue-mount or read-only-mount the system to /mnt/sysimage?  You
 could try to view /mnt/sysimage/etc/fstab to find the partition types.

 Regards,

 W.

If he could do *that*, he would already have the volumes mounted,
barring other strangeness going on. They'd all be mounted under
/mnt/sysimage, and would be revealed by the df or mount
commands.

If this isn't available, the pvscan, vgscan, and lvscan commands
are all available in the bootable CD, *but* they are all built into
the underlying lvm command. So type lvm pvscan to find what
physical volumes are set up for LVM, lvm vgscan to find the volume
groups, and lvm lvscan to find the volumes.

Re-activating an 'inactive' LVM due to a messed up configuration or
volume is left as an exercise for the reader.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Failed to start new browser session: Error while launching browser on session null

[Nico Kadel-Garcia]

On Wed, Mar 30, 2011 at 7:39 AM, ken geb...@mousecar.com wrote:
 On 03/29/2011 05:45 AM John Hodrien wrote:
 On Mon, 28 Mar 2011, ken wrote:

 Like the error says, you need to specify the display.  I.e., on the
 remote machine you must set the environmental variable DISPLAY...
 something like

 (export DISPLAY=192.168.1.42:0.0  firefox)

 Though this may work, this may well reveal another, different error, one
 having to do generally with permissions.  But we'll take them one at a time.

 Do *not* follow this advice.  It's bad practice, insecure, and actually more
 work than being secure, and more likely not to work.  Plenty of X servers are
 configured to not listen on your network interface for example.

 ssh -X / -Y is your friend, as others have suggested.

 jh

 John,

 Whether or not it's more work is highly subjective.  And it's not
 inherently insecure; people often *make* it insecure by lazily setting
 permissions to allow *any* server to have access.  Even ssh can be
 insecure if it's not configured properly.

The lack of encryption is automatically insecure, and anyone who can
start an X program with the 'DISPLAY' set on the remote server can
access the X session. I've used this to run 'xroach' on people's
systems who refused to secure their X sessions properly. I actually
got in trouble for all the screaming.

It's also hideous practice to hardcode that X server in the .bashrc,
because logins from home or another system will push the X sessions to
that hardcoded X server. Really, it's a bad practice from 20 years ago
by people who didn't understand X and who just wanted things to work
now. It should *never* be replicated these days, except under the most
deranged of circumstances (such as wanting everybody's X programs to
pop up on a single, shared X server for public display.)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ksplice within CentOS

[Nico Kadel-Garcia]

On Wed, Mar 30, 2011 at 5:12 PM, Marian Marinov m...@yuhu.biz wrote:
 Hello guys,
 I saw that a few days back there was a talk about encorporating the ksplice
 toolchain into CentOS and creating rebootless upgrades to the CentOS kernel.

 I'm really interested in helping for that.

 Where/how we can start work ?

 Best regards,
 Marian Marinov

One installs and works in Fedora, which is always a few kernels ahead
and is going to get grossly further ahead behind the not-yet-announced
CentOS 6.0 publication, and will evolve over the next 3 years while
our favorite upstream vendor keeps 6.0 locked down for business
stability.

For such leading edge features not yet integrated into typical kernel
and system support, you'll have far more success advancing and getting
it tested than working inside the fundamentlaly 4 year old
architecture of the available CentOS 5.5.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 32-bit compat-gcc on 64-bit CentOS?

[Nico Kadel-Garcia]

On Tue, Mar 29, 2011 at 6:35 PM, Alan M. Evans a...@extratech.com wrote:
 Ugh.

 One of our internal servers crashed so bad I just went out and bought a
 new machine to replace it.

 The old server was Pentium-4 based and running CentOS-5. When I
 installed CentOS on the new machine, I used the 64-bit version, partly
 because that habit is almost automatic nowadays, and partly because the
 new machine has 6GB of RAM, so 32-bit seemed not very appropriate.

 Anyway, I've managed to configure every one of the old server's many
 functions to match on the new server but one: I need the 32-bit version
 of compat-gcc-34. (Or at least I need to be able to compile 32-bit
 binaries with the already available version.) I can't seem to do this;
 am I just missing something?

