MISTERY

This is the next installment in the never-ending series of OpenStack image builds. Today's target: CentOS

Image Characteristics

The usual suspects are present:

  • minimal package install
  • serial console support
  • timezone is Etc/UTC
  • hostname set to instance name
  • a single partition with root filesystem, no swap
  • grow root filesystem to device size
  • enable EPEL (install epel-release)
  • enable could-init repo to get 0.7.1

A few things are still lacking:

  • selinux is in permissive mode, make enforcing
  • strengthen default firewall

Build

Tools like Oz are a good idea in theory but in practice seem to be quite picky about the environment they will correctly run on. I'm looking at you libguestfs. Other tools like the venerable appliance-creator get hung up on needing the same version of things in the host as in the chroot.

Good ole virt-install happily runs on damn near everything. This build has been tested on CentOS 6.4 and Ubuntu 12.10. TODO(dtroyer): don't run this all as root

Let's get started.

  • Install virt-install and all its prerequisites

    • on Ubuntu:

      sudo apt-get install virtinst
      
    • on CentOS:

      sudo yum install libvirt python-virtinst qemu-kvm
      sudo /etc/init.d/libvirtd start
      
  • Get a CentOS 6 kickstart file with minimal stuff and the extras that we need. Included in %post is a bit to resize the root filesystem to the size of the actual device provided to the VM.

  • Create base image with virt-install:

    sudo virt-install \
        --name centos-6-x86_64 \
        --ram 1024 \
        --cpu host \
        --vcpus 1 \
        --nographics \
        --os-type=linux \
        --os-variant=rhel6 \
        --location=http://mirrors.kernel.org/centos/6/os/x86_64 \
        --initrd-inject=centos-6-x86_64.ks \
        --extra-args="ks=file:/centos-6-x86_64.ks text console=tty0 utf8 console=ttyS0,115200" \
        --disk path=/var/lib/libvirt/images/centos-6-x86_64.img,size=2,bus=virtio \
        --force \
        --noreboot
    
  • Point to the bridge with external connectivity if it is not eth0:

    --network=bridge=br0
    
  • If libguestfs is functional on your build platform:

    sudo yum install -y libguestfs-tools
    sudo virt-sysprep --no-selinux-relabel -a /var/lib/libvirt/images/centos-6-x86_64.img
    sudo virt-sparsify --convert qcow2 --compress /var/lib/libvirt/images/centos-6-x86_64.img centos-6-x86_64.qcow2
    
  • Kick it into the cloud image repository:

    glance image-create --name "CentOS 6 x86_64" \
        --disk-format qcow2 --container-format bare \
        --is-public false --file centos-6-x86_64.qcow2
    









출처 : http://hackstack.org/x/blog/2013/04/25/a-centos-6-image-for-openstack/




http://openstack.redhat.com/Creating_CentOS_and_Fedora_images_ready_for_Openstack



신고

'Skill > VM' 카테고리의 다른 글

A CentOS 6 Image for OpenStack  (0) 2014.08.04
Build vlan header in c  (0) 2014.07.31
VLAN Tagging  (0) 2014.07.30
Linux KVM: disable/enable virbr0 NAT Interface  (0) 2014.07.24
How to install Open vSwitch and test connection of VMs over GRE  (0) 2014.07.14
Exploring RHEL-OVS Integrations  (1) 2014.07.11

Comment +0

need to build a vlan header. I have code that build eh header (struct ether_header) and it work ok.

/* Ethernet header */
memcpy(eh->ether_shost,src_mac_.data(), 6);
memcpy(eh->ether_dhost,socketAddress.sll_addr , 6);

/* Ethertype field */
eh->ether_type = htons(ETH_P_IP);

I didnt find struct for vlan_eth_header , so i create my own and populate it like this:

struct vlan_ethhdr {
  u_int8_t  ether_dhost[ETH_ALEN];  /* destination eth addr */
  u_int8_t  ether_shost[ETH_ALEN];  /* source ether addr    */
  u_int16_t          h_vlan_proto;
  u_int16_t          h_vlan_TCI;
  u_int16_t ether_type;
 };

    /* Ethernet header */
    memcpy(eh->ether_shost,src_mac_.data(), 6);
    memcpy(eh->ether_dhost,socketAddress.sll_addr , 6);
        eh->h_vlan_proto = htons(0x8100);
        eh->h_vlan_TCI = htons(VLAN_ID);
    /* Ethertype field */
    eh->ether_type = htons(ETH_P_IP);

It seems that i did it wrong. It seems that Wireshak even didnt recognize the packet (the old code sent tcp packet and send them correct). Any advice?