Perhaps you can use mock to build chroot cages for such 32-bit operations?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] finding the right serial port, enabling configuring it [was: Re: fax software]

[Nico Kadel-Garcia]

On Tue, Mar 29, 2011 at 3:21 PM, Lamar Owen lo...@pari.edu wrote:
 On Tuesday, March 29, 2011 02:07:46 pm Robert Heller wrote:
 Unless you spend serious bucks, ALL *PCI* modems are win modems (there
 are one or two very high-end 'industrial grade' PCI 'hardware' modems).
 Many older *ISA* modems were 'hardware' modems and were meant for old
 i586 and i486 systems that lacked the CPU cycles to handle a
 controllerless modem (winmodem).  And ISA slots are pretty much
 non-existent on modern motherboards.

 I have a couple of 'real hardware' PCI modems, neither of which were very 
 expensive.  One is an ActionTec, and I bought it new-old-stock for $15.  The 
 other is by Digitan, a DS560-558 that I got with a Sun Ultra 10 workstation.  
 Both are Lucent Venus chipsets and are full hardware controller PCI modems.

 I have a third one here somewhere that is a more expensive one, a Multitech, 
 I think, but I haven't been able to lay hold on it.  There is a Multitech on 
 eBay right now for $19.99; a real deal for an industrial-grade modem.

 For more information about modem chipsets, see 
 http://www.modemsite.com/56k/chipset.asp and
 http://techpatterns.com/forums/about483.html

Not so much for laptops, but for anyone with servers, RocketPort makes
the cream of the crop. They make fabulous 8-port serial PCI and PCI-e
cards that just work, with all the standard modem software.

USB modems are going for less than $20 these days, and may present a
workable alternative if our original poster cannot find Winmodem
drivers.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Virtualization platform choice

[Nico Kadel-Garcia]

On Sun, Mar 27, 2011 at 8:53 AM, Drew drew@gmail.com wrote:
 Any experience with the free VMware vSphere Hypervisor?. (It was
 formerly known as VMware ESXi Single Server or free ESXi.)

 http://www.vmware.com/products/vsphere-hypervisor/overview.html

 I would need a tutorial about that... For example, does that run without
 a host OS? Can it be managed only via Win clients? Issues with CentOS
 4/5 guests (all my systems are currently CentOS 4/5).

 vSphere ESX(i) is good product. It runs on bare metal so there is no
 OS underneath it. ESX has a linux based environment that sort of runs
 at the hypervisor level that people use for basic admin but VMware is
 trying to phase that out as most everything you can do with ESX's
 console can be done through ESXi's API's and the remote CLI.

I like vSphere in corporate environments, and LabManager with it for
burning guest images very quickly. The VMWareTools are not as
integrated as I would like, and their RPM names are quite misleading.
(The name of the file does not match the name of the actual RPM
reqported by `rpm -qf --%{name}-%{version}-%{release}.%{arch}.rpm\n',
and it's not as well integrated for kernel changes or host cloning as
I'd like. (Ask if you're curious.) But for corporate grade
virtualization, well built management tools, and corporate support,
they're very hard to beat. And for virtualizing weird old setups, like
SCO OpenServer 5.0.x, they're the only thing I tested that worked.

KVM was a dog in testing under CentOS and RHEL 5.x. The bridged
networking has *NO* network configuration tool that understands how to
set it up, you have to do it manually, and that's a deficit I've
submitted upstream as an RFE. It may work well with CentOS and RHEL 6,
i've not had a chance to test it.

VirtualBox is friendly, lightweight, and I'm using it right now under
MacOS X for a Debian box, and on Windows boxes for testing Linux
environments. Works quite well, friendly interfaces, very quick to
learn, I like it a light for one-off setups.

Xen, I did a stack of work with for CentOS 4 a few years ago. It
worked well, particularly with the para-virtualized kernels to improve
performance. (Don't virtualize things you don't have to!!! Uses custom
kernels to let the guest and server not waste time virtualizing IO
requests, especially for disk IO). I've not played with its management
tools since, and it didn't work well with virtualizing odd old OS's.
(I wanted to use it for OpenServer, but the support team who came
out to demonstrate it couldn't even get the keyboards interacting
reliably for the installation. It was a complete failure for that
project.)

You've got a lot of choices. I'd start with assessing what you need
for your guest environments, and where it's going to be managed from,
and be sure that you've got access to the management tools.

 Only downside to the free version is certain API's are unavailable and
 if you need those features you may have to go to a paid version.

This is true for everything in life.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Virtualization platform choice

[Nico Kadel-Garcia]

On Sun, Mar 27, 2011 at 9:41 AM, Steve Thompson s...@vgersoft.com wrote:
 On Sun, 27 Mar 2011, Jussi Hirvi wrote:

 KVM would be a natural way to go, I suppose, only it is too bad CentOS 6
 will not be out in time for me - I guess KVM would be more mature in
 CentOS 6.

 I have been using Xen with much success for several years, now with two
 CentOS 5.5 x86_64 Dom0's, hosting 29 (mixed Linux and Windows) and 30 (all
 Windows) guests respectively, using only packages from the distro along
 with the GPLPV drivers on the Windows guests (so it's Xen 3.1, not the
 latest). A couple of weeks ago I decided (on the first of these hosts) to
 give KVM a look, since I was able to take the machine down for a while.
 All guests use LVM volumes, and were unchanged between Xen and KVM (modulo
 pv drivers). The host is a Dell PE2900 with 24 GB memory and E5345
 processors (8 cores). Bridged mode networking. What follows is obviously
 specific to my environment, so YMMV.

 The short story is that I plan to keep using KVM. It has been absolutely
 solid and without any issues whatsoever, and performance is significantly
 better than Xen in all areas that I have measured (and also in the feels
 good benchmark). Migration from Xen to KVM was almost trivially simple.

 The slightly longer story...

 First. With Xen I was never able to start more than 30 guests at one time
 with any success; the 31st guest always failed to boot or crashed during
 booting, no matter which guest I chose as the 31st. With KVM I chose to
 add more guests to see if it could be done, with the result that I now
 have 36 guests running simultaneously.

 Second. I was never able to keep a Windows 7 guest running under Xen for
 more than a few days at a time without a BSOD. I haven't seen a single
 crash under KVM.

 Third. I was never able to successfully complete a PXE-based installation
 under Xen. No problems with KVM.

How did you get the PXE working? I had real problems. Mind you, that
was RHEL 5.4 and CentOS 5.4 for the server host, so it may have
improved.

And do you have widgets for setting up the necessary bridged
networking? I left mine behind at a consulting gig, and haven't asked
for copies of them.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rssh / scponly

[Nico Kadel-Garcia]

On Sun, Mar 27, 2011 at 4:57 PM, John R Pierce pie...@hogranch.com wrote:
 On 03/27/11 1:03 PM, Rainer Duffner wrote:
 If you use sftp, it can be chroot'ed by default (see man-page).
 (In reasonably recent version of sshd)

 I gather thats a sshd somewhat newer than the one included in CentOS 5
 ?  the only mention of chroot in man sshd is the /var/empty/sshd dir
 used during preauthorization.

Yeah, it's not supported until OpenSSH version 5.x. That upgrade will
cause other surprises. Some colleagues ran headlong into it no longer
reading .bashrc unless it's an actual login sessin, and became quite
concerned when their local host-specific aliases were no longer
available to their remote ssh commands.

 I'd be very cautious on setting this up, or you could easily lose access
 to ssh shell sessions since ssh/scp/sftp are all so tightly coupled.

Yeah, I used to publish chroot cage tools for ssh-1, ssh-2, and
OpenSSH years ago.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rssh / scponly

[Nico Kadel-Garcia]

On Sun, Mar 27, 2011 at 10:12 PM, Gregory P. Ennis po...@pomec.net wrote:
 Am 27.03.2011 um 22:57 schrieb John R Pierce:

 On 03/27/11 1:03 PM, Rainer Duffner wrote:
 If you use sftp, it can be chroot'ed by default (see man-page).
 (In reasonably recent version of sshd)

 I gather thats a sshd somewhat newer than the one included in CentOS 5
 ?


 I don't know.
 ;-)
 I only used it in FreeBSD - but it's included there since at least 7.2.
 That was released in May 2009.
 OpenSSH 5.1p1

 Looking, sshd in my latest CentOS shows v 4.6p2

 rhel / centos contains openssh with backported chroot:

 rpm -q --changelog openssh-server | grep chroot
 - minimize chroot patch to be compatible with upstream (#522141)
 - tiny change in chroot sftp capability into openssh-server solve ls
 speed problem (#440240)
 - add chroot sftp capability into openssh-server (#440240)
 - enable the subprocess in chroot to send messages to system log

Only by recompiling and backporting OpenSSH 5.x from RHEL 6, or by
getting Centrify and their tools from www.centrify.com. Centrify
also includes good tools for integration with Active Directory based
authentication, very useful in a mixed environment where you don't
have the political pull to get the AD administratiors in the same room
to discuss how LDAP and Kerberos actually work and why Linux can
cooperate with it. Being able to wave that magic commercially
supported wand seems to help with those meetings, and it's actually a
pretty good toolkit.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] fax software

[Nico Kadel-Garcia]

On Sun, Mar 27, 2011 at 10:41 PM, ken geb...@mousecar.com wrote:
 It's been many years, but it seems that I have to receive a fax and
 might have to send one too.  Is there a way to do this on CentOS 5.5?
 (Hope so.)

 tia.