출처 : http://stackoverflow.com/questions/13166094/build-vlan-header-in-c









신고

'Skill > VM' 카테고리의 다른 글

A CentOS 6 Image for OpenStack  (0) 2014.08.04
Build vlan header in c  (0) 2014.07.31
VLAN Tagging  (0) 2014.07.30
Linux KVM: disable/enable virbr0 NAT Interface  (0) 2014.07.24
How to install Open vSwitch and test connection of VMs over GRE  (0) 2014.07.14
Exploring RHEL-OVS Integrations  (1) 2014.07.11

Comment +0

VLAN Tagging

Skill/VM2014.07.30 23:41
Detecting and monitoring VLANs can be difficult if the NIC isn뭪 properly configured in Windows. The majority of network cards by default are set up to remove VLAN tag information from the packet header. As a result, you need to verify within Windows that the NIC properties are set to allow VLAN tags to pass through the NIC to Observer or Wireshark for analysis.

To check whether VLAN tagging is enabled:

1. From the Windows desktop, go to the Systems Tray. Right-click on theNetwork Connection or NIC icon and select Open Network Connections.

2. Within the Network Connections window, right-click on the appropriate network connection and select Properties.

3. In the Properties Window, verify that the appropriate network card is selected and press Configure.

4. You should be able to select the Advanced tab, which displays all properties and options available for your network adapter. Within this Window, you뭠l want to identify the function that needs to be enabled to allow VLAN tags to pass to Observer. The function name varies based upon the card manufacturer. Intel refers to the feature as QoS Packet Tagging, but it might also be called 802.1p/q, QoS, or ToS Packet Tagging.

Select the feature, verify it뭩 enabled, and click 
Ok.

5. Once you뭭e enabled the NIC, verify that your TAP or SPAN Port is set up correctly to feed Observer or Wireshark the tags. Be sure you have connected to a port that contains VLAN tags. With this completed, you should be able to see VLAN information within Decode or by selecting Statistics and VLAN Statistics.












출처 : http://www.mnex.biz/pageindex.asp?page=vlan










신고

'Skill > VM' 카테고리의 다른 글

A CentOS 6 Image for OpenStack  (0) 2014.08.04
Build vlan header in c  (0) 2014.07.31
VLAN Tagging  (0) 2014.07.30
Linux KVM: disable/enable virbr0 NAT Interface  (0) 2014.07.24
How to install Open vSwitch and test connection of VMs over GRE  (0) 2014.07.14
Exploring RHEL-OVS Integrations  (1) 2014.07.11

Comment +0

CentOS에서 virbr0는 guest OS가 NAT으로 사용한다.

virbr0 - disable

virsh # net-list
virsh # net-destroy default
# /etc/init.d/libvirtd restart


virbr0 - enable

virsh # net-list –all
virsh # net-define /usr/share/libvirt/networks/default.xml
virsh # net-autostart default
virsh # net-start default



virsh # start ubuntu

error: Failed to start domain ubuntu
error: Network not found: no network with matching name ‘default’


path : /etc/libvirt/qemu/ubuntu.xml

변경 전
<interface type=’network‘>
       <mac address=’54:52:00:5e:53:d2′/>
       <source network=’default‘/>
</interface>

변경 후
<interface type=’bridge‘>
       <mac address=’54:52:00:5e:53:d2′/>
       <source bridge=’br0′/>
</interface>



신고

'Skill > VM' 카테고리의 다른 글

Build vlan header in c  (0) 2014.07.31
VLAN Tagging  (0) 2014.07.30
Linux KVM: disable/enable virbr0 NAT Interface  (0) 2014.07.24
How to install Open vSwitch and test connection of VMs over GRE  (0) 2014.07.14
Exploring RHEL-OVS Integrations  (1) 2014.07.11
Openvswitch 1.9.3 LTS – Debian Wheezy  (0) 2014.07.11

Comment +0

How to install Open vSwitch and test connection of VMs over GRE


1. Build Open vSwitch packages

$ wget http://openvswitch.org/releases/openvswitch-1.4.0.tar.gz
$ cp openvswitch-1.4.0.tar.gz /path/to/rpmbuild_dir/SOURCES/
    (On RHEL6, /path/to/rpmbuild_dir is $HOME/rpmbuild)
$ tar xvzf openvswitch-1.4.0.tar.gz
$ cd openvswitch-1.4.0
$ rpmbuild -bb rhel/openvswitch.spec
$ rpmbuild -bb rhel/openvswitch-kmod-rhel6.spec
    (If you would like to build on RHEL5.x, please read the INSTALL.RHEL in the source dir.)