There are plenty. mgetty is built-in. HylaFAX, written by Sam
Leffler, who created TIFF and was one of the core authors of BSD, is
still in popular and commercial use: It Just Works(tm). [I wrote the
SunOS port of it years and years back, and broke down laughing at a
job interview in England when the company said oh, yes, we use some
very old fax/modem software you'll need to deal with. It's called
'HylaFAX'.

The viewfax tool from mgetty still remains the best tool for viewing
the special tiffg3 files used for sending and receiving faxes, and the
mgetty voice tools can help HylaFAX or mgetty handle voice messages
too. But if you just install HylaFAX from RPMforge, it should Just
Work(tm).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Verify tomcat config

[Nico Kadel-Garcia]

On Sat, Mar 26, 2011 at 6:48 AM,  lheck...@users.sourceforge.net wrote:

  I'm going to retire an old RHEL3 server and move the services to CentOS5.
  In particular, the web server is giving me a headache. On the old box, 
 there's
  a hacked-up httpd/mod_jk/tomcat setup, and CentOS is perfect for the new
  box because the required components are included and the whole setup just
  works straight from installation.

Do you need Tomcat6? It's available over at www.jpackage.org, and will
be in CentOS 6. Not that this deals with your issue, but I thought you
might appreciate a heads up on its availability as a more contemporary
version to aim for.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mounting an external USB drive

[Nico Kadel-Garcia]

On Sat, Mar 26, 2011 at 9:15 AM, Tom Diehl tdi...@rogueind.com wrote:
 On Fri, 25 Mar 2011, Todd Cary wrote:

 With Centos 5.5, my external USB drive appears to self mount in
 that the icon appears on the desktop and when I double click on
 it, the files are there.  However, I recall that I need to make
 an entry in the fstab as well as some other changes.

 When I do a

 # /sbin/fdisk -l

 I learn that the device is /dev/sda1 and the system is HPFS/NTFS

 I am not sure what to enter into the file system table, fstab and
 if other entries/directories need to be made.

 If it is mounted, why would you need to make fstab entries? The system already
 knows enough to make it useful.

 Regards,

USB drive detection has gotten better. If you'd like to see what it's
currently mounted as, look in /etc/mtab. You should see its contents
in /media/[whatever], where whatever depends on the type and any
associated names of the contents of the media. /etc/mtab should give
you the basic settings for /etc/fstab, with a bit of tweaking, but I
urge you not to rely on /etc/fstab for default mounting: review the
use of the noauto if you need to, in order to allow you to mount it
only on request.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] The delays on CentOS 5.6 are causing EPEL incompatibilities

[Nico Kadel-Garcia]

On Sat, Mar 26, 2011 at 2:53 PM, Les Mikesell lesmikes...@gmail.com wrote:
 On 3/26/11 12:44 PM, Lamar Owen wrote:

 Les, the upstream source RPMs aren't even the source source for the 
 upstream build; SRPMS are just a by product of the build of the binaries 
 from source in an SCM (managed by Red Hat's koji), and in theory, given the 
 same identical environment that built the upstream binaries they will 
 re-build to the same binary.  The environment is the hard thing to 
 replicate, since it is a moving target, and each build changes it slightly.  
 It's questionable if upstream could exactly replicate it from their own 
 source RPM's without significant effort (that is, outside of koji).

 I don't see how you could miss if you did a 2nd rebuild where the libraries
 populating the build environment are the product of the source you are 
 shipping
 (correct dependency listings or not).  Or how you can claim to be shipping
 source that matches your binaries if you don't do it that way.   Does an
 rpmbuild --rebuild of one of the packages in question on a stock RH system
 create a binary that would fail the CentOS QA?

rpmbuild --rebuild need not work. Dependencies need not be
satisified by anything Red Hat publishes, and this has happened and
been documented (and addressed in patches upstream).

I went slightly nutso with similar issues when I published an updated
nx.spec for CentOS 6 in Bugzilla. There are dependencies on audio
related devel packages which are not on RHEL 6.0 installation media,
but only available in the optional channel of yum-rhn-plugin.
CentOS, sensibly, doesn't make these funny distinctions and puts all
such publicly licensed packages in one main os repository. This can
save a lot of nuttiness when trying to build such packages in mock,
but for a while there I thought they hadn't published the darn thing.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] The delays on CentOS 5.6 are causing EPEL incompatibilities

[Nico Kadel-Garcia]

On Fri, Mar 25, 2011 at 5:49 PM, Les Mikesell lesmikes...@gmail.com wrote:
 On 3/25/2011 4:38 PM, Gordon Messmer wrote:
 On 03/20/2011 12:30 PM, Les Mikesell wrote:
 Or, maybe there was back in the days when they released source that matched
 their binaries

 Red Hat's published source is what they use to create their binaries.
 There is no mis-match.

 I thought the issue causing the delays is that rebuilding from the
 source does not reproduce their binaries unless you introduce library
 versions that aren't what the source creates.

One has to be cautious about the bootstrap environment, to make sure
that the libraries available in your mock or other build
environments are the same libraries. Red Hat seems to be very, very
good about this. Scientific Linux isn't so careful in their
recompilation, something that's been documented here recently, but
it's why I want access to the /etc/mock/ setups and the non-existent
source control for tweaked packages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can't build PHP 5.3.6 with MySQL 5.5.10 on CentOS-4

[Nico Kadel-Garcia]

On Fri, Mar 25, 2011 at 11:38 AM, Santi Saez santis...@woop.es wrote:
 Hello,

 I'm trying to build PHP 5.3.6 in a CentOS-4 server with MySQL 5.5.10 and I
 get this error:

Update directly to CentOS 5.5, and build the php53 SRPM from
upstream. That will be in CentOS 5.6.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] The delays on CentOS 5.6 are causing EPEL incompatibilities

[Nico Kadel-Garcia]

On Fri, Mar 25, 2011 at 6:26 PM, Les Mikesell lesmikes...@gmail.com wrote:
 On 3/25/2011 5:03 PM, Nico Kadel-Garcia wrote:

 Or, maybe there was back in the days when they released source that
 matched
 their binaries

 Red Hat's published source is what they use to create their binaries.
 There is no mis-match.

 I thought the issue causing the delays is that rebuilding from the
 source does not reproduce their binaries unless you introduce library
 versions that aren't what the source creates.

 One has to be cautious about the bootstrap environment, to make sure
 that the libraries available in your mock or other build
 environments are the same libraries. Red Hat seems to be very, very
 good about this.

 It is not that they are good, they are the authority.  Whatever library
 version happened to be in their build root when the linkage was done is
 correct by definition even if it isn't what you get when you build that
 library from source and/or it isn't specified as a dependency.

And they're very good about making sure that they've correctly
bootstrapped their systems, that their build environment matches
the components of the available, rebuilt packages. This was a deadly
problem in the early days of compilers, when to build gcc, you
basically had to build it *4* times to make sure the new gcc compiler
was used to build the new gcc compiler, which rebuilt the gcc
compiler, and then the fourth one was compared to the third one to
make sure it matched.

That takes work, system resources, and some understanding of how to
resolve dependencies. It's especially tricky when several packages
will all satisfy the same dependencies. (Don't get me *STARTED* on JDK
mismatches) And it's doubtless how those Scientific Linux
libtalloc discrepancies crept in.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] The delays on CentOS 5.6 are causing EPEL incompatibilities

[Nico Kadel-Garcia]

On Fri, Mar 25, 2011 at 9:34 PM, Les Mikesell lesmikes...@gmail.com wrote:
 On 3/25/11 6:31 PM, Nico Kadel-Garcia wrote:

 One has to be cautious about the bootstrap environment, to make sure
 that the libraries available in your mock or other build
 environments are the same libraries. Red Hat seems to be very, very
 good about this.

 It is not that they are good, they are the authority.  Whatever library
 version happened to be in their build root when the linkage was done is
 correct by definition even if it isn't what you get when you build that
 library from source and/or it isn't specified as a dependency.

 And they're very good about making sure that they've correctly
 bootstrapped their systems, that their build environment matches
 the components of the available, rebuilt packages.

 If that were true, you should be able to duplicate their linkages exactly by
 priming the 1st build run with (all of) their binaries, then rebuilding with
 your own output results instead.  But then everything would be done by now.
  So I don't think that's true.