The above commands produces the following packages in your RPMS dir.
  openvswitch-1.4.0-1.x86_64.rpm
  openvswitch-debuginfo-1.4.0-1.x86_64.rpm
  kmod-openvswitch-1.4.0-1.el6.x86_64.rpm

Install these packages.
# rpm -ivh openvswitch-1.4.0-1.x86_64.rpm openvswitch-debuginfo-1.4.0-1.x86_64.rpm kmod-openvswitch-1.4.0-1.el6.x86_64.rpm


2. Initial setting

Enable Linux bridge device compatibility mode.
# vi /etc/sysconfig/openvswitch

Uncomment the line of "BRCOMPAT=yes".
--------------------------------------------------------------
...
# BRCOMPAT: If 'yes' compatibility mode will be enabled.
BRCOMPAT=yes
--------------------------------------------------------------


Start Open vSwitch services.
# service openvswitch start


Please confirm the following points.

* Default bridge device is removed
   # lsmod | grep bridge
   no output.

* /etc/openvswitch/conf.db is generated.

* ovsdb-server�Covs-vswitchd�Covs-brcompatd is running.
   # ps -ef | grep ovsdb-server
   # ps -ef | grep ovs-vswitchd
   # ps -ef | grep ovs-brcompatd

** You may receive errors report '/sys/class/net/virbr0/bridge: No such file or directory', when you use brctl command. I'm not sure the reason. But the bridge seems to work properly.


Add a policy to pass GRE protocol in iptables.
'service openvswitch start' automatically adds a policy to pass GRE in iptables.
But, to ensure that the policy is always enabled, add the policy in your iptables rule file.
--------------------------------------------------------------
...
-A INPUT -p gre -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
...
--------------------------------------------------------------


3. Create an Open vSwitch and set a Openflow controller

# ovs-vsctl add-br br0
# ovs-vsctl set-controller br0 tcp:133.1.134.167


Confirm the vSwitch status.
# ovs-vsctl show
...
    Bridge "br0"
        Controller "tcp:133.1.134.167"
            is_connected: true
        Port "br0"
            Interface "br0"
                type: internal
...

If you find the lines, 'Controller "tcp:133.1.134.167"' and ' is_connected: true', it means that your Open vSwitch connects properly to the Openflow controller at Osaka University.



4. Create GRE connections between Open vSwitchs

# ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre options:remote_ip=133.1.134.167

Please let me know the global IP address of the host where the vSwitch is hosted.
From Osaka university, I will make a reverse GRE connection to your vSwitch.



5. Launch a VM and bridge to the Open vSwitch
The following is an example.

Launch a KVM based VM.
# /usr/libexec/qemu-kvm -no-kvm-pit-reinjection -hda centos_5_x86_64-kvm.img -boot c -m 512 -k ja -localtime -net nic,macaddr=54:52:00:12:34:10,model=virtio -net tap,ifname=tap10,script=qemu-ifup,downscript=qemu-ifdown -no-reboot -vnc :10 -serial pty -parallel none -monitor pty -daemonize


The MAC address must be an unique address in our project.
Osaka university members use 54:52:00:12:34:xx for the purpose of this feasibility test.
Please let me know the MAC address used for your VM.

The samples of qemu-ifup and qemu-ifdown scripts are the below.
This script bridges the tap device of KVM to the Open vSwitch(br0)
If you plan to use Xen, please edit your xen-bridge script.
qemu-ifup script:
-----------------------------------------------
#!/bin/sh

switch=br0
echo "Bringing up $1 for bridged mode..."
/sbin/ifconfig $1 0.0.0.0 promisc up
echo "Adding $1 to ${switch}..."
ovs-vsctl add-port ${switch} $1
-----------------------------------------------

qemu-ifdown script:
-----------------------------------------------
#!/bin/sh

switch=br0
echo "Removing $1 from ${switch}..."
ovs-vsctl del-port ${switch} $1
echo "Shutting down $1..."
/sbin/ifconfig $1 0.0.0.0 down
-----------------------------------------------


IP address of the VM:

Osaka members use 10.2.1.1-99
For the purpose of this feasibility test, please use following addresses.
10.2.1.100-199/24 for AIST members.
10.2.1.200-254/24 for UCSD members.



After launched your VM, please let me know the MAC address and IP address of your VM and IP address of your vSwitch.
I will make GRE connection from our vSwitch to your vSwitch, and add your VM in the same slice with Osaka university's VMs.

In this way, our VMs can establish an isolated virtual L2 network.

















신고

Comment +0