I'm speaking up for our CentOS repackagers here. That kind of
bootstrapping takes cycles and practice, and double checking. In
theory, they could. Our CentOS rebuilders have exposed a few
dependencies for which the SRPM's are not published (and which our
favorite upstream vendor is fixing them, but they *don't have to!!!*.
That's not part of a GPL license, it's just good free software
practice.) And they do have to spend time re-arranging centos-release
to publish yum repositories. [  RHEL does it differently, with that
up2date in grandma's clothing known as yum-rhn-plugin. I vastly
prefer the genuine yum repository approach used by CentOS. ] And they
legally need to refactor, oh, what? A couple of dozen of packages to
handle trademarks and upstream references?

It's not easy work. I'd love to help, but keep not seeing little
components like the mock configurations.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Default permissions for creating a new user

[Nico Kadel-Garcia]

On Fri, Mar 25, 2011 at 7:45 PM, Todd Cary t...@aristesoftware.com wrote:
 I know this is a Linux 101 question, however I am unable to
 locate the answer in my O'Reilly Linux book: how to set the
 default for permissions when creating a new user.  The default
 for the GUI in my newly installed Centos 5.5 is 700.  I usually
 use 774.

It's a user shell default setting, overridable with the umask setting.

 And when root creates a new directory, is there a way to have a
 default there too?

Yes, reset the umask in root's /root/.profile for default login
behavior. Getting it into non-login behavior may take a bit more work,
and you may have to review and think about what your sudo settings do
if you use sudo.

 Lastly, if root or someone with root privileges creates a
 sub-directory, is there a setting so that the sub-directory will
 have the owner/group and permissions as the parent directory?

Please look into the sgid settings with the chmod command. And be
aware that, if a user can write a file, they can reset its permissions
unless you get *very* arcane with things like NFSv4 ACL's.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing IMA (Integrity Measurement Architecture) on CentOS 5.5

[Nico Kadel-Garcia]

On Thu, Mar 24, 2011 at 7:46 AM, Andreas Calvo flipy@gmail.com wrote:
 I'm trying to install IMA (http://linux-ima.sourceforge.net/) on
 CentOS 5.5, but the shipped kernel does not support it.
 One solution is to install a 2.6.30 kernel, but I don't really like this idea.
 Does anybody has tried to install it?

 Regards,
 Andreas

You have some options.

Wait for CentOS 6.0 (indeterminate release date)
Test with Scientific Linux 6.0 (close enough for testing)
Buy a Red Hat Workstation license.
Enter the adventures of backporting much more recent kernels.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Some relevant information

[Nico Kadel-Garcia]

On Wed, Mar 23, 2011 at 5:42 AM, Johnny Hughes joh...@centos.org wrote:


 And then looking at the reason for the fails:

 Differing package requirements certmonger-0.30-4.el5.x86_64.rpm.out:
 --- work/SL-req         2011-03-23 02:53:25.0 -0500
 +++ work/RHEL-req       2011-03-23 02:53:25.0 -0500
 @@ -38,7 +38,7 @@
  libpthread.so.0(GLIBC_2.2.5)(64bit)
  libsmime3.so()(64bit)
  libssl3.so()(64bit)
 -libtalloc.so.1()(64bit)
 +libtalloc.so.2()(64bit)
  libtevent.so.0()(64bit)
  libxmlrpc.so.3()(64bit)
  libxmlrpc_client.so.3()(64bit)


 Differing package requirements libtevent-0.9.8-10.el5.x86_64.rpm.out:
 --- work/SL-req     2011-03-23 02:53:26.0 -0500
 +++ work/RHEL-req       2011-03-23 02:53:26.0 -0500
 @@ -5,7 +5,7 @@
  libc.so.6(GLIBC_2.3.2)(64bit)
  libc.so.6(GLIBC_2.3.4)(64bit)
  libc.so.6(GLIBC_2.4)(64bit)
 -libtalloc.so.1()(64bit)
 +libtalloc.so.2()(64bit)
  libtevent.so.0()(64bit)
  rpmlib(CompressedFileNames) = 3.0.4-1
  rpmlib(PayloadFilesHavePrefix) = 4.0-1
 =

 What does that mean ... it means that those 2 packages were built
 against the wrong version of libtalloc.  Those packages use the older

Ouch. Johnny, I'd really like to replicate this error, but I just
don't have the visibility into your build configurations. Saying it's
easy to do yourself doesn't work, because there are subtleties in the
configurations, such as whether mock configurations use the older,
CentOS 5.5 release or the existing set up updated CentOS pre-release
5.6 components, that can generate precisely this sort of issue.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos